dcrat | inv[.]zip

Sharing

General

Target

inv.zip
Size

32.9MB
MD5

395df612211bd2ab91e4b5ed7cd8aaab
SHA1

26da38e651426bf17c9c634e168fbd3c67536e46
SHA256

12ca4ad8cd613c8d086cd39a5c6e787c12209f2271ba850817b72eae3cd559da
SHA512

5a8e583a5f9009ea6a7469ac85ffb3c74650f9fbf468464829ccad8c19350efa2e522cd21f6d58769f04104fe78cac582a3eb1044505b28b54e7f5690e66e7b8
SSDEEP

786432:yf1JKtsiYULst2jeCweXzj4x0kJD04lQsccAp2i8NdgpkEB2MSg7b7nnxzmFlwJn:U7iYULSMeCpzoL7TGpMdguEQW7b7nnx9

Score

10^/10

rat office voov1 stealer 0174ec9d0ab5d3dd4d0bbe7415cfa10c a66537 41d35cbb974bc2d1287dcd4381b4a2a8 e8c9ce dcrat quasar meduza stealc vidar amadey

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

45.136.51.217:2222

45.136.51.217:5173

Mutex

d1mBeqcqGummV1rEKw

Attributes

encryption_key
h9j7M9986eVjQwMbjacZ
install_name
csrss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
NET framework
subdirectory
SubDir

Extracted

Family

meduza

62.60.217.159

62.60.244.198

Attributes

anti_dbg
true
anti_vm
true
build_name
xss
extensions
.txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite
grabber_max_size
1.048576e+06
port
15666
self_destruct
true

Extracted

Family

stealc

Botnet

Voov1

http://154.216.17.90

Attributes

url_path
/a48146f6763ef3af.php

Extracted

Family

vidar

Version

11.8

Botnet

0174ec9d0ab5d3dd4d0bbe7415cfa10c

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Extracted

Family

amadey

Version

5.04

Botnet

a66537

http://89.110.69.103

http://94.156.177.33

Attributes

install_dir
a121af5f66
install_file
Gxtuum.exe
strings_key
09dbfb77de24d28905cfed05aeef2129
url_paths
/Lv2D7fGdopb/index.php

/b9kdj3s3C0/index.php

rc4.plain

Extracted

Family

vidar

Version

11.8

Botnet

41d35cbb974bc2d1287dcd4381b4a2a8

https://t.me/fu4chmo

https://steamcommunity.com/profiles/76561199802540894

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Extracted

Family

amadey

Version

5.04

Botnet

e8c9ce

http://89.110.69.103

http://94.156.177.33

Attributes

install_dir
bfe2cd46d6
install_file
Gxtuum.exe
strings_key
0e6c50aa38bbb0a80ecad7e6fa3b2c11
url_paths
/Lv2D7fGdopb/index.php

/b9kdj3s3C0/index.php

rc4.plain

Signatures

Amadey family
amadey

DCRat payload 3 IoCs

rat

Processes:

resource	yara_rule
static1/unpack001/adjthjawdth.exe	family_dcrat_v2
static1/unpack001/kyhjasehs.exe	family_dcrat_v2
static1/unpack001/lfcdgbuksf.exe	family_dcrat_v2

Dcrat family
dcrat

Detect Vidar Stealer 2 IoCs

stealer

Processes:

resource	yara_rule
static1/unpack001/lyjdfjthawd.exe	family_vidar_v7
static1/unpack001/nthnaedltg.exe	family_vidar_v7

Meduza Stealer payload 4 IoCs

Processes:

resource	yara_rule
static1/unpack001/jhnykawfkth.exe	family_meduza
static1/unpack001/kohjaekdfth.exe	family_meduza
static1/unpack001/kthkksefd.exe	family_meduza
static1/unpack001/kyjjrfgjjsedf.exe	family_meduza

Meduza family
meduza
Quasar family
quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/jgesfyhjsefa.exe	family_quasar
static1/unpack001/nbothjkd.exe	family_quasar

Stealc family
stealc
Vidar family
vidar

Unsigned PE 32 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/InstalIеr-x86/SbieMsg.dll
unpack002/InstalIеr-x86/TTDesktop18.exe
unpack002/InstalIеr-x86/cfg/platforms/qwindows.dll
unpack002/InstalIеr-x86/cfg/styles/qwindowsvistastyle.dll
unpack001/TT18.exe
unpack001/TTDesktop18.exe
unpack001/TikTokDesktop18.exe
unpack001/adjthjawdth.exe
unpack001/bxftjhksaef.exe
unpack001/cli.exe
unpack001/fdaerghawd.exe
unpack001/fkydjyhjadg.exe
unpack001/fsyjawdr.exe
unpack001/gjawedrtg.exe
unpack001/hfaewdth.exe
unpack001/jgesfyhjsefa.exe
unpack001/jhnykawfkth.exe
unpack001/kfhtksfesek.exe
unpack001/kohjaekdfth.exe
unpack001/krgawdtyjawd.exe
unpack001/kthkksefd.exe
unpack001/kyhjasehs.exe
unpack001/kyjjrfgjjsedf.exe
unpack001/lfcdgbuksf.exe
unpack001/lkyhjksefa.exe
unpack001/lyjdfjthawd.exe
unpack001/nbothjkd.exe
unpack001/nhbjsekfkjtyhja.exe
unpack001/nothjgdwa.exe
unpack001/nthnaedltg.exe
unpack001/pghsefyjhsef.exe
unpack001/pyjnkasedf.exe

Files

inv.zip
.zip
InstalIеr-x86.zip
.zip
InstalIеr-x86/Qts5Svg.dll
InstalIеr-x86/SbieMsg.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieMsg.pdb

Sections

.rdata
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstalIеr-x86/SbieShelIPkc.dll
InstalIеr-x86/TTDesktop18.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\danie\source\repos\Qwest\Qwest\obj\Debug\Qwest.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstalIеr-x86/cfg/platforms/qwindows.dll
.dll windows:6 windows x64 arch:x64

829a516ed7929d66c69478df5f0562c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\dev\thirdparty\lgpl\qt_source2\valve\qtbase\plugins\platforms\qwindows.pdb

Imports

dwmapi

DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

imm32

ImmGetVirtualKey
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetDefaultIMEWnd

oleaut32

SysAllocString
SafeArrayCreateVector
SafeArrayPutElement
SysFreeString

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemFree
OleSetClipboard
CoGetMalloc
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
CoCreateGuid
ReleaseStgMedium

user32

RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadIconW
GetSysColor
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetCursorInfo
TrackPopupMenu
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
GetClipboardFormatNameW
RegisterClipboardFormatW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
SetMenuItemInfoW
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
GetMenuItemInfoW
GetWindowTextW
EnumWindows
RealGetWindowClassW
RegisterClassW
EnumDisplayDevicesW
ChangeWindowMessageFilterEx
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
UpdateLayeredWindowIndirect
SendMessageW
GetIconInfo
PostMessageW
AttachThreadInput
PeekMessageW
GetKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
SystemParametersInfoW
MessageBeep
IsWindow
GetDoubleClickTime
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
GetCaretBlinkTime
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetMenu
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsChild
CreateWindowExW
DefWindowProcW

gdi32

CombineRgn
CreateRectRgn
DeleteObject
OffsetRgn
SelectClipRgn
SetLayout
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
SelectObject
GetBitmapBits
GetObjectW
CreateBitmap
ChoosePixelFormat
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetPixelFormat
DescribePixelFormat
GetPixelFormat
SwapBuffers
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
CreateDIBSection
GdiFlush
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode

qt5gui

?setFormat@QWindow@@QEAAXAEBVQSurfaceFormat@@@Z
?format@QWindow@@UEBA?AVQSurfaceFormat@@XZ
?setFlags@QWindow@@QEAAXV?$QFlags@W4WindowType@Qt@@@@@Z
?devicePixelRatio@QWindow@@QEBANXZ
?setFramePosition@QWindow@@QEAAXAEBVQPoint@@@Z
?resize@QWindow@@QEAAXAEBVQSize@@@Z
?show@QWindow@@QEAAXXZ
?update@QPaintDeviceWindow@@QEAAXXZ
??0QRasterWindow@@QEAA@PEAVQWindow@@@Z
??1QRasterWindow@@UEAA@XZ
?handleDrag@QWindowSystemInterface@@SA?AVQPlatformDragQtResponse@@PEAVQWindow@@PEBVQMimeData@@AEBVQPoint@@V?$QFlags@W4DropAction@Qt@@@@V?$QFlags@W4MouseButton@Qt@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
?handleDrop@QWindowSystemInterface@@SA?AVQPlatformDropQtResponse@@PEAVQWindow@@PEBVQMimeData@@AEBVQPoint@@V?$QFlags@W4DropAction@Qt@@@@V?$QFlags@W4MouseButton@Qt@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
?self@QDragManager@@SAPEAV1@XZ
?source@QDragManager@@QEBAPEAVQObject@@XZ
?accessibleRoot@QWindow@@UEBAPEAVQAccessibleInterface@@XZ
?defaultAction@QPlatformDrag@@UEBA?AW4DropAction@Qt@@V?$QFlags@W4DropAction@Qt@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
?devType@QPaintDevice@@UEBAHXZ
?event@QPaintDeviceWindow@@MEAA_NPEAVQEvent@@@Z
?exposeEvent@QPaintDeviceWindow@@MEAAXPEAVQExposeEvent@@@Z
?focusInEvent@QWindow@@MEAAXPEAVQFocusEvent@@@Z
?focusObject@QWindow@@UEBAPEAVQObject@@XZ
?supportedActions@QDrag@@QEBA?AV?$QFlags@W4DropAction@Qt@@@@XZ
?hideEvent@QWindow@@MEAAXPEAVQHideEvent@@@Z
?initPainter@QPaintDevice@@MEBAXPEAVQPainter@@@Z
?keyPressEvent@QWindow@@MEAAXPEAVQKeyEvent@@@Z
?keyReleaseEvent@QWindow@@MEAAXPEAVQKeyEvent@@@Z
?metaObject@QRasterWindow@@UEBAPEBUQMetaObject@@XZ
?metric@QRasterWindow@@MEBAHW4PaintDeviceMetric@QPaintDevice@@@Z
?mouseDoubleClickEvent@QWindow@@MEAAXPEAVQMouseEvent@@@Z
?mouseMoveEvent@QWindow@@MEAAXPEAVQMouseEvent@@@Z
?mousePressEvent@QWindow@@MEAAXPEAVQMouseEvent@@@Z
?mouseReleaseEvent@QWindow@@MEAAXPEAVQMouseEvent@@@Z
?moveEvent@QWindow@@MEAAXPEAVQMoveEvent@@@Z
?nativeEvent@QWindow@@MEAA_NAEBVQByteArray@@PEAXPEAJ@Z
?ownsDragObject@QPlatformDrag@@UEBA_NXZ
?paintEngine@QPaintDeviceWindow@@EEBAPEAVQPaintEngine@@XZ
?qt_metacall@QRasterWindow@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QRasterWindow@@UEAAPEAXPEBD@Z
?redirected@QRasterWindow@@MEBAPEAVQPaintDevice@@PEAVQPoint@@@Z
?resizeEvent@QWindow@@MEAAXPEAVQResizeEvent@@@Z
?sharedPainter@QPaintDevice@@MEBAPEAVQPainter@@XZ
?showEvent@QWindow@@MEAAXPEAVQShowEvent@@@Z
?size@QWindow@@UEBA?AVQSize@@XZ
?surfaceHandle@QWindow@@EEBAPEAVQPlatformSurface@@XZ
?surfaceType@QWindow@@UEBA?AW4SurfaceType@QSurface@@XZ
?tabletEvent@QWindow@@MEAAXPEAVQTabletEvent@@@Z
?touchEvent@QWindow@@MEAAXPEAVQTouchEvent@@@Z
?wheelEvent@QWindow@@MEAAXPEAVQWheelEvent@@@Z
?handleTabletEvent@QWindowSystemInterface@@SA_NPEAVQWindow@@KAEBVQPointF@@1HHV?$QFlags@W4MouseButton@Qt@@@@NHHNNH_JV?$QFlags@W4KeyboardModifier@Qt@@@@@Z
?handleTabletEnterProximityEvent@QWindowSystemInterface@@SA_NKHH_J@Z
?handleTabletLeaveProximityEvent@QWindowSystemInterface@@SA_NKHH_J@Z
??0QPlatformSessionManager@@QEAA@AEBVQString@@0@Z
??1QPlatformSessionManager@@UEAA@XZ
?discardCommand@QPlatformSessionManager@@UEBA?AVQStringList@@XZ
?isPhase2@QPlatformSessionManager@@UEBA_NXZ
?requestPhase2@QPlatformSessionManager@@UEAAXXZ
?restartCommand@QPlatformSessionManager@@UEBA?AVQStringList@@XZ
?restartHint@QPlatformSessionManager@@UEBA?AW4RestartHint@QSessionManager@@XZ
?sessionId@QPlatformSessionManager@@UEBA?AVQString@@XZ
?sessionKey@QPlatformSessionManager@@UEBA?AVQString@@XZ
?setDiscardCommand@QPlatformSessionManager@@UEAAXAEBVQStringList@@@Z
?setManagerProperty@QPlatformSessionManager@@UEAAXAEBVQString@@0@Z
?setManagerProperty@QPlatformSessionManager@@UEAAXAEBVQString@@AEBVQStringList@@@Z
?setRestartCommand@QPlatformSessionManager@@UEAAXAEBVQStringList@@@Z
?setRestartHint@QPlatformSessionManager@@UEAAXW4RestartHint@QSessionManager@@@Z
??0QPlatformAccessibility@@QEAA@XZ
??1QPlatformAccessibility@@UEAA@XZ
?setActive@QPlatformAccessibility@@QEAAX_N@Z
?platformIntegration@QGuiApplicationPrivate@@SAPEAVQPlatformIntegration@@XZ
?cleanup@QPlatformAccessibility@@UEAAXXZ
?initialize@QPlatformAccessibility@@UEAAXXZ
?setRootObject@QPlatformAccessibility@@UEAAXPEAVQObject@@@Z
?uniqueId@QAccessible@@SAIPEAVQAccessibleInterface@@@Z
?textInterface@QAccessibleInterface@@QEAAPEAVQAccessibleTextInterface@@XZ
?valueInterface@QAccessibleInterface@@QEAAPEAVQAccessibleValueInterface@@XZ
?actionInterface@QAccessibleInterface@@QEAAPEAVQAccessibleActionInterface@@XZ
?tableInterface@QAccessibleInterface@@QEAAPEAVQAccessibleTableInterface@@XZ
?tableCellInterface@QAccessibleInterface@@QEAAPEAVQAccessibleTableCellInterface@@XZ
?setFocusAction@QAccessibleActionInterface@@SAAEBVQString@@XZ
?toggleAction@QAccessibleActionInterface@@SAAEBVQString@@XZ
??6@YA?AVQDebug@@V0@PEBVQAccessibleInterface@@@Z
?accessibleInterface@QAccessible@@SAPEAVQAccessibleInterface@@I@Z
?pressAction@QAccessibleActionInterface@@SAAEBVQString@@XZ
?visibility@QWindow@@QEBA?AW4Visibility@1@XZ
?isModal@QWindow@@QEBA_NXZ
?showMinimized@QWindow@@QEAAXXZ
?showMaximized@QWindow@@QEAAXXZ
?showNormal@QWindow@@QEAAXXZ
?close@QWindow@@QEAA_NXZ
?showMenuAction@QAccessibleActionInterface@@SAAEBVQString@@XZ
?staticMetaObject@QPlatformIntegrationPlugin@@2UQMetaObject@@B
?qt_metacast@QPlatformIntegrationPlugin@@UEAAPEAXPEBD@Z
?qt_metacall@QPlatformIntegrationPlugin@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QPlatformIntegrationPlugin@@QEAA@PEAVQObject@@@Z
??1QPlatformIntegrationPlugin@@UEAA@XZ
?create@QPlatformIntegrationPlugin@@UEAAPEAVQPlatformIntegration@@AEBVQString@@AEBVQStringList@@@Z
?boundingRect@QRegion@@QEBA?AVQRect@@XZ
??_4QRegion@@QEAAAEAV0@AEBVQRect@@@Z
??6@YA?AVQDebug@@V0@AEBVQRegion@@@Z
?save@QImage@@QEBA_NAEBVQString@@PEBDH@Z
?toPixelFormat@QImage@@SA?AVQPixelFormat@@W4Format@1@@Z
?frameMargins@QWindow@@QEBA?AVQMargins@@XZ
?frameGeometry@QWindow@@QEBA?AVQRect@@XZ
?lcQpaBackingStore@@YAAEBVQLoggingCategory@@XZ
??0QPlatformBackingStore@@QEAA@PEAVQWindow@@@Z
??1QPlatformBackingStore@@UEAA@XZ
?window@QPlatformBackingStore@@QEBAPEAVQWindow@@XZ
?setCompositionMode@QPainter@@QEAAXW4CompositionMode@1@@Z
?drawImage@QPainter@@QEAAXAEBVQRectF@@AEBVQImage@@0V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?fillRect@QPainter@@QEAAXAEBVQRect@@AEBVQColor@@@Z
?qt_scrollRectInImage@@YAXAEAVQImage@@AEBVQRect@@AEBVQPoint@@@Z
?composeAndFlush@QPlatformBackingStore@@UEAAXPEAVQWindow@@AEBVQRegion@@AEBVQPoint@@PEAVQPlatformTextureList@@_N@Z
?endPaint@QPlatformBackingStore@@UEAAXXZ
?graphicsBuffer@QPlatformBackingStore@@UEBAPEAVQPlatformGraphicsBuffer@@XZ
?toTexture@QPlatformBackingStore@@UEBAIAEBVQRegion@@PEAVQSize@@PEAV?$QFlags@W4TextureFlag@QPlatformBackingStore@@@@@Z
??0QPlatformNativeInterface@@QEAA@XZ
??0QRasterPlatformPixmap@@QEAA@W4PixelType@QPlatformPixmap@@@Z
??1QRasterPlatformPixmap@@UEAA@XZ
?buffer@QRasterPlatformPixmap@@UEAAPEAVQImage@@XZ
?copy@QRasterPlatformPixmap@@UEAAXPEBVQPlatformPixmap@@AEBVQRect@@@Z
?createCompatiblePlatformPixmap@QRasterPlatformPixmap@@UEBAPEAVQPlatformPixmap@@XZ
?devicePixelRatio@QRasterPlatformPixmap@@UEBANXZ
?fill@QRasterPlatformPixmap@@UEAAXAEBVQColor@@@Z
?fromData@QRasterPlatformPixmap@@UEAA_NPEBEIPEBDV?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?fromFile@QPlatformPixmap@@UEAA_NAEBVQString@@PEBDV?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?fromImage@QRasterPlatformPixmap@@UEAAXAEBVQImage@@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?fromImageInPlace@QRasterPlatformPixmap@@UEAAXAEAVQImage@@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?fromImageReader@QRasterPlatformPixmap@@UEAAXPEAVQImageReader@@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?hasAlphaChannel@QRasterPlatformPixmap@@UEBA_NXZ
?mask@QPlatformPixmap@@UEBA?AVQBitmap@@XZ
?metric@QRasterPlatformPixmap@@MEBAHW4PaintDeviceMetric@QPaintDevice@@@Z
?nativeResourceFunctionForBackingStore@QPlatformNativeInterface@@UEAAP6APEAXPEAVQBackingStore@@@ZAEBVQByteArray@@@Z
?nativeResourceFunctionForContext@QPlatformNativeInterface@@UEAAP6APEAXPEAVQOpenGLContext@@@ZAEBVQByteArray@@@Z
?nativeResourceFunctionForIntegration@QPlatformNativeInterface@@UEAAP6APEAXXZAEBVQByteArray@@@Z
?nativeResourceFunctionForScreen@QPlatformNativeInterface@@UEAAP6APEAXPEAVQScreen@@@ZAEBVQByteArray@@@Z
?nativeResourceFunctionForWindow@QPlatformNativeInterface@@UEAAP6APEAXPEAVQWindow@@@ZAEBVQByteArray@@@Z
?paintEngine@QRasterPlatformPixmap@@UEBAPEAVQPaintEngine@@XZ
?resize@QRasterPlatformPixmap@@UEAAXHH@Z
?scroll@QRasterPlatformPixmap@@UEAA_NHHAEBVQRect@@@Z
?setDevicePixelRatio@QRasterPlatformPixmap@@UEAAXN@Z
?setMask@QPlatformPixmap@@UEAAXAEBVQBitmap@@@Z
?toImage@QRasterPlatformPixmap@@UEBA?AVQImage@@AEBVQRect@@@Z
?toImage@QRasterPlatformPixmap@@UEBA?AVQImage@@XZ
?transformed@QPlatformPixmap@@UEBA?AVQPixmap@@AEBVQTransform@@W4TransformationMode@Qt@@@Z
?handle@QBackingStore@@QEBAPEAVQPlatformBackingStore@@XZ
?staticMetaObject@QPlatformInputContext@@2UQMetaObject@@B
?qt_metacast@QPlatformInputContext@@UEAAPEAXPEBD@Z
?qt_metacall@QPlatformInputContext@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?staticMetaObject@QPlatformMenuItem@@2UQMetaObject@@B
?staticMetaObject@QPlatformMenu@@2UQMetaObject@@B
?staticMetaObject@QPlatformMenuBar@@2UQMetaObject@@B
?qt_metacast@QPlatformMenuItem@@UEAAPEAXPEBD@Z
?qt_metacall@QPlatformMenuItem@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QPlatformMenu@@UEAAPEAXPEBD@Z
?qt_metacall@QPlatformMenu@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QPlatformMenuBar@@UEAAPEAXPEBD@Z
?qt_metacall@QPlatformMenuBar@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?staticMetaObject@QPlatformNativeInterface@@2UQMetaObject@@B
??4QFont@@QEAAAEAV0@$$QEAV0@@Z
?qt_metacast@QPlatformNativeInterface@@UEAAPEAXPEBD@Z
?qt_metacall@QPlatformNativeInterface@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?sendWindowSystemEvents@QWindowSystemInterface@@SA_NV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z
?family@QFont@@QEBA?AVQString@@XZ
?setFamily@QFont@@QEAAXAEBVQString@@@Z
?setPointSizeF@QFont@@QEAAXN@Z
?setWeight@QFont@@QEAAXH@Z
?setStyle@QFont@@QEAAXW4Style@1@@Z
?setUnderline@QFont@@QEAAX_N@Z
?setOverline@QFont@@QEAAX_N@Z
?setStrikeOut@QFont@@QEAAX_N@Z
??6@YA?AVQDebug@@V0@AEBVQFont@@@Z
??0QFontDatabase@@QEAA@XZ
?writingSystems@QFontDatabase@@QEBA?AV?$QList@W4WritingSystem@QFontDatabase@@@@AEBVQString@@@Z
?families@QFontDatabase@@QEBA?AVQStringList@@W4WritingSystem@1@@Z
?hasFamily@QFontDatabase@@QEBA_NAEBVQString@@@Z
??0QSupportedWritingSystems@@QEAA@XZ
??4QSupportedWritingSystems@@QEAAAEAV0@AEBV0@@Z
??1QSupportedWritingSystems@@QEAA@XZ
?setSupported@QSupportedWritingSystems@@QEAAXW4WritingSystem@QFontDatabase@@_N@Z
?supported@QSupportedWritingSystems@@QEBA_NW4WritingSystem@QFontDatabase@@@Z
?writingSystemsFromTrueTypeBits@QPlatformFontDatabase@@SA?AVQSupportedWritingSystems@@QEAI0@Z
?weightFromInteger@QPlatformFontDatabase@@SA?AW4Weight@QFont@@H@Z
?registerFont@QPlatformFontDatabase@@SAXAEBVQString@@00W4Weight@QFont@@W4Style@4@W4Stretch@4@_N4H4AEBVQSupportedWritingSystems@@PEAX@Z
?registerFontFamily@QPlatformFontDatabase@@SAXAEBVQString@@@Z
?registerAliasToFontFamily@QPlatformFontDatabase@@SAXAEBVQString@@0@Z
?isFamilyPopulated@QPlatformFontDatabase@@SA_NAEBVQString@@@Z
?staticMetaObject@QFont@@2UQMetaObject@@B
??0QImage@@QEAA@PEAEHHW4Format@0@P6AXPEAX@Z2@Z
?setDC@QRasterPaintEngine@@QEAAXPEAUHDC__@@@Z
??0QTransform@@QEAA@XZ
?type@QTransform@@QEBA?AW4TransformationType@1@XZ
?depth@QImage@@QEBAHXZ
?scanLine@QImage@@QEAAPEAEH@Z
??0glyph_metrics_t@@QEAA@XZ
?transformed@glyph_metrics_t@@QEBA?AU1@AEBVQTransform@@@Z
??1QFontEngine@@UEAA@XZ
?getSfntTable@QFontEngine@@QEBA?AVQByteArray@@I@Z
?addOutlineToPath@QFontEngine@@UEAAXNNAEBUQGlyphLayout@@PEAVQPainterPath@@V?$QFlags@W4RenderFlag@QTextItem@@@@@Z
?addBitmapFontToPath@QFontEngine@@QEAAXNNAEBUQGlyphLayout@@PEAVQPainterPath@@V?$QFlags@W4RenderFlag@QTextItem@@@@@Z
?xHeight@QFontEngine@@UEBA?AUQFixed@@XZ
?lineThickness@QFontEngine@@UEBA?AUQFixed@@XZ
?getGlyphBearings@QFontEngine@@UEAAXIPEAN0@Z
?getCMap@QFontEngine@@SAPEBEPEBEIPEA_NPEAH@Z
?getTrueTypeGlyphIndex@QFontEngine@@SAIPEBEHI@Z
?convertToPostscriptFontFamilyName@QFontEngine@@SA?AVQByteArray@@AEBV2@@Z
?hasUnreliableGlyphOutline@QFontEngine@@UEBA_NXZ
?loadKerningPairs@QFontEngine@@QEAAXUQFixed@@@Z
??0QFontEngine@@IEAA@W4Type@0@@Z
?lastRightBearing@QFontEngine@@IEAA?AUQFixed@@AEBUQGlyphLayout@@_N@Z
?calculatedCapHeight@QFontEngine@@IEBA?AUQFixed@@XZ
?closeSubpath@QPainterPath@@QEAAXXZ
?moveTo@QPainterPath@@QEAAXAEBVQPointF@@@Z
?lineTo@QPainterPath@@QEAAXAEBVQPointF@@@Z
?cubicTo@QPainterPath@@QEAAXAEBVQPointF@@00@Z
?quadTo@QPainterPath@@QEAAXAEBVQPointF@@0@Z
?elementCount@QPainterPath@@QEBAHXZ
?elementAt@QPainterPath@@QEBA?AVElement@1@H@Z
?alphaMapForGlyph@QFontEngine@@UEAA?AVQImage@@IUQFixed@@@Z
?alphaMapForGlyph@QFontEngine@@UEAA?AVQImage@@IUQFixed@@AEBVQTransform@@@Z
?bitmapForGlyph@QFontEngine@@UEAA?AVQImage@@IUQFixed@@AEBVQTransform@@AEBVQColor@@@Z
?canRender@QFontEngine@@UEBA_NPEBVQChar@@H@Z
?doKerning@QFontEngine@@UEBAXPEAUQGlyphLayout@@V?$QFlags@W4ShaperFlag@QFontEngine@@@@@Z
?expectsGammaCorrectedBlending@QFontEngine@@UEBA_NXZ
?getPointInOutline@QFontEngine@@UEAAHIHIPEAUQFixed@@0PEAI@Z
?glyphCount@QFontEngine@@UEBAHXZ
?glyphData@QFontEngine@@UEAAPEAUGlyph@1@IUQFixed@@W4GlyphFormat@1@AEBVQTransform@@@Z
?glyphMargin@QFontEngine@@UEAAHW4GlyphFormat@1@@Z
?hasInternalCaching@QFontEngine@@UEBA_NXZ
?removeGlyphFromCache@QFontEngine@@UEAAXI@Z
?setDefaultHintStyle@QFontEngine@@UEAAXW4HintStyle@1@@Z
?subPixelPositionForX@QFontEngine@@UEBA?AUQFixed@@U2@@Z
?supportsSubPixelPositions@QFontEngine@@UEBA_NXZ
?underlinePosition@QFontEngine@@UEBA?AUQFixed@@XZ
?alphaF@QColor@@QEBANXZ
?redF@QColor@@QEBANXZ
?greenF@QColor@@QEBANXZ
?blueF@QColor@@QEBANXZ
?scale@QTransform@@QEAAAEAV1@NN@Z
?emSquareSize@QFontEngine@@UEBA?AUQFixed@@XZ
?boundingBox@QFontEngine@@UEAA?AUglyph_metrics_t@@IAEBVQTransform@@@Z
?setFillRule@QPainterPath@@QEAAXW4FillRule@Qt@@@Z
?alphaMapForGlyph@QFontEngine@@UEAA?AVQImage@@I@Z
?alphaMapForGlyph@QFontEngine@@UEAA?AVQImage@@IAEBVQTransform@@@Z
?averageCharWidth@QFontEngine@@UEBA?AUQFixed@@XZ
?getUnscaledGlyph@QFontEngine@@UEAAXIPEAVQPainterPath@@PEAUglyph_metrics_t@@@Z
?minLeftBearing@QFontEngine@@UEBANXZ
?minRightBearing@QFontEngine@@UEBANXZ
?properties@QFontEngine@@UEBA?AUProperties@1@XZ
?supportsTransformation@QFontEngine@@UEBA_NAEBVQTransform@@@Z
?synthesized@QFontEngine@@UEBAHXZ
?rgba@QColor@@QEBAIXZ
?determinant@QTransform@@QEBANXZ
?setMatrix@QTransform@@QEAAXNNNNNNNNN@Z
?translate@QTransform@@QEAAAEAV1@NN@Z
?map@QTransform@@QEBA?AVQPointF@@AEBV2@@Z
?mapRect@QTransform@@QEBA?AVQRectF@@AEBV2@@Z
??0QImage@@QEAA@PEBEHHHW4Format@0@P6AXPEAX@Z2@Z
?copy@QImage@@QEBA?AV1@AEBVQRect@@@Z
?setColor@QImage@@QEAAXHI@Z
?transformed@QImage@@QEBA?AV1@AEBVQTransform@@W4TransformationMode@Qt@@@Z
?getGlyphPositions@QFontEngine@@QEAAXAEBUQGlyphLayout@@AEBVQTransform@@V?$QFlags@W4RenderFlag@QTextItem@@@@AEAV?$QVarLengthArray@I$0BAA@@@AEAV?$QVarLengthArray@UQFixedPoint@@$0BAA@@@@Z
?alphaRGBMapForGlyph@QFontEngine@@UEAA?AVQImage@@IUQFixed@@AEBVQTransform@@@Z
?harfbuzzFace@QFontEngine@@QEBAPEAXXZ
?qt_fontdata_from_index@@YA?AVQByteArray@@H@Z
?qt_addBitmapToPath@@YAXNNPEBEHHHPEAVQPainterPath@@@Z
?dragCursor@QDrag@@QEBA?AVQPixmap@@W4DropAction@Qt@@@Z
?hotSpot@QDrag@@QEBA?AVQPoint@@XZ
?pixmap@QDrag@@QEBA?AVQPixmap@@XZ
?mimeData@QDrag@@QEBAPEAVQMimeData@@XZ
?updateAction@QPlatformDrag@@QEAAXW4DropAction@Qt@@@Z
?currentDrag@QPlatformDrag@@QEBAPEAVQDrag@@XZ
??1QPlatformDrag@@UEAA@XZ
??0QPlatformDrag@@QEAA@XZ
?answerRect@QPlatformDragQtResponse@@QEBA?AVQRect@@XZ
?acceptedAction@QPlatformDropQtResponse@@QEBA?AW4DropAction@Qt@@XZ
?isAccepted@QPlatformDropQtResponse@@QEBA_NXZ
?setDevicePixelRatio@QPixmap@@QEAAXN@Z
?devicePixelRatio@QPixmap@@QEBANXZ
?height@QPixmap@@QEBAHXZ
?width@QPixmap@@QEBAHXZ
??4QPixmap@@QEAAAEAV0@AEBV0@@Z
??0QPixmap@@QEAA@HH@Z
?retrieveData@QInternalMimeData@@MEBA?AVQVariant@@AEBVQString@@W4Type@2@@Z
?qt_metacast@QInternalMimeData@@UEAAPEAXPEBD@Z
?qt_metacall@QInternalMimeData@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@QInternalMimeData@@UEBAPEBUQMetaObject@@XZ
?hasFormat@QInternalMimeData@@UEBA_NAEBVQString@@@Z
?formats@QInternalMimeData@@UEBA?AVQStringList@@XZ
??6@YA?AVQDebug@@V0@AEBVQImage@@@Z
??0QColor@@QEAA@XZ
??6@YA?AVQDebug@@V0@AEBVQColor@@@Z
?emitChanged@QPlatformClipboard@@QEAAXW4Mode@QClipboard@@@Z
??1QPlatformClipboard@@UEAA@XZ
??0QPlatformClipboard@@QEAA@XZ
??1QInternalMimeData@@UEAA@XZ
??0QInternalMimeData@@QEAA@XZ
?staticMetaObject@QPlatformSystemTrayIcon@@2UQMetaObject@@B
?qt_metacast@QPlatformSystemTrayIcon@@UEAAPEAXPEBD@Z
?qt_metacall@QPlatformSystemTrayIcon@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@QPlatformSystemTrayIcon@@UEBAPEBUQMetaObject@@XZ
??$handleApplicationTermination@USynchronousDelivery@QWindowSystemInterface@@@QWindowSystemInterface@@SA_NXZ
?messageClicked@QPlatformSystemTrayIcon@@QEAAXXZ
?contextMenuRequested@QPlatformSystemTrayIcon@@QEAAXVQPoint@@PEBVQPlatformScreen@@@Z
?activated@QPlatformSystemTrayIcon@@QEAAXW4ActivationReason@1@@Z
??1QPlatformSystemTrayIcon@@UEAA@XZ
??0QPlatformSystemTrayIcon@@QEAA@XZ
?setSwapInterval@QSurfaceFormat@@QEAAXH@Z
?options@QSurfaceFormat@@QEBA?AV?$QFlags@W4FormatOption@QSurfaceFormat@@@@XZ
?setOptions@QSurfaceFormat@@QEAAXV?$QFlags@W4FormatOption@QSurfaceFormat@@@@@Z
?setVersion@QSurfaceFormat@@QEAAXHH@Z
?staticMetaObject@QSurfaceFormat@@2UQMetaObject@@B
?initialize@QPlatformOpenGLContext@@UEAAXXZ
?defaultFramebufferObject@QPlatformOpenGLContext@@UEBAIPEAVQPlatformSurface@@@Z
?parseOpenGLVersion@QPlatformOpenGLContext@@SA_NAEBVQByteArray@@AEAH1@Z
??1QPlatformOpenGLContext@@UEAA@XZ
??0QPlatformOpenGLContext@@QEAA@XZ
?shareHandle@QOpenGLContext@@QEBAPEAVQPlatformOpenGLContext@@XZ
?nativeHandle@QOpenGLContext@@QEBA?AVQVariant@@XZ
?setNativeHandle@QOpenGLContext@@QEAAXAEBVQVariant@@@Z
?setColorSpace@QSurfaceFormat@@QEAAXW4ColorSpace@1@@Z
?colorSpace@QSurfaceFormat@@QEBA?AW4ColorSpace@1@XZ
?swapInterval@QSurfaceFormat@@QEBAHXZ
?testOption@QSurfaceFormat@@QEBA_NW4FormatOption@1@@Z
?setOption@QSurfaceFormat@@QEAAXW4FormatOption@1@_N@Z
?setStereo@QSurfaceFormat@@QEAAX_N@Z
?minorVersion@QSurfaceFormat@@QEBAHXZ
?setMinorVersion@QSurfaceFormat@@QEAAXH@Z
?majorVersion@QSurfaceFormat@@QEBAHXZ
?setMajorVersion@QSurfaceFormat@@QEAAXH@Z
?renderableType@QSurfaceFormat@@QEBA?AW4RenderableType@1@XZ
?setRenderableType@QSurfaceFormat@@QEAAXW4RenderableType@1@@Z
?profile@QSurfaceFormat@@QEBA?AW4OpenGLContextProfile@1@XZ
?setProfile@QSurfaceFormat@@QEAAXW4OpenGLContextProfile@1@@Z
?swapBehavior@QSurfaceFormat@@QEBA?AW4SwapBehavior@1@XZ
?setSwapBehavior@QSurfaceFormat@@QEAAXW4SwapBehavior@1@@Z
?samples@QSurfaceFormat@@QEBAHXZ
?setSamples@QSurfaceFormat@@QEAAXH@Z
?alphaBufferSize@QSurfaceFormat@@QEBAHXZ
?setAlphaBufferSize@QSurfaceFormat@@QEAAXH@Z
?blueBufferSize@QSurfaceFormat@@QEBAHXZ
?setBlueBufferSize@QSurfaceFormat@@QEAAXH@Z
?greenBufferSize@QSurfaceFormat@@QEBAHXZ
?setGreenBufferSize@QSurfaceFormat@@QEAAXH@Z
?redBufferSize@QSurfaceFormat@@QEBAHXZ
?setRedBufferSize@QSurfaceFormat@@QEAAXH@Z
?stencilBufferSize@QSurfaceFormat@@QEBAHXZ
?setStencilBufferSize@QSurfaceFormat@@QEAAXH@Z
?depthBufferSize@QSurfaceFormat@@QEBAHXZ
?setDepthBufferSize@QSurfaceFormat@@QEAAXH@Z
??4QSurfaceFormat@@QEAAAEAV0@AEBV0@@Z
??0QSurfaceFormat@@QEAA@AEBV0@@Z
??0QSurfaceFormat@@QEAA@XZ
?gpuFeatures@QOpenGLConfig@@SA?AV?$QSet@VQString@@@@AEBUGpu@1@AEBVQString@@@Z
??0Gpu@QOpenGLConfig@@QEAA@AEBU01@@Z
??1Gpu@QOpenGLConfig@@QEAA@XZ
?fromDevice@Gpu@QOpenGLConfig@@SA?AU12@IIVQVersionNumber@@AEBVQByteArray@@@Z
?equals@Gpu@QOpenGLConfig@@QEBA_NAEBU12@@Z
?handle@QOpenGLContext@@QEBAPEAVQPlatformOpenGLContext@@XZ
?staticMetaObject@QFileDialogOptions@@2UQMetaObject@@B
?styleHint@QPlatformDialogHelper@@UEBA?AVQVariant@@W4StyleHint@1@@Z
?selectedMimeTypeFilter@QPlatformFileDialogHelper@@UEBA?AVQString@@XZ
?selectMimeTypeFilter@QPlatformFileDialogHelper@@UEAAXAEBVQString@@@Z
?qt_metacast@QPlatformFileDialogHelper@@UEAAPEAXPEBD@Z
?qt_metacall@QPlatformFileDialogHelper@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@QPlatformFileDialogHelper@@UEBAPEBUQMetaObject@@XZ
?isSupportedUrl@QPlatformFileDialogHelper@@UEBA_NAEBVQUrl@@@Z
??1QPlatformFileDialogHelper@@UEAA@XZ
??0QPlatformFileDialogHelper@@QEAA@XZ
?filterSelected@QPlatformFileDialogHelper@@QEAAXAEBVQString@@@Z
?directoryEntered@QPlatformFileDialogHelper@@QEAAXAEBVQUrl@@@Z
?currentChanged@QPlatformFileDialogHelper@@QEAAXAEBVQUrl@@@Z
?options@QPlatformFileDialogHelper@@QEBAAEBV?$QSharedPointer@VQFileDialogOptions@@@@XZ
?initiallySelectedFiles@QFileDialogOptions@@QEBA?AV?$QList@VQUrl@@@@XZ
?initiallySelectedNameFilter@QFileDialogOptions@@QEBA?AVQString@@XZ
?initialDirectory@QFileDialogOptions@@QEBA?AVQUrl@@XZ
?isLabelExplicitlySet@QFileDialogOptions@@QEAA_NW4DialogLabel@1@@Z
?labelText@QFileDialogOptions@@QEBA?AVQString@@W4DialogLabel@1@@Z
?defaultSuffix@QFileDialogOptions@@QEBA?AVQString@@XZ
?nameFilters@QFileDialogOptions@@QEBA?AVQStringList@@XZ
?acceptMode@QFileDialogOptions@@QEBA?AW4AcceptMode@1@XZ
?fileMode@QFileDialogOptions@@QEBA?AW4FileMode@1@XZ
?options@QFileDialogOptions@@QEBA?AV?$QFlags@W4FileDialogOption@QFileDialogOptions@@@@XZ
?testOption@QFileDialogOptions@@QEBA_NW4FileDialogOption@1@@Z
?windowTitle@QFileDialogOptions@@QEBA?AVQString@@XZ
?reject@QPlatformDialogHelper@@QEAAXXZ
?accept@QPlatformDialogHelper@@QEAAXXZ
?tag@QPlatformMenuItem@@UEBA_KXZ
?tag@QPlatformMenu@@UEBA_KXZ
?showPopup@QPlatformMenu@@UEAAXPEBVQWindow@@AEBVQRect@@PEBVQPlatformMenuItem@@@Z
?setTag@QPlatformMenuItem@@UEAAX_K@Z
?setTag@QPlatformMenu@@UEAAX_K@Z
?setNativeContents@QPlatformMenuItem@@UEAAX_K@Z
?setMinimumWidth@QPlatformMenu@@UEAAXH@Z
?setMenuType@QPlatformMenu@@UEAAXW4MenuType@1@@Z
?setHasExclusiveGroup@QPlatformMenuItem@@UEAAX_N@Z
?setFont@QPlatformMenu@@UEAAXAEBVQFont@@@Z
?parentWindow@QPlatformMenuBar@@UEBAPEAVQWindow@@XZ
?dismiss@QPlatformMenu@@UEAAXXZ
??0QPlatformMenuBar@@QEAA@XZ
?aboutToHide@QPlatformMenu@@QEAAXXZ
?aboutToShow@QPlatformMenu@@QEAAXXZ
??0QPlatformMenu@@QEAA@XZ
?activated@QPlatformMenuItem@@QEAAXXZ
??0QPlatformMenuItem@@QEAA@XZ
??6@YA?AVQDebug@@V0@AEBVQIcon@@@Z
?cacheKey@QIcon@@QEBA_JXZ
??4QIcon@@QEAAAEAV0@AEBV0@@Z
??0QIcon@@QEAA@XZ
??8QKeySequence@@QEBA_NAEBV0@@Z
??4QKeySequence@@QEAAAEAV0@AEBV0@@Z
?toString@QKeySequence@@QEBA?AVQString@@W4SequenceFormat@1@@Z
?isEmpty@QKeySequence@@QEBA_NXZ
??0QKeySequence@@QEAA@XZ
?write@QPixmapIconEngine@@UEBA_NAEAVQDataStream@@@Z
?virtual_hook@QPixmapIconEngine@@UEAAXHPEAX@Z
?standardButtonText@QPlatformTheme@@UEBA?AVQString@@H@Z
?standardButtonShortcut@QPlatformTheme@@UEBA?AVQKeySequence@@H@Z
?read@QPixmapIconEngine@@UEAA_NAEAVQDataStream@@@Z
?paint@QPixmapIconEngine@@UEAAXPEAVQPainter@@AEBVQRect@@W4Mode@QIcon@@W4State@5@@Z
?keyBindings@QPlatformTheme@@UEBA?AV?$QList@VQKeySequence@@@@W4StandardKey@QKeySequence@@@Z
?key@QPixmapIconEngine@@UEBA?AVQString@@XZ
?iconName@QIconEngine@@UEBA?AVQString@@XZ
?createIconEngine@QPlatformTheme@@UEBAPEAVQIconEngine@@AEBVQString@@@Z
?clone@QPixmapIconEngine@@UEBAPEAVQIconEngine@@XZ
?availableSizes@QIconEngine@@UEBA?AV?$QList@VQSize@@@@W4Mode@QIcon@@W4State@4@@Z
?addPixmap@QPixmapIconEngine@@UEAAXAEBVQPixmap@@W4Mode@QIcon@@W4State@4@@Z
?addFile@QPixmapIconEngine@@UEAAXAEBVQString@@AEBVQSize@@W4Mode@QIcon@@W4State@5@@Z
?qt_pixmapFromWinHICON@@YA?AVQPixmap@@PEAUHICON__@@@Z
??1QPixmapIconEngine@@UEAA@XZ
??0QPixmapIconEngine@@QEAA@XZ
?insert@QPixmapCache@@SA_NAEBVQString@@AEBVQPixmap@@@Z
?find@QPixmapCache@@SA_NAEBVQString@@PEAVQPixmap@@@Z
?desktopSettingsAware@QGuiApplication@@SA_NXZ
?setColorGroup@QPalette@@QEAAXW4ColorGroup@1@AEBVQBrush@@11111111@Z
?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z
?color@QPalette@@QEBAAEBVQColor@@W4ColorGroup@1@W4ColorRole@1@@Z
??0QPalette@@QEAA@AEBV0@@Z
??0QPalette@@QEAA@AEBVQColor@@000000@Z
?drawPixmap@QPainter@@QEAAXHHHHAEBVQPixmap@@@Z
??1QPainter@@QEAA@XZ
??0QPainter@@QEAA@PEAVQPaintDevice@@@Z
??8QBrush@@QEBA_NAEBV0@@Z
??0QIcon@@QEAA@PEAVQIconEngine@@@Z
?darker@QColor@@QEBA?AV1@H@Z
?lighter@QColor@@QEBA?AV1@H@Z
?blue@QColor@@QEBAHXZ
?green@QColor@@QEBAHXZ
?red@QColor@@QEBAHXZ
??0QColor@@QEAA@I@Z
??0QColor@@QEAA@HHHH@Z
?setStyleHint@QFont@@QEAAXW4StyleHint@1@W4StyleStrategy@1@@Z
?pointSize@QFont@@QEBAHXZ
??1QFont@@QEAA@XZ
??0QFont@@QEAA@AEBV0@@Z
??0QFont@@QEAA@AEBVQString@@HH_N@Z
?standardPixmap@QPlatformTheme@@UEBA?AVQPixmap@@W4StandardPixmap@1@AEBVQSizeF@@@Z
?themeHint@QPlatformTheme@@UEBA?AVQVariant@@W4ThemeHint@1@@Z
??1QPlatformTheme@@UEAA@XZ
??0QPlatformTheme@@QEAA@XZ
?staticMetaObject@QInputMethod@@2UQMetaObject@@B
?isValid@QPlatformInputContext@@UEBA_NXZ
?isAnimating@QPlatformInputContext@@UEBA_NXZ
?inputDirection@QPlatformInputContext@@UEBA?AW4LayoutDirection@Qt@@XZ
?filterEvent@QPlatformInputContext@@UEAA_NPEBVQEvent@@@Z
?commit@QPlatformInputContext@@UEAAXXZ
?brush@QPalette@@QEBAAEBVQBrush@@W4ColorGroup@1@W4ColorRole@1@@Z
??1QPalette@@QEAA@XZ
?setUnderlineStyle@QTextCharFormat@@QEAAXW4UnderlineStyle@1@@Z
??0QTextCharFormat@@QEAA@XZ
??BQTextFormat@@QEBA?AVQVariant@@XZ
?setProperty@QTextFormat@@QEAAXHAEBVQVariant@@@Z
??1QTextFormat@@QEAA@XZ
??0QTextFormat@@QEAA@AEBV0@@Z
?color@QBrush@@QEBAAEBVQColor@@XZ
??BQBrush@@QEBA?AVQVariant@@XZ
??1QBrush@@QEAA@XZ
??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z
?inputMethod@QGuiApplication@@SAPEAVQInputMethod@@XZ
?queryKeyboardModifiers@QGuiApplication@@SA?AV?$QFlags@W4KeyboardModifier@Qt@@@@XZ
?palette@QGuiApplication@@SA?AVQPalette@@XZ
??0QInputMethodEvent@@QEAA@AEBVQString@@AEBV?$QList@VAttribute@QInputMethodEvent@@@@@Z
?inputMethodAccepted@QPlatformInputContext@@QEBA_NXZ
?emitLocaleChanged@QPlatformInputContext@@QEAAXXZ
?invokeAction@QPlatformInputContext@@UEAAXW4Action@QInputMethod@@H@Z
?update@QPlatformInputContext@@UEAAXV?$QFlags@W4InputMethodQuery@Qt@@@@@Z
?reset@QPlatformInputContext@@UEAAXXZ
??1QPlatformInputContext@@UEAA@XZ
??0QPlatformInputContext@@QEAA@XZ
?cursorRectangleChanged@QInputMethod@@QEAAXXZ
?queryFocusObject@QInputMethod@@SA?AVQVariant@@W4InputMethodQuery@Qt@@V2@@Z
?cursorRectangle@QInputMethod@@QEBA?AVQRectF@@XZ
?pointerEvent@QPlatformCursor@@UEAAXAEBVQMouseEvent@@@Z
?qt_createIconMask@@YAPEAUHBITMAP__@@AEBVQBitmap@@@Z
?qt_pixmapToWinHBITMAP@@YAPEAUHBITMAP__@@AEBVQPixmap@@H@Z
?scaleAndOrigin@QHighDpiScaling@@SA?AUScaleAndOrigin@1@PEBVQPlatformScreen@@PEAVQPoint@@@Z
??1QBitmap@@UEAA@XZ
??4QBitmap@@QEAAAEAV0@$$QEAV0@@Z
??0QBitmap@@QEAA@AEBVQSize@@@Z
??0QPlatformCursor@@QEAA@XZ
?cacheKey@QPixmap@@QEBA_JXZ

qt5core

?set@QThreadStorageData@@QEAAPEAPEAXPEAX@Z
?get@QThreadStorageData@@QEBAPEAPEAXXZ
??1QThreadStorageData@@QEAA@XZ
??0QThreadStorageData@@QEAA@P6AXPEAX@Z@Z
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QFile@@UEAA@XZ
??0QFile@@QEAA@AEBVQString@@@Z
?close@QFileDevice@@UEAAXXZ
?remove@QString@@QEAAAEAV1@AEBV1@W4CaseSensitivity@Qt@@@Z
?remove@QString@@QEAAAEAV1@AEBVQRegularExpression@@@Z
?split@QStringRef@@QEBA?AV?$QVector@VQStringRef@@@@VQChar@@V?$QFlags@W4SplitBehaviorFlags@Qt@@@@W4CaseSensitivity@Qt@@@Z
?toString@QStringRef@@QEBA?AVQString@@XZ
?trimmed@QStringRef@@QEBA?AV1@XZ
?appendLatin1To@QAbstractConcatenable@@KAXPEBDHPEAVQChar@@@Z
?system@QLocale@@SA?AV1@XZ
?isRelativePath@QDir@@SA_NAEBVQString@@@Z
?allKeys@QSettings@@QEBA?AVQStringList@@XZ
?fatal@QMessageLogger@@QEBAXPEBDZZ
??BQByteArray@@QEBAPEBDXZ
?remove@QByteArray@@QEAAAEAV1@HH@Z
?indexOf@QString@@QEBAHVQLatin1String@@HW4CaseSensitivity@Qt@@@Z
?toUtf8@QString@@QEGBA?AVQByteArray@@XZ
?fromUtf8@QString@@SA?AV1@PEBDH@Z
??0QPointF@@QEAA@XZ
?prepend@QListData@@QEAAPEAPEAXXZ
?move@QListData@@QEAAXHH@Z
?isNativePath@QFileInfo@@QEBA_NXZ
??0QRecursiveMutex@@QEAA@XZ
??1QRecursiveMutex@@QEAA@XZ
?toByteArray@QUuid@@QEBA?AVQByteArray@@XZ
z_inflate
z_inflateEnd
z_inflateReset
z_inflateInit2_
z_adler32
z_crc32
z_inflateReset2
z_inflateValidate
?isExecutable@QFileInfo@@QEBA_NXZ
?isSymLink@QFileInfo@@QEBA_NXZ
?scaled@QSize@@QEBA?AV1@AEBV1@W4AspectRatioMode@Qt@@@Z
?setColor@QMapNodeBase@@QEAAXW4Color@1@@Z
?encodeName@QFile@@SA?AVQByteArray@@AEBVQString@@@Z
??0QByteArray@@QEAA@HW4Initialization@Qt@@@Z
?qHash@@YAIAEBVQByteArray@@I@Z
?end@QByteArray@@QEBAPEBDXZ
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
??0QString@@QEAA@HW4Initialization@Qt@@@Z
?number@QString@@SA?AV1@_KH@Z
?number@QString@@SA?AV1@KH@Z
?constData@QString@@QEBAPEBVQChar@@XZ
?data@QString@@QEAAPEAVQChar@@XZ
?reserve@QString@@QEAAXH@Z
?critical@QMessageLogger@@QEBAXPEBDZZ
?qt_metacall@QEventDispatcherWin32@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QEventDispatcherWin32@@UEAAPEAXPEBD@Z
?staticMetaObject@QEventDispatcherWin32@@2UQMetaObject@@B
?wakeUp@QEventDispatcherWin32@@UEAAXXZ
?unregisterTimers@QEventDispatcherWin32@@UEAA_NPEAVQObject@@@Z
?unregisterTimer@QEventDispatcherWin32@@UEAA_NH@Z
?unregisterSocketNotifier@QEventDispatcherWin32@@UEAAXPEAVQSocketNotifier@@@Z
?unregisterEventNotifier@QEventDispatcherWin32@@UEAAXPEAVQWinEventNotifier@@@Z
?startingUp@QEventDispatcherWin32@@UEAAXXZ
?remainingTime@QEventDispatcherWin32@@UEAAHH@Z
?registeredTimers@QEventDispatcherWin32@@UEBA?AV?$QList@UTimerInfo@QAbstractEventDispatcher@@@@PEAVQObject@@@Z
?registerTimer@QEventDispatcherWin32@@UEAAXHHW4TimerType@Qt@@PEAVQObject@@@Z
?registerSocketNotifier@QEventDispatcherWin32@@UEAAXPEAVQSocketNotifier@@@Z
?registerEventNotifier@QEventDispatcherWin32@@UEAA_NPEAVQWinEventNotifier@@@Z
?interrupt@QEventDispatcherWin32@@UEAAXXZ
?hasPendingEvents@QEventDispatcherWin32@@UEAA_NXZ
?flush@QEventDispatcherWin32@@UEAAXXZ
?event@QEventDispatcherWin32@@UEAA_NPEAVQEvent@@@Z
?closingDown@QEventDispatcherWin32@@UEAAXXZ
?sendPostedEvents@QEventDispatcherWin32@@MEAAXXZ
?processEvents@QEventDispatcherWin32@@UEAA_NV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z
??1QEventDispatcherWin32@@UEAA@XZ
??0QEventDispatcherWin32@@QEAA@PEAVQObject@@@Z
?createInternalHwnd@QEventDispatcherWin32@@IEAAXXZ
?qResourceFeatureZlib@@YAEXZ
?qUnregisterResourceData@@YA_NHPEBE00@Z
?qRegisterResourceData@@YA_NHPEBE00@Z
?arg@QString@@QEBA?AV1@HHHVQChar@@@Z
?arg@QString@@QEBA?AV1@_KHHVQChar@@@Z
?compare@QString@@QEBAHVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?isSpace@QChar@@SA_NI@Z
?append@QListData@@QEAAPEAPEAXAEBU1@@Z
??BQCharRef@@QEBA?AVQChar@@XZ
?toDouble@QString@@QEBANPEA_N@Z
?cmp@QVariant@@QEBA_NAEBV1@@Z
?toDouble@QVariant@@QEBANPEA_N@Z
?applicationName@QCoreApplication@@SA?AVQString@@XZ
?parent@QObject@@QEBAPEAV1@XZ
?destroyed@QObject@@QEAAXPEAV1@@Z
?closingDown@QCoreApplication@@SA_NXZ
?startingUp@QCoreApplication@@SA_NXZ
?manhattanLength@QPointF@@QEBANXZ
?processEvents@QCoreApplication@@SAXV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z
??_0QSize@@QEAAAEAV0@N@Z
?setObjectName@QObject@@QEAAXAEBVQString@@@Z
?msleep@QThread@@SAXK@Z
?hasColor@QMimeData@@QEBA_NXZ
?colorData@QMimeData@@QEBA?AVQVariant@@XZ
?hasHtml@QMimeData@@QEBA_NXZ
?append@QString@@QEAAAEAV1@VQChar@@@Z
?isNull@QVariant@@QEBA_NXZ
?startsWith@QByteArray@@QEBA_NPEBD@Z
?count@QByteArray@@QEBAHD@Z
?indexOf@QByteArray@@QEBAHPEBDH@Z
?location@QLibraryInfo@@SA?AVQString@@W4LibraryLocation@1@@Z
?locate@QStandardPaths@@SA?AVQString@@W4StandardLocation@1@AEBV2@V?$QFlags@W4LocateOption@QStandardPaths@@@@@Z
?isRelative@QFileInfo@@QEBA_NXZ
?decodeName@QFile@@SA?AVQString@@AEBVQByteArray@@@Z
?qt_QMetaEnum_flagDebugOperator@@YAXAEAVQDebug@@_KH@Z
?exec@QTextStreamManipulator@@QEAAXAEAVQTextStream@@@Z
??6QTextStream@@QEAAAEAV0@AEBVQByteArray@@@Z
??6QTextStream@@QEAAAEAV0@AEBVQString@@@Z
??6QTextStream@@QEAAAEAV0@I@Z
??0QVariant@@QEAA@AEBV?$QMap@VQString@@VQVariant@@@@@Z
??0QVariant@@QEAA@VQLatin1String@@@Z
??0QVariant@@QEAA@I@Z
??6@YA?AVQDebug@@V0@AEBVQVersionNumber@@@Z
?toString@QVersionNumber@@QEBA?AVQString@@XZ
?qHash@@YAIAEBVQVersionNumber@@I@Z
?indexOf@QByteArray@@QEBAHDH@Z
??4QByteArray@@QEAAAEAV0@PEBD@Z
?debug@QMessageLogger@@QEBAXPEBDZZ
?qEnvironmentVariableIsSet@@YA_NPEBD@Z
??4QVariant@@QEAAAEAV0@AEBV0@@Z
??M@YA_NAEBVQString@@0@Z
?toLower@QByteArray@@QEGBA?AV1@XZ
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z
?stringValue@QWinRegistryKey@@QEBA?AVQString@@VQStringView@@@Z
?wait@QThread@@QEAA_NVQDeadlineTimer@@@Z
??0QDeadlineTimer@@QEAA@W4ForeverConstant@0@W4TimerType@Qt@@@Z
?hasFragment@QUrl@@QEBA_NXZ
?hasQuery@QUrl@@QEBA_NXZ
?replace@QString@@QEAAAEAV1@VQLatin1String@@AEBV1@W4CaseSensitivity@Qt@@@Z
?insert@QString@@QEAAAEAV1@HVQChar@@@Z
?contains@QString@@QEBA_NVQStringView@@W4CaseSensitivity@Qt@@@Z
?indexOf@QString@@QEBAHAEBV1@HW4CaseSensitivity@Qt@@@Z
?fileName@QTemporaryFile@@UEBA?AVQString@@XZ
?open@QTemporaryFile@@QEAA_NXZ
?setAutoRemove@QTemporaryFile@@QEAAX_N@Z
??1QTemporaryFile@@UEAA@XZ
??0QTemporaryFile@@QEAA@AEBVQString@@@Z
??BQUuid@@QEBA?AU_GUID@@XZ
?isNull@QUuid@@QEBA_NXZ
?fromString@QUuid@@SA?AV1@VQStringView@@@Z
?wait@QThread@@QEAA_NK@Z
?terminate@QThread@@QEAAXXZ
?isRunning@QThread@@QEBA_NXZ
??1QRegularExpression@@QEAA@XZ
??0QRegularExpression@@QEAA@AEBVQString@@V?$QFlags@W4PatternOption@QRegularExpression@@@@@Z
?qAddPostRoutine@@YAXP6AXXZ@Z
?isCriticalEnabled@QLoggingCategory@@QEBA_NXZ
??6@YA?AVQDebug@@V0@AEBVQUrl@@@Z
?path@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
?scheme@QUrl@@QEBA?AVQString@@XZ
?isEmpty@QUrl@@QEBA_NXZ
?errorString@QUrl@@QEBA?AVQString@@XZ
?isValid@QUrl@@QEBA_NXZ
?adjusted@QUrl@@QEBA?AV1@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z
??4QUrl@@QEAAAEAV0@$$QEAV0@@Z
??4QUrl@@QEAAAEAV0@AEBV0@@Z
??0QUrl@@QEAA@AEBV0@@Z
??0QUrl@@QEAA@XZ
?cleanPath@QDir@@SA?AVQString@@AEBV2@@Z
?tempPath@QDir@@SA?AVQString@@XZ
?remove@QFile@@SA_NAEBVQString@@@Z
?errorString@QIODevice@@QEBA?AVQString@@XZ
?setQObjectShared@ExternalRefCountData@QtSharedPointer@@QEAAXPEBVQObject@@_N@Z
??0QSharedData@@QEAA@XZ
?killTimer@QObject@@QEAAXH@Z
?startTimer@QObject@@QEAAHHW4TimerType@Qt@@@Z
??0QObject@@QEAA@PEAV0@@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?QStringList_join@QtPrivate@@YA?AVQString@@PEBVQStringList@@VQStringView@@@Z
?erase@QListData@@QEAAPEAPEAXPEAPEAX@Z
?isSpace@QCharRef@@QEBA_NXZ
?toWCharArray@QString@@QEBAHPEA_W@Z
?toLatin1@QString@@QEHAA?AVQByteArray@@XZ
?replace@QString@@QEAAAEAV1@AEBVQRegularExpression@@AEBV1@@Z
?remove@QString@@QEAAAEAV1@VQChar@@W4CaseSensitivity@Qt@@@Z
?remove@QString@@QEAAAEAV1@HH@Z
?prepend@QString@@QEAAAEAV1@AEBV1@@Z
?insert@QString@@QEAAAEAV1@HAEBV1@@Z
?trimmed@QString@@QEHAA?AV1@XZ
?endsWith@QString@@QEBA_NVQChar@@W4CaseSensitivity@Qt@@@Z
?startsWith@QString@@QEBA_NVQChar@@W4CaseSensitivity@Qt@@@Z
?back@QString@@QEAA?AVQCharRef@@XZ
?chop@QString@@QEAAXH@Z
??4QString@@QEAAAEAV0@VQLatin1String@@@Z
?toBase64@QByteArray@@QEBA?AV1@XZ
?isLetterOrNumber@QChar@@SA_NI@Z
?category@QChar@@SA?AW4Category@1@I@Z
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z
?critical@QMessageLogger@@QEBA?AVQDebug@@XZ
?staticMetaObject@QObject@@2UQMetaObject@@B
?canConvert@QVariant@@QEBA_NH@Z
?typeFlags@QMetaType@@SA?AV?$QFlags@W4TypeFlag@QMetaType@@@@H@Z
?staticMetaObject@QThread@@2UQMetaObject@@B
?qt_metacast@QThread@@UEAAPEAXPEBD@Z
?qt_metacall@QThread@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@QThread@@UEBAPEBUQMetaObject@@XZ
?event@QThread@@UEAA_NPEAVQEvent@@@Z
?wakeAll@QWaitCondition@@QEAAXXZ
?wait@QWaitCondition@@QEAA_NPEAVQMutex@@VQDeadlineTimer@@@Z
??1QWaitCondition@@QEAA@XZ
??0QWaitCondition@@QEAA@XZ
?unlock@QMutex@@QEAAXXZ
?finished@QThread@@QEAAXUQPrivateSignal@1@@Z
?start@QThread@@QEAAXW4Priority@1@@Z
??1QThread@@UEAA@XZ
??0QThread@@QEAA@PEAVQObject@@@Z
??0QDeadlineTimer@@QEAA@_JW4TimerType@Qt@@@Z
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
?isRoot@QFileInfo@@QEBA_NXZ
?isDir@QFileInfo@@QEBA_NXZ
?isFile@QFileInfo@@QEBA_NXZ
?suffix@QFileInfo@@QEBA?AVQString@@XZ
?fileName@QFileInfo@@QEBA?AVQString@@XZ
?absoluteFilePath@QFileInfo@@QEBA?AVQString@@XZ
?filePath@QFileInfo@@QEBA?AVQString@@XZ
?exists@QFileInfo@@QEBA_NXZ
??1QFileInfo@@QEAA@XZ
??0QFileInfo@@QEAA@AEBV0@@Z
??0QFileInfo@@QEAA@AEBVQString@@@Z
??0QVariant@@QEAA@AEBVQStringList@@@Z
??0QVariant@@QEAA@HPEBXI@Z
?deleteLater@QObject@@QEAAXXZ
?unregisterConverterFunction@QMetaType@@SAXHH@Z
?registerConverterFunction@QMetaType@@SA_NPEBUAbstractConverterFunction@QtPrivate@@HH@Z
?hasRegisteredConverterFunction@QMetaType@@SA_NHH@Z
?typeName@QMetaType@@SAPEBDH@Z
?number@QString@@SA?AV1@HH@Z
?compare@QString@@QEBAHVQStringView@@W4CaseSensitivity@Qt@@@Z
?toUpper@QString@@QEHAA?AV1@XZ
?append@QByteArray@@QEAAAEAV1@PEBDH@Z
?endsWith@QByteArray@@QEBA_ND@Z
?qt_localeFromLCID@@YA?AVQLocale@@K@Z
?boundaryReasons@QTextBoundaryFinder@@QEBA?AV?$QFlags@W4BoundaryReason@QTextBoundaryFinder@@@@XZ
?toPreviousBoundary@QTextBoundaryFinder@@QEAAHXZ
?toNextBoundary@QTextBoundaryFinder@@QEAAHXZ
?setPosition@QTextBoundaryFinder@@QEAAXH@Z
?position@QTextBoundaryFinder@@QEBAHXZ
??0QTextBoundaryFinder@@QEAA@W4BoundaryType@0@AEBVQString@@@Z
??1QTextBoundaryFinder@@QEAA@XZ
??6@YA?AVQDebug@@V0@AEBVQLocale@@@Z
?language@QLocale@@QEBA?AW4Language@1@XZ
??4QLocale@@QEAAAEAV0@$$QEAV0@@Z
??0QLocale@@QEAA@AEBV0@@Z
??6@YA?AVQDebug@@V0@PEBVQObject@@@Z
?clear@QString@@QEAAXXZ
?qEnvironmentVariableIsEmpty@@YA_NPEBD@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@QObject@@UEBAPEBUQMetaObject@@XZ
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
??1QObject@@UEAA@XZ
?toSize@QSizeF@@QEBA?AVQSize@@XZ
?toString@QVariant@@QEBA?AVQString@@XZ
?type@QVariant@@QEBA?AW4Type@1@XZ
?shared_null@QMapDataBase@@2U1@B
?setByteOrder@QDataStream@@QEAAXW4ByteOrder@1@@Z
?status@QDataStream@@QEBA?AW4Status@1@XZ
??1QDataStream@@QEAA@XZ
??0QDataStream@@QEAA@PEAVQByteArray@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?close@QBuffer@@UEAAXXZ
?open@QBuffer@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QBuffer@@UEAA@XZ
??0QBuffer@@QEAA@PEAVQByteArray@@PEAVQObject@@@Z
?toNativeSeparators@QDir@@SA?AVQString@@AEBV2@@Z
?toLocalFile@QUrl@@QEBA?AVQString@@XZ
?fromLocalFile@QUrl@@SA?AV1@AEBVQString@@@Z
?toString@QUrl@@QEBA?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z
?indexOfIn@QStaticByteArrayMatcherBase@@IEBAHPEBDI0HH@Z
?hasImage@QMimeData@@QEBA_NXZ
?imageData@QMimeData@@QEBA?AVQVariant@@XZ
?html@QMimeData@@QEBA?AVQString@@XZ
?hasText@QMimeData@@QEBA_NXZ
?text@QMimeData@@QEBA?AVQString@@XZ
?write@QIODevice@@QEAA_JPEBD_J@Z
?read@QIODevice@@QEAA_JPEAD_J@Z
?isWritable@QIODevice@@QEBA_NXZ
??6@YA?AVQDebug@@V0@W4Type@QVariant@@@Z
??6@YA?AVQDebug@@V0@AEBVQVariant@@@Z
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z
??0QVariant@@QEAA@$$QEAV0@@Z
??0QVariant@@QEAA@AEBVQUrl@@@Z
??0QVariant@@QEAA@AEBV?$QList@VQVariant@@@@@Z
??0QVariant@@QEAA@AEBVQString@@@Z
??0QVariant@@QEAA@AEBVQByteArray@@@Z
??0QVariant@@QEAA@AEBV0@@Z
??0QVariant@@QEAA@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?nextNode@QMapNodeBase@@QEBAPEBU1@XZ
?QStringList_contains@QtPrivate@@YA_NPEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z
??4QCharRef@@QEAAAEAV0@H@Z
??4QCharRef@@QEAAAEAV0@VQChar@@@Z
?fromUtf8@QString@@SA?AV1@AEBVQByteArray@@@Z
?fromLocal8Bit@QString@@SA?AV1@PEBDH@Z
?toUtf8@QString@@QEHAA?AVQByteArray@@XZ
?replace@QString@@QEAAAEAV1@VQLatin1String@@0W4CaseSensitivity@Qt@@@Z
??YQString@@QEAAAEAV0@VQChar@@@Z
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?midRef@QString@@QEBA?AVQStringRef@@HH@Z
?mid@QString@@QEBA?AV1@HH@Z
?lastIndexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z
?indexOf@QString@@QEBAHVQStringView@@HW4CaseSensitivity@Qt@@@Z
?indexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z
??AQString@@QEAA?AVQCharRef@@H@Z
?unicode@QString@@QEBAPEBVQChar@@XZ
?truncate@QString@@QEAAXH@Z
?resize@QString@@QEAAXH@Z
??4QByteRef@@QEAAAEAV0@D@Z
?fromRawData@QByteArray@@SA?AV1@PEBDH@Z
?number@QByteArray@@SA?AV1@HH@Z
?toInt@QByteArray@@QEBAHPEA_NH@Z
?replace@QByteArray@@QEAAAEAV1@DPEBD@Z
?mid@QByteArray@@QEBA?AV1@HH@Z
??AQByteArray@@QEAA?AVQByteRef@@H@Z
?at@QByteArray@@QEBADH@Z
?clear@QByteArray@@QEAAXXZ
?detach@QByteArray@@QEAAXXZ
?data@QByteArray@@QEBAPEBDXZ
?data@QByteArray@@QEAAPEADXZ
?resize@QByteArray@@QEAAXH@Z
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
??0QByteArray@@QEAA@$$QEAV0@@Z
??4QByteArray@@QEAAAEAV0@AEBV0@@Z
??0QByteArray@@QEAA@HD@Z
?hasUrls@QMimeData@@QEBA_NXZ
?urls@QMimeData@@QEBA?AV?$QList@VQUrl@@@@XZ
?isLocalFile@QUrl@@QEBA_NXZ
??1QUrl@@QEAA@XZ
??6QDebug@@QEAAAEAV0@_J@Z
??6@YA?AVQDebug@@V0@AEBVQPointF@@@Z
?qt_error_string@@YA?AVQString@@H@Z
?staticMetaObject@QEvent@@2UQMetaObject@@B
?moveCenter@QRectF@@QEAAXAEBVQPointF@@@Z
?inherits@QObject@@QEBA_NPEBD@Z
?hasShrunk@QHashData@@QEAAXXZ
?realloc@QListData@@QEAAXH@Z
??1?$QVector@VQPointF@@@@QEAA@XZ
??0?$QVector@VQPointF@@@@QEAA@AEBV0@@Z
??0?$QVector@VQPointF@@@@QEAA@XZ
?valueToKeys@QMetaEnum@@QEBA?AVQByteArray@@H@Z
?valueToKey@QMetaEnum@@QEBAPEBDH@Z
?sendEvent@QCoreApplication@@SA_NPEAVQObject@@PEAVQEvent@@@Z
??1QLocale@@QEAA@XZ
??0QLocale@@QEAA@XZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
??1Connection@QMetaObject@@QEAA@XZ
?enumerator@QMetaObject@@QEBA?AVQMetaEnum@@H@Z
?indexOfEnumerator@QMetaObject@@QEBAHPEBD@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
??0QString@@QEAA@VQChar@@@Z
??0QString@@QEAA@PEBVQChar@@H@Z
?toUpper@QChar@@SAII@Z
?toLower@QChar@@SAII@Z
?isLetter@QChar@@QEBA_NXZ
??0QChar@@QEAA@XZ
?reserve@QByteArray@@QEAAXH@Z
??0QByteArray@@QEAA@XZ
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z
??1QSettings@@UEAA@XZ
??0QSettings@@QEAA@AEBVQString@@W4Format@0@PEAVQObject@@@Z
?qt_QMetaEnum_debugOperator@@YA?AVQDebug@@AEAV1@HPEBUQMetaObject@@PEBD@Z
??UQRect@@QEBA?AV0@AEBV0@@Z
?toInt@QVariant@@QEBAHPEA_N@Z
?toPoint@QPointF@@QEBA?AVQPoint@@XZ
?manhattanLength@QPoint@@QEBAHXZ
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z
?sharedNull@QArrayData@@SAPEAU1@XZ
?is_app_running@QCoreApplicationPrivate@@2_NA
?Windows8_1@QOperatingSystemVersion@@2V1@B
?Windows8@QOperatingSystemVersion@@2V1@B
?shared_null@QHashData@@2U1@B
?dwordValue@QWinRegistryKey@@QEBA?AU?$QPair@K_N@@VQStringView@@@Z
??1QWinRegistryKey@@QEAA@XZ
??0QWinRegistryKey@@QEAA@PEAUHKEY__@@VQStringView@@KK@Z
?load@QSystemLibrary@@SAPEAUHINSTANCE__@@PEB_W_N@Z
?createUuid@QUuid@@SA?AV1@XZ
?toString@QUuid@@QEBA?AVQString@@XZ
?filterNativeEvent@QAbstractEventDispatcher@@QEAA_NAEBVQByteArray@@PEAXPEAJ@Z
?instance@QAbstractEventDispatcher@@SAPEAV1@PEAVQThread@@@Z
?quit@QCoreApplication@@SAXXZ
?instance@QCoreApplication@@SAPEAV1@XZ
?get@QObjectPrivate@@SAPEAV1@PEAVQObject@@@Z
??0QOperatingSystemVersion@@QEAA@W4OSType@0@HHH@Z
?setFilterRules@QLoggingCategory@@SAXAEBVQString@@@Z
??1QLoggingCategory@@QEAA@XZ
??0QLoggingCategory@@QEAA@PEBD@Z
??6QTextStream@@QEAAAEAV0@PEBD@Z
??6QTextStream@@QEAAAEAV0@H@Z
??6QTextStream@@QEAAAEAV0@D@Z
??1QTextStream@@UEAA@XZ
??0QTextStream@@QEAA@PEAVQString@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?indexOfSignal@QMetaObject@@QEBAHPEBD@Z
?cast@QMetaObject@@QEBAPEAVQObject@@PEAV2@@Z
?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z
?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z
?rehash@QHashData@@QEAAXH@Z
?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z
?freeNode@QHashData@@QEAAXPEAX@Z
?allocateNode@QHashData@@QEAAPEAXH@Z
?qHash@@YAIAEBVQString@@I@Z
?fromUtf16@QString@@SA?AV1@PEBGH@Z
?fromLocal8Bit@QString@@SA?AV1@AEBVQByteArray@@@Z
?fromLatin1@QString@@SA?AV1@PEBDH@Z
?append@QString@@QEAAAEAV1@VQLatin1String@@@Z
?append@QString@@QEAAAEAV1@AEBV1@@Z
?asprintf@QString@@SA?AV1@PEBDZZ
??0QString@@QEAA@$$QEAV0@@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
?qustrlen@QtPrivate@@YA_JPEBG@Z
??YQByteArray@@QEAAAEAV0@AEBVQString@@@Z
?append@QByteArray@@QEAAAEAV1@D@Z
??0QByteArray@@QEAA@AEBV0@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
?qErrnoWarning@@YAXHPEBDZZ
?qgetenv@@YA?AVQByteArray@@PEBD@Z
?shared_null@QListData@@2UData@1@B
?unlock@QMutexLocker@@QEAAXXZ
?lock@QMutex@@QEAAXXZ
??1QMutex@@QEAA@XZ
??0QMutex@@QEAA@XZ
?testAttribute@QCoreApplication@@SA_NW4ApplicationAttribute@Qt@@@Z
?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z
?isWarningEnabled@QLoggingCategory@@QEBA_NXZ
??6QDebug@@QEAAAEAV0@VQLatin1String@@@Z
??6QDebug@@QEAAAEAV0@AEBVQStringRef@@@Z
??6QDebug@@QEAAAEAV0@_K@Z
??0QVariant@@QEAA@N@Z
??0QVariant@@QEAA@H@Z
?append@QListData@@QEAAPEAPEAXXZ
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z
?toInt@QStringRef@@QEBAHPEA_NH@Z
?isNull@QString@@QEBA_NXZ
??8QString@@QEBA_NVQLatin1String@@@Z
?endsWith@QString@@QEBA_NVQStringView@@W4CaseSensitivity@Qt@@@Z
?startsWith@QString@@QEBA_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?startsWith@QString@@QEBA_NVQStringView@@W4CaseSensitivity@Qt@@@Z
?rightRef@QString@@QEBA?AVQStringRef@@H@Z
?at@QString@@QEBA?BVQChar@@H@Z
?data@QString@@QEBAPEBVQChar@@XZ
??0QString@@QEAA@VQLatin1String@@@Z
?compareStrings@QtPrivate@@YAHVQStringView@@0W4CaseSensitivity@Qt@@@Z
?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ
?Windows10@QOperatingSystemVersion@@2V1@B
?staticQtMetaObject@QObject@@1UQMetaObject@@B
?isDebugBuild@QLibraryInfo@@SA_NXZ
?compare@QOperatingSystemVersion@@CAHAEBV1@0@Z
?current@QOperatingSystemVersion@@SA?AV1@XZ
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ
?qt_QMetaEnum_flagDebugOperator@@YA?AVQDebug@@AEAV1@_KPEBUQMetaObject@@PEBD@Z
??1QDebugStateSaver@@QEAA@XZ
??0QDebugStateSaver@@QEAA@AEAVQDebug@@@Z
??6QDebug@@QEAAAEAV0@P6AAEAVQTextStream@@AEAV1@@Z@Z
??6QDebug@@QEAAAEAV0@PEBX@Z
??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
??6QDebug@@QEAAAEAV0@N@Z
??6QDebug@@QEAAAEAV0@K@Z
??6QDebug@@QEAAAEAV0@J@Z
??6QDebug@@QEAAAEAV0@I@Z
??6QDebug@@QEAAAEAV0@H@Z
??6QDebug@@QEAAAEAV0@G@Z
??6QDebug@@QEAAAEAV0@D@Z
??6QDebug@@QEAAAEAV0@_N@Z
?noquote@QDebug@@QEAAAEAV1@XZ
??1QDebug@@QEAA@XZ
??0QDebug@@QEAA@$$QEAV0@@Z
??0QDebug@@QEAA@PEAVQString@@@Z
?uppercasedigits@Qt@@YAAEAVQTextStream@@AEAV2@@Z
?noforcesign@Qt@@YAAEAVQTextStream@@AEAV2@@Z
?noshowbase@Qt@@YAAEAVQTextStream@@AEAV2@@Z
?forcesign@Qt@@YAAEAVQTextStream@@AEAV2@@Z
?showbase@Qt@@YAAEAVQTextStream@@AEAV2@@Z
?hex@Qt@@YAAEAVQTextStream@@AEAV2@@Z
?dec@Qt@@YAAEAVQTextStream@@AEAV2@@Z
?setFieldWidth@QTextStream@@QEAAXH@Z
?setPadChar@QTextStream@@QEAAXVQChar@@@Z
?qAppName@@YA?AVQString@@XZ
?convert@QVariant@@QEBA_NHPEAX@Z
?constData@QVariant@@QEBAPEBXXZ

shell32

Shell_NotifyIconGetRect
Shell_NotifyIconW
ShellExecuteW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ord727
SHGetStockIconInfo
SHGetFileInfoW

winmm

PlaySoundW

kernel32

GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetModuleFileNameW
GetModuleHandleExW
ReadFile
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
EncodePointer
SetLastError
InterlockedFlushSList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
CompareStringW
InitializeSListHead
GetSystemTimeAsFileTime
LCMapStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetModuleHandleA
OpenProcess
CheckRemoteDebuggerPresent
LoadLibraryW
LoadLibraryA
CreateProcessW
CloseHandle
ExpandEnvironmentStringsW
GetCurrentProcessId
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
WTSGetActiveConsoleSessionId
FormatMessageW
GetProcAddress
GetLastError
GetModuleHandleW
GetCurrentThreadId
MultiByteToWideChar
GetFileSizeEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetConsoleMode
HeapFree
HeapAlloc
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetFileType
GetUserDefaultLangID
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
QueryPerformanceCounter

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 127B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstalIеr-x86/cfg/styles/qwindowsvistastyle.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TT18.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\danie\Desktop\Vikings\Vikings\obj\Debug\Vikings.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTDesktop18.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\danie\source\repos\Qwest\Qwest\obj\Debug\Qwest.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TikTokDesktop18.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\danie\Desktop\Vikings\Vikings\obj\Debug\Vikings.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17.9MB - Virtual size: 17.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adjthjawdth.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 886KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bxftjhksaef.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 133KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 919KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cli.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\danie\Desktop\Maxx\cli\cli\obj\Debug\cli.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dujkgsf.exe
.exe windows:5 windows x86 arch:x86

b43a496632b1ed46252f26d650f3ccb2

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-01-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-07-2021 00:00

Not After

27-07-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9c:12:44:48:06:1e:99:e6:9c:d9:5d:57:c8:07:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27-06-2024 00:00

Not After

15-10-2024 23:59

Subject

SERIALNUMBER=4969967,CN=Zoom Video Communications\, Inc.,O=Zoom Video Communications\, Inc.,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-01-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-07-2021 00:00

Not After

27-07-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9c:12:44:48:06:1e:99:e6:9c:d9:5d:57:c8:07:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27-06-2024 00:00

Not After

15-10-2024 23:59

Subject

SERIALNUMBER=4969967,CN=Zoom Video Communications\, Inc.,O=Zoom Video Communications\, Inc.,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:3e:7c:44:eb:55:a0:68:e5:7e:20:e9:02:05:38:2f:6c:55:72:e0
Signer

Actual PE Digest

9c:3e:7c:44:eb:55:a0:68:e5:7e:20:e9:02:05:38:2f:6c:55:72:e0

Digest Algorithm

sha1

PE Digest Matches

true

06:97:53:54:24:f5:b7:b4:3d:2a:0a:2f:72:47:7a:5f:de:ef:bd:db:38:ba:53:46:4b:e4:ed:ce:8f:5e:33:78
Signer

Actual PE Digest

06:97:53:54:24:f5:b7:b4:3d:2a:0a:2f:72:47:7a:5f:de:ef:bd:db:38:ba:53:46:4b:e4:ed:ce:8f:5e:33:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb

Imports

shlwapi

ord155
StrCmpNIW
StrStrA
PathAppendW
PathIsRelativeW

kernel32

GetFileAttributesA
FileTimeToSystemTime
CreateDirectoryA
GetSystemTime
GetFileTime
SetUnhandledExceptionFilter
GetTickCount
GetSystemDirectoryW
LoadLibraryW
ExitProcess
LoadLibraryExW
HeapLock
HeapWalk
GetVersion
HeapUnlock
ReleaseSemaphore
CreateSemaphoreA
VerifyVersionInfoA
GetCommandLineA
GetWindowsDirectoryA
GetStartupInfoA
VerSetConditionMask
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ExitThread
TerminateThread
CreateThread
DeleteCriticalSection
CompareFileTime
WriteFile
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
FlushFileBuffers
ReleaseMutex
GetLocalTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
TerminateProcess
GetTempFileNameA
VerifyVersionInfoW
GetFileAttributesW
OpenProcess
QueryDosDeviceW
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetWindowsDirectoryW
GetModuleHandleW
GetProcessTimes
MultiByteToWideChar
RaiseException
CreateProcessA
WideCharToMultiByte
GetModuleHandleExW
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
TlsSetValue
FreeLibrary
TlsGetValue
IsDebuggerPresent
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
GetProcessHeap
GetCurrentProcessId
GetProcAddress
HeapAlloc
ExpandEnvironmentStringsA
CloseHandle
DeleteFileA
CreateFileA
MoveFileExA
OpenMutexA
GetLastError
CopyFileA
GetTempPathA
Sleep
GetModuleHandleA
GetCurrentThreadId
WaitForSingleObject
CreateMutexA
FindClose
GetCurrentProcess
SetLastError
HeapFree
FindFirstFileA
GetModuleFileNameA
LocalFree
CreateFileW
RtlUnwind

user32

FindWindowW
GetDesktopWindow
GetWindowThreadProcessId
LoadCursorA
InflateRect
GetDC
SetWindowPos
SetActiveWindow
GetSystemMetrics
DrawTextA
MapWindowPoints
GetWindowLongA
FrameRect
AttachThreadInput
GetForegroundWindow
SetFocus
IsWindowVisible
PostMessageA
FindWindowA
PostQuitMessage
LoadIconA
RegisterClassExA
SetForegroundWindow
IsIconic
LoadStringA
RegisterClassA
GetClassInfoA
UnregisterClassA
SetWindowLongA
FillRect
IntersectRect
ShowWindowAsync
SetPropA
GetWindowRect
DestroyWindow
ShowWindow
IsWindow
MoveWindow
GetPropA
DefWindowProcA
CreateWindowExA
GetClientRect
UpdateWindow
InvalidateRect
BeginPaint
EndPaint
PostThreadMessageA
GetMessageA
DispatchMessageA
SetTimer
TranslateMessage
PeekMessageA
KillTimer
SendMessageA

gdi32

SetBkMode
CreateFontIndirectA
DeleteObject
GetObjectA
SelectObject
GetStockObject
SetTextColor
CreateSolidBrush

advapi32

CryptDestroyKey
OpenProcessToken
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DuplicateTokenEx
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptVerifySignatureA

shell32

ShellExecuteW
SHGetFolderPathA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdaerghawd.exe
.exe windows:4 windows x86 arch:x86

0252f8597a857ddcc37d09e38ea5837d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CopyFileA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
free
fwrite
malloc
mbstowcs
memcpy
realloc
rename
setlocale
signal
sprintf
strcoll
strlen
tolower
vfprintf
wcstombs

shell32

ShellExecuteA

user32

CloseClipboard
EmptyClipboard
GetClipboardData
OpenClipboard
SetClipboardData

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fkydjyhjadg.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 131KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fsyjawdr.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 132KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 917KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gjawedrtg.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 134KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 933KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hfaewdth.exe
.exe windows:6 windows x86 arch:x86

dbd248d6a07e5b5d3562c903534448e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
CreateEventW
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
DecodePointer

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jgesfyhjsefa.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jhnykawfkth.exe
.exe windows:6 windows x64 arch:x64

d18aa68269a30cd13693bec0b3505c6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACleanup
inet_pton
WSAStartup
htons
send
socket
connect
recv
closesocket

crypt32

CryptUnprotectData
CryptProtectData

wininet

HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetOpenW
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ntdll

NtQueryObject
RtlReleasePebLock
NtQuerySystemInformation
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock

rstrtmgr

RmGetList
RmStartSession
RmEndSession
RmRegisterResources

kernel32

GetFileInformationByHandleEx
FindFirstFileW
FindNextFileW
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryA
Process32FirstW
CloseHandle
GetSystemInfo
GetProcAddress
LocalFree
ReadProcessMemory
FreeLibrary
VirtualQueryEx
GetLastError
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
VirtualFree
VirtualAlloc
ReadFile
WriteFile
CreateFileW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
VirtualQuery
WriteProcessMemory
GetStdHandle
TerminateProcess
CreateMutexA
ReleaseMutex
OpenMutexA
GetModuleFileNameA
GetVolumeInformationW
GetGeoInfoA
HeapFree
EnterCriticalSection
GetModuleFileNameW
GetProcessId
LeaveCriticalSection
SetFilePointer
InitializeCriticalSectionEx
FreeEnvironmentStringsW
GetModuleHandleA
HeapSize
GetLogicalDriveStringsW
GetFinalPathNameByHandleA
GetTimeZoneInformation
lstrcatW
HeapReAlloc
HeapAlloc
GetUserGeoID
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
GetEnvironmentStringsW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetFileSizeEx
SetFilePointerEx
GetCurrentThreadId
GetFileType
GetStartupInfoW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
RaiseException
SetEndOfFile
GetModuleHandleExW
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
WriteConsoleW
OutputDebugStringW
SetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeCriticalSection
AreFileApisANSI
GetNativeSystemInfo
TryAcquireSRWLockExclusive
LCMapStringEx
CompareStringEx
GlobalMemoryStatusEx
lstrcpyW
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetFileAttributesExW
GetFileAttributesW
FindFirstFileExW
GetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA

user32

EnumDisplayDevicesW
GetDesktopWindow
ReleaseDC
GetSystemMetrics
GetDC
GetWindowRect

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
GetCurrentHwProfileW
RegCloseKey
RegGetValueA
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
RegEnumKeyExA
RevertToSelf
ConvertSidToStringSidA
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
CredEnumerateA
CredFree

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoGetObject

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString

shlwapi

ord12
ord214
ord213
ord184

gdiplus

GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipSaveImageToStream

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 837KB - Virtual size: 837KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kfhtksfesek.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 131KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 917KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kohjaekdfth.exe
.exe windows:6 windows x86 arch:x86

23454d9fe3671c5369b6f4936d1e3735

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
inet_pton
WSAStartup
htons
send
socket
connect
recv
closesocket

crypt32

CryptUnprotectData
CryptProtectData

wininet

HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetOpenW
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ntdll

NtQueryObject
RtlReleasePebLock
RtlAcquirePebLock
NtQuerySystemInformation
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules

rstrtmgr

RmGetList
RmStartSession
RmEndSession
RmRegisterResources

kernel32

GetFileInformationByHandleEx
FindFirstFileW
FindNextFileW
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryA
Process32FirstW
CloseHandle
GetSystemInfo
GetProcAddress
LocalFree
FreeLibrary
GetLastError
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
ReadFile
WriteFile
CreateFileW
GetFileSize
GetCurrentProcess
VirtualQuery
GetStdHandle
TerminateProcess
CreateMutexA
ReleaseMutex
OpenMutexA
GetModuleFileNameA
GetVolumeInformationW
GetGeoInfoA
HeapFree
EnterCriticalSection
GetModuleFileNameW
GetProcessId
LeaveCriticalSection
SetFilePointer
InitializeCriticalSectionEx
FreeEnvironmentStringsW
GetModuleHandleA
HeapSize
GetLogicalDriveStringsW
GetFinalPathNameByHandleA
GetTimeZoneInformation
lstrcatW
HeapReAlloc
GetUserGeoID
GetComputerNameW
GetProcessHeap
GlobalMemoryStatusEx
GetModuleHandleW
lstrcpyW
GetEnvironmentStringsW
SetLastError
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetFileSizeEx
SetFilePointerEx
GetCurrentThreadId
GetFileType
GetStartupInfoW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
RaiseException
SetEndOfFile
GetModuleHandleExW
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
WriteConsoleW
OutputDebugStringW
EncodePointer
SetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
AreFileApisANSI
GetTempPathW
GetNativeSystemInfo
LCMapStringEx
CompareStringEx
DecodePointer
DeleteCriticalSection
GetCommandLineA
GetCommandLineW
HeapAlloc
GetFileAttributesExW
GetFileAttributesW
FindFirstFileExW
GetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA

user32

EnumDisplayDevicesW
GetDesktopWindow
ReleaseDC
GetSystemMetrics
GetDC
GetWindowRect

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
GetCurrentHwProfileW
RegCloseKey
RegGetValueA
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
RegEnumKeyExA
RevertToSelf
ConvertSidToStringSidA
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
CredEnumerateA
CredFree

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoUninitialize
CoTaskMemFree
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoGetObject
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString

shlwapi

ord214
ord184
ord12
ord213

gdiplus

GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipSaveImageToStream

Sections

.text
Size: 816KB - Virtual size: 815KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
krgawdtyjawd.exe
.exe windows:5 windows x86 arch:x86

9688495fa0fb07674109d4238c74f5ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

rand
strncpy
??_V@YAXPAX@Z
strtok
memchr
strtok_s
??_U@YAPAXI@Z
strcpy_s
vsprintf_s
memmove
strlen
malloc
free
memcmp
??2@YAPAXI@Z
memset
memcpy
__CxxFrameHandler3
_except_handler3

kernel32

GetModuleFileNameW
GetStringTypeW
MultiByteToWideChar
LCMapStringW
lstrlenA
HeapAlloc
GetProcessHeap
VirtualProtect
CreateProcessA
lstrcatA
VirtualQueryEx
OpenProcess
ReadProcessMemory
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetProcAddress
GetModuleHandleW
ExitProcess
Sleep
WriteFile
GetStdHandle
GetLastError
LoadLibraryW
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kthkksefd.exe
.exe windows:6 windows x64 arch:x64

d18aa68269a30cd13693bec0b3505c6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACleanup
inet_pton
WSAStartup
htons
send
socket
connect
recv
closesocket

crypt32

CryptUnprotectData
CryptProtectData

wininet

HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetOpenW
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ntdll

NtQueryObject
RtlReleasePebLock
NtQuerySystemInformation
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock

rstrtmgr

RmGetList
RmStartSession
RmEndSession
RmRegisterResources

kernel32

GetFileInformationByHandleEx
FindFirstFileW
FindNextFileW
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryA
Process32FirstW
CloseHandle
GetSystemInfo
GetProcAddress
LocalFree
ReadProcessMemory
FreeLibrary
VirtualQueryEx
GetLastError
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
VirtualFree
VirtualAlloc
ReadFile
WriteFile
CreateFileW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
VirtualQuery
WriteProcessMemory
GetStdHandle
TerminateProcess
CreateMutexA
ReleaseMutex
OpenMutexA
GetModuleFileNameA
GetVolumeInformationW
GetGeoInfoA
HeapFree
EnterCriticalSection
GetModuleFileNameW
GetProcessId
LeaveCriticalSection
SetFilePointer
InitializeCriticalSectionEx
FreeEnvironmentStringsW
GetModuleHandleA
HeapSize
GetLogicalDriveStringsW
GetFinalPathNameByHandleA
GetTimeZoneInformation
lstrcatW
HeapReAlloc
HeapAlloc
GetUserGeoID
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
GetEnvironmentStringsW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetFileSizeEx
SetFilePointerEx
GetCurrentThreadId
GetFileType
GetStartupInfoW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
RaiseException
SetEndOfFile
GetModuleHandleExW
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
WriteConsoleW
OutputDebugStringW
SetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeCriticalSection
AreFileApisANSI
GetNativeSystemInfo
TryAcquireSRWLockExclusive
LCMapStringEx
CompareStringEx
GlobalMemoryStatusEx
lstrcpyW
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetFileAttributesExW
GetFileAttributesW
FindFirstFileExW
GetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA

user32

EnumDisplayDevicesW
GetDesktopWindow
ReleaseDC
GetSystemMetrics
GetDC
GetWindowRect

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
GetCurrentHwProfileW
RegCloseKey
RegGetValueA
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
RegEnumKeyExA
RevertToSelf
ConvertSidToStringSidA
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
CredEnumerateA
CredFree

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoGetObject

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString

shlwapi

ord12
ord214
ord213
ord184

gdiplus

GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipSaveImageToStream

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 838KB - Virtual size: 837KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyhjasehs.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyjjrfgjjsedf.exe
.exe windows:6 windows x64 arch:x64

0095cfee1cdfcef936c4c086b6b4fe85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

closesocket
inet_pton
WSAStartup
send
socket
connect
recv
WSACleanup
htons

crypt32

CryptUnprotectData
CryptProtectData

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenUrlA
InternetOpenA

ntdll

NtQuerySystemInformation
RtlInitUnicodeString
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock
NtQueryObject
NtAllocateVirtualMemory

rstrtmgr

RmGetList
RmStartSession
RmEndSession
RmRegisterResources

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptSetProperty

kernel32

GetFileInformationByHandleEx
AreFileApisANSI
FindFirstFileW
FindNextFileW
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryA
Process32FirstW
CloseHandle
GetSystemInfo
GetProcAddress
LocalFree
FreeLibrary
GetLastError
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
ReadFile
WriteFile
CreateFileW
GetFileSize
GetCurrentProcess
VirtualQuery
GetStdHandle
TerminateProcess
CreateMutexA
ReleaseMutex
OpenMutexA
GetModuleFileNameA
GetVolumeInformationW
GetGeoInfoA
HeapFree
EnterCriticalSection
GetModuleFileNameW
GetProcessId
LeaveCriticalSection
SetFilePointer
InitializeCriticalSectionEx
FreeEnvironmentStringsW
GetModuleHandleA
HeapSize
GetLogicalDriveStringsW
GetFinalPathNameByHandleA
GetTimeZoneInformation
lstrcatW
HeapReAlloc
HeapAlloc
GetComputerNameW
GetProcessHeap
GlobalMemoryStatusEx
GetModuleHandleW
lstrcpyW
GetEnvironmentStringsW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetFileSizeEx
SetFilePointerEx
GetCurrentThreadId
GetFileType
GetStartupInfoW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
SetEndOfFile
EnumSystemLocalesW
ReadConsoleW
RaiseException
GetModuleHandleExW
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
WriteConsoleW
OutputDebugStringW
SetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileAttributesExW
GetFileAttributesW
FindFirstFileExW
GetCurrentDirectoryW
GetNativeSystemInfo
LCMapStringEx
CompareStringEx
DecodePointer
DeleteCriticalSection
GetCommandLineA
GetCommandLineW
GetUserGeoID
GetUserDefaultLCID
GetLocaleInfoEx
FormatMessageA

user32

GetWindowRect
ReleaseDC
GetDesktopWindow
EnumDisplayDevicesW
GetSystemMetrics
GetDC

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
GetCurrentHwProfileW
RegCloseKey
RegGetValueA
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
RegEnumKeyExA
RevertToSelf
ConvertSidToStringSidA
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
CredEnumerateA
CredFree

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoTaskMemFree
CoGetObject
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysFreeString

shlwapi

ord214
ord184
ord213
ord12

gdiplus

GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipGetImageEncoders

Sections

.text
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lfcdgbuksf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lkyhjksefa.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 130KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lyjdfjthawd.exe
.exe windows:5 windows x86 arch:x86

0b8c3b7f5974cb002243977711d52689

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbscmp
_splitpath
memmove
strstr
strncpy
malloc
_wtoi64
??_V@YAXPAX@Z
atexit
strcpy_s
memchr
strchr
strtok_s
??_U@YAPAXI@Z
_time64
srand
rand
_ismbcupper
__CxxFrameHandler3

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSetInformation
GetCommandLineA
ExitProcess
SetCriticalSectionSpinCount
FlsAlloc
HeapAlloc
GetCurrentProcess
HeapFree
VirtualFree
GetProcessHeap
WriteFile
VirtualAllocExNuma
Sleep
ReadFile
CreateFileW
lstrcatA
MultiByteToWideChar
GetTempPathW
GetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
GlobalMemoryStatusEx
ConvertDefaultLocale
lstrcmpiW
GetModuleHandleA
VirtualProtect
CloseHandle
lstrlenA
CreateFileA
GetFileSize
FreeLibrary
GetThreadContext
SetThreadContext
SetHandleCount
VirtualAllocEx
WriteProcessMemory
VirtualQueryEx
OpenProcess
GetComputerNameA
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
CreateProcessA
CreateDirectoryA
FindFirstFileA
GetLogicalDriveStringsA
FindClose
FindNextFileA
CreateThread
SetFilePointer
MapViewOfFile
UnmapViewOfFile
lstrcpynA
SystemTimeToFileTime
GetTickCount
GetLocalTime
CreateFileMappingA
GetFileInformationByHandle
lstrcpyA
TlsGetValue
TlsAlloc
GetModuleFileNameW
GetStdHandle
GetModuleHandleW
HeapDestroy
HeapCreate
RtlUnwind
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
HeapReAlloc
GetFileType
QueryPerformanceCounter
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
ReadProcessMemory
GetStringTypeW
UnhandledExceptionFilter
TerminateProcess
TlsFree
RaiseException
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
IsProcessorFeaturePresent
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
LoadLibraryW
TlsSetValue

user32

wsprintfA
GetDesktopWindow
OpenDesktopA
CreateDesktopA
CloseDesktop
OpenInputDesktop
wsprintfW
IsDialogMessageW
MessageBoxA
GetWindowLongW
ReleaseDC
GetWindowContextHelpId
GetCursorPos
SetThreadDesktop
RegisterClassW
IsWindowVisible
CharToOemA

gdi32

CreateDCA
GetDeviceCaps

advapi32

RegGetValueA
RegOpenKeyExA
GetUserNameA
GetCurrentHwProfileA

shell32

SHFileOperationA
SHGetFolderPathA

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

psapi

GetModuleBaseNameA
EnumProcessModules

ws2_32

connect
WSAStartup
getaddrinfo
htons
WSACleanup
recv
socket
freeaddrinfo
closesocket
send

shlwapi

ord155
PathFileExistsA

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nbothjkd.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nhbjsekfkjtyhja.exe
.exe windows:6 windows x86 arch:x86

dbd248d6a07e5b5d3562c903534448e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
CreateEventW
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
DecodePointer

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nothjgdwa.exe
.exe windows:6 windows x86 arch:x86

407b29a1346b818a12b66f58555063ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
Process32NextW
CreateFileA
Process32FirstW
CloseHandle
GetSystemInfo
CreateThread
GetThreadContext
GetProcAddress
GetLastError
RemoveDirectoryA
ReadProcessMemory
CreateProcessA
CreateDirectoryA
SetThreadContext
SetEndOfFile
HeapSize
GetProcessHeap
SetEnvironmentVariableW
Wow64RevertWow64FsRedirection
GetTempPathA
Sleep
CreateToolhelp32Snapshot
OpenProcess
SetCurrentDirectoryA
GetModuleHandleA
ResumeThread
GetComputerNameExW
GetVersionExW
WaitForSingleObject
CreateMutexA
FindClose
PeekNamedPipe
CreatePipe
FindNextFileA
VirtualAlloc
Wow64DisableWow64FsRedirection
WriteFile
VirtualFree
FindFirstFileA
SetHandleInformation
WriteProcessMemory
GetModuleFileNameA
VirtualAllocEx
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
RaiseException
GetCurrentThreadId
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
WriteConsoleW

user32

GetSystemMetrics
ReleaseDC
GetDC

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt

advapi32

RevertToSelf
RegCloseKey
RegQueryInfoKeyW
RegGetValueA
RegQueryValueExA
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameA
CreateProcessWithTokenW
LookupAccountNameA
ImpersonateLoggedOnUser
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegEnumValueA
DuplicateTokenEx
GetSidIdentifierAuthority

shell32

SHGetFolderPathA
ShellExecuteA
SHFileOperationA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

wininet

HttpOpenRequestA
InternetWriteFile
InternetOpenUrlA
InternetOpenW
HttpEndRequestW
HttpAddRequestHeadersA
HttpSendRequestExA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdipGetImageEncodersSize
GdiplusShutdown
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

ws2_32

closesocket
inet_pton
getaddrinfo
WSAStartup
send
socket
connect
recv
htons
freeaddrinfo

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nthnaedltg.exe
.exe windows:5 windows x86 arch:x86

0b8c3b7f5974cb002243977711d52689

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbscmp
_splitpath
memmove
strstr
strncpy
malloc
_wtoi64
??_V@YAXPAX@Z
atexit
strcpy_s
memchr
strchr
strtok_s
??_U@YAPAXI@Z
_time64
srand
rand
_ismbcupper
__CxxFrameHandler3

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSetInformation
GetCommandLineA
ExitProcess
SetCriticalSectionSpinCount
FlsAlloc
HeapAlloc
GetCurrentProcess
HeapFree
VirtualFree
GetProcessHeap
WriteFile
VirtualAllocExNuma
Sleep
ReadFile
CreateFileW
lstrcatA
MultiByteToWideChar
GetTempPathW
GetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
GlobalMemoryStatusEx
ConvertDefaultLocale
lstrcmpiW
GetModuleHandleA
VirtualProtect
CloseHandle
lstrlenA
CreateFileA
GetFileSize
FreeLibrary
GetThreadContext
SetThreadContext
SetHandleCount
VirtualAllocEx
WriteProcessMemory
VirtualQueryEx
OpenProcess
GetComputerNameA
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
CreateProcessA
CreateDirectoryA
FindFirstFileA
GetLogicalDriveStringsA
FindClose
FindNextFileA
CreateThread
SetFilePointer
MapViewOfFile
UnmapViewOfFile
lstrcpynA
SystemTimeToFileTime
GetTickCount
GetLocalTime
CreateFileMappingA
GetFileInformationByHandle
lstrcpyA
TlsGetValue
TlsAlloc
GetModuleFileNameW
GetStdHandle
GetModuleHandleW
HeapDestroy
HeapCreate
RtlUnwind
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
HeapReAlloc
GetFileType
QueryPerformanceCounter
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
ReadProcessMemory
GetStringTypeW
UnhandledExceptionFilter
TerminateProcess
TlsFree
RaiseException
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
IsProcessorFeaturePresent
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
LoadLibraryW
TlsSetValue

user32

wsprintfA
GetDesktopWindow
OpenDesktopA
CreateDesktopA
CloseDesktop
OpenInputDesktop
wsprintfW
IsDialogMessageW
MessageBoxA
GetWindowLongW
ReleaseDC
GetWindowContextHelpId
GetCursorPos
SetThreadDesktop
RegisterClassW
IsWindowVisible
CharToOemA

gdi32

CreateDCA
GetDeviceCaps

advapi32

RegGetValueA
RegOpenKeyExA
GetUserNameA
GetCurrentHwProfileA

shell32

SHFileOperationA
SHGetFolderPathA

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

psapi

GetModuleBaseNameA
EnumProcessModules

ws2_32

connect
WSAStartup
getaddrinfo
htons
WSACleanup
recv
socket
freeaddrinfo
closesocket
send

shlwapi

ord155
PathFileExistsA

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pghsefyjhsef.exe
.exe windows:6 windows x86 arch:x86

407b29a1346b818a12b66f58555063ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
Process32NextW
CreateFileA
Process32FirstW
CloseHandle
GetSystemInfo
CreateThread
GetThreadContext
GetProcAddress
GetLastError
RemoveDirectoryA
ReadProcessMemory
CreateProcessA
CreateDirectoryA
SetThreadContext
SetEndOfFile
HeapSize
GetProcessHeap
SetEnvironmentVariableW
Wow64RevertWow64FsRedirection
GetTempPathA
Sleep
CreateToolhelp32Snapshot
OpenProcess
SetCurrentDirectoryA
GetModuleHandleA
ResumeThread
GetComputerNameExW
GetVersionExW
WaitForSingleObject
CreateMutexA
FindClose
PeekNamedPipe
CreatePipe
FindNextFileA
VirtualAlloc
Wow64DisableWow64FsRedirection
WriteFile
VirtualFree
FindFirstFileA
SetHandleInformation
WriteProcessMemory
GetModuleFileNameA
VirtualAllocEx
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
RaiseException
GetCurrentThreadId
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
WriteConsoleW

user32

GetSystemMetrics
ReleaseDC
GetDC

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt

advapi32

RevertToSelf
RegCloseKey
RegQueryInfoKeyW
RegGetValueA
RegQueryValueExA
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameA
CreateProcessWithTokenW
LookupAccountNameA
ImpersonateLoggedOnUser
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegEnumValueA
DuplicateTokenEx
GetSidIdentifierAuthority

shell32

SHGetFolderPathA
ShellExecuteA
SHFileOperationA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

wininet

HttpOpenRequestA
InternetWriteFile
InternetOpenUrlA
InternetOpenW
HttpEndRequestW
HttpAddRequestHeadersA
HttpSendRequestExA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdipGetImageEncodersSize
GdiplusShutdown
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

ws2_32

closesocket
inet_pton
getaddrinfo
WSAStartup
send
socket
connect
recv
htons
freeaddrinfo

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pyjnkasedf.exe
.exe windows:6 windows x86 arch:x86

81961373b32efd4098659dcd8637f4f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetComputerNameA
GetCurrentProcess
GetDriveTypeA
GetFileInformationByHandle
GetFileSize
GetLocalTime
GetLogicalDriveStringsA
GetLogicalProcessorInformationEx
GetModuleHandleA
GetProcessHeap
GetThreadContext
GetTickCount
HeapAlloc
HeapFree
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
SetFilePointer
SetThreadContext
Sleep
SystemTimeToFileTime
VirtualAlloc
VirtualAllocEx
VirtualAllocExNuma
VirtualFree
VirtualQueryEx
WaitForSingleObject
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpiW
lstrcpyA
lstrlenA

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_splitpath
atexit
free
isupper
malloc
memchr
memcmp
memcpy
memmove
memset
rand
srand
strchr
strcmp
strcpy
strcpy_s
strlen
strncpy
strstr
strtok_s

user32

CharToOemA
CloseDesktop
CreateDesktopA
GetDesktopWindow
OpenDesktopA
wsprintfA
wsprintfW

advapi32

GetCurrentHwProfileA
GetUserNameA
RegGetValueA
RegOpenKeyExA

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

shell32

SHFileOperationA
SHGetFolderPathA

ws2_32

WSACleanup
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo
htons
recv
send
socket

shlwapi

PathFileExistsA
ord155

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 512B - Virtual size: 328B

.rsrc Size: 3.1MB - Virtual size: 3.1MB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

829a516ed7929d66c69478df5f0562c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dwmapi

imm32

oleaut32

wtsapi32

ole32

user32

gdi32

qt5gui

qt5core

shell32

winmm

kernel32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 426KB - Virtual size: 426KB

.data Size: 19KB - Virtual size: 32KB

.pdata Size: 59KB - Virtual size: 59KB

.qtmetad Size: 512B - Virtual size: 127B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 9KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 6KB - Virtual size: 6KB

.qtmetad Size: 512B - Virtual size: 109B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 2KB - Virtual size: 2KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 328B

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 426KB - Virtual size: 426KB

.data
Size: 19KB - Virtual size: 32KB

.pdata
Size: 59KB - Virtual size: 59KB

.qtmetad
Size: 512B - Virtual size: 127B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 6KB - Virtual size: 6KB

.qtmetad
Size: 512B - Virtual size: 109B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 17.9MB - Virtual size: 17.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 886KB - Virtual size: 885KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

.data
Size: 919KB - Virtual size: 920KB

.text
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

03:9c:12:44:48:06:1e:99:e6:9c:d9:5d:57:c8:07:a6
Certificate