privateloader | JaffaCakes118_76082ff45cc7055692bd65c79ebe843ad9a150b0366cb03b4011356bba0ffd9e

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_76082ff45cc7055692bd65c79ebe843ad9a150b0366cb03b4011356bba0ffd9e
Size

31.0MB
MD5

ee5c3b5d48af485d19e33a36b613898e
SHA1

ec69f96104cfcfaa620f1aee5951895d3987ffc2
SHA256

76082ff45cc7055692bd65c79ebe843ad9a150b0366cb03b4011356bba0ffd9e
SHA512

f834cea68a4a304f0be9c9f224fed8da5ce111989b8ee7dd40b188de1b1ad86d07f81be684a0bea367b6104f0db3685ee72ee12d6c8137eee5abe7e72812e635
SSDEEP

786432:2ywKn7Geuj20ehpBbrRDoQ/0wcEuo6Z1jnYwyT:247Aeh/RcYTcE+GR

Score

10^/10

loader privateloader

Malware Config

Extracted

Family

privateloader

http://212.193.30.45/proxies.txt

http://45.144.225.57/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

2.56.59.42

http://212.193.30.29/server.txt

212.193.30.21

Attributes

payload_url
https://vipsofts.xyz/files/mega.bmp

Signatures

Privateloader family
privateloader

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0400b38bff44e2b0ba89f392af3ec1febbe980255086e3d21ca375f8742b0a69
unpack001/09a93018218af02ec1b0ec179a3fed2c205ac6f48f8cee615d2dbb99399d600c
unpack001/0d0696212a60ba82ea918f3e9397268000acb230f4103148df9b6c0c7472b76b
unpack001/0f769b4c84e763b2dae26a6ca5492ab04562eeac6e13c742a855ba8c555ee054
unpack001/1ab92c39e8b0350609fabbbd29b9a5ab8e6e3f42182b672eef049b96a3480dc2
unpack001/20177244bc6d226e096682dff996e09c9799cbf43bf2795a8483e25db137f998
unpack001/274b00e3840b0b29a021e2a1a36bdc78829dfdfe2e4010ea494db6ae4276692a
unpack001/2754574ba546bfe49fc852b87cf85e2fca988b0cff0394abe08e9e4dc934d86a
unpack001/38d5cf2bdcab25afb95cda0fd3abc7911469a4c4442966b941e930947099f508
unpack001/3c59836d51379ebb763312245230900e181afa69064f6c8c999f1bf0d7672feb
unpack001/467a61a07498f467be1e2dc3f479efddd779e763f928bc27963f11e147bcf1ca
unpack001/57e2f0d6a6007a3e90b69323108a192f3ca037ad2878547528e76aaeba3f8e20
unpack001/592075e1fb5e9c9f82bfb80d4f3af4816737aed1a2ac889cbea2b8e1d08edfbe
unpack001/5a0214e85d7d0c2f2fbfc204c90099e3b553de62e8b994a65b158dd22a12ef0f
unpack001/5cebe74003cf5206a46d4ab96a9ca9ed3d44b6258a8a1ac20d4dbebbc5c384a7
unpack001/734cf562801a81b85aa3d748245a1fe2d295539a6050d824d0a1aa84bd1f0055
unpack001/7518d173c4123d1cff4d6f48b9062a3789fce4f5f958b970b121b6c84d74d4b2
unpack001/7a6688eb956ccf580d45207cce53ae9fb68380276ca9bf30d4a829a66bea4db0
unpack001/7e002867b026270d32e45408fa9bf79c1403ee62dce66e9fc94715e54217121c
unpack001/94cb3c9dcdfb8d43499212a86b902d394ed206923ec9a1e971dce08f0fe82011
unpack001/9996fc192bb30cbdb8dce7bb2560f79245fbeeb35611f0e67a07153be08daf5d
unpack001/9ca1a1cf0b65ec71ae24a6e3945bd05a2f7739d7b3d42fa44c80446912f217c5
unpack001/b6a201e482c801e895ac6e97f6e22fd65652b642bdbcab42a0f02d98874e4365
unpack001/e0aeb8d5a11cf80fbc804923c457e9691d8cb0eec06c4dfb8911867d3b5e09d5
unpack001/f49b8fd8c81200c3f944861253edf02ec648697bc1d5843c6a8cf7f04f645b91

Files

JaffaCakes118_76082ff45cc7055692bd65c79ebe843ad9a150b0366cb03b4011356bba0ffd9e
.zip

Password: infected
0400b38bff44e2b0ba89f392af3ec1febbe980255086e3d21ca375f8742b0a69
.exe windows:6 windows x64 arch:x64

a22b9c7bc0a60c74233dee9fcb4ec598

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u281\880\build\windows-amd64\deploy\tmp\javacplexec\obj64\javacpl.pdb

Imports

user32

GetWindowThreadProcessId
CloseDesktop
OpenInputDesktop
MessageBoxW
wsprintfW
LoadStringW
GetShellWindow

kernel32

LocalAlloc
WideCharToMultiByte
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
InitializeSListHead
GetEnvironmentVariableW
GetLongPathNameW
CloseHandle
GetLastError
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
FormatMessageW
VerSetConditionMask
CreateFileW
GetShortPathNameW
GetTempPathW
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
GetCurrentProcess
CreateProcessW
OpenProcess
GlobalMemoryStatusEx
GetLocalTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
GetNativeSystemInfo
GetModuleHandleW
GlobalAlloc
GlobalFree
MultiByteToWideChar
LocalFree
lstrlenW
VerifyVersionInfoW
WTSGetActiveConsoleSessionId
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime

ole32

StringFromCLSID
CoTaskMemFree

oleaut32

SysAllocStringByteLen
VariantClear
SysAllocString
SysFreeString
SysStringLen

vcruntime140

__CxxFrameHandler3
memset
memcpy
__C_specific_handler
__std_exception_copy
_CxxThrowException
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vswprintf_s
_wfopen_s
__stdio_common_vfwprintf_s
fclose
__stdio_common_vsnwprintf_s
__p__commode

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_wstat64i32
_wsplitpath_s

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_register_onexit_function
_configure_narrow_argv
_cexit
terminate
_set_app_type
_crt_atexit
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_errno
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo
_initialize_onexit_table
_seh_filter_exe

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-environment-l1-1-0

_wdupenv_s
_wputenv

api-ms-win-crt-string-l1-1-0

wcscat_s
wcscpy_s
wcsncpy_s
wcscmp
_wcsicmp

api-ms-win-crt-time-l1-1-0

_localtime64
wcsftime
_ftime64_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
09a93018218af02ec1b0ec179a3fed2c205ac6f48f8cee615d2dbb99399d600c
.exe windows:6 windows x86 arch:x86

f357e85531c6f51e747b50e32a172ccb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
VirtualAlloc
SetCurrentDirectoryA
Sleep
CreateFileA
LoadLibraryA
DeleteFileA
CloseHandle
GetProcAddress
GetFileSize
GetConsoleWindow
GetModuleHandleA
GetLastError
lstrlenA
WriteConsoleW
CreateFileW
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
DecodePointer

user32

ShowWindow

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
0d0696212a60ba82ea918f3e9397268000acb230f4103148df9b6c0c7472b76b
.exe windows:5 windows x64 arch:x64

e1af18a3a3acd81c899eae5eb79c1fd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\release-reflect-8\release\x64\working\ReflectUI.pdb

Imports

wldap32

ord22
ord143
ord200
ord30
ord50
ord45
ord211
ord46
ord79
ord35
ord33
ord32
ord27
ord41
ord26
ord301
ord217
ord60

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetAddConnection3W
WNetCancelConnection2W
WNetGetConnectionW
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetUniversalNameW
WNetGetUserW

ws2_32

WSAStringToAddressW
WSAAddressToStringW
inet_ntoa
shutdown
inet_addr
getnameinfo
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
closesocket
socket
WSAGetLastError
recv
send

kernel32

EncodePointer
FreeResource
GlobalDeleteAtom
lstrcmpW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CompareStringW
GlobalLock
GlobalUnlock
GlobalSize
GlobalGetAtomNameW
SetThreadPriority
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcmpA
ReleaseSemaphore
GetFileSize
GetFullPathNameW
LockFile
SetEndOfFile
UnlockFile
lstrcmpiW
FileTimeToLocalFileTime
GetFileTime
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GlobalFlags
VirtualProtect
GetCurrentDirectoryW
SetErrorMode
lstrcpyW
GetProfileIntW
SearchPathW
WaitForSingleObjectEx
InitializeSListHead
RtlCaptureContext
FindResourceExW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
LoadLibraryExW
OpenEventW
ExitProcess
SetFilePointer
QueryDepthSList
InterlockedPopEntrySList
GetSystemInfo
VirtualFree
VirtualAlloc
OutputDebugStringA
GetLocaleInfoW
GetACP
DeleteVolumeMountPointW
SetVolumeMountPointW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
CompareFileTime
OpenProcess
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
SetNamedPipeHandleState
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
SetEnvironmentVariableA
FreeEnvironmentStringsW
WaitNamedPipeW
FindFirstFileExW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetConsoleCP
VirtualQuery
HeapQueryInformation
SetStdHandle
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
GetCommandLineW
GetCommandLineA
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
LCMapStringW
GetCPInfo
TryEnterCriticalSection
GetExitCodeThread
SwitchToThread
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
CopyFileW
GetSystemDefaultLCID
GetLocaleInfoA
SetUnhandledExceptionFilter
GlobalAddAtomW
GetUserDefaultLCID
GetUserDefaultUILanguage
SetThreadLocale
GetThreadLocale
GetDateFormatW
GetTimeFormatW
ProcessIdToSessionId
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetVersionExW
DnsHostnameToComputerNameW
GetComputerNameExW
SetPriorityClass
SetFileAttributesW
QueryDosDeviceW
RemoveDirectoryW
CreateDirectoryW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetDriveTypeW
CreateProcessW
FlushFileBuffers
SetThreadExecutionState
GetCurrentThread
GetExitCodeProcess
LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
DuplicateHandle
ResumeThread
OpenThread
GetCurrentProcess
GetFileAttributesExW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetVolumeInformationW
MoveFileExW
MoveFileW
lstrlenW
DeviceIoControl
GetSystemDirectoryW
SystemTimeToFileTime
GetSystemTime
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
RtlVirtualUnwind
FormatMessageW
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetCurrentThreadId
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
GetStringTypeW
OutputDebugStringW
GetEnvironmentStringsW
TransactNamedPipe
Sleep
GetTickCount
QueryPerformanceCounter
VerifyVersionInfoA
LoadLibraryA
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
FormatMessageA
SetFilePointerEx
UnregisterWaitEx
RegisterWaitForSingleObject
GetTimeZoneInformation
GetLocalTime
GetFileSizeEx
MultiByteToWideChar
GetFileAttributesW
GetModuleFileNameW
WriteFile
GetTempPathW
GetModuleHandleW
MulDiv
GetVersion
HeapDestroy
DecodePointer
RaiseException
HeapReAlloc
HeapSize
TerminateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetWaitableTimer
GetSystemTimeAsFileTime
GlobalFindAtomW
CancelWaitableTimer
CreateMutexW
CreateWaitableTimerW
SetLastError
InitializeCriticalSection
SetEvent
HeapAlloc
ReadFile
CreateFileW
GetProcessHeap
HeapFree
ResetEvent
LeaveCriticalSection
EnterCriticalSection
VerifyVersionInfoW
VerSetConditionMask
GetProcAddress
LoadLibraryW
WaitForMultipleObjects
CreateEventW
CreateThread
WaitForSingleObject
DeleteFileW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CloseHandle
OpenMutexW
RtlLookupFunctionEntry

user32

NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawFocusRect
GetNextDlgGroupItem
LockWindowUpdate
SetCapture
WindowFromPoint
DeleteMenu
GetSystemMenu
IsRectEmpty
UnionRect
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
RealChildWindowFromPoint
GetSysColorBrush
SendDlgItemMessageA
CopyImage
CharUpperW
GetSystemMetrics
ShowOwnedPopups
PostQuitMessage
GetMessageW
ReuseDDElParam
UnpackDDElParam
GetWindowThreadProcessId
OffsetRect
IntersectRect
SetRectEmpty
InsertMenuItemW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
BringWindowToTop
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetMenuStringW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
SubtractRect
GetMenuDefaultItem
MoveWindow
ShowWindow
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
FillRect
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetParent
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongPtrW
SetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
SetCursorPos
CopyIcon
DrawIcon
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageW
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
CreateMenu
GetWindowRgn
DestroyCursor
GetDC
SetActiveWindow
RedrawWindow
ReleaseDC
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
SetWindowLongPtrW
GetClientRect
FrameRect
InflateRect
DrawIconEx
SetRect
DrawTextW
BeginPaint
ValidateRect
EndPaint
CreateWindowExW
PtInRect
InvalidateRect
TrackMouseEvent
AnimateWindow
SetCursor
GetWindowLongPtrW
LoadCursorW
EnableWindow
SendMessageW
SetForegroundWindow
GetDesktopWindow
LoadIconW
UnregisterClassW
RegisterWindowMessageW
LoadImageW
DestroyIcon
SetTimer
KillTimer
IsWindow
LoadMenuW
GetSubMenu
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
PostMessageW
GetMenuItemID
GetClassNameW
GetWindowRect
DefWindowProcW
RegisterClassExW
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBeep
FindWindowW
SystemParametersInfoW
SetParent
SendMessageA
FindWindowA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageTimeoutW
GetActiveWindow
MsgWaitForMultipleObjectsEx
LoadStringW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
GetMessagePos
GetMessageTime
CallWindowProcW

gdi32

RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
CreatePalette
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetSystemPaletteEntries
GetTextFaceW
GetBkColor
EnumFontFamiliesExW
GetTextMetricsW
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
CreateDCW
CopyMetaFileW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx
GetPaletteEntries
GetNearestPaletteIndex
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
DeleteDC
GetDeviceCaps
SelectObject
GetTextExtentPoint32W
DeleteObject
CreateFontIndirectW
SetBkMode
SetBkColor
ExtTextOutW
GetStockObject
SetTextColor
TextOutW
MoveToEx
LineTo
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
RoundRect
SetViewportOrgEx
SelectPalette

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
GetUserNameW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGetHashParam
CryptHashData
RegDeleteKeyW
OpenProcessToken
RegQueryValueW
RegEnumKeyW
EqualSid
LogonUserW
ImpersonateLoggedOnUser
SetThreadToken
RevertToSelf
ConvertStringSidToSidW
RegQueryInfoKeyW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
SetEntriesInAclW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
LookupPrivilegeValueW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken

shell32

SHBrowseForFolderW
Shell_NotifyIconW
SHAppBarMessage
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify
SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW
DragQueryFileW
DragFinish
SHGetFileInfoW
ShellExecuteW
SHGetDesktopFolder

comctl32

InitCommonControlsEx
ord323
ord320
ord321
ord327
ord236
ord324
ord328
ord329
ord334
ord332
ord338

shlwapi

PathFileExistsW
PathIsNetworkPathW
PathFindExtensionW
PathMatchSpecW
PathAppendW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText

ole32

OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoUninitialize
CoInitialize
CoInitializeEx
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

SysAllocString
GetErrorInfo
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
VarBstrFromDate
LoadTypeLi
SafeArrayGetUBound
SysStringLen
VariantChangeType
VariantInit
VariantClear
SysAllocStringLen

gdiplus

GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

dbghelp

MiniDumpWriteDump

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext

ntdll

NtClose
NtCreateFile
RtlInitUnicodeString

rpcrt4

UuidCreate

setupapi

CM_Get_Parent
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

winhttp

WinHttpDetectAutoProxyConfigUrl
WinHttpGetIEProxyConfigForCurrentUser

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptMsgClose
CryptMsgGetParam
CryptHashCertificate
CertGetNameStringW
CryptQueryObject

netapi32

NetShareGetInfo
NetServerGetInfo
NetApiBufferFree

iphlpapi

GetTcpTable
GetBestInterfaceEx
GetAdaptersAddresses
GetIpAddrTable
GetAdaptersInfo

dnsapi

DnsFree
DnsQuery_W

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 656KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
0f769b4c84e763b2dae26a6ca5492ab04562eeac6e13c742a855ba8c555ee054
.exe windows:5 windows x86 arch:x86

7bb9aac749db8636a3ca43b8b849b4a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Reader_SL.pdb

Imports

kernel32

GetCurrentThread
DeleteCriticalSection
CloseHandle
TerminateThread
CreateThread
InitializeCriticalSection
CreateEventA
GetSystemPowerStatus
GetSystemInfo
UnmapViewOfFile
VirtualQueryEx
ReadFile
SetFilePointer
CreateFileA
GetCurrentProcess
MapViewOfFile
CreateFileMappingA
GetFileAttributesA
FindClose
GetModuleFileNameA
FindFirstFileA
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateProcessA
GetModuleHandleA
EnterCriticalSection
SetEvent
SetThreadPriority
LeaveCriticalSection
FindNextFileA
WaitForSingleObject
GetSystemTimeAsFileTime

user32

SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
UnregisterClassA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
DefWindowProcA
PostQuitMessage
FindWindowA
DestroyWindow

advapi32

RegQueryValueA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegOpenKeyA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_onexit
_invoke_watson
_controlfp_s
strrchr
strstr
memset
malloc
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
memcpy
memmove
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
strchr
free
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_unlock
__dllonexit
_lock

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1ab92c39e8b0350609fabbbd29b9a5ab8e6e3f42182b672eef049b96a3480dc2
.exe windows:5 windows x86 arch:x86

3d01be772bf0c61eff20134da86e42b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\kemof.pdb

Imports

kernel32

CallNamedPipeW
TerminateProcess
GetExitCodeProcess
GetVersionExA
GetConsoleCP
GetConsoleAliasesLengthA
VerLanguageNameA
FindFirstFileExA
GetDriveTypeW
FreeEnvironmentStringsW
SetProcessPriorityBoost
SetVolumeMountPointW
GetLongPathNameW
CopyFileW
TlsSetValue
GetConsoleCursorInfo
LocalHandle
SystemTimeToTzSpecificLocalTime
FindAtomW
ReleaseMutex
GetNamedPipeHandleStateA
FileTimeToSystemTime
BuildCommDCBAndTimeoutsA
GetProcAddress
LoadLibraryA
GlobalAlloc
LocalReAlloc
TlsGetValue
DeleteFileW
GetCommandLineA
InterlockedExchange
GetCalendarInfoA
DeleteFileA
CreateActCtxA
SetPriorityClass
WritePrivateProfileStringW
GetProcessHeap
GlobalMemoryStatus
ReadConsoleOutputCharacterA
GetStartupInfoA
GetDiskFreeSpaceExW
GetCPInfoExA
GetWindowsDirectoryA
GetSystemWow64DirectoryW
GetProfileStringA
GetCalendarInfoW
MapUserPhysicalPages
SetLastError
GetStringTypeExW
DebugBreak
lstrcmpA
WriteFile
GetConsoleMode
GetThreadSelectorEntry
lstrcatW
CreateActCtxW
SetMailslotInfo
LocalFileTimeToFileTime
DefineDosDeviceW
EndUpdateResourceA
WriteConsoleA
SetSystemTimeAdjustment
WritePrivateProfileSectionA
GetPrivateProfileStructA
TryEnterCriticalSection
GetDriveTypeA
GetFileAttributesExA
HeapLock
PeekConsoleInputA
GetTapeParameters
FindResourceExA
GetLocalTime
GetPrivateProfileSectionW
CreateIoCompletionPort
CreateSemaphoreA
SetThreadLocale
SetFileShortNameW
lstrcpyA
LockFile
GetConsoleAliasW
GetConsoleAliasExesLengthA
EnumDateFormatsA
GetDevicePowerState
GetWriteWatch
FreeEnvironmentStringsA
GetConsoleScreenBufferInfo
GetComputerNameW
HeapFree
GetLastError
GlobalReAlloc
SignalObjectAndWait
CancelDeviceWakeupRequest
FindClose
SetWaitableTimer
ChangeTimerQueueTimer
GetProcessTimes
FatalAppExitW
lstrcpynA
GetNamedPipeInfo
FillConsoleOutputCharacterA
GetCompressedFileSizeA
FindNextVolumeMountPointA
GetFullPathNameW
WriteProfileStringA
GetLogicalDrives
GlobalAddAtomA
TerminateJobObject
QueryDosDeviceA
EnterCriticalSection
Process32NextW
SetCurrentDirectoryW
GetBinaryTypeA
OpenMutexW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
MultiByteToWideChar
InterlockedCompareExchange
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapValidate
IsBadReadPtr
RtlUnwind
RaiseException
GetCommandLineW
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
GetModuleFileNameW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapQueryInformation
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
GetCurrentThreadId
TlsFree
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetLocaleInfoW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
SetFilePointer
SetStdHandle
FlushFileBuffers
CreateFileW
CloseHandle

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jatugi
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
20177244bc6d226e096682dff996e09c9799cbf43bf2795a8483e25db137f998
.exe windows:6 windows x86 arch:x86

9734ba8626408cec04bb8fa7d8bb6e83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
IsWow64Process
lstrcatA
GetModuleHandleA
lstrcpyA
WinExec
lstrlenA
HeapAlloc
GetProcAddress
lstrcpynA
GetProcessHeap
WriteConsoleW
LocalFree
GetWindowsDirectoryA
CloseHandle
DeleteFileA
LoadLibraryA
GetFileAttributesA
GetLastError
CopyFileA
Sleep
LocalAlloc
GetVolumeInformationA
GetCurrentProcess
HeapFree
GetModuleFileNameA
SetEndOfFile
HeapReAlloc
HeapSize
ReadConsoleW
ReadFile
FlushFileBuffers
CreateFileW
GetStringTypeW
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
MultiByteToWideChar
LCMapStringW
MoveFileExW
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

advapi32

CreateServiceA
RegCloseKey
StartServiceCtrlDispatcherA
GetCurrentHwProfileA
CloseServiceHandle
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
GetUserNameA
StartServiceA
RegOpenKeyExA
OpenServiceA

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
274b00e3840b0b29a021e2a1a36bdc78829dfdfe2e4010ea494db6ae4276692a
.exe windows:4 windows x86 arch:x86

978a83e4e4fc81bd6ec2e78d6b0dafbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoInitialize

user32

ShowWindow
PeekMessageW
SetWindowTextW
MessageBoxW
CreateDialogParamW
LoadIconW
SendMessageW
GetMessageW
EnableWindow
GetDlgItem
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetDlgItemTextW
DestroyWindow

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetFolderPathW

msvcrt

wcslen
wcscpy
wcsncpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
memset
wcscat

kernel32

SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
CreateDirectoryW
LocalFree
FormatMessageW
GetModuleHandleA
GetStartupInfoA
GetCommandLineW
GetLastError
CopyFileW
CloseHandle
CreateProcessW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2754574ba546bfe49fc852b87cf85e2fca988b0cff0394abe08e9e4dc934d86a
.exe windows:5 windows x86 arch:x86

d956bf0301a3d030774acdcbc5908793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\release-reflect-8\release\x86\working\setup\xReflect.pdb

Imports

netapi32

NetServerGetInfo
NetApiBufferFree
NetShareGetInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mpr

WNetAddConnection3W
WNetCancelConnection2W
WNetGetConnectionW
WNetGetUserW
WNetGetUniversalNameW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

ws2_32

inet_addr
htons
closesocket
sendto
setsockopt
socket
WSAStartup
WSACleanup
WSAAddressToStringW
WSAStringToAddressW
getnameinfo
inet_ntoa

kernel32

IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetOEMCP
IsValidCodePage
ExitProcess
VirtualQuery
HeapQueryInformation
SetStdHandle
FreeLibraryAndExitThread
ExitThread
QueryPerformanceCounter
UnhandledExceptionFilter
ReadConsoleW
GetConsoleMode
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
LCMapStringW
QueryPerformanceFrequency
GetCPInfo
TryEnterCriticalSection
GetExitCodeThread
SwitchToThread
GetStringTypeW
OutputDebugStringW
SearchPathW
GetProfileIntW
lstrcpyW
GetSystemTimeAsFileTime
InitializeSListHead
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
QueryDepthSList
InterlockedPopEntrySList
SetUnhandledExceptionFilter
GetCommandLineA
SetErrorMode
VirtualProtect
GlobalFlags
GetSystemDefaultUILanguage
GetCurrentDirectoryW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
InitializeCriticalSection
ReleaseSemaphore
FileTimeToLocalFileTime
lstrcmpiW
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameW
GetFileSize
CompareStringW
LoadLibraryA
EncodePointer
SetThreadPriority
FreeResource
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GetModuleHandleA
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
OpenEventW
ExpandEnvironmentStringsW
LoadLibraryExW
SetNamedPipeHandleState
WaitNamedPipeW
TransactNamedPipe
FindResourceExW
GetSystemInfo
GetFileAttributesExW
VirtualFree
VirtualAlloc
OutputDebugStringA
UnregisterWaitEx
RegisterWaitForSingleObject
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
ResetEvent
LeaveCriticalSection
EnterCriticalSection
ResumeThread
TerminateThread
GetCurrentThreadId
CreateThread
GetThreadTimes
UnregisterWait
WaitForMultipleObjects
GetTempFileNameW
GlobalAddAtomW
MoveFileExW
GetLocalTime
GetLocaleInfoW
GetACP
GetSystemDefaultLCID
GetLocaleInfoA
DeleteVolumeMountPointW
SetVolumeMountPointW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
CreateEventW
CompareFileTime
WriteFile
WaitForSingleObject
SetEvent
OpenThread
OpenProcess
GetProcessTimes
GetUserDefaultLCID
GetUserDefaultUILanguage
SetThreadLocale
GetThreadLocale
GetDateFormatW
GetTimeFormatW
WideCharToMultiByte
ProcessIdToSessionId
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetVersionExW
DnsHostnameToComputerNameW
GetComputerNameExW
SetPriorityClass
GetVolumeInformationW
MoveFileW
SetFileAttributesW
QueryDosDeviceW
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetDriveTypeW
CreateMutexW
GetTickCount
SetFilePointerEx
FlushFileBuffers
ReadFile
GetFileSizeEx
SetThreadExecutionState
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GlobalFree
GlobalAlloc
GetVersion
InterlockedDecrement
FileTimeToSystemTime
GetFileTime
SetLastError
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetTimeZoneInformation
FormatMessageW
FreeLibrary
LoadLibraryW
lstrlenW
MultiByteToWideChar
Sleep
GetExitCodeProcess
CreateProcessW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
DeviceIoControl
RemoveDirectoryW
GlobalFindAtomW
GetWindowsDirectoryW
GetModuleHandleW
GetProcAddress
CopyFileW
GetModuleFileNameW
DeleteFileW
CreateDirectoryW
SetThreadAffinityMask
GetTempPathW
DeleteCriticalSection
HeapDestroy
DecodePointer
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
CreateFileW
LocalFree
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
GetCommandLineW

user32

WaitMessage
LoadCursorW
GetSysColorBrush
CharUpperW
IntersectRect
InflateRect
IsDialogMessageW
SetWindowTextW
CheckDlgButton
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
FillRect
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetAsyncKeyState
GetCapture
SetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
SetWindowRgn
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
SetFocus
UnhookWindowsHookEx
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
MapDialogRect
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
CreatePopupMenu
InsertMenuItemW
LoadImageW
UnpackDDElParam
SetClassLongW
ReuseDDElParam
GetMenuDefaultItem
TrackMouseEvent
GetKeyNameTextW
MapVirtualKeyW
UnionRect
ReleaseCapture
IsWindowVisible
GetMessageW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
WindowFromPoint
CopyImage
DeleteMenu
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
SendDlgItemMessageA
SetRectEmpty
OffsetRect
DestroyIcon
GetDlgCtrlID
GetFocus
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
IsRectEmpty
GetSystemMenu
DrawStateW
GetWindowDC
SetParent
GetNextDlgGroupItem
DrawFocusRect
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawEdge
DrawFrameControl
DestroyMenu
IsZoomed
GetDC
TabbedTextOutW
GetMenu
SetCursorPos
CopyIcon
FrameRect
SetRect
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
UnregisterClassW
LoadIconW
SendMessageW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetKeyboardState
GetWindowRect
GetSysColor
MessageBoxW
ExitWindowsEx
EnableWindow
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageTimeoutW
GetActiveWindow
MsgWaitForMultipleObjectsEx
LoadStringW
SystemParametersInfoW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
InsertMenuW
AppendMenuW
RemoveMenu
PostMessageW
PostQuitMessage
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
IsWindowEnabled
SetActiveWindow
GetWindowLongW
GetDesktopWindow
GetParent
GetWindowThreadProcessId
GetLastActivePopup
DrawTextW
DrawTextExW
GrayStringW
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetWindow
ReleaseDC

gdi32

PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
CreateCompatibleBitmap
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
CreateRectRgnIndirect
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
GetStockObject
GetObjectW
CreateFontIndirectW
CopyMetaFileW
CreateDCW
GetDeviceCaps
BitBlt
CreateBitmap
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
Polygon
SaveDC

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

OpenProcessToken
LookupAccountSidW
FreeSid
ConvertStringSidToSidW
ConvertSidToStringSidW
LookupAccountNameW
SetEntriesInAclW
SetNamedSecurityInfoW
RegQueryValueW
RegEnumKeyW
ImpersonateLoggedOnUser
SetThreadToken
RevertToSelf
RegEnumValueW
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptHashData
CryptCreateHash
CryptAcquireContextW
StartServiceW
QueryServiceStatus
ControlService
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
AllocateAndInitializeSid
IsValidSid
GetLengthSid
CopySid
InitializeAcl
AddAce
RegEnumKeyExW
RegQueryInfoKeyW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
RegCreateKeyExW
LogonUserW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

shell32

SHAppBarMessage
SHBrowseForFolderW
SHGetDesktopFolder
DragFinish
DragQueryFileW
SHGetFileInfoW
SHCreateDirectoryExW
SHChangeNotify
SHGetFolderPathW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW

comctl32

InitCommonControlsEx
ord328
ord329
ord334
ord332
ord338

shlwapi

PathRemoveFileSpecW
StrFormatKBSizeW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathAppendW
PathMatchSpecW
PathFindExtensionW
PathIsNetworkPathW
PathFileExistsW

uxtheme

DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeText
GetThemePartSize
IsAppThemed
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetCurrentThemeName
DrawThemeBackground

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoInitializeEx
StringFromGUID2
CLSIDFromString
CoCreateInstance

oleaut32

LoadTypeLi
VariantChangeType
SysAllocStringLen
GetErrorInfo
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysStringLen
SysAllocString
VariantClear
VariantInit
VarDateFromStr
VarBstrFromDate
SysFreeString
VariantTimeToSystemTime
VariantCopy
SystemTimeToVariantTime

msi

ord70
ord173
ord205

setupapi

SetupDiGetClassDevsW
CM_Get_Parent
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

ntdll

NtCreateFile
RtlInitUnicodeString
NtClose

winhttp

WinHttpDetectAutoProxyConfigUrl
WinHttpGetIEProxyConfigForCurrentUser

rpcrt4

UuidCreate

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

HttpOpenRequestW
HttpSendRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpEndRequestW
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetSetOptionW
InternetGetLastResponseInfoW
InternetSetStatusCallbackW

gdiplus

GdipAlloc
GdipFree
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusStartup

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

iphlpapi

GetBestInterfaceEx
GetAdaptersAddresses
GetIpAddrTable
GetAdaptersInfo
GetTcpTable

dnsapi

DnsQuery_W
DnsFree

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 740KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
38d5cf2bdcab25afb95cda0fd3abc7911469a4c4442966b941e930947099f508
.exe windows:6 windows x86 arch:x86

e71297291a62d1a2391e25e24183234c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
ExpandEnvironmentStringsW
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
LocalFree
GetLastError
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
DecodePointer

mscoree

CLRCreateInstance

ole32

CoInitialize
CoCreateInstance

oleaut32

SafeArrayDestroy
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3c59836d51379ebb763312245230900e181afa69064f6c8c999f1bf0d7672feb
.exe windows:6 windows x86 arch:x86

e71297291a62d1a2391e25e24183234c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
ExpandEnvironmentStringsW
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
LocalFree
GetLastError
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
DecodePointer

mscoree

CLRCreateInstance

ole32

CoInitialize
CoCreateInstance

oleaut32

SafeArrayDestroy
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
467a61a07498f467be1e2dc3f479efddd779e763f928bc27963f11e147bcf1ca
.exe windows:5 windows x86 arch:x86

a14fe147cbb35ac7afa52e2cceed81b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mscorsvw.pdb

Imports

mscoree

GetRealProcAddress
GetRequestedRuntimeInfo

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
free
malloc
wcstoul
wcscat_s
towupper
_vsnprintf
_vsnwprintf_s
_vsnprintf_s
_errno
wcsncpy_s
wcscpy_s
strcpy_s
_snwprintf_s
memmove
memset
strchr
_CxxThrowException
__CxxFrameHandler3
_wcsicmp
_purecall
memcpy

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey

kernel32

GetEnvironmentVariableA
GetEnvironmentVariableW
GetCurrentProcessId
LocalAlloc
FormatMessageA
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
ReleaseSemaphore
TlsSetValue
TlsAlloc
TlsFree
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObjectEx
ReleaseMutex
SleepEx
VirtualAlloc
VirtualFree
VirtualQuery
VirtualProtect
HeapCreate
HeapDestroy
HeapValidate
InterlockedExchange
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
GetTickCount
UnhandledExceptionFilter
GetProcAddress
InterlockedIncrement
IsDebuggerPresent
InterlockedDecrement
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
CreateThread
OpenProcess
SetEvent
DebugBreak
TlsGetValue
InterlockedCompareExchange
GetLastError
SetLastError
GetModuleHandleA
FreeLibrary
CloseHandle
RaiseException
LocalFree
MultiByteToWideChar
GetCPInfo
GetACP
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
lstrlenW
GetVersionExA
GetModuleHandleW
GetCommandLineW
WideCharToMultiByte
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
CreateSemaphoreA
CreateSemaphoreW
CreateMutexA
CreateMutexW
CreateEventA
CreateEventW
OpenEventA
OpenEventW

user32

PeekMessageA
PeekMessageW
DispatchMessageA
DispatchMessageW
MessageBoxA
MessageBoxW
LoadStringA
LoadStringW
MsgWaitForMultipleObjects

ole32

CoRevokeClassObject
CoAddRefServerProcess
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoReleaseServerProcess

oleaut32

SysStringLen
SetErrorInfo

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
57e2f0d6a6007a3e90b69323108a192f3ca037ad2878547528e76aaeba3f8e20
.exe windows:5 windows x86 arch:x86

62a13b05e2841f282c85619451838949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\CB\ARM_Main\BuildResults\bin\Win32\Release\armsvc.pdb

Imports

kernel32

GetFileSize
FormatMessageW
FlushFileBuffers
GetLocalTime
MapViewOfFile
UnmapViewOfFile
Sleep
CreateFileMappingW
OpenFileMappingW
GetVolumeInformationW
FindFirstFileW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentThread
GetCurrentProcess
LocalFree
DeleteFileW
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
FindNextFileW
lstrcmpiW
RemoveDirectoryW
LocalAlloc
FindClose
GetProcAddress
GetLastError
RaiseException
GetTempPathW
lstrlenW
MultiByteToWideChar
lstrcmpW
CreateFileW
GetModuleFileNameW
ReadFile
GetFileAttributesW
SizeofResource
CopyFileW
InitializeCriticalSection
WriteFile
GetTickCount
GetModuleHandleW
CreateDirectoryW
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
SetFilePointer
HeapAlloc
HeapDestroy
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
lstrcmpA

user32

LoadStringW
CharNextW
PostThreadMessageW
DispatchMessageW
GetMessageW

advapi32

CloseServiceHandle
RegisterEventSourceW
DeleteService
OpenSCManagerW
StartServiceCtrlDispatcherW
OpenServiceW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
CheckTokenMembership
GetLengthSid
InitializeSid
GetSidLengthRequired
IsValidSid
DuplicateToken
CopySid
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
ControlService
ReportEventW
RegisterServiceCtrlHandlerW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetServiceStatus
RegDeleteValueW
RegDeleteKeyW
DeregisterEventSource
CreateServiceW

shell32

SHGetFolderPathW
ShellExecuteExW
SHCreateDirectoryExW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemRealloc
StringFromGUID2
CoInitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysStringLen
LoadTypeLi
SysFreeString
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
SysAllocString

crypt32

CryptDecodeObject
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

msvcr90

__p__fmode
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_CxxThrowException
__CxxFrameHandler3
__set_app_type
__p__commode
_adjust_fdiv
??3@YAXPAX@Z
wcsncpy_s
??_U@YAPAXI@Z
memcmp
free
malloc
wcsnlen
vswprintf_s
wcslen
wcsstr
_recalloc
memset
??_V@YAXPAX@Z
rand
_itow_s
srand
rand_s
memcpy_s
_putws
wcscat_s
abs
wcscpy_s
_time64
_wtoi
swprintf_s
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr

userenv

UnloadUserProfile

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
592075e1fb5e9c9f82bfb80d4f3af4816737aed1a2ac889cbea2b8e1d08edfbe
.exe windows:4 windows x86 arch:x86

fc60a920495dd603b6329f9f82fb28de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Acro_root_apms\build\Release-results\info\template.pdb

Imports

kernel32

GetModuleFileNameW
GetProcAddress
LoadLibraryW
HeapFree
GetFileAttributesW
HeapAlloc
GetProcessHeap
GetCommandLineW
SetStdHandle
ExitProcess
CreateFileW
GetModuleHandleW

shell32

CommandLineToArgvW

msi

ord173
ord205

user32

MessageBoxW

shlwapi

AssocQueryStringW
StrCmpW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5a0214e85d7d0c2f2fbfc204c90099e3b553de62e8b994a65b158dd22a12ef0f
.exe windows:5 windows x64 arch:x64

27ac1c4c47cb6ca17b7edb100a1c78f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\build\winrar64\Release\WinRAR.pdb

Imports

kernel32

FormatMessageW
DeviceIoControl
BackupRead
BackupSeek
GetShortPathNameW
GetLongPathNameW
GetFileType
GetStdHandle
FlushFileBuffers
GetFileTime
GetDiskFreeSpaceExW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
CompareStringA
GetCurrentThread
SetThreadPriority
SetThreadExecutionState
GetSystemDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
SetPriorityClass
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
CreateSemaphoreW
GetSystemTime
TzSpecificLocalTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
WideCharToMultiByte
CompareStringW
GetModuleHandleExW
GetCompressedFileSizeW
EnumResourceNamesW
EnumResourceLanguagesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetLocaleInfoW
GetNumberFormatW
GetLogicalDrives
LockResource
SuspendThread
ResumeThread
GetCurrentThreadId
Beep
CopyFileW
GetFileInformationByHandle
SetErrorMode
GetPriorityClass
WaitForMultipleObjects
MulDiv
CompareFileTime
FindNextChangeNotification
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetStringTypeW
WriteConsoleW
SetStdHandle
LCMapStringW
HeapReAlloc
GetModuleFileNameA
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
QueryPerformanceFrequency
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLocalTime
FindCloseChangeNotification
FindFirstChangeNotificationW
ExpandEnvironmentStringsW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
GetDiskFreeSpaceW
CreateHardLinkW
SetLastError
DosDateTimeToFileTime
LocalFileTimeToFileTime
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
CreateProcessW
DeleteFileW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
LoadLibraryW
GetSystemTimeAsFileTime
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
GetFileSize
FreeLibrary
MoveFileW
GetTickCount
GetCPInfoExW
GetOEMCP
GetACP
GetVolumeInformationW
GetDriveTypeW
Sleep
GetCurrentProcessId
GetCurrentProcess
CreateMutexW
ReleaseMutex
GetLastError
GlobalFree
GlobalUnlock
GlobalLock
HeapSize
GlobalSize
GlobalAlloc
MultiByteToWideChar
GetVersionExA
GetModuleHandleW
GetProcAddress
GetTempPathW
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
WaitForSingleObject
GetCommandLineW
GetModuleFileNameW
GetDateFormatW
GetTimeFormatW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
GetThreadPriority
GetFileAttributesW

user32

CopyImage
FindWindowExW
FillRect
MessageBoxW
CreateIcon
EnumWindows
SetForegroundWindow
IsCharAlphaW
FlashWindow
CopyRect
RegisterClassExW
GetSysColor
ValidateRect
DrawIconEx
LoadImageW
SystemParametersInfoW
GetSystemMenu
KillTimer
SetTimer
MessageBoxIndirectW
CharUpperW
ExitWindowsEx
CharLowerA
LoadStringW
GetWindow
SetProcessDefaultLayout
CharToOemBuffW
OemToCharBuffA
OemToCharA
GetComboBoxInfo
RedrawWindow
MessageBeep
CharToOemA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
PeekMessageW
EnableMenuItem
CheckMenuItem
GetFocus
MoveWindow
GetClientRect
GetWindowTextLengthW
EndPaint
BeginPaint
UpdateWindow
RegisterWindowMessageW
GetMenuItemCount
DrawMenuBar
wsprintfW
SetWindowLongPtrW
ScreenToClient
ClientToScreen
CallWindowProcW
PtInRect
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
TrackPopupMenu
GetMenuState
GetLastActivePopup
GetMenuItemID
SetMenu
LoadMenuW
LoadAcceleratorsW
IsChild
RegisterClassW
PostQuitMessage
LoadIconW
SetScrollRange
SetScrollPos
ScrollWindowEx
GetClipboardData
DispatchMessageW
CreateDialogParamW
PostThreadMessageW
IsDialogMessageW
GetIconInfo
CreateIconIndirect
SendMessageW
DefWindowProcW
CreateWindowExW
DestroyWindow
SetFocus
GetWindowTextW
GetWindowLongW
SetWindowLongW
SetWindowPos
GetWindowPlacement
SetWindowPlacement
FindWindowW
RemovePropW
GetPropW
SetPropW
GetForegroundWindow
GetMessageW
TranslateMessage
TranslateAcceleratorW
CreateDialogIndirectParamW
DeleteMenu
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
GetMenu
IsWindowVisible
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
GetWindowRect
MapWindowPoints
GetParent
DestroyIcon
CheckDlgButton
PostMessageW
InvalidateRect
EnumChildWindows
GetClassNameW
ShowWindow
CharToOemBuffA
BringWindowToTop
AppendMenuW
IsWindow
WaitForInputIdle
LoadCursorW
GetWindowThreadProcessId
WindowFromPoint
SetCursor
GetKeyState
RegisterClipboardFormatW
SystemParametersInfoA
GetDesktopWindow
GetWindowLongPtrW
IntersectRect
GetCursorPos
SetWindowTextW
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
IsIconic
IsWindowEnabled
IsDlgButtonChecked
GetDlgItemInt
SetDlgItemInt
CharLowerW

gdi32

TextOutA
SetPixel
Rectangle
GetTextExtentPoint32W
CreateSolidBrush
CreateDIBSection
GetPixel
DPtoLP
StretchBlt
SetMapMode
GetMapMode
GetDeviceCaps
CreateCompatibleBitmap
CreateBitmap
ExtTextOutW
SetBkColor
DeleteDC
CreateCompatibleDC
BitBlt
GetObjectW
TextOutW
MoveToEx
SetTextColor
LineTo
CreatePen
GetTextFaceW
GetTextMetricsW
SelectObject
DeleteObject
CreateFontW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW

advapi32

AllocateAndInitializeSid
AccessCheck
OpenProcessToken
MapGenericMask
GetFileSecurityW
RegCloseKey
IsTextUnicode
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
FreeSid
DuplicateToken
SetFileSecurityW
GetSecurityDescriptorLength
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW

shell32

FindExecutableW
DragFinish
DragQueryFileW
Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderLocation
ord100
SHAddToRecentDocs
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
SHChangeNotify
SHGetDesktopFolder
SHGetFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
DragAcceptFiles

ole32

OleUninitialize
OleInitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree
CoCreateInstance
OleSetClipboard
DoDragDrop

oleaut32

VariantClear
SysAllocString

shlwapi

StrCmpLogicalW
SHAutoComplete

powrprof

SetSuspendState

comctl32

CreateStatusWindowW
ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx
PropertySheetW

uxtheme

IsThemeActive
IsAppThemed

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipBitmapGetPixel
GdipBitmapSetPixel

msimg32

GradientFill

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 886KB - Virtual size: 886KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5cebe74003cf5206a46d4ab96a9ca9ed3d44b6258a8a1ac20d4dbebbc5c384a7
.exe windows:5 windows x86 arch:x86

93e5f4af0ddc1affa0ec93d180e742ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Eula.pdb

Imports

kernel32

lstrcatW
lstrlenW
lstrcpyW
FlushInstructionCache
GetCurrentProcess
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
LoadLibraryA
GetPrivateProfileStringW
MultiByteToWideChar
lstrlenA
CopyFileW
LockResource
LoadResource
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalHandle
GetPrivateProfileIntW
lstrcpynW
FindFirstFileW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
Sleep
InterlockedExchange
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
FindClose
FindResourceW
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetFullPathNameW

user32

IsWindowEnabled
RedrawWindow
GetClientRect
SetWindowPos
MoveWindow
FillRect
SetWindowTextW
DefWindowProcW
DialogBoxIndirectParamW
GetClassInfoExW
RegisterClassExW
GetWindowLongW
SetWindowLongW
CreateWindowExW
GetWindowTextW
GetSysColor
EnableWindow
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
SetCapture
IsChild
GetParent
GetClassNameW
CharNextW
ReleaseCapture
GetActiveWindow
RegisterWindowMessageW
GetWindowTextLengthW
CreateAcceleratorTableW
LoadCursorW
DestroyAcceleratorTable
IsWindow
GetFocus
SetFocus
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
ClientToScreen
EndDialog
GetSystemMetrics
MapDialogRect
SendMessageW
SetWindowContextHelpId
GetDlgItem
GetWindow
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItemTextW
UnregisterClassA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
GetObjectW
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
BitBlt
GetDeviceCaps

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
VariantInit
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
SysFreeString
DispCallFunc

msvcr100

wcslen
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_wtoi64
malloc
swprintf_s
??2@YAPAXI@Z
calloc
??_U@YAPAXI@Z
memcmp
_recalloc
__CxxFrameHandler3
_wtoi
wcscpy_s
wcscspn
wcsncpy_s
memset
memcpy_s
_CxxThrowException
free
??_V@YAXPAX@Z
??3@YAXPAX@Z
_controlfp_s

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
734cf562801a81b85aa3d748245a1fe2d295539a6050d824d0a1aa84bd1f0055
.exe windows:4 windows x86 arch:x86

c05ec452be1273f91a76b2e3c790579c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaR8FixI4
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
ord690
__vbaVarTextCmpGe
__vbaNextEachAry
ord691
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaCyMul
__vbaFreeVar
__vbaAryMove
__vbaGosubReturn
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
ord588
ord696
__vbaVargObjAddref
__vbaVarIdiv
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
ord698
__vbaPut4
__vbaFpCDblR8
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaRaiseEvent
__vbaGetFxStr3
__vbaFreeObjList
ord516
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaVarSetVarAddref
ord519
__vbaCopyBytes
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaError
__vbaVarTextTstEq
ord553
ord660
__vbaLsetFixstr
__vbaSetSystemError
ord661
__vbaRecDestruct
__vbaStrDate
__vbaHresultCheckObj
__vbaLenBstrB
ord662
__vbaNameFile
__vbaVargVarCopy
ord558
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord666
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaVarXor
__vbaVarCmpGe
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord591
__vbaLateMemSt
EVENT_SINK2_Release
ord592
__vbaVarForInit
__vbaForEachCollObj
__vbaExitProc
__vbaStrBool
ord593
__vbaBoolStr
ord300
__vbaFileCloseAll
ord594
ord301
__vbaOnError
__vbaObjSet
ord595
ord302
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
__vbaVarIndexLoad
ord598
ord305
ord306
__vbaForEachCollVar
__vbaBoolVar
ord520
ord705
__vbaStrFixstr
ord307
ord521
ord308
__vbaFPFix
ord522
__vbaStrTextCmp
ord309
__vbaVarTstLt
__vbaRefVarAry
ord523
__vbaBoolVarNull
_CIsin
ord631
ord709
__vbaErase
__vbaVarTextCmpLe
__vbaVargVarMove
ord525
__vbaNextEachCollObj
__vbaVarZero
__vbaVarCmpGt
__vbaLateMemStAd
ord632
__vbaChkstk
__vbaI2Cy
__vbaGosubFree
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord527
__vbaVarAbs
ord528
__vbaCyI2
__vbaExitEachColl
__vbaStrCmp
__vbaGet3
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner3
__vbaGet4
__vbaCyI4
__vbaDateR8
__vbaPrintObj
ord561
__vbaNextEachCollVar
__vbaObjVar
DllFunctionCall
ord563
__vbaVarLateMemSt
__vbaVarOr
ord670
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
__vbaStrR4
_adj_fpatan
ord567
__vbaR4Var
ord568
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
_CIsqrt
ord310
__vbaLateIdCallSt
__vbaObjIs
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaStr2Vec
ord710
__vbaStrUI1
__vbaVarMul
__vbaExceptHandler
ord312
ord711
ord313
__vbaInputFile
ord712
__vbaStrToUnicode
ord314
ord713
__vbaExitEachAry
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord315
__vbaFailedFriend
__vbaR8ErrVar
__vbaGosub
ord607
ord714
__vbaI2Str
__vbaLateIdStAd
__vbaVarDiv
ord316
ord608
ord715
ord716
ord531
__vbaVarCmpLe
__vbaFPException
ord532
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaGetOwner3
__vbaVarCat
__vbaCheckType
__vbaDateVar
ord535
__vbaLsetFixstrFree
__vbaI2Var
__vbaFileSeek
ord537
ord644
ord538
ord645
_CIlog
ord539
__vbaFileOpen
__vbaR8Str
__vbaNew2
__vbaInStr
ord648
ord570
__vbaVar2Vec
__vbaVarLateMemCallLdRf
__vbaVarInt
ord571
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaVarSetObj
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
__vbaVarNot
__vbaVarCmpLt
__vbaVarTextTstGt
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
ord577
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
ord579
__vbaVarSetVar
__vbaI4Var
__vbaVarLateMemStAd
__vbaForEachAry
ord689
__vbaVarCmpEq
__vbaFpCy
ord610
__vbaInStrB
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
__vbaFpI2
__vbaVarMod
__vbaCheckTypeVar
__vbaUnkVar
__vbaVarCopy
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaVarTstGe
__vbaVarSetObjAddref
ord617
__vbaLateMemCallLd
__vbaRecDestructAnsi
__vbaR8IntI2
_CIatan
__vbaUI1Str
__vbaStrMove
__vbaCastObj
__vbaAryCopy
ord618
__vbaI4Cy
__vbaR8IntI4
__vbaForEachVar
ord619
__vbaStrVarCopy
ord542
ord543
ord650
_allmul
ord544
__vbaLateIdSt
__vbaLenVarB
ord545
_CItan
ord546
ord547
__vbaUI1Var
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 656KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7518d173c4123d1cff4d6f48b9062a3789fce4f5f958b970b121b6c84d74d4b2
.exe windows:4 windows x86 arch:x86

2dfc2c74864b84f5530ab40a343c56d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

t:\setupexe\x86\ship\0\setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

advapi32

RegQueryValueExA
RegFlushKey
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA

kernel32

lstrcmpW
GetCommandLineW
SetCurrentDirectoryW
GlobalFree
GetModuleFileNameW
TlsFree
LoadLibraryExW
TlsSetValue
TlsGetValue
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
VerifyVersionInfoW
VerSetConditionMask
RemoveDirectoryW
GetTempPathW
GetFullPathNameW
CopyFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
lstrlenW
GetThreadLocale
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenA
WriteFile
CreateFileW
SetFilePointer
FindFirstFileW
FindClose
IsProcessorFeaturePresent
GlobalMemoryStatus
GetCurrentProcess
CompareStringW
CompareStringA
FormatMessageW
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetVersion
CloseHandle
LocalFree
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
SetErrorMode
GetVersionExW
GetLastError
FindNextFileW
SetLastError
TlsAlloc
GetCommandLineA
GetVersionExA
GetStartupInfoA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
OutputDebugStringA
GetSystemInfo

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitializeEx

shell32

CommandLineToArgvW
SHCreateDirectoryExW

user32

CharNextA
MessageBoxW
CharUpperA
CharUpperW
CharLowerA
CharLowerW

shlwapi

PathGetCharTypeW

wintrust

WinVerifyTrust

dbghelp

SymGetSymFromAddr64
SymInitialize
SymGetLineFromAddr64

oleaut32

GetErrorInfo
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantInit
VariantClear

msi

ord8
ord159
ord160
ord110
ord117
ord91
ord67
ord172
ord180
ord95
ord31
ord65
ord71
ord141

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7a6688eb956ccf580d45207cce53ae9fb68380276ca9bf30d4a829a66bea4db0
.exe windows:5 windows x64 arch:x64

7bc00e72947c3ab5f3aa5c01fe3ccefb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\uninstall\build\uninstall64\Release\uninstall.pdb

Imports

kernel32

FindNextFileW
GetVersionExW
GetCurrentDirectoryW
FindResourceW
FreeLibrary
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
GetSystemDirectoryW
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
GetModuleHandleExW
GetShortPathNameW
GetTempPathW
SetCurrentDirectoryW
Sleep
CreateProcessW
GetCommandLineW
GetEnvironmentVariableW
RemoveDirectoryW
CopyFileW
MoveFileExW
FindFirstFileW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
LCMapStringW
SetFilePointerEx
HeapReAlloc
GetConsoleMode
GetConsoleCP
HeapAlloc
HeapFree
GetACP
GetModuleFileNameA
ExitProcess
QueryPerformanceFrequency
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RtlVirtualUnwind
RtlUnwindEx
FindClose
ExpandEnvironmentStringsW
MoveFileW
SetFileAttributesW
GetDiskFreeSpaceExW
CreateFileW
CloseHandle
SetFilePointer
SetEndOfFile
FlushFileBuffers
ReadFile
GetStdHandle
WriteFile
GetFileType
SetLastError
GetLastError
DeleteFileW
GetFileAttributesW
CreateDirectoryW
GetModuleFileNameW
GetStringTypeW
WriteConsoleW
ReadConsoleW
RtlLookupFunctionEntry
SetStdHandle
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureContext

user32

SendMessageW
ShowWindow
GetDlgItem
EnableWindow
InvalidateRect
SetWindowTextW
GetParent
DialogBoxParamW
EndDialog
SetDlgItemTextW
GetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
OemToCharA
GetSysColor
SetForegroundWindow
SendDlgItemMessageW
MessageBoxW
GetDesktopWindow
ReleaseDC
GetDC
CharUpperW
LoadIconW
LoadStringW
GetWindow
GetClassNameW
SetProcessDefaultLayout
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
GetWindowTextW
GetSystemMetrics
SetWindowPos

gdi32

GetDeviceCaps
DeleteObject
CreateFontW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHChangeNotify
SHGetFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHFileOperationW

ole32

OleUninitialize
OleInitialize
CoCreateInstance

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7e002867b026270d32e45408fa9bf79c1403ee62dce66e9fc94715e54217121c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 746KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
94cb3c9dcdfb8d43499212a86b902d394ed206923ec9a1e971dce08f0fe82011
.exe windows:4 windows x86 arch:x86

98f67c550a7da65513e63ffd998f6b2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaStrI2
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
ord661
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
ord669
ord593
__vbaBoolStr
__vbaExitProc
__vbaI4Abs
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord705
__vbaStrFixstr
_CIsin
__vbaErase
ord631
ord709
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaGet4
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord714
ord716
ord609
__vbaFPException
ord717
ord319
__vbaGetOwner3
__vbaUbound
ord535
__vbaFileSeek
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
ord648
ord570
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaVarSetVar
__vbaI4Var
ord689
__vbaLateMemCall
__vbaVarAdd
ord611
__vbaAryLock
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaFpI4
__vbaVarLateMemCallLd
ord616
__vbaVarSetObjAddref
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
ord618
__vbaCastObj
__vbaR8IntI4
ord650
_allmul
__vbaVarLateMemCallSt
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9996fc192bb30cbdb8dce7bb2560f79245fbeeb35611f0e67a07153be08daf5d
.exe windows:5 windows x86 arch:x86

6dd12b0d505640e1904e94c660727e2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

P:\Target\x86\ship\setupexe\x-none\setup.pdb

Imports

kernel32

VerSetConditionMask
GetFileAttributesW
OutputDebugStringA
GetLastError
SetLastError
GetVersion
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
FormatMessageW
LoadLibraryW
VerifyVersionInfoW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedExchange
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapAlloc
HeapReAlloc
LocalAlloc
LoadLibraryA
RaiseException

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9ca1a1cf0b65ec71ae24a6e3945bd05a2f7739d7b3d42fa44c80446912f217c5
.exe windows:5 windows x86 arch:x86

c997d9e4f7bf98aca34adf373bd51c4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
PathIsDirectoryW

wininet

InternetConnectW
InternetReadFile
InternetCrackUrlW
HttpSendRequestW
InternetQueryOptionW
InternetOpenW
HttpOpenRequestW
InternetCloseHandle
InternetSetOptionW
HttpQueryInfoW
InternetSetStatusCallbackW
InternetQueryDataAvailable

kernel32

MultiByteToWideChar
FindFirstFileW
FreeLibrary
CompareFileTime
LoadLibraryW
CopyFileW
GetVersionExW
CreateFileW
GetProcAddress
FindClose
FindNextFileW
GetFileTime
GetFileAttributesExW
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
WideCharToMultiByte
FindResourceW
LoadResource
SizeofResource
LockResource
GetLastError
ReadFile
GetModuleFileNameW
Sleep
GetCurrentProcess
GetModuleHandleW
HeapAlloc
HeapFree
GetProcessHeap
lstrlenW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
CreateMutexA
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
LocalFree
FormatMessageA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LoadLibraryA
FindResourceExW
IsProcessorFeaturePresent
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
DecodePointer
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW

shell32

SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateGuid

msvcp100

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?toupper@?$ctype@D@std@@QBEDD@Z
??1_Container_base12@std@@QAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?classic@locale@std@@SAABV12@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@_JHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

msvcr100

??0exception@std@@QAE@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
memmove
memcmp
_unlock_file
strlen
ungetc
fgetpos
_fseeki64
memchr
fflush
fgetc
tolower
fsetpos
setvbuf
memset
_lock_file
??_V@YAXPAX@Z
_purecall
??3@YAXPAX@Z
memcpy_s
fwrite
fclose
??2@YAPAXI@Z
fputwc
ungetwc
wcslen
fgetwc
wcscmp
memmove_s
_vscwprintf
wmemcpy_s
wcsnlen
vswprintf_s
iswspace
_wsopen_s
_close
_time32
strtok_s
_getpid
strftime
_gmtime32_s
pow
signal
exit
sprintf_s
isspace
atoi
ispunct
_localtime64
_time64
rand
srand
__CxxFrameHandler3
_CxxThrowException
ferror
fread
_errno
free
malloc
strerror
ftell
fprintf
_fdopen
fopen
sprintf
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
fputc
memcpy

user32

LoadStringA

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b6a201e482c801e895ac6e97f6e22fd65652b642bdbcab42a0f02d98874e4365
.exe windows:5 windows x64 arch:x64

2d6f4e096a2d15d4349a455f88e1f66e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u66\4988\build\windows-amd64\jdk\objs\javaw_objs\javaw.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA

user32

CharNextExA
MessageBoxA

comctl32

InitCommonControlsEx

kernel32

CreateFileW
GetCommandLineA
GetModuleFileNameA
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFree
FormatMessageA
GetLastError
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetExitCodeThread
FindFirstFileA
FindNextFileA
FindClose
GetModuleHandleW
ExitProcess
DecodePointer
GetStartupInfoW
HeapFree
MultiByteToWideChar
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetFileAttributesA
ExitThread
GetCurrentThreadId
CreateThread
SetFilePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
WriteFile
GetStdHandle
GetModuleFileNameW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
GetVersion
HeapCreate
GetTickCount
GetSystemTimeAsFileTime
SetEnvironmentVariableW
SetEnvironmentVariableA
Sleep
SetStdHandle
GetConsoleCP
GetConsoleMode
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
CompareStringW
ReadFile
WriteConsoleW
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
LCMapStringW
GetStringTypeW

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e0aeb8d5a11cf80fbc804923c457e9691d8cb0eec06c4dfb8911867d3b5e09d5
.exe windows:6 windows x86 arch:x86

360e9f4d3e9bd197ef3b4f936edef2f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdiplusStartup
GdipGetImageWidth
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdipDeleteGraphics

psapi

EnumProcessModules

uxtheme

GetThemePartSize
IsAppThemed
DrawThemeParentBackground
OpenThemeData
IsThemeBackgroundPartiallyTransparent
ord61
GetThemeSysColor
CloseThemeData
DrawThemeBackground
SetWindowTheme
GetThemeColor
DrawThemeText
GetWindowTheme
GetCurrentThemeName

winmm

waveOutSetVolume
waveOutGetVolume
timeGetTime
timeSetEvent
timeKillEvent
timeBeginPeriod
timeEndPeriod
PlaySoundW
timeGetDevCaps
mixerSetControlDetails

kernel32

GlobalFindAtomW
GetFileSize
LockFile
UnlockFile
lstrcmpiW
GetStringTypeExW
GetThreadLocale
lstrcmpA
GetProfileIntW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpyW
FindResourceExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GlobalFlags
SetErrorMode
GetWindowsDirectoryW
SearchPathW
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
EncodePointer
GetThreadTimes
GetStringTypeW
UnregisterWait
RegisterWaitForSingleObject
SetThreadContext
SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetEnvironmentVariableA
FindFirstFileExW
GetConsoleCP
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
GetOEMCP
IsValidCodePage
HeapQueryInformation
SetStdHandle
ExitProcess
GetCommandLineW
GetCommandLineA
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
LCMapStringW
GetModuleHandleExW
QueueUserWorkItem
OutputDebugStringA
GlobalSize
VirtualQuery
GetThreadContext
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
Thread32First
Thread32Next
HeapCreate
InitializeCriticalSectionAndSpinCount
GetProcessAffinityMask
GetShortPathNameW
GetLongPathNameW
RemoveDirectoryW
CreateHardLinkW
MoveFileW
SetFileAttributesW
GetSystemDirectoryW
GetConsoleMode
GetSystemTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFileType
GetFileTime
SetFileTime
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetStdHandle
IsDBCSLeadByte
GetCPInfo
CompareStringW
FoldStringW
AreFileApisANSI
DebugBreak
IsDBCSLeadByteEx
LocalAlloc
IsBadWritePtr
IsBadReadPtr
GlobalGetAtomNameW
FormatMessageW
FlushInstructionCache
VirtualProtect
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenW
SetThreadPriority
GetCurrentThread
GetThreadPriority
GetTickCount
VirtualFree
VirtualAlloc
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
lstrcmpW
GetSystemInfo
GetNumberFormatW
SetLastError
GetFileAttributesW
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
CreateMutexA
GetModuleFileNameA
GetExitCodeProcess
FormatMessageA
CreateProcessW
FreeEnvironmentStringsW
GetEnvironmentStringsW
DuplicateHandle
OutputDebugStringW
TryEnterCriticalSection
SwitchToThread
GetExitCodeThread
SizeofResource
LockResource
LoadResource
OpenThread
CreatePipe
TerminateProcess
CreateThread
GetVolumeInformationW
GetTempFileNameW
DecodePointer
RaiseException
GetUserDefaultUILanguage
ReadDirectoryChangesW
GetOverlappedResult
CancelIo
GetACP
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
GlobalDeleteAtom
GlobalAddAtomW
ReleaseMutex
CreateMutexW
SetCurrentDirectoryW
HeapSetInformation
SetDllDirectoryW
DeviceIoControl
GetTempPathW
CreateFileA
IsDebuggerPresent
DeleteFileW
CopyFileW
SleepEx
HeapReAlloc
HeapSize
HeapDestroy
HeapFree
GetProcessHeap
HeapAlloc
FreeResource
FindResourceW
GetDriveTypeW
LocalFree
GetLocaleInfoA
GetCurrentDirectoryW
FindNextFileW
GetDiskFreeSpaceExW
FindClose
FindFirstFileW
SetSystemPowerState
SetThreadExecutionState
GetLocaleInfoW
TerminateThread
WaitForSingleObject
WriteFile
GetTickCount64
MulDiv
ResetEvent
SetEvent
CreateEventW
CreateDirectoryW
Sleep
GetLocalTime
GetCurrentProcessId
CreateFileW
ReadFile
SetFilePointerEx
GetFileSizeEx
InitializeCriticalSection
CloseHandle
LoadLibraryExW
SetUnhandledExceptionFilter
GetModuleFileNameW
GetCurrentThreadId
WideCharToMultiByte
GetUserDefaultLCID
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetFullPathNameW
SetPriorityClass
DeleteCriticalSection
VerifyVersionInfoW
VerSetConditionMask
LoadLibraryW
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetCurrentProcess
IsWow64Process
GetVersionExW

user32

MapDialogRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextW
WaitMessage
SendDlgItemMessageA
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageW
SetWindowTextW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
IsWindowEnabled
GetNextDlgTabItem
WinHelpW
SetScrollInfo
GetLastActivePopup
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetMenu
SetFocus
IsChild
GetClassInfoExW
GetClassInfoW
GetMenuState
GetMenuStringW
GetIconInfo
wsprintfW
GetDCEx
EndPaint
BeginPaint
SetWindowRgn
GetScrollInfo
WindowFromDC
GetWindowRgn
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
InvertRect
DrawTextExW
GetMenu
CreateDialogIndirectParamW
EndDialog
DialogBoxParamW
CharUpperW
CharLowerW
CharToOemBuffW
OemToCharA
CharToOemA
OemToCharBuffA
CharLowerBuffW
DestroyWindow
RegisterClassW
GetAsyncKeyState
GetQueueStatus
wsprintfA
DestroyMenu
TrackPopupMenu
GetMessageW
SetParent
CharNextW
SetProcessDefaultLayout
SendNotifyMessageW
GetMessagePos
EnumDisplayDevicesW
RedrawWindow
SetPropW
GetDlgCtrlID
TranslateMessage
GetDlgItemTextW
SetWindowPos
MoveWindow
CreateWindowExW
CallWindowProcW
IntersectRect
UnregisterHotKey
RegisterHotKey
RegisterRawInputDevices
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetRawInputData
SetWindowPlacement
GetWindowPlacement
ShowWindow
AllowSetForegroundWindow
DefWindowProcW
LockWindowUpdate
ChangeDisplaySettingsExA
SetClassLongW
GetDoubleClickTime
TrackMouseEvent
GetClassNameW
EnumDisplayMonitors
CallNextHookEx
DispatchMessageW
GetMessageTime
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
EqualRect
MonitorFromRect
DestroyIcon
FindWindowW
MsgWaitForMultipleObjects
CheckMenuItem
AppendMenuW
RemoveMenu
CreatePopupMenu
ChangeDisplaySettingsExW
EnumDisplaySettingsW
IsMenu
MessageBeep
CheckMenuRadioItem
SetWindowLongW
SetRectEmpty
InsertMenuW
DeleteMenu
EnableMenuItem
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
LockWorkStation
ExitWindowsEx
GetKeyNameTextW
MapVirtualKeyW
IsClipboardFormatAvailable
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
GetSystemMenu
SetWindowContextHelpId
ShowOwnedPopups
SetLayeredWindowAttributes
CopyImage
RealChildWindowFromPoint
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
DrawEdge
DrawStateW
SystemParametersInfoW
GetActiveWindow
GetTopWindow
GetForegroundWindow
MonitorFromPoint
GetMonitorInfoW
GetWindowLongW
AdjustWindowRectEx
GetMenuItemRect
GetSubMenu
SetForegroundWindow
IsIconic
PostThreadMessageW
LoadMenuW
RegisterWindowMessageW
PostQuitMessage
DrawFocusRect
DrawIconEx
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
NotifyWinEvent
SetCursorPos
GetMenuDefaultItem
EnableScrollBar
HideCaret
CopyIcon
DrawIcon
SetMenuDefaultItem
ModifyMenuW
IsCharLowerW
MapVirtualKeyExW
CharUpperBuffW
UpdateLayeredWindow
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetUpdateRect
SubtractRect
CreateMenu
GetComboBoxInfo
UnregisterClassW
DestroyCursor
GetFocus
GetAncestor
GetCapture
IsZoomed
RegisterClipboardFormatW
GetKeyState
GetSysColorBrush
MessageBoxW
GetCursorPos
DrawFrameControl
OffsetRect
ReleaseCapture
WindowFromPoint
ScreenToClient
ClientToScreen
SetCapture
FrameRect
FillRect
CopyRect
MonitorFromWindow
ReleaseDC
GetDC
SetTimer
KillTimer
PeekMessageW
UpdateWindow
SetActiveWindow
GetDesktopWindow
SetRect
UnionRect
SetCursor
GetSysColor
GetDlgItem
LoadIconW
PtInRect
GetSystemMetrics
InflateRect
GetWindowRect
IsRectEmpty
InvalidateRect
IsWindow
PostMessageW
MapWindowPoints
GetClientRect
IsWindowVisible
GetWindow
LoadCursorW
CreateAcceleratorTableW
DestroyAcceleratorTable
CloseClipboard
SetClipboardData
EmptyClipboard
GetParent
OpenClipboard
LoadImageW
SendMessageW
EnableWindow
MsgWaitForMultipleObjectsEx
GetClassLongW

gdi32

RestoreDC
SaveDC
SelectPalette
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
ExtTextOutW
SetWindowExtEx
SetWindowOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
DPtoLP
GetBkColor
GetCharWidthW
StretchDIBits
CreateDIBitmap
CreatePolygonRgn
GetRgnBox
CreateEllipticRgn
Ellipse
Polygon
Polyline
CreateRoundRectRgn
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
RectVisible
SetPixelV
GetTextFaceW
GetPixel
GetClipRgn
SetRectRgn
OffsetRgn
GdiFlush
OffsetViewportOrgEx
SelectClipRgn
CreateFontW
AbortPath
GetPath
EndPath
CloseFigure
BeginPath
SetMapMode
AddFontResourceW
GetICMProfileW
TextOutW
SetTextColor
SetBkColor
GetCurrentObject
TranslateCharsetInfo
EnumFontFamiliesExW
EqualRgn
CombineRgn
CreateRectRgn
GetRegionData
EnumFontFamiliesW
GetTextMetricsW
GetTextColor
GetStockObject
ExtSelectClipRgn
CreateRectRgnIndirect
SetPixel
SetBkMode
CreateFontIndirectW
SetViewportExtEx
SetViewportOrgEx
CreateDCW
SetDIBColorTable
CreateCompatibleBitmap
CreateBitmap
LineTo
MoveToEx
CreateSolidBrush
GetTextExtentPoint32W
Rectangle
DeleteObject
GetObjectW
CreateDIBSection
SelectObject
PtVisible
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreatePatternBrush
CreateHatchBrush
CopyMetaFileW
PatBlt
DeleteDC
CreateCompatibleDC
SetStretchBltMode
StretchBlt
BitBlt
GetTextCharsetInfo
GetDeviceCaps
CreatePen

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyW
SetFileSecurityW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
InitiateSystemShutdownExW
RegCloseKey
RegSetValueW
RegQueryValueW
RegQueryValueA
RegOpenKeyW
RegOpenKeyA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA

shell32

ShellExecuteW
ord680
SHChangeNotify
DragQueryFileW
DragFinish
Shell_NotifyIconW
SHAddToRecentDocs
ExtractIconExW
SHGetFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHParseDisplayName
SHOpenFolderAndSelectItems
SHFileOperationW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetDesktopFolder
SHAppBarMessage
SHBrowseForFolderW
ExtractIconW

comctl32

ImageList_GetImageInfo
ImageList_Remove
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw
ImageList_Add
_TrackMouseEvent
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag

shlwapi

PathStripPathW
PathRemoveExtensionW
StrFormatByteSizeW
PathFindExtensionW
PathSkipRootW
PathRenameExtensionW
PathRemoveFileSpecW
PathMakePrettyW
PathIsDirectoryW
PathCombineW
PathAddExtensionW
PathAddBackslashW
StrCmpLogicalW
SHCopyKeyW
PathFileExistsW
StrRetToStrW
PathAppendW
PathCompactPathW
PathRelativePathToW
PathCanonicalizeW
PathRemoveBackslashW
PathIsRelativeW
PathIsPrefixW
PathIsUNCW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
StrFormatKBSizeW

ole32

OleTranslateAccelerator
OleDestroyMenuDescriptor
CoUninitialize
CoInitialize
CoWaitForMultipleHandles
CoRevokeClassObject
OleCreateMenuDescriptor
CreateItemMoniker
GetRunningObjectTable
CLSIDFromString
MkParseDisplayName
CreateBindCtx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleLockRunning
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
IsAccelerator
CoCreateGuid
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
ReleaseStgMedium
OleDuplicateData
CoFreeUnusedLibraries
CoInitializeEx
StringFromCLSID
PropVariantClear
StringFromGUID2
OleLoadFromStream
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
OleSaveToStream
CoRegisterMessageFilter

oleaut32

VarBstrFromDate
VariantCopy
VariantInit
SysAllocString
SafeArrayDestroy
LoadTypeLi
OleCreateFontIndirect
VarBstrCmp
SysAllocStringLen
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringByteLen
OleCreatePropertyFrame
VariantChangeType
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
SysFreeString
VariantTimeToSystemTime

oledlg

OleUIBusyW

ws2_32

socket
gethostbyname
WSAStartup
WSACleanup
inet_ntoa
WSAGetLastError
WSAAsyncSelect
inet_addr
sendto
ntohs
send
select
shutdown
recvfrom
recv
htonl
getsockname
getpeername
connect
listen
closesocket
htons
bind
accept
WSASetLastError

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

wininet

HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetGetLastResponseInfoW
InternetWriteFile
InternetSetFilePointer
InternetOpenUrlW
InternetConnectW
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetReadFile
InternetSetOptionW
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
HttpQueryInfoW
InternetSetOptionA
InternetSetStatusCallbackW
HttpOpenRequestA
InternetQueryDataAvailable
InternetQueryOptionW
InternetGetConnectedState

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 936KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f49b8fd8c81200c3f944861253edf02ec648697bc1d5843c6a8cf7f04f645b91
.exe windows:5 windows x86 arch:x86

a14fe147cbb35ac7afa52e2cceed81b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mscorsvw.pdb

Imports

mscoree

GetRealProcAddress
GetRequestedRuntimeInfo

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
free
malloc
wcstoul
wcscat_s
towupper
_vsnprintf
_vsnwprintf_s
_vsnprintf_s
_errno
wcsncpy_s
wcscpy_s
strcpy_s
_snwprintf_s
memmove
memset
strchr
_CxxThrowException
__CxxFrameHandler3
_wcsicmp
_purecall
memcpy

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey

kernel32

GetEnvironmentVariableA
GetEnvironmentVariableW
GetCurrentProcessId
LocalAlloc
FormatMessageA
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
ReleaseSemaphore
TlsSetValue
TlsAlloc
TlsFree
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObjectEx
ReleaseMutex
SleepEx
VirtualAlloc
VirtualFree
VirtualQuery
VirtualProtect
HeapCreate
HeapDestroy
HeapValidate
InterlockedExchange
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
GetTickCount
UnhandledExceptionFilter
GetProcAddress
InterlockedIncrement
IsDebuggerPresent
InterlockedDecrement
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
CreateThread
OpenProcess
SetEvent
DebugBreak
TlsGetValue
InterlockedCompareExchange
GetLastError
SetLastError
GetModuleHandleA
FreeLibrary
CloseHandle
RaiseException
LocalFree
MultiByteToWideChar
GetCPInfo
GetACP
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
lstrlenW
GetVersionExA
GetModuleHandleW
GetCommandLineW
WideCharToMultiByte
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
CreateSemaphoreA
CreateSemaphoreW
CreateMutexA
CreateMutexW
CreateEventA
CreateEventW
OpenEventA
OpenEventW

user32

PeekMessageA
PeekMessageW
DispatchMessageA
DispatchMessageW
MessageBoxA
MessageBoxW
LoadStringA
LoadStringW
MsgWaitForMultipleObjects

ole32

CoRevokeClassObject
CoAddRefServerProcess
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoReleaseServerProcess

oleaut32

SysStringLen
SetErrorInfo

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

a22b9c7bc0a60c74233dee9fcb4ec598

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

ole32

oleaut32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

f357e85531c6f51e747b50e32a172ccb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

e1af18a3a3acd81c899eae5eb79c1fd8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

version

mpr

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

dbghelp

wintrust

ntdll

rpcrt4

setupapi

oleacc

wininet

imm32

winmm

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 5.0MB - Virtual size: 5.0MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 76KB - Virtual size: 145KB

.pdata
Size: 259KB - Virtual size: 258KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 656KB - Virtual size: 660KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 352KB - Virtual size: 351KB

.data
Size: 35KB - Virtual size: 103KB

.jatugi
Size: 512B - Virtual size: 5B

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1.2MB - Virtual size: 1.9MB