modiloader | Desktop[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Desktop.rar
Size

44.9MB
MD5

7e91f1ec2469daeb7583dff154869886
SHA1

21f537ab56fc76dd8fe03aa5eaf074398c82bc44
SHA256

714000573abb56370c1ac54a94a0b14abea8a2bfc7f2efece60b946778d87520
SHA512

479080ed59f4fda7b2af2f19a62f079b5a3236c484f9ef5975668fd3f0dce08787ff43a3586075b56bfd3fb9c26219a4afb2ad13c67b1684c8ad18bbc4bba37c
SSDEEP

786432:q9X4lWbcNlWbsMlWbTdlWbLKH9Tzex6qh8pHrwSyzex6qh8XyjQ7FyjQ7wrtpNrb:q9XE9okXH9Ta0liSya0lRPwr1M3jpe

Score

10^/10

upx modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
static1/unpack001/Codesoft PW Stealer 0.50/data/cdpw3.exe	modiloader_stage2

Modiloader family
modiloader

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Evil Cleaner/nvml/ec.exe	upx

Unsigned PE 92 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Armageddon Stealer 1.0 by Krusty/Armageddon Stealer 1.0 by Krusty.exe
unpack001/Armageddon Stealer 1.0 by Krusty/mstscax.dll
unpack001/Armageddon Stealer 1.0 by Krusty/stub.arm
unpack001/Armageddon Stealer 1.0 by Krusty/viewsource/Ionic.Zip.dll
unpack001/Armageddon Stealer 1.0 by Krusty/viewsource/Launcher.exe
unpack001/Armageddon Stealer 1.0 by Krusty/viewsource/ak1.exe
unpack001/Armageddon Stealer 1.0 by Krusty/viewsource/stub.arm
unpack001/AttWorm/ATTWorm Cracked.exe
unpack001/AttWorm/Jint.dll
unpack001/AttWorm/js.exe
unpack001/AttWorm/skci/Extreme.Net.dll
unpack001/AttWorm/skci/Ionic.Zip.dll
unpack001/AttWorm/skci/Launcher.exe
unpack001/AttWorm/skci/att.exe
unpack001/Aurora Worm v1/Aurora Worm v1-Cracked by RoN1N.exe
unpack001/Aurora Worm v1/settings/Ionic.Zip.dll
unpack001/Aurora Worm v1/settings/Launcher.exe
unpack001/Aurora Worm v1/settings/aw.exe
unpack001/Blade Stealer 1.0 PUBLIC/Blade Stealer.exe
unpack001/Blade Stealer 1.0 PUBLIC/OCX/CODEJO~2 - Kopie.ocx
unpack001/Blade Stealer 1.0 PUBLIC/OCX/Skin.Style
unpack001/Blade Stealer 1.0 PUBLIC/assembly/Ionic.Zip.dll
unpack001/Blade Stealer 1.0 PUBLIC/assembly/Launcher.exe
unpack001/Blade Stealer 1.0 PUBLIC/assembly/OCX/CODEJO~2 - Kopie.ocx
unpack001/Blade Stealer 1.0 PUBLIC/assembly/OCX/Skin.Style
unpack001/Blade Stealer 1.0 PUBLIC/assembly/bs.exe
unpack001/CanalSatViewer/CPFilters.dll
unpack001/CanalSatViewer/CanalSatViewer.exe
unpack001/CanalSatViewer/CoreShell.dll
unpack001/CanalSatViewer/LiteDB/Ionic.Zip.dll
unpack001/CanalSatViewer/LiteDB/Launcher.exe
unpack001/CanalSatViewer/LiteDB/csv.exe
unpack001/CanalSatViewer/LiteDB/schannel.dll
unpack001/Codesoft PW Stealer 0.50/Codesoft PW Stealer 0.50.exe
unpack001/Codesoft PW Stealer 0.50/chromedriver.exe
unpack001/Codesoft PW Stealer 0.50/data/Ionic.Zip.dll
unpack001/Codesoft PW Stealer 0.50/data/Launcher.exe
unpack001/Codesoft PW Stealer 0.50/data/Leaf.xNet.dll
unpack001/Codesoft PW Stealer 0.50/data/bcastdvr.proxy.dll
unpack001/Codesoft PW Stealer 0.50/data/cdpw3.exe
unpack001/Dark IP Stealer - by mana5olia/Dark IP Stealer.exe
unpack001/Dark IP Stealer - by mana5olia/mcbuilder/Ionic.Zip.dll
unpack001/Dark IP Stealer - by mana5olia/mcbuilder/Launcher.exe
unpack001/Dark IP Stealer - by mana5olia/mcbuilder/dis.exe
unpack001/Dark IP Stealer - by mana5olia/mcbuilder/stub.exe
unpack001/Dark Screen Stealer V2/Dark Screen Stealer.exe
unpack001/Dark Screen Stealer V2/chromedriver.exe
unpack001/Dark Screen Stealer V2/node/CPFilters.dll
unpack001/Dark Screen Stealer V2/node/Ionic.Zip.dll
unpack001/Dark Screen Stealer V2/node/Launcher.exe
unpack001/Dark Screen Stealer V2/node/dst.exe
unpack001/Dark Screen Stealer V2/node/opengl32.dll
unpack001/Dark Screen Stealer V2/node/stub.exe
unpack001/Dimension Stealer 2 by Gumball/Dimension Stealer V2.exe
unpack001/Dimension Stealer 2 by Gumball/Interop.Office.dll
unpack001/Dimension Stealer 2 by Gumball/Interop.VBIDE.dll
unpack001/Dimension Stealer 2 by Gumball/Stub/Stub.exe
unpack001/Dimension Stealer 2 by Gumball/WebDriver/Interop.Office.dll
unpack001/Dimension Stealer 2 by Gumball/WebDriver/Interop.VBIDE.dll
unpack001/Dimension Stealer 2 by Gumball/WebDriver/Ionic.Zip.dll
unpack001/Dimension Stealer 2 by Gumball/WebDriver/Launcher.exe
unpack001/Dimension Stealer 2 by Gumball/WebDriver/Stub/Stub.exe
unpack001/Dimension Stealer 2 by Gumball/WebDriver/dsv.exe
unpack001/Evil Cleaner/EvilCleaner.exe
unpack001/Evil Cleaner/config.exe
unpack001/Evil Cleaner/nvml/Ionic.Zip.dll
unpack001/Evil Cleaner/nvml/Launcher.exe
unpack001/Evil Cleaner/nvml/config.exe
unpack001/Evil Cleaner/nvml/ec.exe
unpack001/Evil Cleaner/nvml/stub/cleaner.exe
unpack001/Evil Cleaner/stub/cleaner.exe
unpack001/FF Stealer Steam cafe/CPFilters.dll
unpack001/FF Stealer Steam cafe/FF Stealer Steam.exe
unpack001/FF Stealer Steam cafe/Stub.exe
unpack001/FF Stealer Steam cafe/npnul32.dll
unpack001/FF Stealer Steam cafe/opengl32/Ionic.Zip.dll
unpack001/FF Stealer Steam cafe/opengl32/Jint.dll
unpack001/FF Stealer Steam cafe/opengl32/Launcher.exe
unpack001/FF Stealer Steam cafe/opengl32/Stub.exe
unpack001/FF Stealer Steam cafe/opengl32/ffs.exe
unpack001/FileZilla Stealer 1.0 PUBLIC/BFE.DLL
unpack001/FileZilla Stealer 1.0 PUBLIC/FileZilla Stealer.exe
unpack001/FileZilla Stealer 1.0 PUBLIC/freebl3.dll
unpack001/FileZilla Stealer 1.0 PUBLIC/stub.dll
unpack001/FileZilla Stealer 1.0 PUBLIC/xpidl/Ionic.Zip.dll
unpack001/FileZilla Stealer 1.0 PUBLIC/xpidl/Launcher.exe
unpack001/FileZilla Stealer 1.0 PUBLIC/xpidl/fs.exe
unpack001/FileZilla Stealer 1.0 PUBLIC/xpidl/stub.dll
unpack001/Fly Stealer 0.1/Fly Stealer 0.1.exe
unpack001/Fly Stealer 0.1/pnpclean/Ionic.Zip.dll
unpack001/Fly Stealer 0.1/pnpclean/Launcher.exe
unpack001/Fly Stealer 0.1/pnpclean/flys.exe

Files

Desktop.rar
.rar
Armageddon Stealer 1.0 by Krusty/Armageddon Stealer 1.0 by Krusty.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Armageddon Stealer 1.0 by Krusty/Screenshot.jpg
.jpg
Armageddon Stealer 1.0 by Krusty/mfc100cht.dll
.dll windows:5 windows x86 arch:x86

Code Sign

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2016 20:17

Not After

02-11-2017 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:d2:c0:c3:6a:55:48:a4:1b:0b:eb:ca:b3:f8:f9:7a:03:fe:51:cb
Signer

Actual PE Digest

12:d2:c0:c3:6a:55:48:a4:1b:0b:eb:ca:b3:f8:f9:7a:03:fe:51:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Armageddon Stealer 1.0 by Krusty/mstscax.dll
.dll regsvr32 windows:10 windows x64 arch:x64

6040dc80a09960397e448f384516c856

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mstscax.pdb

Imports

msvcrt

_ultow
wcsncat_s
wcstoul
wcsftime
tolower
towupper
_itow_s
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
??0exception@@QEAA@XZ
_ltow
printf
isalpha
??1exception@@UEAA@XZ
memcpy
memcmp
_wfopen_s
log10f
log10
log
floorf
floor
exp
cos
_waccess_s
_wfopen
vswprintf_s
wcsnlen
swscanf_s
wcschr
_strnicmp
_strlwr_s
_vsnprintf
memcpy_s
wcstol
iswdigit
iswspace
toupper
wcstombs_s
_wcsnicmp
wcstok
wcsrchr
realloc
wcscat_s
wcsncmp
bsearch
isdigit
memchr
wcsstr
vsprintf_s
_resetstkoflw
towlower
swprintf_s
_aligned_free
memmove
memset
pow
sin
sqrt
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_aligned_malloc
_XcptFilter
free
_callnewh
time
gmtime
srand
rand
fclose
fprintf
fwrite
_wtoi
__CxxFrameHandler3
wcstok_s
_itoa_s
wcscspn
sprintf_s
_ltow_s
memmove_s
_stricmp
_vscwprintf
wcsncpy_s
malloc
_wcsicmp
_vsnwprintf
wcscpy_s
calloc
strtok_s
_wtol
strncmp
iswalnum
wcspbrk
_wcslwr
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
_purecall
ceilf
ceil
atan2
_CxxThrowException
wcscmp

ntdll

RtlFreeUnicodeString
NtSetInformationFile
RtlStringFromGUID
RtlAreBitsSet
RtlClearBits
RtlInitializeBitMap
RtlFindClearBitsAndSet
RtlNtStatusToDosError
RtlInitString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtDeviceIoControlFile
NtClose
NtReadFile
NtWriteFile
RtlEnumerateGenericTableWithoutSplaying
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlEnumerateGenericTable
RtlInitializeGenericTable
NtOpenSection
RtlAppendUnicodeToString
NtDuplicateObject
RtlGetLastNtStatus
RtlVerifyVersionInfo

kernel32

LocalAlloc
ExpandEnvironmentStringsW
CreateTimerQueueTimer
GetACP
CompareStringW
TryAcquireSRWLockExclusive
DeleteTimerQueueTimer
LocalFree
LoadLibraryA
K32GetModuleFileNameExW
IsDBCSLeadByte
CreateDirectoryW
TerminateThread
lstrcmpA
GetVersion
GetModuleHandleA
LoadLibraryExW
CreateFileW
DuplicateHandle
DeleteFileW
GetFileAttributesW
SetFileAttributesW
SetFilePointer
WriteFile
ReadFile
CreateMutexW
GetDiskFreeSpaceW
GetSystemTime
GetTimeFormatW
GetDateFormatW
FormatMessageW
GetNumberFormatW
GlobalHandle
LoadResource
GetSystemDefaultLangID
GetVersionExA
GetTempPathW
GetModuleFileNameW
TlsGetValue
TlsSetValue
PostQueuedCompletionStatus
VerifyVersionInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
VerSetConditionMask
GetFullPathNameW
GetSystemFirmwareTable
GetModuleHandleW
GlobalFree
IsWow64Process
GetComputerNameA
InterlockedFlushSList
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
CreateThread
SetErrorMode
CreateWaitableTimerW
SetWaitableTimer
QueryPerformanceFrequency
WaitForMultipleObjectsEx
CancelWaitableTimer
GetComputerNameExW
InitializeSListHead
GetDriveTypeW
GetCPInfo
ResumeThread
FlushFileBuffers
DeviceIoControl
FindCloseChangeNotification
QueryDosDeviceW
FindFirstChangeNotificationW
FindNextChangeNotification
GetVolumeInformationW
GetFileInformationByHandle
GetFileAttributesExW
GetVersionExW
SetFileTime
RemoveDirectoryW
MoveFileW
LockFileEx
GlobalDeleteAtom
LockFile
GlobalAddAtomW
UnlockFile
EscapeCommFunction
GetCommState
SetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
GetCommTimeouts
SetupComm
GetCommMask
TlsFree
TlsAlloc
LoadLibraryW
GetSystemDirectoryW
SetCommMask
CreateFileMappingW
CloseHandle
PurgeComm
GetCommModemStatus
GetLastError
ClearCommError
GetCommProperties
GetCommConfig
SleepConditionVariableSRW
WakeAllConditionVariable
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
VirtualAlloc
VirtualFree
HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryExA
VirtualProtect
DisableThreadLibraryCalls
SizeofResource
lstrcmpiW
CreateEventExW
GetTimeZoneInformation
GetLocalTime
OpenThread
SwitchToThread
InitializeCriticalSection
GetComputerNameW
Beep
TrySubmitThreadpoolCallback
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
GetDefaultCommConfigW
FindFirstVolumeW
GetModuleHandleExA
GetProcAddress
FindNextVolumeW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetVolumePathNamesForVolumeNameW
FindVolumeClose
OpenProcess
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetTempFileNameW
CreateProcessW
FreeLibrary
SystemTimeToFileTime
GetCommandLineW
GlobalSize
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
InitializeCriticalSectionAndSpinCount
SetThreadPriority
ProcessIdToSessionId
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
GetOverlappedResult
GetTickCount64
DisconnectNamedPipe
CreateThreadpoolIo
CancelThreadpoolIo
StartThreadpoolIo
CloseThreadpoolIo
BindIoCompletionCallback
CancelIo
SearchPathW
SetLastError
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
UnmapViewOfFile
MultiByteToWideChar
FindResourceExW
MapViewOfFile
WideCharToMultiByte
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
PowerCreateRequest
PowerSetRequest
PowerClearRequest
NormalizeString
MulDiv
lstrcmpW
RaiseException
VirtualQuery
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
ReleaseSemaphore
ReleaseMutex
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetProcessHeap
DebugBreak
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
GetFileSize
OpenEventW
OpenMutexW
OpenFileMappingW
GetSystemInfo
GetActiveProcessorCount
GetProcessAffinityMask
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetEndOfFile
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
SetFilePointerEx
CompareStringEx
GetNativeSystemInfo
WaitForMultipleObjects
IsProcessorFeaturePresent
CreateWaitableTimerExW
GetExitCodeThread
FreeLibraryAndExitThread
CreateSemaphoreW
QueueUserWorkItem
WaitForThreadpoolIoCallbacks

gdi32

GdiDrawStream
GetDeviceCaps
CreateRectRgn
SetRectRgn
OffsetRgn
DPtoLP
IntersectClipRect
CreateRectRgnIndirect
GetRgnBox
ExtCreateRegion
CreateSolidBrush
CreatePalette
RestoreDC
TextOutW
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
OffsetWindowOrgEx
GetDIBColorTable
CreateDCW
GetPaletteEntries
GetClipBox
GetNearestColor
SetDIBColorTable
GetRegionData
PtInRegion
CreateFontIndirectW
SetPixel
GetTextExtentPoint32W
ExtTextOutW
CreatePolygonRgn
GetMapMode
GetTextExtentPointW
GetClipRgn
UpdateColors
GetPixel
GetNearestPaletteIndex
GetSystemPaletteEntries
CombineRgn
CreateDIBPatternBrushPt
CreateBrushIndirect
DeleteObject
CreatePen
LPtoDP
DeleteDC
SelectObject
SetStretchBltMode
StretchBlt
CreateDIBitmap
CreateCompatibleDC
SetBitmapBits
CreateBitmap
CreateCompatibleBitmap
CreateDIBSection
SelectPalette
GetObjectW
GetCurrentObject
FillRgn
FrameRgn
Polygon
Ellipse
SetPolyFillMode
Rectangle
LineTo
MoveToEx
SetROP2
RealizePalette
PatBlt
SetDCBrushColor
GetStockObject
SelectClipRgn
GdiFlush
SetBrushOrgEx
GetBrushOrgEx
SetBkMode
SetMetaFileBitsEx
GetMetaFileBitsEx
PlayMetaFile
GetBkMode
BitBlt
StretchDIBits
SetBkColor
SetTextColor
SetTextAlign
GetTextAlign

advapi32

RegEnumValueW
IsTextUnicode
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegDeleteKeyValueW
RegSetKeyValueW
RegEnumKeyW
RegFlushKey
CryptGenRandom
CryptAcquireContextW
RegQueryInfoKeyW
EventUnregister
EventRegister
CopySid
GetLengthSid
OpenProcessToken
EventWriteTransfer
GetTokenInformation
CryptReleaseContext
CryptSetProvParam
CredFree
CredUnmarshalCredentialW
RegGetValueW
GetUserNameA
RegDeleteKeyW
CredIsMarshaledCredentialW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CredReadW
CredWriteW
CredGetSessionTypes
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
CredDeleteW
EventActivityIdControl
RegNotifyChangeKeyValue
CredReadDomainCredentialsW
CredWriteDomainCredentialsW
GetFileSecurityW
GetSecurityDescriptorLength
SetFileSecurityW
CryptDestroyKey
CredProtectW
CredUnprotectW
SystemFunction036
TraceEvent
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TraceMessage

user32

UpdateLayeredWindow
RedrawWindow
GetIconInfo
DrawIconEx
SetForegroundWindow
RegisterHotKey
UnregisterHotKey
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetTopWindow
OffsetRect
UnionRect
EnumChildWindows
EnumDisplayMonitors
EnumDisplayDevicesW
CopyIcon
PostThreadMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
CharNextW
IsChild
CallWindowProcW
DrawTextW
SetWindowLongW
EnumThreadWindows
AllowSetForegroundWindow
MonitorFromPoint
UnregisterClassA
CharLowerW
GetWindowDC
FillRect
IntersectRect
SetTimer
LoadCursorW
SetWindowPos
ShowWindow
KillTimer
DestroyWindow
UnregisterClassW
GetClassInfoW
RegisterClassW
CreateWindowExW
SetPropW
GetKeyState
SetParent
MoveWindow
GetKeyboardType
ScreenToClient
GetCapture
SetCursorPos
ClientToScreen
SetFocus
MapVirtualKeyW
GetSystemMetrics
UnhookWinEvent
keybd_event
GetCursorPos
GetRawInputData
GetAncestor
GetKeyboardLayoutNameW
TrackMouseEvent
DefWindowProcW
GetWindowLongPtrW
FlashWindow
GetWindowRect
EndPaint
SetWindowLongPtrW
GetLastInputInfo
CharPrevA
CharNextA
SetWinEventHook
EndDeferWindowPos
DeferWindowPos
GetGUIThreadInfo
BeginDeferWindowPos
GetClassNameW
GetActiveWindow
FindWindowExW
SendMessageTimeoutW
DispatchMessageW
GetMessageW
PostQuitMessage
ValidateRect
SetWindowTextW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
UpdateWindow
RegisterClassExW
GetClassInfoExW
IsRectEmpty
GetWindowLongW
GetParent
RemovePropW
SetRectEmpty
LoadStringW
LoadIconW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
GetWindowPlacement
SystemParametersInfoA
LockWindowUpdate
GetSysColor
SetScrollPos
AdjustWindowRect
ShowScrollBar
SetScrollInfo
GetCursorInfo
LoadMenuW
DialogBoxParamW
CheckDlgButton
EndDialog
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem
GetProcessDefaultLayout
GetDlgCtrlID
MonitorFromRect
GetLastActivePopup
SetLayeredWindowAttributes
GetSubMenu
TrackPopupMenuEx
SetClassLongPtrW
GetClassLongPtrW
GetMenuItemInfoW
IsWindowEnabled
DestroyMenu
CreateDialogParamW
AnimateWindow
GetKeyboardLayoutNameA
GetKeyboardLayout
SendDlgItemMessageW
GetNextDlgTabItem
GetDlgItemTextW
InflateRect
GetSysColorBrush
EnumDisplaySettingsW
CopyRect
GetClipboardFormatNameW
SetRect
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
IsClipboardFormatAvailable
DestroyIcon
LoadImageW
EqualRect
DefDlgProcW
GetDesktopWindow
DestroyCursor
PeekMessageW
SendInput
ShowCursor
MapWindowPoints
IsWindow
SetWindowRgn
SetActiveWindow
IsIconic
IsZoomed
RegisterWindowMessageW
GetWindow
IsWindowVisible
FindWindowW
CreateCursor
GetClientRect
SendMessageW
ReleaseDC
GetDC
InvalidateRect
RegisterClipboardFormatW
MessageBeep
GetMessageExtraInfo
GetWindowRgn
GetAsyncKeyState
AttachThreadInput
RegisterRawInputDevices
PtInRect
CallNextHookEx
GetWindowThreadProcessId
SetWindowsHookExW
SetCursor
FlashWindowEx
SetCapture
ReleaseCapture
GetForegroundWindow
GetFocus
UnhookWindowsHookEx
BeginPaint
PostMessageW
GetKeyboardState
SetMenuItemInfoW

d2d1

ord1

dwrite

DWriteCreateFactory

cfgmgr32

CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_Parent
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Device_Interface_PropertyW

msacm32

acmDriverEnum
acmFormatTagDetailsW
acmDriverOpen
acmStreamOpen
acmFormatSuggest
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamSize
acmDriverClose
acmStreamClose

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute

pdh

PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery
PdhOpenQueryW
PdhRemoveCounter
PdhCollectQueryData

secur32

EncryptMessage
AcceptSecurityContext
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleW
SetContextAttributesW
FreeCredentialsHandle
InitializeSecurityContextW
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
DecryptMessage
LsaLookupAuthenticationPackage
InitSecurityInterfaceW
QuerySecurityPackageInfoW
FreeContextBuffer
GetUserNameExW
LsaCallAuthenticationPackage

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

uxtheme

SetWindowTheme
GetCurrentThemeName

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsExW
CM_Get_Sibling
SetupDiOpenClassRegKeyExW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Child
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoList
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW

iphlpapi

CreateSortedAddressPairs
FreeMibTable

rpcrt4

NdrMesTypeDecode3
NdrMesTypeEncode3
NdrMesTypeFree3
MesDecodeBufferHandleCreate
RpcStringFreeW
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
MesHandleFree
MesEncodeDynBufferHandleCreate
UuidToStringW
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
IUnknown_Release_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
I_RpcExceptionFilter
NdrDllCanUnloadNow

dxgi

CreateDXGIFactory1

imm32

ImmGetContext
ImmAssociateContext

ncrypt

NCryptFreeObject
NCryptSetProperty

netapi32

NetGetJoinInformation
NetApiBufferFree

d3d11

D3D11CreateDevice

bcrypt

BCryptHashData
BCryptImportKeyPair
BCryptCreateHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptImportKey
BCryptEncrypt
BCryptFinishHash
BCryptDestroyKey

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

Exports

Exports

DllCanUnloadNow
DllCancelAuthentication
DllGetClaimsToken
DllGetClassObject
DllGetTscCtlVer
DllLogoffClaimsToken
DllRegisterServer
DllSetAuthProperties
DllSetClaimsToken
DllUnregisterServer

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Armageddon Stealer 1.0 by Krusty/stub.arm
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Armageddon Stealer 1.0 by Krusty/viewsource/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Armageddon Stealer 1.0 by Krusty/viewsource/LICENCE.dat
.zip
Armageddon Stealer 1.0 by Krusty/viewsource/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Armageddon Stealer 1.0 by Krusty/viewsource/ak1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Armageddon Stealer 1.0 by Krusty/viewsource/stub.arm
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AttWorm/ATTWorm Cracked.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AttWorm/Jint.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\jint\Jint\obj\Release\net451\Jint.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AttWorm/Screen snap.png
.png
AttWorm/js.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\builds\moz2_slave\rel-192-xr-w32-bld\build\obj-firefox\js\src\shell\js.pdb

Exports

Exports

?js_DeepBail@@YAXPAUJSContext@@@Z
?js_GetErrorMessage@@YAPBUJSErrorFormatString@@PAXPBDI@Z
?js_NextActiveContext@@YAPAUJSContext@@PAUJSRuntime@@PAU1@@Z
?js_ReportErrorAgain@@YAXPAUJSContext@@PBDPAUJSErrorReport@@@Z
?js_ReportOverRecursed@@YAXPAUJSContext@@@Z
?js_SetTraceableNativeFailed@@YAXPAUJSContext@@@Z
?js_obj_defineGetter@@YAHPAUJSContext@@IPAH@Z
?js_obj_defineSetter@@YAHPAUJSContext@@IPAH@Z
?resolving_MatchEntry@@YAHPAUJSDHashTable@@PBUJSDHashEntryHdr@@PBX@Z
@JS_DHashTableOperate@12
@js_CloseIterator@8
JS_AddArgumentFormatter
JS_AddExternalStringFinalizer
JS_AddNamedRoot
JS_AddNamedRootRT
JS_AddRoot
JS_AliasElement
JS_AliasProperty
JS_AlreadyHasOwnElement
JS_AlreadyHasOwnProperty
JS_AlreadyHasOwnPropertyById
JS_AlreadyHasOwnUCProperty
JS_ArenaAllocate
JS_ArenaFinish
JS_ArenaGrow
JS_ArenaRealloc
JS_ArenaRelease
JS_ArenaShutDown
JS_BeginJSONParse
JS_BeginRequest
JS_BufferIsCompilableUnit
JS_CStringsAreUTF8
JS_CallFunction
JS_CallFunctionName
JS_CallFunctionValue
JS_CallTracer
JS_CeilingLog2
JS_CheckAccess
JS_ClearAllTraps
JS_ClearAllWatchPoints
JS_ClearContextDebugHooks
JS_ClearContextThread
JS_ClearInterrupt
JS_ClearNewbornRoots
JS_ClearPendingException
JS_ClearRegExpRoots
JS_ClearRegExpStatics
JS_ClearScope
JS_ClearScriptTraps
JS_ClearTrap
JS_ClearWatchPoint
JS_ClearWatchPointsForObject
JS_CloneFunctionObject
JS_CommenceRuntimeShutDown
JS_CompareStrings
JS_CompareValues
JS_CompileFile
JS_CompileFileHandle
JS_CompileFileHandleForPrincipals
JS_CompileFunction
JS_CompileFunctionForPrincipals
JS_CompileScript
JS_CompileScriptForPrincipals
JS_CompileUCFunction
JS_CompileUCFunctionForPrincipals
JS_CompileUCScript
JS_CompileUCScriptForPrincipals
JS_ComputeThis
JS_ConcatStrings
JS_ConstructObject
JS_ConstructObjectWithArguments
JS_ConsumeJSONText
JS_ContextIterator
JS_ConvertArguments
JS_ConvertArgumentsVA
JS_ConvertStub
JS_ConvertValue
JS_DHashAllocTable
JS_DHashClearEntryStub
JS_DHashFinalizeStub
JS_DHashFreeStringKey
JS_DHashFreeTable
JS_DHashGetStubOps
JS_DHashMatchEntryStub
JS_DHashMatchStringKey
JS_DHashMoveEntryStub
JS_DHashStringKey
JS_DHashTableDestroy
JS_DHashTableEnumerate
JS_DHashTableFinish
JS_DHashTableInit
JS_DHashTableRawRemove
JS_DHashTableSetAlphaBounds
JS_DHashVoidPtrKeyStub
JS_DecodeBytes
JS_DecompileFunction
JS_DecompileFunctionBody
JS_DecompileScript
JS_DefineConstDoubles
JS_DefineElement
JS_DefineFunction
JS_DefineFunctions
JS_DefineObject
JS_DefineProperties
JS_DefineProperty
JS_DefinePropertyById
JS_DefinePropertyWithTinyId
JS_DefineUCFunction
JS_DefineUCProperty
JS_DefineUCPropertyWithTinyId
JS_DeleteElement
JS_DeleteElement2
JS_DeleteProperty
JS_DeleteProperty2
JS_DeletePropertyById
JS_DeletePropertyById2
JS_DeleteUCProperty2
JS_DestroyContext
JS_DestroyContextMaybeGC
JS_DestroyContextNoGC
JS_DestroyIdArray
JS_DestroyScript
JS_DropExceptionState
JS_DropPrincipals
JS_EncodeCharacters
JS_EncodeString
JS_EndRequest
JS_EnterLocalRootScope
JS_Enumerate
JS_EnumerateResolvedStandardClasses
JS_EnumerateStandardClasses
JS_EnumerateStub
JS_ErrorFromException
JS_EvalFramePrincipals
JS_EvaluateInStackFrame
JS_EvaluateScript
JS_EvaluateScriptForPrincipals
JS_EvaluateUCInStackFrame
JS_EvaluateUCScript
JS_EvaluateUCScriptForPrincipals
JS_ExecuteScript
JS_ExecuteScriptPart
JS_FinalizeStub
JS_Finish
JS_FinishArenaPool
JS_FinishJSONParse
JS_FlagScriptFilenamePrefix
JS_FloorLog2
JS_FlushCaches
JS_ForgetLocalRoot
JS_FrameIterator
JS_FreeArenaPool
JS_GC
JS_GetArrayLength
JS_GetClass
JS_GetClassObject
JS_GetConstructor
JS_GetContextPrivate
JS_GetContextThread
JS_GetElement
JS_GetEmptyStringValue
JS_GetExternalStringGCType
JS_GetFrameAnnotation
JS_GetFrameCallObject
JS_GetFrameCalleeObject
JS_GetFrameFunction
JS_GetFrameFunctionObject
JS_GetFrameObject
JS_GetFramePC
JS_GetFramePrincipalArray
JS_GetFrameReturnValue
JS_GetFrameScopeChain
JS_GetFrameScript
JS_GetFrameThis
JS_GetFunctionArity
JS_GetFunctionFastNative
JS_GetFunctionFlags
JS_GetFunctionId
JS_GetFunctionName
JS_GetFunctionNative
JS_GetFunctionObject
JS_GetFunctionScript
JS_GetFunctionTotalSize
JS_GetGCParameter
JS_GetGCParameterForThread
JS_GetGlobalDebugHooks
JS_GetGlobalForObject
JS_GetGlobalObject
JS_GetImplementationVersion
JS_GetInstancePrivate
JS_GetLocaleCallbacks
JS_GetMethod
JS_GetMethodById
JS_GetNaNValue
JS_GetNegativeInfinityValue
JS_GetObjectId
JS_GetObjectTotalSize
JS_GetOperationCallback
JS_GetOptions
JS_GetParent
JS_GetPendingException
JS_GetPositiveInfinityValue
JS_GetPrivate
JS_GetProperty
JS_GetPropertyAttributes
JS_GetPropertyAttrsGetterAndSetter
JS_GetPropertyAttrsGetterAndSetterById
JS_GetPropertyById
JS_GetPropertyDesc
JS_GetPropertyDescArray
JS_GetPropertyDescriptorById
JS_GetPrototype
JS_GetReservedSlot
JS_GetRuntime
JS_GetRuntimePrivate
JS_GetRuntimeSecurityCallbacks
JS_GetScopeChain
JS_GetScriptBaseLineNumber
JS_GetScriptFilename
JS_GetScriptFilenameFlags
JS_GetScriptLineExtent
JS_GetScriptObject
JS_GetScriptPrincipals
JS_GetScriptTotalSize
JS_GetScriptVersion
JS_GetScriptedCaller
JS_GetSecurityCallbacks
JS_GetStringBytes
JS_GetStringChars
JS_GetStringLength
JS_GetTopScriptFilenameFlags
JS_GetTrapOpcode
JS_GetTypeName
JS_GetUCProperty
JS_GetUCPropertyAttributes
JS_GetUCPropertyAttrsGetterAndSetter
JS_GetVersion
JS_HandleTrap
JS_HasArrayLength
JS_HasElement
JS_HasInstance
JS_HasProperty
JS_HasPropertyById
JS_HasUCProperty
JS_HashString
JS_HashTableAdd
JS_HashTableDestroy
JS_HashTableDump
JS_HashTableEnumerateEntries
JS_HashTableLookup
JS_HashTableRawAdd
JS_HashTableRawLookup
JS_HashTableRawRemove
JS_HashTableRemove
JS_HoldPrincipals
JS_IdToValue
JS_Init
JS_InitArenaPool
JS_InitClass
JS_InitStandardClasses
JS_InstanceOf
JS_InternString
JS_InternUCString
JS_InternUCStringN
JS_IsAboutToBeFinalized
JS_IsArrayObject
JS_IsAssigning
JS_IsConstructing
JS_IsConstructorFrame
JS_IsDebuggerFrame
JS_IsExceptionPending
JS_IsGCMarkingTracer
JS_IsNativeFrame
JS_IsRunning
JS_IsSystemObject
JS_LeaveLocalRootScope
JS_LeaveLocalRootScopeWithResult
JS_LineNumberToPC
JS_Lock
JS_LockGCThing
JS_LockGCThingRT
JS_LookupElement
JS_LookupProperty
JS_LookupPropertyById
JS_LookupPropertyWithFlags
JS_LookupPropertyWithFlagsById
JS_LookupUCProperty
JS_MakeStringImmutable
JS_MapGCRoots
JS_MarkGCThing
JS_MaybeGC
JS_NewArrayObject
JS_NewContext
JS_NewDHashTable
JS_NewDependentString
JS_NewDouble
JS_NewDoubleValue
JS_NewExternalString
JS_NewFunction
JS_NewGrowableString
JS_NewHashTable
JS_NewNumberValue
JS_NewObject
JS_NewObjectWithGivenProto
JS_NewPropertyIterator
JS_NewRegExpObject
JS_NewScriptObject
JS_NewString
JS_NewStringCopyN
JS_NewStringCopyZ
JS_NewSystemObject
JS_NewUCRegExpObject
JS_NewUCString
JS_NewUCStringCopyN
JS_NewUCStringCopyZ
JS_NextProperty
JS_Now
JS_ObjectIsFunction
JS_PCToLineNumber
JS_PopArguments
JS_PropertyIterator
JS_PropertyStub
JS_PushArguments
JS_PushArgumentsVA
JS_PutPropertyDescArray
JS_RemoveArgumentFormatter
JS_RemoveExternalStringFinalizer
JS_RemoveRoot
JS_RemoveRootRT
JS_ReportAllocationOverflow
JS_ReportError
JS_ReportErrorFlagsAndNumber
JS_ReportErrorFlagsAndNumberUC
JS_ReportErrorNumber
JS_ReportErrorNumberUC
JS_ReportOutOfMemory
JS_ReportPendingException
JS_ReportWarning
JS_ResolveStandardClass
JS_ResolveStub
JS_RestoreExceptionState
JS_RestoreFrameChain
JS_ResumeRequest
JS_SameValue
JS_SaveExceptionState
JS_SaveFrameChain
JS_SealObject
JS_SetArrayLength
JS_SetCStringsAreUTF8
JS_SetCallHook
JS_SetCallReturnValue2
JS_SetContextCallback
JS_SetContextDebugHooks
JS_SetContextPrivate
JS_SetContextSecurityCallbacks
JS_SetContextThread
JS_SetDebugErrorHook
JS_SetDebuggerHandler
JS_SetDestroyScriptHookProc
JS_SetElement
JS_SetErrorReporter
JS_SetExecuteHook
JS_SetExtraGCRoots
JS_SetFrameAnnotation
JS_SetFrameReturnValue
JS_SetGCCallback
JS_SetGCCallbackRT
JS_SetGCParameter
JS_SetGCParameterForThread
JS_SetGlobalObject
JS_SetInterrupt
JS_SetLocaleCallbacks
JS_SetNewScriptHookProc
JS_SetObjectHook
JS_SetOperationCallback
JS_SetOptions
JS_SetParent
JS_SetPendingException
JS_SetPrivate
JS_SetProperty
JS_SetPropertyAttributes
JS_SetPropertyById
JS_SetPrototype
JS_SetRegExpInput
JS_SetReservedSlot
JS_SetRuntimePrivate
JS_SetRuntimeSecurityCallbacks
JS_SetScriptStackQuota
JS_SetSourceHandler
JS_SetThreadStackLimit
JS_SetThrowHook
JS_SetTrap
JS_SetUCProperty
JS_SetUCPropertyAttributes
JS_SetVersion
JS_SetWatchPoint
JS_ShutDown
JS_StackFramePrincipals
JS_StrictlyEqual
JS_StringToVersion
JS_Stringify
JS_SuspendRequest
JS_ThrowReportedError
JS_ThrowStopIteration
JS_ToggleOptions
JS_TraceChildren
JS_TraceRuntime
JS_TriggerAllOperationCallbacks
JS_TriggerOperationCallback
JS_TryJSON
JS_TypeOfValue
JS_UndependString
JS_Unlock
JS_UnlockGCThing
JS_UnlockGCThingRT
JS_ValueToBoolean
JS_ValueToConstructor
JS_ValueToECMAInt32
JS_ValueToECMAUint32
JS_ValueToFunction
JS_ValueToId
JS_ValueToInt32
JS_ValueToNumber
JS_ValueToObject
JS_ValueToSource
JS_ValueToString
JS_ValueToUint16
JS_VersionToString
JS_XDRBytes
JS_XDRCString
JS_XDRCStringOrNull
JS_XDRDestroy
JS_XDRDouble
JS_XDRFindClassById
JS_XDRFindClassIdByName
JS_XDRInitBase
JS_XDRMemDataLeft
JS_XDRMemGetData
JS_XDRMemResetData
JS_XDRMemSetData
JS_XDRNewMem
JS_XDRRegisterClass
JS_XDRScript
JS_XDRString
JS_XDRStringOrNull
JS_XDRUint16
JS_XDRUint32
JS_XDRUint8
JS_XDRValue
JS_YieldRequest
JS_dtobasestr
JS_dtostr
JS_free
JS_malloc
JS_realloc
JS_smprintf
JS_smprintf_free
JS_snprintf
JS_sprintf_append
JS_strdup
JS_strtod
JS_sxprintf
JS_vsmprintf
JS_vsnprintf
JS_vsprintf_append
JS_vsxprintf
js_AllocStack
js_AnyNameClass
js_AttributeNameClass
js_CallClass
js_CallDestroyScriptHook
js_CallFunctionValueWithFakeFrame
js_CallIteratorNext
js_CallNewScriptHook
js_CheckUndeclaredVarAssignment
js_CoerceArrayToCanvasImageData
js_DateGetDate
js_DateGetHours
js_DateGetMinutes
js_DateGetMonth
js_DateGetMsecSinceEpoch
js_DateGetSeconds
js_DateGetYear
js_DateIsValid
js_DateSetDate
js_DateSetHours
js_DateSetMinutes
js_DateSetMonth
js_DateSetSeconds
js_DateSetYear
js_FindProperty
js_FinishDtoa
js_FreeStack
js_FunctionClass
js_GeneratorClass
js_GetGCThingTraceKind
js_GetLocalNameArray
js_GetPropertyByIdWithFakeFrame
js_GetScriptLineExtent
js_GetSlotThreadSafe

Sections

.text
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tqn
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
AttWorm/skci/Extreme.Net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\scarf\source\repos\Extreme.Net\obj\Debug\Extreme.Net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AttWorm/skci/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AttWorm/skci/LICENCE.dat
.zip
AttWorm/skci/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AttWorm/skci/att.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AttWorm/skci/forms.css
Aurora Worm v1/Aurora Worm v1-Cracked by RoN1N.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Aurora Worm v1/settings.ini
Aurora Worm v1/settings/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Aurora Worm v1/settings/LICENCE.dat
.zip
Aurora Worm v1/settings/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Aurora Worm v1/settings/aepic.dll
.dll windows:10 windows x64 arch:x64

2b5a38d4fa8fb52bf13456eb07f516b0

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:2f:73:d2:af:28:34:9b:6b:3b:38:4d:f6:75:c4:73:03:b2:d4:ec:82:8f:e4:14:ba:18:41:18:c6:1d:fd:36
Signer

Actual PE Digest

3e:2f:73:d2:af:28:34:9b:6b:3b:38:4d:f6:75:c4:73:03:b2:d4:ec:82:8f:e4:14:ba:18:41:18:c6:1d:fd:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aepic.pdb

Imports

msvcrt

_CxxThrowException
strnlen
?what@exception@@UEBAPEBDXZ
_wcsicmp
___lc_codepage_func
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
___mb_cur_max_func
??1type_info@@UEAA@XZ
memset
abort
__crtCompareStringW
memmove_s
_vsnprintf_s
strncmp
towlower
___lc_collate_cp_func
memcmp
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_wtoi
calloc
??1exception@@UEAA@XZ
memcpy_s
malloc
??0exception@@QEAA@AEBQEBD@Z
_purecall
memmove
___lc_handle_func
__crtLCMapStringW
??0exception@@QEAA@AEBQEBDH@Z
memcpy
setlocale
wcstombs
_vsnwprintf
??0bad_cast@@QEAA@PEBD@Z
__C_specific_handler
??1bad_cast@@UEAA@XZ
free
strtol
realloc
__CxxFrameHandler3
_errno
strncpy_s
??0bad_cast@@QEAA@AEBV0@@Z
_vsnwprintf_s
_vscwprintf
strchr
_set_errno
tolower
__pctype_func
iscntrl
_wsplitpath_s
_onexit
isspace
wcstoul
_wtoi64
sprintf_s
_vsnprintf
strcpy_s
_wcsnicmp
wcschr
wcsrchr
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcscmp

ntdll

RtlGetVersion
RtlReleaseRelativeName
NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
NtQueryKey
WinSqmIsOptedInEx
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlSecondsSince1970ToTime
NtQueryLicenseValue
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
EtwTraceMessage

rpcrt4

UuidCreate

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TlsAlloc
GetThreadPriority
SetThreadPriority
TlsGetValue
ResumeThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId
CreateThread
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
GetRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
EnterCriticalSection
InitializeCriticalSection
SetWaitableTimer
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
OpenWaitableTimerW
CreateEventW
CreateMutexW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObject
SetEvent
InitializeSRWLock
CreateEventExW
ReleaseSRWLockShared
CreateSemaphoreExW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoGetCallContext
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoGetApartmentType
CoTaskMemFree

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
DuplicateTokenEx
SetSecurityDescriptorDacl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHGetThreadRef
SetProcessReference
GetProcessReference

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetLongPathNameW
FindClose
FindNextFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
FindFirstFileW
GetTempFileNameW
WriteFile
CreateFileW
DeleteFileW
GetVolumeInformationByHandleW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetSystemFirmwareTable

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteTreeW
RegSaveKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegUnLoadKeyW
RegLoadAppKeyW
RegLoadKeyW
RegFlushKey
RegSetKeySecurity

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnExpandEnvStringsW
PathFileExistsW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetCurrentDirectoryW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchCanonicalizeEx
PathCchRemoveFileSpec

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW
CreateWaitableTimerW

bcrypt

BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
QueryActCtxW
CreateActCtxW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolTimer
CallbackMayRunLong
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
VariantCopy
VariantChangeType

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
UpdateSoftwareInventoryTC2

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Aurora Worm v1/settings/all.js
Aurora Worm v1/settings/aw.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 102KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 767KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vsp
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Aurora Worm v1/settings/ua.css
Aurora Worm v1/shell32.dll
.dll regsvr32 windows:10 windows x64 arch:x64

f97ab8ac730f427e1f34cef66fb42a94

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:85:26:e2:39:ed:75:06:05:72:ce:b8:95:25:e7:b4:14:16:04:09:5d:2a:ad:b1:3c:76:78:d2:a0:ac:b7:81
Signer

Actual PE Digest

af:85:26:e2:39:ed:75:06:05:72:ce:b8:95:25:e7:b4:14:16:04:09:5d:2a:ad:b1:3c:76:78:d2:a0:ac:b7:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shell32.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsspn
memset
wcscmp
wcsncmp
wcscspn
wcspbrk

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o_sqrt
_o_srand
_o_strncpy_s
_o_toupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
strchr
wcsrchr
__std_terminate
__CxxFrameHandler3
_o__ui64tow_s
_o_realloc
_o_rand
_o_qsort
_o_pow
_o_malloc
_o__strnicmp
_o_log
memmove
_o_iswalpha
_o__set_errno
_o__seh_filter_dll
_o__resetstkoflw
_o__register_onexit_function
_o_isdigit
_o_isalpha
_o__purecall
_o_free
_o_floor
_o_exp
_o_ceil
_o_calloc
_o_bsearch
_o__wtoi
_o__wcsupr
_o__wcstoui64
_o__wcsnicmp
_o__wcsicmp
_o__itow
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
wcschr
wcsstr
__C_specific_handler
memcmp
memcpy

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree
GlobalAlloc
LocalReAlloc

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
RegOpenCurrentUser
RegQueryInfoKeyA
RegDeleteTreeW
RegOpenKeyExW
RegGetKeySecurity
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegEnumValueW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
EnumResourceNamesExW
LoadResource
LoadLibraryExA
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls
FindResourceExW
FreeResource
LockResource
LoadLibraryExW
SizeofResource
LoadStringA
FindStringOrdinal
GetModuleHandleExW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount64
GetSystemTime
GlobalMemoryStatusEx
GetSystemDirectoryW
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount
GetVersionExW
GetLocalTime

api-ms-win-core-memory-l1-1-0

MapViewOfFile
WriteProcessMemory
UnmapViewOfFile
VirtualQuery
VirtualAlloc
VirtualProtect
ReadProcessMemory
OpenFileMappingW
CreateFileMappingW
VirtualFree

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
GetFileAttributesExW
GetFileInformationByHandle
CompareFileTime
DefineDosDeviceW
GetFileAttributesW
GetFileSizeEx
LocalFileTimeToFileTime
RemoveDirectoryW
FindFirstFileExW
FileTimeToLocalFileTime
WriteFile
GetFullPathNameW
GetShortPathNameW
SetFilePointer
GetLongPathNameW
FindFirstVolumeW
DeleteFileW
GetFileSize
ReadFile
GetTempFileNameW
FindNextVolumeW
GetDiskFreeSpaceW
FindClose
FindNextFileW
CreateFileW
FindVolumeClose
GetDiskFreeSpaceExW
SetFileTime
FindFirstFileW
GetVolumePathNameW
GetVolumeInformationW
SetEndOfFile
CreateDirectoryW
GetLogicalDrives
SetFileInformationByHandle
FlushFileBuffers
SetFilePointerEx
SetFileAttributesW
GetDriveTypeW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
GetStringTypeW
CompareStringW
MultiByteToWideChar
CompareStringEx
GetStringTypeExW
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

ResetEvent
SetEvent
CreateSemaphoreExW
CreateEventW
EnterCriticalSection
OpenEventW
AcquireSRWLockShared
ReleaseSemaphore
CreateMutexExW
ReleaseSRWLockShared
ReleaseMutex
SetWaitableTimer
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateMutexW
CreateEventExW
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
TryAcquireSRWLockShared
TryEnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
LeaveCriticalSection
InitializeCriticalSection
OpenMutexW
TryAcquireSRWLockExclusive
CreateWaitableTimerExW
WaitForSingleObject
AcquireSRWLockExclusive
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
TlsGetValue
TlsSetValue
SetThreadToken
GetCurrentProcess
SetThreadPriority
GetThreadPriority
OpenThread
GetThreadId
GetExitCodeThread
TlsAlloc
GetProcessId
ExitProcess
GetExitCodeProcess
ProcessIdToSessionId
CreateProcessAsUserW
GetCurrentThread
OpenThreadToken
ResumeThread
SetPriorityClass
TlsFree
CreateThread
CreateProcessW

api-ms-win-core-string-l2-1-0

CharPrevW
CharLowerW
CharUpperW
CharLowerBuffW
CharUpperBuffW
CharNextW
IsCharAlphaW

api-ms-win-core-file-l2-1-0

MoveFileExW
ReadDirectoryChangesW
ReplaceFileW
CreateHardLinkW
GetFileInformationByHandleEx
CopyFile2

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsA
SetEnvironmentVariableW
SearchPathW
SetCurrentDirectoryW
GetEnvironmentVariableW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AccessCheck
DeleteAce
DuplicateTokenEx
GetSecurityDescriptorOwner
ImpersonateSelf
RevertToSelf
IsWellKnownSid
GetSidIdentifierAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthorityCount
InitializeAcl
InitializeSid
GetSidSubAuthority
GetFileSecurityW
CheckTokenMembership
CreateWellKnownSid
EqualSid
GetTokenInformation
GetSecurityDescriptorControl
DuplicateToken
SetFileSecurityW
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAce
GetAce
SetSecurityDescriptorOwner
GetAclInformation
SetTokenInformation
CopySid
GetLengthSid
IsValidSid
GetSidLengthRequired
AdjustTokenPrivileges
FreeSid

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringEx
GetUserDefaultLangID
GetThreadLocale
VerLanguageNameW
FindNLSStringEx
LocaleNameToLCID
GetThreadUILanguage
GetSystemPreferredUILanguages
IsValidLocaleName
GetACP
ResolveLocaleName
GetSystemDefaultLCID
LCMapStringW
IsDBCSLeadByte
GetSystemDefaultLangID
GetUserDefaultLCID
GetUserPreferredUILanguages
FindNLSString
GetCPInfo
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformationForYear
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
FlushInstructionCache

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
QueryFullProcessImageNameW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchRemoveExtension
PathCchStripPrefix
PathCchRemoveFileSpec
PathAllocCanonicalize
PathCchAppend
PathCchAppendEx
PathCchRemoveBackslash
PathCchSkipRoot
PathCchAddExtension
PathCchAddBackslash
PathAllocCombine
PathCchRenameExtension
PathIsUNCEx
PathCchAddBackslashEx
PathCchCombineEx
PathCchCombine
PathCchStripToRoot

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
GetQueuedCompletionStatus
CancelIoEx
DeviceIoControl
CreateIoCompletionPort

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW
IsWow64Process2
Wow64SetThreadDefaultGuestMachine

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_IDW
CM_Locate_DevNodeW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventActivityIdControl
EventProviderEnabled

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
StrCmpNIA
StrCmpNA
StrChrW
StrChrIW
StrChrIA
StrChrA
StrRChrA
StrRChrIA
StrPBrkW
StrCpyNXW
StrRChrIW
StrRChrW
StrSpnW
StrToIntA
StrCmpNW
StrCSpnW
StrRStrIA
StrRStrIW
StrStrA
StrCmpLogicalW
StrStrIA
StrStrIW
StrCmpNICW
StrCmpW
StrDupA
StrStrW
StrCmpICW
StrTrimW
StrDupW
StrToIntExW
StrCmpICA
StrCmpIW
StrToIntW
QISearch
StrCmpNCW
StrCmpCW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpA
lstrcmpiA

api-ms-win-core-stringansi-l1-1-0

CharNextA
CharPrevA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalFlags
LocalSize
GlobalLock
GlobalSize
GlobalReAlloc

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW
GetNumberFormatW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileSectionW
GetProfileSectionW
WritePrivateProfileStringW

api-ms-win-core-atoms-l1-1-0

FindAtomW
GlobalAddAtomW
GlobalGetAtomNameW
GlobalDeleteAtom
GetAtomNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathQuoteSpacesW
PathFindFileNameW
SHExpandEnvironmentStringsA
PathIsUNCW
PathAppendW
SHExpandEnvironmentStringsW
PathCommonPrefixW
PathIsSameRootW
PathGetDriveNumberW
PathFindExtensionW
IsCharSpaceW
PathAppendA
PathIsRootA
PathRemoveFileSpecA
PathRemoveBackslashW
PathIsUNCServerW
PathGetCharTypeW
PathIsFileSpecW
PathIsValidCharW
PathStripPathW
PathGetArgsW
PathRemoveBlanksW
PathMatchSpecExW
PathIsUNCServerShareW
PathUnquoteSpacesW
PathUnExpandEnvStringsW
PathParseIconLocationW
PathFindNextComponentW
PathIsRelativeW
PathIsRootW
PathStripToRootW
PathMatchSpecW
PathRemoveFileSpecW
PathFileExistsW
PathIsPrefixW
PathSkipRootW
PathCombineW
PathAddBackslashW
PathRemoveExtensionW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
GetShortPathNameA
GetSystemPowerStatus
MulDiv
WTSGetActiveConsoleSessionId
SetVolumeLabelW
RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerSetRequest
PowerClearRequest

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-kernel32-legacy-l1-1-2

GetBinaryTypeW

api-ms-win-core-url-l1-1-0

UrlApplySchemeW
PathIsURLW
UrlIsW
PathCreateFromUrlW
UrlEscapeW
UrlUnescapeW
UrlUnescapeA
PathCreateFromUrlAlloc
UrlCreateFromPathW
UrlCanonicalizeW
ParseURLW
HashData
UrlCompareW
UrlFixupW
UrlGetPartW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegCloseUSKey
SHRegEnumUSKeyW
SHRegGetUSValueW
SHRegGetBoolUSValueW
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegOpenUSKeyA

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ActivateActCtx
QueryActCtxW
ReleaseActCtx
CreateActCtxW

api-ms-win-shcore-path-l1-1-0

ord172
ord170

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-storage-exports-internal-l1-1-0

CFSFolder_CreateFolder
SHGetKnownFolderIDList
SHGetFolderPathEx
CMruLongList_CreateInstance
IsLibraryCreatedByPolicy
IsLibraryPolicyEnabled
SendNotificationsForLibraryItem
CShellItemArrayWithCommonParent_CreateInstance
CShellItemArrayAsVirtualizedObjectArray_CreateInstance
CPrivateProfileCache_Save
CTaskAddDoc_Create
StateRepoVerbsCache_GetContextMenuVerbs
GetRegDataDrivenCommandWithAssociation
Global_WindowsStorage_lProcessClassCount
StateRepoVerbsCache_RebuildCacheAsync
Global_WindowsStorage_Untyped_FileClassSRWLock
Global_WindowsStorage_Untyped_pFileHanderMap
SHGetSpecialFolderLocation
CreateExtrinsicPropertyStore
GetInfoForFileInUse
DataAccessCaches_InvalidateForLibrary
CRegFolder_CreateAndInit
_CleanRecentDocs
CreateLocalizationDesktopIni
CCachedShellItem_CreateInstance
CFSFolder_AdjustForSlowColumn
HideExtension
SHCreateItemWithParentAndChildId
_PredictReasonableImpact
RegistryVerbs_GetHandlerMultiSelectModel
IsNameListedUnderKey
CopyDefaultLibrariesFromGroupPolicy
SHGetKnownFolderIDList_Internal
CreateItemArrayFromItemStore
GetFileUndoText
Global_WindowsStorage_ulNextID
Global_WindowsStorage_tlsChangeClientProxy
Global_WindowsStorage_hwndSCN
Global_WindowsStorage_csSCN
CShellItemArray_CreateInstance
Global_WindowsStorage_Untyped_MountPoint
Global_WindowsStorage_fIconCacheHasBeenSuccessfullyCreated
Global_WindowsStorage_fNeedsInitBroadcast
Global_WindowsStorage_iLastSysIcon
Global_WindowsStorage_lrFlags
Global_WindowsStorage_csIconCache
Global_WindowsStorage_iLastSystemColorDepth
Global_WindowsStorage_MaxIcons
Global_WindowsStorage_afNotRedirected
Global_WindowsStorage_fIconCacheIsValid
Global_WindowsStorage_ccIcon
Global_WindowsStorage_fEndInitialized
Global_WindowsStorage_dwThreadInitializing
GetRegDataDrivenCommand
GetSelectionStateFromItemArray
SetThreadFlags
SHResolveLibrary
SHSetFolderPathW
SHSetFolderPathA
SHGetFolderPathAndSubDirA
SHKnownFolderFromCSIDL
SHPrepareKnownFoldersCommon
SHPrepareKnownFoldersUser
CustomStatePropertyDescription_CreateWithItemPropertyStore
CDesktopFolder_CreateInstanceWithBindContext
Global_WindowsStorage_dwThreadBindCtx
CShellItem_CreateInstance
CFileOperationRecorder_CreateInstance
Global_WindowsStorage_iUseLinkPrefix
Global_WindowsStorage_Untyped_rgshil
CShellItemArrayAsCollection_CreateInstance
GetThreadFlags
Global_WindowsStorage_tlsIconCache
GetFindDataForPath
SHGetKnownFolderItem
CViewSettings_CreateInstance
Global_WindowsStorage_Untyped_pFileClassCacheTable
EnumShellItemsFromEnumFullIdList
SHFileOperationWithAdditionalFlags
CreateSortColumnArray
CreateItemArrayFromObjectArray
Global_WindowsStorage_esServerMode
GetCommandProviderForFolderType
CCollectionFactory_CreateInstance
DetermineFolderDestinationParentAppID

api-ms-win-storage-exports-external-l1-1-0

STORAGE_MakeDestinationItem
STORAGE_ClearDestinationsForAllApps
STORAGE_AddNewFolderToFrequentPlaces
STORAGE_SHAddToRecentDocsEx
STORAGE_SHAddToRecentDocs
STORAGE_AddItemToRecentDocs
STORAGE_CEnumFiles_CreateInstance
STORAGE_SHPathPrepareForWriteA
STORAGE_SHPathPrepareForWriteW
STORAGE_SHValidateMSUri
STORAGE_SHGetPathFromMsUri
STORAGE_GetSystemPersistedStorageItemList
STORAGE_CreateStorageItemFromPath_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromPath_PartialTrustCaller
STORAGE_GetShellItemFromStorageItem
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
STORAGE_CreateSortColumnArrayFromListDesc
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller
STORAGE_CreateStorageItemFromPath_FullTrustCaller
STORAGE_CStorageItem_GetValidatedStorageItemObject
STORAGE_CStorageItem_GetValidatedStorageItem
STORAGE_SHFreeNameMappings
STORAGE_SHFileOperation
STORAGE_SHFileOperationA
STORAGE_SHCreateDirectoryExA
STORAGE_SHCreateDirectory
STORAGE_SHConfirmOperation
STORAGE_SHCreateShellItemArrayFromShellItem
STORAGE_SHCreateShellItemArrayFromIDLists
STORAGE_SHCreateShellItemArrayFromDataObject
STORAGE_SHCreateShellItemArray
STORAGE_SHGetDesktopFolderWorker

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-shell-shellfolders-l1-1-0

SHSetKnownFolderPath
SHGetFolderPathAndSubDirW
SHGetFolderLocation
SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetKnownFolderPath

kernelbase

GetPackagesByPackageFamily
GetCurrentPackageInfo
ClosePackageInfo
OpenState
OpenStateExplicit
GetStateFolder
CloseState
ExtensionProgIdExists
GetExtensionProgIds
GetEffectivePackageStatusForUser
PackageNameAndPublisherIdFromFamilyName
NotifyRedirectedStringChange
GetStagedPackagePathByFullName
OpenPackageInfoByFullName
GetPackageInfo
GetPackageFullName
GetSystemAppDataKey

user32

GetMenuState
CountClipboardFormats
IsHungAppWindow
GetClipboardOwner
ExitWindowsEx
LoadImageW
SetRect
CopyRect
GetMonitorInfoW
MonitorFromPoint
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
ChangeWindowMessageFilterEx
RegisterWindowMessageW
GetMessagePos
GetKeyboardLayout
OffsetRect
SetClipboardViewer
TranslateAcceleratorW
CreateMenu
InsertMenuW
EndMenu
DestroyAcceleratorTable
PtInRect
GetMessageExtraInfo
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
ChangeClipboardChain
MapWindowPoints
GetMenuItemID
EnableMenuItem
InsertMenuItemW
GetFocus
CheckMenuItem
CheckMenuRadioItem
AppendMenuW
GetDoubleClickTime
MessageBeep
TrackPopupMenu
SetMessageExtraInfo
SetMenuDefaultItem
SetMenuItemInfoW
LoadAcceleratorsW
GetMenuStringW
GetDesktopWindow
GetForegroundWindow
ReleaseDC
GetDC
NotifyWinEvent
SendNotifyMessageW
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
EnumWindows
IsWindow
WaitForInputIdle
GetWindowThreadProcessId
GetMenuDefaultItem
GetLastActivePopup
SwitchToThisWindow
GetCursorPos
RegisterClipboardFormatW
GetWindow
FindWindowW
GetClassNameW
GetAncestor
EnableWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
SetForegroundWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
LoadMenuW
GetSubMenu
RemoveMenu
GetParent
IsDlgButtonChecked
CheckDlgButton
DeleteMenu
DestroyMenu
CreatePopupMenu
PostMessageW
SetProcessDPIAware
DispatchMessageW
TranslateMessage
GetMessageW
SetFocus
IsWindowVisible
DrawEdge
GetSysColorBrush
FillRect
EndPaint
BeginPaint
GetUpdateRect
TrackMouseEvent
UpdateWindow
GetWindowRect
DefWindowProcW
RegisterClassW
KillTimer
SetTimer
GetKeyState
InflateRect
AdjustWindowRectEx
DestroyWindow
SetWindowLongW
GetWindowLongW
DrawFocusRect
DrawIcon
GetSysColor
EndDialog
GetWindowLongPtrW
SetWindowLongPtrW
GetWindowTextW
SetWindowPos
GetClientRect
ShowWindow
SetWindowTextW
GetDlgItem
InvalidateRect
LoadCursorW
SetCursor
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
ScreenToClient
SendMessageW
LookupIconIdFromDirectory
CreateIconIndirect
GetIconInfo
DestroyIcon
PrivateExtractIconsW
LoadIconW
GetSystemMetrics
ModifyMenuW
IsMenu
DrawTextW
SetPropW
RemovePropW
GetPropW
CopyIcon
IsIconic
SendMessageTimeoutW
GetScrollInfo
RegisterClassExW
SetWindowCompositionAttribute
EnumDisplayDevicesW
UnionRect
IsChild
UpdateLayeredWindow
ord2521
SetCapture
IsDialogMessageW
SetDialogDpiChangeBehavior
PostThreadMessageW
GetSystemMenu
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
WindowFromPoint
SetParent
IsRectEmpty
ClientToScreen
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
LoadBitmapW
GetMessageTime
CreateAcceleratorTableW
EnumDisplayMonitors
SetShellWindowEx
GetClassLongPtrW
EnumDisplaySettingsW
ord2707
LockWindowUpdate
WaitMessage
DdeQueryConvInfo
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCreateStringHandleW
DdeFreeStringHandle
DdeQueryStringW
DdeDisconnect
DdeNameService
DdeUninitialize
DdeInitializeW
UnpackDDElParam
wsprintfW
SetSysColors
DisplayConfigGetDeviceInfo
SystemParametersInfoForDpi
SetShellWindow
SetWinEventHook
UnhookWinEvent
IsWinEventHookInstalled
GetMenuInfo
EmptyClipboard
GetCapture
GetWindowBand
SetActiveWindow
MapDialogRect
CopyImage
GetWindowTextLengthW
GetClassInfoW
GetTaskmanWindow
SetTaskmanWindow
DeregisterShellHookWindow
RegisterShellHookWindow
IsWindowUnicode
DefWindowProcA
AttachThreadInput
MoveWindow
CopyAcceleratorTableW
DeferWindowPos
MessageBoxW
SendMessageCallbackW
UnregisterDeviceNotification
RegisterDeviceNotificationW
MsgWaitForMultipleObjects
GetShellWindow
GetShellChangeNotifyWindow
SetShellChangeNotifyWindow
SetDlgItemTextA
GetDlgCtrlID
AdjustWindowRect
BeginDeferWindowPos
EndDeferWindowPos
GetSystemMetricsForDpi
GetDpiForSystem
CreateWindowInBand
OpenInputDesktop
CloseDesktop
RedrawWindow
EnumPropsExW
OpenClipboard
GetClipboardData
SetClipboardData
CloseClipboard
EnumChildWindows
SetThreadDpiAwarenessContext
GetWindowPlacement
BroadcastSystemMessageW
GetDpiForWindow
DialogBoxParamW
SetRectEmpty
GetPointerDevices
GetWindowDC
SetLayeredWindowAttributes
CreateWindowIndirect
SubtractRect
AdjustWindowRectExForDpi
ActivateKeyboardLayout
DrawTextExW
RegisterWindowMessageA
FindWindowExW
CreateWindowExW
WinHelpW
SystemParametersInfoA
GetLastInputInfo
GetDialogBaseUnits
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowRgn
SetScrollInfo
ShowScrollBar
ord2705
SetScrollPos
CallWindowProcW
CallNextHookEx
SetCoalescableTimer
SetMenuInfo
GetClassInfoExW
GetAsyncKeyState
TrackPopupMenuEx
MonitorFromRect
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetCurrentInputMessageSource
GetClassLongW
QueryDisplayConfig
GetDisplayConfigBufferSizes
CreateDialogParamW
ChildWindowFromPoint
SetMenu
LockSetForegroundWindow
ShowCaret
HideCaret
GetCursor
AnimateWindow
MonitorFromWindow
IntersectRect
EqualRect
IsSETEnabled
AllowSetForegroundWindow
GetProcessDefaultLayout
IsProcessDPIAware
DrawIconEx
IsWindowEnabled
ReleaseCapture

ntdll

RtlFlushHeaps
RtlAreLongPathsEnabled
RtlQueryResourcePolicy
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
NtOpenThreadToken
EtwLogTraceEvent
NtPowerInformation
NtQueryInformationProcess
NtQueryAttributesFile
RtlDosPathNameToRelativeNtPathName_U
NtOpenProcessToken
NtQueryInformationToken
RtlDllShutdownInProgress
RtlGetDeviceFamilyInfoEnum
WinSqmAddToStreamEx
NtSetCachedSigningLevel
NtCompareSigningLevels
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
NtGetCachedSigningLevel
RtlMapGenericMask
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
EtwTraceMessage
EtwEventWrite
EtwEventEnabled
EtwEventActivityIdControl
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
RtlDestroyEnvironment
RtlSetCurrentEnvironment
RtlCreateEnvironment
RtlExpandEnvironmentStrings_U
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlGetLastNtStatus
RtlFreeUnicodeString
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtQueryVolumeInformationFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U_WithStatus
NtOpenFile
NtSetInformationFile
RtlUnicodeStringToOemString
NtFsControlFile
NtClose
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlPrefixString
RtlInitUnicodeString
EtwEventWriteTransfer
NtQuerySystemInformationEx
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
NtSetInformationToken
RtlQueryWnfStateData
RtlGetNtSystemRoot
RtlQueryRegistryValuesEx
RtlCheckRegistryKey
NtQuerySystemInformation
NtQueryObject
NtQueryKey
RtlIsPartialPlaceholder
NtSetSecurityObject
NtQuerySecurityObject
RtlDosPathNameToNtPathName_U
ShipAssert
NtQueryInformationThread
RtlIsNonEmptyDirectoryReparsePointAllowed
ZwQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlRandomEx
RtlCreateUnicodeString
RtlPublishWnfStateData
NtQueryWnfStateData
RtlCreateServiceSid
RtlLengthRequiredSid
RtlGetNtProductType
EtwGetTraceEnableLevel
EtwUnregisterTraceGuids

gdi32

CreateDIBSection
TextOutA
GetTextExtentPoint32A
CreateFontW
GetPixel
ExcludeClipRect
GetDIBColorTable
SetDIBits
ExtTextOutW
GetObjectType
GetWindowOrgEx
GetRegionData
GetRgnBox
CombineRgn
SaveDC
RestoreDC
CreateRectRgnIndirect
SetDCBrushColor
PlgBlt
ExtSelectClipRgn
GetViewportOrgEx
DeleteMetaFile
PlayMetaFile
SetMetaFileBitsEx
LPtoDP
SelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetClipBox
StretchDIBits
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetMapMode
GetTextAlign
CreatePolygonRgn
LineTo
MoveToEx
PatBlt
SetStretchBltMode
SetTextAlign
GetTextExtentPoint32W
GetTextMetricsW
Rectangle
CreatePen
CreateFontIndirectW
GetCurrentObject
GetTextColor
GdiTransparentBlt
StretchBlt
GetDIBits
CreateBitmap
CreateCompatibleBitmap
BitBlt
GdiAlphaBlend
CreateDCW
DeleteDC
CreateCompatibleDC
GetTextExtentPointW
GetObjectW
SetWindowOrgEx
OffsetWindowOrgEx
CreateSolidBrush
GetDeviceCaps
SetTextColor
SelectObject
SetBkMode
GetStockObject
SetLayout
GetLayout
SetBkColor
DeleteObject

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-job-l2-1-0

SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject

api-ms-win-security-cryptoapi-l1-1-0

CryptGenRandom

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf
expf
floorf
sqrtf

Exports

Exports

AppCompat_RunDLLW
AssocCreateForClasses
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CStorageItem_GetValidatedStorageItemObject
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
GetSystemPersistedStorageItemList
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsDesktopExplorerProcess
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsProcessAnExplorer
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCoCreateInstanceWorker
SHCreateAssociationRegistration
SHCreateCategoryEnum
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateDrvExtIcon
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHELL32_AddToBackIconTable
SHELL32_AddToFrontIconTable
SHELL32_AreAllItemsAvailable
SHELL32_BindToFilePlaceholderHandler
SHELL32_CCommonPlacesFolder_CreateInstance
SHELL32_CDBurn_CloseSession
SHELL32_CDBurn_DriveSupportedForDataBurn
SHELL32_CDBurn_Erase
SHELL32_CDBurn_GetCDInfo
SHELL32_CDBurn_GetLiveFSDiscInfo
SHELL32_CDBurn_GetStagingPathOrNormalPath
SHELL32_CDBurn_GetTaskInfo
SHELL32_CDBurn_IsBlankDisc
SHELL32_CDBurn_IsBlankDisc2
SHELL32_CDBurn_IsLiveFS
SHELL32_CDBurn_OnDeviceChange
SHELL32_CDBurn_OnEject
SHELL32_CDBurn_OnMediaChange
SHELL32_CDefFolderMenu_Create2
SHELL32_CDefFolderMenu_Create2Ex
SHELL32_CDefFolderMenu_MergeMenu
SHELL32_CDrivesContextMenu_Create
SHELL32_CDrivesDropTarget_Create
SHELL32_CDrives_CreateSFVCB
SHELL32_CFSDropTarget_CreateInstance
SHELL32_CFSFolderCallback_Create
SHELL32_CFillPropertiesTask_CreateInstance
SHELL32_CLibraryDropTarget_CreateInstance
SHELL32_CLocationContextMenu_Create
SHELL32_CLocationFolderUI_CreateInstance
SHELL32_CMountPoint_DoAutorun
SHELL32_CMountPoint_DoAutorunPrompt
SHELL32_CMountPoint_IsAutoRunDriveAndEnabledByPolicy
SHELL32_CMountPoint_ProcessAutoRunFile
SHELL32_CMountPoint_WantAutorunUI
SHELL32_CMountPoint_WantAutorunUIGetReady
SHELL32_CNetFolderUI_CreateInstance
SHELL32_CPL_CategoryIdArrayFromVariant
SHELL32_CPL_IsLegacyCanonicalNameListedUnderKey
SHELL32_CPL_ModifyWowDisplayName
SHELL32_CRecentDocsContextMenu_CreateInstance
SHELL32_CSyncRootManager_CreateInstance
SHELL32_CTransferConfirmation_CreateInstance
SHELL32_CallFileCopyHooks
SHELL32_CanDisplayWin8CopyDialog
SHELL32_CloseAutoplayPrompt
SHELL32_CommandLineFromMsiDescriptor
SHELL32_CopyFilePlaceholderToNewFile
SHELL32_CopySecondaryTiles
SHELL32_CreateConfirmationInterrupt
SHELL32_CreateConflictInterrupt
SHELL32_CreateDefaultOperationDataProvider
SHELL32_CreateFileFolderContextMenu
SHELL32_CreateLinkInfoW
SHELL32_CreatePlaceholderFile
SHELL32_CreateQosRecorder
SHELL32_CreateSharePointView
SHELL32_Create_IEnumUICommand
SHELL32_DestroyLinkInfo
SHELL32_EncryptDirectory
SHELL32_EncryptedFileKeyInfo
SHELL32_EnumCommonTasks
SHELL32_FilePlaceholder_BindToPrimaryStream
SHELL32_FilePlaceholder_CreateInstance
SHELL32_FreeEncryptedFileKeyInfo
SHELL32_GenerateAppID
SHELL32_GetAppIDRoot
SHELL32_GetCommandProviderForFolderType
SHELL32_GetDPIAdjustedLogicalSize
SHELL32_GetDiskCleanupPath
SHELL32_GetFileNameFromBrowse
SHELL32_GetIconOverlayManager
SHELL32_GetLinkInfoData
SHELL32_GetPlaceholderStatesFromFileAttributesAndReparsePointTag
SHELL32_GetRatingBucket
SHELL32_GetSkyDriveNetworkStates
SHELL32_GetSqmableFileName
SHELL32_GetThumbnailAdornerFromFactory
SHELL32_GetThumbnailAdornerFromFactory2
SHELL32_HandleUnrecognizedFileSystem
SHELL32_IconCacheCreate
SHELL32_IconCacheDestroy
SHELL32_IconCacheHandleAssociationChanged
SHELL32_IconCacheRestore
SHELL32_IconCache_AboutToExtractIcons
SHELL32_IconCache_DoneExtractingIcons
SHELL32_IconCache_ExpandEnvAndSearchPath
SHELL32_IconCache_RememberRecentlyExtractedIconsW
SHELL32_IconOverlayManagerInit
SHELL32_IsGetKeyboardLayoutPresent
SHELL32_IsSystemUpgradeInProgress
SHELL32_IsValidLinkInfo
SHELL32_LegacyEnumSpecialTasksByType
SHELL32_LegacyEnumTasks
SHELL32_LookupBackIconIndex
SHELL32_LookupFrontIconIndex
SHELL32_NormalizeRating
SHELL32_NotifyLinkTrackingServiceOfMove
SHELL32_PifMgr_CloseProperties
SHELL32_PifMgr_GetProperties
SHELL32_PifMgr_OpenProperties
SHELL32_PifMgr_SetProperties
SHELL32_Printers_CreateBindInfo
SHELL32_Printjob_GetPidl
SHELL32_PurgeSystemIcon
SHELL32_RefreshOverlayImages
SHELL32_ResolveLinkInfoW
SHELL32_SHAddSparseIcon
SHELL32_SHCreateByValueOperationInterrupt
SHELL32_SHCreateDefaultContextMenu
SHELL32_SHCreateLocalServer
SHELL32_SHCreateShellFolderView
SHELL32_SHDuplicateEncryptionInfoFile
SHELL32_SHEncryptFile
SHELL32_SHFormatDriveAsync
SHELL32_SHGetThreadUndoManager
SHELL32_SHGetUserNameW
SHELL32_SHIsVirtualDevice
SHELL32_SHLaunchPropSheet
SHELL32_SHLogILFromFSIL
SHELL32_SHOpenWithDialog
SHELL32_SHStartNetConnectionDialogW
SHELL32_SHUICommandFromGUID
SHELL32_SendToMenu_InvokeTargetedCommand
SHELL32_SendToMenu_VerifyTargetedCommand
SHELL32_SetPlaceholderReparsePointAttribute
SHELL32_SetPlaceholderReparsePointAttribute2
SHELL32_ShowHideIconOnlyOnDesktop
SHELL32_SimpleRatingToFilterCondition
SHELL32_StampIconForFile
SHELL32_SuspendUndo
SHELL32_TryVirtualDiscImageDriveEject
SHELL32_UpdateFilePlaceholderStates
SHELL32_VerifySaferTrust
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StateRepoNewMenuCache_RebuildCacheAsync
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
UsersLibrariesFolderUI_CreateInstance
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/Blade Stealer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/OCX/CODEJO~2 - Kopie.ocx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 383KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/OCX/Codejock.CommandBars.v13.0.0.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

78bc84e33c3505d96610a5518fec0b6d

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:01:42:b0:8f:79:c8:2f:91:99:92:73:e2:bc:23:77:45:22:0c:0c
Signer

Actual PE Digest

7c:01:42:b0:8f:79:c8:2f:91:99:92:73:e2:bc:23:77:45:22:0c:0c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord283
ord703
ord603
ord1989
ord1969
ord2454
ord3508
ord273
ord403
ord2393
ord786
ord5989
ord519
ord3216
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord4277
ord6283
ord4278
ord2763
ord4204
ord538
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord3887
ord2830
ord4222
ord5467
ord1581
ord2918
ord2805
ord960
ord6314
ord4179
ord5445
ord6012
ord5775
ord2603
ord3180
ord3183
ord3176
ord3652
ord1643
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord6571
ord3030
ord2639
ord6109
ord6335
ord2546
ord291
ord923
ord2714
ord5785
ord1842
ord3092
ord1270
ord2867
ord1859
ord859
ord2795
ord4083
ord4287
ord1140
ord1829
ord656
ord2089
ord4047
ord6199
ord2642
ord3803
ord4284
ord4124
ord939
ord941
ord5631
ord3089
ord1217
ord1883
ord2884
ord3084
ord3348
ord4351
ord2625
ord297
ord619
ord5860
ord2464
ord4036
ord1656
ord3443
ord3786
ord434
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord5148
ord3716
ord790
ord6111
ord2113
ord6880
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3402
ord768
ord489
ord2302
ord4258
ord3699
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2298
ord2370
ord6334
ord3721
ord795
ord3097
ord5953
ord2301
ord6241
ord1908
ord1690
ord4439
ord2054
ord771
ord2041
ord498
ord1008
ord4259
ord4715
ord5718
ord1568
ord1180
ord6728
ord2629
ord1137
ord609
ord807
ord5510
ord3027
ord4042
ord1652
ord429
ord4431
ord5849
ord5288
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord4225
ord1719
ord4060
ord4123
ord2937
ord2575
ord4396
ord3574
ord5890
ord1229
ord3957
ord4234
ord2243
ord1234
ord6402
ord6403
ord3521
ord6401
ord3522
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord975
ord5472
ord3403
ord2879
ord2878
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord3369
ord4427
ord366
ord5012
ord4151
ord3623
ord674
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord2383
ord4437
ord5255
ord3373
ord402
ord4428
ord4153
ord3651
ord5284
ord5282
ord4317
ord3448
ord1664
ord3499
ord3175
ord2515
ord355
ord1929
ord4268
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord554
ord2116
ord2097
ord4021
ord2921
ord5883
ord2120
ord5805
ord2513
ord293
ord955
ord1194
ord805
ord4364
ord1709
ord3583
ord620
ord298
ord4230
ord4759
ord2408
ord4285
ord3815
ord5129
ord5119
ord4895
ord4896
ord567
ord4894
ord1904
ord4515
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4723
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord4432
ord761
ord569
ord480
ord4256
ord4461
ord3103
ord5260
ord2785
ord1767
ord5925
ord6130
ord6128
ord6131
ord6216
ord3816
ord5146
ord5037
ord6603
ord6565
ord6802
ord6825
ord6026
ord6027
ord5856
ord3610
ord3520
ord1803
ord1716
ord4454
ord4755
ord2681
ord5153
ord4530
ord4525
ord4544
ord4542
ord4523
ord5685
ord3274
ord439
ord736
ord1858
ord5495
ord6242
ord6320
ord2571
ord5053
ord4114
ord1865
ord979
ord5782
ord2566
ord3920
ord324
ord3811
ord2820
ord551
ord4203

msvcrt

_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
sscanf
wcscmp
_ftol
_CIpow
__CxxFrameHandler
wcslen
strtod
mbstowcs
wcsncpy
calloc
_mbctype
_mbschr
qsort
_mbsrchr
rand
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
swscanf
floor
ceil
_strdup
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

LocalFree
GlobalFree
GlobalSize
GetCurrentProcess
TerminateProcess
Sleep
GetCurrentProcessId
SetFileAttributesA
GetModuleFileNameA
CreateDirectoryA
CompareStringA
GetCurrentDirectoryA
lstrlenA
lstrcpynA
GetVersion
InterlockedDecrement
GetTickCount
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
ResetEvent
CreateEventA
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
GetTempPathA
GetTempFileNameA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
DeleteFileA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

DeferWindowPos
UnionRect
GetAsyncKeyState
GetTabbedTextExtentA
GetClipboardData
FindWindowExA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
DrawFocusRect
GetLastActivePopup
GetWindowLongA
IntersectRect
SetCapture
LockWindowUpdate
GetDCEx
IsRectEmpty
GetCapture
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
MoveWindow
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetKeyNameTextA
GetKeyboardState
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
IsWindowEnabled
MessageBoxA
OpenClipboard
EmptyClipboard
CloseClipboard
SetForegroundWindow
GetActiveWindow
SetActiveWindow
GetClassLongA
GetMenuDefaultItem
CreatePopupMenu
GetDlgItem
SetParent
MapWindowPoints
SetFocus
GetClassNameA
ShowWindow
IsDialogMessageA
IsClipboardFormatAvailable
wsprintfA
TranslateMessage
WaitMessage
UpdateWindow
GetTopWindow
GetWindow
GetDlgCtrlID
InflateRect
HideCaret
SetCursor
ShowCaret
GetNextDlgTabItem
GetFocus
IsChild
MapVirtualKeyA
BringWindowToTop
RedrawWindow
IsZoomed
CharUpperA
GetClientRect
GetKeyboardLayoutList
MessageBeep
PostMessageA
IsMenu
GetMenuItemCount
GetMenuItemInfoA
GetMenuItemID
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
GetSystemMetrics
IsCharLowerA
IsIconic
ToAsciiEx
GetKeyboardLayout
SetWindowsHookExA
MapVirtualKeyExA
CopyAcceleratorTableA
FillRect
DrawEdge
GetDoubleClickTime
ShowScrollBar
SendMessageTimeoutA
AdjustWindowRectEx
SetCursorPos
GetMenu
GetSystemMenu
LoadIconA
GetMenuState
SetMenu
GetClipboardFormatNameA
BeginDeferWindowPos
EndDeferWindowPos
GetParent
DrawFrameControl
LoadMenuIndirectA
GetMenuStringA
GetMenuStringW
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
GetForegroundWindow
DrawStateA

gdi32

CreateRectRgn
CombineRgn
CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
PtInRegion
EnumFontFamiliesA
GetViewportOrgEx
CreatePatternBrush
GetTextColor
ExtFloodFill
Ellipse
GetCurrentObject
GetMapMode
CreateFontA
Polyline
Rectangle
GetWindowOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
Escape
GetWindowExtEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
GetTextAlign
GetTextMetricsA
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
AbortDoc
EndDoc
EndPage
StartPage
DPtoLP
StartDocA
SetAbortProc
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
GetViewportExtEx
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA

comctl32

ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Add
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageInfo
PropertySheetA
ImageList_Remove
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarI4FromCy
VarI4FromR4
VarI4FromR8
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SafeArrayCreate

winmm

waveOutGetNumDevs
PlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/OCX/Codejock.Controls.v13.0.0.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

03a2a49c403f3a0ab56ea90d96e16753

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

87:a7:b3:7b:4f:41:31:9b:8d:7f:70:64:2a:b1:bd:09:44:47:56:ad
Signer

Actual PE Digest

87:a7:b3:7b:4f:41:31:9b:8d:7f:70:64:2a:b1:bd:09:44:47:56:ad

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord703
ord603
ord1969
ord2454
ord273
ord403
ord2393
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord538
ord4277
ord6283
ord4278
ord2763
ord4204
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord4287
ord1229
ord6880
ord5785
ord939
ord1150
ord6662
ord6199
ord1140
ord3402
ord3610
ord656
ord765
ord6458
ord5053
ord4480
ord3092
ord2645
ord2108
ord4284
ord6377
ord2078
ord3721
ord795
ord2116
ord6663
ord3089
ord4123
ord6170
ord3698
ord3957
ord1795
ord2642
ord1871
ord1000
ord5589
ord394
ord696
ord3435
ord4185
ord2580
ord4400
ord3630
ord682
ord1844
ord1849
ord4083
ord1848
ord5805
ord6086
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord2041
ord498
ord1008
ord3475
ord4259
ord5849
ord4715
ord2646
ord5788
ord472
ord4258
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord3719
ord793
ord768
ord489
ord2294
ord2362
ord2302
ord4976
ord6334
ord1771
ord6366
ord2413
ord2024
ord4401
ord692
ord1847
ord3803
ord6194
ord4124
ord1815
ord5861
ord1651
ord2867
ord2112
ord6195
ord3520
ord6401
ord3870
ord2463
ord3711
ord783
ord1816
ord4234
ord324
ord2575
ord4396
ord609
ord2714
ord6008
ord6905
ord3574
ord801
ord541
ord2301
ord668
ord2770
ord356
ord6883
ord1858
ord2652
ord1669
ord4538
ord3530
ord2439
ord1693
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord3133
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord4949
ord2541
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord1205
ord723
ord4249
ord4996
ord4743
ord5888
ord5979
ord6128
ord5573
ord3199
ord5033
ord5574
ord3057
ord4820
ord2566
ord559
ord812
ord1088
ord5862
ord1829
ord3876
ord2546
ord291
ord1927
ord5856
ord4530
ord4544
ord4523
ord5685
ord3274
ord439
ord736
ord5495
ord5782
ord3920
ord3811
ord2820
ord551
ord4203
ord941
ord5683
ord1262
ord1832
ord5651
ord350
ord6447
ord567
ord5642
ord1083
ord501
ord1114
ord1113
ord1877
ord3376
ord423
ord1126
ord1614
ord4811
ord1685
ord6040
ord1686
ord3474
ord5008
ord5953
ord3499
ord2515
ord355
ord4042
ord2613
ord1706
ord6570
ord729
ord2504
ord2795
ord430
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5252
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord4723
ord5121
ord674
ord5483
ord2496
ord5959
ord3119
ord6042
ord3230
ord3212
ord2901
ord5984
ord3203
ord6166
ord3804
ord4788
ord4760
ord4390
ord4651
ord4735
ord5328

msvcrt

_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
wcscmp
_ftol
_CIpow
__CxxFrameHandler
sscanf
wcslen
strtod
mbstowcs
wcsncpy
calloc
realloc
_splitpath
floor
_mbsnbcmp
_fstat
fopen
fclose
fseek
ftell
fgets
_mbschr
isprint
sprintf
isxdigit
_ismbcalnum
_ismbcspace
_ismbcdigit
_ismbcprint
_ismbcalpha
qsort
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
_mbctype
swscanf
ceil
_strdup
_mbsrchr
_mbsinc
wcstombs
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

lstrlenW
IsDBCSLeadByte
lstrcpynA
GetCurrentProcess
TerminateProcess
InterlockedDecrement
GlobalSize
LocalFree
GetPrivateProfileIntA
lstrlenA
GetCurrentDirectoryA
GetModuleFileNameA
GetTickCount
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
GetForegroundWindow
GetLastActivePopup
GetWindowLongA
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
DragDetect
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExA
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
ShowCaret
GetScrollInfo
DrawAnimatedRects
GetScrollPos
GetWindowPlacement
ShowWindow
GetClassLongA
LoadIconA
CreateAcceleratorTableA
GetMenu
BeginDeferWindowPos
EndDeferWindowPos
wsprintfA
OpenClipboard
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageA
DrawFrameControl
GetFocus
SetCursor
DrawFocusRect
FillRect
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringA
SetWindowTextA
GetDlgCtrlID
GetWindow
GetClassNameA
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
FindWindowA
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
SetClassLongA
GetDlgItem
GetSystemMenu
RemoveMenu
DestroyCaret
DrawMenuBar
GetSystemMetrics
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
DestroyAcceleratorTable
UnionRect
TranslateMessage
SetWindowPlacement
WinHelpA
DeferWindowPos
VkKeyScanA
GetDoubleClickTime
GetTabbedTextExtentA
GetAsyncKeyState
IsIconic
IsChild
HideCaret
GetMenuItemCount
GetMenuItemID
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
GetCapture
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsA
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontA
GetCharWidthA
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
GetViewportExtEx
GetWindowExtEx
Ellipse
Polyline
CombineRgn
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCurrentPositionEx
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
Rectangle
GetTextExtentPointA
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
StrokePath
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

DragQueryFileA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
Shell_NotifyIconA

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/OCX/CommandBars.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

78bc84e33c3505d96610a5518fec0b6d

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:01:42:b0:8f:79:c8:2f:91:99:92:73:e2:bc:23:77:45:22:0c:0c
Signer

Actual PE Digest

7c:01:42:b0:8f:79:c8:2f:91:99:92:73:e2:bc:23:77:45:22:0c:0c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord283
ord703
ord603
ord1989
ord1969
ord2454
ord3508
ord273
ord403
ord2393
ord786
ord5989
ord519
ord3216
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord4277
ord6283
ord4278
ord2763
ord4204
ord538
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord3887
ord2830
ord4222
ord5467
ord1581
ord2918
ord2805
ord960
ord6314
ord4179
ord5445
ord6012
ord5775
ord2603
ord3180
ord3183
ord3176
ord3652
ord1643
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord6571
ord3030
ord2639
ord6109
ord6335
ord2546
ord291
ord923
ord2714
ord5785
ord1842
ord3092
ord1270
ord2867
ord1859
ord859
ord2795
ord4083
ord4287
ord1140
ord1829
ord656
ord2089
ord4047
ord6199
ord2642
ord3803
ord4284
ord4124
ord939
ord941
ord5631
ord3089
ord1217
ord1883
ord2884
ord3084
ord3348
ord4351
ord2625
ord297
ord619
ord5860
ord2464
ord4036
ord1656
ord3443
ord3786
ord434
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord5148
ord3716
ord790
ord6111
ord2113
ord6880
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3402
ord768
ord489
ord2302
ord4258
ord3699
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2298
ord2370
ord6334
ord3721
ord795
ord3097
ord5953
ord2301
ord6241
ord1908
ord1690
ord4439
ord2054
ord771
ord2041
ord498
ord1008
ord4259
ord4715
ord5718
ord1568
ord1180
ord6728
ord2629
ord1137
ord609
ord807
ord5510
ord3027
ord4042
ord1652
ord429
ord4431
ord5849
ord5288
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord4225
ord1719
ord4060
ord4123
ord2937
ord2575
ord4396
ord3574
ord5890
ord1229
ord3957
ord4234
ord2243
ord1234
ord6402
ord6403
ord3521
ord6401
ord3522
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord975
ord5472
ord3403
ord2879
ord2878
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord3369
ord4427
ord366
ord5012
ord4151
ord3623
ord674
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord2383
ord4437
ord5255
ord3373
ord402
ord4428
ord4153
ord3651
ord5284
ord5282
ord4317
ord3448
ord1664
ord3499
ord3175
ord2515
ord355
ord1929
ord4268
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord554
ord2116
ord2097
ord4021
ord2921
ord5883
ord2120
ord5805
ord2513
ord293
ord955
ord1194
ord805
ord4364
ord1709
ord3583
ord620
ord298
ord4230
ord4759
ord2408
ord4285
ord3815
ord5129
ord5119
ord4895
ord4896
ord567
ord4894
ord1904
ord4515
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4723
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord4432
ord761
ord569
ord480
ord4256
ord4461
ord3103
ord5260
ord2785
ord1767
ord5925
ord6130
ord6128
ord6131
ord6216
ord3816
ord5146
ord5037
ord6603
ord6565
ord6802
ord6825
ord6026
ord6027
ord5856
ord3610
ord3520
ord1803
ord1716
ord4454
ord4755
ord2681
ord5153
ord4530
ord4525
ord4544
ord4542
ord4523
ord5685
ord3274
ord439
ord736
ord1858
ord5495
ord6242
ord6320
ord2571
ord5053
ord4114
ord1865
ord979
ord5782
ord2566
ord3920
ord324
ord3811
ord2820
ord551
ord4203

msvcrt

_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
sscanf
wcscmp
_ftol
_CIpow
__CxxFrameHandler
wcslen
strtod
mbstowcs
wcsncpy
calloc
_mbctype
_mbschr
qsort
_mbsrchr
rand
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
swscanf
floor
ceil
_strdup
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

LocalFree
GlobalFree
GlobalSize
GetCurrentProcess
TerminateProcess
Sleep
GetCurrentProcessId
SetFileAttributesA
GetModuleFileNameA
CreateDirectoryA
CompareStringA
GetCurrentDirectoryA
lstrlenA
lstrcpynA
GetVersion
InterlockedDecrement
GetTickCount
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
ResetEvent
CreateEventA
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
GetTempPathA
GetTempFileNameA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
DeleteFileA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

DeferWindowPos
UnionRect
GetAsyncKeyState
GetTabbedTextExtentA
GetClipboardData
FindWindowExA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
DrawFocusRect
GetLastActivePopup
GetWindowLongA
IntersectRect
SetCapture
LockWindowUpdate
GetDCEx
IsRectEmpty
GetCapture
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
MoveWindow
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetKeyNameTextA
GetKeyboardState
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
IsWindowEnabled
MessageBoxA
OpenClipboard
EmptyClipboard
CloseClipboard
SetForegroundWindow
GetActiveWindow
SetActiveWindow
GetClassLongA
GetMenuDefaultItem
CreatePopupMenu
GetDlgItem
SetParent
MapWindowPoints
SetFocus
GetClassNameA
ShowWindow
IsDialogMessageA
IsClipboardFormatAvailable
wsprintfA
TranslateMessage
WaitMessage
UpdateWindow
GetTopWindow
GetWindow
GetDlgCtrlID
InflateRect
HideCaret
SetCursor
ShowCaret
GetNextDlgTabItem
GetFocus
IsChild
MapVirtualKeyA
BringWindowToTop
RedrawWindow
IsZoomed
CharUpperA
GetClientRect
GetKeyboardLayoutList
MessageBeep
PostMessageA
IsMenu
GetMenuItemCount
GetMenuItemInfoA
GetMenuItemID
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
GetSystemMetrics
IsCharLowerA
IsIconic
ToAsciiEx
GetKeyboardLayout
SetWindowsHookExA
MapVirtualKeyExA
CopyAcceleratorTableA
FillRect
DrawEdge
GetDoubleClickTime
ShowScrollBar
SendMessageTimeoutA
AdjustWindowRectEx
SetCursorPos
GetMenu
GetSystemMenu
LoadIconA
GetMenuState
SetMenu
GetClipboardFormatNameA
BeginDeferWindowPos
EndDeferWindowPos
GetParent
DrawFrameControl
LoadMenuIndirectA
GetMenuStringA
GetMenuStringW
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
GetForegroundWindow
DrawStateA

gdi32

CreateRectRgn
CombineRgn
CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
PtInRegion
EnumFontFamiliesA
GetViewportOrgEx
CreatePatternBrush
GetTextColor
ExtFloodFill
Ellipse
GetCurrentObject
GetMapMode
CreateFontA
Polyline
Rectangle
GetWindowOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
Escape
GetWindowExtEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
GetTextAlign
GetTextMetricsA
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
AbortDoc
EndDoc
EndPage
StartPage
DPtoLP
StartDocA
SetAbortProc
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
GetViewportExtEx
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA

comctl32

ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Add
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageInfo
PropertySheetA
ImageList_Remove
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarI4FromCy
VarI4FromR4
VarI4FromR8
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SafeArrayCreate

winmm

waveOutGetNumDevs
PlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/OCX/Controls.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

03a2a49c403f3a0ab56ea90d96e16753

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

87:a7:b3:7b:4f:41:31:9b:8d:7f:70:64:2a:b1:bd:09:44:47:56:ad
Signer

Actual PE Digest

87:a7:b3:7b:4f:41:31:9b:8d:7f:70:64:2a:b1:bd:09:44:47:56:ad

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord703
ord603
ord1969
ord2454
ord273
ord403
ord2393
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord538
ord4277
ord6283
ord4278
ord2763
ord4204
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord4287
ord1229
ord6880
ord5785
ord939
ord1150
ord6662
ord6199
ord1140
ord3402
ord3610
ord656
ord765
ord6458
ord5053
ord4480
ord3092
ord2645
ord2108
ord4284
ord6377
ord2078
ord3721
ord795
ord2116
ord6663
ord3089
ord4123
ord6170
ord3698
ord3957
ord1795
ord2642
ord1871
ord1000
ord5589
ord394
ord696
ord3435
ord4185
ord2580
ord4400
ord3630
ord682
ord1844
ord1849
ord4083
ord1848
ord5805
ord6086
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord2041
ord498
ord1008
ord3475
ord4259
ord5849
ord4715
ord2646
ord5788
ord472
ord4258
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord3719
ord793
ord768
ord489
ord2294
ord2362
ord2302
ord4976
ord6334
ord1771
ord6366
ord2413
ord2024
ord4401
ord692
ord1847
ord3803
ord6194
ord4124
ord1815
ord5861
ord1651
ord2867
ord2112
ord6195
ord3520
ord6401
ord3870
ord2463
ord3711
ord783
ord1816
ord4234
ord324
ord2575
ord4396
ord609
ord2714
ord6008
ord6905
ord3574
ord801
ord541
ord2301
ord668
ord2770
ord356
ord6883
ord1858
ord2652
ord1669
ord4538
ord3530
ord2439
ord1693
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord3133
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord4949
ord2541
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord1205
ord723
ord4249
ord4996
ord4743
ord5888
ord5979
ord6128
ord5573
ord3199
ord5033
ord5574
ord3057
ord4820
ord2566
ord559
ord812
ord1088
ord5862
ord1829
ord3876
ord2546
ord291
ord1927
ord5856
ord4530
ord4544
ord4523
ord5685
ord3274
ord439
ord736
ord5495
ord5782
ord3920
ord3811
ord2820
ord551
ord4203
ord941
ord5683
ord1262
ord1832
ord5651
ord350
ord6447
ord567
ord5642
ord1083
ord501
ord1114
ord1113
ord1877
ord3376
ord423
ord1126
ord1614
ord4811
ord1685
ord6040
ord1686
ord3474
ord5008
ord5953
ord3499
ord2515
ord355
ord4042
ord2613
ord1706
ord6570
ord729
ord2504
ord2795
ord430
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5252
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord4723
ord5121
ord674
ord5483
ord2496
ord5959
ord3119
ord6042
ord3230
ord3212
ord2901
ord5984
ord3203
ord6166
ord3804
ord4788
ord4760
ord4390
ord4651
ord4735
ord5328

msvcrt

_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
wcscmp
_ftol
_CIpow
__CxxFrameHandler
sscanf
wcslen
strtod
mbstowcs
wcsncpy
calloc
realloc
_splitpath
floor
_mbsnbcmp
_fstat
fopen
fclose
fseek
ftell
fgets
_mbschr
isprint
sprintf
isxdigit
_ismbcalnum
_ismbcspace
_ismbcdigit
_ismbcprint
_ismbcalpha
qsort
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
_mbctype
swscanf
ceil
_strdup
_mbsrchr
_mbsinc
wcstombs
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

lstrlenW
IsDBCSLeadByte
lstrcpynA
GetCurrentProcess
TerminateProcess
InterlockedDecrement
GlobalSize
LocalFree
GetPrivateProfileIntA
lstrlenA
GetCurrentDirectoryA
GetModuleFileNameA
GetTickCount
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
GetForegroundWindow
GetLastActivePopup
GetWindowLongA
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
DragDetect
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExA
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
ShowCaret
GetScrollInfo
DrawAnimatedRects
GetScrollPos
GetWindowPlacement
ShowWindow
GetClassLongA
LoadIconA
CreateAcceleratorTableA
GetMenu
BeginDeferWindowPos
EndDeferWindowPos
wsprintfA
OpenClipboard
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageA
DrawFrameControl
GetFocus
SetCursor
DrawFocusRect
FillRect
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringA
SetWindowTextA
GetDlgCtrlID
GetWindow
GetClassNameA
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
FindWindowA
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
SetClassLongA
GetDlgItem
GetSystemMenu
RemoveMenu
DestroyCaret
DrawMenuBar
GetSystemMetrics
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
DestroyAcceleratorTable
UnionRect
TranslateMessage
SetWindowPlacement
WinHelpA
DeferWindowPos
VkKeyScanA
GetDoubleClickTime
GetTabbedTextExtentA
GetAsyncKeyState
IsIconic
IsChild
HideCaret
GetMenuItemCount
GetMenuItemID
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
GetCapture
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsA
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontA
GetCharWidthA
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
GetViewportExtEx
GetWindowExtEx
Ellipse
Polyline
CombineRgn
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCurrentPositionEx
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
Rectangle
GetTextExtentPointA
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
StrokePath
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

DragQueryFileA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
Shell_NotifyIconA

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/OCX/Registrator.exe
.exe windows:4 windows x86 arch:x86

7e753ff681654f6baf71d608521060db

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d
Signer

Actual PE Digest

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord800
ord2514
ord2764
ord537
ord1205
ord2621
ord1134
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord1089
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord535
ord860
ord540
ord1168
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord858
ord1146
ord567
ord2358
ord2302
ord6215
ord5949
ord6199
ord3998
ord2614
ord4277
ord4129
ord6648
ord3092
ord4160
ord2863
ord668
ord2642
ord3178
ord2781
ord2770
ord924
ord356
ord6334
ord2379
ord755
ord470
ord3181
ord6907
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4673
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbsrchr
__CxxFrameHandler
_setmbcp
_initterm

kernel32

GetCommandLineA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetSystemMenu
DrawIcon
GetClientRect
AppendMenuA
IsIconic
EnableWindow
SendMessageA
GetSystemMetrics
FindWindowA
LoadIconA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/OCX/Skin.Style
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/OCX/SkinFramework.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

1a82606a8847d25f8642b8caf4904fdd

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:1e:0d:95:6e:1d:5e:b7:25:e4:06:e5:d2:6d:a3:23:7b:e5:48:e7
Signer

Actual PE Digest

16:1e:0d:95:6e:1d:5e:b7:25:e4:06:e5:d2:6d:a3:23:7b:e5:48:e7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4299
ord3474
ord5008
ord800
ord2764
ord3262
ord1206
ord540
ord1223
ord2486
ord3237
ord860
ord1168
ord1601
ord2818
ord858
ord4278
ord5683
ord5265
ord4853
ord4998
ord2514
ord6052
ord1775
ord2385
ord6374
ord5280
ord4627
ord4425
ord3597
ord640
ord4160
ord2450
ord2642
ord6215
ord6199
ord1640
ord323
ord2915
ord5572
ord641
ord537
ord801
ord2640
ord2623
ord541
ord1177
ord6467
ord5861
ord4042
ord2613
ord1706
ord6570
ord1799
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5805
ord2379
ord4123
ord5252
ord2393
ord6197
ord2233
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord3495
ord1140
ord3874
ord5981
ord4723
ord5121
ord3092
ord2859
ord2860
ord6880
ord1567
ord5575
ord3525
ord433
ord268
ord535
ord674
ord2868
ord5864
ord861
ord539
ord2575
ord4396
ord3574
ord3402
ord3721
ord609
ord795
ord567
ord324
ord2086
ord2302
ord4234
ord3811
ord2820
ord551
ord5710
ord4129
ord4203
ord3571
ord3626
ord941
ord6380
ord1146
ord4710
ord6334
ord755
ord470
ord3663
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1227
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord4249
ord2687
ord1226
ord1210
ord922
ord3946
ord2956
ord4667
ord5785
ord5314
ord6030
ord1269
ord668
ord3178
ord3181
ord4058
ord2781
ord2770
ord924
ord356
ord4277
ord2763
ord2614
ord6282
ord939
ord536
ord6383
ord5450
ord6394
ord2740
ord2801
ord686
ord2096
ord384
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord3596
ord3706
ord5781
ord3693
ord3573
ord2405
ord2753
ord2754
ord6648
ord3138
ord1232
ord2919
ord3517
ord6877
ord3619
ord5875
ord764
ord3028
ord824
ord826
ord2107
ord2841
ord2452
ord1265
ord703
ord603
ord1969
ord2454
ord273
ord403
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord4275
ord3742
ord818
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord6283
ord4204
ord834
ord836
ord2814
ord2813
ord5216
ord1572
ord849
ord850
ord906
ord845
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord857
ord940
ord6779
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord926
ord4202
ord1644
ord4163
ord805
ord3030
ord2381
ord1153
ord1176
ord6493
ord533
ord923
ord6874
ord2567
ord1270
ord2867
ord6662
ord5631
ord4284
ord4287
ord2714
ord1949
ord4226
ord3884
ord3920
ord1229
ord2380
ord3089
ord2862
ord3752
ord3754
ord2243
ord6242
ord289
ord613
ord1262
ord1132
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord3797
ord4668
ord4908
ord4909
ord4659
ord4935
ord4930
ord4925
ord4988
ord4594
ord4521
ord4548
ord4903
ord4650
ord4768
ord4660
ord4661
ord4113
ord5649
ord2998
ord2876
ord4707
ord4705
ord5150
ord3868
ord2953
ord5213
ord1963
ord2137
ord6002
ord3133
ord4920
ord4856
ord2156
ord5674
ord4639
ord4687
ord4342
ord1614
ord5163
ord723
ord423
ord5825
ord4624
ord4081
ord3080
ord3376
ord2986
ord3269
ord4466
ord3260
ord3148
ord2983
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6370
ord2384
ord5241
ord4407
ord1776
ord4078
ord6055
ord2954
ord2541
ord4949
ord4534
ord4539
ord3404
ord2488
ord4979
ord4992
ord4415
ord4603
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654

msvcrt

_strdup
free
_mbscmp
atoi
wcsncpy
wcslen
_mbsicmp
_CIpow
wcscmp
wcsstr
_wcslwr
malloc
_ftol
_CxxThrowException
_purecall
__CxxFrameHandler
memmove
sscanf
strtod
mbstowcs
strrchr
wcschr
_mbsstr
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv

kernel32

LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
ResetEvent
CreateEventA
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
LocalFree
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetFileAttributesA
InterlockedDecrement
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
InterlockedIncrement
MulDiv
lstrlenA
EnumResourceNamesA
LocalAlloc

user32

SetMenuDefaultItem
GetMenuItemInfoA
GetWindowDC
SetWindowPos
GetMenuItemID
GetMenuDefaultItem
WaitMessage
CreateWindowExA
GetDoubleClickTime
IsWindowVisible
GetCursorPos
ScreenToClient
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
LoadStringA
GetSysColor
GetAsyncKeyState
LoadCursorA
SetCursor
IsIconic
MessageBeep
LoadBitmapA
PostMessageA
GetWindowRect
DefDlgProcW
InvalidateRect
SystemParametersInfoA
IsWindowEnabled
IsRectEmpty
IsWindow
EnableWindow
SetTimer
GetMenuItemCount
GetKeyState
UpdateWindow
SetRect
CopyRect
OffsetRect
InflateRect
MoveWindow
GetFocus
GetSystemMenu
SendMessageA
GetSystemMetrics
PtInRect
GetDC
ReleaseDC
GetDesktopWindow
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
GetScrollInfo
EnableScrollBar
SetScrollInfo
SetScrollPos
GetSysColorBrush
CallWindowProcA
GetWindow
GetClassNameA
GetClassLongA
FillRect
LoadMenuIndirectA
GetMenuStringA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
GetMenu
KillTimer
TranslateMessage
RegisterWindowMessageA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
GetWindowTextLengthA
DrawFocusRect
EnumWindows
GetWindowThreadProcessId
GetMenuState
SetWindowRgn
GetWindowLongA
SetClassLongA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
EndPaint
BeginPaint
SendMessageTimeoutA
LoadIconA
TrackPopupMenuEx
TrackPopupMenu
DrawMenuBar
DrawFrameControl
DrawEdge
AdjustWindowRectEx
RegisterClassW
RegisterClassA
DefMDIChildProcW
GetParent
DefMDIChildProcA
GetWindowTextA
DefWindowProcA
IntersectRect
SetCapture
GetCapture
GetMessageA
ClientToScreen
DispatchMessageA
ReleaseCapture
GetClientRect
EqualRect
SetRectEmpty

gdi32

Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
CreateDIBSection
SetStretchBltMode
GetDIBits
CreateDIBitmap
SelectPalette
GetObjectType
GetTextColor
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextCharsetInfo
CombineRgn
OffsetRgn
SetBrushOrgEx
GetTextMetricsA
SetBkMode
CreatePatternBrush
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
CreateRectRgnIndirect
CreateCompatibleBitmap
SelectObject
GetPixel
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
GetObjectA
GetDeviceCaps

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

shell32

DragQueryFileA
ShellExecuteA

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect

ole32

CoCreateInstance
ReleaseStgMedium
OleRun

olepro32

ord254
ord253
ord252

oleaut32

SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
OleLoadPicturePath
SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysFreeString

winmm

waveOutGetNumDevs
PlaySoundA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/Screenshot.jpg
.jpg
Blade Stealer 1.0 PUBLIC/Thumbs.db
Blade Stealer 1.0 PUBLIC/assembly/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/LICENCE.dat
.zip
Blade Stealer 1.0 PUBLIC/assembly/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/OCX/CODEJO~2 - Kopie.ocx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 383KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/OCX/Codejock.CommandBars.v13.0.0.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

78bc84e33c3505d96610a5518fec0b6d

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:01:42:b0:8f:79:c8:2f:91:99:92:73:e2:bc:23:77:45:22:0c:0c
Signer

Actual PE Digest

7c:01:42:b0:8f:79:c8:2f:91:99:92:73:e2:bc:23:77:45:22:0c:0c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord283
ord703
ord603
ord1989
ord1969
ord2454
ord3508
ord273
ord403
ord2393
ord786
ord5989
ord519
ord3216
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord4277
ord6283
ord4278
ord2763
ord4204
ord538
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord3887
ord2830
ord4222
ord5467
ord1581
ord2918
ord2805
ord960
ord6314
ord4179
ord5445
ord6012
ord5775
ord2603
ord3180
ord3183
ord3176
ord3652
ord1643
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord6571
ord3030
ord2639
ord6109
ord6335
ord2546
ord291
ord923
ord2714
ord5785
ord1842
ord3092
ord1270
ord2867
ord1859
ord859
ord2795
ord4083
ord4287
ord1140
ord1829
ord656
ord2089
ord4047
ord6199
ord2642
ord3803
ord4284
ord4124
ord939
ord941
ord5631
ord3089
ord1217
ord1883
ord2884
ord3084
ord3348
ord4351
ord2625
ord297
ord619
ord5860
ord2464
ord4036
ord1656
ord3443
ord3786
ord434
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord5148
ord3716
ord790
ord6111
ord2113
ord6880
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3402
ord768
ord489
ord2302
ord4258
ord3699
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2298
ord2370
ord6334
ord3721
ord795
ord3097
ord5953
ord2301
ord6241
ord1908
ord1690
ord4439
ord2054
ord771
ord2041
ord498
ord1008
ord4259
ord4715
ord5718
ord1568
ord1180
ord6728
ord2629
ord1137
ord609
ord807
ord5510
ord3027
ord4042
ord1652
ord429
ord4431
ord5849
ord5288
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord4225
ord1719
ord4060
ord4123
ord2937
ord2575
ord4396
ord3574
ord5890
ord1229
ord3957
ord4234
ord2243
ord1234
ord6402
ord6403
ord3521
ord6401
ord3522
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord975
ord5472
ord3403
ord2879
ord2878
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord3369
ord4427
ord366
ord5012
ord4151
ord3623
ord674
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord2383
ord4437
ord5255
ord3373
ord402
ord4428
ord4153
ord3651
ord5284
ord5282
ord4317
ord3448
ord1664
ord3499
ord3175
ord2515
ord355
ord1929
ord4268
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord554
ord2116
ord2097
ord4021
ord2921
ord5883
ord2120
ord5805
ord2513
ord293
ord955
ord1194
ord805
ord4364
ord1709
ord3583
ord620
ord298
ord4230
ord4759
ord2408
ord4285
ord3815
ord5129
ord5119
ord4895
ord4896
ord567
ord4894
ord1904
ord4515
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4723
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord4432
ord761
ord569
ord480
ord4256
ord4461
ord3103
ord5260
ord2785
ord1767
ord5925
ord6130
ord6128
ord6131
ord6216
ord3816
ord5146
ord5037
ord6603
ord6565
ord6802
ord6825
ord6026
ord6027
ord5856
ord3610
ord3520
ord1803
ord1716
ord4454
ord4755
ord2681
ord5153
ord4530
ord4525
ord4544
ord4542
ord4523
ord5685
ord3274
ord439
ord736
ord1858
ord5495
ord6242
ord6320
ord2571
ord5053
ord4114
ord1865
ord979
ord5782
ord2566
ord3920
ord324
ord3811
ord2820
ord551
ord4203

msvcrt

_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
sscanf
wcscmp
_ftol
_CIpow
__CxxFrameHandler
wcslen
strtod
mbstowcs
wcsncpy
calloc
_mbctype
_mbschr
qsort
_mbsrchr
rand
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
swscanf
floor
ceil
_strdup
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

LocalFree
GlobalFree
GlobalSize
GetCurrentProcess
TerminateProcess
Sleep
GetCurrentProcessId
SetFileAttributesA
GetModuleFileNameA
CreateDirectoryA
CompareStringA
GetCurrentDirectoryA
lstrlenA
lstrcpynA
GetVersion
InterlockedDecrement
GetTickCount
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
ResetEvent
CreateEventA
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
GetTempPathA
GetTempFileNameA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
DeleteFileA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

DeferWindowPos
UnionRect
GetAsyncKeyState
GetTabbedTextExtentA
GetClipboardData
FindWindowExA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
DrawFocusRect
GetLastActivePopup
GetWindowLongA
IntersectRect
SetCapture
LockWindowUpdate
GetDCEx
IsRectEmpty
GetCapture
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
MoveWindow
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetKeyNameTextA
GetKeyboardState
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
IsWindowEnabled
MessageBoxA
OpenClipboard
EmptyClipboard
CloseClipboard
SetForegroundWindow
GetActiveWindow
SetActiveWindow
GetClassLongA
GetMenuDefaultItem
CreatePopupMenu
GetDlgItem
SetParent
MapWindowPoints
SetFocus
GetClassNameA
ShowWindow
IsDialogMessageA
IsClipboardFormatAvailable
wsprintfA
TranslateMessage
WaitMessage
UpdateWindow
GetTopWindow
GetWindow
GetDlgCtrlID
InflateRect
HideCaret
SetCursor
ShowCaret
GetNextDlgTabItem
GetFocus
IsChild
MapVirtualKeyA
BringWindowToTop
RedrawWindow
IsZoomed
CharUpperA
GetClientRect
GetKeyboardLayoutList
MessageBeep
PostMessageA
IsMenu
GetMenuItemCount
GetMenuItemInfoA
GetMenuItemID
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
GetSystemMetrics
IsCharLowerA
IsIconic
ToAsciiEx
GetKeyboardLayout
SetWindowsHookExA
MapVirtualKeyExA
CopyAcceleratorTableA
FillRect
DrawEdge
GetDoubleClickTime
ShowScrollBar
SendMessageTimeoutA
AdjustWindowRectEx
SetCursorPos
GetMenu
GetSystemMenu
LoadIconA
GetMenuState
SetMenu
GetClipboardFormatNameA
BeginDeferWindowPos
EndDeferWindowPos
GetParent
DrawFrameControl
LoadMenuIndirectA
GetMenuStringA
GetMenuStringW
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
GetForegroundWindow
DrawStateA

gdi32

CreateRectRgn
CombineRgn
CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
PtInRegion
EnumFontFamiliesA
GetViewportOrgEx
CreatePatternBrush
GetTextColor
ExtFloodFill
Ellipse
GetCurrentObject
GetMapMode
CreateFontA
Polyline
Rectangle
GetWindowOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
Escape
GetWindowExtEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
GetTextAlign
GetTextMetricsA
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
AbortDoc
EndDoc
EndPage
StartPage
DPtoLP
StartDocA
SetAbortProc
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
GetViewportExtEx
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA

comctl32

ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Add
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageInfo
PropertySheetA
ImageList_Remove
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarI4FromCy
VarI4FromR4
VarI4FromR8
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SafeArrayCreate

winmm

waveOutGetNumDevs
PlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/OCX/Codejock.Controls.v13.0.0.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

03a2a49c403f3a0ab56ea90d96e16753

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

87:a7:b3:7b:4f:41:31:9b:8d:7f:70:64:2a:b1:bd:09:44:47:56:ad
Signer

Actual PE Digest

87:a7:b3:7b:4f:41:31:9b:8d:7f:70:64:2a:b1:bd:09:44:47:56:ad

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord703
ord603
ord1969
ord2454
ord273
ord403
ord2393
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord538
ord4277
ord6283
ord4278
ord2763
ord4204
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord4287
ord1229
ord6880
ord5785
ord939
ord1150
ord6662
ord6199
ord1140
ord3402
ord3610
ord656
ord765
ord6458
ord5053
ord4480
ord3092
ord2645
ord2108
ord4284
ord6377
ord2078
ord3721
ord795
ord2116
ord6663
ord3089
ord4123
ord6170
ord3698
ord3957
ord1795
ord2642
ord1871
ord1000
ord5589
ord394
ord696
ord3435
ord4185
ord2580
ord4400
ord3630
ord682
ord1844
ord1849
ord4083
ord1848
ord5805
ord6086
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord2041
ord498
ord1008
ord3475
ord4259
ord5849
ord4715
ord2646
ord5788
ord472
ord4258
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord3719
ord793
ord768
ord489
ord2294
ord2362
ord2302
ord4976
ord6334
ord1771
ord6366
ord2413
ord2024
ord4401
ord692
ord1847
ord3803
ord6194
ord4124
ord1815
ord5861
ord1651
ord2867
ord2112
ord6195
ord3520
ord6401
ord3870
ord2463
ord3711
ord783
ord1816
ord4234
ord324
ord2575
ord4396
ord609
ord2714
ord6008
ord6905
ord3574
ord801
ord541
ord2301
ord668
ord2770
ord356
ord6883
ord1858
ord2652
ord1669
ord4538
ord3530
ord2439
ord1693
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord3133
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord4949
ord2541
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord1205
ord723
ord4249
ord4996
ord4743
ord5888
ord5979
ord6128
ord5573
ord3199
ord5033
ord5574
ord3057
ord4820
ord2566
ord559
ord812
ord1088
ord5862
ord1829
ord3876
ord2546
ord291
ord1927
ord5856
ord4530
ord4544
ord4523
ord5685
ord3274
ord439
ord736
ord5495
ord5782
ord3920
ord3811
ord2820
ord551
ord4203
ord941
ord5683
ord1262
ord1832
ord5651
ord350
ord6447
ord567
ord5642
ord1083
ord501
ord1114
ord1113
ord1877
ord3376
ord423
ord1126
ord1614
ord4811
ord1685
ord6040
ord1686
ord3474
ord5008
ord5953
ord3499
ord2515
ord355
ord4042
ord2613
ord1706
ord6570
ord729
ord2504
ord2795
ord430
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5252
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord4723
ord5121
ord674
ord5483
ord2496
ord5959
ord3119
ord6042
ord3230
ord3212
ord2901
ord5984
ord3203
ord6166
ord3804
ord4788
ord4760
ord4390
ord4651
ord4735
ord5328

msvcrt

_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
wcscmp
_ftol
_CIpow
__CxxFrameHandler
sscanf
wcslen
strtod
mbstowcs
wcsncpy
calloc
realloc
_splitpath
floor
_mbsnbcmp
_fstat
fopen
fclose
fseek
ftell
fgets
_mbschr
isprint
sprintf
isxdigit
_ismbcalnum
_ismbcspace
_ismbcdigit
_ismbcprint
_ismbcalpha
qsort
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
_mbctype
swscanf
ceil
_strdup
_mbsrchr
_mbsinc
wcstombs
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

lstrlenW
IsDBCSLeadByte
lstrcpynA
GetCurrentProcess
TerminateProcess
InterlockedDecrement
GlobalSize
LocalFree
GetPrivateProfileIntA
lstrlenA
GetCurrentDirectoryA
GetModuleFileNameA
GetTickCount
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
GetForegroundWindow
GetLastActivePopup
GetWindowLongA
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
DragDetect
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExA
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
ShowCaret
GetScrollInfo
DrawAnimatedRects
GetScrollPos
GetWindowPlacement
ShowWindow
GetClassLongA
LoadIconA
CreateAcceleratorTableA
GetMenu
BeginDeferWindowPos
EndDeferWindowPos
wsprintfA
OpenClipboard
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageA
DrawFrameControl
GetFocus
SetCursor
DrawFocusRect
FillRect
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringA
SetWindowTextA
GetDlgCtrlID
GetWindow
GetClassNameA
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
FindWindowA
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
SetClassLongA
GetDlgItem
GetSystemMenu
RemoveMenu
DestroyCaret
DrawMenuBar
GetSystemMetrics
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
DestroyAcceleratorTable
UnionRect
TranslateMessage
SetWindowPlacement
WinHelpA
DeferWindowPos
VkKeyScanA
GetDoubleClickTime
GetTabbedTextExtentA
GetAsyncKeyState
IsIconic
IsChild
HideCaret
GetMenuItemCount
GetMenuItemID
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
GetCapture
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsA
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontA
GetCharWidthA
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
GetViewportExtEx
GetWindowExtEx
Ellipse
Polyline
CombineRgn
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCurrentPositionEx
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
Rectangle
GetTextExtentPointA
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
StrokePath
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

DragQueryFileA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
Shell_NotifyIconA

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/OCX/CommandBars.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

78bc84e33c3505d96610a5518fec0b6d

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:01:42:b0:8f:79:c8:2f:91:99:92:73:e2:bc:23:77:45:22:0c:0c
Signer

Actual PE Digest

7c:01:42:b0:8f:79:c8:2f:91:99:92:73:e2:bc:23:77:45:22:0c:0c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord283
ord703
ord603
ord1989
ord1969
ord2454
ord3508
ord273
ord403
ord2393
ord786
ord5989
ord519
ord3216
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord4277
ord6283
ord4278
ord2763
ord4204
ord538
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord3887
ord2830
ord4222
ord5467
ord1581
ord2918
ord2805
ord960
ord6314
ord4179
ord5445
ord6012
ord5775
ord2603
ord3180
ord3183
ord3176
ord3652
ord1643
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord6571
ord3030
ord2639
ord6109
ord6335
ord2546
ord291
ord923
ord2714
ord5785
ord1842
ord3092
ord1270
ord2867
ord1859
ord859
ord2795
ord4083
ord4287
ord1140
ord1829
ord656
ord2089
ord4047
ord6199
ord2642
ord3803
ord4284
ord4124
ord939
ord941
ord5631
ord3089
ord1217
ord1883
ord2884
ord3084
ord3348
ord4351
ord2625
ord297
ord619
ord5860
ord2464
ord4036
ord1656
ord3443
ord3786
ord434
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord5148
ord3716
ord790
ord6111
ord2113
ord6880
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3402
ord768
ord489
ord2302
ord4258
ord3699
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2298
ord2370
ord6334
ord3721
ord795
ord3097
ord5953
ord2301
ord6241
ord1908
ord1690
ord4439
ord2054
ord771
ord2041
ord498
ord1008
ord4259
ord4715
ord5718
ord1568
ord1180
ord6728
ord2629
ord1137
ord609
ord807
ord5510
ord3027
ord4042
ord1652
ord429
ord4431
ord5849
ord5288
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord4225
ord1719
ord4060
ord4123
ord2937
ord2575
ord4396
ord3574
ord5890
ord1229
ord3957
ord4234
ord2243
ord1234
ord6402
ord6403
ord3521
ord6401
ord3522
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord975
ord5472
ord3403
ord2879
ord2878
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord3369
ord4427
ord366
ord5012
ord4151
ord3623
ord674
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord2383
ord4437
ord5255
ord3373
ord402
ord4428
ord4153
ord3651
ord5284
ord5282
ord4317
ord3448
ord1664
ord3499
ord3175
ord2515
ord355
ord1929
ord4268
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord554
ord2116
ord2097
ord4021
ord2921
ord5883
ord2120
ord5805
ord2513
ord293
ord955
ord1194
ord805
ord4364
ord1709
ord3583
ord620
ord298
ord4230
ord4759
ord2408
ord4285
ord3815
ord5129
ord5119
ord4895
ord4896
ord567
ord4894
ord1904
ord4515
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4723
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord4432
ord761
ord569
ord480
ord4256
ord4461
ord3103
ord5260
ord2785
ord1767
ord5925
ord6130
ord6128
ord6131
ord6216
ord3816
ord5146
ord5037
ord6603
ord6565
ord6802
ord6825
ord6026
ord6027
ord5856
ord3610
ord3520
ord1803
ord1716
ord4454
ord4755
ord2681
ord5153
ord4530
ord4525
ord4544
ord4542
ord4523
ord5685
ord3274
ord439
ord736
ord1858
ord5495
ord6242
ord6320
ord2571
ord5053
ord4114
ord1865
ord979
ord5782
ord2566
ord3920
ord324
ord3811
ord2820
ord551
ord4203

msvcrt

_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
sscanf
wcscmp
_ftol
_CIpow
__CxxFrameHandler
wcslen
strtod
mbstowcs
wcsncpy
calloc
_mbctype
_mbschr
qsort
_mbsrchr
rand
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
swscanf
floor
ceil
_strdup
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

LocalFree
GlobalFree
GlobalSize
GetCurrentProcess
TerminateProcess
Sleep
GetCurrentProcessId
SetFileAttributesA
GetModuleFileNameA
CreateDirectoryA
CompareStringA
GetCurrentDirectoryA
lstrlenA
lstrcpynA
GetVersion
InterlockedDecrement
GetTickCount
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
ResetEvent
CreateEventA
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
GetTempPathA
GetTempFileNameA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
DeleteFileA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

DeferWindowPos
UnionRect
GetAsyncKeyState
GetTabbedTextExtentA
GetClipboardData
FindWindowExA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
DrawFocusRect
GetLastActivePopup
GetWindowLongA
IntersectRect
SetCapture
LockWindowUpdate
GetDCEx
IsRectEmpty
GetCapture
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
MoveWindow
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetKeyNameTextA
GetKeyboardState
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
IsWindowEnabled
MessageBoxA
OpenClipboard
EmptyClipboard
CloseClipboard
SetForegroundWindow
GetActiveWindow
SetActiveWindow
GetClassLongA
GetMenuDefaultItem
CreatePopupMenu
GetDlgItem
SetParent
MapWindowPoints
SetFocus
GetClassNameA
ShowWindow
IsDialogMessageA
IsClipboardFormatAvailable
wsprintfA
TranslateMessage
WaitMessage
UpdateWindow
GetTopWindow
GetWindow
GetDlgCtrlID
InflateRect
HideCaret
SetCursor
ShowCaret
GetNextDlgTabItem
GetFocus
IsChild
MapVirtualKeyA
BringWindowToTop
RedrawWindow
IsZoomed
CharUpperA
GetClientRect
GetKeyboardLayoutList
MessageBeep
PostMessageA
IsMenu
GetMenuItemCount
GetMenuItemInfoA
GetMenuItemID
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
GetSystemMetrics
IsCharLowerA
IsIconic
ToAsciiEx
GetKeyboardLayout
SetWindowsHookExA
MapVirtualKeyExA
CopyAcceleratorTableA
FillRect
DrawEdge
GetDoubleClickTime
ShowScrollBar
SendMessageTimeoutA
AdjustWindowRectEx
SetCursorPos
GetMenu
GetSystemMenu
LoadIconA
GetMenuState
SetMenu
GetClipboardFormatNameA
BeginDeferWindowPos
EndDeferWindowPos
GetParent
DrawFrameControl
LoadMenuIndirectA
GetMenuStringA
GetMenuStringW
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
GetForegroundWindow
DrawStateA

gdi32

CreateRectRgn
CombineRgn
CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
PtInRegion
EnumFontFamiliesA
GetViewportOrgEx
CreatePatternBrush
GetTextColor
ExtFloodFill
Ellipse
GetCurrentObject
GetMapMode
CreateFontA
Polyline
Rectangle
GetWindowOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
Escape
GetWindowExtEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
GetTextAlign
GetTextMetricsA
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
AbortDoc
EndDoc
EndPage
StartPage
DPtoLP
StartDocA
SetAbortProc
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
GetViewportExtEx
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
DragQueryFileA

comctl32

ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Add
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageInfo
PropertySheetA
ImageList_Remove
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarI4FromCy
VarI4FromR4
VarI4FromR8
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SafeArrayCreate

winmm

waveOutGetNumDevs
PlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/OCX/Controls.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

03a2a49c403f3a0ab56ea90d96e16753

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

87:a7:b3:7b:4f:41:31:9b:8d:7f:70:64:2a:b1:bd:09:44:47:56:ad
Signer

Actual PE Digest

87:a7:b3:7b:4f:41:31:9b:8d:7f:70:64:2a:b1:bd:09:44:47:56:ad

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord703
ord603
ord1969
ord2454
ord273
ord403
ord2393
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord538
ord4277
ord6283
ord4278
ord2763
ord4204
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord4287
ord1229
ord6880
ord5785
ord939
ord1150
ord6662
ord6199
ord1140
ord3402
ord3610
ord656
ord765
ord6458
ord5053
ord4480
ord3092
ord2645
ord2108
ord4284
ord6377
ord2078
ord3721
ord795
ord2116
ord6663
ord3089
ord4123
ord6170
ord3698
ord3957
ord1795
ord2642
ord1871
ord1000
ord5589
ord394
ord696
ord3435
ord4185
ord2580
ord4400
ord3630
ord682
ord1844
ord1849
ord4083
ord1848
ord5805
ord6086
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord2041
ord498
ord1008
ord3475
ord4259
ord5849
ord4715
ord2646
ord5788
ord472
ord4258
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord3719
ord793
ord768
ord489
ord2294
ord2362
ord2302
ord4976
ord6334
ord1771
ord6366
ord2413
ord2024
ord4401
ord692
ord1847
ord3803
ord6194
ord4124
ord1815
ord5861
ord1651
ord2867
ord2112
ord6195
ord3520
ord6401
ord3870
ord2463
ord3711
ord783
ord1816
ord4234
ord324
ord2575
ord4396
ord609
ord2714
ord6008
ord6905
ord3574
ord801
ord541
ord2301
ord668
ord2770
ord356
ord6883
ord1858
ord2652
ord1669
ord4538
ord3530
ord2439
ord1693
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord3133
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord4949
ord2541
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord1205
ord723
ord4249
ord4996
ord4743
ord5888
ord5979
ord6128
ord5573
ord3199
ord5033
ord5574
ord3057
ord4820
ord2566
ord559
ord812
ord1088
ord5862
ord1829
ord3876
ord2546
ord291
ord1927
ord5856
ord4530
ord4544
ord4523
ord5685
ord3274
ord439
ord736
ord5495
ord5782
ord3920
ord3811
ord2820
ord551
ord4203
ord941
ord5683
ord1262
ord1832
ord5651
ord350
ord6447
ord567
ord5642
ord1083
ord501
ord1114
ord1113
ord1877
ord3376
ord423
ord1126
ord1614
ord4811
ord1685
ord6040
ord1686
ord3474
ord5008
ord5953
ord3499
ord2515
ord355
ord4042
ord2613
ord1706
ord6570
ord729
ord2504
ord2795
ord430
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5252
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord4723
ord5121
ord674
ord5483
ord2496
ord5959
ord3119
ord6042
ord3230
ord3212
ord2901
ord5984
ord3203
ord6166
ord3804
ord4788
ord4760
ord4390
ord4651
ord4735
ord5328

msvcrt

_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
wcscmp
_ftol
_CIpow
__CxxFrameHandler
sscanf
wcslen
strtod
mbstowcs
wcsncpy
calloc
realloc
_splitpath
floor
_mbsnbcmp
_fstat
fopen
fclose
fseek
ftell
fgets
_mbschr
isprint
sprintf
isxdigit
_ismbcalnum
_ismbcspace
_ismbcdigit
_ismbcprint
_ismbcalpha
qsort
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
_mbctype
swscanf
ceil
_strdup
_mbsrchr
_mbsinc
wcstombs
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

lstrlenW
IsDBCSLeadByte
lstrcpynA
GetCurrentProcess
TerminateProcess
InterlockedDecrement
GlobalSize
LocalFree
GetPrivateProfileIntA
lstrlenA
GetCurrentDirectoryA
GetModuleFileNameA
GetTickCount
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
GetForegroundWindow
GetLastActivePopup
GetWindowLongA
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
DragDetect
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExA
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
ShowCaret
GetScrollInfo
DrawAnimatedRects
GetScrollPos
GetWindowPlacement
ShowWindow
GetClassLongA
LoadIconA
CreateAcceleratorTableA
GetMenu
BeginDeferWindowPos
EndDeferWindowPos
wsprintfA
OpenClipboard
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageA
DrawFrameControl
GetFocus
SetCursor
DrawFocusRect
FillRect
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringA
SetWindowTextA
GetDlgCtrlID
GetWindow
GetClassNameA
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
FindWindowA
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
SetClassLongA
GetDlgItem
GetSystemMenu
RemoveMenu
DestroyCaret
DrawMenuBar
GetSystemMetrics
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
DestroyAcceleratorTable
UnionRect
TranslateMessage
SetWindowPlacement
WinHelpA
DeferWindowPos
VkKeyScanA
GetDoubleClickTime
GetTabbedTextExtentA
GetAsyncKeyState
IsIconic
IsChild
HideCaret
GetMenuItemCount
GetMenuItemID
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
GetCapture
EnableWindow

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsA
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontA
GetCharWidthA
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
GetViewportExtEx
GetWindowExtEx
Ellipse
Polyline
CombineRgn
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCurrentPositionEx
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
Rectangle
GetTextExtentPointA
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
StrokePath
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

DragQueryFileA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
Shell_NotifyIconA

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/OCX/Registrator.exe
.exe windows:4 windows x86 arch:x86

7e753ff681654f6baf71d608521060db

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d
Signer

Actual PE Digest

ea:7b:08:3d:f8:3b:ab:c5:c5:4c:25:24:0a:dc:4f:98:3e:3e:2a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord800
ord2514
ord2764
ord537
ord1205
ord2621
ord1134
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord1089
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord535
ord860
ord540
ord1168
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord858
ord1146
ord567
ord2358
ord2302
ord6215
ord5949
ord6199
ord3998
ord2614
ord4277
ord4129
ord6648
ord3092
ord4160
ord2863
ord668
ord2642
ord3178
ord2781
ord2770
ord924
ord356
ord6334
ord2379
ord755
ord470
ord3181
ord6907
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4673
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbsrchr
__CxxFrameHandler
_setmbcp
_initterm

kernel32

GetCommandLineA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetModuleFileNameA

user32

GetSystemMenu
DrawIcon
GetClientRect
AppendMenuA
IsIconic
EnableWindow
SendMessageA
GetSystemMetrics
FindWindowA
LoadIconA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/OCX/Skin.Style
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/OCX/SkinFramework.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

1a82606a8847d25f8642b8caf4904fdd

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-10-2008 00:00

Not After

20-10-2010 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:1e:0d:95:6e:1d:5e:b7:25:e4:06:e5:d2:6d:a3:23:7b:e5:48:e7
Signer

Actual PE Digest

16:1e:0d:95:6e:1d:5e:b7:25:e4:06:e5:d2:6d:a3:23:7b:e5:48:e7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4299
ord3474
ord5008
ord800
ord2764
ord3262
ord1206
ord540
ord1223
ord2486
ord3237
ord860
ord1168
ord1601
ord2818
ord858
ord4278
ord5683
ord5265
ord4853
ord4998
ord2514
ord6052
ord1775
ord2385
ord6374
ord5280
ord4627
ord4425
ord3597
ord640
ord4160
ord2450
ord2642
ord6215
ord6199
ord1640
ord323
ord2915
ord5572
ord641
ord537
ord801
ord2640
ord2623
ord541
ord1177
ord6467
ord5861
ord4042
ord2613
ord1706
ord6570
ord1799
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5805
ord2379
ord4123
ord5252
ord2393
ord6197
ord2233
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord3495
ord1140
ord3874
ord5981
ord4723
ord5121
ord3092
ord2859
ord2860
ord6880
ord1567
ord5575
ord3525
ord433
ord268
ord535
ord674
ord2868
ord5864
ord861
ord539
ord2575
ord4396
ord3574
ord3402
ord3721
ord609
ord795
ord567
ord324
ord2086
ord2302
ord4234
ord3811
ord2820
ord551
ord5710
ord4129
ord4203
ord3571
ord3626
ord941
ord6380
ord1146
ord4710
ord6334
ord755
ord470
ord3663
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1227
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord4249
ord2687
ord1226
ord1210
ord922
ord3946
ord2956
ord4667
ord5785
ord5314
ord6030
ord1269
ord668
ord3178
ord3181
ord4058
ord2781
ord2770
ord924
ord356
ord4277
ord2763
ord2614
ord6282
ord939
ord536
ord6383
ord5450
ord6394
ord2740
ord2801
ord686
ord2096
ord384
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord3596
ord3706
ord5781
ord3693
ord3573
ord2405
ord2753
ord2754
ord6648
ord3138
ord1232
ord2919
ord3517
ord6877
ord3619
ord5875
ord764
ord3028
ord824
ord826
ord2107
ord2841
ord2452
ord1265
ord703
ord603
ord1969
ord2454
ord273
ord403
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord4275
ord3742
ord818
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord6283
ord4204
ord834
ord836
ord2814
ord2813
ord5216
ord1572
ord849
ord850
ord906
ord845
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord857
ord940
ord6779
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord926
ord4202
ord1644
ord4163
ord805
ord3030
ord2381
ord1153
ord1176
ord6493
ord533
ord923
ord6874
ord2567
ord1270
ord2867
ord6662
ord5631
ord4284
ord4287
ord2714
ord1949
ord4226
ord3884
ord3920
ord1229
ord2380
ord3089
ord2862
ord3752
ord3754
ord2243
ord6242
ord289
ord613
ord1262
ord1132
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord3797
ord4668
ord4908
ord4909
ord4659
ord4935
ord4930
ord4925
ord4988
ord4594
ord4521
ord4548
ord4903
ord4650
ord4768
ord4660
ord4661
ord4113
ord5649
ord2998
ord2876
ord4707
ord4705
ord5150
ord3868
ord2953
ord5213
ord1963
ord2137
ord6002
ord3133
ord4920
ord4856
ord2156
ord5674
ord4639
ord4687
ord4342
ord1614
ord5163
ord723
ord423
ord5825
ord4624
ord4081
ord3080
ord3376
ord2986
ord3269
ord4466
ord3260
ord3148
ord2983
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6370
ord2384
ord5241
ord4407
ord1776
ord4078
ord6055
ord2954
ord2541
ord4949
ord4534
ord4539
ord3404
ord2488
ord4979
ord4992
ord4415
ord4603
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654

msvcrt

_strdup
free
_mbscmp
atoi
wcsncpy
wcslen
_mbsicmp
_CIpow
wcscmp
wcsstr
_wcslwr
malloc
_ftol
_CxxThrowException
_purecall
__CxxFrameHandler
memmove
sscanf
strtod
mbstowcs
strrchr
wcschr
_mbsstr
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv

kernel32

LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
ResetEvent
CreateEventA
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
LocalFree
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetFileAttributesA
InterlockedDecrement
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
InterlockedIncrement
MulDiv
lstrlenA
EnumResourceNamesA
LocalAlloc

user32

SetMenuDefaultItem
GetMenuItemInfoA
GetWindowDC
SetWindowPos
GetMenuItemID
GetMenuDefaultItem
WaitMessage
CreateWindowExA
GetDoubleClickTime
IsWindowVisible
GetCursorPos
ScreenToClient
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
LoadStringA
GetSysColor
GetAsyncKeyState
LoadCursorA
SetCursor
IsIconic
MessageBeep
LoadBitmapA
PostMessageA
GetWindowRect
DefDlgProcW
InvalidateRect
SystemParametersInfoA
IsWindowEnabled
IsRectEmpty
IsWindow
EnableWindow
SetTimer
GetMenuItemCount
GetKeyState
UpdateWindow
SetRect
CopyRect
OffsetRect
InflateRect
MoveWindow
GetFocus
GetSystemMenu
SendMessageA
GetSystemMetrics
PtInRect
GetDC
ReleaseDC
GetDesktopWindow
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
GetScrollInfo
EnableScrollBar
SetScrollInfo
SetScrollPos
GetSysColorBrush
CallWindowProcA
GetWindow
GetClassNameA
GetClassLongA
FillRect
LoadMenuIndirectA
GetMenuStringA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
GetMenu
KillTimer
TranslateMessage
RegisterWindowMessageA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
GetWindowTextLengthA
DrawFocusRect
EnumWindows
GetWindowThreadProcessId
GetMenuState
SetWindowRgn
GetWindowLongA
SetClassLongA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
EndPaint
BeginPaint
SendMessageTimeoutA
LoadIconA
TrackPopupMenuEx
TrackPopupMenu
DrawMenuBar
DrawFrameControl
DrawEdge
AdjustWindowRectEx
RegisterClassW
RegisterClassA
DefMDIChildProcW
GetParent
DefMDIChildProcA
GetWindowTextA
DefWindowProcA
IntersectRect
SetCapture
GetCapture
GetMessageA
ClientToScreen
DispatchMessageA
ReleaseCapture
GetClientRect
EqualRect
SetRectEmpty

gdi32

Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
CreateDIBSection
SetStretchBltMode
GetDIBits
CreateDIBitmap
SelectPalette
GetObjectType
GetTextColor
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextCharsetInfo
CombineRgn
OffsetRgn
SetBrushOrgEx
GetTextMetricsA
SetBkMode
CreatePatternBrush
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
CreateRectRgnIndirect
CreateCompatibleBitmap
SelectObject
GetPixel
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
GetObjectA
GetDeviceCaps

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

shell32

DragQueryFileA
ShellExecuteA

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect

ole32

CoCreateInstance
ReleaseStgMedium
OleRun

olepro32

ord254
ord253
ord252

oleaut32

SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
OleLoadPicturePath
SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysFreeString

winmm

waveOutGetNumDevs
PlaySoundA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blade Stealer 1.0 PUBLIC/assembly/Screenshot.jpg
.jpg
Blade Stealer 1.0 PUBLIC/assembly/Thumbs.db
Blade Stealer 1.0 PUBLIC/assembly/bs.exe
.exe windows:4 windows x86 arch:x86

2295fa6f68e1ec21f91dc46546b855e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord300
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord306
__vbaBoolVar
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaPutOwner3
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaFileSeek
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord570
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaI4Var
__vbaAryLock
ord612
__vbaVarDup
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CanalSatViewer/CPFilters.dll
.dll regsvr32 windows:10 windows x64 arch:x64

7afea2ed1708d746b6cb468206853322

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CPFilters.pdb

Imports

msvcrt

_wtol
tolower
_CxxThrowException
wcschr
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
__CxxFrameHandler3
_onexit
_wcsnicmp
realloc
_XcptFilter
??1type_info@@UEAA@XZ
memcpy
memset
memcmp
_wcsicmp
memmove
sscanf_s
wcsncmp
isupper
wcsstr
swscanf
_beginthreadex
_endthread
swprintf_s
iswxdigit
swscanf_s
srand
wcsncpy_s
strnlen
strcat_s
wcstoul
wcscat_s
strncpy_s
wcsnlen
_time32
time
rand
??0exception@@QEAA@XZ
_vsnwprintf_s
_callnewh
malloc
free
__C_specific_handler
_vsnwprintf
memmove_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
memcpy_s
wcspbrk
wcscmp

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetPersistedStateLocation
RtlCaptureContext

advapi32

RegDeleteKeyW
CryptAcquireContextA
TraceMessage
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptGenRandom
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy

kernel32

DebugBreak
LocalAlloc
GlobalAlloc
GlobalFree
GetVersion
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetProcessHeap
HeapAlloc
FreeEnvironmentStringsW
DeviceIoControl
GetDiskFreeSpaceW
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
GetSystemTime
GetGeoInfoA
IsDebuggerPresent
RaiseException
WriteFile
ReadFile
lstrlenW
SetFilePointer
GlobalLock
GetFileSize
GlobalUnlock
CompareStringW
lstrlenA
FreeEnvironmentStringsA
TerminateProcess
ExpandEnvironmentStringsW
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DecodeSystemPointer
Sleep
OutputDebugStringW
EncodeSystemPointer
DeleteCriticalSection
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
ResumeThread
GetLastError
RaiseFailFastException
GetCurrentThread
CloseHandle
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetVersionExW
GetModuleFileNameA
MultiByteToWideChar
lstrcmpW
CreateEventW
ResetEvent
GetCurrentThreadId
SetEvent
CreateThread
GetTickCount
SetThreadPriority
lstrcmpiW
CompareFileTime
GetSystemTimeAsFileTime
WideCharToMultiByte
GetLocalTime
SystemTimeToFileTime
GetSystemFirmwareTable
LocalFree
GetTickCount64
GetModuleHandleExW
CreateFileW

ole32

CoFileTimeNow
PropVariantClear
CLSIDFromString
PropVariantCopy
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoTaskMemFree

oleaut32

SafeArrayGetUBound
SafeArrayDestroy
VariantCopy
VariantChangeType
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit
SafeArrayCreate
SysStringByteLen

slc

SLGetWindowsInformationDWORD

winmm

timeGetTime

wintrust

CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperProvDataFromStateData

mfplat

MFCreateCollection

ws2_32

htonl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UpdatePlayready

Sections

.text
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CanalSatViewer/CanalSatViewer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CanalSatViewer/CoreShell.dll
.dll windows:10 windows x64 arch:x64

d0d3277e5b74d2e30e15d8669771dafd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CoreShell.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcscspn

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException
wcsrchr
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
InitializeCriticalSectionEx
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockShared
InitializeSRWLock
CreateMutexExW
CreateEventExW
ReleaseSRWLockExclusive
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsSubstringWithSpecifiedLength
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WaitOnAddress
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
RpcServerInqCallAttributesW
I_RpcBindingInqLocalClientPID

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-rtcore-ntuser-window-l1-1-0

GetWindowThreadProcessId

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken

coremessaging

CoreUICreate

coreuicomponents

CoreUIFactoryCreate
CoreUIClientCreate

api-ms-win-shcore-registry-l1-1-0

SHCopyKeyW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

RtlGetDeviceFamilyInfoEnum
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlPublishWnfStateData

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-shcore-scaling-l1-1-1

GetScaleFactorForMonitor

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_init_in_situ
_Cnd_init_in_situ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_wait
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_destroy_in_situ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CanalSatViewer/LiteDB/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CanalSatViewer/LiteDB/LICENCE.dat
.zip
CanalSatViewer/LiteDB/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CanalSatViewer/LiteDB/csv.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CanalSatViewer/LiteDB/ntdll.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:29:e8:93:3c:c4:14:fa:f5:7c:00:00:00:00:02:29
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2019 19:21

Not After

27-03-2020 19:21

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:1f:53:d8:db:5f:3a:de:5e:8f:8d:83:75:42:2a:d7:59:a6:c4:a6:99:53:84:a6:d9:fc:75:8f:80:3c:76:5b
Signer

Actual PE Digest

f5:1f:53:d8:db:5f:3a:de:5e:8f:8d:83:75:42:2a:d7:59:a6:c4:a6:99:53:84:a6:d9:fc:75:8f:80:3c:76:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ntdll.pdb

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AlpcAdjustCompletionListConcurrencyCount
AlpcFreeCompletionListMessage
AlpcGetCompletionListLastMessageInformation
AlpcGetCompletionListMessageAttributes
AlpcGetHeaderSize
AlpcGetMessageAttribute
AlpcGetMessageFromCompletionList
AlpcGetOutstandingCompletionListMessageCount
AlpcInitializeMessageAttribute
AlpcMaxAllowedMessageLength
AlpcRegisterCompletionList
AlpcRegisterCompletionListWorkerThread
AlpcRundownCompletionList
AlpcUnregisterCompletionList
AlpcUnregisterCompletionListWorkerThread
ApiSetQueryApiSetPresence
ApiSetQueryApiSetPresenceEx
CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
CsrCaptureMessageBuffer
CsrCaptureMessageMultiUnicodeStringsInPlace
CsrCaptureMessageString
CsrCaptureTimeout
CsrClientCallServer
CsrClientConnectToServer
CsrFreeCaptureBuffer
CsrGetProcessId
CsrIdentifyAlertableThread
CsrSetPriorityClass
CsrVerifyRegion
DbgBreakPoint
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgUiConnectToDbg
DbgUiContinue
DbgUiConvertStateChangeStructure
DbgUiConvertStateChangeStructureEx
DbgUiDebugActiveProcess
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
DbgUiRemoteBreakin
DbgUiSetThreadDebugObject
DbgUiStopDebugging
DbgUiWaitStateChange
DbgUserBreakPoint
EtwCheckCoverage
EtwCreateTraceInstanceId
EtwDeliverDataBlock
EtwEnumerateProcessRegGuids
EtwEventActivityIdControl
EtwEventEnabled
EtwEventProviderEnabled
EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
EtwEventWrite
EtwEventWriteEndScenario
EtwEventWriteEx
EtwEventWriteFull
EtwEventWriteNoRegistration
EtwEventWriteStartScenario
EtwEventWriteString
EtwEventWriteTransfer
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwLogTraceEvent
EtwNotificationRegister
EtwNotificationUnregister
EtwProcessPrivateLoggerRequest
EtwRegisterSecurityProvider
EtwRegisterTraceGuidsA
EtwRegisterTraceGuidsW
EtwReplyNotification
EtwSendNotification
EtwSetMark
EtwTraceEventInstance
EtwTraceMessage
EtwTraceMessageVa
EtwUnregisterTraceGuids
EtwWriteUMSecurityEvent
EtwpCreateEtwThread
EtwpGetCpuSpeed
EvtIntReportAuthzEventAndSourceAsync
EvtIntReportEventAndSourceAsync
ExpInterlockedPopEntrySListEnd
ExpInterlockedPopEntrySListFault
ExpInterlockedPopEntrySListResume
KiRaiseUserExceptionDispatcher
KiUserApcDispatcher
KiUserCallbackDispatcher
KiUserExceptionDispatcher
KiUserInvertedFunctionTable
LdrAccessResource
LdrAddDllDirectory
LdrAddLoadAsDataTable
LdrAddRefDll
LdrAppxHandleIntegrityFailure
LdrCallEnclave
LdrControlFlowGuardEnforced
LdrCreateEnclave
LdrDeleteEnclave
LdrDisableThreadCalloutsForDll
LdrEnumResources
LdrEnumerateLoadedModules
LdrFastFailInLoaderCallout
LdrFindEntryForAddress
LdrFindResourceDirectory_U
LdrFindResourceEx_U
LdrFindResource_U
LdrFlushAlternateResourceModules
LdrGetDllDirectory
LdrGetDllFullName
LdrGetDllHandle
LdrGetDllHandleByMapping
LdrGetDllHandleByName
LdrGetDllHandleEx
LdrGetDllPath
LdrGetFailureData
LdrGetFileNameFromLoadAsDataTable
LdrGetKnownDllSectionHandle
LdrGetProcedureAddress
LdrGetProcedureAddressEx
LdrGetProcedureAddressForCaller
LdrInitShimEngineDynamic
LdrInitializeEnclave
LdrInitializeThunk
LdrIsModuleSxsRedirected
LdrLoadAlternateResourceModule
LdrLoadAlternateResourceModuleEx
LdrLoadDll
LdrLoadEnclaveModule
LdrLockLoaderLock
LdrOpenImageFileOptionsKey
LdrProcessInitializationComplete
LdrProcessRelocationBlock
LdrProcessRelocationBlockEx
LdrQueryImageFileExecutionOptions
LdrQueryImageFileExecutionOptionsEx
LdrQueryImageFileKeyOption
LdrQueryModuleServiceTags
LdrQueryOptionalDelayLoadedAPI
LdrQueryProcessModuleInformation
LdrRegisterDllNotification
LdrRemoveDllDirectory
LdrRemoveLoadAsDataTable
LdrResFindResource
LdrResFindResourceDirectory
LdrResGetRCConfig
LdrResRelease
LdrResSearchResource
LdrResolveDelayLoadedAPI
LdrResolveDelayLoadsFromDll
LdrRscIsTypeExist
LdrSetAppCompatDllRedirectionCallback
LdrSetDefaultDllDirectories
LdrSetDllDirectory
LdrSetDllManifestProber
LdrSetImplicitPathOptions
LdrSetMUICacheType
LdrShutdownProcess
LdrShutdownThread
LdrStandardizeSystemPath
LdrSystemDllInitBlock
LdrUnloadAlternateResourceModule
LdrUnloadAlternateResourceModuleEx
LdrUnloadDll
LdrUnlockLoaderLock
LdrUnregisterDllNotification
LdrUpdatePackageSearchPath
LdrVerifyImageMatchesChecksum
LdrVerifyImageMatchesChecksumEx
LdrpResGetMappingSize
LdrpResGetResourceDirectory
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Update
NlsAnsiCodePage
NlsMbCodePageTag
NlsMbOemCodePageTag
NtAcceptConnectPort
NtAccessCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByType
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultList
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAcquireProcessActivityReference
NtAddAtom
NtAddAtomEx
NtAddBootEntry
NtAddDriverEntry
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtAdjustTokenClaimsAndDeviceGroups
NtAlertResumeThread
NtAlertThread
NtAlertThreadByThreadId
NtAllocateLocallyUniqueId
NtAllocateReserveObject
NtAllocateUserPhysicalPages
NtAllocateUuids
NtAllocateVirtualMemory
NtAllocateVirtualMemoryEx
NtAlpcAcceptConnectPort
NtAlpcCancelMessage
NtAlpcConnectPort
NtAlpcConnectPortEx
NtAlpcCreatePort
NtAlpcCreatePortSection
NtAlpcCreateResourceReserve
NtAlpcCreateSectionView
NtAlpcCreateSecurityContext
NtAlpcDeletePortSection
NtAlpcDeleteResourceReserve
NtAlpcDeleteSectionView
NtAlpcDeleteSecurityContext
NtAlpcDisconnectPort
NtAlpcImpersonateClientContainerOfPort
NtAlpcImpersonateClientOfPort
NtAlpcOpenSenderProcess
NtAlpcOpenSenderThread
NtAlpcQueryInformation
NtAlpcQueryInformationMessage
NtAlpcRevokeSecurityContext
NtAlpcSendWaitReceivePort
NtAlpcSetInformation
NtApphelpCacheControl
NtAreMappedFilesTheSame
NtAssignProcessToJobObject
NtAssociateWaitCompletionPacket
NtCallEnclave
NtCallbackReturn
NtCancelIoFile
NtCancelIoFileEx
NtCancelSynchronousIoFile
NtCancelTimer
NtCancelTimer2
NtCancelWaitCompletionPacket
NtClearEvent
NtClose
NtCloseObjectAuditAlarm
NtCommitComplete
NtCommitEnlistment
NtCommitRegistryTransaction
NtCommitTransaction
NtCompactKeys
NtCompareObjects
NtCompareSigningLevels
NtCompareTokens
NtCompleteConnectPort
NtCompressKey
NtConnectPort
NtContinue
NtConvertBetweenAuxiliaryCounterAndPerformanceCounter
NtCreateCrossVmEvent
NtCreateDebugObject
NtCreateDirectoryObject
NtCreateDirectoryObjectEx
NtCreateEnclave
NtCreateEnlistment
NtCreateEvent
NtCreateEventPair
NtCreateFile
NtCreateIRTimer
NtCreateIoCompletion
NtCreateJobObject
NtCreateJobSet
NtCreateKey
NtCreateKeyTransacted
NtCreateKeyedEvent
NtCreateLowBoxToken
NtCreateMailslotFile
NtCreateMutant
NtCreateNamedPipeFile
NtCreatePagingFile
NtCreatePartition
NtCreatePort
NtCreatePrivateNamespace
NtCreateProcess
NtCreateProcessEx
NtCreateProfile
NtCreateProfileEx
NtCreateRegistryTransaction
NtCreateResourceManager
NtCreateSection
NtCreateSectionEx
NtCreateSemaphore
NtCreateSymbolicLinkObject
NtCreateThread
NtCreateThreadEx
NtCreateTimer
NtCreateTimer2
NtCreateToken
NtCreateTokenEx
NtCreateTransaction
NtCreateTransactionManager
NtCreateUserProcess
NtCreateWaitCompletionPacket
NtCreateWaitablePort
NtCreateWnfStateName
NtCreateWorkerFactory
NtDebugActiveProcess
NtDebugContinue
NtDelayExecution
NtDeleteAtom
NtDeleteBootEntry
NtDeleteDriverEntry
NtDeleteFile
NtDeleteKey
NtDeleteObjectAuditAlarm
NtDeletePrivateNamespace
NtDeleteValueKey
NtDeleteWnfStateData
NtDeleteWnfStateName
NtDeviceIoControlFile
NtDisableLastKnownGood
NtDisplayString
NtDrawText
NtDuplicateObject
NtDuplicateToken
NtEnableLastKnownGood
NtEnumerateBootEntries
NtEnumerateDriverEntries
NtEnumerateKey
NtEnumerateSystemEnvironmentValuesEx
NtEnumerateTransactionObject
NtEnumerateValueKey
NtExtendSection
NtFilterBootOption
NtFilterToken
NtFilterTokenEx
NtFindAtom
NtFlushBuffersFile
NtFlushBuffersFileEx
NtFlushInstallUILanguage
NtFlushInstructionCache
NtFlushKey
NtFlushProcessWriteBuffers
NtFlushVirtualMemory
NtFlushWriteBuffer
NtFreeUserPhysicalPages
NtFreeVirtualMemory
NtFreezeRegistry
NtFreezeTransactions
NtFsControlFile
NtGetCachedSigningLevel
NtGetCompleteWnfStateSubscription
NtGetContextThread
NtGetCurrentProcessorNumber
NtGetCurrentProcessorNumberEx
NtGetDevicePowerState
NtGetMUIRegistryInfo
NtGetNextProcess
NtGetNextThread
NtGetNlsSectionPtr
NtGetNotificationResourceManager
NtGetTickCount
NtGetWriteWatch
NtImpersonateAnonymousToken
NtImpersonateClientOfPort
NtImpersonateThread
NtInitializeEnclave
NtInitializeNlsFiles
NtInitializeRegistry
NtInitiatePowerAction
NtIsProcessInJob
NtIsSystemResumeAutomatic
NtIsUILanguageComitted
NtListenPort
NtLoadDriver
NtLoadEnclaveData
NtLoadKey
NtLoadKey2
NtLoadKeyEx
NtLockFile
NtLockProductActivationKeys
NtLockRegistryKey
NtLockVirtualMemory
NtMakePermanentObject
NtMakeTemporaryObject
NtManageHotPatch
NtManagePartition
NtMapCMFModule
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtMapViewOfSection
NtMapViewOfSectionEx
NtModifyBootEntry
NtModifyDriverEntry
NtNotifyChangeDirectoryFile
NtNotifyChangeDirectoryFileEx
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtNotifyChangeSession
NtOpenDirectoryObject
NtOpenEnlistment
NtOpenEvent
NtOpenEventPair
NtOpenFile
NtOpenIoCompletion
NtOpenJobObject
NtOpenKey
NtOpenKeyEx
NtOpenKeyTransacted
NtOpenKeyTransactedEx
NtOpenKeyedEvent
NtOpenMutant
NtOpenObjectAuditAlarm
NtOpenPartition
NtOpenPrivateNamespace
NtOpenProcess
NtOpenProcessToken
NtOpenProcessTokenEx
NtOpenRegistryTransaction
NtOpenResourceManager
NtOpenSection
NtOpenSemaphore
NtOpenSession
NtOpenSymbolicLinkObject
NtOpenThread
NtOpenThreadToken
NtOpenThreadTokenEx
NtOpenTimer
NtOpenTransaction
NtOpenTransactionManager
NtPlugPlayControl
NtPowerInformation
NtPrePrepareComplete
NtPrePrepareEnlistment
NtPrepareComplete
NtPrepareEnlistment
NtPrivilegeCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
NtPropagationComplete
NtPropagationFailed
NtProtectVirtualMemory
NtPulseEvent
NtQueryAttributesFile
NtQueryAuxiliaryCounterFrequency
NtQueryBootEntryOrder
NtQueryBootOptions
NtQueryDebugFilterState
NtQueryDefaultLocale
NtQueryDefaultUILanguage
NtQueryDirectoryFile
NtQueryDirectoryFileEx
NtQueryDirectoryObject
NtQueryDriverEntryOrder
NtQueryEaFile
NtQueryEvent
NtQueryFullAttributesFile
NtQueryInformationAtom
NtQueryInformationByName
NtQueryInformationEnlistment
NtQueryInformationFile
NtQueryInformationJobObject
NtQueryInformationPort
NtQueryInformationProcess
NtQueryInformationResourceManager
NtQueryInformationThread
NtQueryInformationToken
NtQueryInformationTransaction
NtQueryInformationTransactionManager
NtQueryInformationWorkerFactory
NtQueryInstallUILanguage
NtQueryIntervalProfile
NtQueryIoCompletion
NtQueryKey
NtQueryLicenseValue
NtQueryMultipleValueKey
NtQueryMutant
NtQueryObject
NtQueryOpenSubKeys
NtQueryOpenSubKeysEx
NtQueryPerformanceCounter
NtQueryPortInformationProcess
NtQueryQuotaInformationFile
NtQuerySection
NtQuerySecurityAttributesToken
NtQuerySecurityObject
NtQuerySecurityPolicy
NtQuerySemaphore
NtQuerySymbolicLinkObject
NtQuerySystemEnvironmentValue
NtQuerySystemEnvironmentValueEx
NtQuerySystemInformation
NtQuerySystemInformationEx

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT
Size: 512B - Virtual size: 505B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 445KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CanalSatViewer/LiteDB/schannel.dll
.dll windows:10 windows x64 arch:x64

166370ad4a8a46f66866e94f4d503b7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

schannel.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

memset
wcscmp
strcmp
wcsnlen
wcsncmp
memmove_s

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
memmove
_o__wcsnicmp
_o__wsplitpath_s
_o_free
_o_malloc
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o__execute_onexit_table
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vsnwprintf_s
_o___std_type_info_destroy_list
wcschr
__C_specific_handler
memcmp
memcpy
__CxxFrameHandler3
__std_terminate
wcsrchr
wcsstr

crypt32

I_CertProcessSslHandshake
CertSerializeCertificateStoreElement
CertSaveStore
CertOpenStore
CertCloseStore
CertAddSerializedElementToStore
CertCreateCertificateChainEngine
CertFreeCertificateContext
CertGetServerOcspResponseContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CryptEncodeObject
CertFindCTLInStore
CertFreeCTLContext
CertNameToStrW
CertCloseServerOcspResponse
CertCreateCertificateContext
CertNameToStrA
CertGetPublicKeyLength
CertDuplicateCertificateContext
CertSetCertificateContextProperty
CertOpenServerOcspResponse
CertGetIntendedKeyUsage
CryptDecodeObjectEx
CertGetNameStringW
CryptImportPublicKeyInfoEx2
CryptImportPublicKeyInfoEx
CertGetCertificateChain
CertFreeCertificateChain
CertCompareCertificateName
CertFindExtension
CertFindChainInStore
CertDuplicateStore
CertControlStore
CryptObjectLocatorGetUpdated
CryptObjectLocatorIsChanged
CryptObjectLocatorRelease
CryptObjectLocatorInitialize
I_CertFinishSslHandshake
CertFreeServerOcspResponseContext
I_CertWnfEnableFlushCache
CryptObjectLocatorGetContent
CryptObjectLocatorGet
CryptObjectLocatorFree
CryptHashCertificate2
CertFreeCertificateChainEngine
CertGetEnhancedKeyUsage
CryptMemFree
CertVerifyCertificateChainPolicy
CertGetCertificateContextProperty
CertAddEncodedCertificateToStore
CryptDecodeObject
CryptFindOIDInfo

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-security-base-l1-1-0

RevertToSelf
EqualSid
CreateWellKnownSid
GetTokenInformation
AllocateLocallyUniqueId
GetLengthSid

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegFlushKey
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-localization-l1-2-0

FormatMessageW

sspicli

LsaLogonUser
LsaFreeReturnBuffer
LsaRegisterLogonProcess
LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
GetUserNameExW
LsaConnectUntrusted
LsaCallAuthenticationPackage

api-ms-win-core-memory-l1-1-0

VirtualProtect
MapViewOfFileEx
VirtualFree
VirtualAlloc
VirtualQuery
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSection
TryAcquireSRWLockExclusive
CreateEventW
InitializeSRWLock
WaitForSingleObjectEx
CreateEventA
ResetEvent
InitializeCriticalSectionAndSpinCount
SetEvent
DeleteCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenThreadToken
TerminateProcess
GetCurrentProcess
SetThreadStackGuarantee
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount
GetWindowsDirectoryW
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CompareFileTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
UnregisterWaitEx
ChangeTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

ntdll

RtlDeleteResource
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
EtwUnregisterTraceGuids
RtlIpv4StringToAddressExW
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlImageNtHeader
WinSqmSetDWORD
RtlRegisterWait
RtlDeregisterWait
NtSetInformationThread
NtEnumerateKey
RtlEqualUnicodeString
RtlGetNtProductType
RtlCopySid
RtlLengthSid
RtlAppendUnicodeToString
RtlSubAuthoritySid
RtlInitializeSid
RtlInitString
RtlAcquireResourceExclusive
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlReleaseResource
RtlAcquireResourceShared
RtlNtStatusToDosErrorNoTeb
NtClose
NtDuplicateObject
RtlNtStatusToDosError
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
EtwEventWriteTransfer
EtwTraceMessage
NtOpenKey
RtlAllocateHeap
NtWaitForSingleObject
RtlDuplicateUnicodeString
NtSetEvent
NtCreateEvent
NtOpenEvent
NtQuerySystemInformation
NtQuerySystemTime
NtQueryValueKey
RtlInitializeResource
NtAllocateVirtualMemory
RtlFreeHeap
RtlCompareUnicodeString
RtlConvertSharedToExclusive
RtlInitAnsiString
RtlIpv6StringToAddressExW
RtlFreeUnicodeString
NtFreeVirtualMemory

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
ApplyControlToken
CompleteAuthToken
DeleteSecurityContext
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
FreeContextBuffer
FreeCredentialsHandle
ImpersonateSecurityContext
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
MakeSignature
QueryContextAttributesA
QueryContextAttributesW
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SealMessage
SpLsaModeInitialize
SpUserModeInitialize
SslCrackCertificate
SslEmptyCacheA
SslEmptyCacheW
SslFreeCertificate
SslFreeCustomBuffer
SslGenerateRandomBits
SslGetExtensions
SslGetMaximumKeySize
SslGetServerIdentity
SslLoadCertificate
UnsealMessage
VerifySignature

Sections

.text
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CanalSatViewer/contenteditable.css
CanalSatViewer/security-prefs.js
Codesoft PW Stealer 0.50/Codesoft PW Stealer 0.50.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codesoft PW Stealer 0.50/aepic.dll
.dll windows:10 windows x64 arch:x64

2b5a38d4fa8fb52bf13456eb07f516b0

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:2f:73:d2:af:28:34:9b:6b:3b:38:4d:f6:75:c4:73:03:b2:d4:ec:82:8f:e4:14:ba:18:41:18:c6:1d:fd:36
Signer

Actual PE Digest

3e:2f:73:d2:af:28:34:9b:6b:3b:38:4d:f6:75:c4:73:03:b2:d4:ec:82:8f:e4:14:ba:18:41:18:c6:1d:fd:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aepic.pdb

Imports

msvcrt

_CxxThrowException
strnlen
?what@exception@@UEBAPEBDXZ
_wcsicmp
___lc_codepage_func
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
___mb_cur_max_func
??1type_info@@UEAA@XZ
memset
abort
__crtCompareStringW
memmove_s
_vsnprintf_s
strncmp
towlower
___lc_collate_cp_func
memcmp
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_wtoi
calloc
??1exception@@UEAA@XZ
memcpy_s
malloc
??0exception@@QEAA@AEBQEBD@Z
_purecall
memmove
___lc_handle_func
__crtLCMapStringW
??0exception@@QEAA@AEBQEBDH@Z
memcpy
setlocale
wcstombs
_vsnwprintf
??0bad_cast@@QEAA@PEBD@Z
__C_specific_handler
??1bad_cast@@UEAA@XZ
free
strtol
realloc
__CxxFrameHandler3
_errno
strncpy_s
??0bad_cast@@QEAA@AEBV0@@Z
_vsnwprintf_s
_vscwprintf
strchr
_set_errno
tolower
__pctype_func
iscntrl
_wsplitpath_s
_onexit
isspace
wcstoul
_wtoi64
sprintf_s
_vsnprintf
strcpy_s
_wcsnicmp
wcschr
wcsrchr
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcscmp

ntdll

RtlGetVersion
RtlReleaseRelativeName
NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
NtQueryKey
WinSqmIsOptedInEx
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlSecondsSince1970ToTime
NtQueryLicenseValue
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
EtwTraceMessage

rpcrt4

UuidCreate

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TlsAlloc
GetThreadPriority
SetThreadPriority
TlsGetValue
ResumeThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId
CreateThread
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
GetRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
EnterCriticalSection
InitializeCriticalSection
SetWaitableTimer
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
OpenWaitableTimerW
CreateEventW
CreateMutexW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObject
SetEvent
InitializeSRWLock
CreateEventExW
ReleaseSRWLockShared
CreateSemaphoreExW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoGetCallContext
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoGetApartmentType
CoTaskMemFree

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
DuplicateTokenEx
SetSecurityDescriptorDacl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHGetThreadRef
SetProcessReference
GetProcessReference

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetLongPathNameW
FindClose
FindNextFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
FindFirstFileW
GetTempFileNameW
WriteFile
CreateFileW
DeleteFileW
GetVolumeInformationByHandleW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetSystemFirmwareTable

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteTreeW
RegSaveKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegUnLoadKeyW
RegLoadAppKeyW
RegLoadKeyW
RegFlushKey
RegSetKeySecurity

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnExpandEnvStringsW
PathFileExistsW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetCurrentDirectoryW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchCanonicalizeEx
PathCchRemoveFileSpec

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW
CreateWaitableTimerW

bcrypt

BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
QueryActCtxW
CreateActCtxW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolTimer
CallbackMayRunLong
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
VariantCopy
VariantChangeType

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
UpdateSoftwareInventoryTC2

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codesoft PW Stealer 0.50/chromedriver.exe
.exe windows:5 windows x86 arch:x86

251f0d264461093c96696e473be023d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

chromedriver.exe.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserW
EventRegister
EventUnregister
EventWrite
InitializeAcl
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
SystemFunction036

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetKnownFolderPath

user32

ActivateKeyboardLayout
AllowSetForegroundWindow
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetQueueStatus
GetWindowLongW
KillTimer
LoadKeyboardLayoutW
MapVirtualKeyW
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassExW
SetTimer
SetWindowLongW
ToUnicode
TranslateMessage
UnregisterClassW
VkKeyScanW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecvFrom
WSAResetEvent
WSASend
WSASendTo
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
htonl
ioctlsocket
listen
ntohs
recv
recvfrom
sendto
setsockopt
shutdown
socket

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AssignProcessToJobObject
CancelIo
ChangeTimerQueueTimer
CloseHandle
CompareStringW
ConnectNamedPipe
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateNamedPipeW
CreateProcessW
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteTimerQueueTimer
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrencyFormatEx
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatEx
GetDiskFreeSpaceExW
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetGeoInfoW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetNumaHighestNodeNumber
GetNumberFormatEx
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessId
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLCID
GetUserGeoID
GetVersionExW
GetWindowsDirectoryW
GlobalFree
GlobalMemoryStatusEx
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OutputDebugStringA
PostQueuedCompletionStatus
QueryDepthSList
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResolveLocaleName
RtlCaptureStackBackTrace
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

iphlpapi

GetAdaptersAddresses

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathMatchSpecW

dbghelp

SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
PropVariantClear

secur32

AcquireCredentialsHandleW
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QuerySecurityPackageInfoW

winhttp

WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpSetTimeouts

crypt32

CertAddEncodedCertificateToStore
CertCloseStore
CertCompareCertificateName
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetIssuerCertificateFromStore
CertOpenStore
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CryptVerifyCertificateSignatureEx

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 1024B - Virtual size: 776B

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

prot
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codesoft PW Stealer 0.50/data/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codesoft PW Stealer 0.50/data/LICENCE.dat
.zip
Codesoft PW Stealer 0.50/data/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codesoft PW Stealer 0.50/data/Leaf.xNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\leaf-xnet\Leaf.xNet\obj\Release\net452\Leaf.xNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codesoft PW Stealer 0.50/data/bcastdvr.proxy.dll
.dll regsvr32 windows:10 windows x86 arch:x86

1b05ea5f90a138982c4f04f953c32511

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

bcastdvr.proxy.pdb

Imports

msvcrt

_except_handler4_common
_initterm
malloc
_XcptFilter
_amsg_exit
free
memcmp

rpcrt4

CStdStubBuffer_Disconnect
NdrOleAllocate
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrStubForwardingFunction
CStdStubBuffer_CountRefs
NdrStubCall2
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal
HSTRING_UserMarshal
HSTRING_UserSize
HSTRING_UserFree

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3
ObjectStublessClient27
CStdStubBuffer2_CountRefs
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient11
CStdStubBuffer2_QueryInterface
ObjectStublessClient19
ObjectStublessClient14
ObjectStublessClient12
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
CStdStubBuffer2_Connect
ObjectStublessClient26
ObjectStublessClient24
ObjectStublessClient10
NdrProxyForwardingFunction3
ObjectStublessClient25
ObjectStublessClient22
ObjectStublessClient18
ObjectStublessClient16
ObjectStublessClient21
ObjectStublessClient29
ObjectStublessClient17

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codesoft PW Stealer 0.50/data/cdpw3.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Codesoft PW Stealer 0.50/data/mathml.dtd
Codesoft PW Stealer 0.50/data/viewsource.css
Codesoft PW Stealer 0.50/quirk.css
Codesoft PW Stealer 0.50/wincharset.properties
Dark IP Stealer - by mana5olia/Dark IP Stealer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark IP Stealer - by mana5olia/Tutorial.txt
Dark IP Stealer - by mana5olia/mcbuilder/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark IP Stealer - by mana5olia/mcbuilder/LICENCE.dat
.zip
Dark IP Stealer - by mana5olia/mcbuilder/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark IP Stealer - by mana5olia/mcbuilder/Tutorial.txt
Dark IP Stealer - by mana5olia/mcbuilder/dis.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Hadi Al Manasrah\Desktop\IP Stealer\Keylogger\Keylogger\Keylogger\obj\Release\Keylogger.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark IP Stealer - by mana5olia/mcbuilder/stub.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Hadi Al Manasrah\Desktop\IP Stealer\Stub\stub\stub\obj\Release\stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark Screen Stealer V2/Dark Screen Stealer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark Screen Stealer V2/chromedriver.exe
.exe windows:5 windows x86 arch:x86

251f0d264461093c96696e473be023d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

chromedriver.exe.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserW
EventRegister
EventUnregister
EventWrite
InitializeAcl
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
SystemFunction036

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetKnownFolderPath

user32

ActivateKeyboardLayout
AllowSetForegroundWindow
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetQueueStatus
GetWindowLongW
KillTimer
LoadKeyboardLayoutW
MapVirtualKeyW
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassExW
SetTimer
SetWindowLongW
ToUnicode
TranslateMessage
UnregisterClassW
VkKeyScanW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecvFrom
WSAResetEvent
WSASend
WSASendTo
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
htonl
ioctlsocket
listen
ntohs
recv
recvfrom
sendto
setsockopt
shutdown
socket

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AssignProcessToJobObject
CancelIo
ChangeTimerQueueTimer
CloseHandle
CompareStringW
ConnectNamedPipe
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateNamedPipeW
CreateProcessW
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteTimerQueueTimer
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrencyFormatEx
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatEx
GetDiskFreeSpaceExW
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetGeoInfoW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetNumaHighestNodeNumber
GetNumberFormatEx
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessId
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLCID
GetUserGeoID
GetVersionExW
GetWindowsDirectoryW
GlobalFree
GlobalMemoryStatusEx
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OutputDebugStringA
PostQueuedCompletionStatus
QueryDepthSList
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResolveLocaleName
RtlCaptureStackBackTrace
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

iphlpapi

GetAdaptersAddresses

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathMatchSpecW

dbghelp

SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
PropVariantClear

secur32

AcquireCredentialsHandleW
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QuerySecurityPackageInfoW

winhttp

WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpSetTimeouts

crypt32

CertAddEncodedCertificateToStore
CertCloseStore
CertCompareCertificateName
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetIssuerCertificateFromStore
CertOpenStore
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CryptVerifyCertificateSignatureEx

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 1024B - Virtual size: 776B

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

prot
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark Screen Stealer V2/designmode.css
Dark Screen Stealer V2/node/CPFilters.dll
.dll regsvr32 windows:10 windows x64 arch:x64

7afea2ed1708d746b6cb468206853322

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CPFilters.pdb

Imports

msvcrt

_wtol
tolower
_CxxThrowException
wcschr
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
__CxxFrameHandler3
_onexit
_wcsnicmp
realloc
_XcptFilter
??1type_info@@UEAA@XZ
memcpy
memset
memcmp
_wcsicmp
memmove
sscanf_s
wcsncmp
isupper
wcsstr
swscanf
_beginthreadex
_endthread
swprintf_s
iswxdigit
swscanf_s
srand
wcsncpy_s
strnlen
strcat_s
wcstoul
wcscat_s
strncpy_s
wcsnlen
_time32
time
rand
??0exception@@QEAA@XZ
_vsnwprintf_s
_callnewh
malloc
free
__C_specific_handler
_vsnwprintf
memmove_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
memcpy_s
wcspbrk
wcscmp

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetPersistedStateLocation
RtlCaptureContext

advapi32

RegDeleteKeyW
CryptAcquireContextA
TraceMessage
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptGenRandom
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy

kernel32

DebugBreak
LocalAlloc
GlobalAlloc
GlobalFree
GetVersion
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetProcessHeap
HeapAlloc
FreeEnvironmentStringsW
DeviceIoControl
GetDiskFreeSpaceW
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
GetSystemTime
GetGeoInfoA
IsDebuggerPresent
RaiseException
WriteFile
ReadFile
lstrlenW
SetFilePointer
GlobalLock
GetFileSize
GlobalUnlock
CompareStringW
lstrlenA
FreeEnvironmentStringsA
TerminateProcess
ExpandEnvironmentStringsW
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DecodeSystemPointer
Sleep
OutputDebugStringW
EncodeSystemPointer
DeleteCriticalSection
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
ResumeThread
GetLastError
RaiseFailFastException
GetCurrentThread
CloseHandle
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetVersionExW
GetModuleFileNameA
MultiByteToWideChar
lstrcmpW
CreateEventW
ResetEvent
GetCurrentThreadId
SetEvent
CreateThread
GetTickCount
SetThreadPriority
lstrcmpiW
CompareFileTime
GetSystemTimeAsFileTime
WideCharToMultiByte
GetLocalTime
SystemTimeToFileTime
GetSystemFirmwareTable
LocalFree
GetTickCount64
GetModuleHandleExW
CreateFileW

ole32

CoFileTimeNow
PropVariantClear
CLSIDFromString
PropVariantCopy
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoTaskMemFree

oleaut32

SafeArrayGetUBound
SafeArrayDestroy
VariantCopy
VariantChangeType
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit
SafeArrayCreate
SysStringByteLen

slc

SLGetWindowsInformationDWORD

winmm

timeGetTime

wintrust

CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperProvDataFromStateData

mfplat

MFCreateCollection

ws2_32

htonl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UpdatePlayready

Sections

.text
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark Screen Stealer V2/node/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark Screen Stealer V2/node/LICENCE.dat
.zip
Dark Screen Stealer V2/node/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark Screen Stealer V2/node/dst.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Hadi Al Manasrah\My Documents\Visual Studio 2008\Projects\Screen Stealer V 2.0\Dark Screen Stealer\Dark Screen Stealer\obj\Debug\Dark Screen Stealer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 231B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark Screen Stealer V2/node/opengl32.dll
.dll windows:10 windows x64 arch:x64

deac43293469a2560a8e6db37b559d90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

opengl32.pdb

Imports

msvcrt

qsort
wcsspn
strncmp
toupper
wcsncmp
wcsrchr
wcsstr
_wcslwr
wcscat_s
wcscpy_s
_wcsicmp
swscanf_s
swprintf_s
_wcsnicmp
memmove_s
wcschr
_purecall
??3@YAXPEAX@Z
_wtoi
memcpy_s
_vsnwprintf
malloc
free
memmove
memcpy
_initterm
_lock
memcmp
floor
cos
ceil
atan2
_unlock
__dllonexit
_onexit
sin
__C_specific_handler
memset
_amsg_exit
_XcptFilter
wcstol
pow
sqrt

kernel32

GetLongPathNameW
GetCurrentPackageFamilyName
CreateThreadpoolTimer
SetThreadpoolTimer
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitOnceComplete
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
FormatMessageW
OpenProcess
GetApplicationUserModelId
ReleaseMutex
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
K32GetModuleFileNameExW
GetModuleFileNameW
GetPackageFamilyName
GetCurrentApplicationUserModelId
GetModuleHandleExW
ReleaseSemaphore
CreateSemaphoreExW
InitOnceBeginInitialize
GetModuleFileNameA
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
CreateThread
DebugBreak
OpenThread
Sleep
CloseHandle
TerminateThread
WaitForSingleObject
GetModuleHandleW
AcquireSRWLockShared
ReleaseSRWLockShared
MulDiv
FreeLibrary
LoadLibraryW
GetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
HeapReAlloc
TlsFree
TlsGetValue
VerifyVersionInfoW
GetProcessHeap
VerSetConditionMask
DeleteCriticalSection
GetProcAddress
CreateMutexExW
TlsAlloc
GetModuleHandleA
GetVersionExW
SetErrorMode
InitializeCriticalSection
VirtualAlloc
VirtualFree
HeapFree
TlsSetValue
GetDriveTypeW
ExpandEnvironmentStringsW
LoadLibraryExW
HeapAlloc
DelayLoadFailureHook
ResolveDelayLoadedAPI
FindClose
FindNextFileW
FindFirstFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

RegCloseKey
EventWriteTransfer
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
EventRegister
EventSetInformation
EventUnregister

user32

GetClientRect
FillRect
DefWindowProcW
GetSystemMetrics
WindowFromDC
DisplayConfigGetDeviceInfo
EnumDisplayDevicesA
GetDisplayConfigBufferSizes
QueryDisplayConfig
GetMonitorInfoW
GetWindowLongPtrW
SetWindowLongPtrW
PostMessageW
GetDC
ReleaseDC
GetWindowThreadProcessId
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
RegisterClassW
CallWindowProcW
ClientToScreen
InvalidateRect
IsWindow

ntdll

ZwQueryValueKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlGUIDFromString
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUpcaseUnicodeString
RtlUnicodeStringToAnsiString
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlGetVersion
RtlInitUnicodeStringEx
NtClose
RtlRunOnceExecuteOnce
ZwQueryKey
ZwEnumerateValueKey
RtlUnicodeStringToInteger
RtlCopyUnicodeString
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlInitUnicodeString
NtQueryValueKey
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
NtQueryWnfStateData
NtQueryInformationProcess
DbgPrint
ZwOpenKey

gdi32

SelectObject
GetPixelFormat
SwapBuffers
DescribePixelFormat
SetROP2
SetDIBitsToDevice
PolyPolyline
CreatePen
GetSystemPaletteEntries
CreateSolidBrush
GetPixel
SetBitmapBits
GdiFlush
BitBlt
GetBitmapBits
SetPixel
RealizePalette
GetNearestPaletteIndex
CreatePalette
CreateDIBSection
SetDIBColorTable
GetPaletteEntries
GetDIBColorTable
GetGlyphOutlineA
SelectPalette
GdiSetPixelFormat
GdiDescribePixelFormat
GdiSwapBuffers
D3DKMTPresent
D3DKMTSubmitPresentToHwQueue
D3DKMTSetVidPnSourceOwner1
ExtTextOutA
CreateCompatibleDC
GetLayout
GetCharABCWidthsA
GetDIBits
SetTextColor
GetOutlineTextMetricsW
GetCharABCWidthsW
SetBkColor
GetTextMetricsA
SetMapMode
CreateBitmap
SetTextAlign
GetCharWidthA
ExtTextOutW
GetCharWidthW
CreateCompatibleBitmap
D3DKMTCloseAdapter
GetObjectW
GetGlyphOutlineW
DeleteObject
CreateFontIndirectW
GetCurrentObject
D3DKMTGetCachedHybridQueryValue
D3DKMTCacheHybridQueryValue
GetStockObject
SetBkMode
D3DKMTOpenAdapterFromLuid
GetDeviceCaps
DeleteDC
ExtEscape
CreateDCA
D3DKMTQueryAdapterInfo
GetObjectType
ModifyWorldTransform
GetWindowExtEx
GetWorldTransform
GetClipRgn
GetWindowOrgEx
CreateRectRgn
GetViewportExtEx
GetMapMode
GetViewportOrgEx

glu32

gluTessCallback
gluDeleteTess
gluTessNormal
gluTessProperty
gluNewTess
gluTessBeginContour
gluTessBeginPolygon
gluTessEndContour
gluTessVertex
gluTessEndPolygon

api-ms-win-core-com-l1-1-0

CoTaskMemFree

Exports

Exports

GlmfBeginGlsBlock
GlmfCloseMetaFile
GlmfEndGlsBlock
GlmfEndPlayback
GlmfInitPlayback
GlmfPlayGlsRecord
glAccum
glAlphaFunc
glAreTexturesResident
glArrayElement
glBegin
glBindTexture
glBitmap
glBlendFunc
glCallList
glCallLists
glClear
glClearAccum
glClearColor
glClearDepth
glClearIndex
glClearStencil
glClipPlane
glColor3b
glColor3bv
glColor3d
glColor3dv
glColor3f
glColor3fv
glColor3i
glColor3iv
glColor3s
glColor3sv
glColor3ub
glColor3ubv
glColor3ui
glColor3uiv
glColor3us
glColor3usv
glColor4b
glColor4bv
glColor4d
glColor4dv
glColor4f
glColor4fv
glColor4i
glColor4iv
glColor4s
glColor4sv
glColor4ub
glColor4ubv
glColor4ui
glColor4uiv
glColor4us
glColor4usv
glColorMask
glColorMaterial
glColorPointer
glCopyPixels
glCopyTexImage1D
glCopyTexImage2D
glCopyTexSubImage1D
glCopyTexSubImage2D
glCullFace
glDebugEntry
glDeleteLists
glDeleteTextures
glDepthFunc
glDepthMask
glDepthRange
glDisable
glDisableClientState
glDrawArrays
glDrawBuffer
glDrawElements
glDrawPixels
glEdgeFlag
glEdgeFlagPointer
glEdgeFlagv
glEnable
glEnableClientState
glEnd
glEndList
glEvalCoord1d
glEvalCoord1dv
glEvalCoord1f
glEvalCoord1fv
glEvalCoord2d
glEvalCoord2dv
glEvalCoord2f
glEvalCoord2fv
glEvalMesh1
glEvalMesh2
glEvalPoint1
glEvalPoint2
glFeedbackBuffer
glFinish
glFlush
glFogf
glFogfv
glFogi
glFogiv
glFrontFace
glFrustum
glGenLists
glGenTextures
glGetBooleanv
glGetClipPlane
glGetDoublev
glGetError
glGetFloatv
glGetIntegerv
glGetLightfv
glGetLightiv
glGetMapdv
glGetMapfv
glGetMapiv
glGetMaterialfv
glGetMaterialiv
glGetPixelMapfv
glGetPixelMapuiv
glGetPixelMapusv
glGetPointerv
glGetPolygonStipple
glGetString
glGetTexEnvfv
glGetTexEnviv
glGetTexGendv
glGetTexGenfv
glGetTexGeniv
glGetTexImage
glGetTexLevelParameterfv
glGetTexLevelParameteriv
glGetTexParameterfv
glGetTexParameteriv
glHint
glIndexMask
glIndexPointer
glIndexd
glIndexdv
glIndexf
glIndexfv
glIndexi
glIndexiv
glIndexs
glIndexsv
glIndexub
glIndexubv
glInitNames
glInterleavedArrays
glIsEnabled
glIsList
glIsTexture
glLightModelf
glLightModelfv
glLightModeli
glLightModeliv
glLightf
glLightfv
glLighti
glLightiv
glLineStipple
glLineWidth
glListBase
glLoadIdentity
glLoadMatrixd
glLoadMatrixf
glLoadName
glLogicOp
glMap1d
glMap1f
glMap2d
glMap2f
glMapGrid1d
glMapGrid1f
glMapGrid2d
glMapGrid2f
glMaterialf
glMaterialfv
glMateriali
glMaterialiv
glMatrixMode
glMultMatrixd
glMultMatrixf
glNewList
glNormal3b
glNormal3bv
glNormal3d
glNormal3dv
glNormal3f
glNormal3fv
glNormal3i
glNormal3iv
glNormal3s
glNormal3sv
glNormalPointer
glOrtho
glPassThrough
glPixelMapfv
glPixelMapuiv
glPixelMapusv
glPixelStoref
glPixelStorei
glPixelTransferf
glPixelTransferi
glPixelZoom
glPointSize
glPolygonMode
glPolygonOffset
glPolygonStipple
glPopAttrib
glPopClientAttrib
glPopMatrix
glPopName
glPrioritizeTextures
glPushAttrib
glPushClientAttrib
glPushMatrix
glPushName
glRasterPos2d
glRasterPos2dv
glRasterPos2f
glRasterPos2fv
glRasterPos2i
glRasterPos2iv
glRasterPos2s
glRasterPos2sv
glRasterPos3d
glRasterPos3dv
glRasterPos3f
glRasterPos3fv
glRasterPos3i
glRasterPos3iv
glRasterPos3s
glRasterPos3sv
glRasterPos4d
glRasterPos4dv
glRasterPos4f
glRasterPos4fv
glRasterPos4i
glRasterPos4iv
glRasterPos4s
glRasterPos4sv
glReadBuffer
glReadPixels
glRectd
glRectdv
glRectf
glRectfv
glRecti
glRectiv
glRects
glRectsv
glRenderMode
glRotated
glRotatef
glScaled
glScalef
glScissor
glSelectBuffer
glShadeModel
glStencilFunc
glStencilMask
glStencilOp
glTexCoord1d
glTexCoord1dv
glTexCoord1f
glTexCoord1fv
glTexCoord1i
glTexCoord1iv
glTexCoord1s
glTexCoord1sv
glTexCoord2d
glTexCoord2dv
glTexCoord2f
glTexCoord2fv
glTexCoord2i
glTexCoord2iv
glTexCoord2s
glTexCoord2sv
glTexCoord3d
glTexCoord3dv
glTexCoord3f
glTexCoord3fv
glTexCoord3i
glTexCoord3iv
glTexCoord3s
glTexCoord3sv
glTexCoord4d
glTexCoord4dv
glTexCoord4f
glTexCoord4fv
glTexCoord4i
glTexCoord4iv
glTexCoord4s
glTexCoord4sv
glTexCoordPointer
glTexEnvf
glTexEnvfv
glTexEnvi
glTexEnviv
glTexGend
glTexGendv
glTexGenf
glTexGenfv
glTexGeni
glTexGeniv
glTexImage1D
glTexImage2D
glTexParameterf
glTexParameterfv
glTexParameteri
glTexParameteriv
glTexSubImage1D
glTexSubImage2D
glTranslated
glTranslatef
glVertex2d
glVertex2dv
glVertex2f
glVertex2fv
glVertex2i
glVertex2iv
glVertex2s
glVertex2sv
glVertex3d
glVertex3dv
glVertex3f
glVertex3fv
glVertex3i
glVertex3iv
glVertex3s
glVertex3sv
glVertex4d
glVertex4dv
glVertex4f
glVertex4fv
glVertex4i
glVertex4iv
glVertex4s
glVertex4sv
glVertexPointer
glViewport
wglChoosePixelFormat
wglCopyContext
wglCreateContext
wglCreateLayerContext
wglDeleteContext
wglDescribeLayerPlane
wglDescribePixelFormat
wglGetCurrentContext
wglGetCurrentDC
wglGetDefaultProcAddress
wglGetLayerPaletteEntries
wglGetPixelFormat
wglGetProcAddress
wglMakeCurrent
wglRealizeLayerPalette
wglSetLayerPaletteEntries
wglSetPixelFormat
wglShareLists
wglSwapBuffers
wglSwapLayerBuffers
wglSwapMultipleBuffers
wglUseFontBitmapsA
wglUseFontBitmapsW
wglUseFontOutlinesA
wglUseFontOutlinesW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark Screen Stealer V2/node/stub.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Hadi Al Manasrah\My Documents\Visual Studio 2008\Projects\Screen Stealer V 2.0\Screen Stealer\Screen Stealer\obj\Debug\Screen Stealer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dark Screen Stealer V2/shell32.dll
.dll regsvr32 windows:10 windows x64 arch:x64

f97ab8ac730f427e1f34cef66fb42a94

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:85:26:e2:39:ed:75:06:05:72:ce:b8:95:25:e7:b4:14:16:04:09:5d:2a:ad:b1:3c:76:78:d2:a0:ac:b7:81
Signer

Actual PE Digest

af:85:26:e2:39:ed:75:06:05:72:ce:b8:95:25:e7:b4:14:16:04:09:5d:2a:ad:b1:3c:76:78:d2:a0:ac:b7:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shell32.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsspn
memset
wcscmp
wcsncmp
wcscspn
wcspbrk

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o_sqrt
_o_srand
_o_strncpy_s
_o_toupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
strchr
wcsrchr
__std_terminate
__CxxFrameHandler3
_o__ui64tow_s
_o_realloc
_o_rand
_o_qsort
_o_pow
_o_malloc
_o__strnicmp
_o_log
memmove
_o_iswalpha
_o__set_errno
_o__seh_filter_dll
_o__resetstkoflw
_o__register_onexit_function
_o_isdigit
_o_isalpha
_o__purecall
_o_free
_o_floor
_o_exp
_o_ceil
_o_calloc
_o_bsearch
_o__wtoi
_o__wcsupr
_o__wcstoui64
_o__wcsnicmp
_o__wcsicmp
_o__itow
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
wcschr
wcsstr
__C_specific_handler
memcmp
memcpy

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree
GlobalAlloc
LocalReAlloc

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
RegOpenCurrentUser
RegQueryInfoKeyA
RegDeleteTreeW
RegOpenKeyExW
RegGetKeySecurity
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegEnumValueW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
EnumResourceNamesExW
LoadResource
LoadLibraryExA
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls
FindResourceExW
FreeResource
LockResource
LoadLibraryExW
SizeofResource
LoadStringA
FindStringOrdinal
GetModuleHandleExW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount64
GetSystemTime
GlobalMemoryStatusEx
GetSystemDirectoryW
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount
GetVersionExW
GetLocalTime

api-ms-win-core-memory-l1-1-0

MapViewOfFile
WriteProcessMemory
UnmapViewOfFile
VirtualQuery
VirtualAlloc
VirtualProtect
ReadProcessMemory
OpenFileMappingW
CreateFileMappingW
VirtualFree

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
GetFileAttributesExW
GetFileInformationByHandle
CompareFileTime
DefineDosDeviceW
GetFileAttributesW
GetFileSizeEx
LocalFileTimeToFileTime
RemoveDirectoryW
FindFirstFileExW
FileTimeToLocalFileTime
WriteFile
GetFullPathNameW
GetShortPathNameW
SetFilePointer
GetLongPathNameW
FindFirstVolumeW
DeleteFileW
GetFileSize
ReadFile
GetTempFileNameW
FindNextVolumeW
GetDiskFreeSpaceW
FindClose
FindNextFileW
CreateFileW
FindVolumeClose
GetDiskFreeSpaceExW
SetFileTime
FindFirstFileW
GetVolumePathNameW
GetVolumeInformationW
SetEndOfFile
CreateDirectoryW
GetLogicalDrives
SetFileInformationByHandle
FlushFileBuffers
SetFilePointerEx
SetFileAttributesW
GetDriveTypeW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
GetStringTypeW
CompareStringW
MultiByteToWideChar
CompareStringEx
GetStringTypeExW
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

ResetEvent
SetEvent
CreateSemaphoreExW
CreateEventW
EnterCriticalSection
OpenEventW
AcquireSRWLockShared
ReleaseSemaphore
CreateMutexExW
ReleaseSRWLockShared
ReleaseMutex
SetWaitableTimer
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateMutexW
CreateEventExW
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
TryAcquireSRWLockShared
TryEnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
LeaveCriticalSection
InitializeCriticalSection
OpenMutexW
TryAcquireSRWLockExclusive
CreateWaitableTimerExW
WaitForSingleObject
AcquireSRWLockExclusive
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
TlsGetValue
TlsSetValue
SetThreadToken
GetCurrentProcess
SetThreadPriority
GetThreadPriority
OpenThread
GetThreadId
GetExitCodeThread
TlsAlloc
GetProcessId
ExitProcess
GetExitCodeProcess
ProcessIdToSessionId
CreateProcessAsUserW
GetCurrentThread
OpenThreadToken
ResumeThread
SetPriorityClass
TlsFree
CreateThread
CreateProcessW

api-ms-win-core-string-l2-1-0

CharPrevW
CharLowerW
CharUpperW
CharLowerBuffW
CharUpperBuffW
CharNextW
IsCharAlphaW

api-ms-win-core-file-l2-1-0

MoveFileExW
ReadDirectoryChangesW
ReplaceFileW
CreateHardLinkW
GetFileInformationByHandleEx
CopyFile2

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsA
SetEnvironmentVariableW
SearchPathW
SetCurrentDirectoryW
GetEnvironmentVariableW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AccessCheck
DeleteAce
DuplicateTokenEx
GetSecurityDescriptorOwner
ImpersonateSelf
RevertToSelf
IsWellKnownSid
GetSidIdentifierAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthorityCount
InitializeAcl
InitializeSid
GetSidSubAuthority
GetFileSecurityW
CheckTokenMembership
CreateWellKnownSid
EqualSid
GetTokenInformation
GetSecurityDescriptorControl
DuplicateToken
SetFileSecurityW
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAce
GetAce
SetSecurityDescriptorOwner
GetAclInformation
SetTokenInformation
CopySid
GetLengthSid
IsValidSid
GetSidLengthRequired
AdjustTokenPrivileges
FreeSid

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringEx
GetUserDefaultLangID
GetThreadLocale
VerLanguageNameW
FindNLSStringEx
LocaleNameToLCID
GetThreadUILanguage
GetSystemPreferredUILanguages
IsValidLocaleName
GetACP
ResolveLocaleName
GetSystemDefaultLCID
LCMapStringW
IsDBCSLeadByte
GetSystemDefaultLangID
GetUserDefaultLCID
GetUserPreferredUILanguages
FindNLSString
GetCPInfo
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformationForYear
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
FlushInstructionCache

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
QueryFullProcessImageNameW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchRemoveExtension
PathCchStripPrefix
PathCchRemoveFileSpec
PathAllocCanonicalize
PathCchAppend
PathCchAppendEx
PathCchRemoveBackslash
PathCchSkipRoot
PathCchAddExtension
PathCchAddBackslash
PathAllocCombine
PathCchRenameExtension
PathIsUNCEx
PathCchAddBackslashEx
PathCchCombineEx
PathCchCombine
PathCchStripToRoot

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
GetQueuedCompletionStatus
CancelIoEx
DeviceIoControl
CreateIoCompletionPort

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW
IsWow64Process2
Wow64SetThreadDefaultGuestMachine

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_IDW
CM_Locate_DevNodeW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventActivityIdControl
EventProviderEnabled

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
StrCmpNIA
StrCmpNA
StrChrW
StrChrIW
StrChrIA
StrChrA
StrRChrA
StrRChrIA
StrPBrkW
StrCpyNXW
StrRChrIW
StrRChrW
StrSpnW
StrToIntA
StrCmpNW
StrCSpnW
StrRStrIA
StrRStrIW
StrStrA
StrCmpLogicalW
StrStrIA
StrStrIW
StrCmpNICW
StrCmpW
StrDupA
StrStrW
StrCmpICW
StrTrimW
StrDupW
StrToIntExW
StrCmpICA
StrCmpIW
StrToIntW
QISearch
StrCmpNCW
StrCmpCW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpA
lstrcmpiA

api-ms-win-core-stringansi-l1-1-0

CharNextA
CharPrevA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalFlags
LocalSize
GlobalLock
GlobalSize
GlobalReAlloc

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW
GetNumberFormatW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileSectionW
GetProfileSectionW
WritePrivateProfileStringW

api-ms-win-core-atoms-l1-1-0

FindAtomW
GlobalAddAtomW
GlobalGetAtomNameW
GlobalDeleteAtom
GetAtomNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathQuoteSpacesW
PathFindFileNameW
SHExpandEnvironmentStringsA
PathIsUNCW
PathAppendW
SHExpandEnvironmentStringsW
PathCommonPrefixW
PathIsSameRootW
PathGetDriveNumberW
PathFindExtensionW
IsCharSpaceW
PathAppendA
PathIsRootA
PathRemoveFileSpecA
PathRemoveBackslashW
PathIsUNCServerW
PathGetCharTypeW
PathIsFileSpecW
PathIsValidCharW
PathStripPathW
PathGetArgsW
PathRemoveBlanksW
PathMatchSpecExW
PathIsUNCServerShareW
PathUnquoteSpacesW
PathUnExpandEnvStringsW
PathParseIconLocationW
PathFindNextComponentW
PathIsRelativeW
PathIsRootW
PathStripToRootW
PathMatchSpecW
PathRemoveFileSpecW
PathFileExistsW
PathIsPrefixW
PathSkipRootW
PathCombineW
PathAddBackslashW
PathRemoveExtensionW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
GetShortPathNameA
GetSystemPowerStatus
MulDiv
WTSGetActiveConsoleSessionId
SetVolumeLabelW
RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerSetRequest
PowerClearRequest

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-kernel32-legacy-l1-1-2

GetBinaryTypeW

api-ms-win-core-url-l1-1-0

UrlApplySchemeW
PathIsURLW
UrlIsW
PathCreateFromUrlW
UrlEscapeW
UrlUnescapeW
UrlUnescapeA
PathCreateFromUrlAlloc
UrlCreateFromPathW
UrlCanonicalizeW
ParseURLW
HashData
UrlCompareW
UrlFixupW
UrlGetPartW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegCloseUSKey
SHRegEnumUSKeyW
SHRegGetUSValueW
SHRegGetBoolUSValueW
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegOpenUSKeyA

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ActivateActCtx
QueryActCtxW
ReleaseActCtx
CreateActCtxW

api-ms-win-shcore-path-l1-1-0

ord172
ord170

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-storage-exports-internal-l1-1-0

CFSFolder_CreateFolder
SHGetKnownFolderIDList
SHGetFolderPathEx
CMruLongList_CreateInstance
IsLibraryCreatedByPolicy
IsLibraryPolicyEnabled
SendNotificationsForLibraryItem
CShellItemArrayWithCommonParent_CreateInstance
CShellItemArrayAsVirtualizedObjectArray_CreateInstance
CPrivateProfileCache_Save
CTaskAddDoc_Create
StateRepoVerbsCache_GetContextMenuVerbs
GetRegDataDrivenCommandWithAssociation
Global_WindowsStorage_lProcessClassCount
StateRepoVerbsCache_RebuildCacheAsync
Global_WindowsStorage_Untyped_FileClassSRWLock
Global_WindowsStorage_Untyped_pFileHanderMap
SHGetSpecialFolderLocation
CreateExtrinsicPropertyStore
GetInfoForFileInUse
DataAccessCaches_InvalidateForLibrary
CRegFolder_CreateAndInit
_CleanRecentDocs
CreateLocalizationDesktopIni
CCachedShellItem_CreateInstance
CFSFolder_AdjustForSlowColumn
HideExtension
SHCreateItemWithParentAndChildId
_PredictReasonableImpact
RegistryVerbs_GetHandlerMultiSelectModel
IsNameListedUnderKey
CopyDefaultLibrariesFromGroupPolicy
SHGetKnownFolderIDList_Internal
CreateItemArrayFromItemStore
GetFileUndoText
Global_WindowsStorage_ulNextID
Global_WindowsStorage_tlsChangeClientProxy
Global_WindowsStorage_hwndSCN
Global_WindowsStorage_csSCN
CShellItemArray_CreateInstance
Global_WindowsStorage_Untyped_MountPoint
Global_WindowsStorage_fIconCacheHasBeenSuccessfullyCreated
Global_WindowsStorage_fNeedsInitBroadcast
Global_WindowsStorage_iLastSysIcon
Global_WindowsStorage_lrFlags
Global_WindowsStorage_csIconCache
Global_WindowsStorage_iLastSystemColorDepth
Global_WindowsStorage_MaxIcons
Global_WindowsStorage_afNotRedirected
Global_WindowsStorage_fIconCacheIsValid
Global_WindowsStorage_ccIcon
Global_WindowsStorage_fEndInitialized
Global_WindowsStorage_dwThreadInitializing
GetRegDataDrivenCommand
GetSelectionStateFromItemArray
SetThreadFlags
SHResolveLibrary
SHSetFolderPathW
SHSetFolderPathA
SHGetFolderPathAndSubDirA
SHKnownFolderFromCSIDL
SHPrepareKnownFoldersCommon
SHPrepareKnownFoldersUser
CustomStatePropertyDescription_CreateWithItemPropertyStore
CDesktopFolder_CreateInstanceWithBindContext
Global_WindowsStorage_dwThreadBindCtx
CShellItem_CreateInstance
CFileOperationRecorder_CreateInstance
Global_WindowsStorage_iUseLinkPrefix
Global_WindowsStorage_Untyped_rgshil
CShellItemArrayAsCollection_CreateInstance
GetThreadFlags
Global_WindowsStorage_tlsIconCache
GetFindDataForPath
SHGetKnownFolderItem
CViewSettings_CreateInstance
Global_WindowsStorage_Untyped_pFileClassCacheTable
EnumShellItemsFromEnumFullIdList
SHFileOperationWithAdditionalFlags
CreateSortColumnArray
CreateItemArrayFromObjectArray
Global_WindowsStorage_esServerMode
GetCommandProviderForFolderType
CCollectionFactory_CreateInstance
DetermineFolderDestinationParentAppID

api-ms-win-storage-exports-external-l1-1-0

STORAGE_MakeDestinationItem
STORAGE_ClearDestinationsForAllApps
STORAGE_AddNewFolderToFrequentPlaces
STORAGE_SHAddToRecentDocsEx
STORAGE_SHAddToRecentDocs
STORAGE_AddItemToRecentDocs
STORAGE_CEnumFiles_CreateInstance
STORAGE_SHPathPrepareForWriteA
STORAGE_SHPathPrepareForWriteW
STORAGE_SHValidateMSUri
STORAGE_SHGetPathFromMsUri
STORAGE_GetSystemPersistedStorageItemList
STORAGE_CreateStorageItemFromPath_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromPath_PartialTrustCaller
STORAGE_GetShellItemFromStorageItem
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
STORAGE_CreateSortColumnArrayFromListDesc
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller
STORAGE_CreateStorageItemFromPath_FullTrustCaller
STORAGE_CStorageItem_GetValidatedStorageItemObject
STORAGE_CStorageItem_GetValidatedStorageItem
STORAGE_SHFreeNameMappings
STORAGE_SHFileOperation
STORAGE_SHFileOperationA
STORAGE_SHCreateDirectoryExA
STORAGE_SHCreateDirectory
STORAGE_SHConfirmOperation
STORAGE_SHCreateShellItemArrayFromShellItem
STORAGE_SHCreateShellItemArrayFromIDLists
STORAGE_SHCreateShellItemArrayFromDataObject
STORAGE_SHCreateShellItemArray
STORAGE_SHGetDesktopFolderWorker

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-shell-shellfolders-l1-1-0

SHSetKnownFolderPath
SHGetFolderPathAndSubDirW
SHGetFolderLocation
SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetKnownFolderPath

kernelbase

GetPackagesByPackageFamily
GetCurrentPackageInfo
ClosePackageInfo
OpenState
OpenStateExplicit
GetStateFolder
CloseState
ExtensionProgIdExists
GetExtensionProgIds
GetEffectivePackageStatusForUser
PackageNameAndPublisherIdFromFamilyName
NotifyRedirectedStringChange
GetStagedPackagePathByFullName
OpenPackageInfoByFullName
GetPackageInfo
GetPackageFullName
GetSystemAppDataKey

user32

GetMenuState
CountClipboardFormats
IsHungAppWindow
GetClipboardOwner
ExitWindowsEx
LoadImageW
SetRect
CopyRect
GetMonitorInfoW
MonitorFromPoint
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
ChangeWindowMessageFilterEx
RegisterWindowMessageW
GetMessagePos
GetKeyboardLayout
OffsetRect
SetClipboardViewer
TranslateAcceleratorW
CreateMenu
InsertMenuW
EndMenu
DestroyAcceleratorTable
PtInRect
GetMessageExtraInfo
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
ChangeClipboardChain
MapWindowPoints
GetMenuItemID
EnableMenuItem
InsertMenuItemW
GetFocus
CheckMenuItem
CheckMenuRadioItem
AppendMenuW
GetDoubleClickTime
MessageBeep
TrackPopupMenu
SetMessageExtraInfo
SetMenuDefaultItem
SetMenuItemInfoW
LoadAcceleratorsW
GetMenuStringW
GetDesktopWindow
GetForegroundWindow
ReleaseDC
GetDC
NotifyWinEvent
SendNotifyMessageW
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
EnumWindows
IsWindow
WaitForInputIdle
GetWindowThreadProcessId
GetMenuDefaultItem
GetLastActivePopup
SwitchToThisWindow
GetCursorPos
RegisterClipboardFormatW
GetWindow
FindWindowW
GetClassNameW
GetAncestor
EnableWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
SetForegroundWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
LoadMenuW
GetSubMenu
RemoveMenu
GetParent
IsDlgButtonChecked
CheckDlgButton
DeleteMenu
DestroyMenu
CreatePopupMenu
PostMessageW
SetProcessDPIAware
DispatchMessageW
TranslateMessage
GetMessageW
SetFocus
IsWindowVisible
DrawEdge
GetSysColorBrush
FillRect
EndPaint
BeginPaint
GetUpdateRect
TrackMouseEvent
UpdateWindow
GetWindowRect
DefWindowProcW
RegisterClassW
KillTimer
SetTimer
GetKeyState
InflateRect
AdjustWindowRectEx
DestroyWindow
SetWindowLongW
GetWindowLongW
DrawFocusRect
DrawIcon
GetSysColor
EndDialog
GetWindowLongPtrW
SetWindowLongPtrW
GetWindowTextW
SetWindowPos
GetClientRect
ShowWindow
SetWindowTextW
GetDlgItem
InvalidateRect
LoadCursorW
SetCursor
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
ScreenToClient
SendMessageW
LookupIconIdFromDirectory
CreateIconIndirect
GetIconInfo
DestroyIcon
PrivateExtractIconsW
LoadIconW
GetSystemMetrics
ModifyMenuW
IsMenu
DrawTextW
SetPropW
RemovePropW
GetPropW
CopyIcon
IsIconic
SendMessageTimeoutW
GetScrollInfo
RegisterClassExW
SetWindowCompositionAttribute
EnumDisplayDevicesW
UnionRect
IsChild
UpdateLayeredWindow
ord2521
SetCapture
IsDialogMessageW
SetDialogDpiChangeBehavior
PostThreadMessageW
GetSystemMenu
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
WindowFromPoint
SetParent
IsRectEmpty
ClientToScreen
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
LoadBitmapW
GetMessageTime
CreateAcceleratorTableW
EnumDisplayMonitors
SetShellWindowEx
GetClassLongPtrW
EnumDisplaySettingsW
ord2707
LockWindowUpdate
WaitMessage
DdeQueryConvInfo
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCreateStringHandleW
DdeFreeStringHandle
DdeQueryStringW
DdeDisconnect
DdeNameService
DdeUninitialize
DdeInitializeW
UnpackDDElParam
wsprintfW
SetSysColors
DisplayConfigGetDeviceInfo
SystemParametersInfoForDpi
SetShellWindow
SetWinEventHook
UnhookWinEvent
IsWinEventHookInstalled
GetMenuInfo
EmptyClipboard
GetCapture
GetWindowBand
SetActiveWindow
MapDialogRect
CopyImage
GetWindowTextLengthW
GetClassInfoW
GetTaskmanWindow
SetTaskmanWindow
DeregisterShellHookWindow
RegisterShellHookWindow
IsWindowUnicode
DefWindowProcA
AttachThreadInput
MoveWindow
CopyAcceleratorTableW
DeferWindowPos
MessageBoxW
SendMessageCallbackW
UnregisterDeviceNotification
RegisterDeviceNotificationW
MsgWaitForMultipleObjects
GetShellWindow
GetShellChangeNotifyWindow
SetShellChangeNotifyWindow
SetDlgItemTextA
GetDlgCtrlID
AdjustWindowRect
BeginDeferWindowPos
EndDeferWindowPos
GetSystemMetricsForDpi
GetDpiForSystem
CreateWindowInBand
OpenInputDesktop
CloseDesktop
RedrawWindow
EnumPropsExW
OpenClipboard
GetClipboardData
SetClipboardData
CloseClipboard
EnumChildWindows
SetThreadDpiAwarenessContext
GetWindowPlacement
BroadcastSystemMessageW
GetDpiForWindow
DialogBoxParamW
SetRectEmpty
GetPointerDevices
GetWindowDC
SetLayeredWindowAttributes
CreateWindowIndirect
SubtractRect
AdjustWindowRectExForDpi
ActivateKeyboardLayout
DrawTextExW
RegisterWindowMessageA
FindWindowExW
CreateWindowExW
WinHelpW
SystemParametersInfoA
GetLastInputInfo
GetDialogBaseUnits
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowRgn
SetScrollInfo
ShowScrollBar
ord2705
SetScrollPos
CallWindowProcW
CallNextHookEx
SetCoalescableTimer
SetMenuInfo
GetClassInfoExW
GetAsyncKeyState
TrackPopupMenuEx
MonitorFromRect
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetCurrentInputMessageSource
GetClassLongW
QueryDisplayConfig
GetDisplayConfigBufferSizes
CreateDialogParamW
ChildWindowFromPoint
SetMenu
LockSetForegroundWindow
ShowCaret
HideCaret
GetCursor
AnimateWindow
MonitorFromWindow
IntersectRect
EqualRect
IsSETEnabled
AllowSetForegroundWindow
GetProcessDefaultLayout
IsProcessDPIAware
DrawIconEx
IsWindowEnabled
ReleaseCapture

ntdll

RtlFlushHeaps
RtlAreLongPathsEnabled
RtlQueryResourcePolicy
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
NtOpenThreadToken
EtwLogTraceEvent
NtPowerInformation
NtQueryInformationProcess
NtQueryAttributesFile
RtlDosPathNameToRelativeNtPathName_U
NtOpenProcessToken
NtQueryInformationToken
RtlDllShutdownInProgress
RtlGetDeviceFamilyInfoEnum
WinSqmAddToStreamEx
NtSetCachedSigningLevel
NtCompareSigningLevels
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
NtGetCachedSigningLevel
RtlMapGenericMask
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
EtwTraceMessage
EtwEventWrite
EtwEventEnabled
EtwEventActivityIdControl
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
RtlDestroyEnvironment
RtlSetCurrentEnvironment
RtlCreateEnvironment
RtlExpandEnvironmentStrings_U
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlGetLastNtStatus
RtlFreeUnicodeString
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtQueryVolumeInformationFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U_WithStatus
NtOpenFile
NtSetInformationFile
RtlUnicodeStringToOemString
NtFsControlFile
NtClose
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlPrefixString
RtlInitUnicodeString
EtwEventWriteTransfer
NtQuerySystemInformationEx
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
NtSetInformationToken
RtlQueryWnfStateData
RtlGetNtSystemRoot
RtlQueryRegistryValuesEx
RtlCheckRegistryKey
NtQuerySystemInformation
NtQueryObject
NtQueryKey
RtlIsPartialPlaceholder
NtSetSecurityObject
NtQuerySecurityObject
RtlDosPathNameToNtPathName_U
ShipAssert
NtQueryInformationThread
RtlIsNonEmptyDirectoryReparsePointAllowed
ZwQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlRandomEx
RtlCreateUnicodeString
RtlPublishWnfStateData
NtQueryWnfStateData
RtlCreateServiceSid
RtlLengthRequiredSid
RtlGetNtProductType
EtwGetTraceEnableLevel
EtwUnregisterTraceGuids

gdi32

CreateDIBSection
TextOutA
GetTextExtentPoint32A
CreateFontW
GetPixel
ExcludeClipRect
GetDIBColorTable
SetDIBits
ExtTextOutW
GetObjectType
GetWindowOrgEx
GetRegionData
GetRgnBox
CombineRgn
SaveDC
RestoreDC
CreateRectRgnIndirect
SetDCBrushColor
PlgBlt
ExtSelectClipRgn
GetViewportOrgEx
DeleteMetaFile
PlayMetaFile
SetMetaFileBitsEx
LPtoDP
SelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetClipBox
StretchDIBits
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetMapMode
GetTextAlign
CreatePolygonRgn
LineTo
MoveToEx
PatBlt
SetStretchBltMode
SetTextAlign
GetTextExtentPoint32W
GetTextMetricsW
Rectangle
CreatePen
CreateFontIndirectW
GetCurrentObject
GetTextColor
GdiTransparentBlt
StretchBlt
GetDIBits
CreateBitmap
CreateCompatibleBitmap
BitBlt
GdiAlphaBlend
CreateDCW
DeleteDC
CreateCompatibleDC
GetTextExtentPointW
GetObjectW
SetWindowOrgEx
OffsetWindowOrgEx
CreateSolidBrush
GetDeviceCaps
SetTextColor
SelectObject
SetBkMode
GetStockObject
SetLayout
GetLayout
SetBkColor
DeleteObject

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-job-l2-1-0

SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject

api-ms-win-security-cryptoapi-l1-1-0

CryptGenRandom

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf
expf
floorf
sqrtf

Exports

Exports

AppCompat_RunDLLW
AssocCreateForClasses
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CStorageItem_GetValidatedStorageItemObject
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
GetSystemPersistedStorageItemList
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsDesktopExplorerProcess
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsProcessAnExplorer
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCoCreateInstanceWorker
SHCreateAssociationRegistration
SHCreateCategoryEnum
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateDrvExtIcon
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHELL32_AddToBackIconTable
SHELL32_AddToFrontIconTable
SHELL32_AreAllItemsAvailable
SHELL32_BindToFilePlaceholderHandler
SHELL32_CCommonPlacesFolder_CreateInstance
SHELL32_CDBurn_CloseSession
SHELL32_CDBurn_DriveSupportedForDataBurn
SHELL32_CDBurn_Erase
SHELL32_CDBurn_GetCDInfo
SHELL32_CDBurn_GetLiveFSDiscInfo
SHELL32_CDBurn_GetStagingPathOrNormalPath
SHELL32_CDBurn_GetTaskInfo
SHELL32_CDBurn_IsBlankDisc
SHELL32_CDBurn_IsBlankDisc2
SHELL32_CDBurn_IsLiveFS
SHELL32_CDBurn_OnDeviceChange
SHELL32_CDBurn_OnEject
SHELL32_CDBurn_OnMediaChange
SHELL32_CDefFolderMenu_Create2
SHELL32_CDefFolderMenu_Create2Ex
SHELL32_CDefFolderMenu_MergeMenu
SHELL32_CDrivesContextMenu_Create
SHELL32_CDrivesDropTarget_Create
SHELL32_CDrives_CreateSFVCB
SHELL32_CFSDropTarget_CreateInstance
SHELL32_CFSFolderCallback_Create
SHELL32_CFillPropertiesTask_CreateInstance
SHELL32_CLibraryDropTarget_CreateInstance
SHELL32_CLocationContextMenu_Create
SHELL32_CLocationFolderUI_CreateInstance
SHELL32_CMountPoint_DoAutorun
SHELL32_CMountPoint_DoAutorunPrompt
SHELL32_CMountPoint_IsAutoRunDriveAndEnabledByPolicy
SHELL32_CMountPoint_ProcessAutoRunFile
SHELL32_CMountPoint_WantAutorunUI
SHELL32_CMountPoint_WantAutorunUIGetReady
SHELL32_CNetFolderUI_CreateInstance
SHELL32_CPL_CategoryIdArrayFromVariant
SHELL32_CPL_IsLegacyCanonicalNameListedUnderKey
SHELL32_CPL_ModifyWowDisplayName
SHELL32_CRecentDocsContextMenu_CreateInstance
SHELL32_CSyncRootManager_CreateInstance
SHELL32_CTransferConfirmation_CreateInstance
SHELL32_CallFileCopyHooks
SHELL32_CanDisplayWin8CopyDialog
SHELL32_CloseAutoplayPrompt
SHELL32_CommandLineFromMsiDescriptor
SHELL32_CopyFilePlaceholderToNewFile
SHELL32_CopySecondaryTiles
SHELL32_CreateConfirmationInterrupt
SHELL32_CreateConflictInterrupt
SHELL32_CreateDefaultOperationDataProvider
SHELL32_CreateFileFolderContextMenu
SHELL32_CreateLinkInfoW
SHELL32_CreatePlaceholderFile
SHELL32_CreateQosRecorder
SHELL32_CreateSharePointView
SHELL32_Create_IEnumUICommand
SHELL32_DestroyLinkInfo
SHELL32_EncryptDirectory
SHELL32_EncryptedFileKeyInfo
SHELL32_EnumCommonTasks
SHELL32_FilePlaceholder_BindToPrimaryStream
SHELL32_FilePlaceholder_CreateInstance
SHELL32_FreeEncryptedFileKeyInfo
SHELL32_GenerateAppID
SHELL32_GetAppIDRoot
SHELL32_GetCommandProviderForFolderType
SHELL32_GetDPIAdjustedLogicalSize
SHELL32_GetDiskCleanupPath
SHELL32_GetFileNameFromBrowse
SHELL32_GetIconOverlayManager
SHELL32_GetLinkInfoData
SHELL32_GetPlaceholderStatesFromFileAttributesAndReparsePointTag
SHELL32_GetRatingBucket
SHELL32_GetSkyDriveNetworkStates
SHELL32_GetSqmableFileName
SHELL32_GetThumbnailAdornerFromFactory
SHELL32_GetThumbnailAdornerFromFactory2
SHELL32_HandleUnrecognizedFileSystem
SHELL32_IconCacheCreate
SHELL32_IconCacheDestroy
SHELL32_IconCacheHandleAssociationChanged
SHELL32_IconCacheRestore
SHELL32_IconCache_AboutToExtractIcons
SHELL32_IconCache_DoneExtractingIcons
SHELL32_IconCache_ExpandEnvAndSearchPath
SHELL32_IconCache_RememberRecentlyExtractedIconsW
SHELL32_IconOverlayManagerInit
SHELL32_IsGetKeyboardLayoutPresent
SHELL32_IsSystemUpgradeInProgress
SHELL32_IsValidLinkInfo
SHELL32_LegacyEnumSpecialTasksByType
SHELL32_LegacyEnumTasks
SHELL32_LookupBackIconIndex
SHELL32_LookupFrontIconIndex
SHELL32_NormalizeRating
SHELL32_NotifyLinkTrackingServiceOfMove
SHELL32_PifMgr_CloseProperties
SHELL32_PifMgr_GetProperties
SHELL32_PifMgr_OpenProperties
SHELL32_PifMgr_SetProperties
SHELL32_Printers_CreateBindInfo
SHELL32_Printjob_GetPidl
SHELL32_PurgeSystemIcon
SHELL32_RefreshOverlayImages
SHELL32_ResolveLinkInfoW
SHELL32_SHAddSparseIcon
SHELL32_SHCreateByValueOperationInterrupt
SHELL32_SHCreateDefaultContextMenu
SHELL32_SHCreateLocalServer
SHELL32_SHCreateShellFolderView
SHELL32_SHDuplicateEncryptionInfoFile
SHELL32_SHEncryptFile
SHELL32_SHFormatDriveAsync
SHELL32_SHGetThreadUndoManager
SHELL32_SHGetUserNameW
SHELL32_SHIsVirtualDevice
SHELL32_SHLaunchPropSheet
SHELL32_SHLogILFromFSIL
SHELL32_SHOpenWithDialog
SHELL32_SHStartNetConnectionDialogW
SHELL32_SHUICommandFromGUID
SHELL32_SendToMenu_InvokeTargetedCommand
SHELL32_SendToMenu_VerifyTargetedCommand
SHELL32_SetPlaceholderReparsePointAttribute
SHELL32_SetPlaceholderReparsePointAttribute2
SHELL32_ShowHideIconOnlyOnDesktop
SHELL32_SimpleRatingToFilterCondition
SHELL32_StampIconForFile
SHELL32_SuspendUndo
SHELL32_TryVirtualDiscImageDriveEject
SHELL32_UpdateFilePlaceholderStates
SHELL32_VerifySaferTrust
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StateRepoNewMenuCache_RebuildCacheAsync
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
UsersLibrariesFolderUI_CreateInstance
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/Dimension Stealer V2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/Interop.Office.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/Interop.VBIDE.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/Screenshot.jpg
.jpg
Dimension Stealer 2 by Gumball/Stub/Stub.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dokumente und Einstellungen\Administrator\Desktop\Dimension Stealer V2\Builder Sample - Server Stub\Builder Sample - by ThePapst\obj\Release\Stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/Thumbs.db
Dimension Stealer 2 by Gumball/WebDriver/Interop.Office.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/WebDriver/Interop.VBIDE.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/WebDriver/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/WebDriver/LICENCE.dat
.zip
Dimension Stealer 2 by Gumball/WebDriver/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/WebDriver/Screenshot.jpg
.jpg
Dimension Stealer 2 by Gumball/WebDriver/Stub/Stub.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dokumente und Einstellungen\Administrator\Desktop\Dimension Stealer V2\Builder Sample - Server Stub\Builder Sample - by ThePapst\obj\Release\Stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/WebDriver/Thumbs.db
Dimension Stealer 2 by Gumball/WebDriver/dsv.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dokumente und Einstellungen\Administrator\Desktop\Dimension Stealer V2\Dimension Stealer V2\obj\Release\Dimension Stealer V2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dimension Stealer 2 by Gumball/shell32.dll
.dll regsvr32 windows:10 windows x64 arch:x64

f97ab8ac730f427e1f34cef66fb42a94

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:85:26:e2:39:ed:75:06:05:72:ce:b8:95:25:e7:b4:14:16:04:09:5d:2a:ad:b1:3c:76:78:d2:a0:ac:b7:81
Signer

Actual PE Digest

af:85:26:e2:39:ed:75:06:05:72:ce:b8:95:25:e7:b4:14:16:04:09:5d:2a:ad:b1:3c:76:78:d2:a0:ac:b7:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shell32.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsspn
memset
wcscmp
wcsncmp
wcscspn
wcspbrk

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o_sqrt
_o_srand
_o_strncpy_s
_o_toupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
strchr
wcsrchr
__std_terminate
__CxxFrameHandler3
_o__ui64tow_s
_o_realloc
_o_rand
_o_qsort
_o_pow
_o_malloc
_o__strnicmp
_o_log
memmove
_o_iswalpha
_o__set_errno
_o__seh_filter_dll
_o__resetstkoflw
_o__register_onexit_function
_o_isdigit
_o_isalpha
_o__purecall
_o_free
_o_floor
_o_exp
_o_ceil
_o_calloc
_o_bsearch
_o__wtoi
_o__wcsupr
_o__wcstoui64
_o__wcsnicmp
_o__wcsicmp
_o__itow
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
wcschr
wcsstr
__C_specific_handler
memcmp
memcpy

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree
GlobalAlloc
LocalReAlloc

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
RegOpenCurrentUser
RegQueryInfoKeyA
RegDeleteTreeW
RegOpenKeyExW
RegGetKeySecurity
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegEnumValueW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
EnumResourceNamesExW
LoadResource
LoadLibraryExA
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls
FindResourceExW
FreeResource
LockResource
LoadLibraryExW
SizeofResource
LoadStringA
FindStringOrdinal
GetModuleHandleExW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount64
GetSystemTime
GlobalMemoryStatusEx
GetSystemDirectoryW
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount
GetVersionExW
GetLocalTime

api-ms-win-core-memory-l1-1-0

MapViewOfFile
WriteProcessMemory
UnmapViewOfFile
VirtualQuery
VirtualAlloc
VirtualProtect
ReadProcessMemory
OpenFileMappingW
CreateFileMappingW
VirtualFree

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
GetFileAttributesExW
GetFileInformationByHandle
CompareFileTime
DefineDosDeviceW
GetFileAttributesW
GetFileSizeEx
LocalFileTimeToFileTime
RemoveDirectoryW
FindFirstFileExW
FileTimeToLocalFileTime
WriteFile
GetFullPathNameW
GetShortPathNameW
SetFilePointer
GetLongPathNameW
FindFirstVolumeW
DeleteFileW
GetFileSize
ReadFile
GetTempFileNameW
FindNextVolumeW
GetDiskFreeSpaceW
FindClose
FindNextFileW
CreateFileW
FindVolumeClose
GetDiskFreeSpaceExW
SetFileTime
FindFirstFileW
GetVolumePathNameW
GetVolumeInformationW
SetEndOfFile
CreateDirectoryW
GetLogicalDrives
SetFileInformationByHandle
FlushFileBuffers
SetFilePointerEx
SetFileAttributesW
GetDriveTypeW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
GetStringTypeW
CompareStringW
MultiByteToWideChar
CompareStringEx
GetStringTypeExW
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

ResetEvent
SetEvent
CreateSemaphoreExW
CreateEventW
EnterCriticalSection
OpenEventW
AcquireSRWLockShared
ReleaseSemaphore
CreateMutexExW
ReleaseSRWLockShared
ReleaseMutex
SetWaitableTimer
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateMutexW
CreateEventExW
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
TryAcquireSRWLockShared
TryEnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
LeaveCriticalSection
InitializeCriticalSection
OpenMutexW
TryAcquireSRWLockExclusive
CreateWaitableTimerExW
WaitForSingleObject
AcquireSRWLockExclusive
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
TlsGetValue
TlsSetValue
SetThreadToken
GetCurrentProcess
SetThreadPriority
GetThreadPriority
OpenThread
GetThreadId
GetExitCodeThread
TlsAlloc
GetProcessId
ExitProcess
GetExitCodeProcess
ProcessIdToSessionId
CreateProcessAsUserW
GetCurrentThread
OpenThreadToken
ResumeThread
SetPriorityClass
TlsFree
CreateThread
CreateProcessW

api-ms-win-core-string-l2-1-0

CharPrevW
CharLowerW
CharUpperW
CharLowerBuffW
CharUpperBuffW
CharNextW
IsCharAlphaW

api-ms-win-core-file-l2-1-0

MoveFileExW
ReadDirectoryChangesW
ReplaceFileW
CreateHardLinkW
GetFileInformationByHandleEx
CopyFile2

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsA
SetEnvironmentVariableW
SearchPathW
SetCurrentDirectoryW
GetEnvironmentVariableW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AccessCheck
DeleteAce
DuplicateTokenEx
GetSecurityDescriptorOwner
ImpersonateSelf
RevertToSelf
IsWellKnownSid
GetSidIdentifierAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthorityCount
InitializeAcl
InitializeSid
GetSidSubAuthority
GetFileSecurityW
CheckTokenMembership
CreateWellKnownSid
EqualSid
GetTokenInformation
GetSecurityDescriptorControl
DuplicateToken
SetFileSecurityW
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAce
GetAce
SetSecurityDescriptorOwner
GetAclInformation
SetTokenInformation
CopySid
GetLengthSid
IsValidSid
GetSidLengthRequired
AdjustTokenPrivileges
FreeSid

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringEx
GetUserDefaultLangID
GetThreadLocale
VerLanguageNameW
FindNLSStringEx
LocaleNameToLCID
GetThreadUILanguage
GetSystemPreferredUILanguages
IsValidLocaleName
GetACP
ResolveLocaleName
GetSystemDefaultLCID
LCMapStringW
IsDBCSLeadByte
GetSystemDefaultLangID
GetUserDefaultLCID
GetUserPreferredUILanguages
FindNLSString
GetCPInfo
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformationForYear
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
FlushInstructionCache

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
QueryFullProcessImageNameW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchRemoveExtension
PathCchStripPrefix
PathCchRemoveFileSpec
PathAllocCanonicalize
PathCchAppend
PathCchAppendEx
PathCchRemoveBackslash
PathCchSkipRoot
PathCchAddExtension
PathCchAddBackslash
PathAllocCombine
PathCchRenameExtension
PathIsUNCEx
PathCchAddBackslashEx
PathCchCombineEx
PathCchCombine
PathCchStripToRoot

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
GetQueuedCompletionStatus
CancelIoEx
DeviceIoControl
CreateIoCompletionPort

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW
IsWow64Process2
Wow64SetThreadDefaultGuestMachine

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_IDW
CM_Locate_DevNodeW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventActivityIdControl
EventProviderEnabled

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
StrCmpNIA
StrCmpNA
StrChrW
StrChrIW
StrChrIA
StrChrA
StrRChrA
StrRChrIA
StrPBrkW
StrCpyNXW
StrRChrIW
StrRChrW
StrSpnW
StrToIntA
StrCmpNW
StrCSpnW
StrRStrIA
StrRStrIW
StrStrA
StrCmpLogicalW
StrStrIA
StrStrIW
StrCmpNICW
StrCmpW
StrDupA
StrStrW
StrCmpICW
StrTrimW
StrDupW
StrToIntExW
StrCmpICA
StrCmpIW
StrToIntW
QISearch
StrCmpNCW
StrCmpCW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpA
lstrcmpiA

api-ms-win-core-stringansi-l1-1-0

CharNextA
CharPrevA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalFlags
LocalSize
GlobalLock
GlobalSize
GlobalReAlloc

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW
GetNumberFormatW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileSectionW
GetProfileSectionW
WritePrivateProfileStringW

api-ms-win-core-atoms-l1-1-0

FindAtomW
GlobalAddAtomW
GlobalGetAtomNameW
GlobalDeleteAtom
GetAtomNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathQuoteSpacesW
PathFindFileNameW
SHExpandEnvironmentStringsA
PathIsUNCW
PathAppendW
SHExpandEnvironmentStringsW
PathCommonPrefixW
PathIsSameRootW
PathGetDriveNumberW
PathFindExtensionW
IsCharSpaceW
PathAppendA
PathIsRootA
PathRemoveFileSpecA
PathRemoveBackslashW
PathIsUNCServerW
PathGetCharTypeW
PathIsFileSpecW
PathIsValidCharW
PathStripPathW
PathGetArgsW
PathRemoveBlanksW
PathMatchSpecExW
PathIsUNCServerShareW
PathUnquoteSpacesW
PathUnExpandEnvStringsW
PathParseIconLocationW
PathFindNextComponentW
PathIsRelativeW
PathIsRootW
PathStripToRootW
PathMatchSpecW
PathRemoveFileSpecW
PathFileExistsW
PathIsPrefixW
PathSkipRootW
PathCombineW
PathAddBackslashW
PathRemoveExtensionW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
GetShortPathNameA
GetSystemPowerStatus
MulDiv
WTSGetActiveConsoleSessionId
SetVolumeLabelW
RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerSetRequest
PowerClearRequest

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-kernel32-legacy-l1-1-2

GetBinaryTypeW

api-ms-win-core-url-l1-1-0

UrlApplySchemeW
PathIsURLW
UrlIsW
PathCreateFromUrlW
UrlEscapeW
UrlUnescapeW
UrlUnescapeA
PathCreateFromUrlAlloc
UrlCreateFromPathW
UrlCanonicalizeW
ParseURLW
HashData
UrlCompareW
UrlFixupW
UrlGetPartW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegCloseUSKey
SHRegEnumUSKeyW
SHRegGetUSValueW
SHRegGetBoolUSValueW
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegOpenUSKeyA

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ActivateActCtx
QueryActCtxW
ReleaseActCtx
CreateActCtxW

api-ms-win-shcore-path-l1-1-0

ord172
ord170

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-storage-exports-internal-l1-1-0

CFSFolder_CreateFolder
SHGetKnownFolderIDList
SHGetFolderPathEx
CMruLongList_CreateInstance
IsLibraryCreatedByPolicy
IsLibraryPolicyEnabled
SendNotificationsForLibraryItem
CShellItemArrayWithCommonParent_CreateInstance
CShellItemArrayAsVirtualizedObjectArray_CreateInstance
CPrivateProfileCache_Save
CTaskAddDoc_Create
StateRepoVerbsCache_GetContextMenuVerbs
GetRegDataDrivenCommandWithAssociation
Global_WindowsStorage_lProcessClassCount
StateRepoVerbsCache_RebuildCacheAsync
Global_WindowsStorage_Untyped_FileClassSRWLock
Global_WindowsStorage_Untyped_pFileHanderMap
SHGetSpecialFolderLocation
CreateExtrinsicPropertyStore
GetInfoForFileInUse
DataAccessCaches_InvalidateForLibrary
CRegFolder_CreateAndInit
_CleanRecentDocs
CreateLocalizationDesktopIni
CCachedShellItem_CreateInstance
CFSFolder_AdjustForSlowColumn
HideExtension
SHCreateItemWithParentAndChildId
_PredictReasonableImpact
RegistryVerbs_GetHandlerMultiSelectModel
IsNameListedUnderKey
CopyDefaultLibrariesFromGroupPolicy
SHGetKnownFolderIDList_Internal
CreateItemArrayFromItemStore
GetFileUndoText
Global_WindowsStorage_ulNextID
Global_WindowsStorage_tlsChangeClientProxy
Global_WindowsStorage_hwndSCN
Global_WindowsStorage_csSCN
CShellItemArray_CreateInstance
Global_WindowsStorage_Untyped_MountPoint
Global_WindowsStorage_fIconCacheHasBeenSuccessfullyCreated
Global_WindowsStorage_fNeedsInitBroadcast
Global_WindowsStorage_iLastSysIcon
Global_WindowsStorage_lrFlags
Global_WindowsStorage_csIconCache
Global_WindowsStorage_iLastSystemColorDepth
Global_WindowsStorage_MaxIcons
Global_WindowsStorage_afNotRedirected
Global_WindowsStorage_fIconCacheIsValid
Global_WindowsStorage_ccIcon
Global_WindowsStorage_fEndInitialized
Global_WindowsStorage_dwThreadInitializing
GetRegDataDrivenCommand
GetSelectionStateFromItemArray
SetThreadFlags
SHResolveLibrary
SHSetFolderPathW
SHSetFolderPathA
SHGetFolderPathAndSubDirA
SHKnownFolderFromCSIDL
SHPrepareKnownFoldersCommon
SHPrepareKnownFoldersUser
CustomStatePropertyDescription_CreateWithItemPropertyStore
CDesktopFolder_CreateInstanceWithBindContext
Global_WindowsStorage_dwThreadBindCtx
CShellItem_CreateInstance
CFileOperationRecorder_CreateInstance
Global_WindowsStorage_iUseLinkPrefix
Global_WindowsStorage_Untyped_rgshil
CShellItemArrayAsCollection_CreateInstance
GetThreadFlags
Global_WindowsStorage_tlsIconCache
GetFindDataForPath
SHGetKnownFolderItem
CViewSettings_CreateInstance
Global_WindowsStorage_Untyped_pFileClassCacheTable
EnumShellItemsFromEnumFullIdList
SHFileOperationWithAdditionalFlags
CreateSortColumnArray
CreateItemArrayFromObjectArray
Global_WindowsStorage_esServerMode
GetCommandProviderForFolderType
CCollectionFactory_CreateInstance
DetermineFolderDestinationParentAppID

api-ms-win-storage-exports-external-l1-1-0

STORAGE_MakeDestinationItem
STORAGE_ClearDestinationsForAllApps
STORAGE_AddNewFolderToFrequentPlaces
STORAGE_SHAddToRecentDocsEx
STORAGE_SHAddToRecentDocs
STORAGE_AddItemToRecentDocs
STORAGE_CEnumFiles_CreateInstance
STORAGE_SHPathPrepareForWriteA
STORAGE_SHPathPrepareForWriteW
STORAGE_SHValidateMSUri
STORAGE_SHGetPathFromMsUri
STORAGE_GetSystemPersistedStorageItemList
STORAGE_CreateStorageItemFromPath_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromPath_PartialTrustCaller
STORAGE_GetShellItemFromStorageItem
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
STORAGE_CreateSortColumnArrayFromListDesc
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller
STORAGE_CreateStorageItemFromPath_FullTrustCaller
STORAGE_CStorageItem_GetValidatedStorageItemObject
STORAGE_CStorageItem_GetValidatedStorageItem
STORAGE_SHFreeNameMappings
STORAGE_SHFileOperation
STORAGE_SHFileOperationA
STORAGE_SHCreateDirectoryExA
STORAGE_SHCreateDirectory
STORAGE_SHConfirmOperation
STORAGE_SHCreateShellItemArrayFromShellItem
STORAGE_SHCreateShellItemArrayFromIDLists
STORAGE_SHCreateShellItemArrayFromDataObject
STORAGE_SHCreateShellItemArray
STORAGE_SHGetDesktopFolderWorker

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-shell-shellfolders-l1-1-0

SHSetKnownFolderPath
SHGetFolderPathAndSubDirW
SHGetFolderLocation
SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetKnownFolderPath

kernelbase

GetPackagesByPackageFamily
GetCurrentPackageInfo
ClosePackageInfo
OpenState
OpenStateExplicit
GetStateFolder
CloseState
ExtensionProgIdExists
GetExtensionProgIds
GetEffectivePackageStatusForUser
PackageNameAndPublisherIdFromFamilyName
NotifyRedirectedStringChange
GetStagedPackagePathByFullName
OpenPackageInfoByFullName
GetPackageInfo
GetPackageFullName
GetSystemAppDataKey

user32

GetMenuState
CountClipboardFormats
IsHungAppWindow
GetClipboardOwner
ExitWindowsEx
LoadImageW
SetRect
CopyRect
GetMonitorInfoW
MonitorFromPoint
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
ChangeWindowMessageFilterEx
RegisterWindowMessageW
GetMessagePos
GetKeyboardLayout
OffsetRect
SetClipboardViewer
TranslateAcceleratorW
CreateMenu
InsertMenuW
EndMenu
DestroyAcceleratorTable
PtInRect
GetMessageExtraInfo
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
ChangeClipboardChain
MapWindowPoints
GetMenuItemID
EnableMenuItem
InsertMenuItemW
GetFocus
CheckMenuItem
CheckMenuRadioItem
AppendMenuW
GetDoubleClickTime
MessageBeep
TrackPopupMenu
SetMessageExtraInfo
SetMenuDefaultItem
SetMenuItemInfoW
LoadAcceleratorsW
GetMenuStringW
GetDesktopWindow
GetForegroundWindow
ReleaseDC
GetDC
NotifyWinEvent
SendNotifyMessageW
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
EnumWindows
IsWindow
WaitForInputIdle
GetWindowThreadProcessId
GetMenuDefaultItem
GetLastActivePopup
SwitchToThisWindow
GetCursorPos
RegisterClipboardFormatW
GetWindow
FindWindowW
GetClassNameW
GetAncestor
EnableWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
SetForegroundWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
LoadMenuW
GetSubMenu
RemoveMenu
GetParent
IsDlgButtonChecked
CheckDlgButton
DeleteMenu
DestroyMenu
CreatePopupMenu
PostMessageW
SetProcessDPIAware
DispatchMessageW
TranslateMessage
GetMessageW
SetFocus
IsWindowVisible
DrawEdge
GetSysColorBrush
FillRect
EndPaint
BeginPaint
GetUpdateRect
TrackMouseEvent
UpdateWindow
GetWindowRect
DefWindowProcW
RegisterClassW
KillTimer
SetTimer
GetKeyState
InflateRect
AdjustWindowRectEx
DestroyWindow
SetWindowLongW
GetWindowLongW
DrawFocusRect
DrawIcon
GetSysColor
EndDialog
GetWindowLongPtrW
SetWindowLongPtrW
GetWindowTextW
SetWindowPos
GetClientRect
ShowWindow
SetWindowTextW
GetDlgItem
InvalidateRect
LoadCursorW
SetCursor
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
ScreenToClient
SendMessageW
LookupIconIdFromDirectory
CreateIconIndirect
GetIconInfo
DestroyIcon
PrivateExtractIconsW
LoadIconW
GetSystemMetrics
ModifyMenuW
IsMenu
DrawTextW
SetPropW
RemovePropW
GetPropW
CopyIcon
IsIconic
SendMessageTimeoutW
GetScrollInfo
RegisterClassExW
SetWindowCompositionAttribute
EnumDisplayDevicesW
UnionRect
IsChild
UpdateLayeredWindow
ord2521
SetCapture
IsDialogMessageW
SetDialogDpiChangeBehavior
PostThreadMessageW
GetSystemMenu
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
WindowFromPoint
SetParent
IsRectEmpty
ClientToScreen
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
LoadBitmapW
GetMessageTime
CreateAcceleratorTableW
EnumDisplayMonitors
SetShellWindowEx
GetClassLongPtrW
EnumDisplaySettingsW
ord2707
LockWindowUpdate
WaitMessage
DdeQueryConvInfo
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCreateStringHandleW
DdeFreeStringHandle
DdeQueryStringW
DdeDisconnect
DdeNameService
DdeUninitialize
DdeInitializeW
UnpackDDElParam
wsprintfW
SetSysColors
DisplayConfigGetDeviceInfo
SystemParametersInfoForDpi
SetShellWindow
SetWinEventHook
UnhookWinEvent
IsWinEventHookInstalled
GetMenuInfo
EmptyClipboard
GetCapture
GetWindowBand
SetActiveWindow
MapDialogRect
CopyImage
GetWindowTextLengthW
GetClassInfoW
GetTaskmanWindow
SetTaskmanWindow
DeregisterShellHookWindow
RegisterShellHookWindow
IsWindowUnicode
DefWindowProcA
AttachThreadInput
MoveWindow
CopyAcceleratorTableW
DeferWindowPos
MessageBoxW
SendMessageCallbackW
UnregisterDeviceNotification
RegisterDeviceNotificationW
MsgWaitForMultipleObjects
GetShellWindow
GetShellChangeNotifyWindow
SetShellChangeNotifyWindow
SetDlgItemTextA
GetDlgCtrlID
AdjustWindowRect
BeginDeferWindowPos
EndDeferWindowPos
GetSystemMetricsForDpi
GetDpiForSystem
CreateWindowInBand
OpenInputDesktop
CloseDesktop
RedrawWindow
EnumPropsExW
OpenClipboard
GetClipboardData
SetClipboardData
CloseClipboard
EnumChildWindows
SetThreadDpiAwarenessContext
GetWindowPlacement
BroadcastSystemMessageW
GetDpiForWindow
DialogBoxParamW
SetRectEmpty
GetPointerDevices
GetWindowDC
SetLayeredWindowAttributes
CreateWindowIndirect
SubtractRect
AdjustWindowRectExForDpi
ActivateKeyboardLayout
DrawTextExW
RegisterWindowMessageA
FindWindowExW
CreateWindowExW
WinHelpW
SystemParametersInfoA
GetLastInputInfo
GetDialogBaseUnits
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowRgn
SetScrollInfo
ShowScrollBar
ord2705
SetScrollPos
CallWindowProcW
CallNextHookEx
SetCoalescableTimer
SetMenuInfo
GetClassInfoExW
GetAsyncKeyState
TrackPopupMenuEx
MonitorFromRect
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetCurrentInputMessageSource
GetClassLongW
QueryDisplayConfig
GetDisplayConfigBufferSizes
CreateDialogParamW
ChildWindowFromPoint
SetMenu
LockSetForegroundWindow
ShowCaret
HideCaret
GetCursor
AnimateWindow
MonitorFromWindow
IntersectRect
EqualRect
IsSETEnabled
AllowSetForegroundWindow
GetProcessDefaultLayout
IsProcessDPIAware
DrawIconEx
IsWindowEnabled
ReleaseCapture

ntdll

RtlFlushHeaps
RtlAreLongPathsEnabled
RtlQueryResourcePolicy
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
NtOpenThreadToken
EtwLogTraceEvent
NtPowerInformation
NtQueryInformationProcess
NtQueryAttributesFile
RtlDosPathNameToRelativeNtPathName_U
NtOpenProcessToken
NtQueryInformationToken
RtlDllShutdownInProgress
RtlGetDeviceFamilyInfoEnum
WinSqmAddToStreamEx
NtSetCachedSigningLevel
NtCompareSigningLevels
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
NtGetCachedSigningLevel
RtlMapGenericMask
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
EtwTraceMessage
EtwEventWrite
EtwEventEnabled
EtwEventActivityIdControl
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
RtlDestroyEnvironment
RtlSetCurrentEnvironment
RtlCreateEnvironment
RtlExpandEnvironmentStrings_U
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlGetLastNtStatus
RtlFreeUnicodeString
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtQueryVolumeInformationFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U_WithStatus
NtOpenFile
NtSetInformationFile
RtlUnicodeStringToOemString
NtFsControlFile
NtClose
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlPrefixString
RtlInitUnicodeString
EtwEventWriteTransfer
NtQuerySystemInformationEx
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
NtSetInformationToken
RtlQueryWnfStateData
RtlGetNtSystemRoot
RtlQueryRegistryValuesEx
RtlCheckRegistryKey
NtQuerySystemInformation
NtQueryObject
NtQueryKey
RtlIsPartialPlaceholder
NtSetSecurityObject
NtQuerySecurityObject
RtlDosPathNameToNtPathName_U
ShipAssert
NtQueryInformationThread
RtlIsNonEmptyDirectoryReparsePointAllowed
ZwQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlRandomEx
RtlCreateUnicodeString
RtlPublishWnfStateData
NtQueryWnfStateData
RtlCreateServiceSid
RtlLengthRequiredSid
RtlGetNtProductType
EtwGetTraceEnableLevel
EtwUnregisterTraceGuids

gdi32

CreateDIBSection
TextOutA
GetTextExtentPoint32A
CreateFontW
GetPixel
ExcludeClipRect
GetDIBColorTable
SetDIBits
ExtTextOutW
GetObjectType
GetWindowOrgEx
GetRegionData
GetRgnBox
CombineRgn
SaveDC
RestoreDC
CreateRectRgnIndirect
SetDCBrushColor
PlgBlt
ExtSelectClipRgn
GetViewportOrgEx
DeleteMetaFile
PlayMetaFile
SetMetaFileBitsEx
LPtoDP
SelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetClipBox
StretchDIBits
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetMapMode
GetTextAlign
CreatePolygonRgn
LineTo
MoveToEx
PatBlt
SetStretchBltMode
SetTextAlign
GetTextExtentPoint32W
GetTextMetricsW
Rectangle
CreatePen
CreateFontIndirectW
GetCurrentObject
GetTextColor
GdiTransparentBlt
StretchBlt
GetDIBits
CreateBitmap
CreateCompatibleBitmap
BitBlt
GdiAlphaBlend
CreateDCW
DeleteDC
CreateCompatibleDC
GetTextExtentPointW
GetObjectW
SetWindowOrgEx
OffsetWindowOrgEx
CreateSolidBrush
GetDeviceCaps
SetTextColor
SelectObject
SetBkMode
GetStockObject
SetLayout
GetLayout
SetBkColor
DeleteObject

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-job-l2-1-0

SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject

api-ms-win-security-cryptoapi-l1-1-0

CryptGenRandom

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf
expf
floorf
sqrtf

Exports

Exports

AppCompat_RunDLLW
AssocCreateForClasses
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CStorageItem_GetValidatedStorageItemObject
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
GetSystemPersistedStorageItemList
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsDesktopExplorerProcess
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsProcessAnExplorer
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCoCreateInstanceWorker
SHCreateAssociationRegistration
SHCreateCategoryEnum
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateDrvExtIcon
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHELL32_AddToBackIconTable
SHELL32_AddToFrontIconTable
SHELL32_AreAllItemsAvailable
SHELL32_BindToFilePlaceholderHandler
SHELL32_CCommonPlacesFolder_CreateInstance
SHELL32_CDBurn_CloseSession
SHELL32_CDBurn_DriveSupportedForDataBurn
SHELL32_CDBurn_Erase
SHELL32_CDBurn_GetCDInfo
SHELL32_CDBurn_GetLiveFSDiscInfo
SHELL32_CDBurn_GetStagingPathOrNormalPath
SHELL32_CDBurn_GetTaskInfo
SHELL32_CDBurn_IsBlankDisc
SHELL32_CDBurn_IsBlankDisc2
SHELL32_CDBurn_IsLiveFS
SHELL32_CDBurn_OnDeviceChange
SHELL32_CDBurn_OnEject
SHELL32_CDBurn_OnMediaChange
SHELL32_CDefFolderMenu_Create2
SHELL32_CDefFolderMenu_Create2Ex
SHELL32_CDefFolderMenu_MergeMenu
SHELL32_CDrivesContextMenu_Create
SHELL32_CDrivesDropTarget_Create
SHELL32_CDrives_CreateSFVCB
SHELL32_CFSDropTarget_CreateInstance
SHELL32_CFSFolderCallback_Create
SHELL32_CFillPropertiesTask_CreateInstance
SHELL32_CLibraryDropTarget_CreateInstance
SHELL32_CLocationContextMenu_Create
SHELL32_CLocationFolderUI_CreateInstance
SHELL32_CMountPoint_DoAutorun
SHELL32_CMountPoint_DoAutorunPrompt
SHELL32_CMountPoint_IsAutoRunDriveAndEnabledByPolicy
SHELL32_CMountPoint_ProcessAutoRunFile
SHELL32_CMountPoint_WantAutorunUI
SHELL32_CMountPoint_WantAutorunUIGetReady
SHELL32_CNetFolderUI_CreateInstance
SHELL32_CPL_CategoryIdArrayFromVariant
SHELL32_CPL_IsLegacyCanonicalNameListedUnderKey
SHELL32_CPL_ModifyWowDisplayName
SHELL32_CRecentDocsContextMenu_CreateInstance
SHELL32_CSyncRootManager_CreateInstance
SHELL32_CTransferConfirmation_CreateInstance
SHELL32_CallFileCopyHooks
SHELL32_CanDisplayWin8CopyDialog
SHELL32_CloseAutoplayPrompt
SHELL32_CommandLineFromMsiDescriptor
SHELL32_CopyFilePlaceholderToNewFile
SHELL32_CopySecondaryTiles
SHELL32_CreateConfirmationInterrupt
SHELL32_CreateConflictInterrupt
SHELL32_CreateDefaultOperationDataProvider
SHELL32_CreateFileFolderContextMenu
SHELL32_CreateLinkInfoW
SHELL32_CreatePlaceholderFile
SHELL32_CreateQosRecorder
SHELL32_CreateSharePointView
SHELL32_Create_IEnumUICommand
SHELL32_DestroyLinkInfo
SHELL32_EncryptDirectory
SHELL32_EncryptedFileKeyInfo
SHELL32_EnumCommonTasks
SHELL32_FilePlaceholder_BindToPrimaryStream
SHELL32_FilePlaceholder_CreateInstance
SHELL32_FreeEncryptedFileKeyInfo
SHELL32_GenerateAppID
SHELL32_GetAppIDRoot
SHELL32_GetCommandProviderForFolderType
SHELL32_GetDPIAdjustedLogicalSize
SHELL32_GetDiskCleanupPath
SHELL32_GetFileNameFromBrowse
SHELL32_GetIconOverlayManager
SHELL32_GetLinkInfoData
SHELL32_GetPlaceholderStatesFromFileAttributesAndReparsePointTag
SHELL32_GetRatingBucket
SHELL32_GetSkyDriveNetworkStates
SHELL32_GetSqmableFileName
SHELL32_GetThumbnailAdornerFromFactory
SHELL32_GetThumbnailAdornerFromFactory2
SHELL32_HandleUnrecognizedFileSystem
SHELL32_IconCacheCreate
SHELL32_IconCacheDestroy
SHELL32_IconCacheHandleAssociationChanged
SHELL32_IconCacheRestore
SHELL32_IconCache_AboutToExtractIcons
SHELL32_IconCache_DoneExtractingIcons
SHELL32_IconCache_ExpandEnvAndSearchPath
SHELL32_IconCache_RememberRecentlyExtractedIconsW
SHELL32_IconOverlayManagerInit
SHELL32_IsGetKeyboardLayoutPresent
SHELL32_IsSystemUpgradeInProgress
SHELL32_IsValidLinkInfo
SHELL32_LegacyEnumSpecialTasksByType
SHELL32_LegacyEnumTasks
SHELL32_LookupBackIconIndex
SHELL32_LookupFrontIconIndex
SHELL32_NormalizeRating
SHELL32_NotifyLinkTrackingServiceOfMove
SHELL32_PifMgr_CloseProperties
SHELL32_PifMgr_GetProperties
SHELL32_PifMgr_OpenProperties
SHELL32_PifMgr_SetProperties
SHELL32_Printers_CreateBindInfo
SHELL32_Printjob_GetPidl
SHELL32_PurgeSystemIcon
SHELL32_RefreshOverlayImages
SHELL32_ResolveLinkInfoW
SHELL32_SHAddSparseIcon
SHELL32_SHCreateByValueOperationInterrupt
SHELL32_SHCreateDefaultContextMenu
SHELL32_SHCreateLocalServer
SHELL32_SHCreateShellFolderView
SHELL32_SHDuplicateEncryptionInfoFile
SHELL32_SHEncryptFile
SHELL32_SHFormatDriveAsync
SHELL32_SHGetThreadUndoManager
SHELL32_SHGetUserNameW
SHELL32_SHIsVirtualDevice
SHELL32_SHLaunchPropSheet
SHELL32_SHLogILFromFSIL
SHELL32_SHOpenWithDialog
SHELL32_SHStartNetConnectionDialogW
SHELL32_SHUICommandFromGUID
SHELL32_SendToMenu_InvokeTargetedCommand
SHELL32_SendToMenu_VerifyTargetedCommand
SHELL32_SetPlaceholderReparsePointAttribute
SHELL32_SetPlaceholderReparsePointAttribute2
SHELL32_ShowHideIconOnlyOnDesktop
SHELL32_SimpleRatingToFilterCondition
SHELL32_StampIconForFile
SHELL32_SuspendUndo
SHELL32_TryVirtualDiscImageDriveEject
SHELL32_UpdateFilePlaceholderStates
SHELL32_VerifySaferTrust
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StateRepoNewMenuCache_RebuildCacheAsync
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
UsersLibrariesFolderUI_CreateInstance
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Evil Cleaner/EvilCleaner.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Evil Cleaner/RESOURCES.PAS
Evil Cleaner/RESOURCES.dcu
Evil Cleaner/Unit3.dcu
Evil Cleaner/Unit3.dfm
Evil Cleaner/Unit3.pas
.js
Evil Cleaner/config.bdsproj
Evil Cleaner/config.bdsproj.local
Evil Cleaner/config.cfg
Evil Cleaner/config.dpr
Evil Cleaner/config.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lif
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Evil Cleaner/config.res
Evil Cleaner/icon.ico
Evil Cleaner/nvml/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Evil Cleaner/nvml/LICENCE.dat
.zip
Evil Cleaner/nvml/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Evil Cleaner/nvml/RESOURCES.PAS
Evil Cleaner/nvml/RESOURCES.dcu
Evil Cleaner/nvml/Unit3.dcu
Evil Cleaner/nvml/Unit3.dfm
Evil Cleaner/nvml/Unit3.pas
.js
Evil Cleaner/nvml/config.bdsproj
Evil Cleaner/nvml/config.bdsproj.local
Evil Cleaner/nvml/config.cfg
Evil Cleaner/nvml/config.dpr
Evil Cleaner/nvml/config.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lif
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Evil Cleaner/nvml/config.res
Evil Cleaner/nvml/ec.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xur
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Evil Cleaner/nvml/icon.ico
Evil Cleaner/nvml/stub/build.bat
Evil Cleaner/nvml/stub/cleaner.asm
Evil Cleaner/nvml/stub/cleaner.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lif
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Evil Cleaner/nvml/stub/filedamage.asm
Evil Cleaner/nvml/stub/funcs.asm
Evil Cleaner/nvml/stub/main.ico
Evil Cleaner/nvml/stub/manifest.xml
Evil Cleaner/nvml/stub/readopt.asm
Evil Cleaner/nvml/stub/recursive.asm
Evil Cleaner/nvml/stub/rsrc.rc
Evil Cleaner/nvml/stub/selfdelete.asm
Evil Cleaner/nvml/stub/stub.RES
Evil Cleaner/nvml/stub/stub.rc
Evil Cleaner/nvml/stub/wipe.asm
Evil Cleaner/stub/build.bat
Evil Cleaner/stub/cleaner.asm
Evil Cleaner/stub/cleaner.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lif
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Evil Cleaner/stub/filedamage.asm
Evil Cleaner/stub/funcs.asm
Evil Cleaner/stub/main.ico
Evil Cleaner/stub/manifest.xml
Evil Cleaner/stub/readopt.asm
Evil Cleaner/stub/recursive.asm
Evil Cleaner/stub/rsrc.rc
Evil Cleaner/stub/selfdelete.asm
Evil Cleaner/stub/stub.RES
Evil Cleaner/stub/stub.rc
Evil Cleaner/stub/wipe.asm
FF Stealer Steam cafe/CPFilters.dll
.dll regsvr32 windows:10 windows x64 arch:x64

7afea2ed1708d746b6cb468206853322

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CPFilters.pdb

Imports

msvcrt

_wtol
tolower
_CxxThrowException
wcschr
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
__CxxFrameHandler3
_onexit
_wcsnicmp
realloc
_XcptFilter
??1type_info@@UEAA@XZ
memcpy
memset
memcmp
_wcsicmp
memmove
sscanf_s
wcsncmp
isupper
wcsstr
swscanf
_beginthreadex
_endthread
swprintf_s
iswxdigit
swscanf_s
srand
wcsncpy_s
strnlen
strcat_s
wcstoul
wcscat_s
strncpy_s
wcsnlen
_time32
time
rand
??0exception@@QEAA@XZ
_vsnwprintf_s
_callnewh
malloc
free
__C_specific_handler
_vsnwprintf
memmove_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
memcpy_s
wcspbrk
wcscmp

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetPersistedStateLocation
RtlCaptureContext

advapi32

RegDeleteKeyW
CryptAcquireContextA
TraceMessage
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptGenRandom
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy

kernel32

DebugBreak
LocalAlloc
GlobalAlloc
GlobalFree
GetVersion
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetProcessHeap
HeapAlloc
FreeEnvironmentStringsW
DeviceIoControl
GetDiskFreeSpaceW
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
GetSystemTime
GetGeoInfoA
IsDebuggerPresent
RaiseException
WriteFile
ReadFile
lstrlenW
SetFilePointer
GlobalLock
GetFileSize
GlobalUnlock
CompareStringW
lstrlenA
FreeEnvironmentStringsA
TerminateProcess
ExpandEnvironmentStringsW
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DecodeSystemPointer
Sleep
OutputDebugStringW
EncodeSystemPointer
DeleteCriticalSection
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
ResumeThread
GetLastError
RaiseFailFastException
GetCurrentThread
CloseHandle
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetVersionExW
GetModuleFileNameA
MultiByteToWideChar
lstrcmpW
CreateEventW
ResetEvent
GetCurrentThreadId
SetEvent
CreateThread
GetTickCount
SetThreadPriority
lstrcmpiW
CompareFileTime
GetSystemTimeAsFileTime
WideCharToMultiByte
GetLocalTime
SystemTimeToFileTime
GetSystemFirmwareTable
LocalFree
GetTickCount64
GetModuleHandleExW
CreateFileW

ole32

CoFileTimeNow
PropVariantClear
CLSIDFromString
PropVariantCopy
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoTaskMemFree

oleaut32

SafeArrayGetUBound
SafeArrayDestroy
VariantCopy
VariantChangeType
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit
SafeArrayCreate
SysStringByteLen

slc

SLGetWindowsInformationDWORD

winmm

timeGetTime

wintrust

CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperProvDataFromStateData

mfplat

MFCreateCollection

ws2_32

htonl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UpdatePlayready

Sections

.text
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FF Stealer Steam cafe/FF Stealer Steam.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FF Stealer Steam cafe/Stub.exe
.exe windows:4 windows x86 arch:x86

492a06c008c5934c0d79b22ed115d11f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaAryMove
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaGetFxStr4
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
_CIsin
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaGet4
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaUbound
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord570
ord648
__vbaVar2Vec
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
ord616
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaCastObj
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FF Stealer Steam cafe/npnul32.dll
.dll windows:4 windows x86 arch:x86

0fd9166414b5501757f98738cd675bbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\builds\moz2_slave\rel-192-xr-w32-bld\build\obj-firefox\modules\plugin\default\windows\npnul32.pdb

Imports

kernel32

GetLocaleInfoA
MultiByteToWideChar
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
WriteFile
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
lstrcmpiA
lstrcatA
lstrcmpA
lstrlenA
LoadLibraryA
lstrcpyA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree

user32

GetDC
SendMessageA
ReleaseDC
MessageBoxA
SetWindowTextA
SetDlgItemTextA
GetDlgItem
EnableWindow
GetWindowRect
SetWindowPos
ScreenToClient
SetForegroundWindow
IsWindow
CreateWindowExA
ShowWindow
RegisterClassA
GetWindowLongA
DefWindowProcA
SetWindowLongA
CreateDialogParamA
BeginPaint
GetClientRect
DrawIcon
GetSysColor
DrawIconEx
EndPaint
DrawTextA
InvalidateRect
UpdateWindow
wsprintfA
DestroyWindow
DestroyIcon
LoadIconA
LoadStringA
UnregisterClassA

gdi32

Polyline
DeleteObject
GetStockObject
SelectObject
GetTextExtentPoint32A
LPtoDP
SetBkMode
SetTextColor
CreatePen

advapi32

RegSetValueExA
RegCreateKeyA
RegQueryValueExA

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FF Stealer Steam cafe/opengl32/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FF Stealer Steam cafe/opengl32/Jint.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\jint\Jint\obj\Release\net451\Jint.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FF Stealer Steam cafe/opengl32/LICENCE.dat
.zip
FF Stealer Steam cafe/opengl32/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FF Stealer Steam cafe/opengl32/Stub.exe
.exe windows:4 windows x86 arch:x86

492a06c008c5934c0d79b22ed115d11f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaAryMove
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaGetFxStr4
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
_CIsin
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaGet4
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaUbound
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord570
ord648
__vbaVar2Vec
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
ord616
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaCastObj
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FF Stealer Steam cafe/opengl32/designmode.css
FF Stealer Steam cafe/opengl32/ffs.exe
.exe windows:4 windows x86 arch:x86

dcfc4dd6526a5e7f95c6fa7885d0019f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaPutOwner3
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVar2Vec
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
__vbaPutFxStr4
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FF Stealer Steam cafe/opengl32/security-prefs.js
FF Stealer Steam cafe/verifier.exe
.exe windows:10 windows x64 arch:x64

764666dda4c898a2706331fb42d3893d

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8
Signer

Actual PE Digest

d9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

verifier.pdb

Imports

msvcrt

memcmp
__wgetmainargs
_XcptFilter
_amsg_exit
__set_app_type
_wsetlocale
?terminate@@YAXXZ
_commode
_fmode
swprintf_s
wcscat_s
_wfullpath
wcschr
_wcsicmp
memcpy
wcsrchr
wcscpy_s
_ltow_s
_ultow_s
wcsstr
_vsnwprintf
memmove
__C_specific_handler
wcsnlen
exit
_initterm
_exit
memcpy_s
wcstok_s
malloc
free
wcsncat_s
bsearch
wcsncmp
_cexit
_wcsnicmp
__setusermatherr
memset

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetTickCount
GetSystemDirectoryW
GetVersionExW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
GetFileType
WriteFile

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetStdHandle
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

ntdll

RtlCheckRegistryKey
RtlWriteRegistryValue
RtlAllocateHeap
RtlGetPersistedStateLocation
DbgPrint
NtQuerySystemInformation
RtlStringFromGUID
NtClose
NtDelayExecution
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlCreateRegistryKey
RtlEqualUnicodeString
RtlNtStatusToDosError
RtlAppendUnicodeToString
RtlQueryRegistryValuesEx
RtlDeleteRegistryValue
RtlCreateUnicodeString
RtlRandomEx
RtlSetAllBits
RtlCopyUnicodeString
RtlTestBit
RtlInitUnicodeString
NtSetSystemInformation
RtlUnicodeStringToInteger
NtQueryInformationToken
NtOpenProcessToken
NtAdjustPrivilegesToken
RtlSetBit
RtlInitializeBitMap
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlFreeHeap

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-security-lsalookup-ansi-l2-1-0

LookupPrivilegeValueA

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegSetKeySecurity
RegQueryValueExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FindResourceExW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
LoadResource
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileZilla Stealer 1.0 PUBLIC/BFE.DLL
.dll windows:10 windows x64 arch:x64

af3ccebee341bc1634b9269a2d4ab01d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bfe.pdb

Imports

msvcrt

_initterm
__C_specific_handler
wcscspn
_wcslwr
bsearch
_ultoa_s
strpbrk
strstr
sprintf_s
isprint
_ltoa_s
_i64toa_s
_ui64toa_s
wprintf
memmove
memcpy
malloc
memcmp
log
wcstoul
_vsnprintf
_vsnwprintf
_wcsicmp
free
wcstol
qsort
_amsg_exit
iswctype
_XcptFilter
wcschr
_wcsnicmp
_ultow
tolower
wcsnlen
memset

ntdll

NtQueryObject
RtlGetSaclSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlNumberOfSetBits
RtlInitializeBitMap
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmAddToStream
RtlValidSid
RtlLengthSid
NtDeviceIoControlFile
RtlAllocateHeap
RtlInitializeSRWLock
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlGetCurrentServiceSessionId
RtlCreateHashTable
RtlDeleteHashTable
RtlInsertEntryHashTable
RtlRemoveEntryHashTable
RtlLookupEntryHashTable
RtlGetNextEntryHashTable
RtlInitEnumerationHashTable
RtlEnumerateEntryHashTable
RtlEndEnumerationHashTable
RtlContractHashTable
RtlGetOwnerSecurityDescriptor
RtlAdjustPrivilege
RtlAbsoluteToSelfRelativeSD
RtlSetOwnerSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlCreateServiceSid
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlSubAuthorityCountSid
TpReleaseTimer
TpWaitForTimer
RtlFreeHeap
RtlIpv4AddressToStringA
RtlIpv6AddressToStringA
RtlEthernetAddressToStringA
TpSetTimer
TpIsTimerSet
TpAllocTimer
RtlEqualSid
RtlLengthSecurityDescriptor
RtlApplicationVerifierStop
EtwEventEnabled
EtwEventWriteTransfer
EtwEventWrite
EtwEventActivityIdControl
EtwEventUnregister
EtwEventRegister
RtlNtStatusToDosError
EtwTraceMessage
RtlExpandHashTable
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlSetThreadPreferredUILanguages

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
CreateThread
TlsGetValue
GetCurrentThread
OpenThreadToken
TlsSetValue
GetCurrentProcess
TerminateProcess
TlsFree
TlsAlloc
GetProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SetEvent
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSRWLockExclusive

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
DeleteTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-security-base-l1-1-0

DestroyPrivateObjectSecurity
GetPrivateObjectSecurity
GetSecurityDescriptorControl
CreatePrivateObjectSecurityEx
GetSecurityDescriptorLength
SetSecurityDescriptorControl
SetPrivateObjectSecurityEx
MapGenericMask
PrivilegeCheck
EqualSid
CopySid
InitializeSecurityDescriptor
AllocateAndInitializeSid
CreateWellKnownSid
FreeSid
InitializeAcl
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorDacl

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapFree
GetProcessHeap
HeapSize
HeapCreate
HeapReAlloc

rpcrt4

RpcRaiseException
RpcImpersonateClient
RpcServerInqCallAttributesW
UuidCreate
RpcGetAuthorizationContextForClient
RpcBindingVectorFree
RpcServerUnregisterIfEx
RpcFreeAuthorizationContext
RpcEpUnregister
NdrServerCallAll
NdrServerCall2
RpcServerUseProtseqW
RpcServerRegisterIf3
I_RpcExceptionFilter
MesHandleFree
RpcServerInqBindings
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
UuidFromStringW
RpcRevertToSelf
NdrMesTypeEncode3
NdrMesTypeDecode3
I_RpcBindingInqLocalClientPID
RpcEpRegisterW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

authz

AuthzGetInformationFromContext
AuthzAccessCheck
AuthziFreeAuditEventType
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid
AuthzFreeAuditEvent
AuthziLogAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditEvent

ws2_32

htonl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

iphlpapi

GetCurrentThreadCompartmentId

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
DeleteFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-perfcounters-l1-1-0

PerfCreateInstance
PerfStartProvider
PerfSetULongLongCounterValue
PerfSetULongCounterValue
PerfStopProvider
PerfSetCounterSetInfo

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegEnumValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BfeGetDirectDispatchTable
BfeOnServiceStartTypeChange
BfeServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileZilla Stealer 1.0 PUBLIC/FileZilla Stealer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileZilla Stealer 1.0 PUBLIC/Screenshot.png
.png
FileZilla Stealer 1.0 PUBLIC/Thumbs.db
FileZilla Stealer 1.0 PUBLIC/browscap.ini
FileZilla Stealer 1.0 PUBLIC/freebl3.dll
.dll windows:4 windows x86 arch:x86

da969613bbea53d40006f5732f1bd8f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\builds\moz2_slave\rel-192-xr-w32-bld\build\obj-firefox\nss\freebl\WIN95_SINGLE_SHLIB\freebl3.pdb

Imports

nssutil3

SECITEM_CompareItem_Util
PORT_GetError_Util
SECITEM_ZfreeItem_Util
SECITEM_FreeItem_Util
SECITEM_CopyItem_Util
PORT_NewArena_Util
PORT_ArenaZAlloc_Util
PORT_FreeArena_Util
SECITEM_AllocItem_Util
PORT_ZFree_Util
PORT_ZAlloc_Util
PORT_SetError_Util
PORT_Free_Util
PORT_Alloc_Util

nspr4

PR_GetLibraryFilePathname
PR_Seek
PR_Free
PR_Lock
PR_Unlock
PR_CallOnce
PR_NewLock
PR_DestroyLock
PR_Open
PR_Read
PR_Close

shell32

SHGetSpecialFolderPathW

mozcrt19

_time64
_stat64i32
memcpy
_snwprintf
fclose
fread
fopen
memset
strncmp
rand
free
malloc
abort
calloc
islower
isupper
isdigit
toupper
_strdup
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common

kernel32

GlobalMemoryStatus
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryA
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetLogicalDrives
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetVolumeInformationA
GetDiskFreeSpaceA
WideCharToMultiByte
GetTempPathW
FindFirstFileW
FindNextFileW
FindClose
GetTickCount

Exports

Exports

FREEBL_GetVector

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileZilla Stealer 1.0 PUBLIC/security-prefs.js
FileZilla Stealer 1.0 PUBLIC/send.php
FileZilla Stealer 1.0 PUBLIC/stub.dll
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileZilla Stealer 1.0 PUBLIC/xpidl/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileZilla Stealer 1.0 PUBLIC/xpidl/LICENCE.dat
.zip
FileZilla Stealer 1.0 PUBLIC/xpidl/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileZilla Stealer 1.0 PUBLIC/xpidl/Screenshot.png
.png
FileZilla Stealer 1.0 PUBLIC/xpidl/Thumbs.db
FileZilla Stealer 1.0 PUBLIC/xpidl/fs.exe
.exe windows:5 windows x86 arch:x86

27829aa329af2b25059a56b7007516bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\memtest\MemoryModule08\example\DllLoader\Release\DllLoader.pdb

Imports

kernel32

RaiseException
GetLastError
IsBadReadPtr
VirtualProtect
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateFileA
CreateFileW
GetModuleHandleW
VirtualAlloc
VirtualFree
HeapFree
GetProcessHeap
FreeLibrary
HeapAlloc
HeapReAlloc
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ReadFile
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileZilla Stealer 1.0 PUBLIC/xpidl/send.php
FileZilla Stealer 1.0 PUBLIC/xpidl/stub.dll
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fly Stealer 0.1/Fly Stealer 0.1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fly Stealer 0.1/PHP/config.php
Fly Stealer 0.1/PHP/index.php
.ps1
Fly Stealer 0.1/PHP/install.php
Fly Stealer 0.1/PHP/style_dark.css
Fly Stealer 0.1/PHP/style_light.css
Fly Stealer 0.1/Screenshot.jpg
Fly Stealer 0.1/pnpclean/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fly Stealer 0.1/pnpclean/LICENCE.dat
.zip
Fly Stealer 0.1/pnpclean/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fly Stealer 0.1/pnpclean/PHP/config.php
Fly Stealer 0.1/pnpclean/PHP/index.php
.ps1
Fly Stealer 0.1/pnpclean/PHP/install.php
Fly Stealer 0.1/pnpclean/PHP/style_dark.css
Fly Stealer 0.1/pnpclean/PHP/style_light.css
Fly Stealer 0.1/pnpclean/Screenshot.jpg
Fly Stealer 0.1/pnpclean/flys.exe
.exe windows:4 windows x86 arch:x86

9e8bc9f80dc47e7cec5e7af6dedb3a83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryDestruct
ord593
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord599
__vbaBoolVar
_CIsin
ord631
__vbaErase
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaR8Str
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
ord616
__vbaFpI4
__vbaVarCopy
ord617
__vbaLateMemCallLd
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
__vbaCastObj
__vbaR8IntI4
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Fly Stealer 0.1/utils.js
.js
Fly Stealer 0.1/verifier.exe
.exe windows:10 windows x64 arch:x64

764666dda4c898a2706331fb42d3893d

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8
Signer

Actual PE Digest

d9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

verifier.pdb

Imports

msvcrt

memcmp
__wgetmainargs
_XcptFilter
_amsg_exit
__set_app_type
_wsetlocale
?terminate@@YAXXZ
_commode
_fmode
swprintf_s
wcscat_s
_wfullpath
wcschr
_wcsicmp
memcpy
wcsrchr
wcscpy_s
_ltow_s
_ultow_s
wcsstr
_vsnwprintf
memmove
__C_specific_handler
wcsnlen
exit
_initterm
_exit
memcpy_s
wcstok_s
malloc
free
wcsncat_s
bsearch
wcsncmp
_cexit
_wcsnicmp
__setusermatherr
memset

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetTickCount
GetSystemDirectoryW
GetVersionExW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
GetFileType
WriteFile

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetStdHandle
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

ntdll

RtlCheckRegistryKey
RtlWriteRegistryValue
RtlAllocateHeap
RtlGetPersistedStateLocation
DbgPrint
NtQuerySystemInformation
RtlStringFromGUID
NtClose
NtDelayExecution
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlCreateRegistryKey
RtlEqualUnicodeString
RtlNtStatusToDosError
RtlAppendUnicodeToString
RtlQueryRegistryValuesEx
RtlDeleteRegistryValue
RtlCreateUnicodeString
RtlRandomEx
RtlSetAllBits
RtlCopyUnicodeString
RtlTestBit
RtlInitUnicodeString
NtSetSystemInformation
RtlUnicodeStringToInteger
NtQueryInformationToken
NtOpenProcessToken
NtAdjustPrivilegesToken
RtlSetBit
RtlInitializeBitMap
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlFreeHeap

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-security-lsalookup-ansi-l2-1-0

LookupPrivilegeValueA

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegSetKeySecurity
RegQueryValueExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FindResourceExW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
LoadResource
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 424KB - Virtual size: 424KB

.reloc Size: 512B - Virtual size: 12B

Code Sign

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8Certificate

Extended Key Usages

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

12:d2:c0:c3:6a:55:48:a4:1b:0b:eb:ca:b3:f8:f9:7a:03:fe:51:cbSigner

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 29KB - Virtual size: 28KB

6040dc80a09960397e448f384516c856

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

gdi32

advapi32

user32

d2d1

dwrite

cfgmgr32

msacm32

dwmapi

pdh

secur32

version

uxtheme

setupapi

iphlpapi

rpcrt4

dxgi

imm32

ncrypt

netapi32

d3d11

bcrypt

api-ms-win-core-path-l1-1-0

Exports

Exports

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 61KB - Virtual size: 105KB

.pdata Size: 173KB - Virtual size: 172KB

.didat Size: 3KB - Virtual size: 3KB

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 49KB - Virtual size: 49KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 424KB - Virtual size: 424KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8
Certificate

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

12:d2:c0:c3:6a:55:48:a4:1b:0b:eb:ca:b3:f8:f9:7a:03:fe:51:cb
Signer

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 61KB - Virtual size: 105KB

.pdata
Size: 173KB - Virtual size: 172KB

.didat
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 49KB - Virtual size: 49KB

.text
Size: 186KB - Virtual size: 185KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 478KB - Virtual size: 477KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 186KB - Virtual size: 185KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 242KB - Virtual size: 241KB

.rsrc
Size: 1024B - Virtual size: 668B

.reloc
Size: 512B - Virtual size: 12B