H:\git\dexzunpacker
Behavioral task
behavioral1
Sample
Downloads.7z
Resource
win10ltsc2021-20250314-en
exelastealercollectiondefense_evasiondiscoverypersistenceprivilege_escalationpyinstallerspywarestealerthemidatrojanupx
windows10-ltsc_2021-x64
58 signatures
300 seconds
General
-
Target
Downloads.7z
-
Size
16.3MB
-
MD5
cc798524e187788ba6b686aee93c35cf
-
SHA1
62e7dcf962fdd52d5a83098388c775f01e2e27f5
-
SHA256
81754a6a8b7295417ed8cc297177cb90563618527a824bede2cf002f321897e0
-
SHA512
190263d0f747256959d184e30f0f14097c2c221b64e99c756eaa49fbcd19ffd506139fbb433137c01dff8e56fcead4823e4be50592e9311aa4b3de7ac63bd535
-
SSDEEP
393216:pCLdPp82W8dn5slBUS2gB4gPRiRZpUL1jTS2Svhj125hsmw2:prCniXUtgBV+ZaTmjs9
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/RippleSpoofer.exe themida -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/RippleSpoofer.exe unpack001/nigg.exe
Files
-
Downloads.7z.7z
-
RippleSpoofer.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: - Virtual size: 5.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 11.6MB - Virtual size: 11.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 7.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
nigg.exe.exe windows:6 windows x64 arch:x64
b046ada30a55647ce37232cfc87630a0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
NtOpenThreadToken
NtTestAlert
NtPowerInformation
NtSetInformationToken
RtlSubAuthorityCountSid
RtlFreeSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlLengthSid
NtCreateSection
RtlQueryElevationFlags
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlTimeToSecondsSince1980
NtCreateDirectoryObject
RtlGUIDFromString
NtDuplicateToken
RtlRandomEx
RtlTimeToTimeFields
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
LdrFindResource_U
RtlDestroyProcessParameters
RtlGetFullPathName_UEx
RtlFindMessage
RtlStringFromGUID
RtlCreateProcessParameters
RtlNtStatusToDosError
RtlCreateUserProcess
RtlGetDaclSecurityDescriptor
RtlIpv4AddressToStringW
LdrAccessResource
RtlUnicodeToMultiByteN
RtlUpcaseUnicodeChar
NtAllocateVirtualMemory
RtlReAllocateHeap
NtDelayExecution
RtlUTF8ToUnicodeN
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlCreateUserThread
RtlUnicodeToMultiByteSize
RtlUnicodeToUTF8N
RtlInterlockedPopEntrySList
RtlGetVersion
RtlCreateTimerQueue
NtUnlockFile
NtSetInformationFile
NtLockFile
NtFlushBuffersFile
NtQueryInformationFile
NtGetContextThread
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
NtQueryValueKey
NtQueryKey
NtDeleteKey
NtOpenProcessToken
NtOpenThread
RtlQueueApcWow64Thread
RtlAppendUnicodeStringToString
NtOpenSymbolicLinkObject
NtEnumerateKey
NtUnloadDriver
NtEnumerateValueKey
RtlAppendUnicodeToString
RtlDestroyQueryDebugBuffer
NtOpenKey
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
RtlQueryProcessDebugInformation
NtOpenProcess
NtCreateNamedPipeFile
NtSetSecurityObject
RtlQueryEnvironmentVariable_U
NtDeleteValueKey
NtQueryAttributesFile
NtOpenDirectoryObject
RtlGetUnloadEventTraceEx
NtFsControlFile
NtQueryDirectoryObject
NtAdjustGroupsToken
RtlCreateQueryDebugBuffer
NtLoadKeyEx
NtCreateKey
NtQueueApcThreadEx
NtCreateFile
NtQueryDirectoryFile
NtOpenSection
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
NtAlertResumeThread
NtQueryFullAttributesFile
NtSetInformationObject
NtDeviceIoControlFile
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
NtClearEvent
NtQueryObject
NtCreateSemaphore
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMapGenericMask
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
NtSetTimer
NtAlertThread
NtCreateTimer
RtlNtStatusToDosErrorNoTeb
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlFirstEntrySList
NtQueryInformationToken
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
RtlEqualSid
NtCreateMutant
RtlSetCurrentDirectory_U
RtlSetUnhandledExceptionFilter
RtlExitUserProcess
NtAdjustPrivilegesToken
NtOpenMutant
NtSystemDebugControl
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtQueryMutant
NtQueryVolumeInformationFile
NtMapViewOfSection
NtQuerySection
NtGetNextProcess
RtlDeleteTimer
RtlCreateTimer
RtlUpdateTimer
RtlSetHeapInformation
RtlInitializeCriticalSection
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtAlpcQueryInformation
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtShutdownSystem
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtSetInformationThread
NtResumeProcess
NtTerminateThread
NtRemoveProcessDebug
NtQueryInformationProcess
NtSuspendThread
NtFreeVirtualMemory
RtlExpandEnvironmentStrings_U
RtlSecondsSince1970ToTime
kernel32
HeapSize
CreateFileW
CloseHandle
FlushFileBuffers
GetProcessHeap
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
SetStdHandle
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
GetCPInfo
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetFileType
SetFilePointerEx
GetFileSizeEx
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ReadFile
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LoadLibraryExW
GetDateFormatW
CreateProcessW
GetTimeFormatW
GetNumberFormatW
GetLocaleInfoW
SearchPathW
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
LocalFree
GetLastError
SetEndOfFile
Exports
Exports
PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddJsonArrayObject
PhAddJsonObject
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewGroup
PhAddListViewGroupItem
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSetting
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppResolverGetAppIdForWindow
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBoostProvider
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCacheDirectory
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearIgnoredSettings
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConnectPipe
PhConvertIgnoredSettings
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateCacheFile
PhCreateDirectory
PhCreateEMenu
PhCreateEMenuItem
PhCreateFile
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateJsonArray
PhCreateJsonObject
PhCreateJsonParser
PhCreateKey
PhCreateList
PhCreateNamedPipe
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePipe
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSearchControl
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCreateThread2
PhCreateThreadEx
PhDecodeUnicodeDecoder
PhDelayExecution
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCacheFile
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteDirectory
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDetermineDosPathNameType
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDnsFree
PhDnsQuery
PhDoPropPageLayout
PhDoesFileExistsWin32
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDrawTrayIconText
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumChildWindows
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHandlesEx2
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEnumWindows
PhEnumerateKey
PhEnumerateValueKey
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExecuteRunAsCommand3
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhExtractIcon
PhExtractIconEx
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreeJsonParser
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetApplicationIcon
PhGetBaseDirectory
PhGetBaseName
PhGetClassObject
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDialogItemValue
PhGetDllFileName
PhGetDllHandle
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEtwPublisherName
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFilePosition
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalTimerQueue
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetJsonArrayIndexObject
PhGetJsonArrayLength
PhGetJsonArrayLong64
PhGetJsonArrayString
PhGetJsonObject
PhGetJsonObjectAsArrayList
PhGetJsonObjectBool
PhGetJsonObjectLength
PhGetJsonObjectType
PhGetJsonValueAsLong64
PhGetJsonValueAsString
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetListViewItemText
PhGetMappedImageCfg
PhGetMappedImageCfgEntry
PhGetMappedImageExportFunction
PhGetMappedImageExports
PhGetMappedImageLoadConfig32
PhGetMappedImageLoadConfig64
PhGetMessage
PhGetModuleFromAddress
PhGetModuleProcAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionHash
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginFileName
PhGetPluginInformation
PhGetPluginName
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddress
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessDeviceMap
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessInformationCache
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessKnownTypeEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessUnloadedDlls
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceDllParameter
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStatusMessage
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenIntegrityLevelRID
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowContext
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleCopyCellEMenuItem
PhHandleCopyListViewEMenuItem
PhHandleListViewNotifyBehaviors
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHexStringToBuffer
PhHexStringToBufferEx
PhHttpDnsQuery
PhHttpSocketAddRequestHeaders
PhHttpSocketBeginRequest
PhHttpSocketConnect
PhHttpSocketCreate
PhHttpSocketDestroy
PhHttpSocketDownloadString
PhHttpSocketEndRequest
PhHttpSocketGetErrorMessage
PhHttpSocketParseUrl
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhHttpSocketQueryHeaders
PhHttpSocketQueryOptionString
PhHttpSocketReadData
PhHttpSocketReadDataToBuffer
PhHttpSocketSendRequest
PhHttpSocketSetCredentials
PhHttpSocketSetFeature
PhHttpSocketSetSecurity
PhHttpSocketWriteData
PhHungWindowFromGhostWindow
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeMappedImage
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeThemeWindowHeader
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWindowTheme
PhInitializeWindowThemeStatusBar
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInsertCopyCellEMenuItem
PhInsertCopyListViewEMenuItem
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 529KB - Virtual size: 528KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 129KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ