atpbtqwlcs_tmp.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 0.8
5.  
6. [*] File Name: "atpbtqwlcs.tmp"
7. [*] File Size: 922112
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "e8730b0bf8f94cbb8babbfefb32cef8e8d19ec823f28c33a7d48c78589710762"
10. [*] MD5: "f8b110dc2063d3b29502aa7042d26122"
11. [*] SHA1: "1a0fd3db79eadc1ce714f6267d476ddbec0f5e79"
12. [*] SHA512: "f3125d3f575aff68105ebb3eadbce30547d34e12237d8ebbc555c6fe12bcc0a5ea85a38e26f2900d70af70ec07efde3b8cd65dc0fdada637496531245ea5052f"
13. [*] CRC32: "4A8D3BB9"
14. [*] SSDEEP: "24576:dkHgKPNrPA37hzHIA6/oR36vln6sYEubnhRgZtnTZDExa/:d6frPA37hzHIA6/3UvjhRgZ9Te"
15.  
16. [*] Process Execution: [
17. "atpbtqwlcs.tmp"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Creates RWX memory",
23. "Details": []
24. },
25. {
26. "Description": "Reads data out of its own binary image",
27. "Details": [
28. {
29. "self_read": "process: atpbtqwlcs.tmp, pid: 1464, offset: 0x00000030, length: 0x00000004"
30. }
31. ]
32. }
33. ]
34.  
35. [*] Started Service: []
36.  
37. [*] Executed Commands: []
38.  
39. [*] Mutexes: [
40. "CicLoadWinStaWinSta0",
41. "Local\\MSCTF.CtfMonitorInstMutexDefault1"
42. ]
43.  
44. [*] Modified Files: []
45.  
46. [*] Deleted Files: []
47.  
48. [*] Modified Registry Keys: []
49.  
50. [*] Deleted Registry Keys: []
51.  
52. [*] DNS Communications: []
53.  
54. [*] Domains: []
55.  
56. [*] Network Communication - ICMP: []
57.  
58. [*] Network Communication - HTTP: []
59.  
60. [*] Network Communication - SMTP: []
61.  
62. [*] Network Communication - Hosts: []
63.  
64. [*] Network Communication - IRC: []
65.  
66. [*] Static Analysis: {
67. "pe": {
68. "peid_signatures": null,
69. "imports": [
70. {
71. "imports": [
72. {
73. "name": "DeleteCriticalSection",
74. "address": "0x4d117c"
75. },
76. {
77. "name": "LeaveCriticalSection",
78. "address": "0x4d1180"
79. },
80. {
81. "name": "EnterCriticalSection",
82. "address": "0x4d1184"
83. },
84. {
85. "name": "InitializeCriticalSection",
86. "address": "0x4d1188"
87. },
88. {
89. "name": "VirtualFree",
90. "address": "0x4d118c"
91. },
92. {
93. "name": "VirtualAlloc",
94. "address": "0x4d1190"
95. },
96. {
97. "name": "LocalFree",
98. "address": "0x4d1194"
99. },
100. {
101. "name": "LocalAlloc",
102. "address": "0x4d1198"
103. },
104. {
105. "name": "WideCharToMultiByte",
106. "address": "0x4d119c"
107. },
108. {
109. "name": "TlsSetValue",
110. "address": "0x4d11a0"
111. },
112. {
113. "name": "TlsGetValue",
114. "address": "0x4d11a4"
115. },
116. {
117. "name": "MultiByteToWideChar",
118. "address": "0x4d11a8"
119. },
120. {
121. "name": "GetModuleHandleA",
122. "address": "0x4d11ac"
123. },
124. {
125. "name": "GetModuleFileNameA",
126. "address": "0x4d11b0"
127. },
128. {
129. "name": "GetLastError",
130. "address": "0x4d11b4"
131. },
132. {
133. "name": "GetCommandLineA",
134. "address": "0x4d11b8"
135. },
136. {
137. "name": "WriteFile",
138. "address": "0x4d11bc"
139. },
140. {
141. "name": "SetFilePointer",
142. "address": "0x4d11c0"
143. },
144. {
145. "name": "SetEndOfFile",
146. "address": "0x4d11c4"
147. },
148. {
149. "name": "RtlUnwind",
150. "address": "0x4d11c8"
151. },
152. {
153. "name": "ReadFile",
154. "address": "0x4d11cc"
155. },
156. {
157. "name": "RaiseException",
158. "address": "0x4d11d0"
159. },
160. {
161. "name": "GetStdHandle",
162. "address": "0x4d11d4"
163. },
164. {
165. "name": "GetFileSize",
166. "address": "0x4d11d8"
167. },
168. {
169. "name": "GetSystemTime",
170. "address": "0x4d11dc"
171. },
172. {
173. "name": "GetFileType",
174. "address": "0x4d11e0"
175. },
176. {
177. "name": "ExitProcess",
178. "address": "0x4d11e4"
179. },
180. {
181. "name": "CreateFileA",
182. "address": "0x4d11e8"
183. },
184. {
185. "name": "CloseHandle",
186. "address": "0x4d11ec"
187. }
188. ],
189. "dll": "kernel32.dll"
190. },
191. {
192. "imports": [
193. {
194. "name": "MessageBoxA",
195. "address": "0x4d11f4"
196. }
197. ],
198. "dll": "user32.dll"
199. },
200. {
201. "imports": [
202. {
203. "name": "SafeArrayPutElement",
204. "address": "0x4d11fc"
205. },
206. {
207. "name": "SafeArrayCreate",
208. "address": "0x4d1200"
209. },
210. {
211. "name": "VariantChangeTypeEx",
212. "address": "0x4d1204"
213. },
214. {
215. "name": "VariantCopyInd",
216. "address": "0x4d1208"
217. },
218. {
219. "name": "VariantClear",
220. "address": "0x4d120c"
221. },
222. {
223. "name": "SysStringLen",
224. "address": "0x4d1210"
225. },
226. {
227. "name": "SysAllocStringLen",
228. "address": "0x4d1214"
229. }
230. ],
231. "dll": "oleaut32.dll"
232. },
233. {
234. "imports": [
235. {
236. "name": "RegSetValueExA",
237. "address": "0x4d121c"
238. },
239. {
240. "name": "RegQueryValueExA",
241. "address": "0x4d1220"
242. },
243. {
244. "name": "RegQueryInfoKeyA",
245. "address": "0x4d1224"
246. },
247. {
248. "name": "RegOpenKeyExA",
249. "address": "0x4d1228"
250. },
251. {
252. "name": "RegEnumValueA",
253. "address": "0x4d122c"
254. },
255. {
256. "name": "RegEnumKeyExA",
257. "address": "0x4d1230"
258. },
259. {
260. "name": "RegDeleteValueA",
261. "address": "0x4d1234"
262. },
263. {
264. "name": "RegDeleteKeyA",
265. "address": "0x4d1238"
266. },
267. {
268. "name": "RegCreateKeyExA",
269. "address": "0x4d123c"
270. },
271. {
272. "name": "RegCloseKey",
273. "address": "0x4d1240"
274. },
275. {
276. "name": "OpenThreadToken",
277. "address": "0x4d1244"
278. },
279. {
280. "name": "OpenProcessToken",
281. "address": "0x4d1248"
282. },
283. {
284. "name": "LookupPrivilegeValueA",
285. "address": "0x4d124c"
286. },
287. {
288. "name": "GetUserNameA",
289. "address": "0x4d1250"
290. },
291. {
292. "name": "GetTokenInformation",
293. "address": "0x4d1254"
294. },
295. {
296. "name": "FreeSid",
297. "address": "0x4d1258"
298. },
299. {
300. "name": "EqualSid",
301. "address": "0x4d125c"
302. },
303. {
304. "name": "AllocateAndInitializeSid",
305. "address": "0x4d1260"
306. }
307. ],
308. "dll": "advapi32.dll"
309. },
310. {
311. "imports": [
312. {
313. "name": "lstrcmpA",
314. "address": "0x4d1268"
315. },
316. {
317. "name": "WriteProfileStringA",
318. "address": "0x4d126c"
319. },
320. {
321. "name": "WritePrivateProfileStringA",
322. "address": "0x4d1270"
323. },
324. {
325. "name": "WriteFile",
326. "address": "0x4d1274"
327. },
328. {
329. "name": "WaitForSingleObject",
330. "address": "0x4d1278"
331. },
332. {
333. "name": "VirtualFree",
334. "address": "0x4d127c"
335. },
336. {
337. "name": "VirtualAlloc",
338. "address": "0x4d1280"
339. },
340. {
341. "name": "UnmapViewOfFile",
342. "address": "0x4d1284"
343. },
344. {
345. "name": "TransactNamedPipe",
346. "address": "0x4d1288"
347. },
348. {
349. "name": "TerminateThread",
350. "address": "0x4d128c"
351. },
352. {
353. "name": "TerminateProcess",
354. "address": "0x4d1290"
355. },
356. {
357. "name": "Sleep",
358. "address": "0x4d1294"
359. },
360. {
361. "name": "SizeofResource",
362. "address": "0x4d1298"
363. },
364. {
365. "name": "SetNamedPipeHandleState",
366. "address": "0x4d129c"
367. },
368. {
369. "name": "SetLastError",
370. "address": "0x4d12a0"
371. },
372. {
373. "name": "SetFileTime",
374. "address": "0x4d12a4"
375. },
376. {
377. "name": "SetFilePointer",
378. "address": "0x4d12a8"
379. },
380. {
381. "name": "SetFileAttributesA",
382. "address": "0x4d12ac"
383. },
384. {
385. "name": "SetErrorMode",
386. "address": "0x4d12b0"
387. },
388. {
389. "name": "SetEndOfFile",
390. "address": "0x4d12b4"
391. },
392. {
393. "name": "SetCurrentDirectoryA",
394. "address": "0x4d12b8"
395. },
396. {
397. "name": "RemoveDirectoryA",
398. "address": "0x4d12bc"
399. },
400. {
401. "name": "ReleaseMutex",
402. "address": "0x4d12c0"
403. },
404. {
405. "name": "ReadFile",
406. "address": "0x4d12c4"
407. },
408. {
409. "name": "QueryPerformanceCounter",
410. "address": "0x4d12c8"
411. },
412. {
413. "name": "OpenProcess",
414. "address": "0x4d12cc"
415. },
416. {
417. "name": "OpenMutexA",
418. "address": "0x4d12d0"
419. },
420. {
421. "name": "MultiByteToWideChar",
422. "address": "0x4d12d4"
423. },
424. {
425. "name": "MulDiv",
426. "address": "0x4d12d8"
427. },
428. {
429. "name": "MoveFileExA",
430. "address": "0x4d12dc"
431. },
432. {
433. "name": "MoveFileA",
434. "address": "0x4d12e0"
435. },
436. {
437. "name": "MapViewOfFile",
438. "address": "0x4d12e4"
439. },
440. {
441. "name": "LockResource",
442. "address": "0x4d12e8"
443. },
444. {
445. "name": "LocalFree",
446. "address": "0x4d12ec"
447. },
448. {
449. "name": "LocalFileTimeToFileTime",
450. "address": "0x4d12f0"
451. },
452. {
453. "name": "LoadResource",
454. "address": "0x4d12f4"
455. },
456. {
457. "name": "LoadLibraryExA",
458. "address": "0x4d12f8"
459. },
460. {
461. "name": "LoadLibraryA",
462. "address": "0x4d12fc"
463. },
464. {
465. "name": "IsDBCSLeadByte",
466. "address": "0x4d1300"
467. },
468. {
469. "name": "IsBadWritePtr",
470. "address": "0x4d1304"
471. },
472. {
473. "name": "GlobalUnlock",
474. "address": "0x4d1308"
475. },
476. {
477. "name": "GlobalReAlloc",
478. "address": "0x4d130c"
479. },
480. {
481. "name": "GlobalHandle",
482. "address": "0x4d1310"
483. },
484. {
485. "name": "GlobalLock",
486. "address": "0x4d1314"
487. },
488. {
489. "name": "GlobalFree",
490. "address": "0x4d1318"
491. },
492. {
493. "name": "GlobalDeleteAtom",
494. "address": "0x4d131c"
495. },
496. {
497. "name": "GlobalAlloc",
498. "address": "0x4d1320"
499. },
500. {
501. "name": "GlobalAddAtomA",
502. "address": "0x4d1324"
503. },
504. {
505. "name": "GetWindowsDirectoryA",
506. "address": "0x4d1328"
507. },
508. {
509. "name": "GetVersionExA",
510. "address": "0x4d132c"
511. },
512. {
513. "name": "GetVersion",
514. "address": "0x4d1330"
515. },
516. {
517. "name": "GetUserDefaultLangID",
518. "address": "0x4d1334"
519. },
520. {
521. "name": "GetTickCount",
522. "address": "0x4d1338"
523. },
524. {
525. "name": "GetSystemTimeAsFileTime",
526. "address": "0x4d133c"
527. },
528. {
529. "name": "GetSystemInfo",
530. "address": "0x4d1340"
531. },
532. {
533. "name": "GetSystemDirectoryA",
534. "address": "0x4d1344"
535. },
536. {
537. "name": "GetSystemDefaultLCID",
538. "address": "0x4d1348"
539. },
540. {
541. "name": "GetShortPathNameA",
542. "address": "0x4d134c"
543. },
544. {
545. "name": "GetProfileStringA",
546. "address": "0x4d1350"
547. },
548. {
549. "name": "GetProcAddress",
550. "address": "0x4d1354"
551. },
552. {
553. "name": "GetPrivateProfileStringA",
554. "address": "0x4d1358"
555. },
556. {
557. "name": "GetOverlappedResult",
558. "address": "0x4d135c"
559. },
560. {
561. "name": "GetModuleHandleA",
562. "address": "0x4d1360"
563. },
564. {
565. "name": "GetModuleFileNameA",
566. "address": "0x4d1364"
567. },
568. {
569. "name": "GetLogicalDrives",
570. "address": "0x4d1368"
571. },
572. {
573. "name": "GetLocaleInfoA",
574. "address": "0x4d136c"
575. },
576. {
577. "name": "GetLocalTime",
578. "address": "0x4d1370"
579. },
580. {
581. "name": "GetLastError",
582. "address": "0x4d1374"
583. },
584. {
585. "name": "GetFullPathNameA",
586. "address": "0x4d1378"
587. },
588. {
589. "name": "GetFileSize",
590. "address": "0x4d137c"
591. },
592. {
593. "name": "GetFileAttributesA",
594. "address": "0x4d1380"
595. },
596. {
597. "name": "GetExitCodeProcess",
598. "address": "0x4d1384"
599. },
600. {
601. "name": "GetEnvironmentVariableA",
602. "address": "0x4d1388"
603. },
604. {
605. "name": "GetDriveTypeA",
606. "address": "0x4d138c"
607. },
608. {
609. "name": "GetDiskFreeSpaceA",
610. "address": "0x4d1390"
611. },
612. {
613. "name": "GetCurrentThreadId",
614. "address": "0x4d1394"
615. },
616. {
617. "name": "GetCurrentThread",
618. "address": "0x4d1398"
619. },
620. {
621. "name": "GetCurrentProcessId",
622. "address": "0x4d139c"
623. },
624. {
625. "name": "GetCurrentProcess",
626. "address": "0x4d13a0"
627. },
628. {
629. "name": "GetCurrentDirectoryA",
630. "address": "0x4d13a4"
631. },
632. {
633. "name": "GetComputerNameA",
634. "address": "0x4d13a8"
635. },
636. {
637. "name": "GetCommandLineA",
638. "address": "0x4d13ac"
639. },
640. {
641. "name": "GetACP",
642. "address": "0x4d13b0"
643. },
644. {
645. "name": "FreeResource",
646. "address": "0x4d13b4"
647. },
648. {
649. "name": "InterlockedExchange",
650. "address": "0x4d13b8"
651. },
652. {
653. "name": "FreeLibrary",
654. "address": "0x4d13bc"
655. },
656. {
657. "name": "FormatMessageA",
658. "address": "0x4d13c0"
659. },
660. {
661. "name": "FlushFileBuffers",
662. "address": "0x4d13c4"
663. },
664. {
665. "name": "FindResourceA",
666. "address": "0x4d13c8"
667. },
668. {
669. "name": "FindNextFileA",
670. "address": "0x4d13cc"
671. },
672. {
673. "name": "FindFirstFileA",
674. "address": "0x4d13d0"
675. },
676. {
677. "name": "FindClose",
678. "address": "0x4d13d4"
679. },
680. {
681. "name": "FileTimeToSystemTime",
682. "address": "0x4d13d8"
683. },
684. {
685. "name": "FileTimeToLocalFileTime",
686. "address": "0x4d13dc"
687. },
688. {
689. "name": "DeviceIoControl",
690. "address": "0x4d13e0"
691. },
692. {
693. "name": "DeleteFileA",
694. "address": "0x4d13e4"
695. },
696. {
697. "name": "CreateThread",
698. "address": "0x4d13e8"
699. },
700. {
701. "name": "CreateProcessA",
702. "address": "0x4d13ec"
703. },
704. {
705. "name": "CreateNamedPipeA",
706. "address": "0x4d13f0"
707. },
708. {
709. "name": "CreateMutexA",
710. "address": "0x4d13f4"
711. },
712. {
713. "name": "CreateFileMappingA",
714. "address": "0x4d13f8"
715. },
716. {
717. "name": "CreateFileA",
718. "address": "0x4d13fc"
719. },
720. {
721. "name": "CreateEventA",
722. "address": "0x4d1400"
723. },
724. {
725. "name": "CreateDirectoryA",
726. "address": "0x4d1404"
727. },
728. {
729. "name": "CopyFileA",
730. "address": "0x4d1408"
731. },
732. {
733. "name": "CompareStringA",
734. "address": "0x4d140c"
735. },
736. {
737. "name": "CompareFileTime",
738. "address": "0x4d1410"
739. },
740. {
741. "name": "CloseHandle",
742. "address": "0x4d1414"
743. }
744. ],
745. "dll": "kernel32.dll"
746. },
747. {
748. "imports": [
749. {
750. "name": "WNetOpenEnumA",
751. "address": "0x4d141c"
752. },
753. {
754. "name": "WNetGetUniversalNameA",
755. "address": "0x4d1420"
756. },
757. {
758. "name": "WNetGetConnectionA",
759. "address": "0x4d1424"
760. },
761. {
762. "name": "WNetEnumResourceA",
763. "address": "0x4d1428"
764. },
765. {
766. "name": "WNetCloseEnum",
767. "address": "0x4d142c"
768. }
769. ],
770. "dll": "mpr.dll"
771. },
772. {
773. "imports": [
774. {
775. "name": "VerQueryValueA",
776. "address": "0x4d1434"
777. },
778. {
779. "name": "GetFileVersionInfoSizeA",
780. "address": "0x4d1438"
781. },
782. {
783. "name": "GetFileVersionInfoA",
784. "address": "0x4d143c"
785. }
786. ],
787. "dll": "version.dll"
788. },
789. {
790. "imports": [
791. {
792. "name": "UnrealizeObject",
793. "address": "0x4d1444"
794. },
795. {
796. "name": "TextOutA",
797. "address": "0x4d1448"
798. },
799. {
800. "name": "StretchDIBits",
801. "address": "0x4d144c"
802. },
803. {
804. "name": "StretchBlt",
805. "address": "0x4d1450"
806. },
807. {
808. "name": "StartPage",
809. "address": "0x4d1454"
810. },
811. {
812. "name": "StartDocA",
813. "address": "0x4d1458"
814. },
815. {
816. "name": "SetWindowOrgEx",
817. "address": "0x4d145c"
818. },
819. {
820. "name": "SetViewportOrgEx",
821. "address": "0x4d1460"
822. },
823. {
824. "name": "SetTextColor",
825. "address": "0x4d1464"
826. },
827. {
828. "name": "SetTextAlign",
829. "address": "0x4d1468"
830. },
831. {
832. "name": "SetStretchBltMode",
833. "address": "0x4d146c"
834. },
835. {
836. "name": "SetROP2",
837. "address": "0x4d1470"
838. },
839. {
840. "name": "SetPixel",
841. "address": "0x4d1474"
842. },
843. {
844. "name": "SetBkMode",
845. "address": "0x4d1478"
846. },
847. {
848. "name": "SetBkColor",
849. "address": "0x4d147c"
850. },
851. {
852. "name": "SetAbortProc",
853. "address": "0x4d1480"
854. },
855. {
856. "name": "SelectPalette",
857. "address": "0x4d1484"
858. },
859. {
860. "name": "SelectObject",
861. "address": "0x4d1488"
862. },
863. {
864. "name": "SelectClipRgn",
865. "address": "0x4d148c"
866. },
867. {
868. "name": "SaveDC",
869. "address": "0x4d1490"
870. },
871. {
872. "name": "RoundRect",
873. "address": "0x4d1494"
874. },
875. {
876. "name": "RestoreDC",
877. "address": "0x4d1498"
878. },
879. {
880. "name": "RemoveFontResourceA",
881. "address": "0x4d149c"
882. },
883. {
884. "name": "Rectangle",
885. "address": "0x4d14a0"
886. },
887. {
888. "name": "RectVisible",
889. "address": "0x4d14a4"
890. },
891. {
892. "name": "RealizePalette",
893. "address": "0x4d14a8"
894. },
895. {
896. "name": "Polyline",
897. "address": "0x4d14ac"
898. },
899. {
900. "name": "Pie",
901. "address": "0x4d14b0"
902. },
903. {
904. "name": "PatBlt",
905. "address": "0x4d14b4"
906. },
907. {
908. "name": "MoveToEx",
909. "address": "0x4d14b8"
910. },
911. {
912. "name": "LineTo",
913. "address": "0x4d14bc"
914. },
915. {
916. "name": "LineDDA",
917. "address": "0x4d14c0"
918. },
919. {
920. "name": "IntersectClipRect",
921. "address": "0x4d14c4"
922. },
923. {
924. "name": "GetWindowOrgEx",
925. "address": "0x4d14c8"
926. },
927. {
928. "name": "GetTextMetricsA",
929. "address": "0x4d14cc"
930. },
931. {
932. "name": "GetTextExtentPointA",
933. "address": "0x4d14d0"
934. },
935. {
936. "name": "GetTextExtentPoint32A",
937. "address": "0x4d14d4"
938. },
939. {
940. "name": "GetSystemPaletteEntries",
941. "address": "0x4d14d8"
942. },
943. {
944. "name": "GetStockObject",
945. "address": "0x4d14dc"
946. },
947. {
948. "name": "GetPixel",
949. "address": "0x4d14e0"
950. },
951. {
952. "name": "GetPaletteEntries",
953. "address": "0x4d14e4"
954. },
955. {
956. "name": "GetObjectA",
957. "address": "0x4d14e8"
958. },
959. {
960. "name": "GetDeviceCaps",
961. "address": "0x4d14ec"
962. },
963. {
964. "name": "GetDIBits",
965. "address": "0x4d14f0"
966. },
967. {
968. "name": "GetCurrentPositionEx",
969. "address": "0x4d14f4"
970. },
971. {
972. "name": "GetClipBox",
973. "address": "0x4d14f8"
974. },
975. {
976. "name": "GetBitmapBits",
977. "address": "0x4d14fc"
978. },
979. {
980. "name": "ExtTextOutA",
981. "address": "0x4d1500"
982. },
983. {
984. "name": "ExtFloodFill",
985. "address": "0x4d1504"
986. },
987. {
988. "name": "ExcludeClipRect",
989. "address": "0x4d1508"
990. },
991. {
992. "name": "EnumFontsA",
993. "address": "0x4d150c"
994. },
995. {
996. "name": "EndPage",
997. "address": "0x4d1510"
998. },
999. {
1000. "name": "EndDoc",
1001. "address": "0x4d1514"
1002. },
1003. {
1004. "name": "Ellipse",
1005. "address": "0x4d1518"
1006. },
1007. {
1008. "name": "DeleteObject",
1009. "address": "0x4d151c"
1010. },
1011. {
1012. "name": "DeleteDC",
1013. "address": "0x4d1520"
1014. },
1015. {
1016. "name": "CreateSolidBrush",
1017. "address": "0x4d1524"
1018. },
1019. {
1020. "name": "CreateRectRgn",
1021. "address": "0x4d1528"
1022. },
1023. {
1024. "name": "CreatePenIndirect",
1025. "address": "0x4d152c"
1026. },
1027. {
1028. "name": "CreatePalette",
1029. "address": "0x4d1530"
1030. },
1031. {
1032. "name": "CreateICA",
1033. "address": "0x4d1534"
1034. },
1035. {
1036. "name": "CreateFontIndirectA",
1037. "address": "0x4d1538"
1038. },
1039. {
1040. "name": "CreateDIBitmap",
1041. "address": "0x4d153c"
1042. },
1043. {
1044. "name": "CreateDCA",
1045. "address": "0x4d1540"
1046. },
1047. {
1048. "name": "CreateCompatibleDC",
1049. "address": "0x4d1544"
1050. },
1051. {
1052. "name": "CreateCompatibleBitmap",
1053. "address": "0x4d1548"
1054. },
1055. {
1056. "name": "CreateBrushIndirect",
1057. "address": "0x4d154c"
1058. },
1059. {
1060. "name": "CreateBitmap",
1061. "address": "0x4d1550"
1062. },
1063. {
1064. "name": "Chord",
1065. "address": "0x4d1554"
1066. },
1067. {
1068. "name": "BitBlt",
1069. "address": "0x4d1558"
1070. },
1071. {
1072. "name": "Arc",
1073. "address": "0x4d155c"
1074. },
1075. {
1076. "name": "AddFontResourceA",
1077. "address": "0x4d1560"
1078. }
1079. ],
1080. "dll": "gdi32.dll"
1081. },
1082. {
1083. "imports": [
1084. {
1085. "name": "WindowFromPoint",
1086. "address": "0x4d1568"
1087. },
1088. {
1089. "name": "WinHelpA",
1090. "address": "0x4d156c"
1091. },
1092. {
1093. "name": "WaitMessage",
1094. "address": "0x4d1570"
1095. },
1096. {
1097. "name": "WaitForInputIdle",
1098. "address": "0x4d1574"
1099. },
1100. {
1101. "name": "UpdateWindow",
1102. "address": "0x4d1578"
1103. },
1104. {
1105. "name": "UnregisterClassA",
1106. "address": "0x4d157c"
1107. },
1108. {
1109. "name": "UnhookWindowsHookEx",
1110. "address": "0x4d1580"
1111. },
1112. {
1113. "name": "TranslateMessage",
1114. "address": "0x4d1584"
1115. },
1116. {
1117. "name": "TranslateMDISysAccel",
1118. "address": "0x4d1588"
1119. },
1120. {
1121. "name": "TrackPopupMenu",
1122. "address": "0x4d158c"
1123. },
1124. {
1125. "name": "SystemParametersInfoA",
1126. "address": "0x4d1590"
1127. },
1128. {
1129. "name": "ShowWindow",
1130. "address": "0x4d1594"
1131. },
1132. {
1133. "name": "ShowOwnedPopups",
1134. "address": "0x4d1598"
1135. },
1136. {
1137. "name": "ShowCursor",
1138. "address": "0x4d159c"
1139. },
1140. {
1141. "name": "SetWindowRgn",
1142. "address": "0x4d15a0"
1143. },
1144. {
1145. "name": "SetWindowsHookExA",
1146. "address": "0x4d15a4"
1147. },
1148. {
1149. "name": "SetWindowTextA",
1150. "address": "0x4d15a8"
1151. },
1152. {
1153. "name": "SetWindowPos",
1154. "address": "0x4d15ac"
1155. },
1156. {
1157. "name": "SetWindowPlacement",
1158. "address": "0x4d15b0"
1159. },
1160. {
1161. "name": "SetWindowLongW",
1162. "address": "0x4d15b4"
1163. },
1164. {
1165. "name": "SetWindowLongA",
1166. "address": "0x4d15b8"
1167. },
1168. {
1169. "name": "SetTimer",
1170. "address": "0x4d15bc"
1171. },
1172. {
1173. "name": "SetScrollRange",
1174. "address": "0x4d15c0"
1175. },
1176. {
1177. "name": "SetScrollPos",
1178. "address": "0x4d15c4"
1179. },
1180. {
1181. "name": "SetScrollInfo",
1182. "address": "0x4d15c8"
1183. },
1184. {
1185. "name": "SetRectEmpty",
1186. "address": "0x4d15cc"
1187. },
1188. {
1189. "name": "SetRect",
1190. "address": "0x4d15d0"
1191. },
1192. {
1193. "name": "SetPropA",
1194. "address": "0x4d15d4"
1195. },
1196. {
1197. "name": "SetParent",
1198. "address": "0x4d15d8"
1199. },
1200. {
1201. "name": "SetMenu",
1202. "address": "0x4d15dc"
1203. },
1204. {
1205. "name": "SetForegroundWindow",
1206. "address": "0x4d15e0"
1207. },
1208. {
1209. "name": "SetFocus",
1210. "address": "0x4d15e4"
1211. },
1212. {
1213. "name": "SetCursor",
1214. "address": "0x4d15e8"
1215. },
1216. {
1217. "name": "SetCapture",
1218. "address": "0x4d15ec"
1219. },
1220. {
1221. "name": "SetActiveWindow",
1222. "address": "0x4d15f0"
1223. },
1224. {
1225. "name": "SendNotifyMessageA",
1226. "address": "0x4d15f4"
1227. },
1228. {
1229. "name": "SendMessageTimeoutA",
1230. "address": "0x4d15f8"
1231. },
1232. {
1233. "name": "SendMessageW",
1234. "address": "0x4d15fc"
1235. },
1236. {
1237. "name": "SendMessageA",
1238. "address": "0x4d1600"
1239. },
1240. {
1241. "name": "ScrollWindowEx",
1242. "address": "0x4d1604"
1243. },
1244. {
1245. "name": "ScrollWindow",
1246. "address": "0x4d1608"
1247. },
1248. {
1249. "name": "ScreenToClient",
1250. "address": "0x4d160c"
1251. },
1252. {
1253. "name": "ReplyMessage",
1254. "address": "0x4d1610"
1255. },
1256. {
1257. "name": "RemovePropA",
1258. "address": "0x4d1614"
1259. },
1260. {
1261. "name": "RemoveMenu",
1262. "address": "0x4d1618"
1263. },
1264. {
1265. "name": "ReleaseDC",
1266. "address": "0x4d161c"
1267. },
1268. {
1269. "name": "ReleaseCapture",
1270. "address": "0x4d1620"
1271. },
1272. {
1273. "name": "RegisterWindowMessageA",
1274. "address": "0x4d1624"
1275. },
1276. {
1277. "name": "RegisterClassA",
1278. "address": "0x4d1628"
1279. },
1280. {
1281. "name": "PtInRect",
1282. "address": "0x4d162c"
1283. },
1284. {
1285. "name": "PostQuitMessage",
1286. "address": "0x4d1630"
1287. },
1288. {
1289. "name": "PostMessageA",
1290. "address": "0x4d1634"
1291. },
1292. {
1293. "name": "PeekMessageA",
1294. "address": "0x4d1638"
1295. },
1296. {
1297. "name": "OffsetRect",
1298. "address": "0x4d163c"
1299. },
1300. {
1301. "name": "OemToCharBuffA",
1302. "address": "0x4d1640"
1303. },
1304. {
1305. "name": "OemToCharA",
1306. "address": "0x4d1644"
1307. },
1308. {
1309. "name": "MsgWaitForMultipleObjects",
1310. "address": "0x4d1648"
1311. },
1312. {
1313. "name": "MoveWindow",
1314. "address": "0x4d164c"
1315. },
1316. {
1317. "name": "MessageBoxA",
1318. "address": "0x4d1650"
1319. },
1320. {
1321. "name": "MessageBeep",
1322. "address": "0x4d1654"
1323. },
1324. {
1325. "name": "MapWindowPoints",
1326. "address": "0x4d1658"
1327. },
1328. {
1329. "name": "MapVirtualKeyA",
1330. "address": "0x4d165c"
1331. },
1332. {
1333. "name": "LoadStringA",
1334. "address": "0x4d1660"
1335. },
1336. {
1337. "name": "LoadIconA",
1338. "address": "0x4d1664"
1339. },
1340. {
1341. "name": "LoadCursorA",
1342. "address": "0x4d1668"
1343. },
1344. {
1345. "name": "LoadBitmapA",
1346. "address": "0x4d166c"
1347. },
1348. {
1349. "name": "KillTimer",
1350. "address": "0x4d1670"
1351. },
1352. {
1353. "name": "IsZoomed",
1354. "address": "0x4d1674"
1355. },
1356. {
1357. "name": "IsWindowVisible",
1358. "address": "0x4d1678"
1359. },
1360. {
1361. "name": "IsWindowEnabled",
1362. "address": "0x4d167c"
1363. },
1364. {
1365. "name": "IsWindow",
1366. "address": "0x4d1680"
1367. },
1368. {
1369. "name": "IsRectEmpty",
1370. "address": "0x4d1684"
1371. },
1372. {
1373. "name": "IsIconic",
1374. "address": "0x4d1688"
1375. },
1376. {
1377. "name": "IsDialogMessageA",
1378. "address": "0x4d168c"
1379. },
1380. {
1381. "name": "IsChild",
1382. "address": "0x4d1690"
1383. },
1384. {
1385. "name": "InvalidateRect",
1386. "address": "0x4d1694"
1387. },
1388. {
1389. "name": "IntersectRect",
1390. "address": "0x4d1698"
1391. },
1392. {
1393. "name": "InsertMenuItemA",
1394. "address": "0x4d169c"
1395. },
1396. {
1397. "name": "InsertMenuA",
1398. "address": "0x4d16a0"
1399. },
1400. {
1401. "name": "InflateRect",
1402. "address": "0x4d16a4"
1403. },
1404. {
1405. "name": "GetWindowThreadProcessId",
1406. "address": "0x4d16a8"
1407. },
1408. {
1409. "name": "GetWindowTextA",
1410. "address": "0x4d16ac"
1411. },
1412. {
1413. "name": "GetWindowRgn",
1414. "address": "0x4d16b0"
1415. },
1416. {
1417. "name": "GetWindowRect",
1418. "address": "0x4d16b4"
1419. },
1420. {
1421. "name": "GetWindowPlacement",
1422. "address": "0x4d16b8"
1423. },
1424. {
1425. "name": "GetWindowLongA",
1426. "address": "0x4d16bc"
1427. },
1428. {
1429. "name": "GetWindowDC",
1430. "address": "0x4d16c0"
1431. },
1432. {
1433. "name": "GetSystemMetrics",
1434. "address": "0x4d16c4"
1435. },
1436. {
1437. "name": "GetSystemMenu",
1438. "address": "0x4d16c8"
1439. },
1440. {
1441. "name": "GetSysColorBrush",
1442. "address": "0x4d16cc"
1443. },
1444. {
1445. "name": "GetSysColor",
1446. "address": "0x4d16d0"
1447. },
1448. {
1449. "name": "GetSubMenu",
1450. "address": "0x4d16d4"
1451. },
1452. {
1453. "name": "GetScrollPos",
1454. "address": "0x4d16d8"
1455. },
1456. {
1457. "name": "GetPropA",
1458. "address": "0x4d16dc"
1459. },
1460. {
1461. "name": "GetParent",
1462. "address": "0x4d16e0"
1463. },
1464. {
1465. "name": "GetWindow",
1466. "address": "0x4d16e4"
1467. },
1468. {
1469. "name": "GetMessagePos",
1470. "address": "0x4d16e8"
1471. },
1472. {
1473. "name": "GetMessageA",
1474. "address": "0x4d16ec"
1475. },
1476. {
1477. "name": "GetMenuStringA",
1478. "address": "0x4d16f0"
1479. },
1480. {
1481. "name": "GetMenuState",
1482. "address": "0x4d16f4"
1483. },
1484. {
1485. "name": "GetMenuItemCount",
1486. "address": "0x4d16f8"
1487. },
1488. {
1489. "name": "GetMenu",
1490. "address": "0x4d16fc"
1491. },
1492. {
1493. "name": "GetLastActivePopup",
1494. "address": "0x4d1700"
1495. },
1496. {
1497. "name": "GetKeyState",
1498. "address": "0x4d1704"
1499. },
1500. {
1501. "name": "GetKeyNameTextA",
1502. "address": "0x4d1708"
1503. },
1504. {
1505. "name": "GetIconInfo",
1506. "address": "0x4d170c"
1507. },
1508. {
1509. "name": "GetForegroundWindow",
1510. "address": "0x4d1710"
1511. },
1512. {
1513. "name": "GetFocus",
1514. "address": "0x4d1714"
1515. },
1516. {
1517. "name": "GetDlgItem",
1518. "address": "0x4d1718"
1519. },
1520. {
1521. "name": "GetDlgCtrlID",
1522. "address": "0x4d171c"
1523. },
1524. {
1525. "name": "GetDesktopWindow",
1526. "address": "0x4d1720"
1527. },
1528. {
1529. "name": "GetDCEx",
1530. "address": "0x4d1724"
1531. },
1532. {
1533. "name": "GetDC",
1534. "address": "0x4d1728"
1535. },
1536. {
1537. "name": "GetCursorPos",
1538. "address": "0x4d172c"
1539. },
1540. {
1541. "name": "GetCursor",
1542. "address": "0x4d1730"
1543. },
1544. {
1545. "name": "GetClientRect",
1546. "address": "0x4d1734"
1547. },
1548. {
1549. "name": "GetClassNameA",
1550. "address": "0x4d1738"
1551. },
1552. {
1553. "name": "GetClassInfoW",
1554. "address": "0x4d173c"
1555. },
1556. {
1557. "name": "GetClassInfoA",
1558. "address": "0x4d1740"
1559. },
1560. {
1561. "name": "GetCapture",
1562. "address": "0x4d1744"
1563. },
1564. {
1565. "name": "GetActiveWindow",
1566. "address": "0x4d1748"
1567. },
1568. {
1569. "name": "FrameRect",
1570. "address": "0x4d174c"
1571. },
1572. {
1573. "name": "FindWindowA",
1574. "address": "0x4d1750"
1575. },
1576. {
1577. "name": "FillRect",
1578. "address": "0x4d1754"
1579. },
1580. {
1581. "name": "ExitWindowsEx",
1582. "address": "0x4d1758"
1583. },
1584. {
1585. "name": "EqualRect",
1586. "address": "0x4d175c"
1587. },
1588. {
1589. "name": "EnumWindows",
1590. "address": "0x4d1760"
1591. },
1592. {
1593. "name": "EnumThreadWindows",
1594. "address": "0x4d1764"
1595. },
1596. {
1597. "name": "EndPaint",
1598. "address": "0x4d1768"
1599. },
1600. {
1601. "name": "EnableWindow",
1602. "address": "0x4d176c"
1603. },
1604. {
1605. "name": "EnableMenuItem",
1606. "address": "0x4d1770"
1607. },
1608. {
1609. "name": "DrawTextW",
1610. "address": "0x4d1774"
1611. },
1612. {
1613. "name": "DrawTextA",
1614. "address": "0x4d1778"
1615. },
1616. {
1617. "name": "DrawMenuBar",
1618. "address": "0x4d177c"
1619. },
1620. {
1621. "name": "DrawIconEx",
1622. "address": "0x4d1780"
1623. },
1624. {
1625. "name": "DrawIcon",
1626. "address": "0x4d1784"
1627. },
1628. {
1629. "name": "DrawFrameControl",
1630. "address": "0x4d1788"
1631. },
1632. {
1633. "name": "DrawFocusRect",
1634. "address": "0x4d178c"
1635. },
1636. {
1637. "name": "DrawEdge",
1638. "address": "0x4d1790"
1639. },
1640. {
1641. "name": "DispatchMessageA",
1642. "address": "0x4d1794"
1643. },
1644. {
1645. "name": "DestroyWindow",
1646. "address": "0x4d1798"
1647. },
1648. {
1649. "name": "DestroyMenu",
1650. "address": "0x4d179c"
1651. },
1652. {
1653. "name": "DestroyIcon",
1654. "address": "0x4d17a0"
1655. },
1656. {
1657. "name": "DestroyCursor",
1658. "address": "0x4d17a4"
1659. },
1660. {
1661. "name": "DeleteMenu",
1662. "address": "0x4d17a8"
1663. },
1664. {
1665. "name": "DefWindowProcA",
1666. "address": "0x4d17ac"
1667. },
1668. {
1669. "name": "DefMDIChildProcA",
1670. "address": "0x4d17b0"
1671. },
1672. {
1673. "name": "DefFrameProcA",
1674. "address": "0x4d17b4"
1675. },
1676. {
1677. "name": "CreateWindowExA",
1678. "address": "0x4d17b8"
1679. },
1680. {
1681. "name": "CreatePopupMenu",
1682. "address": "0x4d17bc"
1683. },
1684. {
1685. "name": "CreateMenu",
1686. "address": "0x4d17c0"
1687. },
1688. {
1689. "name": "CreateIcon",
1690. "address": "0x4d17c4"
1691. },
1692. {
1693. "name": "CreateAcceleratorTableA",
1694. "address": "0x4d17c8"
1695. },
1696. {
1697. "name": "CopyIcon",
1698. "address": "0x4d17cc"
1699. },
1700. {
1701. "name": "ClientToScreen",
1702. "address": "0x4d17d0"
1703. },
1704. {
1705. "name": "CheckMenuItem",
1706. "address": "0x4d17d4"
1707. },
1708. {
1709. "name": "CallWindowProcW",
1710. "address": "0x4d17d8"
1711. },
1712. {
1713. "name": "CallWindowProcA",
1714. "address": "0x4d17dc"
1715. },
1716. {
1717. "name": "CallNextHookEx",
1718. "address": "0x4d17e0"
1719. },
1720. {
1721. "name": "BringWindowToTop",
1722. "address": "0x4d17e4"
1723. },
1724. {
1725. "name": "BeginPaint",
1726. "address": "0x4d17e8"
1727. },
1728. {
1729. "name": "AppendMenuA",
1730. "address": "0x4d17ec"
1731. },
1732. {
1733. "name": "CharPrevA",
1734. "address": "0x4d17f0"
1735. },
1736. {
1737. "name": "CharNextA",
1738. "address": "0x4d17f4"
1739. },
1740. {
1741. "name": "CharLowerBuffA",
1742. "address": "0x4d17f8"
1743. },
1744. {
1745. "name": "CharLowerA",
1746. "address": "0x4d17fc"
1747. },
1748. {
1749. "name": "CharUpperBuffA",
1750. "address": "0x4d1800"
1751. },
1752. {
1753. "name": "CharToOemBuffA",
1754. "address": "0x4d1804"
1755. },
1756. {
1757. "name": "AdjustWindowRectEx",
1758. "address": "0x4d1808"
1759. }
1760. ],
1761. "dll": "user32.dll"
1762. },
1763. {
1764. "imports": [
1765. {
1766. "name": "ImageList_GetImageInfo",
1767. "address": "0x4d1810"
1768. },
1769. {
1770. "name": "ImageList_SetIconSize",
1771. "address": "0x4d1814"
1772. },
1773. {
1774. "name": "ImageList_GetIconSize",
1775. "address": "0x4d1818"
1776. },
1777. {
1778. "name": "ImageList_GetDragImage",
1779. "address": "0x4d181c"
1780. },
1781. {
1782. "name": "ImageList_DragShowNolock",
1783. "address": "0x4d1820"
1784. },
1785. {
1786. "name": "ImageList_SetDragCursorImage",
1787. "address": "0x4d1824"
1788. },
1789. {
1790. "name": "ImageList_DragMove",
1791. "address": "0x4d1828"
1792. },
1793. {
1794. "name": "ImageList_DragLeave",
1795. "address": "0x4d182c"
1796. },
1797. {
1798. "name": "ImageList_DragEnter",
1799. "address": "0x4d1830"
1800. },
1801. {
1802. "name": "ImageList_EndDrag",
1803. "address": "0x4d1834"
1804. },
1805. {
1806. "name": "ImageList_BeginDrag",
1807. "address": "0x4d1838"
1808. },
1809. {
1810. "name": "ImageList_LoadImage",
1811. "address": "0x4d183c"
1812. },
1813. {
1814. "name": "ImageList_GetIcon",
1815. "address": "0x4d1840"
1816. },
1817. {
1818. "name": "ImageList_Remove",
1819. "address": "0x4d1844"
1820. },
1821. {
1822. "name": "ImageList_DrawEx",
1823. "address": "0x4d1848"
1824. },
1825. {
1826. "name": "ImageList_AddMasked",
1827. "address": "0x4d184c"
1828. },
1829. {
1830. "name": "ImageList_Replace",
1831. "address": "0x4d1850"
1832. },
1833. {
1834. "name": "ImageList_Draw",
1835. "address": "0x4d1854"
1836. },
1837. {
1838. "name": "ImageList_SetOverlayImage",
1839. "address": "0x4d1858"
1840. },
1841. {
1842. "name": "ImageList_GetBkColor",
1843. "address": "0x4d185c"
1844. },
1845. {
1846. "name": "ImageList_SetBkColor",
1847. "address": "0x4d1860"
1848. },
1849. {
1850. "name": "ImageList_ReplaceIcon",
1851. "address": "0x4d1864"
1852. },
1853. {
1854. "name": "ImageList_Add",
1855. "address": "0x4d1868"
1856. },
1857. {
1858. "name": "ImageList_GetImageCount",
1859. "address": "0x4d186c"
1860. },
1861. {
1862. "name": "ImageList_Destroy",
1863. "address": "0x4d1870"
1864. },
1865. {
1866. "name": "ImageList_Create",
1867. "address": "0x4d1874"
1868. },
1869. {
1870. "name": "InitCommonControls",
1871. "address": "0x4d1878"
1872. }
1873. ],
1874. "dll": "comctl32.dll"
1875. },
1876. {
1877. "imports": [
1878. {
1879. "name": "OpenPrinterA",
1880. "address": "0x4d1880"
1881. },
1882. {
1883. "name": "EnumPrintersA",
1884. "address": "0x4d1884"
1885. },
1886. {
1887. "name": "DocumentPropertiesA",
1888. "address": "0x4d1888"
1889. },
1890. {
1891. "name": "ClosePrinter",
1892. "address": "0x4d188c"
1893. }
1894. ],
1895. "dll": "winspool.drv"
1896. },
1897. {
1898. "imports": [
1899. {
1900. "name": "GetSaveFileNameA",
1901. "address": "0x4d1894"
1902. },
1903. {
1904. "name": "GetOpenFileNameA",
1905. "address": "0x4d1898"
1906. }
1907. ],
1908. "dll": "comdlg32.dll"
1909. },
1910. {
1911. "imports": [
1912. {
1913. "name": "CoTaskMemFree",
1914. "address": "0x4d18a0"
1915. },
1916. {
1917. "name": "CLSIDFromProgID",
1918. "address": "0x4d18a4"
1919. },
1920. {
1921. "name": "CoCreateInstance",
1922. "address": "0x4d18a8"
1923. },
1924. {
1925. "name": "CoFreeUnusedLibraries",
1926. "address": "0x4d18ac"
1927. },
1928. {
1929. "name": "CoUninitialize",
1930. "address": "0x4d18b0"
1931. },
1932. {
1933. "name": "CoInitialize",
1934. "address": "0x4d18b4"
1935. },
1936. {
1937. "name": "IsEqualGUID",
1938. "address": "0x4d18b8"
1939. }
1940. ],
1941. "dll": "ole32.dll"
1942. },
1943. {
1944. "imports": [
1945. {
1946. "name": "GetActiveObject",
1947. "address": "0x4d18c0"
1948. },
1949. {
1950. "name": "RegisterTypeLib",
1951. "address": "0x4d18c4"
1952. },
1953. {
1954. "name": "LoadTypeLib",
1955. "address": "0x4d18c8"
1956. },
1957. {
1958. "name": "SysFreeString",
1959. "address": "0x4d18cc"
1960. }
1961. ],
1962. "dll": "oleaut32.dll"
1963. },
1964. {
1965. "imports": [
1966. {
1967. "name": "ShellExecuteExA",
1968. "address": "0x4d18d4"
1969. },
1970. {
1971. "name": "ShellExecuteA",
1972. "address": "0x4d18d8"
1973. },
1974. {
1975. "name": "SHGetFileInfoA",
1976. "address": "0x4d18dc"
1977. },
1978. {
1979. "name": "ExtractIconA",
1980. "address": "0x4d18e0"
1981. }
1982. ],
1983. "dll": "shell32.dll"
1984. },
1985. {
1986. "imports": [
1987. {
1988. "name": "SHChangeNotify",
1989. "address": "0x4d18e8"
1990. },
1991. {
1992. "name": "SHBrowseForFolder",
1993. "address": "0x4d18ec"
1994. },
1995. {
1996. "name": "SHGetPathFromIDList",
1997. "address": "0x4d18f0"
1998. },
1999. {
2000. "name": "SHGetMalloc",
2001. "address": "0x4d18f4"
2002. }
2003. ],
2004. "dll": "shell32.dll"
2005. },
2006. {
2007. "imports": [
2008. {
2009. "name": "CoDisconnectObject",
2010. "address": "0x4d18fc"
2011. }
2012. ],
2013. "dll": "ole32.dll"
2014. },
2015. {
2016. "imports": [
2017. {
2018. "name": "AdjustTokenPrivileges",
2019. "address": "0x4d1904"
2020. }
2021. ],
2022. "dll": "advapi32.dll"
2023. }
2024. ],
2025. "digital_signers": null,
2026. "exported_dll_name": null,
2027. "actual_checksum": "0x000e1cac",
2028. "overlay": null,
2029. "imagebase": "0x00400000",
2030. "reported_checksum": "0x00000000",
2031. "icon_hash": null,
2032. "entrypoint": "0x004cbf10",
2033. "timestamp": "1992-06-19 22:22:17",
2034. "osversion": "1.0",
2035. "sections": [
2036. {
2037. "name": "CODE",
2038. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2039. "virtual_address": "0x00001000",
2040. "size_of_data": "0x000cb200",
2041. "entropy": "6.55",
2042. "raw_address": "0x00000400",
2043. "virtual_size": "0x000cb180",
2044. "characteristics_raw": "0x60000020"
2045. },
2046. {
2047. "name": "DATA",
2048. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2049. "virtual_address": "0x000cd000",
2050. "size_of_data": "0x00001400",
2051. "entropy": "4.28",
2052. "raw_address": "0x000cb600",
2053. "virtual_size": "0x0000138c",
2054. "characteristics_raw": "0xc0000040"
2055. },
2056. {
2057. "name": "BSS",
2058. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2059. "virtual_address": "0x000cf000",
2060. "size_of_data": "0x00000000",
2061. "entropy": "0.00",
2062. "raw_address": "0x000cca00",
2063. "virtual_size": "0x000015a4",
2064. "characteristics_raw": "0xc0000000"
2065. },
2066. {
2067. "name": ".idata",
2068. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2069. "virtual_address": "0x000d1000",
2070. "size_of_data": "0x00002a00",
2071. "entropy": "5.02",
2072. "raw_address": "0x000cca00",
2073. "virtual_size": "0x0000293a",
2074. "characteristics_raw": "0xc0000040"
2075. },
2076. {
2077. "name": ".tls",
2078. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2079. "virtual_address": "0x000d4000",
2080. "size_of_data": "0x00000000",
2081. "entropy": "0.00",
2082. "raw_address": "0x000cf400",
2083. "virtual_size": "0x00000008",
2084. "characteristics_raw": "0xc0000000"
2085. },
2086. {
2087. "name": ".rdata",
2088. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2089. "virtual_address": "0x000d5000",
2090. "size_of_data": "0x00000200",
2091. "entropy": "0.21",
2092. "raw_address": "0x000cf400",
2093. "virtual_size": "0x00000018",
2094. "characteristics_raw": "0x50000040"
2095. },
2096. {
2097. "name": ".reloc",
2098. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2099. "virtual_address": "0x000d6000",
2100. "size_of_data": "0x00000000",
2101. "entropy": "0.00",
2102. "raw_address": "0x000cf600",
2103. "virtual_size": "0x0000bd9c",
2104. "characteristics_raw": "0x50000040"
2105. },
2106. {
2107. "name": ".rsrc",
2108. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2109. "virtual_address": "0x000e2000",
2110. "size_of_data": "0x00011c00",
2111. "entropy": "4.96",
2112. "raw_address": "0x000cf600",
2113. "virtual_size": "0x00011c00",
2114. "characteristics_raw": "0x50000040"
2115. }
2116. ],
2117. "resources": [],
2118. "dirents": [
2119. {
2120. "virtual_address": "0x00000000",
2121. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2122. "size": "0x00000000"
2123. },
2124. {
2125. "virtual_address": "0x000d1000",
2126. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2127. "size": "0x0000293a"
2128. },
2129. {
2130. "virtual_address": "0x000e2000",
2131. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2132. "size": "0x00011c00"
2133. },
2134. {
2135. "virtual_address": "0x00000000",
2136. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2137. "size": "0x00000000"
2138. },
2139. {
2140. "virtual_address": "0x00000000",
2141. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2142. "size": "0x00000000"
2143. },
2144. {
2145. "virtual_address": "0x00000000",
2146. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2147. "size": "0x00000000"
2148. },
2149. {
2150. "virtual_address": "0x00000000",
2151. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2152. "size": "0x00000000"
2153. },
2154. {
2155. "virtual_address": "0x00000000",
2156. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2157. "size": "0x00000000"
2158. },
2159. {
2160. "virtual_address": "0x00000000",
2161. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2162. "size": "0x00000000"
2163. },
2164. {
2165. "virtual_address": "0x000d5000",
2166. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2167. "size": "0x00000018"
2168. },
2169. {
2170. "virtual_address": "0x00000000",
2171. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2172. "size": "0x00000000"
2173. },
2174. {
2175. "virtual_address": "0x00000000",
2176. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2177. "size": "0x00000000"
2178. },
2179. {
2180. "virtual_address": "0x00000000",
2181. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2182. "size": "0x00000000"
2183. },
2184. {
2185. "virtual_address": "0x00000000",
2186. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2187. "size": "0x00000000"
2188. },
2189. {
2190. "virtual_address": "0x00000000",
2191. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2192. "size": "0x00000000"
2193. },
2194. {
2195. "virtual_address": "0x00000000",
2196. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2197. "size": "0x00000000"
2198. }
2199. ],
2200. "exports": [],
2201. "guest_signers": {},
2202. "imphash": "a2449d4160b59e7f523a1790ed0ed3a0",
2203. "icon_fuzzy": null,
2204. "icon": null,
2205. "pdbpath": null,
2206. "imported_dll_count": 18,
2207. "versioninfo": []
2208. }
2209. }
2210.  
2211. [*] Resolved APIs: [
2212. "kernel32.dll.SetDllDirectoryW",
2213. "kernel32.dll.SetSearchPathMode",
2214. "kernel32.dll.SetProcessDEPPolicy",
2215. "uxtheme.dll.OpenThemeData",
2216. "uxtheme.dll.CloseThemeData",
2217. "uxtheme.dll.DrawThemeBackground",
2218. "uxtheme.dll.DrawThemeText",
2219. "uxtheme.dll.GetThemeBackgroundContentRect",
2220. "uxtheme.dll.GetThemePartSize",
2221. "uxtheme.dll.GetThemeTextExtent",
2222. "uxtheme.dll.GetThemeTextMetrics",
2223. "uxtheme.dll.GetThemeBackgroundRegion",
2224. "uxtheme.dll.HitTestThemeBackground",
2225. "uxtheme.dll.DrawThemeEdge",
2226. "uxtheme.dll.DrawThemeIcon",
2227. "uxtheme.dll.IsThemePartDefined",
2228. "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
2229. "uxtheme.dll.GetThemeColor",
2230. "uxtheme.dll.GetThemeMetric",
2231. "uxtheme.dll.GetThemeString",
2232. "uxtheme.dll.GetThemeBool",
2233. "uxtheme.dll.GetThemeInt",
2234. "uxtheme.dll.GetThemeEnumValue",
2235. "uxtheme.dll.GetThemePosition",
2236. "uxtheme.dll.GetThemeFont",
2237. "uxtheme.dll.GetThemeRect",
2238. "uxtheme.dll.GetThemeMargins",
2239. "uxtheme.dll.GetThemeIntList",
2240. "uxtheme.dll.GetThemePropertyOrigin",
2241. "uxtheme.dll.SetWindowTheme",
2242. "uxtheme.dll.GetThemeFilename",
2243. "uxtheme.dll.GetThemeSysColor",
2244. "uxtheme.dll.GetThemeSysColorBrush",
2245. "uxtheme.dll.GetThemeSysBool",
2246. "uxtheme.dll.GetThemeSysSize",
2247. "uxtheme.dll.GetThemeSysFont",
2248. "uxtheme.dll.GetThemeSysString",
2249. "uxtheme.dll.GetThemeSysInt",
2250. "uxtheme.dll.IsThemeActive",
2251. "uxtheme.dll.IsAppThemed",
2252. "uxtheme.dll.GetWindowTheme",
2253. "uxtheme.dll.EnableThemeDialogTexture",
2254. "uxtheme.dll.IsThemeDialogTextureEnabled",
2255. "uxtheme.dll.GetThemeAppProperties",
2256. "uxtheme.dll.SetThemeAppProperties",
2257. "uxtheme.dll.GetCurrentThemeName",
2258. "uxtheme.dll.GetThemeDocumentationProperty",
2259. "uxtheme.dll.DrawThemeParentBackground",
2260. "uxtheme.dll.EnableTheming",
2261. "user32.dll.NotifyWinEvent",
2262. "kernel32.dll.Wow64DisableWow64FsRedirection",
2263. "kernel32.dll.Wow64RevertWow64FsRedirection",
2264. "cryptbase.dll.SystemFunction036",
2265. "uxtheme.dll.ThemeInitApiHook",
2266. "user32.dll.IsProcessDPIAware",
2267. "shell32.dll.SHCreateItemFromParsingName",
2268. "shell32.dll.SHPathPrepareForWriteA",
2269. "kernel32.dll.VerSetConditionMask",
2270. "kernel32.dll.VerifyVersionInfoW",
2271. "kernel32.dll.GetNativeSystemInfo",
2272. "kernel32.dll.IsWow64Process",
2273. "kernel32.dll.GetSystemWow64DirectoryA",
2274. "advapi32.dll.RegDeleteKeyExA",
2275. "user32.dll.AnimateWindow",
2276. "dwmapi.dll.DwmIsCompositionEnabled",
2277. "gdi32.dll.GetLayout",
2278. "gdi32.dll.GdiRealizationInfo",
2279. "gdi32.dll.FontIsLinked",
2280. "advapi32.dll.RegOpenKeyExW",
2281. "advapi32.dll.RegQueryInfoKeyW",
2282. "gdi32.dll.GetTextFaceAliasW",
2283. "advapi32.dll.RegEnumValueW",
2284. "advapi32.dll.RegCloseKey",
2285. "advapi32.dll.RegQueryValueExW",
2286. "gdi32.dll.GetFontAssocStatus",
2287. "advapi32.dll.RegQueryValueExA",
2288. "advapi32.dll.RegEnumKeyExW",
2289. "gdi32.dll.GdiIsMetaPrintDC",
2290. "ole32.dll.CoInitializeEx",
2291. "ole32.dll.CoUninitialize",
2292. "ole32.dll.CoRegisterInitializeSpy",
2293. "ole32.dll.CoRevokeInitializeSpy",
2294. "kernel32.dll.SortGetHandle",
2295. "kernel32.dll.SortCloseHandle",
2296. "comctl32.dll._TrackMouseEvent",
2297. "msimg32.dll.TransparentBlt",
2298. "user32.dll.DisableProcessWindowsGhosting",
2299. "advapi32.dll.CheckTokenMembership",
2300. "user32.dll.MonitorFromWindow",
2301. "user32.dll.GetMonitorInfoA",
2302. "comctl32.dll.RegisterClassNameW",
2303. "uxtheme.dll.BufferedPaintInit",
2304. "uxtheme.dll.BufferedPaintRenderAnimation",
2305. "uxtheme.dll.GetThemeTransitionDuration",
2306. "uxtheme.dll.BeginBufferedAnimation",
2307. "uxtheme.dll.EndBufferedAnimation",
2308. "uxtheme.dll.BufferedPaintStopAllAnimations",
2309. "uxtheme.dll.BufferedPaintUnInit",
2310. "user32.dll.ShutdownBlockReasonDestroy",
2311. "oleaut32.dll.#500"
2312. ]
2313.  
2314. [*] Static Analysis: {
2315. "pe": {
2316. "peid_signatures": null,
2317. "imports": [
2318. {
2319. "imports": [
2320. {
2321. "name": "DeleteCriticalSection",
2322. "address": "0x4d117c"
2323. },
2324. {
2325. "name": "LeaveCriticalSection",
2326. "address": "0x4d1180"
2327. },
2328. {
2329. "name": "EnterCriticalSection",
2330. "address": "0x4d1184"
2331. },
2332. {
2333. "name": "InitializeCriticalSection",
2334. "address": "0x4d1188"
2335. },
2336. {
2337. "name": "VirtualFree",
2338. "address": "0x4d118c"
2339. },
2340. {
2341. "name": "VirtualAlloc",
2342. "address": "0x4d1190"
2343. },
2344. {
2345. "name": "LocalFree",
2346. "address": "0x4d1194"
2347. },
2348. {
2349. "name": "LocalAlloc",
2350. "address": "0x4d1198"
2351. },
2352. {
2353. "name": "WideCharToMultiByte",
2354. "address": "0x4d119c"
2355. },
2356. {
2357. "name": "TlsSetValue",
2358. "address": "0x4d11a0"
2359. },
2360. {
2361. "name": "TlsGetValue",
2362. "address": "0x4d11a4"
2363. },
2364. {
2365. "name": "MultiByteToWideChar",
2366. "address": "0x4d11a8"
2367. },
2368. {
2369. "name": "GetModuleHandleA",
2370. "address": "0x4d11ac"
2371. },
2372. {
2373. "name": "GetModuleFileNameA",
2374. "address": "0x4d11b0"
2375. },
2376. {
2377. "name": "GetLastError",
2378. "address": "0x4d11b4"
2379. },
2380. {
2381. "name": "GetCommandLineA",
2382. "address": "0x4d11b8"
2383. },
2384. {
2385. "name": "WriteFile",
2386. "address": "0x4d11bc"
2387. },
2388. {
2389. "name": "SetFilePointer",
2390. "address": "0x4d11c0"
2391. },
2392. {
2393. "name": "SetEndOfFile",
2394. "address": "0x4d11c4"
2395. },
2396. {
2397. "name": "RtlUnwind",
2398. "address": "0x4d11c8"
2399. },
2400. {
2401. "name": "ReadFile",
2402. "address": "0x4d11cc"
2403. },
2404. {
2405. "name": "RaiseException",
2406. "address": "0x4d11d0"
2407. },
2408. {
2409. "name": "GetStdHandle",
2410. "address": "0x4d11d4"
2411. },
2412. {
2413. "name": "GetFileSize",
2414. "address": "0x4d11d8"
2415. },
2416. {
2417. "name": "GetSystemTime",
2418. "address": "0x4d11dc"
2419. },
2420. {
2421. "name": "GetFileType",
2422. "address": "0x4d11e0"
2423. },
2424. {
2425. "name": "ExitProcess",
2426. "address": "0x4d11e4"
2427. },
2428. {
2429. "name": "CreateFileA",
2430. "address": "0x4d11e8"
2431. },
2432. {
2433. "name": "CloseHandle",
2434. "address": "0x4d11ec"
2435. }
2436. ],
2437. "dll": "kernel32.dll"
2438. },
2439. {
2440. "imports": [
2441. {
2442. "name": "MessageBoxA",
2443. "address": "0x4d11f4"
2444. }
2445. ],
2446. "dll": "user32.dll"
2447. },
2448. {
2449. "imports": [
2450. {
2451. "name": "SafeArrayPutElement",
2452. "address": "0x4d11fc"
2453. },
2454. {
2455. "name": "SafeArrayCreate",
2456. "address": "0x4d1200"
2457. },
2458. {
2459. "name": "VariantChangeTypeEx",
2460. "address": "0x4d1204"
2461. },
2462. {
2463. "name": "VariantCopyInd",
2464. "address": "0x4d1208"
2465. },
2466. {
2467. "name": "VariantClear",
2468. "address": "0x4d120c"
2469. },
2470. {
2471. "name": "SysStringLen",
2472. "address": "0x4d1210"
2473. },
2474. {
2475. "name": "SysAllocStringLen",
2476. "address": "0x4d1214"
2477. }
2478. ],
2479. "dll": "oleaut32.dll"
2480. },
2481. {
2482. "imports": [
2483. {
2484. "name": "RegSetValueExA",
2485. "address": "0x4d121c"
2486. },
2487. {
2488. "name": "RegQueryValueExA",
2489. "address": "0x4d1220"
2490. },
2491. {
2492. "name": "RegQueryInfoKeyA",
2493. "address": "0x4d1224"
2494. },
2495. {
2496. "name": "RegOpenKeyExA",
2497. "address": "0x4d1228"
2498. },
2499. {
2500. "name": "RegEnumValueA",
2501. "address": "0x4d122c"
2502. },
2503. {
2504. "name": "RegEnumKeyExA",
2505. "address": "0x4d1230"
2506. },
2507. {
2508. "name": "RegDeleteValueA",
2509. "address": "0x4d1234"
2510. },
2511. {
2512. "name": "RegDeleteKeyA",
2513. "address": "0x4d1238"
2514. },
2515. {
2516. "name": "RegCreateKeyExA",
2517. "address": "0x4d123c"
2518. },
2519. {
2520. "name": "RegCloseKey",
2521. "address": "0x4d1240"
2522. },
2523. {
2524. "name": "OpenThreadToken",
2525. "address": "0x4d1244"
2526. },
2527. {
2528. "name": "OpenProcessToken",
2529. "address": "0x4d1248"
2530. },
2531. {
2532. "name": "LookupPrivilegeValueA",
2533. "address": "0x4d124c"
2534. },
2535. {
2536. "name": "GetUserNameA",
2537. "address": "0x4d1250"
2538. },
2539. {
2540. "name": "GetTokenInformation",
2541. "address": "0x4d1254"
2542. },
2543. {
2544. "name": "FreeSid",
2545. "address": "0x4d1258"
2546. },
2547. {
2548. "name": "EqualSid",
2549. "address": "0x4d125c"
2550. },
2551. {
2552. "name": "AllocateAndInitializeSid",
2553. "address": "0x4d1260"
2554. }
2555. ],
2556. "dll": "advapi32.dll"
2557. },
2558. {
2559. "imports": [
2560. {
2561. "name": "lstrcmpA",
2562. "address": "0x4d1268"
2563. },
2564. {
2565. "name": "WriteProfileStringA",
2566. "address": "0x4d126c"
2567. },
2568. {
2569. "name": "WritePrivateProfileStringA",
2570. "address": "0x4d1270"
2571. },
2572. {
2573. "name": "WriteFile",
2574. "address": "0x4d1274"
2575. },
2576. {
2577. "name": "WaitForSingleObject",
2578. "address": "0x4d1278"
2579. },
2580. {
2581. "name": "VirtualFree",
2582. "address": "0x4d127c"
2583. },
2584. {
2585. "name": "VirtualAlloc",
2586. "address": "0x4d1280"
2587. },
2588. {
2589. "name": "UnmapViewOfFile",
2590. "address": "0x4d1284"
2591. },
2592. {
2593. "name": "TransactNamedPipe",
2594. "address": "0x4d1288"
2595. },
2596. {
2597. "name": "TerminateThread",
2598. "address": "0x4d128c"
2599. },
2600. {
2601. "name": "TerminateProcess",
2602. "address": "0x4d1290"
2603. },
2604. {
2605. "name": "Sleep",
2606. "address": "0x4d1294"
2607. },
2608. {
2609. "name": "SizeofResource",
2610. "address": "0x4d1298"
2611. },
2612. {
2613. "name": "SetNamedPipeHandleState",
2614. "address": "0x4d129c"
2615. },
2616. {
2617. "name": "SetLastError",
2618. "address": "0x4d12a0"
2619. },
2620. {
2621. "name": "SetFileTime",
2622. "address": "0x4d12a4"
2623. },
2624. {
2625. "name": "SetFilePointer",
2626. "address": "0x4d12a8"
2627. },
2628. {
2629. "name": "SetFileAttributesA",
2630. "address": "0x4d12ac"
2631. },
2632. {
2633. "name": "SetErrorMode",
2634. "address": "0x4d12b0"
2635. },
2636. {
2637. "name": "SetEndOfFile",
2638. "address": "0x4d12b4"
2639. },
2640. {
2641. "name": "SetCurrentDirectoryA",
2642. "address": "0x4d12b8"
2643. },
2644. {
2645. "name": "RemoveDirectoryA",
2646. "address": "0x4d12bc"
2647. },
2648. {
2649. "name": "ReleaseMutex",
2650. "address": "0x4d12c0"
2651. },
2652. {
2653. "name": "ReadFile",
2654. "address": "0x4d12c4"
2655. },
2656. {
2657. "name": "QueryPerformanceCounter",
2658. "address": "0x4d12c8"
2659. },
2660. {
2661. "name": "OpenProcess",
2662. "address": "0x4d12cc"
2663. },
2664. {
2665. "name": "OpenMutexA",
2666. "address": "0x4d12d0"
2667. },
2668. {
2669. "name": "MultiByteToWideChar",
2670. "address": "0x4d12d4"
2671. },
2672. {
2673. "name": "MulDiv",
2674. "address": "0x4d12d8"
2675. },
2676. {
2677. "name": "MoveFileExA",
2678. "address": "0x4d12dc"
2679. },
2680. {
2681. "name": "MoveFileA",
2682. "address": "0x4d12e0"
2683. },
2684. {
2685. "name": "MapViewOfFile",
2686. "address": "0x4d12e4"
2687. },
2688. {
2689. "name": "LockResource",
2690. "address": "0x4d12e8"
2691. },
2692. {
2693. "name": "LocalFree",
2694. "address": "0x4d12ec"
2695. },
2696. {
2697. "name": "LocalFileTimeToFileTime",
2698. "address": "0x4d12f0"
2699. },
2700. {
2701. "name": "LoadResource",
2702. "address": "0x4d12f4"
2703. },
2704. {
2705. "name": "LoadLibraryExA",
2706. "address": "0x4d12f8"
2707. },
2708. {
2709. "name": "LoadLibraryA",
2710. "address": "0x4d12fc"
2711. },
2712. {
2713. "name": "IsDBCSLeadByte",
2714. "address": "0x4d1300"
2715. },
2716. {
2717. "name": "IsBadWritePtr",
2718. "address": "0x4d1304"
2719. },
2720. {
2721. "name": "GlobalUnlock",
2722. "address": "0x4d1308"
2723. },
2724. {
2725. "name": "GlobalReAlloc",
2726. "address": "0x4d130c"
2727. },
2728. {
2729. "name": "GlobalHandle",
2730. "address": "0x4d1310"
2731. },
2732. {
2733. "name": "GlobalLock",
2734. "address": "0x4d1314"
2735. },
2736. {
2737. "name": "GlobalFree",
2738. "address": "0x4d1318"
2739. },
2740. {
2741. "name": "GlobalDeleteAtom",
2742. "address": "0x4d131c"
2743. },
2744. {
2745. "name": "GlobalAlloc",
2746. "address": "0x4d1320"
2747. },
2748. {
2749. "name": "GlobalAddAtomA",
2750. "address": "0x4d1324"
2751. },
2752. {
2753. "name": "GetWindowsDirectoryA",
2754. "address": "0x4d1328"
2755. },
2756. {
2757. "name": "GetVersionExA",
2758. "address": "0x4d132c"
2759. },
2760. {
2761. "name": "GetVersion",
2762. "address": "0x4d1330"
2763. },
2764. {
2765. "name": "GetUserDefaultLangID",
2766. "address": "0x4d1334"
2767. },
2768. {
2769. "name": "GetTickCount",
2770. "address": "0x4d1338"
2771. },
2772. {
2773. "name": "GetSystemTimeAsFileTime",
2774. "address": "0x4d133c"
2775. },
2776. {
2777. "name": "GetSystemInfo",
2778. "address": "0x4d1340"
2779. },
2780. {
2781. "name": "GetSystemDirectoryA",
2782. "address": "0x4d1344"
2783. },
2784. {
2785. "name": "GetSystemDefaultLCID",
2786. "address": "0x4d1348"
2787. },
2788. {
2789. "name": "GetShortPathNameA",
2790. "address": "0x4d134c"
2791. },
2792. {
2793. "name": "GetProfileStringA",
2794. "address": "0x4d1350"
2795. },
2796. {
2797. "name": "GetProcAddress",
2798. "address": "0x4d1354"
2799. },
2800. {
2801. "name": "GetPrivateProfileStringA",
2802. "address": "0x4d1358"
2803. },
2804. {
2805. "name": "GetOverlappedResult",
2806. "address": "0x4d135c"
2807. },
2808. {
2809. "name": "GetModuleHandleA",
2810. "address": "0x4d1360"
2811. },
2812. {
2813. "name": "GetModuleFileNameA",
2814. "address": "0x4d1364"
2815. },
2816. {
2817. "name": "GetLogicalDrives",
2818. "address": "0x4d1368"
2819. },
2820. {
2821. "name": "GetLocaleInfoA",
2822. "address": "0x4d136c"
2823. },
2824. {
2825. "name": "GetLocalTime",
2826. "address": "0x4d1370"
2827. },
2828. {
2829. "name": "GetLastError",
2830. "address": "0x4d1374"
2831. },
2832. {
2833. "name": "GetFullPathNameA",
2834. "address": "0x4d1378"
2835. },
2836. {
2837. "name": "GetFileSize",
2838. "address": "0x4d137c"
2839. },
2840. {
2841. "name": "GetFileAttributesA",
2842. "address": "0x4d1380"
2843. },
2844. {
2845. "name": "GetExitCodeProcess",
2846. "address": "0x4d1384"
2847. },
2848. {
2849. "name": "GetEnvironmentVariableA",
2850. "address": "0x4d1388"
2851. },
2852. {
2853. "name": "GetDriveTypeA",
2854. "address": "0x4d138c"
2855. },
2856. {
2857. "name": "GetDiskFreeSpaceA",
2858. "address": "0x4d1390"
2859. },
2860. {
2861. "name": "GetCurrentThreadId",
2862. "address": "0x4d1394"
2863. },
2864. {
2865. "name": "GetCurrentThread",
2866. "address": "0x4d1398"
2867. },
2868. {
2869. "name": "GetCurrentProcessId",
2870. "address": "0x4d139c"
2871. },
2872. {
2873. "name": "GetCurrentProcess",
2874. "address": "0x4d13a0"
2875. },
2876. {
2877. "name": "GetCurrentDirectoryA",
2878. "address": "0x4d13a4"
2879. },
2880. {
2881. "name": "GetComputerNameA",
2882. "address": "0x4d13a8"
2883. },
2884. {
2885. "name": "GetCommandLineA",
2886. "address": "0x4d13ac"
2887. },
2888. {
2889. "name": "GetACP",
2890. "address": "0x4d13b0"
2891. },
2892. {
2893. "name": "FreeResource",
2894. "address": "0x4d13b4"
2895. },
2896. {
2897. "name": "InterlockedExchange",
2898. "address": "0x4d13b8"
2899. },
2900. {
2901. "name": "FreeLibrary",
2902. "address": "0x4d13bc"
2903. },
2904. {
2905. "name": "FormatMessageA",
2906. "address": "0x4d13c0"
2907. },
2908. {
2909. "name": "FlushFileBuffers",
2910. "address": "0x4d13c4"
2911. },
2912. {
2913. "name": "FindResourceA",
2914. "address": "0x4d13c8"
2915. },
2916. {
2917. "name": "FindNextFileA",
2918. "address": "0x4d13cc"
2919. },
2920. {
2921. "name": "FindFirstFileA",
2922. "address": "0x4d13d0"
2923. },
2924. {
2925. "name": "FindClose",
2926. "address": "0x4d13d4"
2927. },
2928. {
2929. "name": "FileTimeToSystemTime",
2930. "address": "0x4d13d8"
2931. },
2932. {
2933. "name": "FileTimeToLocalFileTime",
2934. "address": "0x4d13dc"
2935. },
2936. {
2937. "name": "DeviceIoControl",
2938. "address": "0x4d13e0"
2939. },
2940. {
2941. "name": "DeleteFileA",
2942. "address": "0x4d13e4"
2943. },
2944. {
2945. "name": "CreateThread",
2946. "address": "0x4d13e8"
2947. },
2948. {
2949. "name": "CreateProcessA",
2950. "address": "0x4d13ec"
2951. },
2952. {
2953. "name": "CreateNamedPipeA",
2954. "address": "0x4d13f0"
2955. },
2956. {
2957. "name": "CreateMutexA",
2958. "address": "0x4d13f4"
2959. },
2960. {
2961. "name": "CreateFileMappingA",
2962. "address": "0x4d13f8"
2963. },
2964. {
2965. "name": "CreateFileA",
2966. "address": "0x4d13fc"
2967. },
2968. {
2969. "name": "CreateEventA",
2970. "address": "0x4d1400"
2971. },
2972. {
2973. "name": "CreateDirectoryA",
2974. "address": "0x4d1404"
2975. },
2976. {
2977. "name": "CopyFileA",
2978. "address": "0x4d1408"
2979. },
2980. {
2981. "name": "CompareStringA",
2982. "address": "0x4d140c"
2983. },
2984. {
2985. "name": "CompareFileTime",
2986. "address": "0x4d1410"
2987. },
2988. {
2989. "name": "CloseHandle",
2990. "address": "0x4d1414"
2991. }
2992. ],
2993. "dll": "kernel32.dll"
2994. },
2995. {
2996. "imports": [
2997. {
2998. "name": "WNetOpenEnumA",
2999. "address": "0x4d141c"
3000. },
3001. {
3002. "name": "WNetGetUniversalNameA",
3003. "address": "0x4d1420"
3004. },
3005. {
3006. "name": "WNetGetConnectionA",
3007. "address": "0x4d1424"
3008. },
3009. {
3010. "name": "WNetEnumResourceA",
3011. "address": "0x4d1428"
3012. },
3013. {
3014. "name": "WNetCloseEnum",
3015. "address": "0x4d142c"
3016. }
3017. ],
3018. "dll": "mpr.dll"
3019. },
3020. {
3021. "imports": [
3022. {
3023. "name": "VerQueryValueA",
3024. "address": "0x4d1434"
3025. },
3026. {
3027. "name": "GetFileVersionInfoSizeA",
3028. "address": "0x4d1438"
3029. },
3030. {
3031. "name": "GetFileVersionInfoA",
3032. "address": "0x4d143c"
3033. }
3034. ],
3035. "dll": "version.dll"
3036. },
3037. {
3038. "imports": [
3039. {
3040. "name": "UnrealizeObject",
3041. "address": "0x4d1444"
3042. },
3043. {
3044. "name": "TextOutA",
3045. "address": "0x4d1448"
3046. },
3047. {
3048. "name": "StretchDIBits",
3049. "address": "0x4d144c"
3050. },
3051. {
3052. "name": "StretchBlt",
3053. "address": "0x4d1450"
3054. },
3055. {
3056. "name": "StartPage",
3057. "address": "0x4d1454"
3058. },
3059. {
3060. "name": "StartDocA",
3061. "address": "0x4d1458"
3062. },
3063. {
3064. "name": "SetWindowOrgEx",
3065. "address": "0x4d145c"
3066. },
3067. {
3068. "name": "SetViewportOrgEx",
3069. "address": "0x4d1460"
3070. },
3071. {
3072. "name": "SetTextColor",
3073. "address": "0x4d1464"
3074. },
3075. {
3076. "name": "SetTextAlign",
3077. "address": "0x4d1468"
3078. },
3079. {
3080. "name": "SetStretchBltMode",
3081. "address": "0x4d146c"
3082. },
3083. {
3084. "name": "SetROP2",
3085. "address": "0x4d1470"
3086. },
3087. {
3088. "name": "SetPixel",
3089. "address": "0x4d1474"
3090. },
3091. {
3092. "name": "SetBkMode",
3093. "address": "0x4d1478"
3094. },
3095. {
3096. "name": "SetBkColor",
3097. "address": "0x4d147c"
3098. },
3099. {
3100. "name": "SetAbortProc",
3101. "address": "0x4d1480"
3102. },
3103. {
3104. "name": "SelectPalette",
3105. "address": "0x4d1484"
3106. },
3107. {
3108. "name": "SelectObject",
3109. "address": "0x4d1488"
3110. },
3111. {
3112. "name": "SelectClipRgn",
3113. "address": "0x4d148c"
3114. },
3115. {
3116. "name": "SaveDC",
3117. "address": "0x4d1490"
3118. },
3119. {
3120. "name": "RoundRect",
3121. "address": "0x4d1494"
3122. },
3123. {
3124. "name": "RestoreDC",
3125. "address": "0x4d1498"
3126. },
3127. {
3128. "name": "RemoveFontResourceA",
3129. "address": "0x4d149c"
3130. },
3131. {
3132. "name": "Rectangle",
3133. "address": "0x4d14a0"
3134. },
3135. {
3136. "name": "RectVisible",
3137. "address": "0x4d14a4"
3138. },
3139. {
3140. "name": "RealizePalette",
3141. "address": "0x4d14a8"
3142. },
3143. {
3144. "name": "Polyline",
3145. "address": "0x4d14ac"
3146. },
3147. {
3148. "name": "Pie",
3149. "address": "0x4d14b0"
3150. },
3151. {
3152. "name": "PatBlt",
3153. "address": "0x4d14b4"
3154. },
3155. {
3156. "name": "MoveToEx",
3157. "address": "0x4d14b8"
3158. },
3159. {
3160. "name": "LineTo",
3161. "address": "0x4d14bc"
3162. },
3163. {
3164. "name": "LineDDA",
3165. "address": "0x4d14c0"
3166. },
3167. {
3168. "name": "IntersectClipRect",
3169. "address": "0x4d14c4"
3170. },
3171. {
3172. "name": "GetWindowOrgEx",
3173. "address": "0x4d14c8"
3174. },
3175. {
3176. "name": "GetTextMetricsA",
3177. "address": "0x4d14cc"
3178. },
3179. {
3180. "name": "GetTextExtentPointA",
3181. "address": "0x4d14d0"
3182. },
3183. {
3184. "name": "GetTextExtentPoint32A",
3185. "address": "0x4d14d4"
3186. },
3187. {
3188. "name": "GetSystemPaletteEntries",
3189. "address": "0x4d14d8"
3190. },
3191. {
3192. "name": "GetStockObject",
3193. "address": "0x4d14dc"
3194. },
3195. {
3196. "name": "GetPixel",
3197. "address": "0x4d14e0"
3198. },
3199. {
3200. "name": "GetPaletteEntries",
3201. "address": "0x4d14e4"
3202. },
3203. {
3204. "name": "GetObjectA",
3205. "address": "0x4d14e8"
3206. },
3207. {
3208. "name": "GetDeviceCaps",
3209. "address": "0x4d14ec"
3210. },
3211. {
3212. "name": "GetDIBits",
3213. "address": "0x4d14f0"
3214. },
3215. {
3216. "name": "GetCurrentPositionEx",
3217. "address": "0x4d14f4"
3218. },
3219. {
3220. "name": "GetClipBox",
3221. "address": "0x4d14f8"
3222. },
3223. {
3224. "name": "GetBitmapBits",
3225. "address": "0x4d14fc"
3226. },
3227. {
3228. "name": "ExtTextOutA",
3229. "address": "0x4d1500"
3230. },
3231. {
3232. "name": "ExtFloodFill",
3233. "address": "0x4d1504"
3234. },
3235. {
3236. "name": "ExcludeClipRect",
3237. "address": "0x4d1508"
3238. },
3239. {
3240. "name": "EnumFontsA",
3241. "address": "0x4d150c"
3242. },
3243. {
3244. "name": "EndPage",
3245. "address": "0x4d1510"
3246. },
3247. {
3248. "name": "EndDoc",
3249. "address": "0x4d1514"
3250. },
3251. {
3252. "name": "Ellipse",
3253. "address": "0x4d1518"
3254. },
3255. {
3256. "name": "DeleteObject",
3257. "address": "0x4d151c"
3258. },
3259. {
3260. "name": "DeleteDC",
3261. "address": "0x4d1520"
3262. },
3263. {
3264. "name": "CreateSolidBrush",
3265. "address": "0x4d1524"
3266. },
3267. {
3268. "name": "CreateRectRgn",
3269. "address": "0x4d1528"
3270. },
3271. {
3272. "name": "CreatePenIndirect",
3273. "address": "0x4d152c"
3274. },
3275. {
3276. "name": "CreatePalette",
3277. "address": "0x4d1530"
3278. },
3279. {
3280. "name": "CreateICA",
3281. "address": "0x4d1534"
3282. },
3283. {
3284. "name": "CreateFontIndirectA",
3285. "address": "0x4d1538"
3286. },
3287. {
3288. "name": "CreateDIBitmap",
3289. "address": "0x4d153c"
3290. },
3291. {
3292. "name": "CreateDCA",
3293. "address": "0x4d1540"
3294. },
3295. {
3296. "name": "CreateCompatibleDC",
3297. "address": "0x4d1544"
3298. },
3299. {
3300. "name": "CreateCompatibleBitmap",
3301. "address": "0x4d1548"
3302. },
3303. {
3304. "name": "CreateBrushIndirect",
3305. "address": "0x4d154c"
3306. },
3307. {
3308. "name": "CreateBitmap",
3309. "address": "0x4d1550"
3310. },
3311. {
3312. "name": "Chord",
3313. "address": "0x4d1554"
3314. },
3315. {
3316. "name": "BitBlt",
3317. "address": "0x4d1558"
3318. },
3319. {
3320. "name": "Arc",
3321. "address": "0x4d155c"
3322. },
3323. {
3324. "name": "AddFontResourceA",
3325. "address": "0x4d1560"
3326. }
3327. ],
3328. "dll": "gdi32.dll"
3329. },
3330. {
3331. "imports": [
3332. {
3333. "name": "WindowFromPoint",
3334. "address": "0x4d1568"
3335. },
3336. {
3337. "name": "WinHelpA",
3338. "address": "0x4d156c"
3339. },
3340. {
3341. "name": "WaitMessage",
3342. "address": "0x4d1570"
3343. },
3344. {
3345. "name": "WaitForInputIdle",
3346. "address": "0x4d1574"
3347. },
3348. {
3349. "name": "UpdateWindow",
3350. "address": "0x4d1578"
3351. },
3352. {
3353. "name": "UnregisterClassA",
3354. "address": "0x4d157c"
3355. },
3356. {
3357. "name": "UnhookWindowsHookEx",
3358. "address": "0x4d1580"
3359. },
3360. {
3361. "name": "TranslateMessage",
3362. "address": "0x4d1584"
3363. },
3364. {
3365. "name": "TranslateMDISysAccel",
3366. "address": "0x4d1588"
3367. },
3368. {
3369. "name": "TrackPopupMenu",
3370. "address": "0x4d158c"
3371. },
3372. {
3373. "name": "SystemParametersInfoA",
3374. "address": "0x4d1590"
3375. },
3376. {
3377. "name": "ShowWindow",
3378. "address": "0x4d1594"
3379. },
3380. {
3381. "name": "ShowOwnedPopups",
3382. "address": "0x4d1598"
3383. },
3384. {
3385. "name": "ShowCursor",
3386. "address": "0x4d159c"
3387. },
3388. {
3389. "name": "SetWindowRgn",
3390. "address": "0x4d15a0"
3391. },
3392. {
3393. "name": "SetWindowsHookExA",
3394. "address": "0x4d15a4"
3395. },
3396. {
3397. "name": "SetWindowTextA",
3398. "address": "0x4d15a8"
3399. },
3400. {
3401. "name": "SetWindowPos",
3402. "address": "0x4d15ac"
3403. },
3404. {
3405. "name": "SetWindowPlacement",
3406. "address": "0x4d15b0"
3407. },
3408. {
3409. "name": "SetWindowLongW",
3410. "address": "0x4d15b4"
3411. },
3412. {
3413. "name": "SetWindowLongA",
3414. "address": "0x4d15b8"
3415. },
3416. {
3417. "name": "SetTimer",
3418. "address": "0x4d15bc"
3419. },
3420. {
3421. "name": "SetScrollRange",
3422. "address": "0x4d15c0"
3423. },
3424. {
3425. "name": "SetScrollPos",
3426. "address": "0x4d15c4"
3427. },
3428. {
3429. "name": "SetScrollInfo",
3430. "address": "0x4d15c8"
3431. },
3432. {
3433. "name": "SetRectEmpty",
3434. "address": "0x4d15cc"
3435. },
3436. {
3437. "name": "SetRect",
3438. "address": "0x4d15d0"
3439. },
3440. {
3441. "name": "SetPropA",
3442. "address": "0x4d15d4"
3443. },
3444. {
3445. "name": "SetParent",
3446. "address": "0x4d15d8"
3447. },
3448. {
3449. "name": "SetMenu",
3450. "address": "0x4d15dc"
3451. },
3452. {
3453. "name": "SetForegroundWindow",
3454. "address": "0x4d15e0"
3455. },
3456. {
3457. "name": "SetFocus",
3458. "address": "0x4d15e4"
3459. },
3460. {
3461. "name": "SetCursor",
3462. "address": "0x4d15e8"
3463. },
3464. {
3465. "name": "SetCapture",
3466. "address": "0x4d15ec"
3467. },
3468. {
3469. "name": "SetActiveWindow",
3470. "address": "0x4d15f0"
3471. },
3472. {
3473. "name": "SendNotifyMessageA",
3474. "address": "0x4d15f4"
3475. },
3476. {
3477. "name": "SendMessageTimeoutA",
3478. "address": "0x4d15f8"
3479. },
3480. {
3481. "name": "SendMessageW",
3482. "address": "0x4d15fc"
3483. },
3484. {
3485. "name": "SendMessageA",
3486. "address": "0x4d1600"
3487. },
3488. {
3489. "name": "ScrollWindowEx",
3490. "address": "0x4d1604"
3491. },
3492. {
3493. "name": "ScrollWindow",
3494. "address": "0x4d1608"
3495. },
3496. {
3497. "name": "ScreenToClient",
3498. "address": "0x4d160c"
3499. },
3500. {
3501. "name": "ReplyMessage",
3502. "address": "0x4d1610"
3503. },
3504. {
3505. "name": "RemovePropA",
3506. "address": "0x4d1614"
3507. },
3508. {
3509. "name": "RemoveMenu",
3510. "address": "0x4d1618"
3511. },
3512. {
3513. "name": "ReleaseDC",
3514. "address": "0x4d161c"
3515. },
3516. {
3517. "name": "ReleaseCapture",
3518. "address": "0x4d1620"
3519. },
3520. {
3521. "name": "RegisterWindowMessageA",
3522. "address": "0x4d1624"
3523. },
3524. {
3525. "name": "RegisterClassA",
3526. "address": "0x4d1628"
3527. },
3528. {
3529. "name": "PtInRect",
3530. "address": "0x4d162c"
3531. },
3532. {
3533. "name": "PostQuitMessage",
3534. "address": "0x4d1630"
3535. },
3536. {
3537. "name": "PostMessageA",
3538. "address": "0x4d1634"
3539. },
3540. {
3541. "name": "PeekMessageA",
3542. "address": "0x4d1638"
3543. },
3544. {
3545. "name": "OffsetRect",
3546. "address": "0x4d163c"
3547. },
3548. {
3549. "name": "OemToCharBuffA",
3550. "address": "0x4d1640"
3551. },
3552. {
3553. "name": "OemToCharA",
3554. "address": "0x4d1644"
3555. },
3556. {
3557. "name": "MsgWaitForMultipleObjects",
3558. "address": "0x4d1648"
3559. },
3560. {
3561. "name": "MoveWindow",
3562. "address": "0x4d164c"
3563. },
3564. {
3565. "name": "MessageBoxA",
3566. "address": "0x4d1650"
3567. },
3568. {
3569. "name": "MessageBeep",
3570. "address": "0x4d1654"
3571. },
3572. {
3573. "name": "MapWindowPoints",
3574. "address": "0x4d1658"
3575. },
3576. {
3577. "name": "MapVirtualKeyA",
3578. "address": "0x4d165c"
3579. },
3580. {
3581. "name": "LoadStringA",
3582. "address": "0x4d1660"
3583. },
3584. {
3585. "name": "LoadIconA",
3586. "address": "0x4d1664"
3587. },
3588. {
3589. "name": "LoadCursorA",
3590. "address": "0x4d1668"
3591. },
3592. {
3593. "name": "LoadBitmapA",
3594. "address": "0x4d166c"
3595. },
3596. {
3597. "name": "KillTimer",
3598. "address": "0x4d1670"
3599. },
3600. {
3601. "name": "IsZoomed",
3602. "address": "0x4d1674"
3603. },
3604. {
3605. "name": "IsWindowVisible",
3606. "address": "0x4d1678"
3607. },
3608. {
3609. "name": "IsWindowEnabled",
3610. "address": "0x4d167c"
3611. },
3612. {
3613. "name": "IsWindow",
3614. "address": "0x4d1680"
3615. },
3616. {
3617. "name": "IsRectEmpty",
3618. "address": "0x4d1684"
3619. },
3620. {
3621. "name": "IsIconic",
3622. "address": "0x4d1688"
3623. },
3624. {
3625. "name": "IsDialogMessageA",
3626. "address": "0x4d168c"
3627. },
3628. {
3629. "name": "IsChild",
3630. "address": "0x4d1690"
3631. },
3632. {
3633. "name": "InvalidateRect",
3634. "address": "0x4d1694"
3635. },
3636. {
3637. "name": "IntersectRect",
3638. "address": "0x4d1698"
3639. },
3640. {
3641. "name": "InsertMenuItemA",
3642. "address": "0x4d169c"
3643. },
3644. {
3645. "name": "InsertMenuA",
3646. "address": "0x4d16a0"
3647. },
3648. {
3649. "name": "InflateRect",
3650. "address": "0x4d16a4"
3651. },
3652. {
3653. "name": "GetWindowThreadProcessId",
3654. "address": "0x4d16a8"
3655. },
3656. {
3657. "name": "GetWindowTextA",
3658. "address": "0x4d16ac"
3659. },
3660. {
3661. "name": "GetWindowRgn",
3662. "address": "0x4d16b0"
3663. },
3664. {
3665. "name": "GetWindowRect",
3666. "address": "0x4d16b4"
3667. },
3668. {
3669. "name": "GetWindowPlacement",
3670. "address": "0x4d16b8"
3671. },
3672. {
3673. "name": "GetWindowLongA",
3674. "address": "0x4d16bc"
3675. },
3676. {
3677. "name": "GetWindowDC",
3678. "address": "0x4d16c0"
3679. },
3680. {
3681. "name": "GetSystemMetrics",
3682. "address": "0x4d16c4"
3683. },
3684. {
3685. "name": "GetSystemMenu",
3686. "address": "0x4d16c8"
3687. },
3688. {
3689. "name": "GetSysColorBrush",
3690. "address": "0x4d16cc"
3691. },
3692. {
3693. "name": "GetSysColor",
3694. "address": "0x4d16d0"
3695. },
3696. {
3697. "name": "GetSubMenu",
3698. "address": "0x4d16d4"
3699. },
3700. {
3701. "name": "GetScrollPos",
3702. "address": "0x4d16d8"
3703. },
3704. {
3705. "name": "GetPropA",
3706. "address": "0x4d16dc"
3707. },
3708. {
3709. "name": "GetParent",
3710. "address": "0x4d16e0"
3711. },
3712. {
3713. "name": "GetWindow",
3714. "address": "0x4d16e4"
3715. },
3716. {
3717. "name": "GetMessagePos",
3718. "address": "0x4d16e8"
3719. },
3720. {
3721. "name": "GetMessageA",
3722. "address": "0x4d16ec"
3723. },
3724. {
3725. "name": "GetMenuStringA",
3726. "address": "0x4d16f0"
3727. },
3728. {
3729. "name": "GetMenuState",
3730. "address": "0x4d16f4"
3731. },
3732. {
3733. "name": "GetMenuItemCount",
3734. "address": "0x4d16f8"
3735. },
3736. {
3737. "name": "GetMenu",
3738. "address": "0x4d16fc"
3739. },
3740. {
3741. "name": "GetLastActivePopup",
3742. "address": "0x4d1700"
3743. },
3744. {
3745. "name": "GetKeyState",
3746. "address": "0x4d1704"
3747. },
3748. {
3749. "name": "GetKeyNameTextA",
3750. "address": "0x4d1708"
3751. },
3752. {
3753. "name": "GetIconInfo",
3754. "address": "0x4d170c"
3755. },
3756. {
3757. "name": "GetForegroundWindow",
3758. "address": "0x4d1710"
3759. },
3760. {
3761. "name": "GetFocus",
3762. "address": "0x4d1714"
3763. },
3764. {
3765. "name": "GetDlgItem",
3766. "address": "0x4d1718"
3767. },
3768. {
3769. "name": "GetDlgCtrlID",
3770. "address": "0x4d171c"
3771. },
3772. {
3773. "name": "GetDesktopWindow",
3774. "address": "0x4d1720"
3775. },
3776. {
3777. "name": "GetDCEx",
3778. "address": "0x4d1724"
3779. },
3780. {
3781. "name": "GetDC",
3782. "address": "0x4d1728"
3783. },
3784. {
3785. "name": "GetCursorPos",
3786. "address": "0x4d172c"
3787. },
3788. {
3789. "name": "GetCursor",
3790. "address": "0x4d1730"
3791. },
3792. {
3793. "name": "GetClientRect",
3794. "address": "0x4d1734"
3795. },
3796. {
3797. "name": "GetClassNameA",
3798. "address": "0x4d1738"
3799. },
3800. {
3801. "name": "GetClassInfoW",
3802. "address": "0x4d173c"
3803. },
3804. {
3805. "name": "GetClassInfoA",
3806. "address": "0x4d1740"
3807. },
3808. {
3809. "name": "GetCapture",
3810. "address": "0x4d1744"
3811. },
3812. {
3813. "name": "GetActiveWindow",
3814. "address": "0x4d1748"
3815. },
3816. {
3817. "name": "FrameRect",
3818. "address": "0x4d174c"
3819. },
3820. {
3821. "name": "FindWindowA",
3822. "address": "0x4d1750"
3823. },
3824. {
3825. "name": "FillRect",
3826. "address": "0x4d1754"
3827. },
3828. {
3829. "name": "ExitWindowsEx",
3830. "address": "0x4d1758"
3831. },
3832. {
3833. "name": "EqualRect",
3834. "address": "0x4d175c"
3835. },
3836. {
3837. "name": "EnumWindows",
3838. "address": "0x4d1760"
3839. },
3840. {
3841. "name": "EnumThreadWindows",
3842. "address": "0x4d1764"
3843. },
3844. {
3845. "name": "EndPaint",
3846. "address": "0x4d1768"
3847. },
3848. {
3849. "name": "EnableWindow",
3850. "address": "0x4d176c"
3851. },
3852. {
3853. "name": "EnableMenuItem",
3854. "address": "0x4d1770"
3855. },
3856. {
3857. "name": "DrawTextW",
3858. "address": "0x4d1774"
3859. },
3860. {
3861. "name": "DrawTextA",
3862. "address": "0x4d1778"
3863. },
3864. {
3865. "name": "DrawMenuBar",
3866. "address": "0x4d177c"
3867. },
3868. {
3869. "name": "DrawIconEx",
3870. "address": "0x4d1780"
3871. },
3872. {
3873. "name": "DrawIcon",
3874. "address": "0x4d1784"
3875. },
3876. {
3877. "name": "DrawFrameControl",
3878. "address": "0x4d1788"
3879. },
3880. {
3881. "name": "DrawFocusRect",
3882. "address": "0x4d178c"
3883. },
3884. {
3885. "name": "DrawEdge",
3886. "address": "0x4d1790"
3887. },
3888. {
3889. "name": "DispatchMessageA",
3890. "address": "0x4d1794"
3891. },
3892. {
3893. "name": "DestroyWindow",
3894. "address": "0x4d1798"
3895. },
3896. {
3897. "name": "DestroyMenu",
3898. "address": "0x4d179c"
3899. },
3900. {
3901. "name": "DestroyIcon",
3902. "address": "0x4d17a0"
3903. },
3904. {
3905. "name": "DestroyCursor",
3906. "address": "0x4d17a4"
3907. },
3908. {
3909. "name": "DeleteMenu",
3910. "address": "0x4d17a8"
3911. },
3912. {
3913. "name": "DefWindowProcA",
3914. "address": "0x4d17ac"
3915. },
3916. {
3917. "name": "DefMDIChildProcA",
3918. "address": "0x4d17b0"
3919. },
3920. {
3921. "name": "DefFrameProcA",
3922. "address": "0x4d17b4"
3923. },
3924. {
3925. "name": "CreateWindowExA",
3926. "address": "0x4d17b8"
3927. },
3928. {
3929. "name": "CreatePopupMenu",
3930. "address": "0x4d17bc"
3931. },
3932. {
3933. "name": "CreateMenu",
3934. "address": "0x4d17c0"
3935. },
3936. {
3937. "name": "CreateIcon",
3938. "address": "0x4d17c4"
3939. },
3940. {
3941. "name": "CreateAcceleratorTableA",
3942. "address": "0x4d17c8"
3943. },
3944. {
3945. "name": "CopyIcon",
3946. "address": "0x4d17cc"
3947. },
3948. {
3949. "name": "ClientToScreen",
3950. "address": "0x4d17d0"
3951. },
3952. {
3953. "name": "CheckMenuItem",
3954. "address": "0x4d17d4"
3955. },
3956. {
3957. "name": "CallWindowProcW",
3958. "address": "0x4d17d8"
3959. },
3960. {
3961. "name": "CallWindowProcA",
3962. "address": "0x4d17dc"
3963. },
3964. {
3965. "name": "CallNextHookEx",
3966. "address": "0x4d17e0"
3967. },
3968. {
3969. "name": "BringWindowToTop",
3970. "address": "0x4d17e4"
3971. },
3972. {
3973. "name": "BeginPaint",
3974. "address": "0x4d17e8"
3975. },
3976. {
3977. "name": "AppendMenuA",
3978. "address": "0x4d17ec"
3979. },
3980. {
3981. "name": "CharPrevA",
3982. "address": "0x4d17f0"
3983. },
3984. {
3985. "name": "CharNextA",
3986. "address": "0x4d17f4"
3987. },
3988. {
3989. "name": "CharLowerBuffA",
3990. "address": "0x4d17f8"
3991. },
3992. {
3993. "name": "CharLowerA",
3994. "address": "0x4d17fc"
3995. },
3996. {
3997. "name": "CharUpperBuffA",
3998. "address": "0x4d1800"
3999. },
4000. {
4001. "name": "CharToOemBuffA",
4002. "address": "0x4d1804"
4003. },
4004. {
4005. "name": "AdjustWindowRectEx",
4006. "address": "0x4d1808"
4007. }
4008. ],
4009. "dll": "user32.dll"
4010. },
4011. {
4012. "imports": [
4013. {
4014. "name": "ImageList_GetImageInfo",
4015. "address": "0x4d1810"
4016. },
4017. {
4018. "name": "ImageList_SetIconSize",
4019. "address": "0x4d1814"
4020. },
4021. {
4022. "name": "ImageList_GetIconSize",
4023. "address": "0x4d1818"
4024. },
4025. {
4026. "name": "ImageList_GetDragImage",
4027. "address": "0x4d181c"
4028. },
4029. {
4030. "name": "ImageList_DragShowNolock",
4031. "address": "0x4d1820"
4032. },
4033. {
4034. "name": "ImageList_SetDragCursorImage",
4035. "address": "0x4d1824"
4036. },
4037. {
4038. "name": "ImageList_DragMove",
4039. "address": "0x4d1828"
4040. },
4041. {
4042. "name": "ImageList_DragLeave",
4043. "address": "0x4d182c"
4044. },
4045. {
4046. "name": "ImageList_DragEnter",
4047. "address": "0x4d1830"
4048. },
4049. {
4050. "name": "ImageList_EndDrag",
4051. "address": "0x4d1834"
4052. },
4053. {
4054. "name": "ImageList_BeginDrag",
4055. "address": "0x4d1838"
4056. },
4057. {
4058. "name": "ImageList_LoadImage",
4059. "address": "0x4d183c"
4060. },
4061. {
4062. "name": "ImageList_GetIcon",
4063. "address": "0x4d1840"
4064. },
4065. {
4066. "name": "ImageList_Remove",
4067. "address": "0x4d1844"
4068. },
4069. {
4070. "name": "ImageList_DrawEx",
4071. "address": "0x4d1848"
4072. },
4073. {
4074. "name": "ImageList_AddMasked",
4075. "address": "0x4d184c"
4076. },
4077. {
4078. "name": "ImageList_Replace",
4079. "address": "0x4d1850"
4080. },
4081. {
4082. "name": "ImageList_Draw",
4083. "address": "0x4d1854"
4084. },
4085. {
4086. "name": "ImageList_SetOverlayImage",
4087. "address": "0x4d1858"
4088. },
4089. {
4090. "name": "ImageList_GetBkColor",
4091. "address": "0x4d185c"
4092. },
4093. {
4094. "name": "ImageList_SetBkColor",
4095. "address": "0x4d1860"
4096. },
4097. {
4098. "name": "ImageList_ReplaceIcon",
4099. "address": "0x4d1864"
4100. },
4101. {
4102. "name": "ImageList_Add",
4103. "address": "0x4d1868"
4104. },
4105. {
4106. "name": "ImageList_GetImageCount",
4107. "address": "0x4d186c"
4108. },
4109. {
4110. "name": "ImageList_Destroy",
4111. "address": "0x4d1870"
4112. },
4113. {
4114. "name": "ImageList_Create",
4115. "address": "0x4d1874"
4116. },
4117. {
4118. "name": "InitCommonControls",
4119. "address": "0x4d1878"
4120. }
4121. ],
4122. "dll": "comctl32.dll"
4123. },
4124. {
4125. "imports": [
4126. {
4127. "name": "OpenPrinterA",
4128. "address": "0x4d1880"
4129. },
4130. {
4131. "name": "EnumPrintersA",
4132. "address": "0x4d1884"
4133. },
4134. {
4135. "name": "DocumentPropertiesA",
4136. "address": "0x4d1888"
4137. },
4138. {
4139. "name": "ClosePrinter",
4140. "address": "0x4d188c"
4141. }
4142. ],
4143. "dll": "winspool.drv"
4144. },
4145. {
4146. "imports": [
4147. {
4148. "name": "GetSaveFileNameA",
4149. "address": "0x4d1894"
4150. },
4151. {
4152. "name": "GetOpenFileNameA",
4153. "address": "0x4d1898"
4154. }
4155. ],
4156. "dll": "comdlg32.dll"
4157. },
4158. {
4159. "imports": [
4160. {
4161. "name": "CoTaskMemFree",
4162. "address": "0x4d18a0"
4163. },
4164. {
4165. "name": "CLSIDFromProgID",
4166. "address": "0x4d18a4"
4167. },
4168. {
4169. "name": "CoCreateInstance",
4170. "address": "0x4d18a8"
4171. },
4172. {
4173. "name": "CoFreeUnusedLibraries",
4174. "address": "0x4d18ac"
4175. },
4176. {
4177. "name": "CoUninitialize",
4178. "address": "0x4d18b0"
4179. },
4180. {
4181. "name": "CoInitialize",
4182. "address": "0x4d18b4"
4183. },
4184. {
4185. "name": "IsEqualGUID",
4186. "address": "0x4d18b8"
4187. }
4188. ],
4189. "dll": "ole32.dll"
4190. },
4191. {
4192. "imports": [
4193. {
4194. "name": "GetActiveObject",
4195. "address": "0x4d18c0"
4196. },
4197. {
4198. "name": "RegisterTypeLib",
4199. "address": "0x4d18c4"
4200. },
4201. {
4202. "name": "LoadTypeLib",
4203. "address": "0x4d18c8"
4204. },
4205. {
4206. "name": "SysFreeString",
4207. "address": "0x4d18cc"
4208. }
4209. ],
4210. "dll": "oleaut32.dll"
4211. },
4212. {
4213. "imports": [
4214. {
4215. "name": "ShellExecuteExA",
4216. "address": "0x4d18d4"
4217. },
4218. {
4219. "name": "ShellExecuteA",
4220. "address": "0x4d18d8"
4221. },
4222. {
4223. "name": "SHGetFileInfoA",
4224. "address": "0x4d18dc"
4225. },
4226. {
4227. "name": "ExtractIconA",
4228. "address": "0x4d18e0"
4229. }
4230. ],
4231. "dll": "shell32.dll"
4232. },
4233. {
4234. "imports": [
4235. {
4236. "name": "SHChangeNotify",
4237. "address": "0x4d18e8"
4238. },
4239. {
4240. "name": "SHBrowseForFolder",
4241. "address": "0x4d18ec"
4242. },
4243. {
4244. "name": "SHGetPathFromIDList",
4245. "address": "0x4d18f0"
4246. },
4247. {
4248. "name": "SHGetMalloc",
4249. "address": "0x4d18f4"
4250. }
4251. ],
4252. "dll": "shell32.dll"
4253. },
4254. {
4255. "imports": [
4256. {
4257. "name": "CoDisconnectObject",
4258. "address": "0x4d18fc"
4259. }
4260. ],
4261. "dll": "ole32.dll"
4262. },
4263. {
4264. "imports": [
4265. {
4266. "name": "AdjustTokenPrivileges",
4267. "address": "0x4d1904"
4268. }
4269. ],
4270. "dll": "advapi32.dll"
4271. }
4272. ],
4273. "digital_signers": null,
4274. "exported_dll_name": null,
4275. "actual_checksum": "0x000e1cac",
4276. "overlay": null,
4277. "imagebase": "0x00400000",
4278. "reported_checksum": "0x00000000",
4279. "icon_hash": null,
4280. "entrypoint": "0x004cbf10",
4281. "timestamp": "1992-06-19 22:22:17",
4282. "osversion": "1.0",
4283. "sections": [
4284. {
4285. "name": "CODE",
4286. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4287. "virtual_address": "0x00001000",
4288. "size_of_data": "0x000cb200",
4289. "entropy": "6.55",
4290. "raw_address": "0x00000400",
4291. "virtual_size": "0x000cb180",
4292. "characteristics_raw": "0x60000020"
4293. },
4294. {
4295. "name": "DATA",
4296. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4297. "virtual_address": "0x000cd000",
4298. "size_of_data": "0x00001400",
4299. "entropy": "4.28",
4300. "raw_address": "0x000cb600",
4301. "virtual_size": "0x0000138c",
4302. "characteristics_raw": "0xc0000040"
4303. },
4304. {
4305. "name": "BSS",
4306. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4307. "virtual_address": "0x000cf000",
4308. "size_of_data": "0x00000000",
4309. "entropy": "0.00",
4310. "raw_address": "0x000cca00",
4311. "virtual_size": "0x000015a4",
4312. "characteristics_raw": "0xc0000000"
4313. },
4314. {
4315. "name": ".idata",
4316. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4317. "virtual_address": "0x000d1000",
4318. "size_of_data": "0x00002a00",
4319. "entropy": "5.02",
4320. "raw_address": "0x000cca00",
4321. "virtual_size": "0x0000293a",
4322. "characteristics_raw": "0xc0000040"
4323. },
4324. {
4325. "name": ".tls",
4326. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4327. "virtual_address": "0x000d4000",
4328. "size_of_data": "0x00000000",
4329. "entropy": "0.00",
4330. "raw_address": "0x000cf400",
4331. "virtual_size": "0x00000008",
4332. "characteristics_raw": "0xc0000000"
4333. },
4334. {
4335. "name": ".rdata",
4336. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4337. "virtual_address": "0x000d5000",
4338. "size_of_data": "0x00000200",
4339. "entropy": "0.21",
4340. "raw_address": "0x000cf400",
4341. "virtual_size": "0x00000018",
4342. "characteristics_raw": "0x50000040"
4343. },
4344. {
4345. "name": ".reloc",
4346. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4347. "virtual_address": "0x000d6000",
4348. "size_of_data": "0x00000000",
4349. "entropy": "0.00",
4350. "raw_address": "0x000cf600",
4351. "virtual_size": "0x0000bd9c",
4352. "characteristics_raw": "0x50000040"
4353. },
4354. {
4355. "name": ".rsrc",
4356. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4357. "virtual_address": "0x000e2000",
4358. "size_of_data": "0x00011c00",
4359. "entropy": "4.96",
4360. "raw_address": "0x000cf600",
4361. "virtual_size": "0x00011c00",
4362. "characteristics_raw": "0x50000040"
4363. }
4364. ],
4365. "resources": [],
4366. "dirents": [
4367. {
4368. "virtual_address": "0x00000000",
4369. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
4370. "size": "0x00000000"
4371. },
4372. {
4373. "virtual_address": "0x000d1000",
4374. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
4375. "size": "0x0000293a"
4376. },
4377. {
4378. "virtual_address": "0x000e2000",
4379. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
4380. "size": "0x00011c00"
4381. },
4382. {
4383. "virtual_address": "0x00000000",
4384. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
4385. "size": "0x00000000"
4386. },
4387. {
4388. "virtual_address": "0x00000000",
4389. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
4390. "size": "0x00000000"
4391. },
4392. {
4393. "virtual_address": "0x00000000",
4394. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
4395. "size": "0x00000000"
4396. },
4397. {
4398. "virtual_address": "0x00000000",
4399. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
4400. "size": "0x00000000"
4401. },
4402. {
4403. "virtual_address": "0x00000000",
4404. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
4405. "size": "0x00000000"
4406. },
4407. {
4408. "virtual_address": "0x00000000",
4409. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
4410. "size": "0x00000000"
4411. },
4412. {
4413. "virtual_address": "0x000d5000",
4414. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
4415. "size": "0x00000018"
4416. },
4417. {
4418. "virtual_address": "0x00000000",
4419. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
4420. "size": "0x00000000"
4421. },
4422. {
4423. "virtual_address": "0x00000000",
4424. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
4425. "size": "0x00000000"
4426. },
4427. {
4428. "virtual_address": "0x00000000",
4429. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
4430. "size": "0x00000000"
4431. },
4432. {
4433. "virtual_address": "0x00000000",
4434. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
4435. "size": "0x00000000"
4436. },
4437. {
4438. "virtual_address": "0x00000000",
4439. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
4440. "size": "0x00000000"
4441. },
4442. {
4443. "virtual_address": "0x00000000",
4444. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
4445. "size": "0x00000000"
4446. }
4447. ],
4448. "exports": [],
4449. "guest_signers": {},
4450. "imphash": "a2449d4160b59e7f523a1790ed0ed3a0",
4451. "icon_fuzzy": null,
4452. "icon": null,
4453. "pdbpath": null,
4454. "imported_dll_count": 18,
4455. "versioninfo": []
4456. }
4457. }