Exes_b05ea0633749a5bc0fbcb86b77415636_exe_2019-06-25_12_30.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_b05ea0633749a5bc0fbcb86b77415636.exe"
7. [*] File Size: 808960
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "bc796cf61eeaef099ee0f0c39dfe424a5de434154119942026f8087f49db01ce"
10. [*] MD5: "b05ea0633749a5bc0fbcb86b77415636"
11. [*] SHA1: "cdeb446229da9edf34083d1e491f43666f319866"
12. [*] SHA512: "0584c7011166073c6d09672e9eb6bb104c0f09523018f161e4ffa7644638cb6ea6dbdeb7e314bbe72f0f679e4fbd9f17e850b0ebaaa52624537064b3edb7914e"
13. [*] CRC32: "13F0236D"
14. [*] SSDEEP: "12288:fW50knyY/wwcgfjnb1RxPU9WFVyHAEteEEVj05NF9Wq1zfSmdMinfU7D:OSkj/wcDbvxYEul8vj05b9Wqxd/fA"
15.  
16. [*] Process Execution: [
17. "Exes_b05ea0633749a5bc0fbcb86b77415636.exe",
18. "Exes_b05ea0633749a5bc0fbcb86b77415636.exe",
19. "svchost.exe",
20. "WmiPrvSE.exe",
21. "svchost.exe"
22. ]
23.  
24. [*] Signatures Detected: [
25. {
26. "Description": "Creates RWX memory",
27. "Details": []
28. },
29. {
30. "Description": "A process attempted to delay the analysis task.",
31. "Details": [
32. {
33. "Process": "Exes_b05ea0633749a5bc0fbcb86b77415636.exe tried to sleep 599 seconds, actually delayed analysis time by 0 seconds"
34. },
35. {
36. "Process": "WmiPrvSE.exe tried to sleep 301 seconds, actually delayed analysis time by 0 seconds"
37. }
38. ]
39. },
40. {
41. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
42. "Details": [
43. {
44. "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
45. },
46. {
47. "suspicious_request": "http://checkip.amazonaws.com/"
48. }
49. ]
50. },
51. {
52. "Description": "Performs some HTTP requests",
53. "Details": [
54. {
55. "url": "http://checkip.amazonaws.com/"
56. }
57. ]
58. },
59. {
60. "Description": "The binary likely contains encrypted or compressed data.",
61. "Details": [
62. {
63. "section": "name: .rsrc, entropy: 7.21, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x00052800, virtual_size: 0x000527e4"
64. }
65. ]
66. },
67. {
68. "Description": "Executed a process and injected code into it, probably while unpacking",
69. "Details": [
70. {
71. "Injection": "Exes_b05ea0633749a5bc0fbcb86b77415636.exe(3064) -> Exes_b05ea0633749a5bc0fbcb86b77415636.exe(2568)"
72. }
73. ]
74. },
75. {
76. "Description": "Steals private information from local Internet browsers",
77. "Details": [
78. {
79. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
80. }
81. ]
82. },
83. {
84. "Description": "Retrieves Windows ProductID, probably to fingerprint the sandbox",
85. "Details": []
86. },
87. {
88. "Description": "Checks the version of Bios, possibly for anti-virtualization",
89. "Details": []
90. },
91. {
92. "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
93. "Details": []
94. },
95. {
96. "Description": "Harvests credentials from local FTP client softwares",
97. "Details": [
98. {
99. "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
100. },
101. {
102. "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\"
103. },
104. {
105. "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml"
106. },
107. {
108. "file": "C:\\Users\\user\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini"
109. },
110. {
111. "file": "C:\\cftp\\Ftplist.txt"
112. },
113. {
114. "key": "HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites"
115. }
116. ]
117. },
118. {
119. "Description": "Harvests information related to installed mail clients",
120. "Details": [
121. {
122. "file": "C:\\Users\\user\\AppData\\Roaming\\Thunderbird\\profiles.ini"
123. },
124. {
125. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676"
126. },
127. {
128. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
129. },
130. {
131. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\SMTP Password"
132. },
133. {
134. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
135. },
136. {
137. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\HTTP Password"
138. },
139. {
140. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
141. },
142. {
143. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\HTTP Password"
144. },
145. {
146. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
147. },
148. {
149. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\POP3 Password"
150. },
151. {
152. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
153. },
154. {
155. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\SMTP Password"
156. },
157. {
158. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\IMAP Password"
159. },
160. {
161. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
162. },
163. {
164. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\IMAP Password"
165. },
166. {
167. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\POP3 Password"
168. },
169. {
170. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
171. }
172. ]
173. },
174. {
175. "Description": "Collects information to fingerprint the system",
176. "Details": []
177. },
178. {
179. "Description": "Anomalous binary characteristics",
180. "Details": [
181. {
182. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
183. }
184. ]
185. }
186. ]
187.  
188. [*] Started Service: []
189.  
190. [*] Executed Commands: [
191. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_b05ea0633749a5bc0fbcb86b77415636.exe\"",
192. "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
193. ]
194.  
195. [*] Mutexes: [
196. "Global\\CLR_CASOFF_MUTEX",
197. "Local\\_!MSFTHISTORY!_",
198. "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
199. "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
200. "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
201. "Global\\.net clr networking"
202. ]
203.  
204. [*] Modified Files: [
205. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
206. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
207. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
208. "\\??\\PIPE\\samr",
209. "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
210. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
211. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
212. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
213. "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
214. "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
215. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
216. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
217. "\\??\\WMIDataDevice",
218. "\\??\\PIPE\\wkssvc",
219. "\\??\\PIPE\\srvsvc",
220. "\\??\\PHYSICALDRIVE0",
221. "\\??\\CDROM0",
222. "\\??\\PIPE\\lsarpc"
223. ]
224.  
225. [*] Deleted Files: []
226.  
227. [*] Modified Registry Keys: [
228. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\Exes_b05ea0633749a5bc0fbcb86b77415636_RASAPI32",
229. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b05ea0633749a5bc0fbcb86b77415636_RASAPI32\\EnableFileTracing",
230. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b05ea0633749a5bc0fbcb86b77415636_RASAPI32\\EnableConsoleTracing",
231. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b05ea0633749a5bc0fbcb86b77415636_RASAPI32\\FileTracingMask",
232. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b05ea0633749a5bc0fbcb86b77415636_RASAPI32\\ConsoleTracingMask",
233. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b05ea0633749a5bc0fbcb86b77415636_RASAPI32\\MaxFileSize",
234. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b05ea0633749a5bc0fbcb86b77415636_RASAPI32\\FileDirectory",
235. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
236. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
237. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
238. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
239. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
240. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
241. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
242. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider"
243. ]
244.  
245. [*] Deleted Registry Keys: []
246.  
247. [*] DNS Communications: [
248. {
249. "type": "A",
250. "request": "checkip.amazonaws.com",
251. "answers": [
252. {
253. "data": "52.206.161.133",
254. "type": "A"
255. },
256. {
257. "data": "52.200.125.74",
258. "type": "A"
259. },
260. {
261. "data": "checkip.check-ip.aws.a2z.com",
262. "type": "CNAME"
263. },
264. {
265. "data": "52.6.79.229",
266. "type": "A"
267. },
268. {
269. "data": "checkip.us-east-1.prod.check-ip.aws.a2z.com",
270. "type": "CNAME"
271. },
272. {
273. "data": "34.233.102.38",
274. "type": "A"
275. },
276. {
277. "data": "52.202.139.131",
278. "type": "A"
279. },
280. {
281. "data": "18.211.215.84",
282. "type": "A"
283. }
284. ]
285. }
286. ]
287.  
288. [*] Domains: [
289. {
290. "ip": "52.6.79.229",
291. "domain": "checkip.amazonaws.com"
292. }
293. ]
294.  
295. [*] Network Communication - ICMP: []
296.  
297. [*] Network Communication - HTTP: [
298. {
299. "count": 1,
300. "body": "",
301. "uri": "http://checkip.amazonaws.com/",
302. "user-agent": "",
303. "method": "GET",
304. "host": "checkip.amazonaws.com",
305. "version": "1.1",
306. "path": "/",
307. "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\nConnection: Keep-Alive\r\n\r\n",
308. "port": 80
309. },
310. {
311. "count": 1,
312. "body": "",
313. "uri": "http://checkip.amazonaws.com/",
314. "user-agent": "",
315. "method": "GET",
316. "host": "checkip.amazonaws.com",
317. "version": "1.1",
318. "path": "/",
319. "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\n\r\n",
320. "port": 80
321. }
322. ]
323.  
324. [*] Network Communication - SMTP: []
325.  
326. [*] Network Communication - Hosts: []
327.  
328. [*] Network Communication - IRC: []
329.  
330. [*] Static Analysis: {
331. "pe": {
332. "peid_signatures": null,
333. "imports": [
334. {
335. "imports": [
336. {
337. "name": "DeleteCriticalSection",
338. "address": "0x46c168"
339. },
340. {
341. "name": "LeaveCriticalSection",
342. "address": "0x46c16c"
343. },
344. {
345. "name": "EnterCriticalSection",
346. "address": "0x46c170"
347. },
348. {
349. "name": "InitializeCriticalSection",
350. "address": "0x46c174"
351. },
352. {
353. "name": "VirtualFree",
354. "address": "0x46c178"
355. },
356. {
357. "name": "VirtualAlloc",
358. "address": "0x46c17c"
359. },
360. {
361. "name": "LocalFree",
362. "address": "0x46c180"
363. },
364. {
365. "name": "LocalAlloc",
366. "address": "0x46c184"
367. },
368. {
369. "name": "GetVersion",
370. "address": "0x46c188"
371. },
372. {
373. "name": "GetCurrentThreadId",
374. "address": "0x46c18c"
375. },
376. {
377. "name": "InterlockedDecrement",
378. "address": "0x46c190"
379. },
380. {
381. "name": "InterlockedIncrement",
382. "address": "0x46c194"
383. },
384. {
385. "name": "VirtualQuery",
386. "address": "0x46c198"
387. },
388. {
389. "name": "WideCharToMultiByte",
390. "address": "0x46c19c"
391. },
392. {
393. "name": "MultiByteToWideChar",
394. "address": "0x46c1a0"
395. },
396. {
397. "name": "lstrlenA",
398. "address": "0x46c1a4"
399. },
400. {
401. "name": "lstrcpynA",
402. "address": "0x46c1a8"
403. },
404. {
405. "name": "LoadLibraryExA",
406. "address": "0x46c1ac"
407. },
408. {
409. "name": "GetThreadLocale",
410. "address": "0x46c1b0"
411. },
412. {
413. "name": "GetStartupInfoA",
414. "address": "0x46c1b4"
415. },
416. {
417. "name": "GetProcAddress",
418. "address": "0x46c1b8"
419. },
420. {
421. "name": "GetModuleHandleA",
422. "address": "0x46c1bc"
423. },
424. {
425. "name": "GetModuleFileNameA",
426. "address": "0x46c1c0"
427. },
428. {
429. "name": "GetLocaleInfoA",
430. "address": "0x46c1c4"
431. },
432. {
433. "name": "GetCommandLineA",
434. "address": "0x46c1c8"
435. },
436. {
437. "name": "FreeLibrary",
438. "address": "0x46c1cc"
439. },
440. {
441. "name": "FindFirstFileA",
442. "address": "0x46c1d0"
443. },
444. {
445. "name": "FindClose",
446. "address": "0x46c1d4"
447. },
448. {
449. "name": "ExitProcess",
450. "address": "0x46c1d8"
451. },
452. {
453. "name": "WriteFile",
454. "address": "0x46c1dc"
455. },
456. {
457. "name": "UnhandledExceptionFilter",
458. "address": "0x46c1e0"
459. },
460. {
461. "name": "RtlUnwind",
462. "address": "0x46c1e4"
463. },
464. {
465. "name": "RaiseException",
466. "address": "0x46c1e8"
467. },
468. {
469. "name": "GetStdHandle",
470. "address": "0x46c1ec"
471. }
472. ],
473. "dll": "kernel32.dll"
474. },
475. {
476. "imports": [
477. {
478. "name": "GetKeyboardType",
479. "address": "0x46c1f4"
480. },
481. {
482. "name": "LoadStringA",
483. "address": "0x46c1f8"
484. },
485. {
486. "name": "MessageBoxA",
487. "address": "0x46c1fc"
488. },
489. {
490. "name": "CharNextA",
491. "address": "0x46c200"
492. }
493. ],
494. "dll": "user32.dll"
495. },
496. {
497. "imports": [
498. {
499. "name": "RegQueryValueExA",
500. "address": "0x46c208"
501. },
502. {
503. "name": "RegOpenKeyExA",
504. "address": "0x46c20c"
505. },
506. {
507. "name": "RegCloseKey",
508. "address": "0x46c210"
509. }
510. ],
511. "dll": "advapi32.dll"
512. },
513. {
514. "imports": [
515. {
516. "name": "SysFreeString",
517. "address": "0x46c218"
518. },
519. {
520. "name": "SysReAllocStringLen",
521. "address": "0x46c21c"
522. },
523. {
524. "name": "SysAllocStringLen",
525. "address": "0x46c220"
526. }
527. ],
528. "dll": "oleaut32.dll"
529. },
530. {
531. "imports": [
532. {
533. "name": "TlsSetValue",
534. "address": "0x46c228"
535. },
536. {
537. "name": "TlsGetValue",
538. "address": "0x46c22c"
539. },
540. {
541. "name": "LocalAlloc",
542. "address": "0x46c230"
543. },
544. {
545. "name": "GetModuleHandleA",
546. "address": "0x46c234"
547. }
548. ],
549. "dll": "kernel32.dll"
550. },
551. {
552. "imports": [
553. {
554. "name": "RegQueryValueExA",
555. "address": "0x46c23c"
556. },
557. {
558. "name": "RegOpenKeyExA",
559. "address": "0x46c240"
560. },
561. {
562. "name": "RegCloseKey",
563. "address": "0x46c244"
564. }
565. ],
566. "dll": "advapi32.dll"
567. },
568. {
569. "imports": [
570. {
571. "name": "lstrcpyA",
572. "address": "0x46c24c"
573. },
574. {
575. "name": "WriteFile",
576. "address": "0x46c250"
577. },
578. {
579. "name": "WaitForSingleObject",
580. "address": "0x46c254"
581. },
582. {
583. "name": "VirtualQuery",
584. "address": "0x46c258"
585. },
586. {
587. "name": "VirtualAlloc",
588. "address": "0x46c25c"
589. },
590. {
591. "name": "Sleep",
592. "address": "0x46c260"
593. },
594. {
595. "name": "SizeofResource",
596. "address": "0x46c264"
597. },
598. {
599. "name": "SetThreadLocale",
600. "address": "0x46c268"
601. },
602. {
603. "name": "SetFilePointer",
604. "address": "0x46c26c"
605. },
606. {
607. "name": "SetEvent",
608. "address": "0x46c270"
609. },
610. {
611. "name": "SetErrorMode",
612. "address": "0x46c274"
613. },
614. {
615. "name": "SetEndOfFile",
616. "address": "0x46c278"
617. },
618. {
619. "name": "ResetEvent",
620. "address": "0x46c27c"
621. },
622. {
623. "name": "ReadFile",
624. "address": "0x46c280"
625. },
626. {
627. "name": "MultiByteToWideChar",
628. "address": "0x46c284"
629. },
630. {
631. "name": "MulDiv",
632. "address": "0x46c288"
633. },
634. {
635. "name": "LockResource",
636. "address": "0x46c28c"
637. },
638. {
639. "name": "LoadResource",
640. "address": "0x46c290"
641. },
642. {
643. "name": "LoadLibraryA",
644. "address": "0x46c294"
645. },
646. {
647. "name": "LeaveCriticalSection",
648. "address": "0x46c298"
649. },
650. {
651. "name": "InitializeCriticalSection",
652. "address": "0x46c29c"
653. },
654. {
655. "name": "GlobalUnlock",
656. "address": "0x46c2a0"
657. },
658. {
659. "name": "GlobalSize",
660. "address": "0x46c2a4"
661. },
662. {
663. "name": "GlobalReAlloc",
664. "address": "0x46c2a8"
665. },
666. {
667. "name": "GlobalHandle",
668. "address": "0x46c2ac"
669. },
670. {
671. "name": "GlobalLock",
672. "address": "0x46c2b0"
673. },
674. {
675. "name": "GlobalFree",
676. "address": "0x46c2b4"
677. },
678. {
679. "name": "GlobalFindAtomA",
680. "address": "0x46c2b8"
681. },
682. {
683. "name": "GlobalDeleteAtom",
684. "address": "0x46c2bc"
685. },
686. {
687. "name": "GlobalAlloc",
688. "address": "0x46c2c0"
689. },
690. {
691. "name": "GlobalAddAtomA",
692. "address": "0x46c2c4"
693. },
694. {
695. "name": "GetVersionExA",
696. "address": "0x46c2c8"
697. },
698. {
699. "name": "GetVersion",
700. "address": "0x46c2cc"
701. },
702. {
703. "name": "GetUserDefaultLCID",
704. "address": "0x46c2d0"
705. },
706. {
707. "name": "GetTickCount",
708. "address": "0x46c2d4"
709. },
710. {
711. "name": "GetThreadLocale",
712. "address": "0x46c2d8"
713. },
714. {
715. "name": "GetSystemInfo",
716. "address": "0x46c2dc"
717. },
718. {
719. "name": "GetStringTypeExA",
720. "address": "0x46c2e0"
721. },
722. {
723. "name": "GetStdHandle",
724. "address": "0x46c2e4"
725. },
726. {
727. "name": "GetProfileStringA",
728. "address": "0x46c2e8"
729. },
730. {
731. "name": "GetProcAddress",
732. "address": "0x46c2ec"
733. },
734. {
735. "name": "GetModuleHandleA",
736. "address": "0x46c2f0"
737. },
738. {
739. "name": "GetModuleFileNameA",
740. "address": "0x46c2f4"
741. },
742. {
743. "name": "GetLocaleInfoA",
744. "address": "0x46c2f8"
745. },
746. {
747. "name": "GetLocalTime",
748. "address": "0x46c2fc"
749. },
750. {
751. "name": "GetLastError",
752. "address": "0x46c300"
753. },
754. {
755. "name": "GetFullPathNameA",
756. "address": "0x46c304"
757. },
758. {
759. "name": "GetDiskFreeSpaceA",
760. "address": "0x46c308"
761. },
762. {
763. "name": "GetDateFormatA",
764. "address": "0x46c30c"
765. },
766. {
767. "name": "GetCurrentThreadId",
768. "address": "0x46c310"
769. },
770. {
771. "name": "GetCurrentProcessId",
772. "address": "0x46c314"
773. },
774. {
775. "name": "GetComputerNameA",
776. "address": "0x46c318"
777. },
778. {
779. "name": "GetCPInfo",
780. "address": "0x46c31c"
781. },
782. {
783. "name": "GetACP",
784. "address": "0x46c320"
785. },
786. {
787. "name": "FreeResource",
788. "address": "0x46c324"
789. },
790. {
791. "name": "InterlockedExchange",
792. "address": "0x46c328"
793. },
794. {
795. "name": "FreeLibrary",
796. "address": "0x46c32c"
797. },
798. {
799. "name": "FormatMessageA",
800. "address": "0x46c330"
801. },
802. {
803. "name": "FindResourceA",
804. "address": "0x46c334"
805. },
806. {
807. "name": "EnumCalendarInfoA",
808. "address": "0x46c338"
809. },
810. {
811. "name": "EnterCriticalSection",
812. "address": "0x46c33c"
813. },
814. {
815. "name": "DeleteCriticalSection",
816. "address": "0x46c340"
817. },
818. {
819. "name": "CreateThread",
820. "address": "0x46c344"
821. },
822. {
823. "name": "CreateFileA",
824. "address": "0x46c348"
825. },
826. {
827. "name": "CreateEventA",
828. "address": "0x46c34c"
829. },
830. {
831. "name": "CompareStringA",
832. "address": "0x46c350"
833. },
834. {
835. "name": "CloseHandle",
836. "address": "0x46c354"
837. }
838. ],
839. "dll": "kernel32.dll"
840. },
841. {
842. "imports": [
843. {
844. "name": "VerQueryValueA",
845. "address": "0x46c35c"
846. },
847. {
848. "name": "GetFileVersionInfoSizeA",
849. "address": "0x46c360"
850. },
851. {
852. "name": "GetFileVersionInfoA",
853. "address": "0x46c364"
854. }
855. ],
856. "dll": "version.dll"
857. },
858. {
859. "imports": [
860. {
861. "name": "UnrealizeObject",
862. "address": "0x46c36c"
863. },
864. {
865. "name": "StretchBlt",
866. "address": "0x46c370"
867. },
868. {
869. "name": "SetWindowOrgEx",
870. "address": "0x46c374"
871. },
872. {
873. "name": "SetWinMetaFileBits",
874. "address": "0x46c378"
875. },
876. {
877. "name": "SetViewportOrgEx",
878. "address": "0x46c37c"
879. },
880. {
881. "name": "SetTextColor",
882. "address": "0x46c380"
883. },
884. {
885. "name": "SetStretchBltMode",
886. "address": "0x46c384"
887. },
888. {
889. "name": "SetROP2",
890. "address": "0x46c388"
891. },
892. {
893. "name": "SetPixel",
894. "address": "0x46c38c"
895. },
896. {
897. "name": "SetMapMode",
898. "address": "0x46c390"
899. },
900. {
901. "name": "SetEnhMetaFileBits",
902. "address": "0x46c394"
903. },
904. {
905. "name": "SetDIBColorTable",
906. "address": "0x46c398"
907. },
908. {
909. "name": "SetBrushOrgEx",
910. "address": "0x46c39c"
911. },
912. {
913. "name": "SetBkMode",
914. "address": "0x46c3a0"
915. },
916. {
917. "name": "SetBkColor",
918. "address": "0x46c3a4"
919. },
920. {
921. "name": "SelectPalette",
922. "address": "0x46c3a8"
923. },
924. {
925. "name": "SelectObject",
926. "address": "0x46c3ac"
927. },
928. {
929. "name": "SelectClipRgn",
930. "address": "0x46c3b0"
931. },
932. {
933. "name": "ScaleWindowExtEx",
934. "address": "0x46c3b4"
935. },
936. {
937. "name": "SaveDC",
938. "address": "0x46c3b8"
939. },
940. {
941. "name": "RestoreDC",
942. "address": "0x46c3bc"
943. },
944. {
945. "name": "Rectangle",
946. "address": "0x46c3c0"
947. },
948. {
949. "name": "RectVisible",
950. "address": "0x46c3c4"
951. },
952. {
953. "name": "RealizePalette",
954. "address": "0x46c3c8"
955. },
956. {
957. "name": "PlayEnhMetaFile",
958. "address": "0x46c3cc"
959. },
960. {
961. "name": "PatBlt",
962. "address": "0x46c3d0"
963. },
964. {
965. "name": "MoveToEx",
966. "address": "0x46c3d4"
967. },
968. {
969. "name": "MaskBlt",
970. "address": "0x46c3d8"
971. },
972. {
973. "name": "LineTo",
974. "address": "0x46c3dc"
975. },
976. {
977. "name": "LPtoDP",
978. "address": "0x46c3e0"
979. },
980. {
981. "name": "IntersectClipRect",
982. "address": "0x46c3e4"
983. },
984. {
985. "name": "GetWindowOrgEx",
986. "address": "0x46c3e8"
987. },
988. {
989. "name": "GetWinMetaFileBits",
990. "address": "0x46c3ec"
991. },
992. {
993. "name": "GetTextMetricsA",
994. "address": "0x46c3f0"
995. },
996. {
997. "name": "GetTextExtentPoint32A",
998. "address": "0x46c3f4"
999. },
1000. {
1001. "name": "GetSystemPaletteEntries",
1002. "address": "0x46c3f8"
1003. },
1004. {
1005. "name": "GetStockObject",
1006. "address": "0x46c3fc"
1007. },
1008. {
1009. "name": "GetPixel",
1010. "address": "0x46c400"
1011. },
1012. {
1013. "name": "GetPaletteEntries",
1014. "address": "0x46c404"
1015. },
1016. {
1017. "name": "GetObjectA",
1018. "address": "0x46c408"
1019. },
1020. {
1021. "name": "GetEnhMetaFilePaletteEntries",
1022. "address": "0x46c40c"
1023. },
1024. {
1025. "name": "GetEnhMetaFileHeader",
1026. "address": "0x46c410"
1027. },
1028. {
1029. "name": "GetEnhMetaFileDescriptionA",
1030. "address": "0x46c414"
1031. },
1032. {
1033. "name": "GetEnhMetaFileBits",
1034. "address": "0x46c418"
1035. },
1036. {
1037. "name": "GetDeviceCaps",
1038. "address": "0x46c41c"
1039. },
1040. {
1041. "name": "GetDIBits",
1042. "address": "0x46c420"
1043. },
1044. {
1045. "name": "GetDIBColorTable",
1046. "address": "0x46c424"
1047. },
1048. {
1049. "name": "GetDCOrgEx",
1050. "address": "0x46c428"
1051. },
1052. {
1053. "name": "GetCurrentPositionEx",
1054. "address": "0x46c42c"
1055. },
1056. {
1057. "name": "GetClipRgn",
1058. "address": "0x46c430"
1059. },
1060. {
1061. "name": "GetClipBox",
1062. "address": "0x46c434"
1063. },
1064. {
1065. "name": "GetBrushOrgEx",
1066. "address": "0x46c438"
1067. },
1068. {
1069. "name": "GetBitmapBits",
1070. "address": "0x46c43c"
1071. },
1072. {
1073. "name": "ExcludeClipRect",
1074. "address": "0x46c440"
1075. },
1076. {
1077. "name": "EndPage",
1078. "address": "0x46c444"
1079. },
1080. {
1081. "name": "EndDoc",
1082. "address": "0x46c448"
1083. },
1084. {
1085. "name": "DeleteObject",
1086. "address": "0x46c44c"
1087. },
1088. {
1089. "name": "DeleteEnhMetaFile",
1090. "address": "0x46c450"
1091. },
1092. {
1093. "name": "DeleteDC",
1094. "address": "0x46c454"
1095. },
1096. {
1097. "name": "CreateSolidBrush",
1098. "address": "0x46c458"
1099. },
1100. {
1101. "name": "CreateRectRgn",
1102. "address": "0x46c45c"
1103. },
1104. {
1105. "name": "CreatePenIndirect",
1106. "address": "0x46c460"
1107. },
1108. {
1109. "name": "CreatePalette",
1110. "address": "0x46c464"
1111. },
1112. {
1113. "name": "CreateICA",
1114. "address": "0x46c468"
1115. },
1116. {
1117. "name": "CreateHalftonePalette",
1118. "address": "0x46c46c"
1119. },
1120. {
1121. "name": "CreateFontIndirectA",
1122. "address": "0x46c470"
1123. },
1124. {
1125. "name": "CreateEnhMetaFileA",
1126. "address": "0x46c474"
1127. },
1128. {
1129. "name": "CreateDIBitmap",
1130. "address": "0x46c478"
1131. },
1132. {
1133. "name": "CreateDIBSection",
1134. "address": "0x46c47c"
1135. },
1136. {
1137. "name": "CreateDCA",
1138. "address": "0x46c480"
1139. },
1140. {
1141. "name": "CreateCompatibleDC",
1142. "address": "0x46c484"
1143. },
1144. {
1145. "name": "CreateCompatibleBitmap",
1146. "address": "0x46c488"
1147. },
1148. {
1149. "name": "CreateBrushIndirect",
1150. "address": "0x46c48c"
1151. },
1152. {
1153. "name": "CreateBitmap",
1154. "address": "0x46c490"
1155. },
1156. {
1157. "name": "CopyEnhMetaFileA",
1158. "address": "0x46c494"
1159. },
1160. {
1161. "name": "CloseEnhMetaFile",
1162. "address": "0x46c498"
1163. },
1164. {
1165. "name": "BitBlt",
1166. "address": "0x46c49c"
1167. }
1168. ],
1169. "dll": "gdi32.dll"
1170. },
1171. {
1172. "imports": [
1173. {
1174. "name": "CreateWindowExA",
1175. "address": "0x46c4a4"
1176. },
1177. {
1178. "name": "WindowFromPoint",
1179. "address": "0x46c4a8"
1180. },
1181. {
1182. "name": "WinHelpA",
1183. "address": "0x46c4ac"
1184. },
1185. {
1186. "name": "WaitMessage",
1187. "address": "0x46c4b0"
1188. },
1189. {
1190. "name": "UpdateWindow",
1191. "address": "0x46c4b4"
1192. },
1193. {
1194. "name": "UnregisterClassA",
1195. "address": "0x46c4b8"
1196. },
1197. {
1198. "name": "UnhookWindowsHookEx",
1199. "address": "0x46c4bc"
1200. },
1201. {
1202. "name": "TranslateMessage",
1203. "address": "0x46c4c0"
1204. },
1205. {
1206. "name": "TranslateMDISysAccel",
1207. "address": "0x46c4c4"
1208. },
1209. {
1210. "name": "TrackPopupMenu",
1211. "address": "0x46c4c8"
1212. },
1213. {
1214. "name": "SystemParametersInfoA",
1215. "address": "0x46c4cc"
1216. },
1217. {
1218. "name": "ShowWindow",
1219. "address": "0x46c4d0"
1220. },
1221. {
1222. "name": "ShowScrollBar",
1223. "address": "0x46c4d4"
1224. },
1225. {
1226. "name": "ShowOwnedPopups",
1227. "address": "0x46c4d8"
1228. },
1229. {
1230. "name": "ShowCursor",
1231. "address": "0x46c4dc"
1232. },
1233. {
1234. "name": "SetWindowsHookExA",
1235. "address": "0x46c4e0"
1236. },
1237. {
1238. "name": "SetWindowPos",
1239. "address": "0x46c4e4"
1240. },
1241. {
1242. "name": "SetWindowPlacement",
1243. "address": "0x46c4e8"
1244. },
1245. {
1246. "name": "SetWindowLongA",
1247. "address": "0x46c4ec"
1248. },
1249. {
1250. "name": "SetTimer",
1251. "address": "0x46c4f0"
1252. },
1253. {
1254. "name": "SetScrollRange",
1255. "address": "0x46c4f4"
1256. },
1257. {
1258. "name": "SetScrollPos",
1259. "address": "0x46c4f8"
1260. },
1261. {
1262. "name": "SetScrollInfo",
1263. "address": "0x46c4fc"
1264. },
1265. {
1266. "name": "SetRect",
1267. "address": "0x46c500"
1268. },
1269. {
1270. "name": "SetPropA",
1271. "address": "0x46c504"
1272. },
1273. {
1274. "name": "SetParent",
1275. "address": "0x46c508"
1276. },
1277. {
1278. "name": "SetMenuItemInfoA",
1279. "address": "0x46c50c"
1280. },
1281. {
1282. "name": "SetMenu",
1283. "address": "0x46c510"
1284. },
1285. {
1286. "name": "SetForegroundWindow",
1287. "address": "0x46c514"
1288. },
1289. {
1290. "name": "SetFocus",
1291. "address": "0x46c518"
1292. },
1293. {
1294. "name": "SetCursor",
1295. "address": "0x46c51c"
1296. },
1297. {
1298. "name": "SetClassLongA",
1299. "address": "0x46c520"
1300. },
1301. {
1302. "name": "SetCapture",
1303. "address": "0x46c524"
1304. },
1305. {
1306. "name": "SetActiveWindow",
1307. "address": "0x46c528"
1308. },
1309. {
1310. "name": "SendMessageA",
1311. "address": "0x46c52c"
1312. },
1313. {
1314. "name": "ScrollWindow",
1315. "address": "0x46c530"
1316. },
1317. {
1318. "name": "ScreenToClient",
1319. "address": "0x46c534"
1320. },
1321. {
1322. "name": "RemovePropA",
1323. "address": "0x46c538"
1324. },
1325. {
1326. "name": "RemoveMenu",
1327. "address": "0x46c53c"
1328. },
1329. {
1330. "name": "ReleaseDC",
1331. "address": "0x46c540"
1332. },
1333. {
1334. "name": "ReleaseCapture",
1335. "address": "0x46c544"
1336. },
1337. {
1338. "name": "RegisterWindowMessageA",
1339. "address": "0x46c548"
1340. },
1341. {
1342. "name": "RegisterClipboardFormatA",
1343. "address": "0x46c54c"
1344. },
1345. {
1346. "name": "RegisterClassA",
1347. "address": "0x46c550"
1348. },
1349. {
1350. "name": "RedrawWindow",
1351. "address": "0x46c554"
1352. },
1353. {
1354. "name": "PtInRect",
1355. "address": "0x46c558"
1356. },
1357. {
1358. "name": "PostQuitMessage",
1359. "address": "0x46c55c"
1360. },
1361. {
1362. "name": "PostMessageA",
1363. "address": "0x46c560"
1364. },
1365. {
1366. "name": "PeekMessageA",
1367. "address": "0x46c564"
1368. },
1369. {
1370. "name": "OffsetRect",
1371. "address": "0x46c568"
1372. },
1373. {
1374. "name": "OemToCharA",
1375. "address": "0x46c56c"
1376. },
1377. {
1378. "name": "MessageBoxA",
1379. "address": "0x46c570"
1380. },
1381. {
1382. "name": "MapWindowPoints",
1383. "address": "0x46c574"
1384. },
1385. {
1386. "name": "MapVirtualKeyA",
1387. "address": "0x46c578"
1388. },
1389. {
1390. "name": "LoadStringA",
1391. "address": "0x46c57c"
1392. },
1393. {
1394. "name": "LoadKeyboardLayoutA",
1395. "address": "0x46c580"
1396. },
1397. {
1398. "name": "LoadIconA",
1399. "address": "0x46c584"
1400. },
1401. {
1402. "name": "LoadCursorA",
1403. "address": "0x46c588"
1404. },
1405. {
1406. "name": "LoadBitmapA",
1407. "address": "0x46c58c"
1408. },
1409. {
1410. "name": "KillTimer",
1411. "address": "0x46c590"
1412. },
1413. {
1414. "name": "IsZoomed",
1415. "address": "0x46c594"
1416. },
1417. {
1418. "name": "IsWindowVisible",
1419. "address": "0x46c598"
1420. },
1421. {
1422. "name": "IsWindowEnabled",
1423. "address": "0x46c59c"
1424. },
1425. {
1426. "name": "IsWindow",
1427. "address": "0x46c5a0"
1428. },
1429. {
1430. "name": "IsRectEmpty",
1431. "address": "0x46c5a4"
1432. },
1433. {
1434. "name": "IsIconic",
1435. "address": "0x46c5a8"
1436. },
1437. {
1438. "name": "IsDialogMessageA",
1439. "address": "0x46c5ac"
1440. },
1441. {
1442. "name": "IsChild",
1443. "address": "0x46c5b0"
1444. },
1445. {
1446. "name": "InvalidateRect",
1447. "address": "0x46c5b4"
1448. },
1449. {
1450. "name": "IntersectRect",
1451. "address": "0x46c5b8"
1452. },
1453. {
1454. "name": "InsertMenuItemA",
1455. "address": "0x46c5bc"
1456. },
1457. {
1458. "name": "InsertMenuA",
1459. "address": "0x46c5c0"
1460. },
1461. {
1462. "name": "InflateRect",
1463. "address": "0x46c5c4"
1464. },
1465. {
1466. "name": "GetWindowThreadProcessId",
1467. "address": "0x46c5c8"
1468. },
1469. {
1470. "name": "GetWindowTextA",
1471. "address": "0x46c5cc"
1472. },
1473. {
1474. "name": "GetWindowRect",
1475. "address": "0x46c5d0"
1476. },
1477. {
1478. "name": "GetWindowPlacement",
1479. "address": "0x46c5d4"
1480. },
1481. {
1482. "name": "GetWindowLongA",
1483. "address": "0x46c5d8"
1484. },
1485. {
1486. "name": "GetWindowDC",
1487. "address": "0x46c5dc"
1488. },
1489. {
1490. "name": "GetTopWindow",
1491. "address": "0x46c5e0"
1492. },
1493. {
1494. "name": "GetSystemMetrics",
1495. "address": "0x46c5e4"
1496. },
1497. {
1498. "name": "GetSystemMenu",
1499. "address": "0x46c5e8"
1500. },
1501. {
1502. "name": "GetSysColorBrush",
1503. "address": "0x46c5ec"
1504. },
1505. {
1506. "name": "GetSysColor",
1507. "address": "0x46c5f0"
1508. },
1509. {
1510. "name": "GetSubMenu",
1511. "address": "0x46c5f4"
1512. },
1513. {
1514. "name": "GetScrollRange",
1515. "address": "0x46c5f8"
1516. },
1517. {
1518. "name": "GetScrollPos",
1519. "address": "0x46c5fc"
1520. },
1521. {
1522. "name": "GetScrollInfo",
1523. "address": "0x46c600"
1524. },
1525. {
1526. "name": "GetPropA",
1527. "address": "0x46c604"
1528. },
1529. {
1530. "name": "GetParent",
1531. "address": "0x46c608"
1532. },
1533. {
1534. "name": "GetWindow",
1535. "address": "0x46c60c"
1536. },
1537. {
1538. "name": "GetMessageTime",
1539. "address": "0x46c610"
1540. },
1541. {
1542. "name": "GetMenuStringA",
1543. "address": "0x46c614"
1544. },
1545. {
1546. "name": "GetMenuState",
1547. "address": "0x46c618"
1548. },
1549. {
1550. "name": "GetMenuItemInfoA",
1551. "address": "0x46c61c"
1552. },
1553. {
1554. "name": "GetMenuItemID",
1555. "address": "0x46c620"
1556. },
1557. {
1558. "name": "GetMenuItemCount",
1559. "address": "0x46c624"
1560. },
1561. {
1562. "name": "GetMenu",
1563. "address": "0x46c628"
1564. },
1565. {
1566. "name": "GetLastActivePopup",
1567. "address": "0x46c62c"
1568. },
1569. {
1570. "name": "GetKeyboardState",
1571. "address": "0x46c630"
1572. },
1573. {
1574. "name": "GetKeyboardLayoutList",
1575. "address": "0x46c634"
1576. },
1577. {
1578. "name": "GetKeyboardLayout",
1579. "address": "0x46c638"
1580. },
1581. {
1582. "name": "GetKeyState",
1583. "address": "0x46c63c"
1584. },
1585. {
1586. "name": "GetKeyNameTextA",
1587. "address": "0x46c640"
1588. },
1589. {
1590. "name": "GetIconInfo",
1591. "address": "0x46c644"
1592. },
1593. {
1594. "name": "GetForegroundWindow",
1595. "address": "0x46c648"
1596. },
1597. {
1598. "name": "GetFocus",
1599. "address": "0x46c64c"
1600. },
1601. {
1602. "name": "GetDesktopWindow",
1603. "address": "0x46c650"
1604. },
1605. {
1606. "name": "GetDCEx",
1607. "address": "0x46c654"
1608. },
1609. {
1610. "name": "GetDC",
1611. "address": "0x46c658"
1612. },
1613. {
1614. "name": "GetCursorPos",
1615. "address": "0x46c65c"
1616. },
1617. {
1618. "name": "GetCursor",
1619. "address": "0x46c660"
1620. },
1621. {
1622. "name": "GetClipboardData",
1623. "address": "0x46c664"
1624. },
1625. {
1626. "name": "GetClientRect",
1627. "address": "0x46c668"
1628. },
1629. {
1630. "name": "GetClassNameA",
1631. "address": "0x46c66c"
1632. },
1633. {
1634. "name": "GetClassInfoA",
1635. "address": "0x46c670"
1636. },
1637. {
1638. "name": "GetCapture",
1639. "address": "0x46c674"
1640. },
1641. {
1642. "name": "GetActiveWindow",
1643. "address": "0x46c678"
1644. },
1645. {
1646. "name": "FrameRect",
1647. "address": "0x46c67c"
1648. },
1649. {
1650. "name": "FindWindowA",
1651. "address": "0x46c680"
1652. },
1653. {
1654. "name": "FillRect",
1655. "address": "0x46c684"
1656. },
1657. {
1658. "name": "EqualRect",
1659. "address": "0x46c688"
1660. },
1661. {
1662. "name": "EnumWindows",
1663. "address": "0x46c68c"
1664. },
1665. {
1666. "name": "EnumThreadWindows",
1667. "address": "0x46c690"
1668. },
1669. {
1670. "name": "EndPaint",
1671. "address": "0x46c694"
1672. },
1673. {
1674. "name": "EnableWindow",
1675. "address": "0x46c698"
1676. },
1677. {
1678. "name": "EnableScrollBar",
1679. "address": "0x46c69c"
1680. },
1681. {
1682. "name": "EnableMenuItem",
1683. "address": "0x46c6a0"
1684. },
1685. {
1686. "name": "DrawTextA",
1687. "address": "0x46c6a4"
1688. },
1689. {
1690. "name": "DrawMenuBar",
1691. "address": "0x46c6a8"
1692. },
1693. {
1694. "name": "DrawIconEx",
1695. "address": "0x46c6ac"
1696. },
1697. {
1698. "name": "DrawIcon",
1699. "address": "0x46c6b0"
1700. },
1701. {
1702. "name": "DrawFrameControl",
1703. "address": "0x46c6b4"
1704. },
1705. {
1706. "name": "DrawFocusRect",
1707. "address": "0x46c6b8"
1708. },
1709. {
1710. "name": "DrawEdge",
1711. "address": "0x46c6bc"
1712. },
1713. {
1714. "name": "DispatchMessageA",
1715. "address": "0x46c6c0"
1716. },
1717. {
1718. "name": "DestroyWindow",
1719. "address": "0x46c6c4"
1720. },
1721. {
1722. "name": "DestroyMenu",
1723. "address": "0x46c6c8"
1724. },
1725. {
1726. "name": "DestroyIcon",
1727. "address": "0x46c6cc"
1728. },
1729. {
1730. "name": "DestroyCursor",
1731. "address": "0x46c6d0"
1732. },
1733. {
1734. "name": "DeleteMenu",
1735. "address": "0x46c6d4"
1736. },
1737. {
1738. "name": "DefWindowProcA",
1739. "address": "0x46c6d8"
1740. },
1741. {
1742. "name": "DefMDIChildProcA",
1743. "address": "0x46c6dc"
1744. },
1745. {
1746. "name": "DefFrameProcA",
1747. "address": "0x46c6e0"
1748. },
1749. {
1750. "name": "CreatePopupMenu",
1751. "address": "0x46c6e4"
1752. },
1753. {
1754. "name": "CreateMenu",
1755. "address": "0x46c6e8"
1756. },
1757. {
1758. "name": "CreateIcon",
1759. "address": "0x46c6ec"
1760. },
1761. {
1762. "name": "ClientToScreen",
1763. "address": "0x46c6f0"
1764. },
1765. {
1766. "name": "CheckMenuItem",
1767. "address": "0x46c6f4"
1768. },
1769. {
1770. "name": "CallWindowProcA",
1771. "address": "0x46c6f8"
1772. },
1773. {
1774. "name": "CallNextHookEx",
1775. "address": "0x46c6fc"
1776. },
1777. {
1778. "name": "BeginPaint",
1779. "address": "0x46c700"
1780. },
1781. {
1782. "name": "CharNextA",
1783. "address": "0x46c704"
1784. },
1785. {
1786. "name": "CharLowerBuffA",
1787. "address": "0x46c708"
1788. },
1789. {
1790. "name": "CharLowerA",
1791. "address": "0x46c70c"
1792. },
1793. {
1794. "name": "CharToOemA",
1795. "address": "0x46c710"
1796. },
1797. {
1798. "name": "AdjustWindowRectEx",
1799. "address": "0x46c714"
1800. },
1801. {
1802. "name": "ActivateKeyboardLayout",
1803. "address": "0x46c718"
1804. }
1805. ],
1806. "dll": "user32.dll"
1807. },
1808. {
1809. "imports": [
1810. {
1811. "name": "Sleep",
1812. "address": "0x46c720"
1813. }
1814. ],
1815. "dll": "kernel32.dll"
1816. },
1817. {
1818. "imports": [
1819. {
1820. "name": "SafeArrayPtrOfIndex",
1821. "address": "0x46c728"
1822. },
1823. {
1824. "name": "SafeArrayGetUBound",
1825. "address": "0x46c72c"
1826. },
1827. {
1828. "name": "SafeArrayGetLBound",
1829. "address": "0x46c730"
1830. },
1831. {
1832. "name": "SafeArrayCreate",
1833. "address": "0x46c734"
1834. },
1835. {
1836. "name": "VariantChangeType",
1837. "address": "0x46c738"
1838. },
1839. {
1840. "name": "VariantCopy",
1841. "address": "0x46c73c"
1842. },
1843. {
1844. "name": "VariantClear",
1845. "address": "0x46c740"
1846. },
1847. {
1848. "name": "VariantInit",
1849. "address": "0x46c744"
1850. }
1851. ],
1852. "dll": "oleaut32.dll"
1853. },
1854. {
1855. "imports": [
1856. {
1857. "name": "CreateStreamOnHGlobal",
1858. "address": "0x46c74c"
1859. },
1860. {
1861. "name": "IsAccelerator",
1862. "address": "0x46c750"
1863. },
1864. {
1865. "name": "OleDraw",
1866. "address": "0x46c754"
1867. },
1868. {
1869. "name": "OleSetMenuDescriptor",
1870. "address": "0x46c758"
1871. },
1872. {
1873. "name": "CoTaskMemFree",
1874. "address": "0x46c75c"
1875. },
1876. {
1877. "name": "ProgIDFromCLSID",
1878. "address": "0x46c760"
1879. },
1880. {
1881. "name": "StringFromCLSID",
1882. "address": "0x46c764"
1883. },
1884. {
1885. "name": "CoCreateInstance",
1886. "address": "0x46c768"
1887. },
1888. {
1889. "name": "CoGetClassObject",
1890. "address": "0x46c76c"
1891. },
1892. {
1893. "name": "CoUninitialize",
1894. "address": "0x46c770"
1895. },
1896. {
1897. "name": "CoInitialize",
1898. "address": "0x46c774"
1899. },
1900. {
1901. "name": "IsEqualGUID",
1902. "address": "0x46c778"
1903. }
1904. ],
1905. "dll": "ole32.dll"
1906. },
1907. {
1908. "imports": [
1909. {
1910. "name": "GetErrorInfo",
1911. "address": "0x46c780"
1912. },
1913. {
1914. "name": "GetActiveObject",
1915. "address": "0x46c784"
1916. },
1917. {
1918. "name": "SysFreeString",
1919. "address": "0x46c788"
1920. }
1921. ],
1922. "dll": "oleaut32.dll"
1923. },
1924. {
1925. "imports": [
1926. {
1927. "name": "ImageList_SetIconSize",
1928. "address": "0x46c790"
1929. },
1930. {
1931. "name": "ImageList_GetIconSize",
1932. "address": "0x46c794"
1933. },
1934. {
1935. "name": "ImageList_Write",
1936. "address": "0x46c798"
1937. },
1938. {
1939. "name": "ImageList_Read",
1940. "address": "0x46c79c"
1941. },
1942. {
1943. "name": "ImageList_GetDragImage",
1944. "address": "0x46c7a0"
1945. },
1946. {
1947. "name": "ImageList_DragShowNolock",
1948. "address": "0x46c7a4"
1949. },
1950. {
1951. "name": "ImageList_SetDragCursorImage",
1952. "address": "0x46c7a8"
1953. },
1954. {
1955. "name": "ImageList_DragMove",
1956. "address": "0x46c7ac"
1957. },
1958. {
1959. "name": "ImageList_DragLeave",
1960. "address": "0x46c7b0"
1961. },
1962. {
1963. "name": "ImageList_DragEnter",
1964. "address": "0x46c7b4"
1965. },
1966. {
1967. "name": "ImageList_EndDrag",
1968. "address": "0x46c7b8"
1969. },
1970. {
1971. "name": "ImageList_BeginDrag",
1972. "address": "0x46c7bc"
1973. },
1974. {
1975. "name": "ImageList_Remove",
1976. "address": "0x46c7c0"
1977. },
1978. {
1979. "name": "ImageList_DrawEx",
1980. "address": "0x46c7c4"
1981. },
1982. {
1983. "name": "ImageList_Draw",
1984. "address": "0x46c7c8"
1985. },
1986. {
1987. "name": "ImageList_GetBkColor",
1988. "address": "0x46c7cc"
1989. },
1990. {
1991. "name": "ImageList_SetBkColor",
1992. "address": "0x46c7d0"
1993. },
1994. {
1995. "name": "ImageList_ReplaceIcon",
1996. "address": "0x46c7d4"
1997. },
1998. {
1999. "name": "ImageList_Add",
2000. "address": "0x46c7d8"
2001. },
2002. {
2003. "name": "ImageList_GetImageCount",
2004. "address": "0x46c7dc"
2005. },
2006. {
2007. "name": "ImageList_Destroy",
2008. "address": "0x46c7e0"
2009. },
2010. {
2011. "name": "ImageList_Create",
2012. "address": "0x46c7e4"
2013. }
2014. ],
2015. "dll": "comctl32.dll"
2016. },
2017. {
2018. "imports": [
2019. {
2020. "name": "OpenPrinterA",
2021. "address": "0x46c7ec"
2022. },
2023. {
2024. "name": "EnumPrintersA",
2025. "address": "0x46c7f0"
2026. },
2027. {
2028. "name": "DocumentPropertiesA",
2029. "address": "0x46c7f4"
2030. },
2031. {
2032. "name": "ClosePrinter",
2033. "address": "0x46c7f8"
2034. }
2035. ],
2036. "dll": "winspool.drv"
2037. },
2038. {
2039. "imports": [
2040. {
2041. "name": "PrintDlgA",
2042. "address": "0x46c800"
2043. }
2044. ],
2045. "dll": "comdlg32.dll"
2046. }
2047. ],
2048. "digital_signers": null,
2049. "exported_dll_name": null,
2050. "actual_checksum": "0x000c65eb",
2051. "overlay": null,
2052. "imagebase": "0x00400000",
2053. "reported_checksum": "0x00000000",
2054. "icon_hash": null,
2055. "entrypoint": "0x00460f88",
2056. "timestamp": "1992-05-13 13:18:15",
2057. "osversion": "4.0",
2058. "sections": [
2059. {
2060. "name": "CODE",
2061. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2062. "virtual_address": "0x00001000",
2063. "size_of_data": "0x00060000",
2064. "entropy": "6.55",
2065. "raw_address": "0x00000400",
2066. "virtual_size": "0x0005ffd0",
2067. "characteristics_raw": "0x60000020"
2068. },
2069. {
2070. "name": "DATA",
2071. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2072. "virtual_address": "0x00061000",
2073. "size_of_data": "0x00009600",
2074. "entropy": "5.05",
2075. "raw_address": "0x00060400",
2076. "virtual_size": "0x00009598",
2077. "characteristics_raw": "0xc0000040"
2078. },
2079. {
2080. "name": "BSS",
2081. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2082. "virtual_address": "0x0006b000",
2083. "size_of_data": "0x00000000",
2084. "entropy": "0.00",
2085. "raw_address": "0x00069a00",
2086. "virtual_size": "0x00000d5d",
2087. "characteristics_raw": "0xc0000000"
2088. },
2089. {
2090. "name": ".idata",
2091. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2092. "virtual_address": "0x0006c000",
2093. "size_of_data": "0x00002600",
2094. "entropy": "4.90",
2095. "raw_address": "0x00069a00",
2096. "virtual_size": "0x00002436",
2097. "characteristics_raw": "0xc0000040"
2098. },
2099. {
2100. "name": ".tls",
2101. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2102. "virtual_address": "0x0006f000",
2103. "size_of_data": "0x00000000",
2104. "entropy": "0.00",
2105. "raw_address": "0x0006c000",
2106. "virtual_size": "0x00000010",
2107. "characteristics_raw": "0xc0000000"
2108. },
2109. {
2110. "name": ".rdata",
2111. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2112. "virtual_address": "0x00070000",
2113. "size_of_data": "0x00000200",
2114. "entropy": "0.18",
2115. "raw_address": "0x0006c000",
2116. "virtual_size": "0x00000018",
2117. "characteristics_raw": "0x50000040"
2118. },
2119. {
2120. "name": ".reloc",
2121. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2122. "virtual_address": "0x00071000",
2123. "size_of_data": "0x00006e00",
2124. "entropy": "6.69",
2125. "raw_address": "0x0006c200",
2126. "virtual_size": "0x00006da0",
2127. "characteristics_raw": "0x50000040"
2128. },
2129. {
2130. "name": ".rsrc",
2131. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2132. "virtual_address": "0x00078000",
2133. "size_of_data": "0x00052800",
2134. "entropy": "7.21",
2135. "raw_address": "0x00073000",
2136. "virtual_size": "0x000527e4",
2137. "characteristics_raw": "0x50000040"
2138. }
2139. ],
2140. "resources": [],
2141. "dirents": [
2142. {
2143. "virtual_address": "0x00000000",
2144. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2145. "size": "0x00000000"
2146. },
2147. {
2148. "virtual_address": "0x0006c000",
2149. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2150. "size": "0x00002436"
2151. },
2152. {
2153. "virtual_address": "0x00078000",
2154. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2155. "size": "0x000527e4"
2156. },
2157. {
2158. "virtual_address": "0x00000000",
2159. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2160. "size": "0x00000000"
2161. },
2162. {
2163. "virtual_address": "0x00000000",
2164. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2165. "size": "0x00000000"
2166. },
2167. {
2168. "virtual_address": "0x00071000",
2169. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2170. "size": "0x00006da0"
2171. },
2172. {
2173. "virtual_address": "0x00000000",
2174. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2175. "size": "0x00000000"
2176. },
2177. {
2178. "virtual_address": "0x00000000",
2179. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2180. "size": "0x00000000"
2181. },
2182. {
2183. "virtual_address": "0x00000000",
2184. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2185. "size": "0x00000000"
2186. },
2187. {
2188. "virtual_address": "0x00070000",
2189. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2190. "size": "0x00000018"
2191. },
2192. {
2193. "virtual_address": "0x00000000",
2194. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2195. "size": "0x00000000"
2196. },
2197. {
2198. "virtual_address": "0x00000000",
2199. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2200. "size": "0x00000000"
2201. },
2202. {
2203. "virtual_address": "0x00000000",
2204. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2205. "size": "0x00000000"
2206. },
2207. {
2208. "virtual_address": "0x00000000",
2209. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2210. "size": "0x00000000"
2211. },
2212. {
2213. "virtual_address": "0x00000000",
2214. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2215. "size": "0x00000000"
2216. },
2217. {
2218. "virtual_address": "0x00000000",
2219. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2220. "size": "0x00000000"
2221. }
2222. ],
2223. "exports": [],
2224. "guest_signers": {},
2225. "imphash": "7fb35e61cc1c101619a710991bd5cb58",
2226. "icon_fuzzy": null,
2227. "icon": null,
2228. "pdbpath": null,
2229. "imported_dll_count": 17,
2230. "versioninfo": []
2231. }
2232. }
2233.  
2234. [*] Resolved APIs: [
2235. "kernel32.dll.GetDiskFreeSpaceExA",
2236. "oleaut32.dll.VariantChangeTypeEx",
2237. "oleaut32.dll.VarNeg",
2238. "oleaut32.dll.VarNot",
2239. "oleaut32.dll.VarAdd",
2240. "oleaut32.dll.VarSub",
2241. "oleaut32.dll.VarMul",
2242. "oleaut32.dll.VarDiv",
2243. "oleaut32.dll.VarIdiv",
2244. "oleaut32.dll.VarMod",
2245. "oleaut32.dll.VarAnd",
2246. "oleaut32.dll.VarOr",
2247. "oleaut32.dll.VarXor",
2248. "oleaut32.dll.VarCmp",
2249. "oleaut32.dll.VarI4FromStr",
2250. "oleaut32.dll.VarR4FromStr",
2251. "oleaut32.dll.VarR8FromStr",
2252. "oleaut32.dll.VarDateFromStr",
2253. "oleaut32.dll.VarCyFromStr",
2254. "oleaut32.dll.VarBoolFromStr",
2255. "oleaut32.dll.VarBstrFromCy",
2256. "oleaut32.dll.VarBstrFromDate",
2257. "oleaut32.dll.VarBstrFromBool",
2258. "user32.dll.GetMonitorInfoA",
2259. "user32.dll.GetSystemMetrics",
2260. "user32.dll.EnumDisplayMonitors",
2261. "dwmapi.dll.DwmIsCompositionEnabled",
2262. "gdi32.dll.GetLayout",
2263. "gdi32.dll.GdiRealizationInfo",
2264. "gdi32.dll.FontIsLinked",
2265. "advapi32.dll.RegOpenKeyExW",
2266. "advapi32.dll.RegQueryInfoKeyW",
2267. "gdi32.dll.GetTextFaceAliasW",
2268. "advapi32.dll.RegEnumValueW",
2269. "advapi32.dll.RegCloseKey",
2270. "advapi32.dll.RegQueryValueExW",
2271. "gdi32.dll.GetFontAssocStatus",
2272. "advapi32.dll.RegQueryValueExA",
2273. "advapi32.dll.RegEnumKeyExW",
2274. "gdi32.dll.GdiIsMetaPrintDC",
2275. "user32.dll.AnimateWindow",
2276. "comctl32.dll.InitializeFlatSB",
2277. "comctl32.dll.UninitializeFlatSB",
2278. "comctl32.dll.FlatSB_GetScrollProp",
2279. "comctl32.dll.FlatSB_SetScrollProp",
2280. "comctl32.dll.FlatSB_EnableScrollBar",
2281. "comctl32.dll.FlatSB_ShowScrollBar",
2282. "comctl32.dll.FlatSB_GetScrollRange",
2283. "comctl32.dll.FlatSB_GetScrollInfo",
2284. "comctl32.dll.FlatSB_GetScrollPos",
2285. "comctl32.dll.FlatSB_SetScrollPos",
2286. "comctl32.dll.FlatSB_SetScrollInfo",
2287. "comctl32.dll.FlatSB_SetScrollRange",
2288. "user32.dll.SetLayeredWindowAttributes",
2289. "ole32.dll.CoCreateInstanceEx",
2290. "ole32.dll.CoInitializeEx",
2291. "ole32.dll.CoAddRefServerProcess",
2292. "ole32.dll.CoReleaseServerProcess",
2293. "ole32.dll.CoResumeClassObjects",
2294. "ole32.dll.CoSuspendClassObjects",
2295. "olepro32.dll.OleCreatePropertyFrame",
2296. "olepro32.dll.OleCreateFontIndirect",
2297. "olepro32.dll.OleCreatePictureIndirect",
2298. "olepro32.dll.OleLoadPicture",
2299. "kernel32.dll.GetModuleHandleW",
2300. "kernel32.dll.VirtualFree",
2301. "kernel32.dll.LoadLibraryW",
2302. "kernel32.dll.SizeofResource",
2303. "kernel32.dll.GetModuleFileNameW",
2304. "kernel32.dll.CreateFileW",
2305. "kernel32.dll.MultiByteToWideChar",
2306. "kernel32.dll.FlushInstructionCache",
2307. "kernel32.dll.GetCurrentProcess",
2308. "kernel32.dll.VirtualAlloc",
2309. "kernel32.dll.LoadLibraryA",
2310. "kernel32.dll.GetModuleFileNameA",
2311. "kernel32.dll.GetModuleHandleA",
2312. "kernel32.dll.VirtualProtect",
2313. "kernel32.dll.CloseHandle",
2314. "kernel32.dll.LoadResource",
2315. "kernel32.dll.FindResourceW",
2316. "kernel32.dll.GetProcAddress",
2317. "kernel32.dll.GetFileSize",
2318. "kernel32.dll.LCMapStringW",
2319. "kernel32.dll.LCMapStringA",
2320. "kernel32.dll.GetStringTypeW",
2321. "kernel32.dll.GetStringTypeA",
2322. "kernel32.dll.HeapAlloc",
2323. "kernel32.dll.GetStartupInfoW",
2324. "kernel32.dll.DeleteCriticalSection",
2325. "kernel32.dll.LeaveCriticalSection",
2326. "kernel32.dll.EnterCriticalSection",
2327. "kernel32.dll.HeapFree",
2328. "kernel32.dll.HeapReAlloc",
2329. "kernel32.dll.HeapCreate",
2330. "kernel32.dll.Sleep",
2331. "kernel32.dll.ExitProcess",
2332. "kernel32.dll.WriteFile",
2333. "kernel32.dll.GetStdHandle",
2334. "kernel32.dll.SetUnhandledExceptionFilter",
2335. "kernel32.dll.FreeEnvironmentStringsW",
2336. "kernel32.dll.GetEnvironmentStringsW",
2337. "kernel32.dll.GetCommandLineW",
2338. "kernel32.dll.SetHandleCount",
2339. "kernel32.dll.GetFileType",
2340. "kernel32.dll.GetStartupInfoA",
2341. "kernel32.dll.TlsGetValue",
2342. "kernel32.dll.TlsAlloc",
2343. "kernel32.dll.TlsSetValue",
2344. "kernel32.dll.TlsFree",
2345. "kernel32.dll.InterlockedIncrement",
2346. "kernel32.dll.SetLastError",
2347. "kernel32.dll.GetCurrentThreadId",
2348. "kernel32.dll.GetLastError",
2349. "kernel32.dll.InterlockedDecrement",
2350. "kernel32.dll.QueryPerformanceCounter",
2351. "kernel32.dll.GetTickCount",
2352. "kernel32.dll.GetCurrentProcessId",
2353. "kernel32.dll.GetSystemTimeAsFileTime",
2354. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
2355. "kernel32.dll.TerminateProcess",
2356. "kernel32.dll.UnhandledExceptionFilter",
2357. "kernel32.dll.IsDebuggerPresent",
2358. "kernel32.dll.RtlUnwind",
2359. "kernel32.dll.GetCPInfo",
2360. "kernel32.dll.GetACP",
2361. "kernel32.dll.GetOEMCP",
2362. "kernel32.dll.IsValidCodePage",
2363. "kernel32.dll.HeapSize",
2364. "kernel32.dll.GetLocaleInfoA",
2365. "kernel32.dll.WideCharToMultiByte",
2366. "psapi.dll.GetModuleInformation",
2367. "psapi.dll.GetModuleBaseNameW",
2368. "psapi.dll.EnumProcessModules",
2369. "shlwapi.dll.StrStrIW",
2370. "shlwapi.dll.PathFileExistsW",
2371. "kernel32.dll.FlsAlloc",
2372. "kernel32.dll.FlsGetValue",
2373. "kernel32.dll.FlsSetValue",
2374. "kernel32.dll.FlsFree",
2375. "mscoree.dll._CorExeMain",
2376. "kernel32.dll.IsProcessorFeaturePresent",
2377. "msvcrt.dll._set_error_mode",
2378. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
2379. "kernel32.dll.FindActCtxSectionStringW",
2380. "kernel32.dll.GetSystemWindowsDirectoryW",
2381. "mscoree.dll.GetProcessExecutableHeap",
2382. "kernelbase.dll.InitializeCriticalSectionAndSpinCount",
2383. "kernel32.dll.ProcessIdToSessionId",
2384. "imm32.dll.ImmCreateContext",
2385. "imm32.dll.ImmDestroyContext",
2386. "imm32.dll.ImmNotifyIME",
2387. "imm32.dll.ImmAssociateContext",
2388. "imm32.dll.ImmReleaseContext",
2389. "imm32.dll.ImmGetContext",
2390. "imm32.dll.ImmGetCompositionStringA",
2391. "imm32.dll.ImmSetCompositionStringA",
2392. "imm32.dll.ImmGetCompositionStringW",
2393. "imm32.dll.ImmSetCompositionStringW",
2394. "imm32.dll.ImmSetCandidateWindow",
2395. "mscorwks.dll.GetCLRFunction",
2396. "mscoree.dll.IEE",
2397. "kernel32.dll.QueryActCtxW",
2398. "shlwapi.dll.UrlIsW",
2399. "mscorwks.dll.IEE",
2400. "ntdll.dll.ZwCreateSection",
2401. "kernel32.dll.MapViewOfFile",
2402. "kernel32.dll.LoadLibraryExW",
2403. "mscorwks.dll._CorExeMain",
2404. "advapi32.dll.RegisterTraceGuidsW",
2405. "advapi32.dll.UnregisterTraceGuids",
2406. "advapi32.dll.GetTraceLoggerHandle",
2407. "advapi32.dll.GetTraceEnableLevel",
2408. "advapi32.dll.GetTraceEnableFlags",
2409. "advapi32.dll.TraceEvent",
2410. "mscoree.dll.GetStartupFlags",
2411. "mscoree.dll.GetHostConfigurationFile",
2412. "mscoree.dll.GetCORSystemDirectory",
2413. "ntdll.dll.RtlUnwind",
2414. "kernel32.dll.IsWow64Process",
2415. "advapi32.dll.AllocateAndInitializeSid",
2416. "advapi32.dll.OpenProcessToken",
2417. "advapi32.dll.GetTokenInformation",
2418. "advapi32.dll.InitializeAcl",
2419. "advapi32.dll.AddAccessAllowedAce",
2420. "advapi32.dll.FreeSid",
2421. "kernel32.dll.SetThreadStackGuarantee",
2422. "kernel32.dll.AddVectoredContinueHandler",
2423. "kernel32.dll.RemoveVectoredContinueHandler",
2424. "advapi32.dll.ConvertSidToStringSidW",
2425. "shell32.dll.SHGetFolderPathW",
2426. "kernel32.dll.FlushProcessWriteBuffers",
2427. "kernel32.dll.GetWriteWatch",
2428. "kernel32.dll.ResetWriteWatch",
2429. "kernel32.dll.CreateMemoryResourceNotification",
2430. "kernel32.dll.QueryMemoryResourceNotification",
2431. "mscoree.dll._CorImageUnloading",
2432. "mscoree.dll._CorValidateImage",
2433. "cryptbase.dll.SystemFunction036",
2434. "uxtheme.dll.ThemeInitApiHook",
2435. "user32.dll.IsProcessDPIAware",
2436. "ole32.dll.CoGetContextToken",
2437. "kernel32.dll.GetVersionExW",
2438. "kernel32.dll.GetFullPathNameW",
2439. "advapi32.dll.CryptAcquireContextA",
2440. "advapi32.dll.CryptReleaseContext",
2441. "advapi32.dll.CryptCreateHash",
2442. "advapi32.dll.CryptDestroyHash",
2443. "advapi32.dll.CryptHashData",
2444. "advapi32.dll.CryptGetHashParam",
2445. "advapi32.dll.CryptImportKey",
2446. "advapi32.dll.CryptExportKey",
2447. "advapi32.dll.CryptGenKey",
2448. "advapi32.dll.CryptGetKeyParam",
2449. "advapi32.dll.CryptDestroyKey",
2450. "advapi32.dll.CryptVerifySignatureA",
2451. "advapi32.dll.CryptSignHashA",
2452. "advapi32.dll.CryptGetProvParam",
2453. "advapi32.dll.CryptGetUserKey",
2454. "advapi32.dll.CryptEnumProvidersA",
2455. "mscoree.dll.GetMetaDataInternalInterface",
2456. "mscorwks.dll.GetMetaDataInternalInterface",
2457. "cryptsp.dll.CryptAcquireContextA",
2458. "cryptsp.dll.CryptImportKey",
2459. "cryptsp.dll.CryptCreateHash",
2460. "cryptsp.dll.CryptHashData",
2461. "cryptsp.dll.CryptVerifySignatureA",
2462. "cryptsp.dll.CryptDestroyHash",
2463. "cryptsp.dll.CryptDestroyKey",
2464. "mscorjit.dll.getJit",
2465. "kernel32.dll.GetEnvironmentVariableW",
2466. "kernel32.dll.SwitchToThread",
2467. "kernel32.dll.lstrlen",
2468. "kernel32.dll.lstrlenW",
2469. "kernel32.dll.GetUserDefaultUILanguage",
2470. "kernel32.dll.SetErrorMode",
2471. "kernel32.dll.GetFileAttributesExW",
2472. "bcrypt.dll.BCryptGetFipsAlgorithmMode",
2473. "cryptsp.dll.CryptAcquireContextW",
2474. "ole32.dll.CreateBindCtx",
2475. "ole32.dll.CoGetObjectContext",
2476. "sechost.dll.LookupAccountNameLocalW",
2477. "advapi32.dll.LookupAccountSidW",
2478. "sechost.dll.LookupAccountSidLocalW",
2479. "cryptsp.dll.CryptGenRandom",
2480. "ole32.dll.NdrOleInitializeExtension",
2481. "ole32.dll.CoGetClassObject",
2482. "ole32.dll.CoGetMarshalSizeMax",
2483. "ole32.dll.CoMarshalInterface",
2484. "ole32.dll.CoUnmarshalInterface",
2485. "ole32.dll.StringFromIID",
2486. "ole32.dll.CoGetPSClsid",
2487. "ole32.dll.CoTaskMemAlloc",
2488. "ole32.dll.CoTaskMemFree",
2489. "ole32.dll.CoCreateInstance",
2490. "ole32.dll.CoReleaseMarshalData",
2491. "ole32.dll.DcomChannelSetHResult",
2492. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
2493. "ole32.dll.MkParseDisplayName",
2494. "oleaut32.dll.#2",
2495. "oleaut32.dll.#6",
2496. "kernel32.dll.GetThreadPreferredUILanguages",
2497. "kernel32.dll.SetThreadPreferredUILanguages",
2498. "kernel32.dll.LocaleNameToLCID",
2499. "kernel32.dll.GetLocaleInfoEx",
2500. "kernel32.dll.LCIDToLocaleName",
2501. "kernel32.dll.GetSystemDefaultLocaleName",
2502. "ole32.dll.BindMoniker",
2503. "sxs.dll.SxsOleAut32RedirectTypeLibrary",
2504. "advapi32.dll.RegOpenKeyW",
2505. "advapi32.dll.RegEnumKeyW",
2506. "advapi32.dll.RegQueryValueW",
2507. "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid",
2508. "sxs.dll.SxsLookupClrGuid",
2509. "kernel32.dll.ReleaseActCtx",
2510. "oleaut32.dll.#9",
2511. "oleaut32.dll.#4",
2512. "oleaut32.dll.#283",
2513. "oleaut32.dll.#284",
2514. "mscoree.dll.GetTokenForVTableEntry",
2515. "mscoree.dll.SetTargetForVTableEntry",
2516. "mscoree.dll.GetTargetForVTableEntry",
2517. "kernel32.dll.LocalAlloc",
2518. "oleaut32.dll.VariantInit",
2519. "oleaut32.dll.VariantClear",
2520. "oleaut32.dll.#7",
2521. "kernel32.dll.CreateEventW",
2522. "kernel32.dll.SetEvent",
2523. "ole32.dll.CoWaitForMultipleHandles",
2524. "ole32.dll.IIDFromString",
2525. "wminet_utils.dll.ResetSecurity",
2526. "wminet_utils.dll.SetSecurity",
2527. "wminet_utils.dll.BlessIWbemServices",
2528. "wminet_utils.dll.BlessIWbemServicesObject",
2529. "wminet_utils.dll.GetPropertyHandle",
2530. "wminet_utils.dll.WritePropertyValue",
2531. "wminet_utils.dll.Clone",
2532. "wminet_utils.dll.VerifyClientKey",
2533. "wminet_utils.dll.GetQualifierSet",
2534. "wminet_utils.dll.Get",
2535. "wminet_utils.dll.Put",
2536. "wminet_utils.dll.Delete",
2537. "wminet_utils.dll.GetNames",
2538. "wminet_utils.dll.BeginEnumeration",
2539. "wminet_utils.dll.Next",
2540. "wminet_utils.dll.EndEnumeration",
2541. "wminet_utils.dll.GetPropertyQualifierSet",
2542. "wminet_utils.dll.GetObjectText",
2543. "wminet_utils.dll.SpawnDerivedClass",
2544. "wminet_utils.dll.SpawnInstance",
2545. "wminet_utils.dll.CompareTo",
2546. "wminet_utils.dll.GetPropertyOrigin",
2547. "wminet_utils.dll.InheritsFrom",
2548. "wminet_utils.dll.GetMethod",
2549. "wminet_utils.dll.PutMethod",
2550. "wminet_utils.dll.DeleteMethod",
2551. "wminet_utils.dll.BeginMethodEnumeration",
2552. "wminet_utils.dll.NextMethod",
2553. "wminet_utils.dll.EndMethodEnumeration",
2554. "wminet_utils.dll.GetMethodQualifierSet",
2555. "wminet_utils.dll.GetMethodOrigin",
2556. "wminet_utils.dll.QualifierSet_Get",
2557. "wminet_utils.dll.QualifierSet_Put",
2558. "wminet_utils.dll.QualifierSet_Delete",
2559. "wminet_utils.dll.QualifierSet_GetNames",
2560. "wminet_utils.dll.QualifierSet_BeginEnumeration",
2561. "wminet_utils.dll.QualifierSet_Next",
2562. "wminet_utils.dll.QualifierSet_EndEnumeration",
2563. "wminet_utils.dll.GetCurrentApartmentType",
2564. "wminet_utils.dll.GetDemultiplexedStub",
2565. "wminet_utils.dll.CreateInstanceEnumWmi",
2566. "wminet_utils.dll.CreateClassEnumWmi",
2567. "wminet_utils.dll.ExecQueryWmi",
2568. "wminet_utils.dll.ExecNotificationQueryWmi",
2569. "wminet_utils.dll.PutInstanceWmi",
2570. "wminet_utils.dll.PutClassWmi",
2571. "wminet_utils.dll.CloneEnumWbemClassObject",
2572. "wminet_utils.dll.ConnectServerWmi",
2573. "ole32.dll.CoUninitialize",
2574. "oleaut32.dll.#500",
2575. "oleaut32.dll.SysStringLen",
2576. "kernel32.dll.RtlZeroMemory",
2577. "kernel32.dll.RegOpenKeyExW",
2578. "advapi32.dll.GetUserNameW",
2579. "kernel32.dll.GetComputerNameW",
2580. "user32.dll.DefWindowProcW",
2581. "gdi32.dll.GetStockObject",
2582. "user32.dll.RegisterClassW",
2583. "user32.dll.CreateWindowExW",
2584. "user32.dll.SetWindowLongW",
2585. "user32.dll.GetWindowLongW",
2586. "kernel32.dll.GetCurrentThread",
2587. "kernel32.dll.DuplicateHandle",
2588. "user32.dll.CallWindowProcW",
2589. "user32.dll.RegisterWindowMessageW",
2590. "advapi32.dll.LookupPrivilegeValueW",
2591. "advapi32.dll.AdjustTokenPrivileges",
2592. "ntdll.dll.NtQuerySystemInformation",
2593. "kernel32.dll.CreateIoCompletionPort",
2594. "kernel32.dll.PostQueuedCompletionStatus",
2595. "ntdll.dll.NtQueryInformationThread",
2596. "ntdll.dll.NtGetCurrentProcessorNumber",
2597. "shfolder.dll.SHGetFolderPathW",
2598. "kernel32.dll.FindFirstFileW",
2599. "kernel32.dll.FindClose",
2600. "kernel32.dll.FindNextFileW",
2601. "kernel32.dll.UnmapViewOfFile",
2602. "kernel32.dll.ReadFile",
2603. "oleaut32.dll.#204",
2604. "oleaut32.dll.#203",
2605. "kernel32.dll.OpenProcess",
2606. "kernel32.dll.GetExitCodeProcess",
2607. "culture.dll.ConvertLangIdToCultureName",
2608. "mlang.dll.#112",
2609. "wininet.dll.FindFirstUrlCacheEntryA",
2610. "kernel32.dll.SetFileInformationByHandle",
2611. "urlmon.dll.CreateUri",
2612. "kernel32.dll.InitializeSRWLock",
2613. "kernel32.dll.AcquireSRWLockExclusive",
2614. "kernel32.dll.AcquireSRWLockShared",
2615. "kernel32.dll.ReleaseSRWLockExclusive",
2616. "kernel32.dll.ReleaseSRWLockShared",
2617. "wininet.dll.FindNextUrlCacheEntryA",
2618. "urlmon.dll.CreateIUriBuilder",
2619. "urlmon.dll.IntlPercentEncodeNormalize",
2620. "wininet.dll.FindCloseUrlCache",
2621. "cryptsp.dll.CryptGetHashParam",
2622. "cryptsp.dll.CryptReleaseContext",
2623. "ole32.dll.CLSIDFromProgIDEx",
2624. "oleaut32.dll.#201",
2625. "user32.dll.GetLastInputInfo",
2626. "user32.dll.GetClientRect",
2627. "user32.dll.GetWindowRect",
2628. "user32.dll.GetParent",
2629. "ole32.dll.OleInitialize",
2630. "ole32.dll.CoRegisterMessageFilter",
2631. "user32.dll.PeekMessageW",
2632. "user32.dll.WaitMessage",
2633. "mscoree.dll.ND_RI2",
2634. "rasapi32.dll.RasEnumConnectionsW",
2635. "rtutils.dll.TraceRegisterExA",
2636. "rtutils.dll.TracePrintfExA",
2637. "sechost.dll.OpenSCManagerW",
2638. "sechost.dll.OpenServiceW",
2639. "sechost.dll.QueryServiceStatus",
2640. "sechost.dll.CloseServiceHandle",
2641. "ws2_32.dll.WSAStartup",
2642. "ws2_32.dll.WSASocketW",
2643. "ws2_32.dll.setsockopt",
2644. "ws2_32.dll.WSAEventSelect",
2645. "ws2_32.dll.ioctlsocket",
2646. "ws2_32.dll.closesocket",
2647. "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2648. "kernel32.dll.LocalFree",
2649. "kernel32.dll.CreateFileMappingW",
2650. "kernel32.dll.VirtualQuery",
2651. "kernel32.dll.ReleaseMutex",
2652. "advapi32.dll.CreateWellKnownSid",
2653. "kernel32.dll.CreateMutexW",
2654. "kernel32.dll.WaitForSingleObject",
2655. "kernel32.dll.OpenMutexW",
2656. "kernel32.dll.GetProcessTimes",
2657. "ws2_32.dll.WSAIoctl",
2658. "kernel32.dll.FormatMessageW",
2659. "rasapi32.dll.RasConnectionNotificationW",
2660. "sechost.dll.NotifyServiceStatusChangeA",
2661. "advapi32.dll.RegOpenCurrentUser",
2662. "advapi32.dll.RegNotifyChangeKeyValue",
2663. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
2664. "kernel32.dll.ResetEvent",
2665. "iphlpapi.dll.GetNetworkParams",
2666. "dnsapi.dll.DnsQueryConfig",
2667. "iphlpapi.dll.GetAdaptersAddresses",
2668. "iphlpapi.dll.GetIpInterfaceEntry",
2669. "iphlpapi.dll.GetBestInterfaceEx",
2670. "ws2_32.dll.inet_addr",
2671. "ws2_32.dll.getaddrinfo",
2672. "ws2_32.dll.freeaddrinfo",
2673. "ws2_32.dll.WSAConnect",
2674. "ws2_32.dll.send",
2675. "ws2_32.dll.recv",
2676. "vssapi.dll.CreateWriter",
2677. "advapi32.dll.LookupAccountNameW",
2678. "samcli.dll.NetLocalGroupGetMembers",
2679. "samlib.dll.SamConnect",
2680. "rpcrt4.dll.NdrClientCall3",
2681. "rpcrt4.dll.RpcStringBindingComposeW",
2682. "rpcrt4.dll.RpcBindingFromStringBindingW",
2683. "rpcrt4.dll.RpcStringFreeW",
2684. "rpcrt4.dll.RpcBindingFree",
2685. "samlib.dll.SamOpenDomain",
2686. "samlib.dll.SamLookupNamesInDomain",
2687. "samlib.dll.SamOpenAlias",
2688. "samlib.dll.SamFreeMemory",
2689. "samlib.dll.SamCloseHandle",
2690. "samlib.dll.SamGetMembersInAlias",
2691. "netutils.dll.NetApiBufferFree",
2692. "samlib.dll.SamEnumerateDomainsInSamServer",
2693. "samlib.dll.SamLookupDomainInSamServer",
2694. "ole32.dll.CoCreateGuid",
2695. "ole32.dll.StringFromCLSID",
2696. "propsys.dll.VariantToPropVariant",
2697. "wbemcore.dll.Reinitialize",
2698. "wbemsvc.dll.DllGetClassObject",
2699. "wbemsvc.dll.DllCanUnloadNow",
2700. "authz.dll.AuthzInitializeContextFromToken",
2701. "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
2702. "authz.dll.AuthzAccessCheck",
2703. "authz.dll.AuthzFreeAuditEvent",
2704. "authz.dll.AuthzFreeContext",
2705. "authz.dll.AuthzInitializeResourceManager",
2706. "authz.dll.AuthzFreeResourceManager",
2707. "rpcrt4.dll.RpcBindingCreateW",
2708. "rpcrt4.dll.RpcBindingBind",
2709. "rpcrt4.dll.I_RpcMapWin32Status",
2710. "advapi32.dll.EventRegister",
2711. "advapi32.dll.EventUnregister",
2712. "advapi32.dll.EventWrite",
2713. "kernel32.dll.RegCloseKey",
2714. "kernel32.dll.RegSetValueExW",
2715. "kernel32.dll.RegQueryValueExW",
2716. "wmisvc.dll.IsImproperShutdownDetected",
2717. "wevtapi.dll.EvtRender",
2718. "wevtapi.dll.EvtNext",
2719. "wevtapi.dll.EvtClose",
2720. "wevtapi.dll.EvtQuery",
2721. "wevtapi.dll.EvtCreateRenderContext",
2722. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
2723. "rpcrt4.dll.RpcBindingSetOption",
2724. "ole32.dll.CoCreateFreeThreadedMarshaler",
2725. "ole32.dll.CreateStreamOnHGlobal",
2726. "advapi32.dll.RegCreateKeyExW",
2727. "advapi32.dll.RegSetValueExW",
2728. "kernelbase.dll.InitializeAcl",
2729. "kernelbase.dll.AddAce",
2730. "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2731. "kernel32.dll.IsThreadAFiber",
2732. "kernel32.dll.OpenProcessToken",
2733. "kernelbase.dll.GetTokenInformation",
2734. "kernelbase.dll.DuplicateTokenEx",
2735. "kernelbase.dll.AdjustTokenPrivileges",
2736. "kernel32.dll.SetThreadToken",
2737. "kernelbase.dll.CheckTokenMembership",
2738. "kernelbase.dll.AllocateAndInitializeSid",
2739. "ole32.dll.CLSIDFromString",
2740. "oleaut32.dll.#285",
2741. "oleaut32.dll.#12",
2742. "oleaut32.dll.#286",
2743. "oleaut32.dll.#17",
2744. "oleaut32.dll.#20",
2745. "oleaut32.dll.#19",
2746. "oleaut32.dll.#25",
2747. "authz.dll.AuthzInitializeContextFromSid",
2748. "ole32.dll.CoRevertToSelf",
2749. "advapi32.dll.LogonUserExExW",
2750. "sspicli.dll.LogonUserExExW",
2751. "ole32.dll.CoGetCallContext",
2752. "ole32.dll.CoImpersonateClient",
2753. "advapi32.dll.OpenThreadToken",
2754. "oleaut32.dll.#8",
2755. "ole32.dll.CoSwitchCallContext",
2756. "oleaut32.dll.#287",
2757. "oleaut32.dll.#288",
2758. "oleaut32.dll.#289",
2759. "kernel32.dll.SortGetHandle",
2760. "kernel32.dll.SortCloseHandle",
2761. "ntmarta.dll.GetMartaExtensionInterface",
2762. "fastprox.dll.DllGetClassObject",
2763. "fastprox.dll.DllCanUnloadNow",
2764. "oleaut32.dll.#290",
2765. "wmi.dll.WmiQueryAllDataW",
2766. "wmi.dll.WmiQuerySingleInstanceW",
2767. "wmi.dll.WmiSetSingleItemW",
2768. "wmi.dll.WmiSetSingleInstanceW",
2769. "wmi.dll.WmiExecuteMethodW",
2770. "wmi.dll.WmiNotificationRegistrationW",
2771. "wmi.dll.WmiMofEnumerateResourcesW",
2772. "wmi.dll.WmiFileHandleToInstanceNameW",
2773. "wmi.dll.WmiDevInstToInstanceNameW",
2774. "wmi.dll.WmiQueryGuidInformation",
2775. "wmi.dll.WmiOpenBlock",
2776. "wmi.dll.WmiCloseBlock",
2777. "wmi.dll.WmiFreeBuffer",
2778. "wmi.dll.WmiEnumerateGuids",
2779. "winbrand.dll.BrandingLoadString",
2780. "security.dll.InitSecurityInterfaceW",
2781. "cryptsp.dll.SystemFunction035",
2782. "schannel.dll.SpUserModeInitialize",
2783. "ntdll.dll.RtlInitUnicodeString",
2784. "ntdll.dll.RtlFreeUnicodeString",
2785. "ntdll.dll.NtSetSystemEnvironmentValue",
2786. "ntdll.dll.NtQuerySystemEnvironmentValue",
2787. "ntdll.dll.NtCreateFile",
2788. "ntdll.dll.NtQueryDirectoryObject",
2789. "ntdll.dll.NtQueryObject",
2790. "ntdll.dll.NtOpenDirectoryObject",
2791. "ntdll.dll.NtQueryInformationProcess",
2792. "ntdll.dll.NtQueryInformationToken",
2793. "ntdll.dll.NtOpenFile",
2794. "ntdll.dll.NtClose",
2795. "ntdll.dll.NtFsControlFile",
2796. "ntdll.dll.NtQueryVolumeInformationFile",
2797. "netapi32.dll.NetGroupEnum",
2798. "netapi32.dll.NetGroupGetInfo",
2799. "netapi32.dll.NetGroupSetInfo",
2800. "netapi32.dll.NetLocalGroupGetInfo",
2801. "netapi32.dll.NetLocalGroupSetInfo",
2802. "netapi32.dll.NetGroupGetUsers",
2803. "netapi32.dll.NetLocalGroupGetMembers",
2804. "netapi32.dll.NetLocalGroupEnum",
2805. "netapi32.dll.NetShareEnum",
2806. "netapi32.dll.NetShareGetInfo",
2807. "netapi32.dll.NetShareAdd",
2808. "netapi32.dll.NetShareEnumSticky",
2809. "netapi32.dll.NetShareSetInfo",
2810. "netapi32.dll.NetShareDel",
2811. "netapi32.dll.NetShareDelSticky",
2812. "netapi32.dll.NetShareCheck",
2813. "netapi32.dll.NetUserEnum",
2814. "netapi32.dll.NetUserGetInfo",
2815. "netapi32.dll.NetUserSetInfo",
2816. "netapi32.dll.NetApiBufferFree",
2817. "netapi32.dll.NetQueryDisplayInformation",
2818. "netapi32.dll.NetServerSetInfo",
2819. "netapi32.dll.NetServerGetInfo",
2820. "netapi32.dll.NetGetDCName",
2821. "netapi32.dll.NetWkstaGetInfo",
2822. "netapi32.dll.NetGetAnyDCName",
2823. "netapi32.dll.NetServerEnum",
2824. "netapi32.dll.NetUserModalsGet",
2825. "netapi32.dll.NetScheduleJobAdd",
2826. "netapi32.dll.NetScheduleJobDel",
2827. "netapi32.dll.NetScheduleJobEnum",
2828. "netapi32.dll.NetScheduleJobGetInfo",
2829. "netapi32.dll.NetUseGetInfo",
2830. "netapi32.dll.NetEnumerateTrustedDomains",
2831. "netapi32.dll.DsGetDcNameW",
2832. "netapi32.dll.DsRoleGetPrimaryDomainInformation",
2833. "netapi32.dll.DsRoleFreeMemory",
2834. "netapi32.dll.NetRenameMachineInDomain",
2835. "netapi32.dll.NetJoinDomain",
2836. "netapi32.dll.NetUnjoinDomain",
2837. "wkscli.dll.NetWkstaGetInfo",
2838. "cscapi.dll.CscNetApiGetInterface",
2839. "kernel32.dll.GetDiskFreeSpaceExW",
2840. "kernel32.dll.GetVolumePathNameW",
2841. "kernel32.dll.CreateToolhelp32Snapshot",
2842. "kernel32.dll.Thread32First",
2843. "kernel32.dll.Thread32Next",
2844. "kernel32.dll.Process32First",
2845. "kernel32.dll.Process32Next",
2846. "kernel32.dll.Module32First",
2847. "kernel32.dll.Module32Next",
2848. "kernel32.dll.Heap32ListFirst",
2849. "kernel32.dll.GlobalMemoryStatusEx",
2850. "kernel32.dll.GetSystemDefaultUILanguage",
2851. "oleaut32.dll.#15",
2852. "oleaut32.dll.#26",
2853. "oleaut32.dll.#150",
2854. "wtsapi32.dll.WTSEnumerateSessionsW",
2855. "winsta.dll.WinStationEnumerateW",
2856. "rpcrt4.dll.I_RpcExceptionFilter",
2857. "winsta.dll.WinStationFreeMemory",
2858. "wtsapi32.dll.WTSQuerySessionInformationW",
2859. "winsta.dll.WinStationQueryInformationW",
2860. "wtsapi32.dll.WTSFreeMemory",
2861. "devobj.dll.DevObjCreateDeviceInfoList",
2862. "devobj.dll.DevObjGetClassDevs",
2863. "devobj.dll.DevObjEnumDeviceInfo",
2864. "devobj.dll.DevObjDestroyDeviceInfoList",
2865. "powrprof.dll.PowerDeterminePlatformRole",
2866. "oleaut32.dll.#40",
2867. "oleaut32.dll.#23",
2868. "oleaut32.dll.#24",
2869. "oleaut32.dll.#16"
2870. ]
2871.  
2872. [*] Static Analysis: {
2873. "pe": {
2874. "peid_signatures": null,
2875. "imports": [
2876. {
2877. "imports": [
2878. {
2879. "name": "DeleteCriticalSection",
2880. "address": "0x46c168"
2881. },
2882. {
2883. "name": "LeaveCriticalSection",
2884. "address": "0x46c16c"
2885. },
2886. {
2887. "name": "EnterCriticalSection",
2888. "address": "0x46c170"
2889. },
2890. {
2891. "name": "InitializeCriticalSection",
2892. "address": "0x46c174"
2893. },
2894. {
2895. "name": "VirtualFree",
2896. "address": "0x46c178"
2897. },
2898. {
2899. "name": "VirtualAlloc",
2900. "address": "0x46c17c"
2901. },
2902. {
2903. "name": "LocalFree",
2904. "address": "0x46c180"
2905. },
2906. {
2907. "name": "LocalAlloc",
2908. "address": "0x46c184"
2909. },
2910. {
2911. "name": "GetVersion",
2912. "address": "0x46c188"
2913. },
2914. {
2915. "name": "GetCurrentThreadId",
2916. "address": "0x46c18c"
2917. },
2918. {
2919. "name": "InterlockedDecrement",
2920. "address": "0x46c190"
2921. },
2922. {
2923. "name": "InterlockedIncrement",
2924. "address": "0x46c194"
2925. },
2926. {
2927. "name": "VirtualQuery",
2928. "address": "0x46c198"
2929. },
2930. {
2931. "name": "WideCharToMultiByte",
2932. "address": "0x46c19c"
2933. },
2934. {
2935. "name": "MultiByteToWideChar",
2936. "address": "0x46c1a0"
2937. },
2938. {
2939. "name": "lstrlenA",
2940. "address": "0x46c1a4"
2941. },
2942. {
2943. "name": "lstrcpynA",
2944. "address": "0x46c1a8"
2945. },
2946. {
2947. "name": "LoadLibraryExA",
2948. "address": "0x46c1ac"
2949. },
2950. {
2951. "name": "GetThreadLocale",
2952. "address": "0x46c1b0"
2953. },
2954. {
2955. "name": "GetStartupInfoA",
2956. "address": "0x46c1b4"
2957. },
2958. {
2959. "name": "GetProcAddress",
2960. "address": "0x46c1b8"
2961. },
2962. {
2963. "name": "GetModuleHandleA",
2964. "address": "0x46c1bc"
2965. },
2966. {
2967. "name": "GetModuleFileNameA",
2968. "address": "0x46c1c0"
2969. },
2970. {
2971. "name": "GetLocaleInfoA",
2972. "address": "0x46c1c4"
2973. },
2974. {
2975. "name": "GetCommandLineA",
2976. "address": "0x46c1c8"
2977. },
2978. {
2979. "name": "FreeLibrary",
2980. "address": "0x46c1cc"
2981. },
2982. {
2983. "name": "FindFirstFileA",
2984. "address": "0x46c1d0"
2985. },
2986. {
2987. "name": "FindClose",
2988. "address": "0x46c1d4"
2989. },
2990. {
2991. "name": "ExitProcess",
2992. "address": "0x46c1d8"
2993. },
2994. {
2995. "name": "WriteFile",
2996. "address": "0x46c1dc"
2997. },
2998. {
2999. "name": "UnhandledExceptionFilter",
3000. "address": "0x46c1e0"
3001. },
3002. {
3003. "name": "RtlUnwind",
3004. "address": "0x46c1e4"
3005. },
3006. {
3007. "name": "RaiseException",
3008. "address": "0x46c1e8"
3009. },
3010. {
3011. "name": "GetStdHandle",
3012. "address": "0x46c1ec"
3013. }
3014. ],
3015. "dll": "kernel32.dll"
3016. },
3017. {
3018. "imports": [
3019. {
3020. "name": "GetKeyboardType",
3021. "address": "0x46c1f4"
3022. },
3023. {
3024. "name": "LoadStringA",
3025. "address": "0x46c1f8"
3026. },
3027. {
3028. "name": "MessageBoxA",
3029. "address": "0x46c1fc"
3030. },
3031. {
3032. "name": "CharNextA",
3033. "address": "0x46c200"
3034. }
3035. ],
3036. "dll": "user32.dll"
3037. },
3038. {
3039. "imports": [
3040. {
3041. "name": "RegQueryValueExA",
3042. "address": "0x46c208"
3043. },
3044. {
3045. "name": "RegOpenKeyExA",
3046. "address": "0x46c20c"
3047. },
3048. {
3049. "name": "RegCloseKey",
3050. "address": "0x46c210"
3051. }
3052. ],
3053. "dll": "advapi32.dll"
3054. },
3055. {
3056. "imports": [
3057. {
3058. "name": "SysFreeString",
3059. "address": "0x46c218"
3060. },
3061. {
3062. "name": "SysReAllocStringLen",
3063. "address": "0x46c21c"
3064. },
3065. {
3066. "name": "SysAllocStringLen",
3067. "address": "0x46c220"
3068. }
3069. ],
3070. "dll": "oleaut32.dll"
3071. },
3072. {
3073. "imports": [
3074. {
3075. "name": "TlsSetValue",
3076. "address": "0x46c228"
3077. },
3078. {
3079. "name": "TlsGetValue",
3080. "address": "0x46c22c"
3081. },
3082. {
3083. "name": "LocalAlloc",
3084. "address": "0x46c230"
3085. },
3086. {
3087. "name": "GetModuleHandleA",
3088. "address": "0x46c234"
3089. }
3090. ],
3091. "dll": "kernel32.dll"
3092. },
3093. {
3094. "imports": [
3095. {
3096. "name": "RegQueryValueExA",
3097. "address": "0x46c23c"
3098. },
3099. {
3100. "name": "RegOpenKeyExA",
3101. "address": "0x46c240"
3102. },
3103. {
3104. "name": "RegCloseKey",
3105. "address": "0x46c244"
3106. }
3107. ],
3108. "dll": "advapi32.dll"
3109. },
3110. {
3111. "imports": [
3112. {
3113. "name": "lstrcpyA",
3114. "address": "0x46c24c"
3115. },
3116. {
3117. "name": "WriteFile",
3118. "address": "0x46c250"
3119. },
3120. {
3121. "name": "WaitForSingleObject",
3122. "address": "0x46c254"
3123. },
3124. {
3125. "name": "VirtualQuery",
3126. "address": "0x46c258"
3127. },
3128. {
3129. "name": "VirtualAlloc",
3130. "address": "0x46c25c"
3131. },
3132. {
3133. "name": "Sleep",
3134. "address": "0x46c260"
3135. },
3136. {
3137. "name": "SizeofResource",
3138. "address": "0x46c264"
3139. },
3140. {
3141. "name": "SetThreadLocale",
3142. "address": "0x46c268"
3143. },
3144. {
3145. "name": "SetFilePointer",
3146. "address": "0x46c26c"
3147. },
3148. {
3149. "name": "SetEvent",
3150. "address": "0x46c270"
3151. },
3152. {
3153. "name": "SetErrorMode",
3154. "address": "0x46c274"
3155. },
3156. {
3157. "name": "SetEndOfFile",
3158. "address": "0x46c278"
3159. },
3160. {
3161. "name": "ResetEvent",
3162. "address": "0x46c27c"
3163. },
3164. {
3165. "name": "ReadFile",
3166. "address": "0x46c280"
3167. },
3168. {
3169. "name": "MultiByteToWideChar",
3170. "address": "0x46c284"
3171. },
3172. {
3173. "name": "MulDiv",
3174. "address": "0x46c288"
3175. },
3176. {
3177. "name": "LockResource",
3178. "address": "0x46c28c"
3179. },
3180. {
3181. "name": "LoadResource",
3182. "address": "0x46c290"
3183. },
3184. {
3185. "name": "LoadLibraryA",
3186. "address": "0x46c294"
3187. },
3188. {
3189. "name": "LeaveCriticalSection",
3190. "address": "0x46c298"
3191. },
3192. {
3193. "name": "InitializeCriticalSection",
3194. "address": "0x46c29c"
3195. },
3196. {
3197. "name": "GlobalUnlock",
3198. "address": "0x46c2a0"
3199. },
3200. {
3201. "name": "GlobalSize",
3202. "address": "0x46c2a4"
3203. },
3204. {
3205. "name": "GlobalReAlloc",
3206. "address": "0x46c2a8"
3207. },
3208. {
3209. "name": "GlobalHandle",
3210. "address": "0x46c2ac"
3211. },
3212. {
3213. "name": "GlobalLock",
3214. "address": "0x46c2b0"
3215. },
3216. {
3217. "name": "GlobalFree",
3218. "address": "0x46c2b4"
3219. },
3220. {
3221. "name": "GlobalFindAtomA",
3222. "address": "0x46c2b8"
3223. },
3224. {
3225. "name": "GlobalDeleteAtom",
3226. "address": "0x46c2bc"
3227. },
3228. {
3229. "name": "GlobalAlloc",
3230. "address": "0x46c2c0"
3231. },
3232. {
3233. "name": "GlobalAddAtomA",
3234. "address": "0x46c2c4"
3235. },
3236. {
3237. "name": "GetVersionExA",
3238. "address": "0x46c2c8"
3239. },
3240. {
3241. "name": "GetVersion",
3242. "address": "0x46c2cc"
3243. },
3244. {
3245. "name": "GetUserDefaultLCID",
3246. "address": "0x46c2d0"
3247. },
3248. {
3249. "name": "GetTickCount",
3250. "address": "0x46c2d4"
3251. },
3252. {
3253. "name": "GetThreadLocale",
3254. "address": "0x46c2d8"
3255. },
3256. {
3257. "name": "GetSystemInfo",
3258. "address": "0x46c2dc"
3259. },
3260. {
3261. "name": "GetStringTypeExA",
3262. "address": "0x46c2e0"
3263. },
3264. {
3265. "name": "GetStdHandle",
3266. "address": "0x46c2e4"
3267. },
3268. {
3269. "name": "GetProfileStringA",
3270. "address": "0x46c2e8"
3271. },
3272. {
3273. "name": "GetProcAddress",
3274. "address": "0x46c2ec"
3275. },
3276. {
3277. "name": "GetModuleHandleA",
3278. "address": "0x46c2f0"
3279. },
3280. {
3281. "name": "GetModuleFileNameA",
3282. "address": "0x46c2f4"
3283. },
3284. {
3285. "name": "GetLocaleInfoA",
3286. "address": "0x46c2f8"
3287. },
3288. {
3289. "name": "GetLocalTime",
3290. "address": "0x46c2fc"
3291. },
3292. {
3293. "name": "GetLastError",
3294. "address": "0x46c300"
3295. },
3296. {
3297. "name": "GetFullPathNameA",
3298. "address": "0x46c304"
3299. },
3300. {
3301. "name": "GetDiskFreeSpaceA",
3302. "address": "0x46c308"
3303. },
3304. {
3305. "name": "GetDateFormatA",
3306. "address": "0x46c30c"
3307. },
3308. {
3309. "name": "GetCurrentThreadId",
3310. "address": "0x46c310"
3311. },
3312. {
3313. "name": "GetCurrentProcessId",
3314. "address": "0x46c314"
3315. },
3316. {
3317. "name": "GetComputerNameA",
3318. "address": "0x46c318"
3319. },
3320. {
3321. "name": "GetCPInfo",
3322. "address": "0x46c31c"
3323. },
3324. {
3325. "name": "GetACP",
3326. "address": "0x46c320"
3327. },
3328. {
3329. "name": "FreeResource",
3330. "address": "0x46c324"
3331. },
3332. {
3333. "name": "InterlockedExchange",
3334. "address": "0x46c328"
3335. },
3336. {
3337. "name": "FreeLibrary",
3338. "address": "0x46c32c"
3339. },
3340. {
3341. "name": "FormatMessageA",
3342. "address": "0x46c330"
3343. },
3344. {
3345. "name": "FindResourceA",
3346. "address": "0x46c334"
3347. },
3348. {
3349. "name": "EnumCalendarInfoA",
3350. "address": "0x46c338"
3351. },
3352. {
3353. "name": "EnterCriticalSection",
3354. "address": "0x46c33c"
3355. },
3356. {
3357. "name": "DeleteCriticalSection",
3358. "address": "0x46c340"
3359. },
3360. {
3361. "name": "CreateThread",
3362. "address": "0x46c344"
3363. },
3364. {
3365. "name": "CreateFileA",
3366. "address": "0x46c348"
3367. },
3368. {
3369. "name": "CreateEventA",
3370. "address": "0x46c34c"
3371. },
3372. {
3373. "name": "CompareStringA",
3374. "address": "0x46c350"
3375. },
3376. {
3377. "name": "CloseHandle",
3378. "address": "0x46c354"
3379. }
3380. ],
3381. "dll": "kernel32.dll"
3382. },
3383. {
3384. "imports": [
3385. {
3386. "name": "VerQueryValueA",
3387. "address": "0x46c35c"
3388. },
3389. {
3390. "name": "GetFileVersionInfoSizeA",
3391. "address": "0x46c360"
3392. },
3393. {
3394. "name": "GetFileVersionInfoA",
3395. "address": "0x46c364"
3396. }
3397. ],
3398. "dll": "version.dll"
3399. },
3400. {
3401. "imports": [
3402. {
3403. "name": "UnrealizeObject",
3404. "address": "0x46c36c"
3405. },
3406. {
3407. "name": "StretchBlt",
3408. "address": "0x46c370"
3409. },
3410. {
3411. "name": "SetWindowOrgEx",
3412. "address": "0x46c374"
3413. },
3414. {
3415. "name": "SetWinMetaFileBits",
3416. "address": "0x46c378"
3417. },
3418. {
3419. "name": "SetViewportOrgEx",
3420. "address": "0x46c37c"
3421. },
3422. {
3423. "name": "SetTextColor",
3424. "address": "0x46c380"
3425. },
3426. {
3427. "name": "SetStretchBltMode",
3428. "address": "0x46c384"
3429. },
3430. {
3431. "name": "SetROP2",
3432. "address": "0x46c388"
3433. },
3434. {
3435. "name": "SetPixel",
3436. "address": "0x46c38c"
3437. },
3438. {
3439. "name": "SetMapMode",
3440. "address": "0x46c390"
3441. },
3442. {
3443. "name": "SetEnhMetaFileBits",
3444. "address": "0x46c394"
3445. },
3446. {
3447. "name": "SetDIBColorTable",
3448. "address": "0x46c398"
3449. },
3450. {
3451. "name": "SetBrushOrgEx",
3452. "address": "0x46c39c"
3453. },
3454. {
3455. "name": "SetBkMode",
3456. "address": "0x46c3a0"
3457. },
3458. {
3459. "name": "SetBkColor",
3460. "address": "0x46c3a4"
3461. },
3462. {
3463. "name": "SelectPalette",
3464. "address": "0x46c3a8"
3465. },
3466. {
3467. "name": "SelectObject",
3468. "address": "0x46c3ac"
3469. },
3470. {
3471. "name": "SelectClipRgn",
3472. "address": "0x46c3b0"
3473. },
3474. {
3475. "name": "ScaleWindowExtEx",
3476. "address": "0x46c3b4"
3477. },
3478. {
3479. "name": "SaveDC",
3480. "address": "0x46c3b8"
3481. },
3482. {
3483. "name": "RestoreDC",
3484. "address": "0x46c3bc"
3485. },
3486. {
3487. "name": "Rectangle",
3488. "address": "0x46c3c0"
3489. },
3490. {
3491. "name": "RectVisible",
3492. "address": "0x46c3c4"
3493. },
3494. {
3495. "name": "RealizePalette",
3496. "address": "0x46c3c8"
3497. },
3498. {
3499. "name": "PlayEnhMetaFile",
3500. "address": "0x46c3cc"
3501. },
3502. {
3503. "name": "PatBlt",
3504. "address": "0x46c3d0"
3505. },
3506. {
3507. "name": "MoveToEx",
3508. "address": "0x46c3d4"
3509. },
3510. {
3511. "name": "MaskBlt",
3512. "address": "0x46c3d8"
3513. },
3514. {
3515. "name": "LineTo",
3516. "address": "0x46c3dc"
3517. },
3518. {
3519. "name": "LPtoDP",
3520. "address": "0x46c3e0"
3521. },
3522. {
3523. "name": "IntersectClipRect",
3524. "address": "0x46c3e4"
3525. },
3526. {
3527. "name": "GetWindowOrgEx",
3528. "address": "0x46c3e8"
3529. },
3530. {
3531. "name": "GetWinMetaFileBits",
3532. "address": "0x46c3ec"
3533. },
3534. {
3535. "name": "GetTextMetricsA",
3536. "address": "0x46c3f0"
3537. },
3538. {
3539. "name": "GetTextExtentPoint32A",
3540. "address": "0x46c3f4"
3541. },
3542. {
3543. "name": "GetSystemPaletteEntries",
3544. "address": "0x46c3f8"
3545. },
3546. {
3547. "name": "GetStockObject",
3548. "address": "0x46c3fc"
3549. },
3550. {
3551. "name": "GetPixel",
3552. "address": "0x46c400"
3553. },
3554. {
3555. "name": "GetPaletteEntries",
3556. "address": "0x46c404"
3557. },
3558. {
3559. "name": "GetObjectA",
3560. "address": "0x46c408"
3561. },
3562. {
3563. "name": "GetEnhMetaFilePaletteEntries",
3564. "address": "0x46c40c"
3565. },
3566. {
3567. "name": "GetEnhMetaFileHeader",
3568. "address": "0x46c410"
3569. },
3570. {
3571. "name": "GetEnhMetaFileDescriptionA",
3572. "address": "0x46c414"
3573. },
3574. {
3575. "name": "GetEnhMetaFileBits",
3576. "address": "0x46c418"
3577. },
3578. {
3579. "name": "GetDeviceCaps",
3580. "address": "0x46c41c"
3581. },
3582. {
3583. "name": "GetDIBits",
3584. "address": "0x46c420"
3585. },
3586. {
3587. "name": "GetDIBColorTable",
3588. "address": "0x46c424"
3589. },
3590. {
3591. "name": "GetDCOrgEx",
3592. "address": "0x46c428"
3593. },
3594. {
3595. "name": "GetCurrentPositionEx",
3596. "address": "0x46c42c"
3597. },
3598. {
3599. "name": "GetClipRgn",
3600. "address": "0x46c430"
3601. },
3602. {
3603. "name": "GetClipBox",
3604. "address": "0x46c434"
3605. },
3606. {
3607. "name": "GetBrushOrgEx",
3608. "address": "0x46c438"
3609. },
3610. {
3611. "name": "GetBitmapBits",
3612. "address": "0x46c43c"
3613. },
3614. {
3615. "name": "ExcludeClipRect",
3616. "address": "0x46c440"
3617. },
3618. {
3619. "name": "EndPage",
3620. "address": "0x46c444"
3621. },
3622. {
3623. "name": "EndDoc",
3624. "address": "0x46c448"
3625. },
3626. {
3627. "name": "DeleteObject",
3628. "address": "0x46c44c"
3629. },
3630. {
3631. "name": "DeleteEnhMetaFile",
3632. "address": "0x46c450"
3633. },
3634. {
3635. "name": "DeleteDC",
3636. "address": "0x46c454"
3637. },
3638. {
3639. "name": "CreateSolidBrush",
3640. "address": "0x46c458"
3641. },
3642. {
3643. "name": "CreateRectRgn",
3644. "address": "0x46c45c"
3645. },
3646. {
3647. "name": "CreatePenIndirect",
3648. "address": "0x46c460"
3649. },
3650. {
3651. "name": "CreatePalette",
3652. "address": "0x46c464"
3653. },
3654. {
3655. "name": "CreateICA",
3656. "address": "0x46c468"
3657. },
3658. {
3659. "name": "CreateHalftonePalette",
3660. "address": "0x46c46c"
3661. },
3662. {
3663. "name": "CreateFontIndirectA",
3664. "address": "0x46c470"
3665. },
3666. {
3667. "name": "CreateEnhMetaFileA",
3668. "address": "0x46c474"
3669. },
3670. {
3671. "name": "CreateDIBitmap",
3672. "address": "0x46c478"
3673. },
3674. {
3675. "name": "CreateDIBSection",
3676. "address": "0x46c47c"
3677. },
3678. {
3679. "name": "CreateDCA",
3680. "address": "0x46c480"
3681. },
3682. {
3683. "name": "CreateCompatibleDC",
3684. "address": "0x46c484"
3685. },
3686. {
3687. "name": "CreateCompatibleBitmap",
3688. "address": "0x46c488"
3689. },
3690. {
3691. "name": "CreateBrushIndirect",
3692. "address": "0x46c48c"
3693. },
3694. {
3695. "name": "CreateBitmap",
3696. "address": "0x46c490"
3697. },
3698. {
3699. "name": "CopyEnhMetaFileA",
3700. "address": "0x46c494"
3701. },
3702. {
3703. "name": "CloseEnhMetaFile",
3704. "address": "0x46c498"
3705. },
3706. {
3707. "name": "BitBlt",
3708. "address": "0x46c49c"
3709. }
3710. ],
3711. "dll": "gdi32.dll"
3712. },
3713. {
3714. "imports": [
3715. {
3716. "name": "CreateWindowExA",
3717. "address": "0x46c4a4"
3718. },
3719. {
3720. "name": "WindowFromPoint",
3721. "address": "0x46c4a8"
3722. },
3723. {
3724. "name": "WinHelpA",
3725. "address": "0x46c4ac"
3726. },
3727. {
3728. "name": "WaitMessage",
3729. "address": "0x46c4b0"
3730. },
3731. {
3732. "name": "UpdateWindow",
3733. "address": "0x46c4b4"
3734. },
3735. {
3736. "name": "UnregisterClassA",
3737. "address": "0x46c4b8"
3738. },
3739. {
3740. "name": "UnhookWindowsHookEx",
3741. "address": "0x46c4bc"
3742. },
3743. {
3744. "name": "TranslateMessage",
3745. "address": "0x46c4c0"
3746. },
3747. {
3748. "name": "TranslateMDISysAccel",
3749. "address": "0x46c4c4"
3750. },
3751. {
3752. "name": "TrackPopupMenu",
3753. "address": "0x46c4c8"
3754. },
3755. {
3756. "name": "SystemParametersInfoA",
3757. "address": "0x46c4cc"
3758. },
3759. {
3760. "name": "ShowWindow",
3761. "address": "0x46c4d0"
3762. },
3763. {
3764. "name": "ShowScrollBar",
3765. "address": "0x46c4d4"
3766. },
3767. {
3768. "name": "ShowOwnedPopups",
3769. "address": "0x46c4d8"
3770. },
3771. {
3772. "name": "ShowCursor",
3773. "address": "0x46c4dc"
3774. },
3775. {
3776. "name": "SetWindowsHookExA",
3777. "address": "0x46c4e0"
3778. },
3779. {
3780. "name": "SetWindowPos",
3781. "address": "0x46c4e4"
3782. },
3783. {
3784. "name": "SetWindowPlacement",
3785. "address": "0x46c4e8"
3786. },
3787. {
3788. "name": "SetWindowLongA",
3789. "address": "0x46c4ec"
3790. },
3791. {
3792. "name": "SetTimer",
3793. "address": "0x46c4f0"
3794. },
3795. {
3796. "name": "SetScrollRange",
3797. "address": "0x46c4f4"
3798. },
3799. {
3800. "name": "SetScrollPos",
3801. "address": "0x46c4f8"
3802. },
3803. {
3804. "name": "SetScrollInfo",
3805. "address": "0x46c4fc"
3806. },
3807. {
3808. "name": "SetRect",
3809. "address": "0x46c500"
3810. },
3811. {
3812. "name": "SetPropA",
3813. "address": "0x46c504"
3814. },
3815. {
3816. "name": "SetParent",
3817. "address": "0x46c508"
3818. },
3819. {
3820. "name": "SetMenuItemInfoA",
3821. "address": "0x46c50c"
3822. },
3823. {
3824. "name": "SetMenu",
3825. "address": "0x46c510"
3826. },
3827. {
3828. "name": "SetForegroundWindow",
3829. "address": "0x46c514"
3830. },
3831. {
3832. "name": "SetFocus",
3833. "address": "0x46c518"
3834. },
3835. {
3836. "name": "SetCursor",
3837. "address": "0x46c51c"
3838. },
3839. {
3840. "name": "SetClassLongA",
3841. "address": "0x46c520"
3842. },
3843. {
3844. "name": "SetCapture",
3845. "address": "0x46c524"
3846. },
3847. {
3848. "name": "SetActiveWindow",
3849. "address": "0x46c528"
3850. },
3851. {
3852. "name": "SendMessageA",
3853. "address": "0x46c52c"
3854. },
3855. {
3856. "name": "ScrollWindow",
3857. "address": "0x46c530"
3858. },
3859. {
3860. "name": "ScreenToClient",
3861. "address": "0x46c534"
3862. },
3863. {
3864. "name": "RemovePropA",
3865. "address": "0x46c538"
3866. },
3867. {
3868. "name": "RemoveMenu",
3869. "address": "0x46c53c"
3870. },
3871. {
3872. "name": "ReleaseDC",
3873. "address": "0x46c540"
3874. },
3875. {
3876. "name": "ReleaseCapture",
3877. "address": "0x46c544"
3878. },
3879. {
3880. "name": "RegisterWindowMessageA",
3881. "address": "0x46c548"
3882. },
3883. {
3884. "name": "RegisterClipboardFormatA",
3885. "address": "0x46c54c"
3886. },
3887. {
3888. "name": "RegisterClassA",
3889. "address": "0x46c550"
3890. },
3891. {
3892. "name": "RedrawWindow",
3893. "address": "0x46c554"
3894. },
3895. {
3896. "name": "PtInRect",
3897. "address": "0x46c558"
3898. },
3899. {
3900. "name": "PostQuitMessage",
3901. "address": "0x46c55c"
3902. },
3903. {
3904. "name": "PostMessageA",
3905. "address": "0x46c560"
3906. },
3907. {
3908. "name": "PeekMessageA",
3909. "address": "0x46c564"
3910. },
3911. {
3912. "name": "OffsetRect",
3913. "address": "0x46c568"
3914. },
3915. {
3916. "name": "OemToCharA",
3917. "address": "0x46c56c"
3918. },
3919. {
3920. "name": "MessageBoxA",
3921. "address": "0x46c570"
3922. },
3923. {
3924. "name": "MapWindowPoints",
3925. "address": "0x46c574"
3926. },
3927. {
3928. "name": "MapVirtualKeyA",
3929. "address": "0x46c578"
3930. },
3931. {
3932. "name": "LoadStringA",
3933. "address": "0x46c57c"
3934. },
3935. {
3936. "name": "LoadKeyboardLayoutA",
3937. "address": "0x46c580"
3938. },
3939. {
3940. "name": "LoadIconA",
3941. "address": "0x46c584"
3942. },
3943. {
3944. "name": "LoadCursorA",
3945. "address": "0x46c588"
3946. },
3947. {
3948. "name": "LoadBitmapA",
3949. "address": "0x46c58c"
3950. },
3951. {
3952. "name": "KillTimer",
3953. "address": "0x46c590"
3954. },
3955. {
3956. "name": "IsZoomed",
3957. "address": "0x46c594"
3958. },
3959. {
3960. "name": "IsWindowVisible",
3961. "address": "0x46c598"
3962. },
3963. {
3964. "name": "IsWindowEnabled",
3965. "address": "0x46c59c"
3966. },
3967. {
3968. "name": "IsWindow",
3969. "address": "0x46c5a0"
3970. },
3971. {
3972. "name": "IsRectEmpty",
3973. "address": "0x46c5a4"
3974. },
3975. {
3976. "name": "IsIconic",
3977. "address": "0x46c5a8"
3978. },
3979. {
3980. "name": "IsDialogMessageA",
3981. "address": "0x46c5ac"
3982. },
3983. {
3984. "name": "IsChild",
3985. "address": "0x46c5b0"
3986. },
3987. {
3988. "name": "InvalidateRect",
3989. "address": "0x46c5b4"
3990. },
3991. {
3992. "name": "IntersectRect",
3993. "address": "0x46c5b8"
3994. },
3995. {
3996. "name": "InsertMenuItemA",
3997. "address": "0x46c5bc"
3998. },
3999. {
4000. "name": "InsertMenuA",
4001. "address": "0x46c5c0"
4002. },
4003. {
4004. "name": "InflateRect",
4005. "address": "0x46c5c4"
4006. },
4007. {
4008. "name": "GetWindowThreadProcessId",
4009. "address": "0x46c5c8"
4010. },
4011. {
4012. "name": "GetWindowTextA",
4013. "address": "0x46c5cc"
4014. },
4015. {
4016. "name": "GetWindowRect",
4017. "address": "0x46c5d0"
4018. },
4019. {
4020. "name": "GetWindowPlacement",
4021. "address": "0x46c5d4"
4022. },
4023. {
4024. "name": "GetWindowLongA",
4025. "address": "0x46c5d8"
4026. },
4027. {
4028. "name": "GetWindowDC",
4029. "address": "0x46c5dc"
4030. },
4031. {
4032. "name": "GetTopWindow",
4033. "address": "0x46c5e0"
4034. },
4035. {
4036. "name": "GetSystemMetrics",
4037. "address": "0x46c5e4"
4038. },
4039. {
4040. "name": "GetSystemMenu",
4041. "address": "0x46c5e8"
4042. },
4043. {
4044. "name": "GetSysColorBrush",
4045. "address": "0x46c5ec"
4046. },
4047. {
4048. "name": "GetSysColor",
4049. "address": "0x46c5f0"
4050. },
4051. {
4052. "name": "GetSubMenu",
4053. "address": "0x46c5f4"
4054. },
4055. {
4056. "name": "GetScrollRange",
4057. "address": "0x46c5f8"
4058. },
4059. {
4060. "name": "GetScrollPos",
4061. "address": "0x46c5fc"
4062. },
4063. {
4064. "name": "GetScrollInfo",
4065. "address": "0x46c600"
4066. },
4067. {
4068. "name": "GetPropA",
4069. "address": "0x46c604"
4070. },
4071. {
4072. "name": "GetParent",
4073. "address": "0x46c608"
4074. },
4075. {
4076. "name": "GetWindow",
4077. "address": "0x46c60c"
4078. },
4079. {
4080. "name": "GetMessageTime",
4081. "address": "0x46c610"
4082. },
4083. {
4084. "name": "GetMenuStringA",
4085. "address": "0x46c614"
4086. },
4087. {
4088. "name": "GetMenuState",
4089. "address": "0x46c618"
4090. },
4091. {
4092. "name": "GetMenuItemInfoA",
4093. "address": "0x46c61c"
4094. },
4095. {
4096. "name": "GetMenuItemID",
4097. "address": "0x46c620"
4098. },
4099. {
4100. "name": "GetMenuItemCount",
4101. "address": "0x46c624"
4102. },
4103. {
4104. "name": "GetMenu",
4105. "address": "0x46c628"
4106. },
4107. {
4108. "name": "GetLastActivePopup",
4109. "address": "0x46c62c"
4110. },
4111. {
4112. "name": "GetKeyboardState",
4113. "address": "0x46c630"
4114. },
4115. {
4116. "name": "GetKeyboardLayoutList",
4117. "address": "0x46c634"
4118. },
4119. {
4120. "name": "GetKeyboardLayout",
4121. "address": "0x46c638"
4122. },
4123. {
4124. "name": "GetKeyState",
4125. "address": "0x46c63c"
4126. },
4127. {
4128. "name": "GetKeyNameTextA",
4129. "address": "0x46c640"
4130. },
4131. {
4132. "name": "GetIconInfo",
4133. "address": "0x46c644"
4134. },
4135. {
4136. "name": "GetForegroundWindow",
4137. "address": "0x46c648"
4138. },
4139. {
4140. "name": "GetFocus",
4141. "address": "0x46c64c"
4142. },
4143. {
4144. "name": "GetDesktopWindow",
4145. "address": "0x46c650"
4146. },
4147. {
4148. "name": "GetDCEx",
4149. "address": "0x46c654"
4150. },
4151. {
4152. "name": "GetDC",
4153. "address": "0x46c658"
4154. },
4155. {
4156. "name": "GetCursorPos",
4157. "address": "0x46c65c"
4158. },
4159. {
4160. "name": "GetCursor",
4161. "address": "0x46c660"
4162. },
4163. {
4164. "name": "GetClipboardData",
4165. "address": "0x46c664"
4166. },
4167. {
4168. "name": "GetClientRect",
4169. "address": "0x46c668"
4170. },
4171. {
4172. "name": "GetClassNameA",
4173. "address": "0x46c66c"
4174. },
4175. {
4176. "name": "GetClassInfoA",
4177. "address": "0x46c670"
4178. },
4179. {
4180. "name": "GetCapture",
4181. "address": "0x46c674"
4182. },
4183. {
4184. "name": "GetActiveWindow",
4185. "address": "0x46c678"
4186. },
4187. {
4188. "name": "FrameRect",
4189. "address": "0x46c67c"
4190. },
4191. {
4192. "name": "FindWindowA",
4193. "address": "0x46c680"
4194. },
4195. {
4196. "name": "FillRect",
4197. "address": "0x46c684"
4198. },
4199. {
4200. "name": "EqualRect",
4201. "address": "0x46c688"
4202. },
4203. {
4204. "name": "EnumWindows",
4205. "address": "0x46c68c"
4206. },
4207. {
4208. "name": "EnumThreadWindows",
4209. "address": "0x46c690"
4210. },
4211. {
4212. "name": "EndPaint",
4213. "address": "0x46c694"
4214. },
4215. {
4216. "name": "EnableWindow",
4217. "address": "0x46c698"
4218. },
4219. {
4220. "name": "EnableScrollBar",
4221. "address": "0x46c69c"
4222. },
4223. {
4224. "name": "EnableMenuItem",
4225. "address": "0x46c6a0"
4226. },
4227. {
4228. "name": "DrawTextA",
4229. "address": "0x46c6a4"
4230. },
4231. {
4232. "name": "DrawMenuBar",
4233. "address": "0x46c6a8"
4234. },
4235. {
4236. "name": "DrawIconEx",
4237. "address": "0x46c6ac"
4238. },
4239. {
4240. "name": "DrawIcon",
4241. "address": "0x46c6b0"
4242. },
4243. {
4244. "name": "DrawFrameControl",
4245. "address": "0x46c6b4"
4246. },
4247. {
4248. "name": "DrawFocusRect",
4249. "address": "0x46c6b8"
4250. },
4251. {
4252. "name": "DrawEdge",
4253. "address": "0x46c6bc"
4254. },
4255. {
4256. "name": "DispatchMessageA",
4257. "address": "0x46c6c0"
4258. },
4259. {
4260. "name": "DestroyWindow",
4261. "address": "0x46c6c4"
4262. },
4263. {
4264. "name": "DestroyMenu",
4265. "address": "0x46c6c8"
4266. },
4267. {
4268. "name": "DestroyIcon",
4269. "address": "0x46c6cc"
4270. },
4271. {
4272. "name": "DestroyCursor",
4273. "address": "0x46c6d0"
4274. },
4275. {
4276. "name": "DeleteMenu",
4277. "address": "0x46c6d4"
4278. },
4279. {
4280. "name": "DefWindowProcA",
4281. "address": "0x46c6d8"
4282. },
4283. {
4284. "name": "DefMDIChildProcA",
4285. "address": "0x46c6dc"
4286. },
4287. {
4288. "name": "DefFrameProcA",
4289. "address": "0x46c6e0"
4290. },
4291. {
4292. "name": "CreatePopupMenu",
4293. "address": "0x46c6e4"
4294. },
4295. {
4296. "name": "CreateMenu",
4297. "address": "0x46c6e8"
4298. },
4299. {
4300. "name": "CreateIcon",
4301. "address": "0x46c6ec"
4302. },
4303. {
4304. "name": "ClientToScreen",
4305. "address": "0x46c6f0"
4306. },
4307. {
4308. "name": "CheckMenuItem",
4309. "address": "0x46c6f4"
4310. },
4311. {
4312. "name": "CallWindowProcA",
4313. "address": "0x46c6f8"
4314. },
4315. {
4316. "name": "CallNextHookEx",
4317. "address": "0x46c6fc"
4318. },
4319. {
4320. "name": "BeginPaint",
4321. "address": "0x46c700"
4322. },
4323. {
4324. "name": "CharNextA",
4325. "address": "0x46c704"
4326. },
4327. {
4328. "name": "CharLowerBuffA",
4329. "address": "0x46c708"
4330. },
4331. {
4332. "name": "CharLowerA",
4333. "address": "0x46c70c"
4334. },
4335. {
4336. "name": "CharToOemA",
4337. "address": "0x46c710"
4338. },
4339. {
4340. "name": "AdjustWindowRectEx",
4341. "address": "0x46c714"
4342. },
4343. {
4344. "name": "ActivateKeyboardLayout",
4345. "address": "0x46c718"
4346. }
4347. ],
4348. "dll": "user32.dll"
4349. },
4350. {
4351. "imports": [
4352. {
4353. "name": "Sleep",
4354. "address": "0x46c720"
4355. }
4356. ],
4357. "dll": "kernel32.dll"
4358. },
4359. {
4360. "imports": [
4361. {
4362. "name": "SafeArrayPtrOfIndex",
4363. "address": "0x46c728"
4364. },
4365. {
4366. "name": "SafeArrayGetUBound",
4367. "address": "0x46c72c"
4368. },
4369. {
4370. "name": "SafeArrayGetLBound",
4371. "address": "0x46c730"
4372. },
4373. {
4374. "name": "SafeArrayCreate",
4375. "address": "0x46c734"
4376. },
4377. {
4378. "name": "VariantChangeType",
4379. "address": "0x46c738"
4380. },
4381. {
4382. "name": "VariantCopy",
4383. "address": "0x46c73c"
4384. },
4385. {
4386. "name": "VariantClear",
4387. "address": "0x46c740"
4388. },
4389. {
4390. "name": "VariantInit",
4391. "address": "0x46c744"
4392. }
4393. ],
4394. "dll": "oleaut32.dll"
4395. },
4396. {
4397. "imports": [
4398. {
4399. "name": "CreateStreamOnHGlobal",
4400. "address": "0x46c74c"
4401. },
4402. {
4403. "name": "IsAccelerator",
4404. "address": "0x46c750"
4405. },
4406. {
4407. "name": "OleDraw",
4408. "address": "0x46c754"
4409. },
4410. {
4411. "name": "OleSetMenuDescriptor",
4412. "address": "0x46c758"
4413. },
4414. {
4415. "name": "CoTaskMemFree",
4416. "address": "0x46c75c"
4417. },
4418. {
4419. "name": "ProgIDFromCLSID",
4420. "address": "0x46c760"
4421. },
4422. {
4423. "name": "StringFromCLSID",
4424. "address": "0x46c764"
4425. },
4426. {
4427. "name": "CoCreateInstance",
4428. "address": "0x46c768"
4429. },
4430. {
4431. "name": "CoGetClassObject",
4432. "address": "0x46c76c"
4433. },
4434. {
4435. "name": "CoUninitialize",
4436. "address": "0x46c770"
4437. },
4438. {
4439. "name": "CoInitialize",
4440. "address": "0x46c774"
4441. },
4442. {
4443. "name": "IsEqualGUID",
4444. "address": "0x46c778"
4445. }
4446. ],
4447. "dll": "ole32.dll"
4448. },
4449. {
4450. "imports": [
4451. {
4452. "name": "GetErrorInfo",
4453. "address": "0x46c780"
4454. },
4455. {
4456. "name": "GetActiveObject",
4457. "address": "0x46c784"
4458. },
4459. {
4460. "name": "SysFreeString",
4461. "address": "0x46c788"
4462. }
4463. ],
4464. "dll": "oleaut32.dll"
4465. },
4466. {
4467. "imports": [
4468. {
4469. "name": "ImageList_SetIconSize",
4470. "address": "0x46c790"
4471. },
4472. {
4473. "name": "ImageList_GetIconSize",
4474. "address": "0x46c794"
4475. },
4476. {
4477. "name": "ImageList_Write",
4478. "address": "0x46c798"
4479. },
4480. {
4481. "name": "ImageList_Read",
4482. "address": "0x46c79c"
4483. },
4484. {
4485. "name": "ImageList_GetDragImage",
4486. "address": "0x46c7a0"
4487. },
4488. {
4489. "name": "ImageList_DragShowNolock",
4490. "address": "0x46c7a4"
4491. },
4492. {
4493. "name": "ImageList_SetDragCursorImage",
4494. "address": "0x46c7a8"
4495. },
4496. {
4497. "name": "ImageList_DragMove",
4498. "address": "0x46c7ac"
4499. },
4500. {
4501. "name": "ImageList_DragLeave",
4502. "address": "0x46c7b0"
4503. },
4504. {
4505. "name": "ImageList_DragEnter",
4506. "address": "0x46c7b4"
4507. },
4508. {
4509. "name": "ImageList_EndDrag",
4510. "address": "0x46c7b8"
4511. },
4512. {
4513. "name": "ImageList_BeginDrag",
4514. "address": "0x46c7bc"
4515. },
4516. {
4517. "name": "ImageList_Remove",
4518. "address": "0x46c7c0"
4519. },
4520. {
4521. "name": "ImageList_DrawEx",
4522. "address": "0x46c7c4"
4523. },
4524. {
4525. "name": "ImageList_Draw",
4526. "address": "0x46c7c8"
4527. },
4528. {
4529. "name": "ImageList_GetBkColor",
4530. "address": "0x46c7cc"
4531. },
4532. {
4533. "name": "ImageList_SetBkColor",
4534. "address": "0x46c7d0"
4535. },
4536. {
4537. "name": "ImageList_ReplaceIcon",
4538. "address": "0x46c7d4"
4539. },
4540. {
4541. "name": "ImageList_Add",
4542. "address": "0x46c7d8"
4543. },
4544. {
4545. "name": "ImageList_GetImageCount",
4546. "address": "0x46c7dc"
4547. },
4548. {
4549. "name": "ImageList_Destroy",
4550. "address": "0x46c7e0"
4551. },
4552. {
4553. "name": "ImageList_Create",
4554. "address": "0x46c7e4"
4555. }
4556. ],
4557. "dll": "comctl32.dll"
4558. },
4559. {
4560. "imports": [
4561. {
4562. "name": "OpenPrinterA",
4563. "address": "0x46c7ec"
4564. },
4565. {
4566. "name": "EnumPrintersA",
4567. "address": "0x46c7f0"
4568. },
4569. {
4570. "name": "DocumentPropertiesA",
4571. "address": "0x46c7f4"
4572. },
4573. {
4574. "name": "ClosePrinter",
4575. "address": "0x46c7f8"
4576. }
4577. ],
4578. "dll": "winspool.drv"
4579. },
4580. {
4581. "imports": [
4582. {
4583. "name": "PrintDlgA",
4584. "address": "0x46c800"
4585. }
4586. ],
4587. "dll": "comdlg32.dll"
4588. }
4589. ],
4590. "digital_signers": null,
4591. "exported_dll_name": null,
4592. "actual_checksum": "0x000c65eb",
4593. "overlay": null,
4594. "imagebase": "0x00400000",
4595. "reported_checksum": "0x00000000",
4596. "icon_hash": null,
4597. "entrypoint": "0x00460f88",
4598. "timestamp": "1992-05-13 13:18:15",
4599. "osversion": "4.0",
4600. "sections": [
4601. {
4602. "name": "CODE",
4603. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4604. "virtual_address": "0x00001000",
4605. "size_of_data": "0x00060000",
4606. "entropy": "6.55",
4607. "raw_address": "0x00000400",
4608. "virtual_size": "0x0005ffd0",
4609. "characteristics_raw": "0x60000020"
4610. },
4611. {
4612. "name": "DATA",
4613. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4614. "virtual_address": "0x00061000",
4615. "size_of_data": "0x00009600",
4616. "entropy": "5.05",
4617. "raw_address": "0x00060400",
4618. "virtual_size": "0x00009598",
4619. "characteristics_raw": "0xc0000040"
4620. },
4621. {
4622. "name": "BSS",
4623. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4624. "virtual_address": "0x0006b000",
4625. "size_of_data": "0x00000000",
4626. "entropy": "0.00",
4627. "raw_address": "0x00069a00",
4628. "virtual_size": "0x00000d5d",
4629. "characteristics_raw": "0xc0000000"
4630. },
4631. {
4632. "name": ".idata",
4633. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4634. "virtual_address": "0x0006c000",
4635. "size_of_data": "0x00002600",
4636. "entropy": "4.90",
4637. "raw_address": "0x00069a00",
4638. "virtual_size": "0x00002436",
4639. "characteristics_raw": "0xc0000040"
4640. },
4641. {
4642. "name": ".tls",
4643. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4644. "virtual_address": "0x0006f000",
4645. "size_of_data": "0x00000000",
4646. "entropy": "0.00",
4647. "raw_address": "0x0006c000",
4648. "virtual_size": "0x00000010",
4649. "characteristics_raw": "0xc0000000"
4650. },
4651. {
4652. "name": ".rdata",
4653. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4654. "virtual_address": "0x00070000",
4655. "size_of_data": "0x00000200",
4656. "entropy": "0.18",
4657. "raw_address": "0x0006c000",
4658. "virtual_size": "0x00000018",
4659. "characteristics_raw": "0x50000040"
4660. },
4661. {
4662. "name": ".reloc",
4663. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4664. "virtual_address": "0x00071000",
4665. "size_of_data": "0x00006e00",
4666. "entropy": "6.69",
4667. "raw_address": "0x0006c200",
4668. "virtual_size": "0x00006da0",
4669. "characteristics_raw": "0x50000040"
4670. },
4671. {
4672. "name": ".rsrc",
4673. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4674. "virtual_address": "0x00078000",
4675. "size_of_data": "0x00052800",
4676. "entropy": "7.21",
4677. "raw_address": "0x00073000",
4678. "virtual_size": "0x000527e4",
4679. "characteristics_raw": "0x50000040"
4680. }
4681. ],
4682. "resources": [],
4683. "dirents": [
4684. {
4685. "virtual_address": "0x00000000",
4686. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
4687. "size": "0x00000000"
4688. },
4689. {
4690. "virtual_address": "0x0006c000",
4691. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
4692. "size": "0x00002436"
4693. },
4694. {
4695. "virtual_address": "0x00078000",
4696. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
4697. "size": "0x000527e4"
4698. },
4699. {
4700. "virtual_address": "0x00000000",
4701. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
4702. "size": "0x00000000"
4703. },
4704. {
4705. "virtual_address": "0x00000000",
4706. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
4707. "size": "0x00000000"
4708. },
4709. {
4710. "virtual_address": "0x00071000",
4711. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
4712. "size": "0x00006da0"
4713. },
4714. {
4715. "virtual_address": "0x00000000",
4716. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
4717. "size": "0x00000000"
4718. },
4719. {
4720. "virtual_address": "0x00000000",
4721. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
4722. "size": "0x00000000"
4723. },
4724. {
4725. "virtual_address": "0x00000000",
4726. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
4727. "size": "0x00000000"
4728. },
4729. {
4730. "virtual_address": "0x00070000",
4731. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
4732. "size": "0x00000018"
4733. },
4734. {
4735. "virtual_address": "0x00000000",
4736. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
4737. "size": "0x00000000"
4738. },
4739. {
4740. "virtual_address": "0x00000000",
4741. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
4742. "size": "0x00000000"
4743. },
4744. {
4745. "virtual_address": "0x00000000",
4746. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
4747. "size": "0x00000000"
4748. },
4749. {
4750. "virtual_address": "0x00000000",
4751. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
4752. "size": "0x00000000"
4753. },
4754. {
4755. "virtual_address": "0x00000000",
4756. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
4757. "size": "0x00000000"
4758. },
4759. {
4760. "virtual_address": "0x00000000",
4761. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
4762. "size": "0x00000000"
4763. }
4764. ],
4765. "exports": [],
4766. "guest_signers": {},
4767. "imphash": "7fb35e61cc1c101619a710991bd5cb58",
4768. "icon_fuzzy": null,
4769. "icon": null,
4770. "pdbpath": null,
4771. "imported_dll_count": 17,
4772. "versioninfo": []
4773. }
4774. }