bpxssh_exe_2019-06-26_20_30.json

1.  
2. [*] MalFamily: "Zpevdo"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "bpxssh.exe"
7. [*] File Size: 411648
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "2b6e601265b592e3b0ef36d1935dde61d3f288d37537819e86d287dd5ab41bb1"
10. [*] MD5: "a58831e6442b94e9de7b8c5f1c2e3227"
11. [*] SHA1: "b8ed2f2a3471134e9200ffd750998b43d3a4b41d"
12. [*] SHA512: "ff3610ff7e2e4de9232b307f7fb441d9be48fbeb85e5c1b551eae25da2b5c27583797a0c64c9a18806c69ac001c39c78b95ea2e2b1762f7833ccd3c0922b0a79"
13. [*] CRC32: "3770A46F"
14. [*] SSDEEP: "6144:UITQ/KBP1PdBo6bj2uVAcNc9w5bjeo3+PmoEtcXod6/x9kPdioaKhsK1zHmdBFv:zk/KBPFdBV2Hn9AulGt0tUPIkmBB"
15.  
16. [*] Process Execution: [
17. "bpxssh.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Creates RWX memory",
23. "Details": []
24. },
25. {
26. "Description": "Checks for the presence of known windows from debuggers and forensic tools",
27. "Details": [
28. {
29. "Window": "TfrmMain"
30. }
31. ]
32. },
33. {
34. "Description": "File has been identified by 24 Antiviruses on VirusTotal as malicious",
35. "Details": [
36. {
37. "MicroWorld-eScan": "Gen:Variant.Graftor.611876"
38. },
39. {
40. "ALYac": "Gen:Variant.Graftor.611876"
41. },
42. {
43. "CrowdStrike": "win/malicious_confidence_60% (W)"
44. },
45. {
46. "BitDefender": "Gen:Variant.Graftor.611876"
47. },
48. {
49. "Arcabit": "Trojan.Graftor.D95624"
50. },
51. {
52. "ESET-NOD32": "a variant of Win32/Injector.EGFN"
53. },
54. {
55. "Avast": "Win32:Trojan-gen"
56. },
57. {
58. "Ad-Aware": "Gen:Variant.Graftor.611876"
59. },
60. {
61. "F-Secure": "Trojan.TR/Injector.hjqwr"
62. },
63. {
64. "McAfee-GW-Edition": "BehavesLike.Win32.Worm.gh"
65. },
66. {
67. "FireEye": "Generic.mg.a58831e6442b94e9"
68. },
69. {
70. "Emsisoft": "Gen:Variant.Graftor.611876 (B)"
71. },
72. {
73. "Microsoft": "Trojan:Win32/Zpevdo.B"
74. },
75. {
76. "AegisLab": "Trojan.Win32.Graftor.4!c"
77. },
78. {
79. "GData": "Gen:Variant.Graftor.611876"
80. },
81. {
82. "AhnLab-V3": "Trojan/Win32.Agent.C3299124"
83. },
84. {
85. "McAfee": "RDN/Generic.grp"
86. },
87. {
88. "TACHYON": "Trojan/W32.DP-Agent.411648.AB"
89. },
90. {
91. "Cylance": "Unsafe"
92. },
93. {
94. "Tencent": "Win32.Backdoor.Remcos.Auto"
95. },
96. {
97. "Ikarus": "Trojan.Win32.Injector"
98. },
99. {
100. "Fortinet": "W32/Injector.DOUH!tr"
101. },
102. {
103. "AVG": "Win32:Trojan-gen"
104. },
105. {
106. "Panda": "Trj/GdSda.A"
107. }
108. ]
109. },
110. {
111. "Description": "Anomalous binary characteristics",
112. "Details": [
113. {
114. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
115. }
116. ]
117. }
118. ]
119.  
120. [*] Started Service: []
121.  
122. [*] Executed Commands: []
123.  
124. [*] Mutexes: []
125.  
126. [*] Modified Files: []
127.  
128. [*] Deleted Files: []
129.  
130. [*] Modified Registry Keys: []
131.  
132. [*] Deleted Registry Keys: []
133.  
134. [*] DNS Communications: []
135.  
136. [*] Domains: []
137.  
138. [*] Network Communication - ICMP: []
139.  
140. [*] Network Communication - HTTP: []
141.  
142. [*] Network Communication - SMTP: []
143.  
144. [*] Network Communication - Hosts: []
145.  
146. [*] Network Communication - IRC: []
147.  
148. [*] Static Analysis: {
149. "pe": {
150. "peid_signatures": null,
151. "imports": [
152. {
153. "imports": [
154. {
155. "name": "DeleteCriticalSection",
156. "address": "0x45b118"
157. },
158. {
159. "name": "LeaveCriticalSection",
160. "address": "0x45b11c"
161. },
162. {
163. "name": "EnterCriticalSection",
164. "address": "0x45b120"
165. },
166. {
167. "name": "InitializeCriticalSection",
168. "address": "0x45b124"
169. },
170. {
171. "name": "VirtualFree",
172. "address": "0x45b128"
173. },
174. {
175. "name": "VirtualAlloc",
176. "address": "0x45b12c"
177. },
178. {
179. "name": "LocalFree",
180. "address": "0x45b130"
181. },
182. {
183. "name": "LocalAlloc",
184. "address": "0x45b134"
185. },
186. {
187. "name": "GetVersion",
188. "address": "0x45b138"
189. },
190. {
191. "name": "GetCurrentThreadId",
192. "address": "0x45b13c"
193. },
194. {
195. "name": "InterlockedDecrement",
196. "address": "0x45b140"
197. },
198. {
199. "name": "InterlockedIncrement",
200. "address": "0x45b144"
201. },
202. {
203. "name": "VirtualQuery",
204. "address": "0x45b148"
205. },
206. {
207. "name": "WideCharToMultiByte",
208. "address": "0x45b14c"
209. },
210. {
211. "name": "MultiByteToWideChar",
212. "address": "0x45b150"
213. },
214. {
215. "name": "lstrlenA",
216. "address": "0x45b154"
217. },
218. {
219. "name": "lstrcpynA",
220. "address": "0x45b158"
221. },
222. {
223. "name": "LoadLibraryExA",
224. "address": "0x45b15c"
225. },
226. {
227. "name": "GetThreadLocale",
228. "address": "0x45b160"
229. },
230. {
231. "name": "GetStartupInfoA",
232. "address": "0x45b164"
233. },
234. {
235. "name": "GetProcAddress",
236. "address": "0x45b168"
237. },
238. {
239. "name": "GetModuleHandleA",
240. "address": "0x45b16c"
241. },
242. {
243. "name": "GetModuleFileNameA",
244. "address": "0x45b170"
245. },
246. {
247. "name": "GetLocaleInfoA",
248. "address": "0x45b174"
249. },
250. {
251. "name": "GetCommandLineA",
252. "address": "0x45b178"
253. },
254. {
255. "name": "FreeLibrary",
256. "address": "0x45b17c"
257. },
258. {
259. "name": "FindFirstFileA",
260. "address": "0x45b180"
261. },
262. {
263. "name": "FindClose",
264. "address": "0x45b184"
265. },
266. {
267. "name": "ExitProcess",
268. "address": "0x45b188"
269. },
270. {
271. "name": "WriteFile",
272. "address": "0x45b18c"
273. },
274. {
275. "name": "UnhandledExceptionFilter",
276. "address": "0x45b190"
277. },
278. {
279. "name": "RtlUnwind",
280. "address": "0x45b194"
281. },
282. {
283. "name": "RaiseException",
284. "address": "0x45b198"
285. },
286. {
287. "name": "GetStdHandle",
288. "address": "0x45b19c"
289. }
290. ],
291. "dll": "kernel32.dll"
292. },
293. {
294. "imports": [
295. {
296. "name": "GetKeyboardType",
297. "address": "0x45b1a4"
298. },
299. {
300. "name": "LoadStringA",
301. "address": "0x45b1a8"
302. },
303. {
304. "name": "MessageBoxA",
305. "address": "0x45b1ac"
306. },
307. {
308. "name": "CharNextA",
309. "address": "0x45b1b0"
310. }
311. ],
312. "dll": "user32.dll"
313. },
314. {
315. "imports": [
316. {
317. "name": "RegQueryValueExA",
318. "address": "0x45b1b8"
319. },
320. {
321. "name": "RegOpenKeyExA",
322. "address": "0x45b1bc"
323. },
324. {
325. "name": "RegCloseKey",
326. "address": "0x45b1c0"
327. }
328. ],
329. "dll": "advapi32.dll"
330. },
331. {
332. "imports": [
333. {
334. "name": "SysFreeString",
335. "address": "0x45b1c8"
336. },
337. {
338. "name": "SysReAllocStringLen",
339. "address": "0x45b1cc"
340. },
341. {
342. "name": "SysAllocStringLen",
343. "address": "0x45b1d0"
344. }
345. ],
346. "dll": "oleaut32.dll"
347. },
348. {
349. "imports": [
350. {
351. "name": "TlsSetValue",
352. "address": "0x45b1d8"
353. },
354. {
355. "name": "TlsGetValue",
356. "address": "0x45b1dc"
357. },
358. {
359. "name": "LocalAlloc",
360. "address": "0x45b1e0"
361. },
362. {
363. "name": "GetModuleHandleA",
364. "address": "0x45b1e4"
365. }
366. ],
367. "dll": "kernel32.dll"
368. },
369. {
370. "imports": [
371. {
372. "name": "RegQueryValueExA",
373. "address": "0x45b1ec"
374. },
375. {
376. "name": "RegOpenKeyExA",
377. "address": "0x45b1f0"
378. },
379. {
380. "name": "RegCloseKey",
381. "address": "0x45b1f4"
382. }
383. ],
384. "dll": "advapi32.dll"
385. },
386. {
387. "imports": [
388. {
389. "name": "lstrcpyA",
390. "address": "0x45b1fc"
391. },
392. {
393. "name": "WriteFile",
394. "address": "0x45b200"
395. },
396. {
397. "name": "WaitForSingleObject",
398. "address": "0x45b204"
399. },
400. {
401. "name": "VirtualQuery",
402. "address": "0x45b208"
403. },
404. {
405. "name": "VirtualProtect",
406. "address": "0x45b20c"
407. },
408. {
409. "name": "VirtualAlloc",
410. "address": "0x45b210"
411. },
412. {
413. "name": "Sleep",
414. "address": "0x45b214"
415. },
416. {
417. "name": "SizeofResource",
418. "address": "0x45b218"
419. },
420. {
421. "name": "SetThreadLocale",
422. "address": "0x45b21c"
423. },
424. {
425. "name": "SetFilePointer",
426. "address": "0x45b220"
427. },
428. {
429. "name": "SetEvent",
430. "address": "0x45b224"
431. },
432. {
433. "name": "SetErrorMode",
434. "address": "0x45b228"
435. },
436. {
437. "name": "SetEndOfFile",
438. "address": "0x45b22c"
439. },
440. {
441. "name": "ResetEvent",
442. "address": "0x45b230"
443. },
444. {
445. "name": "ReadFile",
446. "address": "0x45b234"
447. },
448. {
449. "name": "MulDiv",
450. "address": "0x45b238"
451. },
452. {
453. "name": "LockResource",
454. "address": "0x45b23c"
455. },
456. {
457. "name": "LoadResource",
458. "address": "0x45b240"
459. },
460. {
461. "name": "LoadLibraryA",
462. "address": "0x45b244"
463. },
464. {
465. "name": "LeaveCriticalSection",
466. "address": "0x45b248"
467. },
468. {
469. "name": "InitializeCriticalSection",
470. "address": "0x45b24c"
471. },
472. {
473. "name": "GlobalUnlock",
474. "address": "0x45b250"
475. },
476. {
477. "name": "GlobalReAlloc",
478. "address": "0x45b254"
479. },
480. {
481. "name": "GlobalMemoryStatus",
482. "address": "0x45b258"
483. },
484. {
485. "name": "GlobalHandle",
486. "address": "0x45b25c"
487. },
488. {
489. "name": "GlobalLock",
490. "address": "0x45b260"
491. },
492. {
493. "name": "GlobalFree",
494. "address": "0x45b264"
495. },
496. {
497. "name": "GlobalFindAtomA",
498. "address": "0x45b268"
499. },
500. {
501. "name": "GlobalDeleteAtom",
502. "address": "0x45b26c"
503. },
504. {
505. "name": "GlobalAlloc",
506. "address": "0x45b270"
507. },
508. {
509. "name": "GlobalAddAtomA",
510. "address": "0x45b274"
511. },
512. {
513. "name": "GetVersionExA",
514. "address": "0x45b278"
515. },
516. {
517. "name": "GetVersion",
518. "address": "0x45b27c"
519. },
520. {
521. "name": "GetTickCount",
522. "address": "0x45b280"
523. },
524. {
525. "name": "GetThreadLocale",
526. "address": "0x45b284"
527. },
528. {
529. "name": "GetTempPathA",
530. "address": "0x45b288"
531. },
532. {
533. "name": "GetSystemInfo",
534. "address": "0x45b28c"
535. },
536. {
537. "name": "GetStringTypeExA",
538. "address": "0x45b290"
539. },
540. {
541. "name": "GetStdHandle",
542. "address": "0x45b294"
543. },
544. {
545. "name": "GetProcAddress",
546. "address": "0x45b298"
547. },
548. {
549. "name": "GetModuleHandleA",
550. "address": "0x45b29c"
551. },
552. {
553. "name": "GetModuleFileNameA",
554. "address": "0x45b2a0"
555. },
556. {
557. "name": "GetLocaleInfoA",
558. "address": "0x45b2a4"
559. },
560. {
561. "name": "GetLocalTime",
562. "address": "0x45b2a8"
563. },
564. {
565. "name": "GetLastError",
566. "address": "0x45b2ac"
567. },
568. {
569. "name": "GetFullPathNameA",
570. "address": "0x45b2b0"
571. },
572. {
573. "name": "GetDiskFreeSpaceA",
574. "address": "0x45b2b4"
575. },
576. {
577. "name": "GetDateFormatA",
578. "address": "0x45b2b8"
579. },
580. {
581. "name": "GetCurrentThreadId",
582. "address": "0x45b2bc"
583. },
584. {
585. "name": "GetCurrentProcessId",
586. "address": "0x45b2c0"
587. },
588. {
589. "name": "GetCPInfo",
590. "address": "0x45b2c4"
591. },
592. {
593. "name": "GetACP",
594. "address": "0x45b2c8"
595. },
596. {
597. "name": "FreeResource",
598. "address": "0x45b2cc"
599. },
600. {
601. "name": "InterlockedExchange",
602. "address": "0x45b2d0"
603. },
604. {
605. "name": "FreeLibrary",
606. "address": "0x45b2d4"
607. },
608. {
609. "name": "FormatMessageA",
610. "address": "0x45b2d8"
611. },
612. {
613. "name": "FindResourceA",
614. "address": "0x45b2dc"
615. },
616. {
617. "name": "FindFirstFileA",
618. "address": "0x45b2e0"
619. },
620. {
621. "name": "FindClose",
622. "address": "0x45b2e4"
623. },
624. {
625. "name": "FileTimeToLocalFileTime",
626. "address": "0x45b2e8"
627. },
628. {
629. "name": "FileTimeToDosDateTime",
630. "address": "0x45b2ec"
631. },
632. {
633. "name": "ExitProcess",
634. "address": "0x45b2f0"
635. },
636. {
637. "name": "EnumCalendarInfoA",
638. "address": "0x45b2f4"
639. },
640. {
641. "name": "EnterCriticalSection",
642. "address": "0x45b2f8"
643. },
644. {
645. "name": "DeleteCriticalSection",
646. "address": "0x45b2fc"
647. },
648. {
649. "name": "CreateThread",
650. "address": "0x45b300"
651. },
652. {
653. "name": "CreateFileA",
654. "address": "0x45b304"
655. },
656. {
657. "name": "CreateEventA",
658. "address": "0x45b308"
659. },
660. {
661. "name": "CompareStringA",
662. "address": "0x45b30c"
663. },
664. {
665. "name": "CloseHandle",
666. "address": "0x45b310"
667. }
668. ],
669. "dll": "kernel32.dll"
670. },
671. {
672. "imports": [
673. {
674. "name": "VerQueryValueA",
675. "address": "0x45b318"
676. },
677. {
678. "name": "GetFileVersionInfoSizeA",
679. "address": "0x45b31c"
680. },
681. {
682. "name": "GetFileVersionInfoA",
683. "address": "0x45b320"
684. }
685. ],
686. "dll": "version.dll"
687. },
688. {
689. "imports": [
690. {
691. "name": "UnrealizeObject",
692. "address": "0x45b328"
693. },
694. {
695. "name": "StretchBlt",
696. "address": "0x45b32c"
697. },
698. {
699. "name": "SetWindowOrgEx",
700. "address": "0x45b330"
701. },
702. {
703. "name": "SetViewportOrgEx",
704. "address": "0x45b334"
705. },
706. {
707. "name": "SetTextColor",
708. "address": "0x45b338"
709. },
710. {
711. "name": "SetStretchBltMode",
712. "address": "0x45b33c"
713. },
714. {
715. "name": "SetROP2",
716. "address": "0x45b340"
717. },
718. {
719. "name": "SetPixel",
720. "address": "0x45b344"
721. },
722. {
723. "name": "SetDIBColorTable",
724. "address": "0x45b348"
725. },
726. {
727. "name": "SetBrushOrgEx",
728. "address": "0x45b34c"
729. },
730. {
731. "name": "SetBkMode",
732. "address": "0x45b350"
733. },
734. {
735. "name": "SetBkColor",
736. "address": "0x45b354"
737. },
738. {
739. "name": "SelectPalette",
740. "address": "0x45b358"
741. },
742. {
743. "name": "SelectObject",
744. "address": "0x45b35c"
745. },
746. {
747. "name": "SaveDC",
748. "address": "0x45b360"
749. },
750. {
751. "name": "RestoreDC",
752. "address": "0x45b364"
753. },
754. {
755. "name": "RectVisible",
756. "address": "0x45b368"
757. },
758. {
759. "name": "RealizePalette",
760. "address": "0x45b36c"
761. },
762. {
763. "name": "Polyline",
764. "address": "0x45b370"
765. },
766. {
767. "name": "Pie",
768. "address": "0x45b374"
769. },
770. {
771. "name": "PatBlt",
772. "address": "0x45b378"
773. },
774. {
775. "name": "MoveToEx",
776. "address": "0x45b37c"
777. },
778. {
779. "name": "MaskBlt",
780. "address": "0x45b380"
781. },
782. {
783. "name": "LineTo",
784. "address": "0x45b384"
785. },
786. {
787. "name": "IntersectClipRect",
788. "address": "0x45b388"
789. },
790. {
791. "name": "GetWindowOrgEx",
792. "address": "0x45b38c"
793. },
794. {
795. "name": "GetTextMetricsA",
796. "address": "0x45b390"
797. },
798. {
799. "name": "GetTextExtentPoint32A",
800. "address": "0x45b394"
801. },
802. {
803. "name": "GetTextAlign",
804. "address": "0x45b398"
805. },
806. {
807. "name": "GetSystemPaletteEntries",
808. "address": "0x45b39c"
809. },
810. {
811. "name": "GetStockObject",
812. "address": "0x45b3a0"
813. },
814. {
815. "name": "GetPixel",
816. "address": "0x45b3a4"
817. },
818. {
819. "name": "GetPaletteEntries",
820. "address": "0x45b3a8"
821. },
822. {
823. "name": "GetObjectA",
824. "address": "0x45b3ac"
825. },
826. {
827. "name": "GetDeviceCaps",
828. "address": "0x45b3b0"
829. },
830. {
831. "name": "GetDIBits",
832. "address": "0x45b3b4"
833. },
834. {
835. "name": "GetDIBColorTable",
836. "address": "0x45b3b8"
837. },
838. {
839. "name": "GetDCOrgEx",
840. "address": "0x45b3bc"
841. },
842. {
843. "name": "GetDCPenColor",
844. "address": "0x45b3c0"
845. },
846. {
847. "name": "GetDCBrushColor",
848. "address": "0x45b3c4"
849. },
850. {
851. "name": "GetCurrentPositionEx",
852. "address": "0x45b3c8"
853. },
854. {
855. "name": "GetClipBox",
856. "address": "0x45b3cc"
857. },
858. {
859. "name": "GetBrushOrgEx",
860. "address": "0x45b3d0"
861. },
862. {
863. "name": "GetBitmapBits",
864. "address": "0x45b3d4"
865. },
866. {
867. "name": "ExtTextOutA",
868. "address": "0x45b3d8"
869. },
870. {
871. "name": "ExcludeClipRect",
872. "address": "0x45b3dc"
873. },
874. {
875. "name": "Ellipse",
876. "address": "0x45b3e0"
877. },
878. {
879. "name": "DeleteObject",
880. "address": "0x45b3e4"
881. },
882. {
883. "name": "DeleteDC",
884. "address": "0x45b3e8"
885. },
886. {
887. "name": "CreateSolidBrush",
888. "address": "0x45b3ec"
889. },
890. {
891. "name": "CreatePenIndirect",
892. "address": "0x45b3f0"
893. },
894. {
895. "name": "CreatePalette",
896. "address": "0x45b3f4"
897. },
898. {
899. "name": "CreateHalftonePalette",
900. "address": "0x45b3f8"
901. },
902. {
903. "name": "CreateFontIndirectA",
904. "address": "0x45b3fc"
905. },
906. {
907. "name": "CreateDIBitmap",
908. "address": "0x45b400"
909. },
910. {
911. "name": "CreateDIBSection",
912. "address": "0x45b404"
913. },
914. {
915. "name": "CreateCompatibleDC",
916. "address": "0x45b408"
917. },
918. {
919. "name": "CreateCompatibleBitmap",
920. "address": "0x45b40c"
921. },
922. {
923. "name": "CreateBrushIndirect",
924. "address": "0x45b410"
925. },
926. {
927. "name": "CreateBitmap",
928. "address": "0x45b414"
929. },
930. {
931. "name": "BitBlt",
932. "address": "0x45b418"
933. }
934. ],
935. "dll": "gdi32.dll"
936. },
937. {
938. "imports": [
939. {
940. "name": "CreateWindowExA",
941. "address": "0x45b420"
942. },
943. {
944. "name": "WindowFromPoint",
945. "address": "0x45b424"
946. },
947. {
948. "name": "WinHelpA",
949. "address": "0x45b428"
950. },
951. {
952. "name": "WaitMessage",
953. "address": "0x45b42c"
954. },
955. {
956. "name": "UpdateWindow",
957. "address": "0x45b430"
958. },
959. {
960. "name": "UnregisterClassA",
961. "address": "0x45b434"
962. },
963. {
964. "name": "UnhookWindowsHookEx",
965. "address": "0x45b438"
966. },
967. {
968. "name": "TranslateMessage",
969. "address": "0x45b43c"
970. },
971. {
972. "name": "TranslateMDISysAccel",
973. "address": "0x45b440"
974. },
975. {
976. "name": "TrackPopupMenu",
977. "address": "0x45b444"
978. },
979. {
980. "name": "SystemParametersInfoA",
981. "address": "0x45b448"
982. },
983. {
984. "name": "ShowWindow",
985. "address": "0x45b44c"
986. },
987. {
988. "name": "ShowScrollBar",
989. "address": "0x45b450"
990. },
991. {
992. "name": "ShowOwnedPopups",
993. "address": "0x45b454"
994. },
995. {
996. "name": "ShowCursor",
997. "address": "0x45b458"
998. },
999. {
1000. "name": "SetWindowsHookExA",
1001. "address": "0x45b45c"
1002. },
1003. {
1004. "name": "SetWindowTextA",
1005. "address": "0x45b460"
1006. },
1007. {
1008. "name": "SetWindowPos",
1009. "address": "0x45b464"
1010. },
1011. {
1012. "name": "SetWindowPlacement",
1013. "address": "0x45b468"
1014. },
1015. {
1016. "name": "SetWindowLongA",
1017. "address": "0x45b46c"
1018. },
1019. {
1020. "name": "SetTimer",
1021. "address": "0x45b470"
1022. },
1023. {
1024. "name": "SetScrollRange",
1025. "address": "0x45b474"
1026. },
1027. {
1028. "name": "SetScrollPos",
1029. "address": "0x45b478"
1030. },
1031. {
1032. "name": "SetScrollInfo",
1033. "address": "0x45b47c"
1034. },
1035. {
1036. "name": "SetRect",
1037. "address": "0x45b480"
1038. },
1039. {
1040. "name": "SetPropA",
1041. "address": "0x45b484"
1042. },
1043. {
1044. "name": "SetParent",
1045. "address": "0x45b488"
1046. },
1047. {
1048. "name": "SetMenuItemInfoA",
1049. "address": "0x45b48c"
1050. },
1051. {
1052. "name": "SetMenu",
1053. "address": "0x45b490"
1054. },
1055. {
1056. "name": "SetForegroundWindow",
1057. "address": "0x45b494"
1058. },
1059. {
1060. "name": "SetFocus",
1061. "address": "0x45b498"
1062. },
1063. {
1064. "name": "SetCursor",
1065. "address": "0x45b49c"
1066. },
1067. {
1068. "name": "SetClassLongA",
1069. "address": "0x45b4a0"
1070. },
1071. {
1072. "name": "SetCapture",
1073. "address": "0x45b4a4"
1074. },
1075. {
1076. "name": "SetActiveWindow",
1077. "address": "0x45b4a8"
1078. },
1079. {
1080. "name": "SendMessageA",
1081. "address": "0x45b4ac"
1082. },
1083. {
1084. "name": "ScrollWindow",
1085. "address": "0x45b4b0"
1086. },
1087. {
1088. "name": "ScreenToClient",
1089. "address": "0x45b4b4"
1090. },
1091. {
1092. "name": "RemovePropA",
1093. "address": "0x45b4b8"
1094. },
1095. {
1096. "name": "RemoveMenu",
1097. "address": "0x45b4bc"
1098. },
1099. {
1100. "name": "ReleaseDC",
1101. "address": "0x45b4c0"
1102. },
1103. {
1104. "name": "ReleaseCapture",
1105. "address": "0x45b4c4"
1106. },
1107. {
1108. "name": "RegisterWindowMessageA",
1109. "address": "0x45b4c8"
1110. },
1111. {
1112. "name": "RegisterClipboardFormatA",
1113. "address": "0x45b4cc"
1114. },
1115. {
1116. "name": "RegisterClassA",
1117. "address": "0x45b4d0"
1118. },
1119. {
1120. "name": "RedrawWindow",
1121. "address": "0x45b4d4"
1122. },
1123. {
1124. "name": "PtInRect",
1125. "address": "0x45b4d8"
1126. },
1127. {
1128. "name": "PostQuitMessage",
1129. "address": "0x45b4dc"
1130. },
1131. {
1132. "name": "PostMessageA",
1133. "address": "0x45b4e0"
1134. },
1135. {
1136. "name": "PeekMessageA",
1137. "address": "0x45b4e4"
1138. },
1139. {
1140. "name": "OffsetRect",
1141. "address": "0x45b4e8"
1142. },
1143. {
1144. "name": "OemToCharA",
1145. "address": "0x45b4ec"
1146. },
1147. {
1148. "name": "MessageBoxA",
1149. "address": "0x45b4f0"
1150. },
1151. {
1152. "name": "MapWindowPoints",
1153. "address": "0x45b4f4"
1154. },
1155. {
1156. "name": "MapVirtualKeyA",
1157. "address": "0x45b4f8"
1158. },
1159. {
1160. "name": "LoadStringA",
1161. "address": "0x45b4fc"
1162. },
1163. {
1164. "name": "LoadKeyboardLayoutA",
1165. "address": "0x45b500"
1166. },
1167. {
1168. "name": "LoadIconA",
1169. "address": "0x45b504"
1170. },
1171. {
1172. "name": "LoadCursorA",
1173. "address": "0x45b508"
1174. },
1175. {
1176. "name": "LoadBitmapA",
1177. "address": "0x45b50c"
1178. },
1179. {
1180. "name": "KillTimer",
1181. "address": "0x45b510"
1182. },
1183. {
1184. "name": "IsZoomed",
1185. "address": "0x45b514"
1186. },
1187. {
1188. "name": "IsWindowVisible",
1189. "address": "0x45b518"
1190. },
1191. {
1192. "name": "IsWindowEnabled",
1193. "address": "0x45b51c"
1194. },
1195. {
1196. "name": "IsWindow",
1197. "address": "0x45b520"
1198. },
1199. {
1200. "name": "IsRectEmpty",
1201. "address": "0x45b524"
1202. },
1203. {
1204. "name": "IsIconic",
1205. "address": "0x45b528"
1206. },
1207. {
1208. "name": "IsDialogMessageA",
1209. "address": "0x45b52c"
1210. },
1211. {
1212. "name": "IsChild",
1213. "address": "0x45b530"
1214. },
1215. {
1216. "name": "InvalidateRect",
1217. "address": "0x45b534"
1218. },
1219. {
1220. "name": "IntersectRect",
1221. "address": "0x45b538"
1222. },
1223. {
1224. "name": "InsertMenuItemA",
1225. "address": "0x45b53c"
1226. },
1227. {
1228. "name": "InsertMenuA",
1229. "address": "0x45b540"
1230. },
1231. {
1232. "name": "InflateRect",
1233. "address": "0x45b544"
1234. },
1235. {
1236. "name": "GetWindowThreadProcessId",
1237. "address": "0x45b548"
1238. },
1239. {
1240. "name": "GetWindowTextA",
1241. "address": "0x45b54c"
1242. },
1243. {
1244. "name": "GetWindowRect",
1245. "address": "0x45b550"
1246. },
1247. {
1248. "name": "GetWindowPlacement",
1249. "address": "0x45b554"
1250. },
1251. {
1252. "name": "GetWindowLongA",
1253. "address": "0x45b558"
1254. },
1255. {
1256. "name": "GetWindowDC",
1257. "address": "0x45b55c"
1258. },
1259. {
1260. "name": "GetTopWindow",
1261. "address": "0x45b560"
1262. },
1263. {
1264. "name": "GetSystemMetrics",
1265. "address": "0x45b564"
1266. },
1267. {
1268. "name": "GetSystemMenu",
1269. "address": "0x45b568"
1270. },
1271. {
1272. "name": "GetSysColorBrush",
1273. "address": "0x45b56c"
1274. },
1275. {
1276. "name": "GetSysColor",
1277. "address": "0x45b570"
1278. },
1279. {
1280. "name": "GetSubMenu",
1281. "address": "0x45b574"
1282. },
1283. {
1284. "name": "GetScrollRange",
1285. "address": "0x45b578"
1286. },
1287. {
1288. "name": "GetScrollPos",
1289. "address": "0x45b57c"
1290. },
1291. {
1292. "name": "GetScrollInfo",
1293. "address": "0x45b580"
1294. },
1295. {
1296. "name": "GetPropA",
1297. "address": "0x45b584"
1298. },
1299. {
1300. "name": "GetParent",
1301. "address": "0x45b588"
1302. },
1303. {
1304. "name": "GetWindow",
1305. "address": "0x45b58c"
1306. },
1307. {
1308. "name": "GetMenuStringA",
1309. "address": "0x45b590"
1310. },
1311. {
1312. "name": "GetMenuState",
1313. "address": "0x45b594"
1314. },
1315. {
1316. "name": "GetMenuItemInfoA",
1317. "address": "0x45b598"
1318. },
1319. {
1320. "name": "GetMenuItemID",
1321. "address": "0x45b59c"
1322. },
1323. {
1324. "name": "GetMenuItemCount",
1325. "address": "0x45b5a0"
1326. },
1327. {
1328. "name": "GetMenu",
1329. "address": "0x45b5a4"
1330. },
1331. {
1332. "name": "GetLastActivePopup",
1333. "address": "0x45b5a8"
1334. },
1335. {
1336. "name": "GetKeyboardState",
1337. "address": "0x45b5ac"
1338. },
1339. {
1340. "name": "GetKeyboardLayoutList",
1341. "address": "0x45b5b0"
1342. },
1343. {
1344. "name": "GetKeyboardLayout",
1345. "address": "0x45b5b4"
1346. },
1347. {
1348. "name": "GetKeyState",
1349. "address": "0x45b5b8"
1350. },
1351. {
1352. "name": "GetKeyNameTextA",
1353. "address": "0x45b5bc"
1354. },
1355. {
1356. "name": "GetIconInfo",
1357. "address": "0x45b5c0"
1358. },
1359. {
1360. "name": "GetForegroundWindow",
1361. "address": "0x45b5c4"
1362. },
1363. {
1364. "name": "GetFocus",
1365. "address": "0x45b5c8"
1366. },
1367. {
1368. "name": "GetDesktopWindow",
1369. "address": "0x45b5cc"
1370. },
1371. {
1372. "name": "GetDCEx",
1373. "address": "0x45b5d0"
1374. },
1375. {
1376. "name": "GetDC",
1377. "address": "0x45b5d4"
1378. },
1379. {
1380. "name": "GetCursorPos",
1381. "address": "0x45b5d8"
1382. },
1383. {
1384. "name": "GetCursor",
1385. "address": "0x45b5dc"
1386. },
1387. {
1388. "name": "GetClientRect",
1389. "address": "0x45b5e0"
1390. },
1391. {
1392. "name": "GetClassNameA",
1393. "address": "0x45b5e4"
1394. },
1395. {
1396. "name": "GetClassInfoA",
1397. "address": "0x45b5e8"
1398. },
1399. {
1400. "name": "GetCapture",
1401. "address": "0x45b5ec"
1402. },
1403. {
1404. "name": "GetActiveWindow",
1405. "address": "0x45b5f0"
1406. },
1407. {
1408. "name": "FrameRect",
1409. "address": "0x45b5f4"
1410. },
1411. {
1412. "name": "FindWindowA",
1413. "address": "0x45b5f8"
1414. },
1415. {
1416. "name": "FillRect",
1417. "address": "0x45b5fc"
1418. },
1419. {
1420. "name": "EqualRect",
1421. "address": "0x45b600"
1422. },
1423. {
1424. "name": "EnumWindows",
1425. "address": "0x45b604"
1426. },
1427. {
1428. "name": "EnumThreadWindows",
1429. "address": "0x45b608"
1430. },
1431. {
1432. "name": "EndPaint",
1433. "address": "0x45b60c"
1434. },
1435. {
1436. "name": "EnableWindow",
1437. "address": "0x45b610"
1438. },
1439. {
1440. "name": "EnableScrollBar",
1441. "address": "0x45b614"
1442. },
1443. {
1444. "name": "EnableMenuItem",
1445. "address": "0x45b618"
1446. },
1447. {
1448. "name": "DrawTextA",
1449. "address": "0x45b61c"
1450. },
1451. {
1452. "name": "DrawMenuBar",
1453. "address": "0x45b620"
1454. },
1455. {
1456. "name": "DrawIconEx",
1457. "address": "0x45b624"
1458. },
1459. {
1460. "name": "DrawIcon",
1461. "address": "0x45b628"
1462. },
1463. {
1464. "name": "DrawFrameControl",
1465. "address": "0x45b62c"
1466. },
1467. {
1468. "name": "DrawEdge",
1469. "address": "0x45b630"
1470. },
1471. {
1472. "name": "DispatchMessageA",
1473. "address": "0x45b634"
1474. },
1475. {
1476. "name": "DestroyWindow",
1477. "address": "0x45b638"
1478. },
1479. {
1480. "name": "DestroyMenu",
1481. "address": "0x45b63c"
1482. },
1483. {
1484. "name": "DestroyIcon",
1485. "address": "0x45b640"
1486. },
1487. {
1488. "name": "DestroyCursor",
1489. "address": "0x45b644"
1490. },
1491. {
1492. "name": "DeleteMenu",
1493. "address": "0x45b648"
1494. },
1495. {
1496. "name": "DefWindowProcA",
1497. "address": "0x45b64c"
1498. },
1499. {
1500. "name": "DefMDIChildProcA",
1501. "address": "0x45b650"
1502. },
1503. {
1504. "name": "DefFrameProcA",
1505. "address": "0x45b654"
1506. },
1507. {
1508. "name": "CreatePopupMenu",
1509. "address": "0x45b658"
1510. },
1511. {
1512. "name": "CreateMenu",
1513. "address": "0x45b65c"
1514. },
1515. {
1516. "name": "CreateIcon",
1517. "address": "0x45b660"
1518. },
1519. {
1520. "name": "ClientToScreen",
1521. "address": "0x45b664"
1522. },
1523. {
1524. "name": "CheckMenuItem",
1525. "address": "0x45b668"
1526. },
1527. {
1528. "name": "CallWindowProcA",
1529. "address": "0x45b66c"
1530. },
1531. {
1532. "name": "CallNextHookEx",
1533. "address": "0x45b670"
1534. },
1535. {
1536. "name": "BeginPaint",
1537. "address": "0x45b674"
1538. },
1539. {
1540. "name": "CharNextA",
1541. "address": "0x45b678"
1542. },
1543. {
1544. "name": "CharLowerA",
1545. "address": "0x45b67c"
1546. },
1547. {
1548. "name": "CharToOemA",
1549. "address": "0x45b680"
1550. },
1551. {
1552. "name": "AdjustWindowRectEx",
1553. "address": "0x45b684"
1554. },
1555. {
1556. "name": "ActivateKeyboardLayout",
1557. "address": "0x45b688"
1558. }
1559. ],
1560. "dll": "user32.dll"
1561. },
1562. {
1563. "imports": [
1564. {
1565. "name": "Sleep",
1566. "address": "0x45b690"
1567. }
1568. ],
1569. "dll": "kernel32.dll"
1570. },
1571. {
1572. "imports": [
1573. {
1574. "name": "SafeArrayPtrOfIndex",
1575. "address": "0x45b698"
1576. },
1577. {
1578. "name": "SafeArrayGetUBound",
1579. "address": "0x45b69c"
1580. },
1581. {
1582. "name": "SafeArrayGetLBound",
1583. "address": "0x45b6a0"
1584. },
1585. {
1586. "name": "SafeArrayCreate",
1587. "address": "0x45b6a4"
1588. },
1589. {
1590. "name": "VariantChangeType",
1591. "address": "0x45b6a8"
1592. },
1593. {
1594. "name": "VariantCopy",
1595. "address": "0x45b6ac"
1596. },
1597. {
1598. "name": "VariantClear",
1599. "address": "0x45b6b0"
1600. },
1601. {
1602. "name": "VariantInit",
1603. "address": "0x45b6b4"
1604. }
1605. ],
1606. "dll": "oleaut32.dll"
1607. },
1608. {
1609. "imports": [
1610. {
1611. "name": "ImageList_SetIconSize",
1612. "address": "0x45b6bc"
1613. },
1614. {
1615. "name": "ImageList_GetIconSize",
1616. "address": "0x45b6c0"
1617. },
1618. {
1619. "name": "ImageList_Write",
1620. "address": "0x45b6c4"
1621. },
1622. {
1623. "name": "ImageList_Read",
1624. "address": "0x45b6c8"
1625. },
1626. {
1627. "name": "ImageList_GetDragImage",
1628. "address": "0x45b6cc"
1629. },
1630. {
1631. "name": "ImageList_DragShowNolock",
1632. "address": "0x45b6d0"
1633. },
1634. {
1635. "name": "ImageList_SetDragCursorImage",
1636. "address": "0x45b6d4"
1637. },
1638. {
1639. "name": "ImageList_DragMove",
1640. "address": "0x45b6d8"
1641. },
1642. {
1643. "name": "ImageList_DragLeave",
1644. "address": "0x45b6dc"
1645. },
1646. {
1647. "name": "ImageList_DragEnter",
1648. "address": "0x45b6e0"
1649. },
1650. {
1651. "name": "ImageList_EndDrag",
1652. "address": "0x45b6e4"
1653. },
1654. {
1655. "name": "ImageList_BeginDrag",
1656. "address": "0x45b6e8"
1657. },
1658. {
1659. "name": "ImageList_Remove",
1660. "address": "0x45b6ec"
1661. },
1662. {
1663. "name": "ImageList_DrawEx",
1664. "address": "0x45b6f0"
1665. },
1666. {
1667. "name": "ImageList_Draw",
1668. "address": "0x45b6f4"
1669. },
1670. {
1671. "name": "ImageList_GetBkColor",
1672. "address": "0x45b6f8"
1673. },
1674. {
1675. "name": "ImageList_SetBkColor",
1676. "address": "0x45b6fc"
1677. },
1678. {
1679. "name": "ImageList_ReplaceIcon",
1680. "address": "0x45b700"
1681. },
1682. {
1683. "name": "ImageList_Add",
1684. "address": "0x45b704"
1685. },
1686. {
1687. "name": "ImageList_SetImageCount",
1688. "address": "0x45b708"
1689. },
1690. {
1691. "name": "ImageList_GetImageCount",
1692. "address": "0x45b70c"
1693. },
1694. {
1695. "name": "ImageList_Destroy",
1696. "address": "0x45b710"
1697. },
1698. {
1699. "name": "ImageList_Create",
1700. "address": "0x45b714"
1701. }
1702. ],
1703. "dll": "comctl32.dll"
1704. }
1705. ],
1706. "digital_signers": null,
1707. "exported_dll_name": null,
1708. "actual_checksum": "0x0006f600",
1709. "overlay": null,
1710. "imagebase": "0x00400000",
1711. "reported_checksum": "0x00000000",
1712. "icon_hash": null,
1713. "entrypoint": "0x004571c8",
1714. "timestamp": "1992-06-19 22:22:17",
1715. "osversion": "4.0",
1716. "sections": [
1717. {
1718. "name": "CODE",
1719. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1720. "virtual_address": "0x00001000",
1721. "size_of_data": "0x00056400",
1722. "entropy": "6.51",
1723. "raw_address": "0x00000400",
1724. "virtual_size": "0x0005623c",
1725. "characteristics_raw": "0x60000020"
1726. },
1727. {
1728. "name": "DATA",
1729. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1730. "virtual_address": "0x00058000",
1731. "size_of_data": "0x00001200",
1732. "entropy": "3.99",
1733. "raw_address": "0x00056800",
1734. "virtual_size": "0x0000113c",
1735. "characteristics_raw": "0xc0000040"
1736. },
1737. {
1738. "name": "BSS",
1739. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1740. "virtual_address": "0x0005a000",
1741. "size_of_data": "0x00000000",
1742. "entropy": "0.00",
1743. "raw_address": "0x00057a00",
1744. "virtual_size": "0x00000b79",
1745. "characteristics_raw": "0xc0000000"
1746. },
1747. {
1748. "name": ".idata",
1749. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1750. "virtual_address": "0x0005b000",
1751. "size_of_data": "0x00002200",
1752. "entropy": "4.92",
1753. "raw_address": "0x00057a00",
1754. "virtual_size": "0x0000208c",
1755. "characteristics_raw": "0xc0000040"
1756. },
1757. {
1758. "name": ".tls",
1759. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1760. "virtual_address": "0x0005e000",
1761. "size_of_data": "0x00000000",
1762. "entropy": "0.00",
1763. "raw_address": "0x00059c00",
1764. "virtual_size": "0x00000010",
1765. "characteristics_raw": "0xc0000000"
1766. },
1767. {
1768. "name": ".rdata",
1769. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1770. "virtual_address": "0x0005f000",
1771. "size_of_data": "0x00000200",
1772. "entropy": "0.20",
1773. "raw_address": "0x00059c00",
1774. "virtual_size": "0x00000018",
1775. "characteristics_raw": "0x50000040"
1776. },
1777. {
1778. "name": ".reloc",
1779. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1780. "virtual_address": "0x00060000",
1781. "size_of_data": "0x00006200",
1782. "entropy": "6.67",
1783. "raw_address": "0x00059e00",
1784. "virtual_size": "0x00006198",
1785. "characteristics_raw": "0x50000040"
1786. },
1787. {
1788. "name": ".rsrc",
1789. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1790. "virtual_address": "0x00067000",
1791. "size_of_data": "0x00004800",
1792. "entropy": "4.38",
1793. "raw_address": "0x00060000",
1794. "virtual_size": "0x00004800",
1795. "characteristics_raw": "0x50000040"
1796. }
1797. ],
1798. "resources": [],
1799. "dirents": [
1800. {
1801. "virtual_address": "0x00000000",
1802. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1803. "size": "0x00000000"
1804. },
1805. {
1806. "virtual_address": "0x0005b000",
1807. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1808. "size": "0x0000208c"
1809. },
1810. {
1811. "virtual_address": "0x00067000",
1812. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1813. "size": "0x00004800"
1814. },
1815. {
1816. "virtual_address": "0x00000000",
1817. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1818. "size": "0x00000000"
1819. },
1820. {
1821. "virtual_address": "0x00000000",
1822. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1823. "size": "0x00000000"
1824. },
1825. {
1826. "virtual_address": "0x00060000",
1827. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1828. "size": "0x00006198"
1829. },
1830. {
1831. "virtual_address": "0x00000000",
1832. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1833. "size": "0x00000000"
1834. },
1835. {
1836. "virtual_address": "0x00000000",
1837. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1838. "size": "0x00000000"
1839. },
1840. {
1841. "virtual_address": "0x00000000",
1842. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1843. "size": "0x00000000"
1844. },
1845. {
1846. "virtual_address": "0x0005f000",
1847. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1848. "size": "0x00000018"
1849. },
1850. {
1851. "virtual_address": "0x00000000",
1852. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1853. "size": "0x00000000"
1854. },
1855. {
1856. "virtual_address": "0x00000000",
1857. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1858. "size": "0x00000000"
1859. },
1860. {
1861. "virtual_address": "0x00000000",
1862. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1863. "size": "0x00000000"
1864. },
1865. {
1866. "virtual_address": "0x00000000",
1867. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1868. "size": "0x00000000"
1869. },
1870. {
1871. "virtual_address": "0x00000000",
1872. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1873. "size": "0x00000000"
1874. },
1875. {
1876. "virtual_address": "0x00000000",
1877. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1878. "size": "0x00000000"
1879. }
1880. ],
1881. "exports": [],
1882. "guest_signers": {},
1883. "imphash": "3d14c36d144d8e05489ac5489a77dc6d",
1884. "icon_fuzzy": null,
1885. "icon": null,
1886. "pdbpath": null,
1887. "imported_dll_count": 13,
1888. "versioninfo": []
1889. }
1890. }
1891.  
1892. [*] Resolved APIs: [
1893. "kernel32.dll.GetDiskFreeSpaceExA",
1894. "oleaut32.dll.VariantChangeTypeEx",
1895. "oleaut32.dll.VarNeg",
1896. "oleaut32.dll.VarNot",
1897. "oleaut32.dll.VarAdd",
1898. "oleaut32.dll.VarSub",
1899. "oleaut32.dll.VarMul",
1900. "oleaut32.dll.VarDiv",
1901. "oleaut32.dll.VarIdiv",
1902. "oleaut32.dll.VarMod",
1903. "oleaut32.dll.VarAnd",
1904. "oleaut32.dll.VarOr",
1905. "oleaut32.dll.VarXor",
1906. "oleaut32.dll.VarCmp",
1907. "oleaut32.dll.VarI4FromStr",
1908. "oleaut32.dll.VarR4FromStr",
1909. "oleaut32.dll.VarR8FromStr",
1910. "oleaut32.dll.VarDateFromStr",
1911. "oleaut32.dll.VarCyFromStr",
1912. "oleaut32.dll.VarBoolFromStr",
1913. "oleaut32.dll.VarBstrFromCy",
1914. "oleaut32.dll.VarBstrFromDate",
1915. "oleaut32.dll.VarBstrFromBool",
1916. "user32.dll.GetMonitorInfoA",
1917. "user32.dll.GetSystemMetrics",
1918. "user32.dll.EnumDisplayMonitors",
1919. "dwmapi.dll.DwmIsCompositionEnabled",
1920. "gdi32.dll.GetLayout",
1921. "gdi32.dll.GdiRealizationInfo",
1922. "gdi32.dll.FontIsLinked",
1923. "advapi32.dll.RegOpenKeyExW",
1924. "advapi32.dll.RegQueryInfoKeyW",
1925. "gdi32.dll.GetTextFaceAliasW",
1926. "advapi32.dll.RegEnumValueW",
1927. "advapi32.dll.RegCloseKey",
1928. "advapi32.dll.RegQueryValueExW",
1929. "gdi32.dll.GetFontAssocStatus",
1930. "advapi32.dll.RegQueryValueExA",
1931. "advapi32.dll.RegEnumKeyExW",
1932. "gdi32.dll.GdiIsMetaPrintDC",
1933. "user32.dll.AnimateWindow",
1934. "comctl32.dll.InitializeFlatSB",
1935. "comctl32.dll.UninitializeFlatSB",
1936. "comctl32.dll.FlatSB_GetScrollProp",
1937. "comctl32.dll.FlatSB_SetScrollProp",
1938. "comctl32.dll.FlatSB_EnableScrollBar",
1939. "comctl32.dll.FlatSB_ShowScrollBar",
1940. "comctl32.dll.FlatSB_GetScrollRange",
1941. "comctl32.dll.FlatSB_GetScrollInfo",
1942. "comctl32.dll.FlatSB_GetScrollPos",
1943. "comctl32.dll.FlatSB_SetScrollPos",
1944. "comctl32.dll.FlatSB_SetScrollInfo",
1945. "comctl32.dll.FlatSB_SetScrollRange",
1946. "user32.dll.SetLayeredWindowAttributes",
1947. "uxtheme.dll.OpenThemeData",
1948. "uxtheme.dll.CloseThemeData",
1949. "uxtheme.dll.DrawThemeBackground",
1950. "uxtheme.dll.DrawThemeText",
1951. "uxtheme.dll.GetThemeBackgroundContentRect",
1952. "uxtheme.dll.GetThemePartSize",
1953. "uxtheme.dll.GetThemeTextExtent",
1954. "uxtheme.dll.GetThemeTextMetrics",
1955. "uxtheme.dll.GetThemeBackgroundRegion",
1956. "uxtheme.dll.HitTestThemeBackground",
1957. "uxtheme.dll.DrawThemeEdge",
1958. "uxtheme.dll.DrawThemeIcon",
1959. "uxtheme.dll.IsThemePartDefined",
1960. "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
1961. "uxtheme.dll.GetThemeColor",
1962. "uxtheme.dll.GetThemeMetric",
1963. "uxtheme.dll.GetThemeString",
1964. "uxtheme.dll.GetThemeBool",
1965. "uxtheme.dll.GetThemeInt",
1966. "uxtheme.dll.GetThemeEnumValue",
1967. "uxtheme.dll.GetThemePosition",
1968. "uxtheme.dll.GetThemeFont",
1969. "uxtheme.dll.GetThemeRect",
1970. "uxtheme.dll.GetThemeMargins",
1971. "uxtheme.dll.GetThemeIntList",
1972. "uxtheme.dll.GetThemePropertyOrigin",
1973. "uxtheme.dll.SetWindowTheme",
1974. "uxtheme.dll.GetThemeFilename",
1975. "uxtheme.dll.GetThemeSysColor",
1976. "uxtheme.dll.GetThemeSysColorBrush",
1977. "uxtheme.dll.GetThemeSysBool",
1978. "uxtheme.dll.GetThemeSysSize",
1979. "uxtheme.dll.GetThemeSysFont",
1980. "uxtheme.dll.GetThemeSysString",
1981. "uxtheme.dll.GetThemeSysInt",
1982. "uxtheme.dll.IsThemeActive",
1983. "uxtheme.dll.IsAppThemed",
1984. "uxtheme.dll.GetWindowTheme",
1985. "uxtheme.dll.EnableThemeDialogTexture",
1986. "uxtheme.dll.IsThemeDialogTextureEnabled",
1987. "uxtheme.dll.GetThemeAppProperties",
1988. "uxtheme.dll.SetThemeAppProperties",
1989. "uxtheme.dll.GetCurrentThemeName",
1990. "uxtheme.dll.GetThemeDocumentationProperty",
1991. "uxtheme.dll.DrawThemeParentBackground",
1992. "uxtheme.dll.EnableTheming",
1993. "kernel32.dll.SortGetHandle",
1994. "kernel32.dll.SortCloseHandle",
1995. "gdi32.dll.GetTextExtentExPointWPri",
1996. "lpk.dll.LpkEditControl",
1997. "comctl32.dll.HIMAGELIST_QueryInterface",
1998. "comctl32.dll.DrawShadowText",
1999. "comctl32.dll.DrawSizeBox",
2000. "comctl32.dll.DrawScrollBar",
2001. "comctl32.dll.SizeBoxHwnd",
2002. "comctl32.dll.ScrollBar_MouseMove",
2003. "comctl32.dll.ScrollBar_Menu",
2004. "comctl32.dll.HandleScrollCmd",
2005. "comctl32.dll.DetachScrollBars",
2006. "comctl32.dll.AttachScrollBars",
2007. "comctl32.dll.CCSetScrollInfo",
2008. "comctl32.dll.CCGetScrollInfo",
2009. "comctl32.dll.CCEnableScrollBar",
2010. "comctl32.dll.QuerySystemGestureStatus",
2011. "uxtheme.dll.#49"
2012. ]
2013.  
2014. [*] Static Analysis: {
2015. "pe": {
2016. "peid_signatures": null,
2017. "imports": [
2018. {
2019. "imports": [
2020. {
2021. "name": "DeleteCriticalSection",
2022. "address": "0x45b118"
2023. },
2024. {
2025. "name": "LeaveCriticalSection",
2026. "address": "0x45b11c"
2027. },
2028. {
2029. "name": "EnterCriticalSection",
2030. "address": "0x45b120"
2031. },
2032. {
2033. "name": "InitializeCriticalSection",
2034. "address": "0x45b124"
2035. },
2036. {
2037. "name": "VirtualFree",
2038. "address": "0x45b128"
2039. },
2040. {
2041. "name": "VirtualAlloc",
2042. "address": "0x45b12c"
2043. },
2044. {
2045. "name": "LocalFree",
2046. "address": "0x45b130"
2047. },
2048. {
2049. "name": "LocalAlloc",
2050. "address": "0x45b134"
2051. },
2052. {
2053. "name": "GetVersion",
2054. "address": "0x45b138"
2055. },
2056. {
2057. "name": "GetCurrentThreadId",
2058. "address": "0x45b13c"
2059. },
2060. {
2061. "name": "InterlockedDecrement",
2062. "address": "0x45b140"
2063. },
2064. {
2065. "name": "InterlockedIncrement",
2066. "address": "0x45b144"
2067. },
2068. {
2069. "name": "VirtualQuery",
2070. "address": "0x45b148"
2071. },
2072. {
2073. "name": "WideCharToMultiByte",
2074. "address": "0x45b14c"
2075. },
2076. {
2077. "name": "MultiByteToWideChar",
2078. "address": "0x45b150"
2079. },
2080. {
2081. "name": "lstrlenA",
2082. "address": "0x45b154"
2083. },
2084. {
2085. "name": "lstrcpynA",
2086. "address": "0x45b158"
2087. },
2088. {
2089. "name": "LoadLibraryExA",
2090. "address": "0x45b15c"
2091. },
2092. {
2093. "name": "GetThreadLocale",
2094. "address": "0x45b160"
2095. },
2096. {
2097. "name": "GetStartupInfoA",
2098. "address": "0x45b164"
2099. },
2100. {
2101. "name": "GetProcAddress",
2102. "address": "0x45b168"
2103. },
2104. {
2105. "name": "GetModuleHandleA",
2106. "address": "0x45b16c"
2107. },
2108. {
2109. "name": "GetModuleFileNameA",
2110. "address": "0x45b170"
2111. },
2112. {
2113. "name": "GetLocaleInfoA",
2114. "address": "0x45b174"
2115. },
2116. {
2117. "name": "GetCommandLineA",
2118. "address": "0x45b178"
2119. },
2120. {
2121. "name": "FreeLibrary",
2122. "address": "0x45b17c"
2123. },
2124. {
2125. "name": "FindFirstFileA",
2126. "address": "0x45b180"
2127. },
2128. {
2129. "name": "FindClose",
2130. "address": "0x45b184"
2131. },
2132. {
2133. "name": "ExitProcess",
2134. "address": "0x45b188"
2135. },
2136. {
2137. "name": "WriteFile",
2138. "address": "0x45b18c"
2139. },
2140. {
2141. "name": "UnhandledExceptionFilter",
2142. "address": "0x45b190"
2143. },
2144. {
2145. "name": "RtlUnwind",
2146. "address": "0x45b194"
2147. },
2148. {
2149. "name": "RaiseException",
2150. "address": "0x45b198"
2151. },
2152. {
2153. "name": "GetStdHandle",
2154. "address": "0x45b19c"
2155. }
2156. ],
2157. "dll": "kernel32.dll"
2158. },
2159. {
2160. "imports": [
2161. {
2162. "name": "GetKeyboardType",
2163. "address": "0x45b1a4"
2164. },
2165. {
2166. "name": "LoadStringA",
2167. "address": "0x45b1a8"
2168. },
2169. {
2170. "name": "MessageBoxA",
2171. "address": "0x45b1ac"
2172. },
2173. {
2174. "name": "CharNextA",
2175. "address": "0x45b1b0"
2176. }
2177. ],
2178. "dll": "user32.dll"
2179. },
2180. {
2181. "imports": [
2182. {
2183. "name": "RegQueryValueExA",
2184. "address": "0x45b1b8"
2185. },
2186. {
2187. "name": "RegOpenKeyExA",
2188. "address": "0x45b1bc"
2189. },
2190. {
2191. "name": "RegCloseKey",
2192. "address": "0x45b1c0"
2193. }
2194. ],
2195. "dll": "advapi32.dll"
2196. },
2197. {
2198. "imports": [
2199. {
2200. "name": "SysFreeString",
2201. "address": "0x45b1c8"
2202. },
2203. {
2204. "name": "SysReAllocStringLen",
2205. "address": "0x45b1cc"
2206. },
2207. {
2208. "name": "SysAllocStringLen",
2209. "address": "0x45b1d0"
2210. }
2211. ],
2212. "dll": "oleaut32.dll"
2213. },
2214. {
2215. "imports": [
2216. {
2217. "name": "TlsSetValue",
2218. "address": "0x45b1d8"
2219. },
2220. {
2221. "name": "TlsGetValue",
2222. "address": "0x45b1dc"
2223. },
2224. {
2225. "name": "LocalAlloc",
2226. "address": "0x45b1e0"
2227. },
2228. {
2229. "name": "GetModuleHandleA",
2230. "address": "0x45b1e4"
2231. }
2232. ],
2233. "dll": "kernel32.dll"
2234. },
2235. {
2236. "imports": [
2237. {
2238. "name": "RegQueryValueExA",
2239. "address": "0x45b1ec"
2240. },
2241. {
2242. "name": "RegOpenKeyExA",
2243. "address": "0x45b1f0"
2244. },
2245. {
2246. "name": "RegCloseKey",
2247. "address": "0x45b1f4"
2248. }
2249. ],
2250. "dll": "advapi32.dll"
2251. },
2252. {
2253. "imports": [
2254. {
2255. "name": "lstrcpyA",
2256. "address": "0x45b1fc"
2257. },
2258. {
2259. "name": "WriteFile",
2260. "address": "0x45b200"
2261. },
2262. {
2263. "name": "WaitForSingleObject",
2264. "address": "0x45b204"
2265. },
2266. {
2267. "name": "VirtualQuery",
2268. "address": "0x45b208"
2269. },
2270. {
2271. "name": "VirtualProtect",
2272. "address": "0x45b20c"
2273. },
2274. {
2275. "name": "VirtualAlloc",
2276. "address": "0x45b210"
2277. },
2278. {
2279. "name": "Sleep",
2280. "address": "0x45b214"
2281. },
2282. {
2283. "name": "SizeofResource",
2284. "address": "0x45b218"
2285. },
2286. {
2287. "name": "SetThreadLocale",
2288. "address": "0x45b21c"
2289. },
2290. {
2291. "name": "SetFilePointer",
2292. "address": "0x45b220"
2293. },
2294. {
2295. "name": "SetEvent",
2296. "address": "0x45b224"
2297. },
2298. {
2299. "name": "SetErrorMode",
2300. "address": "0x45b228"
2301. },
2302. {
2303. "name": "SetEndOfFile",
2304. "address": "0x45b22c"
2305. },
2306. {
2307. "name": "ResetEvent",
2308. "address": "0x45b230"
2309. },
2310. {
2311. "name": "ReadFile",
2312. "address": "0x45b234"
2313. },
2314. {
2315. "name": "MulDiv",
2316. "address": "0x45b238"
2317. },
2318. {
2319. "name": "LockResource",
2320. "address": "0x45b23c"
2321. },
2322. {
2323. "name": "LoadResource",
2324. "address": "0x45b240"
2325. },
2326. {
2327. "name": "LoadLibraryA",
2328. "address": "0x45b244"
2329. },
2330. {
2331. "name": "LeaveCriticalSection",
2332. "address": "0x45b248"
2333. },
2334. {
2335. "name": "InitializeCriticalSection",
2336. "address": "0x45b24c"
2337. },
2338. {
2339. "name": "GlobalUnlock",
2340. "address": "0x45b250"
2341. },
2342. {
2343. "name": "GlobalReAlloc",
2344. "address": "0x45b254"
2345. },
2346. {
2347. "name": "GlobalMemoryStatus",
2348. "address": "0x45b258"
2349. },
2350. {
2351. "name": "GlobalHandle",
2352. "address": "0x45b25c"
2353. },
2354. {
2355. "name": "GlobalLock",
2356. "address": "0x45b260"
2357. },
2358. {
2359. "name": "GlobalFree",
2360. "address": "0x45b264"
2361. },
2362. {
2363. "name": "GlobalFindAtomA",
2364. "address": "0x45b268"
2365. },
2366. {
2367. "name": "GlobalDeleteAtom",
2368. "address": "0x45b26c"
2369. },
2370. {
2371. "name": "GlobalAlloc",
2372. "address": "0x45b270"
2373. },
2374. {
2375. "name": "GlobalAddAtomA",
2376. "address": "0x45b274"
2377. },
2378. {
2379. "name": "GetVersionExA",
2380. "address": "0x45b278"
2381. },
2382. {
2383. "name": "GetVersion",
2384. "address": "0x45b27c"
2385. },
2386. {
2387. "name": "GetTickCount",
2388. "address": "0x45b280"
2389. },
2390. {
2391. "name": "GetThreadLocale",
2392. "address": "0x45b284"
2393. },
2394. {
2395. "name": "GetTempPathA",
2396. "address": "0x45b288"
2397. },
2398. {
2399. "name": "GetSystemInfo",
2400. "address": "0x45b28c"
2401. },
2402. {
2403. "name": "GetStringTypeExA",
2404. "address": "0x45b290"
2405. },
2406. {
2407. "name": "GetStdHandle",
2408. "address": "0x45b294"
2409. },
2410. {
2411. "name": "GetProcAddress",
2412. "address": "0x45b298"
2413. },
2414. {
2415. "name": "GetModuleHandleA",
2416. "address": "0x45b29c"
2417. },
2418. {
2419. "name": "GetModuleFileNameA",
2420. "address": "0x45b2a0"
2421. },
2422. {
2423. "name": "GetLocaleInfoA",
2424. "address": "0x45b2a4"
2425. },
2426. {
2427. "name": "GetLocalTime",
2428. "address": "0x45b2a8"
2429. },
2430. {
2431. "name": "GetLastError",
2432. "address": "0x45b2ac"
2433. },
2434. {
2435. "name": "GetFullPathNameA",
2436. "address": "0x45b2b0"
2437. },
2438. {
2439. "name": "GetDiskFreeSpaceA",
2440. "address": "0x45b2b4"
2441. },
2442. {
2443. "name": "GetDateFormatA",
2444. "address": "0x45b2b8"
2445. },
2446. {
2447. "name": "GetCurrentThreadId",
2448. "address": "0x45b2bc"
2449. },
2450. {
2451. "name": "GetCurrentProcessId",
2452. "address": "0x45b2c0"
2453. },
2454. {
2455. "name": "GetCPInfo",
2456. "address": "0x45b2c4"
2457. },
2458. {
2459. "name": "GetACP",
2460. "address": "0x45b2c8"
2461. },
2462. {
2463. "name": "FreeResource",
2464. "address": "0x45b2cc"
2465. },
2466. {
2467. "name": "InterlockedExchange",
2468. "address": "0x45b2d0"
2469. },
2470. {
2471. "name": "FreeLibrary",
2472. "address": "0x45b2d4"
2473. },
2474. {
2475. "name": "FormatMessageA",
2476. "address": "0x45b2d8"
2477. },
2478. {
2479. "name": "FindResourceA",
2480. "address": "0x45b2dc"
2481. },
2482. {
2483. "name": "FindFirstFileA",
2484. "address": "0x45b2e0"
2485. },
2486. {
2487. "name": "FindClose",
2488. "address": "0x45b2e4"
2489. },
2490. {
2491. "name": "FileTimeToLocalFileTime",
2492. "address": "0x45b2e8"
2493. },
2494. {
2495. "name": "FileTimeToDosDateTime",
2496. "address": "0x45b2ec"
2497. },
2498. {
2499. "name": "ExitProcess",
2500. "address": "0x45b2f0"
2501. },
2502. {
2503. "name": "EnumCalendarInfoA",
2504. "address": "0x45b2f4"
2505. },
2506. {
2507. "name": "EnterCriticalSection",
2508. "address": "0x45b2f8"
2509. },
2510. {
2511. "name": "DeleteCriticalSection",
2512. "address": "0x45b2fc"
2513. },
2514. {
2515. "name": "CreateThread",
2516. "address": "0x45b300"
2517. },
2518. {
2519. "name": "CreateFileA",
2520. "address": "0x45b304"
2521. },
2522. {
2523. "name": "CreateEventA",
2524. "address": "0x45b308"
2525. },
2526. {
2527. "name": "CompareStringA",
2528. "address": "0x45b30c"
2529. },
2530. {
2531. "name": "CloseHandle",
2532. "address": "0x45b310"
2533. }
2534. ],
2535. "dll": "kernel32.dll"
2536. },
2537. {
2538. "imports": [
2539. {
2540. "name": "VerQueryValueA",
2541. "address": "0x45b318"
2542. },
2543. {
2544. "name": "GetFileVersionInfoSizeA",
2545. "address": "0x45b31c"
2546. },
2547. {
2548. "name": "GetFileVersionInfoA",
2549. "address": "0x45b320"
2550. }
2551. ],
2552. "dll": "version.dll"
2553. },
2554. {
2555. "imports": [
2556. {
2557. "name": "UnrealizeObject",
2558. "address": "0x45b328"
2559. },
2560. {
2561. "name": "StretchBlt",
2562. "address": "0x45b32c"
2563. },
2564. {
2565. "name": "SetWindowOrgEx",
2566. "address": "0x45b330"
2567. },
2568. {
2569. "name": "SetViewportOrgEx",
2570. "address": "0x45b334"
2571. },
2572. {
2573. "name": "SetTextColor",
2574. "address": "0x45b338"
2575. },
2576. {
2577. "name": "SetStretchBltMode",
2578. "address": "0x45b33c"
2579. },
2580. {
2581. "name": "SetROP2",
2582. "address": "0x45b340"
2583. },
2584. {
2585. "name": "SetPixel",
2586. "address": "0x45b344"
2587. },
2588. {
2589. "name": "SetDIBColorTable",
2590. "address": "0x45b348"
2591. },
2592. {
2593. "name": "SetBrushOrgEx",
2594. "address": "0x45b34c"
2595. },
2596. {
2597. "name": "SetBkMode",
2598. "address": "0x45b350"
2599. },
2600. {
2601. "name": "SetBkColor",
2602. "address": "0x45b354"
2603. },
2604. {
2605. "name": "SelectPalette",
2606. "address": "0x45b358"
2607. },
2608. {
2609. "name": "SelectObject",
2610. "address": "0x45b35c"
2611. },
2612. {
2613. "name": "SaveDC",
2614. "address": "0x45b360"
2615. },
2616. {
2617. "name": "RestoreDC",
2618. "address": "0x45b364"
2619. },
2620. {
2621. "name": "RectVisible",
2622. "address": "0x45b368"
2623. },
2624. {
2625. "name": "RealizePalette",
2626. "address": "0x45b36c"
2627. },
2628. {
2629. "name": "Polyline",
2630. "address": "0x45b370"
2631. },
2632. {
2633. "name": "Pie",
2634. "address": "0x45b374"
2635. },
2636. {
2637. "name": "PatBlt",
2638. "address": "0x45b378"
2639. },
2640. {
2641. "name": "MoveToEx",
2642. "address": "0x45b37c"
2643. },
2644. {
2645. "name": "MaskBlt",
2646. "address": "0x45b380"
2647. },
2648. {
2649. "name": "LineTo",
2650. "address": "0x45b384"
2651. },
2652. {
2653. "name": "IntersectClipRect",
2654. "address": "0x45b388"
2655. },
2656. {
2657. "name": "GetWindowOrgEx",
2658. "address": "0x45b38c"
2659. },
2660. {
2661. "name": "GetTextMetricsA",
2662. "address": "0x45b390"
2663. },
2664. {
2665. "name": "GetTextExtentPoint32A",
2666. "address": "0x45b394"
2667. },
2668. {
2669. "name": "GetTextAlign",
2670. "address": "0x45b398"
2671. },
2672. {
2673. "name": "GetSystemPaletteEntries",
2674. "address": "0x45b39c"
2675. },
2676. {
2677. "name": "GetStockObject",
2678. "address": "0x45b3a0"
2679. },
2680. {
2681. "name": "GetPixel",
2682. "address": "0x45b3a4"
2683. },
2684. {
2685. "name": "GetPaletteEntries",
2686. "address": "0x45b3a8"
2687. },
2688. {
2689. "name": "GetObjectA",
2690. "address": "0x45b3ac"
2691. },
2692. {
2693. "name": "GetDeviceCaps",
2694. "address": "0x45b3b0"
2695. },
2696. {
2697. "name": "GetDIBits",
2698. "address": "0x45b3b4"
2699. },
2700. {
2701. "name": "GetDIBColorTable",
2702. "address": "0x45b3b8"
2703. },
2704. {
2705. "name": "GetDCOrgEx",
2706. "address": "0x45b3bc"
2707. },
2708. {
2709. "name": "GetDCPenColor",
2710. "address": "0x45b3c0"
2711. },
2712. {
2713. "name": "GetDCBrushColor",
2714. "address": "0x45b3c4"
2715. },
2716. {
2717. "name": "GetCurrentPositionEx",
2718. "address": "0x45b3c8"
2719. },
2720. {
2721. "name": "GetClipBox",
2722. "address": "0x45b3cc"
2723. },
2724. {
2725. "name": "GetBrushOrgEx",
2726. "address": "0x45b3d0"
2727. },
2728. {
2729. "name": "GetBitmapBits",
2730. "address": "0x45b3d4"
2731. },
2732. {
2733. "name": "ExtTextOutA",
2734. "address": "0x45b3d8"
2735. },
2736. {
2737. "name": "ExcludeClipRect",
2738. "address": "0x45b3dc"
2739. },
2740. {
2741. "name": "Ellipse",
2742. "address": "0x45b3e0"
2743. },
2744. {
2745. "name": "DeleteObject",
2746. "address": "0x45b3e4"
2747. },
2748. {
2749. "name": "DeleteDC",
2750. "address": "0x45b3e8"
2751. },
2752. {
2753. "name": "CreateSolidBrush",
2754. "address": "0x45b3ec"
2755. },
2756. {
2757. "name": "CreatePenIndirect",
2758. "address": "0x45b3f0"
2759. },
2760. {
2761. "name": "CreatePalette",
2762. "address": "0x45b3f4"
2763. },
2764. {
2765. "name": "CreateHalftonePalette",
2766. "address": "0x45b3f8"
2767. },
2768. {
2769. "name": "CreateFontIndirectA",
2770. "address": "0x45b3fc"
2771. },
2772. {
2773. "name": "CreateDIBitmap",
2774. "address": "0x45b400"
2775. },
2776. {
2777. "name": "CreateDIBSection",
2778. "address": "0x45b404"
2779. },
2780. {
2781. "name": "CreateCompatibleDC",
2782. "address": "0x45b408"
2783. },
2784. {
2785. "name": "CreateCompatibleBitmap",
2786. "address": "0x45b40c"
2787. },
2788. {
2789. "name": "CreateBrushIndirect",
2790. "address": "0x45b410"
2791. },
2792. {
2793. "name": "CreateBitmap",
2794. "address": "0x45b414"
2795. },
2796. {
2797. "name": "BitBlt",
2798. "address": "0x45b418"
2799. }
2800. ],
2801. "dll": "gdi32.dll"
2802. },
2803. {
2804. "imports": [
2805. {
2806. "name": "CreateWindowExA",
2807. "address": "0x45b420"
2808. },
2809. {
2810. "name": "WindowFromPoint",
2811. "address": "0x45b424"
2812. },
2813. {
2814. "name": "WinHelpA",
2815. "address": "0x45b428"
2816. },
2817. {
2818. "name": "WaitMessage",
2819. "address": "0x45b42c"
2820. },
2821. {
2822. "name": "UpdateWindow",
2823. "address": "0x45b430"
2824. },
2825. {
2826. "name": "UnregisterClassA",
2827. "address": "0x45b434"
2828. },
2829. {
2830. "name": "UnhookWindowsHookEx",
2831. "address": "0x45b438"
2832. },
2833. {
2834. "name": "TranslateMessage",
2835. "address": "0x45b43c"
2836. },
2837. {
2838. "name": "TranslateMDISysAccel",
2839. "address": "0x45b440"
2840. },
2841. {
2842. "name": "TrackPopupMenu",
2843. "address": "0x45b444"
2844. },
2845. {
2846. "name": "SystemParametersInfoA",
2847. "address": "0x45b448"
2848. },
2849. {
2850. "name": "ShowWindow",
2851. "address": "0x45b44c"
2852. },
2853. {
2854. "name": "ShowScrollBar",
2855. "address": "0x45b450"
2856. },
2857. {
2858. "name": "ShowOwnedPopups",
2859. "address": "0x45b454"
2860. },
2861. {
2862. "name": "ShowCursor",
2863. "address": "0x45b458"
2864. },
2865. {
2866. "name": "SetWindowsHookExA",
2867. "address": "0x45b45c"
2868. },
2869. {
2870. "name": "SetWindowTextA",
2871. "address": "0x45b460"
2872. },
2873. {
2874. "name": "SetWindowPos",
2875. "address": "0x45b464"
2876. },
2877. {
2878. "name": "SetWindowPlacement",
2879. "address": "0x45b468"
2880. },
2881. {
2882. "name": "SetWindowLongA",
2883. "address": "0x45b46c"
2884. },
2885. {
2886. "name": "SetTimer",
2887. "address": "0x45b470"
2888. },
2889. {
2890. "name": "SetScrollRange",
2891. "address": "0x45b474"
2892. },
2893. {
2894. "name": "SetScrollPos",
2895. "address": "0x45b478"
2896. },
2897. {
2898. "name": "SetScrollInfo",
2899. "address": "0x45b47c"
2900. },
2901. {
2902. "name": "SetRect",
2903. "address": "0x45b480"
2904. },
2905. {
2906. "name": "SetPropA",
2907. "address": "0x45b484"
2908. },
2909. {
2910. "name": "SetParent",
2911. "address": "0x45b488"
2912. },
2913. {
2914. "name": "SetMenuItemInfoA",
2915. "address": "0x45b48c"
2916. },
2917. {
2918. "name": "SetMenu",
2919. "address": "0x45b490"
2920. },
2921. {
2922. "name": "SetForegroundWindow",
2923. "address": "0x45b494"
2924. },
2925. {
2926. "name": "SetFocus",
2927. "address": "0x45b498"
2928. },
2929. {
2930. "name": "SetCursor",
2931. "address": "0x45b49c"
2932. },
2933. {
2934. "name": "SetClassLongA",
2935. "address": "0x45b4a0"
2936. },
2937. {
2938. "name": "SetCapture",
2939. "address": "0x45b4a4"
2940. },
2941. {
2942. "name": "SetActiveWindow",
2943. "address": "0x45b4a8"
2944. },
2945. {
2946. "name": "SendMessageA",
2947. "address": "0x45b4ac"
2948. },
2949. {
2950. "name": "ScrollWindow",
2951. "address": "0x45b4b0"
2952. },
2953. {
2954. "name": "ScreenToClient",
2955. "address": "0x45b4b4"
2956. },
2957. {
2958. "name": "RemovePropA",
2959. "address": "0x45b4b8"
2960. },
2961. {
2962. "name": "RemoveMenu",
2963. "address": "0x45b4bc"
2964. },
2965. {
2966. "name": "ReleaseDC",
2967. "address": "0x45b4c0"
2968. },
2969. {
2970. "name": "ReleaseCapture",
2971. "address": "0x45b4c4"
2972. },
2973. {
2974. "name": "RegisterWindowMessageA",
2975. "address": "0x45b4c8"
2976. },
2977. {
2978. "name": "RegisterClipboardFormatA",
2979. "address": "0x45b4cc"
2980. },
2981. {
2982. "name": "RegisterClassA",
2983. "address": "0x45b4d0"
2984. },
2985. {
2986. "name": "RedrawWindow",
2987. "address": "0x45b4d4"
2988. },
2989. {
2990. "name": "PtInRect",
2991. "address": "0x45b4d8"
2992. },
2993. {
2994. "name": "PostQuitMessage",
2995. "address": "0x45b4dc"
2996. },
2997. {
2998. "name": "PostMessageA",
2999. "address": "0x45b4e0"
3000. },
3001. {
3002. "name": "PeekMessageA",
3003. "address": "0x45b4e4"
3004. },
3005. {
3006. "name": "OffsetRect",
3007. "address": "0x45b4e8"
3008. },
3009. {
3010. "name": "OemToCharA",
3011. "address": "0x45b4ec"
3012. },
3013. {
3014. "name": "MessageBoxA",
3015. "address": "0x45b4f0"
3016. },
3017. {
3018. "name": "MapWindowPoints",
3019. "address": "0x45b4f4"
3020. },
3021. {
3022. "name": "MapVirtualKeyA",
3023. "address": "0x45b4f8"
3024. },
3025. {
3026. "name": "LoadStringA",
3027. "address": "0x45b4fc"
3028. },
3029. {
3030. "name": "LoadKeyboardLayoutA",
3031. "address": "0x45b500"
3032. },
3033. {
3034. "name": "LoadIconA",
3035. "address": "0x45b504"
3036. },
3037. {
3038. "name": "LoadCursorA",
3039. "address": "0x45b508"
3040. },
3041. {
3042. "name": "LoadBitmapA",
3043. "address": "0x45b50c"
3044. },
3045. {
3046. "name": "KillTimer",
3047. "address": "0x45b510"
3048. },
3049. {
3050. "name": "IsZoomed",
3051. "address": "0x45b514"
3052. },
3053. {
3054. "name": "IsWindowVisible",
3055. "address": "0x45b518"
3056. },
3057. {
3058. "name": "IsWindowEnabled",
3059. "address": "0x45b51c"
3060. },
3061. {
3062. "name": "IsWindow",
3063. "address": "0x45b520"
3064. },
3065. {
3066. "name": "IsRectEmpty",
3067. "address": "0x45b524"
3068. },
3069. {
3070. "name": "IsIconic",
3071. "address": "0x45b528"
3072. },
3073. {
3074. "name": "IsDialogMessageA",
3075. "address": "0x45b52c"
3076. },
3077. {
3078. "name": "IsChild",
3079. "address": "0x45b530"
3080. },
3081. {
3082. "name": "InvalidateRect",
3083. "address": "0x45b534"
3084. },
3085. {
3086. "name": "IntersectRect",
3087. "address": "0x45b538"
3088. },
3089. {
3090. "name": "InsertMenuItemA",
3091. "address": "0x45b53c"
3092. },
3093. {
3094. "name": "InsertMenuA",
3095. "address": "0x45b540"
3096. },
3097. {
3098. "name": "InflateRect",
3099. "address": "0x45b544"
3100. },
3101. {
3102. "name": "GetWindowThreadProcessId",
3103. "address": "0x45b548"
3104. },
3105. {
3106. "name": "GetWindowTextA",
3107. "address": "0x45b54c"
3108. },
3109. {
3110. "name": "GetWindowRect",
3111. "address": "0x45b550"
3112. },
3113. {
3114. "name": "GetWindowPlacement",
3115. "address": "0x45b554"
3116. },
3117. {
3118. "name": "GetWindowLongA",
3119. "address": "0x45b558"
3120. },
3121. {
3122. "name": "GetWindowDC",
3123. "address": "0x45b55c"
3124. },
3125. {
3126. "name": "GetTopWindow",
3127. "address": "0x45b560"
3128. },
3129. {
3130. "name": "GetSystemMetrics",
3131. "address": "0x45b564"
3132. },
3133. {
3134. "name": "GetSystemMenu",
3135. "address": "0x45b568"
3136. },
3137. {
3138. "name": "GetSysColorBrush",
3139. "address": "0x45b56c"
3140. },
3141. {
3142. "name": "GetSysColor",
3143. "address": "0x45b570"
3144. },
3145. {
3146. "name": "GetSubMenu",
3147. "address": "0x45b574"
3148. },
3149. {
3150. "name": "GetScrollRange",
3151. "address": "0x45b578"
3152. },
3153. {
3154. "name": "GetScrollPos",
3155. "address": "0x45b57c"
3156. },
3157. {
3158. "name": "GetScrollInfo",
3159. "address": "0x45b580"
3160. },
3161. {
3162. "name": "GetPropA",
3163. "address": "0x45b584"
3164. },
3165. {
3166. "name": "GetParent",
3167. "address": "0x45b588"
3168. },
3169. {
3170. "name": "GetWindow",
3171. "address": "0x45b58c"
3172. },
3173. {
3174. "name": "GetMenuStringA",
3175. "address": "0x45b590"
3176. },
3177. {
3178. "name": "GetMenuState",
3179. "address": "0x45b594"
3180. },
3181. {
3182. "name": "GetMenuItemInfoA",
3183. "address": "0x45b598"
3184. },
3185. {
3186. "name": "GetMenuItemID",
3187. "address": "0x45b59c"
3188. },
3189. {
3190. "name": "GetMenuItemCount",
3191. "address": "0x45b5a0"
3192. },
3193. {
3194. "name": "GetMenu",
3195. "address": "0x45b5a4"
3196. },
3197. {
3198. "name": "GetLastActivePopup",
3199. "address": "0x45b5a8"
3200. },
3201. {
3202. "name": "GetKeyboardState",
3203. "address": "0x45b5ac"
3204. },
3205. {
3206. "name": "GetKeyboardLayoutList",
3207. "address": "0x45b5b0"
3208. },
3209. {
3210. "name": "GetKeyboardLayout",
3211. "address": "0x45b5b4"
3212. },
3213. {
3214. "name": "GetKeyState",
3215. "address": "0x45b5b8"
3216. },
3217. {
3218. "name": "GetKeyNameTextA",
3219. "address": "0x45b5bc"
3220. },
3221. {
3222. "name": "GetIconInfo",
3223. "address": "0x45b5c0"
3224. },
3225. {
3226. "name": "GetForegroundWindow",
3227. "address": "0x45b5c4"
3228. },
3229. {
3230. "name": "GetFocus",
3231. "address": "0x45b5c8"
3232. },
3233. {
3234. "name": "GetDesktopWindow",
3235. "address": "0x45b5cc"
3236. },
3237. {
3238. "name": "GetDCEx",
3239. "address": "0x45b5d0"
3240. },
3241. {
3242. "name": "GetDC",
3243. "address": "0x45b5d4"
3244. },
3245. {
3246. "name": "GetCursorPos",
3247. "address": "0x45b5d8"
3248. },
3249. {
3250. "name": "GetCursor",
3251. "address": "0x45b5dc"
3252. },
3253. {
3254. "name": "GetClientRect",
3255. "address": "0x45b5e0"
3256. },
3257. {
3258. "name": "GetClassNameA",
3259. "address": "0x45b5e4"
3260. },
3261. {
3262. "name": "GetClassInfoA",
3263. "address": "0x45b5e8"
3264. },
3265. {
3266. "name": "GetCapture",
3267. "address": "0x45b5ec"
3268. },
3269. {
3270. "name": "GetActiveWindow",
3271. "address": "0x45b5f0"
3272. },
3273. {
3274. "name": "FrameRect",
3275. "address": "0x45b5f4"
3276. },
3277. {
3278. "name": "FindWindowA",
3279. "address": "0x45b5f8"
3280. },
3281. {
3282. "name": "FillRect",
3283. "address": "0x45b5fc"
3284. },
3285. {
3286. "name": "EqualRect",
3287. "address": "0x45b600"
3288. },
3289. {
3290. "name": "EnumWindows",
3291. "address": "0x45b604"
3292. },
3293. {
3294. "name": "EnumThreadWindows",
3295. "address": "0x45b608"
3296. },
3297. {
3298. "name": "EndPaint",
3299. "address": "0x45b60c"
3300. },
3301. {
3302. "name": "EnableWindow",
3303. "address": "0x45b610"
3304. },
3305. {
3306. "name": "EnableScrollBar",
3307. "address": "0x45b614"
3308. },
3309. {
3310. "name": "EnableMenuItem",
3311. "address": "0x45b618"
3312. },
3313. {
3314. "name": "DrawTextA",
3315. "address": "0x45b61c"
3316. },
3317. {
3318. "name": "DrawMenuBar",
3319. "address": "0x45b620"
3320. },
3321. {
3322. "name": "DrawIconEx",
3323. "address": "0x45b624"
3324. },
3325. {
3326. "name": "DrawIcon",
3327. "address": "0x45b628"
3328. },
3329. {
3330. "name": "DrawFrameControl",
3331. "address": "0x45b62c"
3332. },
3333. {
3334. "name": "DrawEdge",
3335. "address": "0x45b630"
3336. },
3337. {
3338. "name": "DispatchMessageA",
3339. "address": "0x45b634"
3340. },
3341. {
3342. "name": "DestroyWindow",
3343. "address": "0x45b638"
3344. },
3345. {
3346. "name": "DestroyMenu",
3347. "address": "0x45b63c"
3348. },
3349. {
3350. "name": "DestroyIcon",
3351. "address": "0x45b640"
3352. },
3353. {
3354. "name": "DestroyCursor",
3355. "address": "0x45b644"
3356. },
3357. {
3358. "name": "DeleteMenu",
3359. "address": "0x45b648"
3360. },
3361. {
3362. "name": "DefWindowProcA",
3363. "address": "0x45b64c"
3364. },
3365. {
3366. "name": "DefMDIChildProcA",
3367. "address": "0x45b650"
3368. },
3369. {
3370. "name": "DefFrameProcA",
3371. "address": "0x45b654"
3372. },
3373. {
3374. "name": "CreatePopupMenu",
3375. "address": "0x45b658"
3376. },
3377. {
3378. "name": "CreateMenu",
3379. "address": "0x45b65c"
3380. },
3381. {
3382. "name": "CreateIcon",
3383. "address": "0x45b660"
3384. },
3385. {
3386. "name": "ClientToScreen",
3387. "address": "0x45b664"
3388. },
3389. {
3390. "name": "CheckMenuItem",
3391. "address": "0x45b668"
3392. },
3393. {
3394. "name": "CallWindowProcA",
3395. "address": "0x45b66c"
3396. },
3397. {
3398. "name": "CallNextHookEx",
3399. "address": "0x45b670"
3400. },
3401. {
3402. "name": "BeginPaint",
3403. "address": "0x45b674"
3404. },
3405. {
3406. "name": "CharNextA",
3407. "address": "0x45b678"
3408. },
3409. {
3410. "name": "CharLowerA",
3411. "address": "0x45b67c"
3412. },
3413. {
3414. "name": "CharToOemA",
3415. "address": "0x45b680"
3416. },
3417. {
3418. "name": "AdjustWindowRectEx",
3419. "address": "0x45b684"
3420. },
3421. {
3422. "name": "ActivateKeyboardLayout",
3423. "address": "0x45b688"
3424. }
3425. ],
3426. "dll": "user32.dll"
3427. },
3428. {
3429. "imports": [
3430. {
3431. "name": "Sleep",
3432. "address": "0x45b690"
3433. }
3434. ],
3435. "dll": "kernel32.dll"
3436. },
3437. {
3438. "imports": [
3439. {
3440. "name": "SafeArrayPtrOfIndex",
3441. "address": "0x45b698"
3442. },
3443. {
3444. "name": "SafeArrayGetUBound",
3445. "address": "0x45b69c"
3446. },
3447. {
3448. "name": "SafeArrayGetLBound",
3449. "address": "0x45b6a0"
3450. },
3451. {
3452. "name": "SafeArrayCreate",
3453. "address": "0x45b6a4"
3454. },
3455. {
3456. "name": "VariantChangeType",
3457. "address": "0x45b6a8"
3458. },
3459. {
3460. "name": "VariantCopy",
3461. "address": "0x45b6ac"
3462. },
3463. {
3464. "name": "VariantClear",
3465. "address": "0x45b6b0"
3466. },
3467. {
3468. "name": "VariantInit",
3469. "address": "0x45b6b4"
3470. }
3471. ],
3472. "dll": "oleaut32.dll"
3473. },
3474. {
3475. "imports": [
3476. {
3477. "name": "ImageList_SetIconSize",
3478. "address": "0x45b6bc"
3479. },
3480. {
3481. "name": "ImageList_GetIconSize",
3482. "address": "0x45b6c0"
3483. },
3484. {
3485. "name": "ImageList_Write",
3486. "address": "0x45b6c4"
3487. },
3488. {
3489. "name": "ImageList_Read",
3490. "address": "0x45b6c8"
3491. },
3492. {
3493. "name": "ImageList_GetDragImage",
3494. "address": "0x45b6cc"
3495. },
3496. {
3497. "name": "ImageList_DragShowNolock",
3498. "address": "0x45b6d0"
3499. },
3500. {
3501. "name": "ImageList_SetDragCursorImage",
3502. "address": "0x45b6d4"
3503. },
3504. {
3505. "name": "ImageList_DragMove",
3506. "address": "0x45b6d8"
3507. },
3508. {
3509. "name": "ImageList_DragLeave",
3510. "address": "0x45b6dc"
3511. },
3512. {
3513. "name": "ImageList_DragEnter",
3514. "address": "0x45b6e0"
3515. },
3516. {
3517. "name": "ImageList_EndDrag",
3518. "address": "0x45b6e4"
3519. },
3520. {
3521. "name": "ImageList_BeginDrag",
3522. "address": "0x45b6e8"
3523. },
3524. {
3525. "name": "ImageList_Remove",
3526. "address": "0x45b6ec"
3527. },
3528. {
3529. "name": "ImageList_DrawEx",
3530. "address": "0x45b6f0"
3531. },
3532. {
3533. "name": "ImageList_Draw",
3534. "address": "0x45b6f4"
3535. },
3536. {
3537. "name": "ImageList_GetBkColor",
3538. "address": "0x45b6f8"
3539. },
3540. {
3541. "name": "ImageList_SetBkColor",
3542. "address": "0x45b6fc"
3543. },
3544. {
3545. "name": "ImageList_ReplaceIcon",
3546. "address": "0x45b700"
3547. },
3548. {
3549. "name": "ImageList_Add",
3550. "address": "0x45b704"
3551. },
3552. {
3553. "name": "ImageList_SetImageCount",
3554. "address": "0x45b708"
3555. },
3556. {
3557. "name": "ImageList_GetImageCount",
3558. "address": "0x45b70c"
3559. },
3560. {
3561. "name": "ImageList_Destroy",
3562. "address": "0x45b710"
3563. },
3564. {
3565. "name": "ImageList_Create",
3566. "address": "0x45b714"
3567. }
3568. ],
3569. "dll": "comctl32.dll"
3570. }
3571. ],
3572. "digital_signers": null,
3573. "exported_dll_name": null,
3574. "actual_checksum": "0x0006f600",
3575. "overlay": null,
3576. "imagebase": "0x00400000",
3577. "reported_checksum": "0x00000000",
3578. "icon_hash": null,
3579. "entrypoint": "0x004571c8",
3580. "timestamp": "1992-06-19 22:22:17",
3581. "osversion": "4.0",
3582. "sections": [
3583. {
3584. "name": "CODE",
3585. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
3586. "virtual_address": "0x00001000",
3587. "size_of_data": "0x00056400",
3588. "entropy": "6.51",
3589. "raw_address": "0x00000400",
3590. "virtual_size": "0x0005623c",
3591. "characteristics_raw": "0x60000020"
3592. },
3593. {
3594. "name": "DATA",
3595. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3596. "virtual_address": "0x00058000",
3597. "size_of_data": "0x00001200",
3598. "entropy": "3.99",
3599. "raw_address": "0x00056800",
3600. "virtual_size": "0x0000113c",
3601. "characteristics_raw": "0xc0000040"
3602. },
3603. {
3604. "name": "BSS",
3605. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3606. "virtual_address": "0x0005a000",
3607. "size_of_data": "0x00000000",
3608. "entropy": "0.00",
3609. "raw_address": "0x00057a00",
3610. "virtual_size": "0x00000b79",
3611. "characteristics_raw": "0xc0000000"
3612. },
3613. {
3614. "name": ".idata",
3615. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3616. "virtual_address": "0x0005b000",
3617. "size_of_data": "0x00002200",
3618. "entropy": "4.92",
3619. "raw_address": "0x00057a00",
3620. "virtual_size": "0x0000208c",
3621. "characteristics_raw": "0xc0000040"
3622. },
3623. {
3624. "name": ".tls",
3625. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3626. "virtual_address": "0x0005e000",
3627. "size_of_data": "0x00000000",
3628. "entropy": "0.00",
3629. "raw_address": "0x00059c00",
3630. "virtual_size": "0x00000010",
3631. "characteristics_raw": "0xc0000000"
3632. },
3633. {
3634. "name": ".rdata",
3635. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
3636. "virtual_address": "0x0005f000",
3637. "size_of_data": "0x00000200",
3638. "entropy": "0.20",
3639. "raw_address": "0x00059c00",
3640. "virtual_size": "0x00000018",
3641. "characteristics_raw": "0x50000040"
3642. },
3643. {
3644. "name": ".reloc",
3645. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
3646. "virtual_address": "0x00060000",
3647. "size_of_data": "0x00006200",
3648. "entropy": "6.67",
3649. "raw_address": "0x00059e00",
3650. "virtual_size": "0x00006198",
3651. "characteristics_raw": "0x50000040"
3652. },
3653. {
3654. "name": ".rsrc",
3655. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
3656. "virtual_address": "0x00067000",
3657. "size_of_data": "0x00004800",
3658. "entropy": "4.38",
3659. "raw_address": "0x00060000",
3660. "virtual_size": "0x00004800",
3661. "characteristics_raw": "0x50000040"
3662. }
3663. ],
3664. "resources": [],
3665. "dirents": [
3666. {
3667. "virtual_address": "0x00000000",
3668. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
3669. "size": "0x00000000"
3670. },
3671. {
3672. "virtual_address": "0x0005b000",
3673. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
3674. "size": "0x0000208c"
3675. },
3676. {
3677. "virtual_address": "0x00067000",
3678. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
3679. "size": "0x00004800"
3680. },
3681. {
3682. "virtual_address": "0x00000000",
3683. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
3684. "size": "0x00000000"
3685. },
3686. {
3687. "virtual_address": "0x00000000",
3688. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
3689. "size": "0x00000000"
3690. },
3691. {
3692. "virtual_address": "0x00060000",
3693. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
3694. "size": "0x00006198"
3695. },
3696. {
3697. "virtual_address": "0x00000000",
3698. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
3699. "size": "0x00000000"
3700. },
3701. {
3702. "virtual_address": "0x00000000",
3703. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
3704. "size": "0x00000000"
3705. },
3706. {
3707. "virtual_address": "0x00000000",
3708. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
3709. "size": "0x00000000"
3710. },
3711. {
3712. "virtual_address": "0x0005f000",
3713. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
3714. "size": "0x00000018"
3715. },
3716. {
3717. "virtual_address": "0x00000000",
3718. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
3719. "size": "0x00000000"
3720. },
3721. {
3722. "virtual_address": "0x00000000",
3723. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
3724. "size": "0x00000000"
3725. },
3726. {
3727. "virtual_address": "0x00000000",
3728. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
3729. "size": "0x00000000"
3730. },
3731. {
3732. "virtual_address": "0x00000000",
3733. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
3734. "size": "0x00000000"
3735. },
3736. {
3737. "virtual_address": "0x00000000",
3738. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
3739. "size": "0x00000000"
3740. },
3741. {
3742. "virtual_address": "0x00000000",
3743. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
3744. "size": "0x00000000"
3745. }
3746. ],
3747. "exports": [],
3748. "guest_signers": {},
3749. "imphash": "3d14c36d144d8e05489ac5489a77dc6d",
3750. "icon_fuzzy": null,
3751. "icon": null,
3752. "pdbpath": null,
3753. "imported_dll_count": 13,
3754. "versioninfo": []
3755. }
3756. }