Exes_5d842bcb99edde07946590487ab8eee8_exe_json.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_5d842bcb99edde07946590487ab8eee8.exe"
7. [*] File Size: 3002368
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "154b1c54e6f82eb27079b642c37f0abd46409565f40c29815d8ad23969a43ccf"
10. [*] MD5: "5d842bcb99edde07946590487ab8eee8"
11. [*] SHA1: "7534321d70c558a4add06f5921149323b9bc363a"
12. [*] SHA512: "9b631dd8ab9e71ea0ff181f5d06d08ca5a2356051160c2b78c433cb662aec05488b66444b907b234afce8cb4ed26c9517fcc8baad827ca101d4a9cd0b0dbf845"
13. [*] CRC32: "93D7B2B8"
14. [*] SSDEEP: "49152:Vh+ZkldoPK8Ya4bwH37I6PsxoiTwYZLAUWOI:m2cPK8X"
15.  
16. [*] Process Execution: [
17. "Exes_5d842bcb99edde07946590487ab8eee8.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Creates RWX memory",
23. "Details": []
24. },
25. {
26. "Description": "Performs some HTTP requests",
27. "Details": [
28. {
29. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
30. },
31. {
32. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
33. },
34. {
35. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
36. }
37. ]
38. },
39. {
40. "Description": "File has been identified by 18 Antiviruses on VirusTotal as malicious",
41. "Details": [
42. {
43. "FireEye": "Generic.mg.5d842bcb99edde07"
44. },
45. {
46. "CAT-QuickHeal": "PUA.Presenoker.S5304897"
47. },
48. {
49. "Invincea": "heuristic"
50. },
51. {
52. "Symantec": "ML.Attribute.HighConfidence"
53. },
54. {
55. "APEX": "Malicious"
56. },
57. {
58. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
59. },
60. {
61. "Rising": "Trojan.Win32.Agent_.sa (CLASSIC)"
62. },
63. {
64. "Endgame": "malicious (high confidence)"
65. },
66. {
67. "F-Secure": "Heuristic.HEUR/AGEN.1038811"
68. },
69. {
70. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.vh"
71. },
72. {
73. "Avira": "HEUR/AGEN.1038811"
74. },
75. {
76. "AhnLab-V3": "Trojan/Win32.RL_AutoInj.R272810"
77. },
78. {
79. "Microsoft": "Trojan:Win32/Fuerboos.C!cl"
80. },
81. {
82. "Acronis": "suspicious"
83. },
84. {
85. "SentinelOne": "DFI - Suspicious PE"
86. },
87. {
88. "Paloalto": "generic.ml"
89. },
90. {
91. "CrowdStrike": "win/malicious_confidence_70% (D)"
92. },
93. {
94. "Qihoo-360": "HEUR/QVM10.1.EC87.Malware.Gen"
95. }
96. ]
97. },
98. {
99. "Description": "Anomalous binary characteristics",
100. "Details": [
101. {
102. "anomaly": "Actual checksum does not match that reported in PE header"
103. }
104. ]
105. }
106. ]
107.  
108. [*] Started Service: []
109.  
110. [*] Executed Commands: [
111. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_5d842bcb99edde07946590487ab8eee8.exe\\xc3\\xa0Z\""
112. ]
113.  
114. [*] Mutexes: [
115. "frenchy_shellcode_001"
116. ]
117.  
118. [*] Modified Files: []
119.  
120. [*] Deleted Files: []
121.  
122. [*] Modified Registry Keys: []
123.  
124. [*] Deleted Registry Keys: []
125.  
126. [*] DNS Communications: []
127.  
128. [*] Domains: []
129.  
130. [*] Network Communication - ICMP: []
131.  
132. [*] Network Communication - HTTP: [
133. {
134. "count": 1,
135. "body": "",
136. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
137. "user-agent": "Microsoft-CryptoAPI/6.1",
138. "method": "GET",
139. "host": "ocsp.digicert.com",
140. "version": "1.1",
141. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
142. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
143. "port": 80
144. },
145. {
146. "count": 1,
147. "body": "",
148. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
149. "user-agent": "Microsoft-CryptoAPI/6.1",
150. "method": "GET",
151. "host": "ocsp.digicert.com",
152. "version": "1.1",
153. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
154. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
155. "port": 80
156. },
157. {
158. "count": 1,
159. "body": "",
160. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
161. "user-agent": "Microsoft-CryptoAPI/6.1",
162. "method": "GET",
163. "host": "ocsp.digicert.com",
164. "version": "1.1",
165. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
166. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
167. "port": 80
168. }
169. ]
170.  
171. [*] Network Communication - SMTP: []
172.  
173. [*] Network Communication - Hosts: []
174.  
175. [*] Network Communication - IRC: []
176.  
177. [*] Static Analysis: {
178. "pe": {
179. "peid_signatures": null,
180. "imports": [
181. {
182. "imports": [
183. {
184. "name": "WSACleanup",
185. "address": "0x48f7c8"
186. },
187. {
188. "name": "socket",
189. "address": "0x48f7cc"
190. },
191. {
192. "name": "inet_ntoa",
193. "address": "0x48f7d0"
194. },
195. {
196. "name": "setsockopt",
197. "address": "0x48f7d4"
198. },
199. {
200. "name": "ntohs",
201. "address": "0x48f7d8"
202. },
203. {
204. "name": "recvfrom",
205. "address": "0x48f7dc"
206. },
207. {
208. "name": "ioctlsocket",
209. "address": "0x48f7e0"
210. },
211. {
212. "name": "htons",
213. "address": "0x48f7e4"
214. },
215. {
216. "name": "WSAStartup",
217. "address": "0x48f7e8"
218. },
219. {
220. "name": "__WSAFDIsSet",
221. "address": "0x48f7ec"
222. },
223. {
224. "name": "select",
225. "address": "0x48f7f0"
226. },
227. {
228. "name": "accept",
229. "address": "0x48f7f4"
230. },
231. {
232. "name": "listen",
233. "address": "0x48f7f8"
234. },
235. {
236. "name": "bind",
237. "address": "0x48f7fc"
238. },
239. {
240. "name": "closesocket",
241. "address": "0x48f800"
242. },
243. {
244. "name": "WSAGetLastError",
245. "address": "0x48f804"
246. },
247. {
248. "name": "recv",
249. "address": "0x48f808"
250. },
251. {
252. "name": "sendto",
253. "address": "0x48f80c"
254. },
255. {
256. "name": "send",
257. "address": "0x48f810"
258. },
259. {
260. "name": "inet_addr",
261. "address": "0x48f814"
262. },
263. {
264. "name": "gethostbyname",
265. "address": "0x48f818"
266. },
267. {
268. "name": "gethostname",
269. "address": "0x48f81c"
270. },
271. {
272. "name": "connect",
273. "address": "0x48f820"
274. }
275. ],
276. "dll": "WSOCK32.dll"
277. },
278. {
279. "imports": [
280. {
281. "name": "GetFileVersionInfoW",
282. "address": "0x48f76c"
283. },
284. {
285. "name": "GetFileVersionInfoSizeW",
286. "address": "0x48f770"
287. },
288. {
289. "name": "VerQueryValueW",
290. "address": "0x48f774"
291. }
292. ],
293. "dll": "VERSION.dll"
294. },
295. {
296. "imports": [
297. {
298. "name": "timeGetTime",
299. "address": "0x48f7b8"
300. },
301. {
302. "name": "waveOutSetVolume",
303. "address": "0x48f7bc"
304. },
305. {
306. "name": "mciSendStringW",
307. "address": "0x48f7c0"
308. }
309. ],
310. "dll": "WINMM.dll"
311. },
312. {
313. "imports": [
314. {
315. "name": "ImageList_ReplaceIcon",
316. "address": "0x48f088"
317. },
318. {
319. "name": "ImageList_Destroy",
320. "address": "0x48f08c"
321. },
322. {
323. "name": "ImageList_Remove",
324. "address": "0x48f090"
325. },
326. {
327. "name": "ImageList_SetDragCursorImage",
328. "address": "0x48f094"
329. },
330. {
331. "name": "ImageList_BeginDrag",
332. "address": "0x48f098"
333. },
334. {
335. "name": "ImageList_DragEnter",
336. "address": "0x48f09c"
337. },
338. {
339. "name": "ImageList_DragLeave",
340. "address": "0x48f0a0"
341. },
342. {
343. "name": "ImageList_EndDrag",
344. "address": "0x48f0a4"
345. },
346. {
347. "name": "ImageList_DragMove",
348. "address": "0x48f0a8"
349. },
350. {
351. "name": "InitCommonControlsEx",
352. "address": "0x48f0ac"
353. },
354. {
355. "name": "ImageList_Create",
356. "address": "0x48f0b0"
357. }
358. ],
359. "dll": "COMCTL32.dll"
360. },
361. {
362. "imports": [
363. {
364. "name": "WNetUseConnectionW",
365. "address": "0x48f3f8"
366. },
367. {
368. "name": "WNetCancelConnection2W",
369. "address": "0x48f3fc"
370. },
371. {
372. "name": "WNetGetConnectionW",
373. "address": "0x48f400"
374. },
375. {
376. "name": "WNetAddConnection2W",
377. "address": "0x48f404"
378. }
379. ],
380. "dll": "MPR.dll"
381. },
382. {
383. "imports": [
384. {
385. "name": "InternetQueryDataAvailable",
386. "address": "0x48f77c"
387. },
388. {
389. "name": "InternetCloseHandle",
390. "address": "0x48f780"
391. },
392. {
393. "name": "InternetOpenW",
394. "address": "0x48f784"
395. },
396. {
397. "name": "InternetSetOptionW",
398. "address": "0x48f788"
399. },
400. {
401. "name": "InternetCrackUrlW",
402. "address": "0x48f78c"
403. },
404. {
405. "name": "HttpQueryInfoW",
406. "address": "0x48f790"
407. },
408. {
409. "name": "InternetQueryOptionW",
410. "address": "0x48f794"
411. },
412. {
413. "name": "HttpOpenRequestW",
414. "address": "0x48f798"
415. },
416. {
417. "name": "HttpSendRequestW",
418. "address": "0x48f79c"
419. },
420. {
421. "name": "FtpOpenFileW",
422. "address": "0x48f7a0"
423. },
424. {
425. "name": "FtpGetFileSize",
426. "address": "0x48f7a4"
427. },
428. {
429. "name": "InternetOpenUrlW",
430. "address": "0x48f7a8"
431. },
432. {
433. "name": "InternetReadFile",
434. "address": "0x48f7ac"
435. },
436. {
437. "name": "InternetConnectW",
438. "address": "0x48f7b0"
439. }
440. ],
441. "dll": "WININET.dll"
442. },
443. {
444. "imports": [
445. {
446. "name": "GetProcessMemoryInfo",
447. "address": "0x48f484"
448. }
449. ],
450. "dll": "PSAPI.DLL"
451. },
452. {
453. "imports": [
454. {
455. "name": "IcmpCreateFile",
456. "address": "0x48f154"
457. },
458. {
459. "name": "IcmpCloseHandle",
460. "address": "0x48f158"
461. },
462. {
463. "name": "IcmpSendEcho",
464. "address": "0x48f15c"
465. }
466. ],
467. "dll": "IPHLPAPI.DLL"
468. },
469. {
470. "imports": [
471. {
472. "name": "DestroyEnvironmentBlock",
473. "address": "0x48f750"
474. },
475. {
476. "name": "UnloadUserProfile",
477. "address": "0x48f754"
478. },
479. {
480. "name": "CreateEnvironmentBlock",
481. "address": "0x48f758"
482. },
483. {
484. "name": "LoadUserProfileW",
485. "address": "0x48f75c"
486. }
487. ],
488. "dll": "USERENV.dll"
489. },
490. {
491. "imports": [
492. {
493. "name": "IsThemeActive",
494. "address": "0x48f764"
495. }
496. ],
497. "dll": "UxTheme.dll"
498. },
499. {
500. "imports": [
501. {
502. "name": "DuplicateHandle",
503. "address": "0x48f164"
504. },
505. {
506. "name": "CreateThread",
507. "address": "0x48f168"
508. },
509. {
510. "name": "WaitForSingleObject",
511. "address": "0x48f16c"
512. },
513. {
514. "name": "HeapAlloc",
515. "address": "0x48f170"
516. },
517. {
518. "name": "GetProcessHeap",
519. "address": "0x48f174"
520. },
521. {
522. "name": "HeapFree",
523. "address": "0x48f178"
524. },
525. {
526. "name": "Sleep",
527. "address": "0x48f17c"
528. },
529. {
530. "name": "GetCurrentThreadId",
531. "address": "0x48f180"
532. },
533. {
534. "name": "MultiByteToWideChar",
535. "address": "0x48f184"
536. },
537. {
538. "name": "MulDiv",
539. "address": "0x48f188"
540. },
541. {
542. "name": "GetVersionExW",
543. "address": "0x48f18c"
544. },
545. {
546. "name": "IsWow64Process",
547. "address": "0x48f190"
548. },
549. {
550. "name": "GetSystemInfo",
551. "address": "0x48f194"
552. },
553. {
554. "name": "FreeLibrary",
555. "address": "0x48f198"
556. },
557. {
558. "name": "LoadLibraryA",
559. "address": "0x48f19c"
560. },
561. {
562. "name": "GetProcAddress",
563. "address": "0x48f1a0"
564. },
565. {
566. "name": "SetErrorMode",
567. "address": "0x48f1a4"
568. },
569. {
570. "name": "GetModuleFileNameW",
571. "address": "0x48f1a8"
572. },
573. {
574. "name": "WideCharToMultiByte",
575. "address": "0x48f1ac"
576. },
577. {
578. "name": "lstrcpyW",
579. "address": "0x48f1b0"
580. },
581. {
582. "name": "lstrlenW",
583. "address": "0x48f1b4"
584. },
585. {
586. "name": "GetModuleHandleW",
587. "address": "0x48f1b8"
588. },
589. {
590. "name": "QueryPerformanceCounter",
591. "address": "0x48f1bc"
592. },
593. {
594. "name": "VirtualFreeEx",
595. "address": "0x48f1c0"
596. },
597. {
598. "name": "OpenProcess",
599. "address": "0x48f1c4"
600. },
601. {
602. "name": "VirtualAllocEx",
603. "address": "0x48f1c8"
604. },
605. {
606. "name": "WriteProcessMemory",
607. "address": "0x48f1cc"
608. },
609. {
610. "name": "ReadProcessMemory",
611. "address": "0x48f1d0"
612. },
613. {
614. "name": "CreateFileW",
615. "address": "0x48f1d4"
616. },
617. {
618. "name": "SetFilePointerEx",
619. "address": "0x48f1d8"
620. },
621. {
622. "name": "SetEndOfFile",
623. "address": "0x48f1dc"
624. },
625. {
626. "name": "ReadFile",
627. "address": "0x48f1e0"
628. },
629. {
630. "name": "WriteFile",
631. "address": "0x48f1e4"
632. },
633. {
634. "name": "FlushFileBuffers",
635. "address": "0x48f1e8"
636. },
637. {
638. "name": "TerminateProcess",
639. "address": "0x48f1ec"
640. },
641. {
642. "name": "CreateToolhelp32Snapshot",
643. "address": "0x48f1f0"
644. },
645. {
646. "name": "Process32FirstW",
647. "address": "0x48f1f4"
648. },
649. {
650. "name": "Process32NextW",
651. "address": "0x48f1f8"
652. },
653. {
654. "name": "SetFileTime",
655. "address": "0x48f1fc"
656. },
657. {
658. "name": "GetFileAttributesW",
659. "address": "0x48f200"
660. },
661. {
662. "name": "FindFirstFileW",
663. "address": "0x48f204"
664. },
665. {
666. "name": "SetCurrentDirectoryW",
667. "address": "0x48f208"
668. },
669. {
670. "name": "GetLongPathNameW",
671. "address": "0x48f20c"
672. },
673. {
674. "name": "GetShortPathNameW",
675. "address": "0x48f210"
676. },
677. {
678. "name": "DeleteFileW",
679. "address": "0x48f214"
680. },
681. {
682. "name": "FindNextFileW",
683. "address": "0x48f218"
684. },
685. {
686. "name": "CopyFileExW",
687. "address": "0x48f21c"
688. },
689. {
690. "name": "MoveFileW",
691. "address": "0x48f220"
692. },
693. {
694. "name": "CreateDirectoryW",
695. "address": "0x48f224"
696. },
697. {
698. "name": "RemoveDirectoryW",
699. "address": "0x48f228"
700. },
701. {
702. "name": "SetSystemPowerState",
703. "address": "0x48f22c"
704. },
705. {
706. "name": "QueryPerformanceFrequency",
707. "address": "0x48f230"
708. },
709. {
710. "name": "FindResourceW",
711. "address": "0x48f234"
712. },
713. {
714. "name": "LoadResource",
715. "address": "0x48f238"
716. },
717. {
718. "name": "LockResource",
719. "address": "0x48f23c"
720. },
721. {
722. "name": "SizeofResource",
723. "address": "0x48f240"
724. },
725. {
726. "name": "EnumResourceNamesW",
727. "address": "0x48f244"
728. },
729. {
730. "name": "OutputDebugStringW",
731. "address": "0x48f248"
732. },
733. {
734. "name": "GetTempPathW",
735. "address": "0x48f24c"
736. },
737. {
738. "name": "GetTempFileNameW",
739. "address": "0x48f250"
740. },
741. {
742. "name": "DeviceIoControl",
743. "address": "0x48f254"
744. },
745. {
746. "name": "GetLocalTime",
747. "address": "0x48f258"
748. },
749. {
750. "name": "CompareStringW",
751. "address": "0x48f25c"
752. },
753. {
754. "name": "GetCurrentProcess",
755. "address": "0x48f260"
756. },
757. {
758. "name": "EnterCriticalSection",
759. "address": "0x48f264"
760. },
761. {
762. "name": "LeaveCriticalSection",
763. "address": "0x48f268"
764. },
765. {
766. "name": "GetStdHandle",
767. "address": "0x48f26c"
768. },
769. {
770. "name": "CreatePipe",
771. "address": "0x48f270"
772. },
773. {
774. "name": "InterlockedExchange",
775. "address": "0x48f274"
776. },
777. {
778. "name": "TerminateThread",
779. "address": "0x48f278"
780. },
781. {
782. "name": "LoadLibraryExW",
783. "address": "0x48f27c"
784. },
785. {
786. "name": "FindResourceExW",
787. "address": "0x48f280"
788. },
789. {
790. "name": "CopyFileW",
791. "address": "0x48f284"
792. },
793. {
794. "name": "VirtualFree",
795. "address": "0x48f288"
796. },
797. {
798. "name": "FormatMessageW",
799. "address": "0x48f28c"
800. },
801. {
802. "name": "GetExitCodeProcess",
803. "address": "0x48f290"
804. },
805. {
806. "name": "GetPrivateProfileStringW",
807. "address": "0x48f294"
808. },
809. {
810. "name": "WritePrivateProfileStringW",
811. "address": "0x48f298"
812. },
813. {
814. "name": "GetPrivateProfileSectionW",
815. "address": "0x48f29c"
816. },
817. {
818. "name": "WritePrivateProfileSectionW",
819. "address": "0x48f2a0"
820. },
821. {
822. "name": "GetPrivateProfileSectionNamesW",
823. "address": "0x48f2a4"
824. },
825. {
826. "name": "FileTimeToLocalFileTime",
827. "address": "0x48f2a8"
828. },
829. {
830. "name": "FileTimeToSystemTime",
831. "address": "0x48f2ac"
832. },
833. {
834. "name": "SystemTimeToFileTime",
835. "address": "0x48f2b0"
836. },
837. {
838. "name": "LocalFileTimeToFileTime",
839. "address": "0x48f2b4"
840. },
841. {
842. "name": "GetDriveTypeW",
843. "address": "0x48f2b8"
844. },
845. {
846. "name": "GetDiskFreeSpaceExW",
847. "address": "0x48f2bc"
848. },
849. {
850. "name": "GetDiskFreeSpaceW",
851. "address": "0x48f2c0"
852. },
853. {
854. "name": "GetVolumeInformationW",
855. "address": "0x48f2c4"
856. },
857. {
858. "name": "SetVolumeLabelW",
859. "address": "0x48f2c8"
860. },
861. {
862. "name": "CreateHardLinkW",
863. "address": "0x48f2cc"
864. },
865. {
866. "name": "SetFileAttributesW",
867. "address": "0x48f2d0"
868. },
869. {
870. "name": "CreateEventW",
871. "address": "0x48f2d4"
872. },
873. {
874. "name": "SetEvent",
875. "address": "0x48f2d8"
876. },
877. {
878. "name": "GetEnvironmentVariableW",
879. "address": "0x48f2dc"
880. },
881. {
882. "name": "SetEnvironmentVariableW",
883. "address": "0x48f2e0"
884. },
885. {
886. "name": "GlobalLock",
887. "address": "0x48f2e4"
888. },
889. {
890. "name": "GlobalUnlock",
891. "address": "0x48f2e8"
892. },
893. {
894. "name": "GlobalAlloc",
895. "address": "0x48f2ec"
896. },
897. {
898. "name": "GetFileSize",
899. "address": "0x48f2f0"
900. },
901. {
902. "name": "GlobalFree",
903. "address": "0x48f2f4"
904. },
905. {
906. "name": "GlobalMemoryStatusEx",
907. "address": "0x48f2f8"
908. },
909. {
910. "name": "Beep",
911. "address": "0x48f2fc"
912. },
913. {
914. "name": "GetSystemDirectoryW",
915. "address": "0x48f300"
916. },
917. {
918. "name": "HeapReAlloc",
919. "address": "0x48f304"
920. },
921. {
922. "name": "HeapSize",
923. "address": "0x48f308"
924. },
925. {
926. "name": "GetComputerNameW",
927. "address": "0x48f30c"
928. },
929. {
930. "name": "GetWindowsDirectoryW",
931. "address": "0x48f310"
932. },
933. {
934. "name": "GetCurrentProcessId",
935. "address": "0x48f314"
936. },
937. {
938. "name": "GetProcessIoCounters",
939. "address": "0x48f318"
940. },
941. {
942. "name": "CreateProcessW",
943. "address": "0x48f31c"
944. },
945. {
946. "name": "GetProcessId",
947. "address": "0x48f320"
948. },
949. {
950. "name": "SetPriorityClass",
951. "address": "0x48f324"
952. },
953. {
954. "name": "LoadLibraryW",
955. "address": "0x48f328"
956. },
957. {
958. "name": "VirtualAlloc",
959. "address": "0x48f32c"
960. },
961. {
962. "name": "IsDebuggerPresent",
963. "address": "0x48f330"
964. },
965. {
966. "name": "GetCurrentDirectoryW",
967. "address": "0x48f334"
968. },
969. {
970. "name": "lstrcmpiW",
971. "address": "0x48f338"
972. },
973. {
974. "name": "DecodePointer",
975. "address": "0x48f33c"
976. },
977. {
978. "name": "GetLastError",
979. "address": "0x48f340"
980. },
981. {
982. "name": "RaiseException",
983. "address": "0x48f344"
984. },
985. {
986. "name": "InitializeCriticalSectionAndSpinCount",
987. "address": "0x48f348"
988. },
989. {
990. "name": "DeleteCriticalSection",
991. "address": "0x48f34c"
992. },
993. {
994. "name": "InterlockedDecrement",
995. "address": "0x48f350"
996. },
997. {
998. "name": "InterlockedIncrement",
999. "address": "0x48f354"
1000. },
1001. {
1002. "name": "GetCurrentThread",
1003. "address": "0x48f358"
1004. },
1005. {
1006. "name": "CloseHandle",
1007. "address": "0x48f35c"
1008. },
1009. {
1010. "name": "GetFullPathNameW",
1011. "address": "0x48f360"
1012. },
1013. {
1014. "name": "EncodePointer",
1015. "address": "0x48f364"
1016. },
1017. {
1018. "name": "ExitProcess",
1019. "address": "0x48f368"
1020. },
1021. {
1022. "name": "GetModuleHandleExW",
1023. "address": "0x48f36c"
1024. },
1025. {
1026. "name": "ExitThread",
1027. "address": "0x48f370"
1028. },
1029. {
1030. "name": "GetSystemTimeAsFileTime",
1031. "address": "0x48f374"
1032. },
1033. {
1034. "name": "ResumeThread",
1035. "address": "0x48f378"
1036. },
1037. {
1038. "name": "GetCommandLineW",
1039. "address": "0x48f37c"
1040. },
1041. {
1042. "name": "IsProcessorFeaturePresent",
1043. "address": "0x48f380"
1044. },
1045. {
1046. "name": "IsValidCodePage",
1047. "address": "0x48f384"
1048. },
1049. {
1050. "name": "GetACP",
1051. "address": "0x48f388"
1052. },
1053. {
1054. "name": "GetOEMCP",
1055. "address": "0x48f38c"
1056. },
1057. {
1058. "name": "GetCPInfo",
1059. "address": "0x48f390"
1060. },
1061. {
1062. "name": "SetLastError",
1063. "address": "0x48f394"
1064. },
1065. {
1066. "name": "UnhandledExceptionFilter",
1067. "address": "0x48f398"
1068. },
1069. {
1070. "name": "SetUnhandledExceptionFilter",
1071. "address": "0x48f39c"
1072. },
1073. {
1074. "name": "TlsAlloc",
1075. "address": "0x48f3a0"
1076. },
1077. {
1078. "name": "TlsGetValue",
1079. "address": "0x48f3a4"
1080. },
1081. {
1082. "name": "TlsSetValue",
1083. "address": "0x48f3a8"
1084. },
1085. {
1086. "name": "TlsFree",
1087. "address": "0x48f3ac"
1088. },
1089. {
1090. "name": "GetStartupInfoW",
1091. "address": "0x48f3b0"
1092. },
1093. {
1094. "name": "GetStringTypeW",
1095. "address": "0x48f3b4"
1096. },
1097. {
1098. "name": "SetStdHandle",
1099. "address": "0x48f3b8"
1100. },
1101. {
1102. "name": "GetFileType",
1103. "address": "0x48f3bc"
1104. },
1105. {
1106. "name": "GetConsoleCP",
1107. "address": "0x48f3c0"
1108. },
1109. {
1110. "name": "GetConsoleMode",
1111. "address": "0x48f3c4"
1112. },
1113. {
1114. "name": "RtlUnwind",
1115. "address": "0x48f3c8"
1116. },
1117. {
1118. "name": "ReadConsoleW",
1119. "address": "0x48f3cc"
1120. },
1121. {
1122. "name": "GetTimeZoneInformation",
1123. "address": "0x48f3d0"
1124. },
1125. {
1126. "name": "GetDateFormatW",
1127. "address": "0x48f3d4"
1128. },
1129. {
1130. "name": "GetTimeFormatW",
1131. "address": "0x48f3d8"
1132. },
1133. {
1134. "name": "LCMapStringW",
1135. "address": "0x48f3dc"
1136. },
1137. {
1138. "name": "GetEnvironmentStringsW",
1139. "address": "0x48f3e0"
1140. },
1141. {
1142. "name": "FreeEnvironmentStringsW",
1143. "address": "0x48f3e4"
1144. },
1145. {
1146. "name": "WriteConsoleW",
1147. "address": "0x48f3e8"
1148. },
1149. {
1150. "name": "FindClose",
1151. "address": "0x48f3ec"
1152. },
1153. {
1154. "name": "SetEnvironmentVariableA",
1155. "address": "0x48f3f0"
1156. }
1157. ],
1158. "dll": "KERNEL32.dll"
1159. },
1160. {
1161. "imports": [
1162. {
1163. "name": "AdjustWindowRectEx",
1164. "address": "0x48f4cc"
1165. },
1166. {
1167. "name": "CopyImage",
1168. "address": "0x48f4d0"
1169. },
1170. {
1171. "name": "SetWindowPos",
1172. "address": "0x48f4d4"
1173. },
1174. {
1175. "name": "GetCursorInfo",
1176. "address": "0x48f4d8"
1177. },
1178. {
1179. "name": "RegisterHotKey",
1180. "address": "0x48f4dc"
1181. },
1182. {
1183. "name": "ClientToScreen",
1184. "address": "0x48f4e0"
1185. },
1186. {
1187. "name": "GetKeyboardLayoutNameW",
1188. "address": "0x48f4e4"
1189. },
1190. {
1191. "name": "IsCharAlphaW",
1192. "address": "0x48f4e8"
1193. },
1194. {
1195. "name": "IsCharAlphaNumericW",
1196. "address": "0x48f4ec"
1197. },
1198. {
1199. "name": "IsCharLowerW",
1200. "address": "0x48f4f0"
1201. },
1202. {
1203. "name": "IsCharUpperW",
1204. "address": "0x48f4f4"
1205. },
1206. {
1207. "name": "GetMenuStringW",
1208. "address": "0x48f4f8"
1209. },
1210. {
1211. "name": "GetSubMenu",
1212. "address": "0x48f4fc"
1213. },
1214. {
1215. "name": "GetCaretPos",
1216. "address": "0x48f500"
1217. },
1218. {
1219. "name": "IsZoomed",
1220. "address": "0x48f504"
1221. },
1222. {
1223. "name": "MonitorFromPoint",
1224. "address": "0x48f508"
1225. },
1226. {
1227. "name": "GetMonitorInfoW",
1228. "address": "0x48f50c"
1229. },
1230. {
1231. "name": "SetWindowLongW",
1232. "address": "0x48f510"
1233. },
1234. {
1235. "name": "SetLayeredWindowAttributes",
1236. "address": "0x48f514"
1237. },
1238. {
1239. "name": "FlashWindow",
1240. "address": "0x48f518"
1241. },
1242. {
1243. "name": "GetClassLongW",
1244. "address": "0x48f51c"
1245. },
1246. {
1247. "name": "TranslateAcceleratorW",
1248. "address": "0x48f520"
1249. },
1250. {
1251. "name": "IsDialogMessageW",
1252. "address": "0x48f524"
1253. },
1254. {
1255. "name": "GetSysColor",
1256. "address": "0x48f528"
1257. },
1258. {
1259. "name": "InflateRect",
1260. "address": "0x48f52c"
1261. },
1262. {
1263. "name": "DrawFocusRect",
1264. "address": "0x48f530"
1265. },
1266. {
1267. "name": "DrawTextW",
1268. "address": "0x48f534"
1269. },
1270. {
1271. "name": "FrameRect",
1272. "address": "0x48f538"
1273. },
1274. {
1275. "name": "DrawFrameControl",
1276. "address": "0x48f53c"
1277. },
1278. {
1279. "name": "FillRect",
1280. "address": "0x48f540"
1281. },
1282. {
1283. "name": "PtInRect",
1284. "address": "0x48f544"
1285. },
1286. {
1287. "name": "DestroyAcceleratorTable",
1288. "address": "0x48f548"
1289. },
1290. {
1291. "name": "CreateAcceleratorTableW",
1292. "address": "0x48f54c"
1293. },
1294. {
1295. "name": "SetCursor",
1296. "address": "0x48f550"
1297. },
1298. {
1299. "name": "GetWindowDC",
1300. "address": "0x48f554"
1301. },
1302. {
1303. "name": "GetSystemMetrics",
1304. "address": "0x48f558"
1305. },
1306. {
1307. "name": "GetActiveWindow",
1308. "address": "0x48f55c"
1309. },
1310. {
1311. "name": "CharNextW",
1312. "address": "0x48f560"
1313. },
1314. {
1315. "name": "wsprintfW",
1316. "address": "0x48f564"
1317. },
1318. {
1319. "name": "RedrawWindow",
1320. "address": "0x48f568"
1321. },
1322. {
1323. "name": "DrawMenuBar",
1324. "address": "0x48f56c"
1325. },
1326. {
1327. "name": "DestroyMenu",
1328. "address": "0x48f570"
1329. },
1330. {
1331. "name": "SetMenu",
1332. "address": "0x48f574"
1333. },
1334. {
1335. "name": "GetWindowTextLengthW",
1336. "address": "0x48f578"
1337. },
1338. {
1339. "name": "CreateMenu",
1340. "address": "0x48f57c"
1341. },
1342. {
1343. "name": "IsDlgButtonChecked",
1344. "address": "0x48f580"
1345. },
1346. {
1347. "name": "DefDlgProcW",
1348. "address": "0x48f584"
1349. },
1350. {
1351. "name": "CallWindowProcW",
1352. "address": "0x48f588"
1353. },
1354. {
1355. "name": "ReleaseCapture",
1356. "address": "0x48f58c"
1357. },
1358. {
1359. "name": "SetCapture",
1360. "address": "0x48f590"
1361. },
1362. {
1363. "name": "CreateIconFromResourceEx",
1364. "address": "0x48f594"
1365. },
1366. {
1367. "name": "mouse_event",
1368. "address": "0x48f598"
1369. },
1370. {
1371. "name": "ExitWindowsEx",
1372. "address": "0x48f59c"
1373. },
1374. {
1375. "name": "SetActiveWindow",
1376. "address": "0x48f5a0"
1377. },
1378. {
1379. "name": "FindWindowExW",
1380. "address": "0x48f5a4"
1381. },
1382. {
1383. "name": "EnumThreadWindows",
1384. "address": "0x48f5a8"
1385. },
1386. {
1387. "name": "SetMenuDefaultItem",
1388. "address": "0x48f5ac"
1389. },
1390. {
1391. "name": "InsertMenuItemW",
1392. "address": "0x48f5b0"
1393. },
1394. {
1395. "name": "IsMenu",
1396. "address": "0x48f5b4"
1397. },
1398. {
1399. "name": "TrackPopupMenuEx",
1400. "address": "0x48f5b8"
1401. },
1402. {
1403. "name": "GetCursorPos",
1404. "address": "0x48f5bc"
1405. },
1406. {
1407. "name": "DeleteMenu",
1408. "address": "0x48f5c0"
1409. },
1410. {
1411. "name": "SetRect",
1412. "address": "0x48f5c4"
1413. },
1414. {
1415. "name": "GetMenuItemID",
1416. "address": "0x48f5c8"
1417. },
1418. {
1419. "name": "GetMenuItemCount",
1420. "address": "0x48f5cc"
1421. },
1422. {
1423. "name": "SetMenuItemInfoW",
1424. "address": "0x48f5d0"
1425. },
1426. {
1427. "name": "GetMenuItemInfoW",
1428. "address": "0x48f5d4"
1429. },
1430. {
1431. "name": "SetForegroundWindow",
1432. "address": "0x48f5d8"
1433. },
1434. {
1435. "name": "IsIconic",
1436. "address": "0x48f5dc"
1437. },
1438. {
1439. "name": "FindWindowW",
1440. "address": "0x48f5e0"
1441. },
1442. {
1443. "name": "MonitorFromRect",
1444. "address": "0x48f5e4"
1445. },
1446. {
1447. "name": "keybd_event",
1448. "address": "0x48f5e8"
1449. },
1450. {
1451. "name": "SendInput",
1452. "address": "0x48f5ec"
1453. },
1454. {
1455. "name": "GetAsyncKeyState",
1456. "address": "0x48f5f0"
1457. },
1458. {
1459. "name": "SetKeyboardState",
1460. "address": "0x48f5f4"
1461. },
1462. {
1463. "name": "GetKeyboardState",
1464. "address": "0x48f5f8"
1465. },
1466. {
1467. "name": "GetKeyState",
1468. "address": "0x48f5fc"
1469. },
1470. {
1471. "name": "VkKeyScanW",
1472. "address": "0x48f600"
1473. },
1474. {
1475. "name": "LoadStringW",
1476. "address": "0x48f604"
1477. },
1478. {
1479. "name": "DialogBoxParamW",
1480. "address": "0x48f608"
1481. },
1482. {
1483. "name": "MessageBeep",
1484. "address": "0x48f60c"
1485. },
1486. {
1487. "name": "EndDialog",
1488. "address": "0x48f610"
1489. },
1490. {
1491. "name": "SendDlgItemMessageW",
1492. "address": "0x48f614"
1493. },
1494. {
1495. "name": "GetDlgItem",
1496. "address": "0x48f618"
1497. },
1498. {
1499. "name": "SetWindowTextW",
1500. "address": "0x48f61c"
1501. },
1502. {
1503. "name": "CopyRect",
1504. "address": "0x48f620"
1505. },
1506. {
1507. "name": "ReleaseDC",
1508. "address": "0x48f624"
1509. },
1510. {
1511. "name": "GetDC",
1512. "address": "0x48f628"
1513. },
1514. {
1515. "name": "EndPaint",
1516. "address": "0x48f62c"
1517. },
1518. {
1519. "name": "BeginPaint",
1520. "address": "0x48f630"
1521. },
1522. {
1523. "name": "GetClientRect",
1524. "address": "0x48f634"
1525. },
1526. {
1527. "name": "GetMenu",
1528. "address": "0x48f638"
1529. },
1530. {
1531. "name": "DestroyWindow",
1532. "address": "0x48f63c"
1533. },
1534. {
1535. "name": "EnumWindows",
1536. "address": "0x48f640"
1537. },
1538. {
1539. "name": "GetDesktopWindow",
1540. "address": "0x48f644"
1541. },
1542. {
1543. "name": "IsWindow",
1544. "address": "0x48f648"
1545. },
1546. {
1547. "name": "IsWindowEnabled",
1548. "address": "0x48f64c"
1549. },
1550. {
1551. "name": "IsWindowVisible",
1552. "address": "0x48f650"
1553. },
1554. {
1555. "name": "EnableWindow",
1556. "address": "0x48f654"
1557. },
1558. {
1559. "name": "InvalidateRect",
1560. "address": "0x48f658"
1561. },
1562. {
1563. "name": "GetWindowLongW",
1564. "address": "0x48f65c"
1565. },
1566. {
1567. "name": "GetWindowThreadProcessId",
1568. "address": "0x48f660"
1569. },
1570. {
1571. "name": "AttachThreadInput",
1572. "address": "0x48f664"
1573. },
1574. {
1575. "name": "GetFocus",
1576. "address": "0x48f668"
1577. },
1578. {
1579. "name": "GetWindowTextW",
1580. "address": "0x48f66c"
1581. },
1582. {
1583. "name": "ScreenToClient",
1584. "address": "0x48f670"
1585. },
1586. {
1587. "name": "SendMessageTimeoutW",
1588. "address": "0x48f674"
1589. },
1590. {
1591. "name": "EnumChildWindows",
1592. "address": "0x48f678"
1593. },
1594. {
1595. "name": "CharUpperBuffW",
1596. "address": "0x48f67c"
1597. },
1598. {
1599. "name": "GetParent",
1600. "address": "0x48f680"
1601. },
1602. {
1603. "name": "GetDlgCtrlID",
1604. "address": "0x48f684"
1605. },
1606. {
1607. "name": "SendMessageW",
1608. "address": "0x48f688"
1609. },
1610. {
1611. "name": "MapVirtualKeyW",
1612. "address": "0x48f68c"
1613. },
1614. {
1615. "name": "PostMessageW",
1616. "address": "0x48f690"
1617. },
1618. {
1619. "name": "GetWindowRect",
1620. "address": "0x48f694"
1621. },
1622. {
1623. "name": "SetUserObjectSecurity",
1624. "address": "0x48f698"
1625. },
1626. {
1627. "name": "CloseDesktop",
1628. "address": "0x48f69c"
1629. },
1630. {
1631. "name": "CloseWindowStation",
1632. "address": "0x48f6a0"
1633. },
1634. {
1635. "name": "OpenDesktopW",
1636. "address": "0x48f6a4"
1637. },
1638. {
1639. "name": "SetProcessWindowStation",
1640. "address": "0x48f6a8"
1641. },
1642. {
1643. "name": "GetProcessWindowStation",
1644. "address": "0x48f6ac"
1645. },
1646. {
1647. "name": "OpenWindowStationW",
1648. "address": "0x48f6b0"
1649. },
1650. {
1651. "name": "GetUserObjectSecurity",
1652. "address": "0x48f6b4"
1653. },
1654. {
1655. "name": "MessageBoxW",
1656. "address": "0x48f6b8"
1657. },
1658. {
1659. "name": "DefWindowProcW",
1660. "address": "0x48f6bc"
1661. },
1662. {
1663. "name": "SetClipboardData",
1664. "address": "0x48f6c0"
1665. },
1666. {
1667. "name": "EmptyClipboard",
1668. "address": "0x48f6c4"
1669. },
1670. {
1671. "name": "CountClipboardFormats",
1672. "address": "0x48f6c8"
1673. },
1674. {
1675. "name": "CloseClipboard",
1676. "address": "0x48f6cc"
1677. },
1678. {
1679. "name": "GetClipboardData",
1680. "address": "0x48f6d0"
1681. },
1682. {
1683. "name": "IsClipboardFormatAvailable",
1684. "address": "0x48f6d4"
1685. },
1686. {
1687. "name": "OpenClipboard",
1688. "address": "0x48f6d8"
1689. },
1690. {
1691. "name": "BlockInput",
1692. "address": "0x48f6dc"
1693. },
1694. {
1695. "name": "GetMessageW",
1696. "address": "0x48f6e0"
1697. },
1698. {
1699. "name": "LockWindowUpdate",
1700. "address": "0x48f6e4"
1701. },
1702. {
1703. "name": "DispatchMessageW",
1704. "address": "0x48f6e8"
1705. },
1706. {
1707. "name": "TranslateMessage",
1708. "address": "0x48f6ec"
1709. },
1710. {
1711. "name": "PeekMessageW",
1712. "address": "0x48f6f0"
1713. },
1714. {
1715. "name": "UnregisterHotKey",
1716. "address": "0x48f6f4"
1717. },
1718. {
1719. "name": "CheckMenuRadioItem",
1720. "address": "0x48f6f8"
1721. },
1722. {
1723. "name": "CharLowerBuffW",
1724. "address": "0x48f6fc"
1725. },
1726. {
1727. "name": "MoveWindow",
1728. "address": "0x48f700"
1729. },
1730. {
1731. "name": "SetFocus",
1732. "address": "0x48f704"
1733. },
1734. {
1735. "name": "PostQuitMessage",
1736. "address": "0x48f708"
1737. },
1738. {
1739. "name": "KillTimer",
1740. "address": "0x48f70c"
1741. },
1742. {
1743. "name": "CreatePopupMenu",
1744. "address": "0x48f710"
1745. },
1746. {
1747. "name": "RegisterWindowMessageW",
1748. "address": "0x48f714"
1749. },
1750. {
1751. "name": "SetTimer",
1752. "address": "0x48f718"
1753. },
1754. {
1755. "name": "ShowWindow",
1756. "address": "0x48f71c"
1757. },
1758. {
1759. "name": "CreateWindowExW",
1760. "address": "0x48f720"
1761. },
1762. {
1763. "name": "RegisterClassExW",
1764. "address": "0x48f724"
1765. },
1766. {
1767. "name": "LoadIconW",
1768. "address": "0x48f728"
1769. },
1770. {
1771. "name": "LoadCursorW",
1772. "address": "0x48f72c"
1773. },
1774. {
1775. "name": "GetSysColorBrush",
1776. "address": "0x48f730"
1777. },
1778. {
1779. "name": "GetForegroundWindow",
1780. "address": "0x48f734"
1781. },
1782. {
1783. "name": "MessageBoxA",
1784. "address": "0x48f738"
1785. },
1786. {
1787. "name": "DestroyIcon",
1788. "address": "0x48f73c"
1789. },
1790. {
1791. "name": "SystemParametersInfoW",
1792. "address": "0x48f740"
1793. },
1794. {
1795. "name": "LoadImageW",
1796. "address": "0x48f744"
1797. },
1798. {
1799. "name": "GetClassNameW",
1800. "address": "0x48f748"
1801. }
1802. ],
1803. "dll": "USER32.dll"
1804. },
1805. {
1806. "imports": [
1807. {
1808. "name": "StrokePath",
1809. "address": "0x48f0c4"
1810. },
1811. {
1812. "name": "DeleteObject",
1813. "address": "0x48f0c8"
1814. },
1815. {
1816. "name": "GetTextExtentPoint32W",
1817. "address": "0x48f0cc"
1818. },
1819. {
1820. "name": "ExtCreatePen",
1821. "address": "0x48f0d0"
1822. },
1823. {
1824. "name": "GetDeviceCaps",
1825. "address": "0x48f0d4"
1826. },
1827. {
1828. "name": "EndPath",
1829. "address": "0x48f0d8"
1830. },
1831. {
1832. "name": "SetPixel",
1833. "address": "0x48f0dc"
1834. },
1835. {
1836. "name": "CloseFigure",
1837. "address": "0x48f0e0"
1838. },
1839. {
1840. "name": "CreateCompatibleBitmap",
1841. "address": "0x48f0e4"
1842. },
1843. {
1844. "name": "CreateCompatibleDC",
1845. "address": "0x48f0e8"
1846. },
1847. {
1848. "name": "SelectObject",
1849. "address": "0x48f0ec"
1850. },
1851. {
1852. "name": "StretchBlt",
1853. "address": "0x48f0f0"
1854. },
1855. {
1856. "name": "GetDIBits",
1857. "address": "0x48f0f4"
1858. },
1859. {
1860. "name": "LineTo",
1861. "address": "0x48f0f8"
1862. },
1863. {
1864. "name": "AngleArc",
1865. "address": "0x48f0fc"
1866. },
1867. {
1868. "name": "MoveToEx",
1869. "address": "0x48f100"
1870. },
1871. {
1872. "name": "Ellipse",
1873. "address": "0x48f104"
1874. },
1875. {
1876. "name": "DeleteDC",
1877. "address": "0x48f108"
1878. },
1879. {
1880. "name": "GetPixel",
1881. "address": "0x48f10c"
1882. },
1883. {
1884. "name": "CreateDCW",
1885. "address": "0x48f110"
1886. },
1887. {
1888. "name": "GetStockObject",
1889. "address": "0x48f114"
1890. },
1891. {
1892. "name": "GetTextFaceW",
1893. "address": "0x48f118"
1894. },
1895. {
1896. "name": "CreateFontW",
1897. "address": "0x48f11c"
1898. },
1899. {
1900. "name": "SetTextColor",
1901. "address": "0x48f120"
1902. },
1903. {
1904. "name": "PolyDraw",
1905. "address": "0x48f124"
1906. },
1907. {
1908. "name": "BeginPath",
1909. "address": "0x48f128"
1910. },
1911. {
1912. "name": "Rectangle",
1913. "address": "0x48f12c"
1914. },
1915. {
1916. "name": "SetViewportOrgEx",
1917. "address": "0x48f130"
1918. },
1919. {
1920. "name": "GetObjectW",
1921. "address": "0x48f134"
1922. },
1923. {
1924. "name": "SetBkMode",
1925. "address": "0x48f138"
1926. },
1927. {
1928. "name": "RoundRect",
1929. "address": "0x48f13c"
1930. },
1931. {
1932. "name": "SetBkColor",
1933. "address": "0x48f140"
1934. },
1935. {
1936. "name": "CreatePen",
1937. "address": "0x48f144"
1938. },
1939. {
1940. "name": "CreateSolidBrush",
1941. "address": "0x48f148"
1942. },
1943. {
1944. "name": "StrokeAndFillPath",
1945. "address": "0x48f14c"
1946. }
1947. ],
1948. "dll": "GDI32.dll"
1949. },
1950. {
1951. "imports": [
1952. {
1953. "name": "GetOpenFileNameW",
1954. "address": "0x48f0b8"
1955. },
1956. {
1957. "name": "GetSaveFileNameW",
1958. "address": "0x48f0bc"
1959. }
1960. ],
1961. "dll": "COMDLG32.dll"
1962. },
1963. {
1964. "imports": [
1965. {
1966. "name": "GetAce",
1967. "address": "0x48f000"
1968. },
1969. {
1970. "name": "RegEnumValueW",
1971. "address": "0x48f004"
1972. },
1973. {
1974. "name": "RegDeleteValueW",
1975. "address": "0x48f008"
1976. },
1977. {
1978. "name": "RegDeleteKeyW",
1979. "address": "0x48f00c"
1980. },
1981. {
1982. "name": "RegEnumKeyExW",
1983. "address": "0x48f010"
1984. },
1985. {
1986. "name": "RegSetValueExW",
1987. "address": "0x48f014"
1988. },
1989. {
1990. "name": "RegOpenKeyExW",
1991. "address": "0x48f018"
1992. },
1993. {
1994. "name": "RegCloseKey",
1995. "address": "0x48f01c"
1996. },
1997. {
1998. "name": "RegQueryValueExW",
1999. "address": "0x48f020"
2000. },
2001. {
2002. "name": "RegConnectRegistryW",
2003. "address": "0x48f024"
2004. },
2005. {
2006. "name": "InitializeSecurityDescriptor",
2007. "address": "0x48f028"
2008. },
2009. {
2010. "name": "InitializeAcl",
2011. "address": "0x48f02c"
2012. },
2013. {
2014. "name": "AdjustTokenPrivileges",
2015. "address": "0x48f030"
2016. },
2017. {
2018. "name": "OpenThreadToken",
2019. "address": "0x48f034"
2020. },
2021. {
2022. "name": "OpenProcessToken",
2023. "address": "0x48f038"
2024. },
2025. {
2026. "name": "LookupPrivilegeValueW",
2027. "address": "0x48f03c"
2028. },
2029. {
2030. "name": "DuplicateTokenEx",
2031. "address": "0x48f040"
2032. },
2033. {
2034. "name": "CreateProcessAsUserW",
2035. "address": "0x48f044"
2036. },
2037. {
2038. "name": "CreateProcessWithLogonW",
2039. "address": "0x48f048"
2040. },
2041. {
2042. "name": "GetLengthSid",
2043. "address": "0x48f04c"
2044. },
2045. {
2046. "name": "CopySid",
2047. "address": "0x48f050"
2048. },
2049. {
2050. "name": "LogonUserW",
2051. "address": "0x48f054"
2052. },
2053. {
2054. "name": "AllocateAndInitializeSid",
2055. "address": "0x48f058"
2056. },
2057. {
2058. "name": "CheckTokenMembership",
2059. "address": "0x48f05c"
2060. },
2061. {
2062. "name": "RegCreateKeyExW",
2063. "address": "0x48f060"
2064. },
2065. {
2066. "name": "FreeSid",
2067. "address": "0x48f064"
2068. },
2069. {
2070. "name": "GetTokenInformation",
2071. "address": "0x48f068"
2072. },
2073. {
2074. "name": "GetSecurityDescriptorDacl",
2075. "address": "0x48f06c"
2076. },
2077. {
2078. "name": "GetAclInformation",
2079. "address": "0x48f070"
2080. },
2081. {
2082. "name": "AddAce",
2083. "address": "0x48f074"
2084. },
2085. {
2086. "name": "SetSecurityDescriptorDacl",
2087. "address": "0x48f078"
2088. },
2089. {
2090. "name": "GetUserNameW",
2091. "address": "0x48f07c"
2092. },
2093. {
2094. "name": "InitiateSystemShutdownExW",
2095. "address": "0x48f080"
2096. }
2097. ],
2098. "dll": "ADVAPI32.dll"
2099. },
2100. {
2101. "imports": [
2102. {
2103. "name": "DragQueryPoint",
2104. "address": "0x48f48c"
2105. },
2106. {
2107. "name": "ShellExecuteExW",
2108. "address": "0x48f490"
2109. },
2110. {
2111. "name": "DragQueryFileW",
2112. "address": "0x48f494"
2113. },
2114. {
2115. "name": "SHEmptyRecycleBinW",
2116. "address": "0x48f498"
2117. },
2118. {
2119. "name": "SHGetPathFromIDListW",
2120. "address": "0x48f49c"
2121. },
2122. {
2123. "name": "SHBrowseForFolderW",
2124. "address": "0x48f4a0"
2125. },
2126. {
2127. "name": "SHCreateShellItem",
2128. "address": "0x48f4a4"
2129. },
2130. {
2131. "name": "SHGetDesktopFolder",
2132. "address": "0x48f4a8"
2133. },
2134. {
2135. "name": "SHGetSpecialFolderLocation",
2136. "address": "0x48f4ac"
2137. },
2138. {
2139. "name": "SHGetFolderPathW",
2140. "address": "0x48f4b0"
2141. },
2142. {
2143. "name": "SHFileOperationW",
2144. "address": "0x48f4b4"
2145. },
2146. {
2147. "name": "ExtractIconExW",
2148. "address": "0x48f4b8"
2149. },
2150. {
2151. "name": "Shell_NotifyIconW",
2152. "address": "0x48f4bc"
2153. },
2154. {
2155. "name": "ShellExecuteW",
2156. "address": "0x48f4c0"
2157. },
2158. {
2159. "name": "DragFinish",
2160. "address": "0x48f4c4"
2161. }
2162. ],
2163. "dll": "SHELL32.dll"
2164. },
2165. {
2166. "imports": [
2167. {
2168. "name": "CoTaskMemAlloc",
2169. "address": "0x48f828"
2170. },
2171. {
2172. "name": "CoTaskMemFree",
2173. "address": "0x48f82c"
2174. },
2175. {
2176. "name": "CLSIDFromString",
2177. "address": "0x48f830"
2178. },
2179. {
2180. "name": "ProgIDFromCLSID",
2181. "address": "0x48f834"
2182. },
2183. {
2184. "name": "CLSIDFromProgID",
2185. "address": "0x48f838"
2186. },
2187. {
2188. "name": "OleSetMenuDescriptor",
2189. "address": "0x48f83c"
2190. },
2191. {
2192. "name": "MkParseDisplayName",
2193. "address": "0x48f840"
2194. },
2195. {
2196. "name": "OleSetContainedObject",
2197. "address": "0x48f844"
2198. },
2199. {
2200. "name": "CoCreateInstance",
2201. "address": "0x48f848"
2202. },
2203. {
2204. "name": "IIDFromString",
2205. "address": "0x48f84c"
2206. },
2207. {
2208. "name": "StringFromGUID2",
2209. "address": "0x48f850"
2210. },
2211. {
2212. "name": "CreateStreamOnHGlobal",
2213. "address": "0x48f854"
2214. },
2215. {
2216. "name": "OleInitialize",
2217. "address": "0x48f858"
2218. },
2219. {
2220. "name": "OleUninitialize",
2221. "address": "0x48f85c"
2222. },
2223. {
2224. "name": "CoInitialize",
2225. "address": "0x48f860"
2226. },
2227. {
2228. "name": "CoUninitialize",
2229. "address": "0x48f864"
2230. },
2231. {
2232. "name": "GetRunningObjectTable",
2233. "address": "0x48f868"
2234. },
2235. {
2236. "name": "CoGetInstanceFromFile",
2237. "address": "0x48f86c"
2238. },
2239. {
2240. "name": "CoGetObject",
2241. "address": "0x48f870"
2242. },
2243. {
2244. "name": "CoSetProxyBlanket",
2245. "address": "0x48f874"
2246. },
2247. {
2248. "name": "CoCreateInstanceEx",
2249. "address": "0x48f878"
2250. },
2251. {
2252. "name": "CoInitializeSecurity",
2253. "address": "0x48f87c"
2254. }
2255. ],
2256. "dll": "ole32.dll"
2257. },
2258. {
2259. "imports": [
2260. {
2261. "name": "LoadTypeLibEx",
2262. "address": "0x48f40c"
2263. },
2264. {
2265. "name": "VariantCopyInd",
2266. "address": "0x48f410"
2267. },
2268. {
2269. "name": "SysReAllocString",
2270. "address": "0x48f414"
2271. },
2272. {
2273. "name": "SysFreeString",
2274. "address": "0x48f418"
2275. },
2276. {
2277. "name": "SafeArrayDestroyDescriptor",
2278. "address": "0x48f41c"
2279. },
2280. {
2281. "name": "SafeArrayDestroyData",
2282. "address": "0x48f420"
2283. },
2284. {
2285. "name": "SafeArrayUnaccessData",
2286. "address": "0x48f424"
2287. },
2288. {
2289. "name": "SafeArrayAccessData",
2290. "address": "0x48f428"
2291. },
2292. {
2293. "name": "SafeArrayAllocData",
2294. "address": "0x48f42c"
2295. },
2296. {
2297. "name": "SafeArrayAllocDescriptorEx",
2298. "address": "0x48f430"
2299. },
2300. {
2301. "name": "SafeArrayCreateVector",
2302. "address": "0x48f434"
2303. },
2304. {
2305. "name": "RegisterTypeLib",
2306. "address": "0x48f438"
2307. },
2308. {
2309. "name": "CreateStdDispatch",
2310. "address": "0x48f43c"
2311. },
2312. {
2313. "name": "DispCallFunc",
2314. "address": "0x48f440"
2315. },
2316. {
2317. "name": "VariantChangeType",
2318. "address": "0x48f444"
2319. },
2320. {
2321. "name": "SysStringLen",
2322. "address": "0x48f448"
2323. },
2324. {
2325. "name": "VariantTimeToSystemTime",
2326. "address": "0x48f44c"
2327. },
2328. {
2329. "name": "VarR8FromDec",
2330. "address": "0x48f450"
2331. },
2332. {
2333. "name": "SafeArrayGetVartype",
2334. "address": "0x48f454"
2335. },
2336. {
2337. "name": "VariantCopy",
2338. "address": "0x48f458"
2339. },
2340. {
2341. "name": "VariantClear",
2342. "address": "0x48f45c"
2343. },
2344. {
2345. "name": "OleLoadPicture",
2346. "address": "0x48f460"
2347. },
2348. {
2349. "name": "QueryPathOfRegTypeLib",
2350. "address": "0x48f464"
2351. },
2352. {
2353. "name": "RegisterTypeLibForUser",
2354. "address": "0x48f468"
2355. },
2356. {
2357. "name": "UnRegisterTypeLibForUser",
2358. "address": "0x48f46c"
2359. },
2360. {
2361. "name": "UnRegisterTypeLib",
2362. "address": "0x48f470"
2363. },
2364. {
2365. "name": "CreateDispTypeInfo",
2366. "address": "0x48f474"
2367. },
2368. {
2369. "name": "SysAllocString",
2370. "address": "0x48f478"
2371. },
2372. {
2373. "name": "VariantInit",
2374. "address": "0x48f47c"
2375. }
2376. ],
2377. "dll": "OLEAUT32.dll"
2378. }
2379. ],
2380. "digital_signers": null,
2381. "exported_dll_name": null,
2382. "actual_checksum": "0x002ea2f1",
2383. "overlay": null,
2384. "imagebase": "0x00400000",
2385. "reported_checksum": "0x0012e1f1",
2386. "icon_hash": null,
2387. "entrypoint": "0x0042800a",
2388. "timestamp": "2019-06-17 10:36:41",
2389. "osversion": "5.1",
2390. "sections": [
2391. {
2392. "name": ".text",
2393. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2394. "virtual_address": "0x00001000",
2395. "size_of_data": "0x0008e000",
2396. "entropy": "6.68",
2397. "raw_address": "0x00000400",
2398. "virtual_size": "0x0008dfdd",
2399. "characteristics_raw": "0x60000020"
2400. },
2401. {
2402. "name": ".rdata",
2403. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2404. "virtual_address": "0x0008f000",
2405. "size_of_data": "0x0002fe00",
2406. "entropy": "5.76",
2407. "raw_address": "0x0008e400",
2408. "virtual_size": "0x0002fd8e",
2409. "characteristics_raw": "0x40000040"
2410. },
2411. {
2412. "name": ".data",
2413. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2414. "virtual_address": "0x000bf000",
2415. "size_of_data": "0x00005200",
2416. "entropy": "1.20",
2417. "raw_address": "0x000be200",
2418. "virtual_size": "0x00008f74",
2419. "characteristics_raw": "0xc0000040"
2420. },
2421. {
2422. "name": ".rsrc",
2423. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2424. "virtual_address": "0x000c8000",
2425. "size_of_data": "0x00212a00",
2426. "entropy": "6.49",
2427. "raw_address": "0x000c3400",
2428. "virtual_size": "0x00212970",
2429. "characteristics_raw": "0x40000040"
2430. },
2431. {
2432. "name": ".reloc",
2433. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
2434. "virtual_address": "0x002db000",
2435. "size_of_data": "0x00007200",
2436. "entropy": "6.78",
2437. "raw_address": "0x002d5e00",
2438. "virtual_size": "0x00007134",
2439. "characteristics_raw": "0x42000040"
2440. }
2441. ],
2442. "resources": [],
2443. "dirents": [
2444. {
2445. "virtual_address": "0x00000000",
2446. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2447. "size": "0x00000000"
2448. },
2449. {
2450. "virtual_address": "0x000bc0cc",
2451. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2452. "size": "0x0000017c"
2453. },
2454. {
2455. "virtual_address": "0x000c8000",
2456. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2457. "size": "0x00212970"
2458. },
2459. {
2460. "virtual_address": "0x00000000",
2461. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2462. "size": "0x00000000"
2463. },
2464. {
2465. "virtual_address": "0x00000000",
2466. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2467. "size": "0x00000000"
2468. },
2469. {
2470. "virtual_address": "0x002db000",
2471. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2472. "size": "0x00007134"
2473. },
2474. {
2475. "virtual_address": "0x00092bc0",
2476. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2477. "size": "0x0000001c"
2478. },
2479. {
2480. "virtual_address": "0x00000000",
2481. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2482. "size": "0x00000000"
2483. },
2484. {
2485. "virtual_address": "0x00000000",
2486. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2487. "size": "0x00000000"
2488. },
2489. {
2490. "virtual_address": "0x00000000",
2491. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2492. "size": "0x00000000"
2493. },
2494. {
2495. "virtual_address": "0x000a4b50",
2496. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2497. "size": "0x00000040"
2498. },
2499. {
2500. "virtual_address": "0x00000000",
2501. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2502. "size": "0x00000000"
2503. },
2504. {
2505. "virtual_address": "0x0008f000",
2506. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2507. "size": "0x00000884"
2508. },
2509. {
2510. "virtual_address": "0x00000000",
2511. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2512. "size": "0x00000000"
2513. },
2514. {
2515. "virtual_address": "0x00000000",
2516. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2517. "size": "0x00000000"
2518. },
2519. {
2520. "virtual_address": "0x00000000",
2521. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2522. "size": "0x00000000"
2523. }
2524. ],
2525. "exports": [],
2526. "guest_signers": {},
2527. "imphash": "afcdf79be1557326c854b6e20cb900a7",
2528. "icon_fuzzy": null,
2529. "icon": null,
2530. "pdbpath": null,
2531. "imported_dll_count": 18,
2532. "versioninfo": []
2533. }
2534. }
2535.  
2536. [*] Resolved APIs: [
2537. "kernel32.dll.FlsAlloc",
2538. "kernel32.dll.FlsFree",
2539. "kernel32.dll.FlsGetValue",
2540. "kernel32.dll.FlsSetValue",
2541. "kernel32.dll.InitializeCriticalSectionEx",
2542. "kernel32.dll.CreateEventExW",
2543. "kernel32.dll.CreateSemaphoreExW",
2544. "kernel32.dll.SetThreadStackGuarantee",
2545. "kernel32.dll.CreateThreadpoolTimer",
2546. "kernel32.dll.SetThreadpoolTimer",
2547. "kernel32.dll.WaitForThreadpoolTimerCallbacks",
2548. "kernel32.dll.CloseThreadpoolTimer",
2549. "kernel32.dll.CreateThreadpoolWait",
2550. "kernel32.dll.SetThreadpoolWait",
2551. "kernel32.dll.CloseThreadpoolWait",
2552. "kernel32.dll.FlushProcessWriteBuffers",
2553. "kernel32.dll.FreeLibraryWhenCallbackReturns",
2554. "kernel32.dll.GetCurrentProcessorNumber",
2555. "kernel32.dll.GetLogicalProcessorInformation",
2556. "kernel32.dll.CreateSymbolicLinkW",
2557. "kernel32.dll.EnumSystemLocalesEx",
2558. "kernel32.dll.CompareStringEx",
2559. "kernel32.dll.GetDateFormatEx",
2560. "kernel32.dll.GetLocaleInfoEx",
2561. "kernel32.dll.GetTimeFormatEx",
2562. "kernel32.dll.GetUserDefaultLocaleName",
2563. "kernel32.dll.IsValidLocaleName",
2564. "kernel32.dll.LCMapStringEx",
2565. "kernel32.dll.GetTickCount64",
2566. "kernel32.dll.GetNativeSystemInfo",
2567. "cryptbase.dll.SystemFunction036",
2568. "uxtheme.dll.ThemeInitApiHook",
2569. "user32.dll.IsProcessDPIAware",
2570. "kernel32.dll.Wow64DisableWow64FsRedirection",
2571. "kernel32.dll.Wow64RevertWow64FsRedirection",
2572. "dwmapi.dll.DwmIsCompositionEnabled",
2573. "comctl32.dll.RegisterClassNameW",
2574. "kernel32.dll.SortGetHandle",
2575. "kernel32.dll.SortCloseHandle",
2576. "uxtheme.dll.OpenThemeData",
2577. "uxtheme.dll.GetThemeBool",
2578. "imm32.dll.ImmGetContext",
2579. "imm32.dll.ImmReleaseContext",
2580. "imm32.dll.ImmAssociateContext",
2581. "imm32.dll.ImmIsIME",
2582. "comctl32.dll.HIMAGELIST_QueryInterface",
2583. "comctl32.dll.DrawShadowText",
2584. "comctl32.dll.DrawSizeBox",
2585. "comctl32.dll.DrawScrollBar",
2586. "comctl32.dll.SizeBoxHwnd",
2587. "comctl32.dll.ScrollBar_MouseMove",
2588. "comctl32.dll.ScrollBar_Menu",
2589. "comctl32.dll.HandleScrollCmd",
2590. "comctl32.dll.DetachScrollBars",
2591. "comctl32.dll.AttachScrollBars",
2592. "comctl32.dll.CCSetScrollInfo",
2593. "comctl32.dll.CCGetScrollInfo",
2594. "comctl32.dll.CCEnableScrollBar",
2595. "comctl32.dll.QuerySystemGestureStatus",
2596. "uxtheme.dll.#49",
2597. "shell32.dll.#66",
2598. "ole32.dll.CoTaskMemFree",
2599. "kernel32.dll.FindResourceW",
2600. "kernel32.dll.SizeofResource",
2601. "kernel32.dll.LoadResource",
2602. "kernel32.dll.LockResource",
2603. "crypt32.dll.CryptStringToBinaryA",
2604. "kernel32.dll.VirtualAlloc",
2605. "advapi32.dll.CryptAcquireContextW",
2606. "advapi32.dll.CryptCreateHash",
2607. "advapi32.dll.CryptDecrypt",
2608. "advapi32.dll.CryptDeriveKey",
2609. "advapi32.dll.CryptDestroyHash",
2610. "advapi32.dll.CryptDestroyKey",
2611. "advapi32.dll.CryptHashData",
2612. "advapi32.dll.CryptReleaseContext",
2613. "user32.dll.MessageBoxA",
2614. "ole32.dll.CoInitializeEx",
2615. "ole32.dll.CoCreateInstance",
2616. "kernel32.dll.CreateMutexW",
2617. "kernel32.dll.VirtualFree",
2618. "kernel32.dll.GetProcessId",
2619. "uxtheme.dll.CloseThemeData",
2620. "oleaut32.dll.#500"
2621. ]
2622.  
2623. [*] Static Analysis: {
2624. "pe": {
2625. "peid_signatures": null,
2626. "imports": [
2627. {
2628. "imports": [
2629. {
2630. "name": "WSACleanup",
2631. "address": "0x48f7c8"
2632. },
2633. {
2634. "name": "socket",
2635. "address": "0x48f7cc"
2636. },
2637. {
2638. "name": "inet_ntoa",
2639. "address": "0x48f7d0"
2640. },
2641. {
2642. "name": "setsockopt",
2643. "address": "0x48f7d4"
2644. },
2645. {
2646. "name": "ntohs",
2647. "address": "0x48f7d8"
2648. },
2649. {
2650. "name": "recvfrom",
2651. "address": "0x48f7dc"
2652. },
2653. {
2654. "name": "ioctlsocket",
2655. "address": "0x48f7e0"
2656. },
2657. {
2658. "name": "htons",
2659. "address": "0x48f7e4"
2660. },
2661. {
2662. "name": "WSAStartup",
2663. "address": "0x48f7e8"
2664. },
2665. {
2666. "name": "__WSAFDIsSet",
2667. "address": "0x48f7ec"
2668. },
2669. {
2670. "name": "select",
2671. "address": "0x48f7f0"
2672. },
2673. {
2674. "name": "accept",
2675. "address": "0x48f7f4"
2676. },
2677. {
2678. "name": "listen",
2679. "address": "0x48f7f8"
2680. },
2681. {
2682. "name": "bind",
2683. "address": "0x48f7fc"
2684. },
2685. {
2686. "name": "closesocket",
2687. "address": "0x48f800"
2688. },
2689. {
2690. "name": "WSAGetLastError",
2691. "address": "0x48f804"
2692. },
2693. {
2694. "name": "recv",
2695. "address": "0x48f808"
2696. },
2697. {
2698. "name": "sendto",
2699. "address": "0x48f80c"
2700. },
2701. {
2702. "name": "send",
2703. "address": "0x48f810"
2704. },
2705. {
2706. "name": "inet_addr",
2707. "address": "0x48f814"
2708. },
2709. {
2710. "name": "gethostbyname",
2711. "address": "0x48f818"
2712. },
2713. {
2714. "name": "gethostname",
2715. "address": "0x48f81c"
2716. },
2717. {
2718. "name": "connect",
2719. "address": "0x48f820"
2720. }
2721. ],
2722. "dll": "WSOCK32.dll"
2723. },
2724. {
2725. "imports": [
2726. {
2727. "name": "GetFileVersionInfoW",
2728. "address": "0x48f76c"
2729. },
2730. {
2731. "name": "GetFileVersionInfoSizeW",
2732. "address": "0x48f770"
2733. },
2734. {
2735. "name": "VerQueryValueW",
2736. "address": "0x48f774"
2737. }
2738. ],
2739. "dll": "VERSION.dll"
2740. },
2741. {
2742. "imports": [
2743. {
2744. "name": "timeGetTime",
2745. "address": "0x48f7b8"
2746. },
2747. {
2748. "name": "waveOutSetVolume",
2749. "address": "0x48f7bc"
2750. },
2751. {
2752. "name": "mciSendStringW",
2753. "address": "0x48f7c0"
2754. }
2755. ],
2756. "dll": "WINMM.dll"
2757. },
2758. {
2759. "imports": [
2760. {
2761. "name": "ImageList_ReplaceIcon",
2762. "address": "0x48f088"
2763. },
2764. {
2765. "name": "ImageList_Destroy",
2766. "address": "0x48f08c"
2767. },
2768. {
2769. "name": "ImageList_Remove",
2770. "address": "0x48f090"
2771. },
2772. {
2773. "name": "ImageList_SetDragCursorImage",
2774. "address": "0x48f094"
2775. },
2776. {
2777. "name": "ImageList_BeginDrag",
2778. "address": "0x48f098"
2779. },
2780. {
2781. "name": "ImageList_DragEnter",
2782. "address": "0x48f09c"
2783. },
2784. {
2785. "name": "ImageList_DragLeave",
2786. "address": "0x48f0a0"
2787. },
2788. {
2789. "name": "ImageList_EndDrag",
2790. "address": "0x48f0a4"
2791. },
2792. {
2793. "name": "ImageList_DragMove",
2794. "address": "0x48f0a8"
2795. },
2796. {
2797. "name": "InitCommonControlsEx",
2798. "address": "0x48f0ac"
2799. },
2800. {
2801. "name": "ImageList_Create",
2802. "address": "0x48f0b0"
2803. }
2804. ],
2805. "dll": "COMCTL32.dll"
2806. },
2807. {
2808. "imports": [
2809. {
2810. "name": "WNetUseConnectionW",
2811. "address": "0x48f3f8"
2812. },
2813. {
2814. "name": "WNetCancelConnection2W",
2815. "address": "0x48f3fc"
2816. },
2817. {
2818. "name": "WNetGetConnectionW",
2819. "address": "0x48f400"
2820. },
2821. {
2822. "name": "WNetAddConnection2W",
2823. "address": "0x48f404"
2824. }
2825. ],
2826. "dll": "MPR.dll"
2827. },
2828. {
2829. "imports": [
2830. {
2831. "name": "InternetQueryDataAvailable",
2832. "address": "0x48f77c"
2833. },
2834. {
2835. "name": "InternetCloseHandle",
2836. "address": "0x48f780"
2837. },
2838. {
2839. "name": "InternetOpenW",
2840. "address": "0x48f784"
2841. },
2842. {
2843. "name": "InternetSetOptionW",
2844. "address": "0x48f788"
2845. },
2846. {
2847. "name": "InternetCrackUrlW",
2848. "address": "0x48f78c"
2849. },
2850. {
2851. "name": "HttpQueryInfoW",
2852. "address": "0x48f790"
2853. },
2854. {
2855. "name": "InternetQueryOptionW",
2856. "address": "0x48f794"
2857. },
2858. {
2859. "name": "HttpOpenRequestW",
2860. "address": "0x48f798"
2861. },
2862. {
2863. "name": "HttpSendRequestW",
2864. "address": "0x48f79c"
2865. },
2866. {
2867. "name": "FtpOpenFileW",
2868. "address": "0x48f7a0"
2869. },
2870. {
2871. "name": "FtpGetFileSize",
2872. "address": "0x48f7a4"
2873. },
2874. {
2875. "name": "InternetOpenUrlW",
2876. "address": "0x48f7a8"
2877. },
2878. {
2879. "name": "InternetReadFile",
2880. "address": "0x48f7ac"
2881. },
2882. {
2883. "name": "InternetConnectW",
2884. "address": "0x48f7b0"
2885. }
2886. ],
2887. "dll": "WININET.dll"
2888. },
2889. {
2890. "imports": [
2891. {
2892. "name": "GetProcessMemoryInfo",
2893. "address": "0x48f484"
2894. }
2895. ],
2896. "dll": "PSAPI.DLL"
2897. },
2898. {
2899. "imports": [
2900. {
2901. "name": "IcmpCreateFile",
2902. "address": "0x48f154"
2903. },
2904. {
2905. "name": "IcmpCloseHandle",
2906. "address": "0x48f158"
2907. },
2908. {
2909. "name": "IcmpSendEcho",
2910. "address": "0x48f15c"
2911. }
2912. ],
2913. "dll": "IPHLPAPI.DLL"
2914. },
2915. {
2916. "imports": [
2917. {
2918. "name": "DestroyEnvironmentBlock",
2919. "address": "0x48f750"
2920. },
2921. {
2922. "name": "UnloadUserProfile",
2923. "address": "0x48f754"
2924. },
2925. {
2926. "name": "CreateEnvironmentBlock",
2927. "address": "0x48f758"
2928. },
2929. {
2930. "name": "LoadUserProfileW",
2931. "address": "0x48f75c"
2932. }
2933. ],
2934. "dll": "USERENV.dll"
2935. },
2936. {
2937. "imports": [
2938. {
2939. "name": "IsThemeActive",
2940. "address": "0x48f764"
2941. }
2942. ],
2943. "dll": "UxTheme.dll"
2944. },
2945. {
2946. "imports": [
2947. {
2948. "name": "DuplicateHandle",
2949. "address": "0x48f164"
2950. },
2951. {
2952. "name": "CreateThread",
2953. "address": "0x48f168"
2954. },
2955. {
2956. "name": "WaitForSingleObject",
2957. "address": "0x48f16c"
2958. },
2959. {
2960. "name": "HeapAlloc",
2961. "address": "0x48f170"
2962. },
2963. {
2964. "name": "GetProcessHeap",
2965. "address": "0x48f174"
2966. },
2967. {
2968. "name": "HeapFree",
2969. "address": "0x48f178"
2970. },
2971. {
2972. "name": "Sleep",
2973. "address": "0x48f17c"
2974. },
2975. {
2976. "name": "GetCurrentThreadId",
2977. "address": "0x48f180"
2978. },
2979. {
2980. "name": "MultiByteToWideChar",
2981. "address": "0x48f184"
2982. },
2983. {
2984. "name": "MulDiv",
2985. "address": "0x48f188"
2986. },
2987. {
2988. "name": "GetVersionExW",
2989. "address": "0x48f18c"
2990. },
2991. {
2992. "name": "IsWow64Process",
2993. "address": "0x48f190"
2994. },
2995. {
2996. "name": "GetSystemInfo",
2997. "address": "0x48f194"
2998. },
2999. {
3000. "name": "FreeLibrary",
3001. "address": "0x48f198"
3002. },
3003. {
3004. "name": "LoadLibraryA",
3005. "address": "0x48f19c"
3006. },
3007. {
3008. "name": "GetProcAddress",
3009. "address": "0x48f1a0"
3010. },
3011. {
3012. "name": "SetErrorMode",
3013. "address": "0x48f1a4"
3014. },
3015. {
3016. "name": "GetModuleFileNameW",
3017. "address": "0x48f1a8"
3018. },
3019. {
3020. "name": "WideCharToMultiByte",
3021. "address": "0x48f1ac"
3022. },
3023. {
3024. "name": "lstrcpyW",
3025. "address": "0x48f1b0"
3026. },
3027. {
3028. "name": "lstrlenW",
3029. "address": "0x48f1b4"
3030. },
3031. {
3032. "name": "GetModuleHandleW",
3033. "address": "0x48f1b8"
3034. },
3035. {
3036. "name": "QueryPerformanceCounter",
3037. "address": "0x48f1bc"
3038. },
3039. {
3040. "name": "VirtualFreeEx",
3041. "address": "0x48f1c0"
3042. },
3043. {
3044. "name": "OpenProcess",
3045. "address": "0x48f1c4"
3046. },
3047. {
3048. "name": "VirtualAllocEx",
3049. "address": "0x48f1c8"
3050. },
3051. {
3052. "name": "WriteProcessMemory",
3053. "address": "0x48f1cc"
3054. },
3055. {
3056. "name": "ReadProcessMemory",
3057. "address": "0x48f1d0"
3058. },
3059. {
3060. "name": "CreateFileW",
3061. "address": "0x48f1d4"
3062. },
3063. {
3064. "name": "SetFilePointerEx",
3065. "address": "0x48f1d8"
3066. },
3067. {
3068. "name": "SetEndOfFile",
3069. "address": "0x48f1dc"
3070. },
3071. {
3072. "name": "ReadFile",
3073. "address": "0x48f1e0"
3074. },
3075. {
3076. "name": "WriteFile",
3077. "address": "0x48f1e4"
3078. },
3079. {
3080. "name": "FlushFileBuffers",
3081. "address": "0x48f1e8"
3082. },
3083. {
3084. "name": "TerminateProcess",
3085. "address": "0x48f1ec"
3086. },
3087. {
3088. "name": "CreateToolhelp32Snapshot",
3089. "address": "0x48f1f0"
3090. },
3091. {
3092. "name": "Process32FirstW",
3093. "address": "0x48f1f4"
3094. },
3095. {
3096. "name": "Process32NextW",
3097. "address": "0x48f1f8"
3098. },
3099. {
3100. "name": "SetFileTime",
3101. "address": "0x48f1fc"
3102. },
3103. {
3104. "name": "GetFileAttributesW",
3105. "address": "0x48f200"
3106. },
3107. {
3108. "name": "FindFirstFileW",
3109. "address": "0x48f204"
3110. },
3111. {
3112. "name": "SetCurrentDirectoryW",
3113. "address": "0x48f208"
3114. },
3115. {
3116. "name": "GetLongPathNameW",
3117. "address": "0x48f20c"
3118. },
3119. {
3120. "name": "GetShortPathNameW",
3121. "address": "0x48f210"
3122. },
3123. {
3124. "name": "DeleteFileW",
3125. "address": "0x48f214"
3126. },
3127. {
3128. "name": "FindNextFileW",
3129. "address": "0x48f218"
3130. },
3131. {
3132. "name": "CopyFileExW",
3133. "address": "0x48f21c"
3134. },
3135. {
3136. "name": "MoveFileW",
3137. "address": "0x48f220"
3138. },
3139. {
3140. "name": "CreateDirectoryW",
3141. "address": "0x48f224"
3142. },
3143. {
3144. "name": "RemoveDirectoryW",
3145. "address": "0x48f228"
3146. },
3147. {
3148. "name": "SetSystemPowerState",
3149. "address": "0x48f22c"
3150. },
3151. {
3152. "name": "QueryPerformanceFrequency",
3153. "address": "0x48f230"
3154. },
3155. {
3156. "name": "FindResourceW",
3157. "address": "0x48f234"
3158. },
3159. {
3160. "name": "LoadResource",
3161. "address": "0x48f238"
3162. },
3163. {
3164. "name": "LockResource",
3165. "address": "0x48f23c"
3166. },
3167. {
3168. "name": "SizeofResource",
3169. "address": "0x48f240"
3170. },
3171. {
3172. "name": "EnumResourceNamesW",
3173. "address": "0x48f244"
3174. },
3175. {
3176. "name": "OutputDebugStringW",
3177. "address": "0x48f248"
3178. },
3179. {
3180. "name": "GetTempPathW",
3181. "address": "0x48f24c"
3182. },
3183. {
3184. "name": "GetTempFileNameW",
3185. "address": "0x48f250"
3186. },
3187. {
3188. "name": "DeviceIoControl",
3189. "address": "0x48f254"
3190. },
3191. {
3192. "name": "GetLocalTime",
3193. "address": "0x48f258"
3194. },
3195. {
3196. "name": "CompareStringW",
3197. "address": "0x48f25c"
3198. },
3199. {
3200. "name": "GetCurrentProcess",
3201. "address": "0x48f260"
3202. },
3203. {
3204. "name": "EnterCriticalSection",
3205. "address": "0x48f264"
3206. },
3207. {
3208. "name": "LeaveCriticalSection",
3209. "address": "0x48f268"
3210. },
3211. {
3212. "name": "GetStdHandle",
3213. "address": "0x48f26c"
3214. },
3215. {
3216. "name": "CreatePipe",
3217. "address": "0x48f270"
3218. },
3219. {
3220. "name": "InterlockedExchange",
3221. "address": "0x48f274"
3222. },
3223. {
3224. "name": "TerminateThread",
3225. "address": "0x48f278"
3226. },
3227. {
3228. "name": "LoadLibraryExW",
3229. "address": "0x48f27c"
3230. },
3231. {
3232. "name": "FindResourceExW",
3233. "address": "0x48f280"
3234. },
3235. {
3236. "name": "CopyFileW",
3237. "address": "0x48f284"
3238. },
3239. {
3240. "name": "VirtualFree",
3241. "address": "0x48f288"
3242. },
3243. {
3244. "name": "FormatMessageW",
3245. "address": "0x48f28c"
3246. },
3247. {
3248. "name": "GetExitCodeProcess",
3249. "address": "0x48f290"
3250. },
3251. {
3252. "name": "GetPrivateProfileStringW",
3253. "address": "0x48f294"
3254. },
3255. {
3256. "name": "WritePrivateProfileStringW",
3257. "address": "0x48f298"
3258. },
3259. {
3260. "name": "GetPrivateProfileSectionW",
3261. "address": "0x48f29c"
3262. },
3263. {
3264. "name": "WritePrivateProfileSectionW",
3265. "address": "0x48f2a0"
3266. },
3267. {
3268. "name": "GetPrivateProfileSectionNamesW",
3269. "address": "0x48f2a4"
3270. },
3271. {
3272. "name": "FileTimeToLocalFileTime",
3273. "address": "0x48f2a8"
3274. },
3275. {
3276. "name": "FileTimeToSystemTime",
3277. "address": "0x48f2ac"
3278. },
3279. {
3280. "name": "SystemTimeToFileTime",
3281. "address": "0x48f2b0"
3282. },
3283. {
3284. "name": "LocalFileTimeToFileTime",
3285. "address": "0x48f2b4"
3286. },
3287. {
3288. "name": "GetDriveTypeW",
3289. "address": "0x48f2b8"
3290. },
3291. {
3292. "name": "GetDiskFreeSpaceExW",
3293. "address": "0x48f2bc"
3294. },
3295. {
3296. "name": "GetDiskFreeSpaceW",
3297. "address": "0x48f2c0"
3298. },
3299. {
3300. "name": "GetVolumeInformationW",
3301. "address": "0x48f2c4"
3302. },
3303. {
3304. "name": "SetVolumeLabelW",
3305. "address": "0x48f2c8"
3306. },
3307. {
3308. "name": "CreateHardLinkW",
3309. "address": "0x48f2cc"
3310. },
3311. {
3312. "name": "SetFileAttributesW",
3313. "address": "0x48f2d0"
3314. },
3315. {
3316. "name": "CreateEventW",
3317. "address": "0x48f2d4"
3318. },
3319. {
3320. "name": "SetEvent",
3321. "address": "0x48f2d8"
3322. },
3323. {
3324. "name": "GetEnvironmentVariableW",
3325. "address": "0x48f2dc"
3326. },
3327. {
3328. "name": "SetEnvironmentVariableW",
3329. "address": "0x48f2e0"
3330. },
3331. {
3332. "name": "GlobalLock",
3333. "address": "0x48f2e4"
3334. },
3335. {
3336. "name": "GlobalUnlock",
3337. "address": "0x48f2e8"
3338. },
3339. {
3340. "name": "GlobalAlloc",
3341. "address": "0x48f2ec"
3342. },
3343. {
3344. "name": "GetFileSize",
3345. "address": "0x48f2f0"
3346. },
3347. {
3348. "name": "GlobalFree",
3349. "address": "0x48f2f4"
3350. },
3351. {
3352. "name": "GlobalMemoryStatusEx",
3353. "address": "0x48f2f8"
3354. },
3355. {
3356. "name": "Beep",
3357. "address": "0x48f2fc"
3358. },
3359. {
3360. "name": "GetSystemDirectoryW",
3361. "address": "0x48f300"
3362. },
3363. {
3364. "name": "HeapReAlloc",
3365. "address": "0x48f304"
3366. },
3367. {
3368. "name": "HeapSize",
3369. "address": "0x48f308"
3370. },
3371. {
3372. "name": "GetComputerNameW",
3373. "address": "0x48f30c"
3374. },
3375. {
3376. "name": "GetWindowsDirectoryW",
3377. "address": "0x48f310"
3378. },
3379. {
3380. "name": "GetCurrentProcessId",
3381. "address": "0x48f314"
3382. },
3383. {
3384. "name": "GetProcessIoCounters",
3385. "address": "0x48f318"
3386. },
3387. {
3388. "name": "CreateProcessW",
3389. "address": "0x48f31c"
3390. },
3391. {
3392. "name": "GetProcessId",
3393. "address": "0x48f320"
3394. },
3395. {
3396. "name": "SetPriorityClass",
3397. "address": "0x48f324"
3398. },
3399. {
3400. "name": "LoadLibraryW",
3401. "address": "0x48f328"
3402. },
3403. {
3404. "name": "VirtualAlloc",
3405. "address": "0x48f32c"
3406. },
3407. {
3408. "name": "IsDebuggerPresent",
3409. "address": "0x48f330"
3410. },
3411. {
3412. "name": "GetCurrentDirectoryW",
3413. "address": "0x48f334"
3414. },
3415. {
3416. "name": "lstrcmpiW",
3417. "address": "0x48f338"
3418. },
3419. {
3420. "name": "DecodePointer",
3421. "address": "0x48f33c"
3422. },
3423. {
3424. "name": "GetLastError",
3425. "address": "0x48f340"
3426. },
3427. {
3428. "name": "RaiseException",
3429. "address": "0x48f344"
3430. },
3431. {
3432. "name": "InitializeCriticalSectionAndSpinCount",
3433. "address": "0x48f348"
3434. },
3435. {
3436. "name": "DeleteCriticalSection",
3437. "address": "0x48f34c"
3438. },
3439. {
3440. "name": "InterlockedDecrement",
3441. "address": "0x48f350"
3442. },
3443. {
3444. "name": "InterlockedIncrement",
3445. "address": "0x48f354"
3446. },
3447. {
3448. "name": "GetCurrentThread",
3449. "address": "0x48f358"
3450. },
3451. {
3452. "name": "CloseHandle",
3453. "address": "0x48f35c"
3454. },
3455. {
3456. "name": "GetFullPathNameW",
3457. "address": "0x48f360"
3458. },
3459. {
3460. "name": "EncodePointer",
3461. "address": "0x48f364"
3462. },
3463. {
3464. "name": "ExitProcess",
3465. "address": "0x48f368"
3466. },
3467. {
3468. "name": "GetModuleHandleExW",
3469. "address": "0x48f36c"
3470. },
3471. {
3472. "name": "ExitThread",
3473. "address": "0x48f370"
3474. },
3475. {
3476. "name": "GetSystemTimeAsFileTime",
3477. "address": "0x48f374"
3478. },
3479. {
3480. "name": "ResumeThread",
3481. "address": "0x48f378"
3482. },
3483. {
3484. "name": "GetCommandLineW",
3485. "address": "0x48f37c"
3486. },
3487. {
3488. "name": "IsProcessorFeaturePresent",
3489. "address": "0x48f380"
3490. },
3491. {
3492. "name": "IsValidCodePage",
3493. "address": "0x48f384"
3494. },
3495. {
3496. "name": "GetACP",
3497. "address": "0x48f388"
3498. },
3499. {
3500. "name": "GetOEMCP",
3501. "address": "0x48f38c"
3502. },
3503. {
3504. "name": "GetCPInfo",
3505. "address": "0x48f390"
3506. },
3507. {
3508. "name": "SetLastError",
3509. "address": "0x48f394"
3510. },
3511. {
3512. "name": "UnhandledExceptionFilter",
3513. "address": "0x48f398"
3514. },
3515. {
3516. "name": "SetUnhandledExceptionFilter",
3517. "address": "0x48f39c"
3518. },
3519. {
3520. "name": "TlsAlloc",
3521. "address": "0x48f3a0"
3522. },
3523. {
3524. "name": "TlsGetValue",
3525. "address": "0x48f3a4"
3526. },
3527. {
3528. "name": "TlsSetValue",
3529. "address": "0x48f3a8"
3530. },
3531. {
3532. "name": "TlsFree",
3533. "address": "0x48f3ac"
3534. },
3535. {
3536. "name": "GetStartupInfoW",
3537. "address": "0x48f3b0"
3538. },
3539. {
3540. "name": "GetStringTypeW",
3541. "address": "0x48f3b4"
3542. },
3543. {
3544. "name": "SetStdHandle",
3545. "address": "0x48f3b8"
3546. },
3547. {
3548. "name": "GetFileType",
3549. "address": "0x48f3bc"
3550. },
3551. {
3552. "name": "GetConsoleCP",
3553. "address": "0x48f3c0"
3554. },
3555. {
3556. "name": "GetConsoleMode",
3557. "address": "0x48f3c4"
3558. },
3559. {
3560. "name": "RtlUnwind",
3561. "address": "0x48f3c8"
3562. },
3563. {
3564. "name": "ReadConsoleW",
3565. "address": "0x48f3cc"
3566. },
3567. {
3568. "name": "GetTimeZoneInformation",
3569. "address": "0x48f3d0"
3570. },
3571. {
3572. "name": "GetDateFormatW",
3573. "address": "0x48f3d4"
3574. },
3575. {
3576. "name": "GetTimeFormatW",
3577. "address": "0x48f3d8"
3578. },
3579. {
3580. "name": "LCMapStringW",
3581. "address": "0x48f3dc"
3582. },
3583. {
3584. "name": "GetEnvironmentStringsW",
3585. "address": "0x48f3e0"
3586. },
3587. {
3588. "name": "FreeEnvironmentStringsW",
3589. "address": "0x48f3e4"
3590. },
3591. {
3592. "name": "WriteConsoleW",
3593. "address": "0x48f3e8"
3594. },
3595. {
3596. "name": "FindClose",
3597. "address": "0x48f3ec"
3598. },
3599. {
3600. "name": "SetEnvironmentVariableA",
3601. "address": "0x48f3f0"
3602. }
3603. ],
3604. "dll": "KERNEL32.dll"
3605. },
3606. {
3607. "imports": [
3608. {
3609. "name": "AdjustWindowRectEx",
3610. "address": "0x48f4cc"
3611. },
3612. {
3613. "name": "CopyImage",
3614. "address": "0x48f4d0"
3615. },
3616. {
3617. "name": "SetWindowPos",
3618. "address": "0x48f4d4"
3619. },
3620. {
3621. "name": "GetCursorInfo",
3622. "address": "0x48f4d8"
3623. },
3624. {
3625. "name": "RegisterHotKey",
3626. "address": "0x48f4dc"
3627. },
3628. {
3629. "name": "ClientToScreen",
3630. "address": "0x48f4e0"
3631. },
3632. {
3633. "name": "GetKeyboardLayoutNameW",
3634. "address": "0x48f4e4"
3635. },
3636. {
3637. "name": "IsCharAlphaW",
3638. "address": "0x48f4e8"
3639. },
3640. {
3641. "name": "IsCharAlphaNumericW",
3642. "address": "0x48f4ec"
3643. },
3644. {
3645. "name": "IsCharLowerW",
3646. "address": "0x48f4f0"
3647. },
3648. {
3649. "name": "IsCharUpperW",
3650. "address": "0x48f4f4"
3651. },
3652. {
3653. "name": "GetMenuStringW",
3654. "address": "0x48f4f8"
3655. },
3656. {
3657. "name": "GetSubMenu",
3658. "address": "0x48f4fc"
3659. },
3660. {
3661. "name": "GetCaretPos",
3662. "address": "0x48f500"
3663. },
3664. {
3665. "name": "IsZoomed",
3666. "address": "0x48f504"
3667. },
3668. {
3669. "name": "MonitorFromPoint",
3670. "address": "0x48f508"
3671. },
3672. {
3673. "name": "GetMonitorInfoW",
3674. "address": "0x48f50c"
3675. },
3676. {
3677. "name": "SetWindowLongW",
3678. "address": "0x48f510"
3679. },
3680. {
3681. "name": "SetLayeredWindowAttributes",
3682. "address": "0x48f514"
3683. },
3684. {
3685. "name": "FlashWindow",
3686. "address": "0x48f518"
3687. },
3688. {
3689. "name": "GetClassLongW",
3690. "address": "0x48f51c"
3691. },
3692. {
3693. "name": "TranslateAcceleratorW",
3694. "address": "0x48f520"
3695. },
3696. {
3697. "name": "IsDialogMessageW",
3698. "address": "0x48f524"
3699. },
3700. {
3701. "name": "GetSysColor",
3702. "address": "0x48f528"
3703. },
3704. {
3705. "name": "InflateRect",
3706. "address": "0x48f52c"
3707. },
3708. {
3709. "name": "DrawFocusRect",
3710. "address": "0x48f530"
3711. },
3712. {
3713. "name": "DrawTextW",
3714. "address": "0x48f534"
3715. },
3716. {
3717. "name": "FrameRect",
3718. "address": "0x48f538"
3719. },
3720. {
3721. "name": "DrawFrameControl",
3722. "address": "0x48f53c"
3723. },
3724. {
3725. "name": "FillRect",
3726. "address": "0x48f540"
3727. },
3728. {
3729. "name": "PtInRect",
3730. "address": "0x48f544"
3731. },
3732. {
3733. "name": "DestroyAcceleratorTable",
3734. "address": "0x48f548"
3735. },
3736. {
3737. "name": "CreateAcceleratorTableW",
3738. "address": "0x48f54c"
3739. },
3740. {
3741. "name": "SetCursor",
3742. "address": "0x48f550"
3743. },
3744. {
3745. "name": "GetWindowDC",
3746. "address": "0x48f554"
3747. },
3748. {
3749. "name": "GetSystemMetrics",
3750. "address": "0x48f558"
3751. },
3752. {
3753. "name": "GetActiveWindow",
3754. "address": "0x48f55c"
3755. },
3756. {
3757. "name": "CharNextW",
3758. "address": "0x48f560"
3759. },
3760. {
3761. "name": "wsprintfW",
3762. "address": "0x48f564"
3763. },
3764. {
3765. "name": "RedrawWindow",
3766. "address": "0x48f568"
3767. },
3768. {
3769. "name": "DrawMenuBar",
3770. "address": "0x48f56c"
3771. },
3772. {
3773. "name": "DestroyMenu",
3774. "address": "0x48f570"
3775. },
3776. {
3777. "name": "SetMenu",
3778. "address": "0x48f574"
3779. },
3780. {
3781. "name": "GetWindowTextLengthW",
3782. "address": "0x48f578"
3783. },
3784. {
3785. "name": "CreateMenu",
3786. "address": "0x48f57c"
3787. },
3788. {
3789. "name": "IsDlgButtonChecked",
3790. "address": "0x48f580"
3791. },
3792. {
3793. "name": "DefDlgProcW",
3794. "address": "0x48f584"
3795. },
3796. {
3797. "name": "CallWindowProcW",
3798. "address": "0x48f588"
3799. },
3800. {
3801. "name": "ReleaseCapture",
3802. "address": "0x48f58c"
3803. },
3804. {
3805. "name": "SetCapture",
3806. "address": "0x48f590"
3807. },
3808. {
3809. "name": "CreateIconFromResourceEx",
3810. "address": "0x48f594"
3811. },
3812. {
3813. "name": "mouse_event",
3814. "address": "0x48f598"
3815. },
3816. {
3817. "name": "ExitWindowsEx",
3818. "address": "0x48f59c"
3819. },
3820. {
3821. "name": "SetActiveWindow",
3822. "address": "0x48f5a0"
3823. },
3824. {
3825. "name": "FindWindowExW",
3826. "address": "0x48f5a4"
3827. },
3828. {
3829. "name": "EnumThreadWindows",
3830. "address": "0x48f5a8"
3831. },
3832. {
3833. "name": "SetMenuDefaultItem",
3834. "address": "0x48f5ac"
3835. },
3836. {
3837. "name": "InsertMenuItemW",
3838. "address": "0x48f5b0"
3839. },
3840. {
3841. "name": "IsMenu",
3842. "address": "0x48f5b4"
3843. },
3844. {
3845. "name": "TrackPopupMenuEx",
3846. "address": "0x48f5b8"
3847. },
3848. {
3849. "name": "GetCursorPos",
3850. "address": "0x48f5bc"
3851. },
3852. {
3853. "name": "DeleteMenu",
3854. "address": "0x48f5c0"
3855. },
3856. {
3857. "name": "SetRect",
3858. "address": "0x48f5c4"
3859. },
3860. {
3861. "name": "GetMenuItemID",
3862. "address": "0x48f5c8"
3863. },
3864. {
3865. "name": "GetMenuItemCount",
3866. "address": "0x48f5cc"
3867. },
3868. {
3869. "name": "SetMenuItemInfoW",
3870. "address": "0x48f5d0"
3871. },
3872. {
3873. "name": "GetMenuItemInfoW",
3874. "address": "0x48f5d4"
3875. },
3876. {
3877. "name": "SetForegroundWindow",
3878. "address": "0x48f5d8"
3879. },
3880. {
3881. "name": "IsIconic",
3882. "address": "0x48f5dc"
3883. },
3884. {
3885. "name": "FindWindowW",
3886. "address": "0x48f5e0"
3887. },
3888. {
3889. "name": "MonitorFromRect",
3890. "address": "0x48f5e4"
3891. },
3892. {
3893. "name": "keybd_event",
3894. "address": "0x48f5e8"
3895. },
3896. {
3897. "name": "SendInput",
3898. "address": "0x48f5ec"
3899. },
3900. {
3901. "name": "GetAsyncKeyState",
3902. "address": "0x48f5f0"
3903. },
3904. {
3905. "name": "SetKeyboardState",
3906. "address": "0x48f5f4"
3907. },
3908. {
3909. "name": "GetKeyboardState",
3910. "address": "0x48f5f8"
3911. },
3912. {
3913. "name": "GetKeyState",
3914. "address": "0x48f5fc"
3915. },
3916. {
3917. "name": "VkKeyScanW",
3918. "address": "0x48f600"
3919. },
3920. {
3921. "name": "LoadStringW",
3922. "address": "0x48f604"
3923. },
3924. {
3925. "name": "DialogBoxParamW",
3926. "address": "0x48f608"
3927. },
3928. {
3929. "name": "MessageBeep",
3930. "address": "0x48f60c"
3931. },
3932. {
3933. "name": "EndDialog",
3934. "address": "0x48f610"
3935. },
3936. {
3937. "name": "SendDlgItemMessageW",
3938. "address": "0x48f614"
3939. },
3940. {
3941. "name": "GetDlgItem",
3942. "address": "0x48f618"
3943. },
3944. {
3945. "name": "SetWindowTextW",
3946. "address": "0x48f61c"
3947. },
3948. {
3949. "name": "CopyRect",
3950. "address": "0x48f620"
3951. },
3952. {
3953. "name": "ReleaseDC",
3954. "address": "0x48f624"
3955. },
3956. {
3957. "name": "GetDC",
3958. "address": "0x48f628"
3959. },
3960. {
3961. "name": "EndPaint",
3962. "address": "0x48f62c"
3963. },
3964. {
3965. "name": "BeginPaint",
3966. "address": "0x48f630"
3967. },
3968. {
3969. "name": "GetClientRect",
3970. "address": "0x48f634"
3971. },
3972. {
3973. "name": "GetMenu",
3974. "address": "0x48f638"
3975. },
3976. {
3977. "name": "DestroyWindow",
3978. "address": "0x48f63c"
3979. },
3980. {
3981. "name": "EnumWindows",
3982. "address": "0x48f640"
3983. },
3984. {
3985. "name": "GetDesktopWindow",
3986. "address": "0x48f644"
3987. },
3988. {
3989. "name": "IsWindow",
3990. "address": "0x48f648"
3991. },
3992. {
3993. "name": "IsWindowEnabled",
3994. "address": "0x48f64c"
3995. },
3996. {
3997. "name": "IsWindowVisible",
3998. "address": "0x48f650"
3999. },
4000. {
4001. "name": "EnableWindow",
4002. "address": "0x48f654"
4003. },
4004. {
4005. "name": "InvalidateRect",
4006. "address": "0x48f658"
4007. },
4008. {
4009. "name": "GetWindowLongW",
4010. "address": "0x48f65c"
4011. },
4012. {
4013. "name": "GetWindowThreadProcessId",
4014. "address": "0x48f660"
4015. },
4016. {
4017. "name": "AttachThreadInput",
4018. "address": "0x48f664"
4019. },
4020. {
4021. "name": "GetFocus",
4022. "address": "0x48f668"
4023. },
4024. {
4025. "name": "GetWindowTextW",
4026. "address": "0x48f66c"
4027. },
4028. {
4029. "name": "ScreenToClient",
4030. "address": "0x48f670"
4031. },
4032. {
4033. "name": "SendMessageTimeoutW",
4034. "address": "0x48f674"
4035. },
4036. {
4037. "name": "EnumChildWindows",
4038. "address": "0x48f678"
4039. },
4040. {
4041. "name": "CharUpperBuffW",
4042. "address": "0x48f67c"
4043. },
4044. {
4045. "name": "GetParent",
4046. "address": "0x48f680"
4047. },
4048. {
4049. "name": "GetDlgCtrlID",
4050. "address": "0x48f684"
4051. },
4052. {
4053. "name": "SendMessageW",
4054. "address": "0x48f688"
4055. },
4056. {
4057. "name": "MapVirtualKeyW",
4058. "address": "0x48f68c"
4059. },
4060. {
4061. "name": "PostMessageW",
4062. "address": "0x48f690"
4063. },
4064. {
4065. "name": "GetWindowRect",
4066. "address": "0x48f694"
4067. },
4068. {
4069. "name": "SetUserObjectSecurity",
4070. "address": "0x48f698"
4071. },
4072. {
4073. "name": "CloseDesktop",
4074. "address": "0x48f69c"
4075. },
4076. {
4077. "name": "CloseWindowStation",
4078. "address": "0x48f6a0"
4079. },
4080. {
4081. "name": "OpenDesktopW",
4082. "address": "0x48f6a4"
4083. },
4084. {
4085. "name": "SetProcessWindowStation",
4086. "address": "0x48f6a8"
4087. },
4088. {
4089. "name": "GetProcessWindowStation",
4090. "address": "0x48f6ac"
4091. },
4092. {
4093. "name": "OpenWindowStationW",
4094. "address": "0x48f6b0"
4095. },
4096. {
4097. "name": "GetUserObjectSecurity",
4098. "address": "0x48f6b4"
4099. },
4100. {
4101. "name": "MessageBoxW",
4102. "address": "0x48f6b8"
4103. },
4104. {
4105. "name": "DefWindowProcW",
4106. "address": "0x48f6bc"
4107. },
4108. {
4109. "name": "SetClipboardData",
4110. "address": "0x48f6c0"
4111. },
4112. {
4113. "name": "EmptyClipboard",
4114. "address": "0x48f6c4"
4115. },
4116. {
4117. "name": "CountClipboardFormats",
4118. "address": "0x48f6c8"
4119. },
4120. {
4121. "name": "CloseClipboard",
4122. "address": "0x48f6cc"
4123. },
4124. {
4125. "name": "GetClipboardData",
4126. "address": "0x48f6d0"
4127. },
4128. {
4129. "name": "IsClipboardFormatAvailable",
4130. "address": "0x48f6d4"
4131. },
4132. {
4133. "name": "OpenClipboard",
4134. "address": "0x48f6d8"
4135. },
4136. {
4137. "name": "BlockInput",
4138. "address": "0x48f6dc"
4139. },
4140. {
4141. "name": "GetMessageW",
4142. "address": "0x48f6e0"
4143. },
4144. {
4145. "name": "LockWindowUpdate",
4146. "address": "0x48f6e4"
4147. },
4148. {
4149. "name": "DispatchMessageW",
4150. "address": "0x48f6e8"
4151. },
4152. {
4153. "name": "TranslateMessage",
4154. "address": "0x48f6ec"
4155. },
4156. {
4157. "name": "PeekMessageW",
4158. "address": "0x48f6f0"
4159. },
4160. {
4161. "name": "UnregisterHotKey",
4162. "address": "0x48f6f4"
4163. },
4164. {
4165. "name": "CheckMenuRadioItem",
4166. "address": "0x48f6f8"
4167. },
4168. {
4169. "name": "CharLowerBuffW",
4170. "address": "0x48f6fc"
4171. },
4172. {
4173. "name": "MoveWindow",
4174. "address": "0x48f700"
4175. },
4176. {
4177. "name": "SetFocus",
4178. "address": "0x48f704"
4179. },
4180. {
4181. "name": "PostQuitMessage",
4182. "address": "0x48f708"
4183. },
4184. {
4185. "name": "KillTimer",
4186. "address": "0x48f70c"
4187. },
4188. {
4189. "name": "CreatePopupMenu",
4190. "address": "0x48f710"
4191. },
4192. {
4193. "name": "RegisterWindowMessageW",
4194. "address": "0x48f714"
4195. },
4196. {
4197. "name": "SetTimer",
4198. "address": "0x48f718"
4199. },
4200. {
4201. "name": "ShowWindow",
4202. "address": "0x48f71c"
4203. },
4204. {
4205. "name": "CreateWindowExW",
4206. "address": "0x48f720"
4207. },
4208. {
4209. "name": "RegisterClassExW",
4210. "address": "0x48f724"
4211. },
4212. {
4213. "name": "LoadIconW",
4214. "address": "0x48f728"
4215. },
4216. {
4217. "name": "LoadCursorW",
4218. "address": "0x48f72c"
4219. },
4220. {
4221. "name": "GetSysColorBrush",
4222. "address": "0x48f730"
4223. },
4224. {
4225. "name": "GetForegroundWindow",
4226. "address": "0x48f734"
4227. },
4228. {
4229. "name": "MessageBoxA",
4230. "address": "0x48f738"
4231. },
4232. {
4233. "name": "DestroyIcon",
4234. "address": "0x48f73c"
4235. },
4236. {
4237. "name": "SystemParametersInfoW",
4238. "address": "0x48f740"
4239. },
4240. {
4241. "name": "LoadImageW",
4242. "address": "0x48f744"
4243. },
4244. {
4245. "name": "GetClassNameW",
4246. "address": "0x48f748"
4247. }
4248. ],
4249. "dll": "USER32.dll"
4250. },
4251. {
4252. "imports": [
4253. {
4254. "name": "StrokePath",
4255. "address": "0x48f0c4"
4256. },
4257. {
4258. "name": "DeleteObject",
4259. "address": "0x48f0c8"
4260. },
4261. {
4262. "name": "GetTextExtentPoint32W",
4263. "address": "0x48f0cc"
4264. },
4265. {
4266. "name": "ExtCreatePen",
4267. "address": "0x48f0d0"
4268. },
4269. {
4270. "name": "GetDeviceCaps",
4271. "address": "0x48f0d4"
4272. },
4273. {
4274. "name": "EndPath",
4275. "address": "0x48f0d8"
4276. },
4277. {
4278. "name": "SetPixel",
4279. "address": "0x48f0dc"
4280. },
4281. {
4282. "name": "CloseFigure",
4283. "address": "0x48f0e0"
4284. },
4285. {
4286. "name": "CreateCompatibleBitmap",
4287. "address": "0x48f0e4"
4288. },
4289. {
4290. "name": "CreateCompatibleDC",
4291. "address": "0x48f0e8"
4292. },
4293. {
4294. "name": "SelectObject",
4295. "address": "0x48f0ec"
4296. },
4297. {
4298. "name": "StretchBlt",
4299. "address": "0x48f0f0"
4300. },
4301. {
4302. "name": "GetDIBits",
4303. "address": "0x48f0f4"
4304. },
4305. {
4306. "name": "LineTo",
4307. "address": "0x48f0f8"
4308. },
4309. {
4310. "name": "AngleArc",
4311. "address": "0x48f0fc"
4312. },
4313. {
4314. "name": "MoveToEx",
4315. "address": "0x48f100"
4316. },
4317. {
4318. "name": "Ellipse",
4319. "address": "0x48f104"
4320. },
4321. {
4322. "name": "DeleteDC",
4323. "address": "0x48f108"
4324. },
4325. {
4326. "name": "GetPixel",
4327. "address": "0x48f10c"
4328. },
4329. {
4330. "name": "CreateDCW",
4331. "address": "0x48f110"
4332. },
4333. {
4334. "name": "GetStockObject",
4335. "address": "0x48f114"
4336. },
4337. {
4338. "name": "GetTextFaceW",
4339. "address": "0x48f118"
4340. },
4341. {
4342. "name": "CreateFontW",
4343. "address": "0x48f11c"
4344. },
4345. {
4346. "name": "SetTextColor",
4347. "address": "0x48f120"
4348. },
4349. {
4350. "name": "PolyDraw",
4351. "address": "0x48f124"
4352. },
4353. {
4354. "name": "BeginPath",
4355. "address": "0x48f128"
4356. },
4357. {
4358. "name": "Rectangle",
4359. "address": "0x48f12c"
4360. },
4361. {
4362. "name": "SetViewportOrgEx",
4363. "address": "0x48f130"
4364. },
4365. {
4366. "name": "GetObjectW",
4367. "address": "0x48f134"
4368. },
4369. {
4370. "name": "SetBkMode",
4371. "address": "0x48f138"
4372. },
4373. {
4374. "name": "RoundRect",
4375. "address": "0x48f13c"
4376. },
4377. {
4378. "name": "SetBkColor",
4379. "address": "0x48f140"
4380. },
4381. {
4382. "name": "CreatePen",
4383. "address": "0x48f144"
4384. },
4385. {
4386. "name": "CreateSolidBrush",
4387. "address": "0x48f148"
4388. },
4389. {
4390. "name": "StrokeAndFillPath",
4391. "address": "0x48f14c"
4392. }
4393. ],
4394. "dll": "GDI32.dll"
4395. },
4396. {
4397. "imports": [
4398. {
4399. "name": "GetOpenFileNameW",
4400. "address": "0x48f0b8"
4401. },
4402. {
4403. "name": "GetSaveFileNameW",
4404. "address": "0x48f0bc"
4405. }
4406. ],
4407. "dll": "COMDLG32.dll"
4408. },
4409. {
4410. "imports": [
4411. {
4412. "name": "GetAce",
4413. "address": "0x48f000"
4414. },
4415. {
4416. "name": "RegEnumValueW",
4417. "address": "0x48f004"
4418. },
4419. {
4420. "name": "RegDeleteValueW",
4421. "address": "0x48f008"
4422. },
4423. {
4424. "name": "RegDeleteKeyW",
4425. "address": "0x48f00c"
4426. },
4427. {
4428. "name": "RegEnumKeyExW",
4429. "address": "0x48f010"
4430. },
4431. {
4432. "name": "RegSetValueExW",
4433. "address": "0x48f014"
4434. },
4435. {
4436. "name": "RegOpenKeyExW",
4437. "address": "0x48f018"
4438. },
4439. {
4440. "name": "RegCloseKey",
4441. "address": "0x48f01c"
4442. },
4443. {
4444. "name": "RegQueryValueExW",
4445. "address": "0x48f020"
4446. },
4447. {
4448. "name": "RegConnectRegistryW",
4449. "address": "0x48f024"
4450. },
4451. {
4452. "name": "InitializeSecurityDescriptor",
4453. "address": "0x48f028"
4454. },
4455. {
4456. "name": "InitializeAcl",
4457. "address": "0x48f02c"
4458. },
4459. {
4460. "name": "AdjustTokenPrivileges",
4461. "address": "0x48f030"
4462. },
4463. {
4464. "name": "OpenThreadToken",
4465. "address": "0x48f034"
4466. },
4467. {
4468. "name": "OpenProcessToken",
4469. "address": "0x48f038"
4470. },
4471. {
4472. "name": "LookupPrivilegeValueW",
4473. "address": "0x48f03c"
4474. },
4475. {
4476. "name": "DuplicateTokenEx",
4477. "address": "0x48f040"
4478. },
4479. {
4480. "name": "CreateProcessAsUserW",
4481. "address": "0x48f044"
4482. },
4483. {
4484. "name": "CreateProcessWithLogonW",
4485. "address": "0x48f048"
4486. },
4487. {
4488. "name": "GetLengthSid",
4489. "address": "0x48f04c"
4490. },
4491. {
4492. "name": "CopySid",
4493. "address": "0x48f050"
4494. },
4495. {
4496. "name": "LogonUserW",
4497. "address": "0x48f054"
4498. },
4499. {
4500. "name": "AllocateAndInitializeSid",
4501. "address": "0x48f058"
4502. },
4503. {
4504. "name": "CheckTokenMembership",
4505. "address": "0x48f05c"
4506. },
4507. {
4508. "name": "RegCreateKeyExW",
4509. "address": "0x48f060"
4510. },
4511. {
4512. "name": "FreeSid",
4513. "address": "0x48f064"
4514. },
4515. {
4516. "name": "GetTokenInformation",
4517. "address": "0x48f068"
4518. },
4519. {
4520. "name": "GetSecurityDescriptorDacl",
4521. "address": "0x48f06c"
4522. },
4523. {
4524. "name": "GetAclInformation",
4525. "address": "0x48f070"
4526. },
4527. {
4528. "name": "AddAce",
4529. "address": "0x48f074"
4530. },
4531. {
4532. "name": "SetSecurityDescriptorDacl",
4533. "address": "0x48f078"
4534. },
4535. {
4536. "name": "GetUserNameW",
4537. "address": "0x48f07c"
4538. },
4539. {
4540. "name": "InitiateSystemShutdownExW",
4541. "address": "0x48f080"
4542. }
4543. ],
4544. "dll": "ADVAPI32.dll"
4545. },
4546. {
4547. "imports": [
4548. {
4549. "name": "DragQueryPoint",
4550. "address": "0x48f48c"
4551. },
4552. {
4553. "name": "ShellExecuteExW",
4554. "address": "0x48f490"
4555. },
4556. {
4557. "name": "DragQueryFileW",
4558. "address": "0x48f494"
4559. },
4560. {
4561. "name": "SHEmptyRecycleBinW",
4562. "address": "0x48f498"
4563. },
4564. {
4565. "name": "SHGetPathFromIDListW",
4566. "address": "0x48f49c"
4567. },
4568. {
4569. "name": "SHBrowseForFolderW",
4570. "address": "0x48f4a0"
4571. },
4572. {
4573. "name": "SHCreateShellItem",
4574. "address": "0x48f4a4"
4575. },
4576. {
4577. "name": "SHGetDesktopFolder",
4578. "address": "0x48f4a8"
4579. },
4580. {
4581. "name": "SHGetSpecialFolderLocation",
4582. "address": "0x48f4ac"
4583. },
4584. {
4585. "name": "SHGetFolderPathW",
4586. "address": "0x48f4b0"
4587. },
4588. {
4589. "name": "SHFileOperationW",
4590. "address": "0x48f4b4"
4591. },
4592. {
4593. "name": "ExtractIconExW",
4594. "address": "0x48f4b8"
4595. },
4596. {
4597. "name": "Shell_NotifyIconW",
4598. "address": "0x48f4bc"
4599. },
4600. {
4601. "name": "ShellExecuteW",
4602. "address": "0x48f4c0"
4603. },
4604. {
4605. "name": "DragFinish",
4606. "address": "0x48f4c4"
4607. }
4608. ],
4609. "dll": "SHELL32.dll"
4610. },
4611. {
4612. "imports": [
4613. {
4614. "name": "CoTaskMemAlloc",
4615. "address": "0x48f828"
4616. },
4617. {
4618. "name": "CoTaskMemFree",
4619. "address": "0x48f82c"
4620. },
4621. {
4622. "name": "CLSIDFromString",
4623. "address": "0x48f830"
4624. },
4625. {
4626. "name": "ProgIDFromCLSID",
4627. "address": "0x48f834"
4628. },
4629. {
4630. "name": "CLSIDFromProgID",
4631. "address": "0x48f838"
4632. },
4633. {
4634. "name": "OleSetMenuDescriptor",
4635. "address": "0x48f83c"
4636. },
4637. {
4638. "name": "MkParseDisplayName",
4639. "address": "0x48f840"
4640. },
4641. {
4642. "name": "OleSetContainedObject",
4643. "address": "0x48f844"
4644. },
4645. {
4646. "name": "CoCreateInstance",
4647. "address": "0x48f848"
4648. },
4649. {
4650. "name": "IIDFromString",
4651. "address": "0x48f84c"
4652. },
4653. {
4654. "name": "StringFromGUID2",
4655. "address": "0x48f850"
4656. },
4657. {
4658. "name": "CreateStreamOnHGlobal",
4659. "address": "0x48f854"
4660. },
4661. {
4662. "name": "OleInitialize",
4663. "address": "0x48f858"
4664. },
4665. {
4666. "name": "OleUninitialize",
4667. "address": "0x48f85c"
4668. },
4669. {
4670. "name": "CoInitialize",
4671. "address": "0x48f860"
4672. },
4673. {
4674. "name": "CoUninitialize",
4675. "address": "0x48f864"
4676. },
4677. {
4678. "name": "GetRunningObjectTable",
4679. "address": "0x48f868"
4680. },
4681. {
4682. "name": "CoGetInstanceFromFile",
4683. "address": "0x48f86c"
4684. },
4685. {
4686. "name": "CoGetObject",
4687. "address": "0x48f870"
4688. },
4689. {
4690. "name": "CoSetProxyBlanket",
4691. "address": "0x48f874"
4692. },
4693. {
4694. "name": "CoCreateInstanceEx",
4695. "address": "0x48f878"
4696. },
4697. {
4698. "name": "CoInitializeSecurity",
4699. "address": "0x48f87c"
4700. }
4701. ],
4702. "dll": "ole32.dll"
4703. },
4704. {
4705. "imports": [
4706. {
4707. "name": "LoadTypeLibEx",
4708. "address": "0x48f40c"
4709. },
4710. {
4711. "name": "VariantCopyInd",
4712. "address": "0x48f410"
4713. },
4714. {
4715. "name": "SysReAllocString",
4716. "address": "0x48f414"
4717. },
4718. {
4719. "name": "SysFreeString",
4720. "address": "0x48f418"
4721. },
4722. {
4723. "name": "SafeArrayDestroyDescriptor",
4724. "address": "0x48f41c"
4725. },
4726. {
4727. "name": "SafeArrayDestroyData",
4728. "address": "0x48f420"
4729. },
4730. {
4731. "name": "SafeArrayUnaccessData",
4732. "address": "0x48f424"
4733. },
4734. {
4735. "name": "SafeArrayAccessData",
4736. "address": "0x48f428"
4737. },
4738. {
4739. "name": "SafeArrayAllocData",
4740. "address": "0x48f42c"
4741. },
4742. {
4743. "name": "SafeArrayAllocDescriptorEx",
4744. "address": "0x48f430"
4745. },
4746. {
4747. "name": "SafeArrayCreateVector",
4748. "address": "0x48f434"
4749. },
4750. {
4751. "name": "RegisterTypeLib",
4752. "address": "0x48f438"
4753. },
4754. {
4755. "name": "CreateStdDispatch",
4756. "address": "0x48f43c"
4757. },
4758. {
4759. "name": "DispCallFunc",
4760. "address": "0x48f440"
4761. },
4762. {
4763. "name": "VariantChangeType",
4764. "address": "0x48f444"
4765. },
4766. {
4767. "name": "SysStringLen",
4768. "address": "0x48f448"
4769. },
4770. {
4771. "name": "VariantTimeToSystemTime",
4772. "address": "0x48f44c"
4773. },
4774. {
4775. "name": "VarR8FromDec",
4776. "address": "0x48f450"
4777. },
4778. {
4779. "name": "SafeArrayGetVartype",
4780. "address": "0x48f454"
4781. },
4782. {
4783. "name": "VariantCopy",
4784. "address": "0x48f458"
4785. },
4786. {
4787. "name": "VariantClear",
4788. "address": "0x48f45c"
4789. },
4790. {
4791. "name": "OleLoadPicture",
4792. "address": "0x48f460"
4793. },
4794. {
4795. "name": "QueryPathOfRegTypeLib",
4796. "address": "0x48f464"
4797. },
4798. {
4799. "name": "RegisterTypeLibForUser",
4800. "address": "0x48f468"
4801. },
4802. {
4803. "name": "UnRegisterTypeLibForUser",
4804. "address": "0x48f46c"
4805. },
4806. {
4807. "name": "UnRegisterTypeLib",
4808. "address": "0x48f470"
4809. },
4810. {
4811. "name": "CreateDispTypeInfo",
4812. "address": "0x48f474"
4813. },
4814. {
4815. "name": "SysAllocString",
4816. "address": "0x48f478"
4817. },
4818. {
4819. "name": "VariantInit",
4820. "address": "0x48f47c"
4821. }
4822. ],
4823. "dll": "OLEAUT32.dll"
4824. }
4825. ],
4826. "digital_signers": null,
4827. "exported_dll_name": null,
4828. "actual_checksum": "0x002ea2f1",
4829. "overlay": null,
4830. "imagebase": "0x00400000",
4831. "reported_checksum": "0x0012e1f1",
4832. "icon_hash": null,
4833. "entrypoint": "0x0042800a",
4834. "timestamp": "2019-06-17 10:36:41",
4835. "osversion": "5.1",
4836. "sections": [
4837. {
4838. "name": ".text",
4839. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4840. "virtual_address": "0x00001000",
4841. "size_of_data": "0x0008e000",
4842. "entropy": "6.68",
4843. "raw_address": "0x00000400",
4844. "virtual_size": "0x0008dfdd",
4845. "characteristics_raw": "0x60000020"
4846. },
4847. {
4848. "name": ".rdata",
4849. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
4850. "virtual_address": "0x0008f000",
4851. "size_of_data": "0x0002fe00",
4852. "entropy": "5.76",
4853. "raw_address": "0x0008e400",
4854. "virtual_size": "0x0002fd8e",
4855. "characteristics_raw": "0x40000040"
4856. },
4857. {
4858. "name": ".data",
4859. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4860. "virtual_address": "0x000bf000",
4861. "size_of_data": "0x00005200",
4862. "entropy": "1.20",
4863. "raw_address": "0x000be200",
4864. "virtual_size": "0x00008f74",
4865. "characteristics_raw": "0xc0000040"
4866. },
4867. {
4868. "name": ".rsrc",
4869. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
4870. "virtual_address": "0x000c8000",
4871. "size_of_data": "0x00212a00",
4872. "entropy": "6.49",
4873. "raw_address": "0x000c3400",
4874. "virtual_size": "0x00212970",
4875. "characteristics_raw": "0x40000040"
4876. },
4877. {
4878. "name": ".reloc",
4879. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
4880. "virtual_address": "0x002db000",
4881. "size_of_data": "0x00007200",
4882. "entropy": "6.78",
4883. "raw_address": "0x002d5e00",
4884. "virtual_size": "0x00007134",
4885. "characteristics_raw": "0x42000040"
4886. }
4887. ],
4888. "resources": [],
4889. "dirents": [
4890. {
4891. "virtual_address": "0x00000000",
4892. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
4893. "size": "0x00000000"
4894. },
4895. {
4896. "virtual_address": "0x000bc0cc",
4897. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
4898. "size": "0x0000017c"
4899. },
4900. {
4901. "virtual_address": "0x000c8000",
4902. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
4903. "size": "0x00212970"
4904. },
4905. {
4906. "virtual_address": "0x00000000",
4907. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
4908. "size": "0x00000000"
4909. },
4910. {
4911. "virtual_address": "0x00000000",
4912. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
4913. "size": "0x00000000"
4914. },
4915. {
4916. "virtual_address": "0x002db000",
4917. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
4918. "size": "0x00007134"
4919. },
4920. {
4921. "virtual_address": "0x00092bc0",
4922. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
4923. "size": "0x0000001c"
4924. },
4925. {
4926. "virtual_address": "0x00000000",
4927. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
4928. "size": "0x00000000"
4929. },
4930. {
4931. "virtual_address": "0x00000000",
4932. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
4933. "size": "0x00000000"
4934. },
4935. {
4936. "virtual_address": "0x00000000",
4937. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
4938. "size": "0x00000000"
4939. },
4940. {
4941. "virtual_address": "0x000a4b50",
4942. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
4943. "size": "0x00000040"
4944. },
4945. {
4946. "virtual_address": "0x00000000",
4947. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
4948. "size": "0x00000000"
4949. },
4950. {
4951. "virtual_address": "0x0008f000",
4952. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
4953. "size": "0x00000884"
4954. },
4955. {
4956. "virtual_address": "0x00000000",
4957. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
4958. "size": "0x00000000"
4959. },
4960. {
4961. "virtual_address": "0x00000000",
4962. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
4963. "size": "0x00000000"
4964. },
4965. {
4966. "virtual_address": "0x00000000",
4967. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
4968. "size": "0x00000000"
4969. }
4970. ],
4971. "exports": [],
4972. "guest_signers": {},
4973. "imphash": "afcdf79be1557326c854b6e20cb900a7",
4974. "icon_fuzzy": null,
4975. "icon": null,
4976. "pdbpath": null,
4977. "imported_dll_count": 18,
4978. "versioninfo": []
4979. }
4980. }