tikk_2019-06-26_09_30.json

1.  
2. [*] MalFamily: "Malicious"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "tikk"
7. [*] File Size: 816640
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "a89166940819a9d31ad334920a64ea4f5a75a38d8823c3676861411a2b00fb3a"
10. [*] MD5: "d4effba12e013a3c2428d99d9bb75e77"
11. [*] SHA1: "55d5d8da8c5b8493e3484a9108463caa1883b82a"
12. [*] SHA512: "63a015f408c5f1435bad6c4a0625a2dc24be9df87e3392568c01f41c39d8d6dcbfa971be5d4a6bdda4ee287591261fd3d39174203fd0d95ce74713b383e23cbc"
13. [*] CRC32: "0BB8E496"
14. [*] SSDEEP: "12288:9MnlidvN1rCQFC53qWagQ3nbA8LxMMqB8EB5Xr/84lVHm:9mQFzDFCRUg2VxEB8G9rE43m"
15.  
16. [*] Process Execution: [
17. "tikk.exe",
18. "rdshs.exe",
19. "rdshs.exe",
20. "services.exe",
21. "svchost.exe",
22. "WmiPrvSE.exe",
23. "svchost.exe",
24. "lsass.exe",
25. "taskhost.exe",
26. "sc.exe",
27. "svchost.exe",
28. "svchost.exe",
29. "WerFault.exe",
30. "wermgr.exe"
31. ]
32.  
33. [*] Signatures Detected: [
34. {
35. "Description": "At least one process apparently crashed during execution",
36. "Details": []
37. },
38. {
39. "Description": "Creates RWX memory",
40. "Details": []
41. },
42. {
43. "Description": "A process attempted to delay the analysis task.",
44. "Details": [
45. {
46. "Process": "rdshs.exe tried to sleep 520 seconds, actually delayed analysis time by 0 seconds"
47. }
48. ]
49. },
50. {
51. "Description": "Drops a binary and executes it",
52. "Details": [
53. {
54. "binary": "C:\\Users\\user\\AppData\\Roaming\\ndyrgh\\rdshs.exe"
55. }
56. ]
57. },
58. {
59. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
60. "Details": [
61. {
62. "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
63. },
64. {
65. "suspicious_request": "http://checkip.amazonaws.com/"
66. }
67. ]
68. },
69. {
70. "Description": "Performs some HTTP requests",
71. "Details": [
72. {
73. "url": "http://checkip.amazonaws.com/"
74. }
75. ]
76. },
77. {
78. "Description": "The binary likely contains encrypted or compressed data.",
79. "Details": [
80. {
81. "section": "name: .rsrc, entropy: 6.96, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x00052000, virtual_size: 0x00051f50"
82. }
83. ]
84. },
85. {
86. "Description": "Executed a process and injected code into it, probably while unpacking",
87. "Details": [
88. {
89. "Injection": "rdshs.exe(1536) -> rdshs.exe(2732)"
90. }
91. ]
92. },
93. {
94. "Description": "Attempts to restart the guest VM",
95. "Details": []
96. },
97. {
98. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
99. "Details": [
100. {
101. "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 9335881 times"
102. }
103. ]
104. },
105. {
106. "Description": "Steals private information from local Internet browsers",
107. "Details": [
108. {
109. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
110. }
111. ]
112. },
113. {
114. "Description": "Installs itself for autorun at Windows startup",
115. "Details": [
116. {
117. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ndyrgh.vbs"
118. },
119. {
120. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ndyrgh.vbs"
121. }
122. ]
123. },
124. {
125. "Description": "Retrieves Windows ProductID, probably to fingerprint the sandbox",
126. "Details": []
127. },
128. {
129. "Description": "File has been identified by 24 Antiviruses on VirusTotal as malicious",
130. "Details": [
131. {
132. "FireEye": "Generic.mg.d4effba12e013a3c"
133. },
134. {
135. "McAfee": "Artemis!D4EFFBA12E01"
136. },
137. {
138. "Alibaba": "TrojanSpy:Application/Generic.640fd9b1"
139. },
140. {
141. "Invincea": "heuristic"
142. },
143. {
144. "APEX": "Malicious"
145. },
146. {
147. "Paloalto": "generic.ml"
148. },
149. {
150. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
151. },
152. {
153. "AegisLab": "Trojan.Win32.Malicious.4!c"
154. },
155. {
156. "Tencent": "Win32.Trojan.Inject.Auto"
157. },
158. {
159. "TrendMicro": "TSPY_HPFAREIT.SMROX"
160. },
161. {
162. "McAfee-GW-Edition": "BehavesLike.Win32.Fareit.bh"
163. },
164. {
165. "Trapmine": "malicious.moderate.ml.score"
166. },
167. {
168. "Microsoft": "Trojan:Win32/Wacatac.B!ml"
169. },
170. {
171. "Endgame": "malicious (high confidence)"
172. },
173. {
174. "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
175. },
176. {
177. "AhnLab-V3": "Win-Trojan/Delphiless.Exp"
178. },
179. {
180. "Acronis": "suspicious"
181. },
182. {
183. "Cylance": "Unsafe"
184. },
185. {
186. "TrendMicro-HouseCall": "TSPY_HPFAREIT.SMROX"
187. },
188. {
189. "Rising": "Trojan.Injector!1.AFE3 (CLOUD)"
190. },
191. {
192. "Fortinet": "W32/HPFAREIT.SMROX!tr"
193. },
194. {
195. "Cybereason": "malicious.a8c5b8"
196. },
197. {
198. "CrowdStrike": "win/malicious_confidence_100% (W)"
199. },
200. {
201. "Qihoo-360": "HEUR/QVM05.1.1DDF.Malware.Gen"
202. }
203. ]
204. },
205. {
206. "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
207. "Details": []
208. },
209. {
210. "Description": "Checks the system manufacturer, likely for anti-virtualization",
211. "Details": []
212. },
213. {
214. "Description": "Creates a copy of itself",
215. "Details": [
216. {
217. "copy": "C:\\Users\\user\\AppData\\Roaming\\ndyrgh\\rdshs.exe"
218. }
219. ]
220. },
221. {
222. "Description": "Harvests credentials from local FTP client softwares",
223. "Details": [
224. {
225. "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
226. },
227. {
228. "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\"
229. },
230. {
231. "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml"
232. },
233. {
234. "file": "C:\\Users\\user\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini"
235. },
236. {
237. "file": "C:\\cftp\\Ftplist.txt"
238. },
239. {
240. "key": "HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites"
241. }
242. ]
243. },
244. {
245. "Description": "Harvests information related to installed mail clients",
246. "Details": [
247. {
248. "file": "C:\\Users\\user\\AppData\\Roaming\\Thunderbird\\profiles.ini"
249. },
250. {
251. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676"
252. },
253. {
254. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
255. },
256. {
257. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\SMTP Password"
258. },
259. {
260. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
261. },
262. {
263. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\HTTP Password"
264. },
265. {
266. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
267. },
268. {
269. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\HTTP Password"
270. },
271. {
272. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
273. },
274. {
275. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\POP3 Password"
276. },
277. {
278. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
279. },
280. {
281. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\SMTP Password"
282. },
283. {
284. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\IMAP Password"
285. },
286. {
287. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
288. },
289. {
290. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\IMAP Password"
291. },
292. {
293. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\POP3 Password"
294. },
295. {
296. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
297. }
298. ]
299. },
300. {
301. "Description": "Attempts to interact with an Alternate Data Stream (ADS)",
302. "Details": [
303. {
304. "file": "C:\\Users\\user\\AppData\\Roaming\\ndyrgh\\rdshs.exe:ZoneIdentifier"
305. }
306. ]
307. },
308. {
309. "Description": "Collects information to fingerprint the system",
310. "Details": []
311. },
312. {
313. "Description": "Anomalous binary characteristics",
314. "Details": [
315. {
316. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
317. }
318. ]
319. }
320. ]
321.  
322. [*] Started Service: [
323. "VaultSvc",
324. "WerSvc",
325. "W32Time"
326. ]
327.  
328. [*] Executed Commands: [
329. "\"C:\\Users\\user\\AppData\\Roaming\\ndyrgh\\rdshs.exe\"",
330. "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding",
331. "C:\\Windows\\system32\\lsass.exe",
332. "taskhost.exe $(Arg0)",
333. "C:\\Windows\\system32\\sc.exe start w32time task_started",
334. "C:\\Windows\\system32\\svchost.exe -k LocalService",
335. "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup",
336. "C:\\Windows\\system32\\WerFault.exe -u -p 2156 -s 288",
337. "\"C:\\Windows\\system32\\wermgr.exe\" \"-queuereporting_svc\" \"C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_e0bfc78dc22baf57413d9e3a2494cb68424d695b_cab_045c7e64\""
338. ]
339.  
340. [*] Mutexes: [
341. "Global\\CLR_CASOFF_MUTEX",
342. "Local\\_!MSFTHISTORY!_",
343. "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
344. "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
345. "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
346. "Global\\.net clr networking",
347. "Local\\WERReportingForProcess2156",
348. "Global\\\\xe5\\x88\\x90\\xc2\\x94",
349. "Global\\\\xe1\\x9f\\xa0\\xc7\\x95",
350. "WERUI_BEX64-e0bfc78dc22baf57413d9e3a2494cb68424d695b"
351. ]
352.  
353. [*] Modified Files: [
354. "C:\\Users\\user\\AppData\\Roaming\\ndyrgh\\rdshs.exe",
355. "C:\\Users\\user\\AppData\\Roaming\\ndyrgh\\rdshs.exe:ZoneIdentifier",
356. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ndyrgh.vbs",
357. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
358. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
359. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
360. "\\??\\PIPE\\samr",
361. "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
362. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
363. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
364. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
365. "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
366. "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
367. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
368. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
369. "\\??\\WMIDataDevice",
370. "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
371. "C:\\Windows\\sysnative\\LogFiles\\Scm\\7bbc503c-5977-4798-a4ae-61483a7e030d",
372. "C:\\Windows\\sysnative\\LogFiles\\Scm\\83241f60-ddc8-41d3-a9e4-657d682f6994",
373. "\\??\\PIPE\\lsarpc",
374. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERACAD.tmp.appcompat.txt",
375. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERCEAE.tmp.WERInternalMetadata.xml",
376. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERCEED.tmp.hdmp",
377. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERDF88.tmp.mdmp",
378. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_e0bfc78dc22baf57413d9e3a2494cb68424d695b_cab_045c7e64\\WERACAD.tmp.appcompat.txt",
379. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_e0bfc78dc22baf57413d9e3a2494cb68424d695b_cab_045c7e64\\WERCEAE.tmp.WERInternalMetadata.xml",
380. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_e0bfc78dc22baf57413d9e3a2494cb68424d695b_cab_045c7e64\\WERCEED.tmp.hdmp",
381. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_e0bfc78dc22baf57413d9e3a2494cb68424d695b_cab_045c7e64\\WERDF88.tmp.mdmp",
382. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_e0bfc78dc22baf57413d9e3a2494cb68424d695b_cab_045c7e64\\Report.wer",
383. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_e0bfc78dc22baf57413d9e3a2494cb68424d695b_cab_045c7e64\\Report.wer.tmp"
384. ]
385.  
386. [*] Deleted Files: [
387. "C:\\Users\\user\\AppData\\Roaming\\ndyrgh\\rdshs.exe",
388. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ndyrgh.vbs",
389. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERACAD.tmp",
390. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERACAD.tmp.appcompat.txt",
391. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERCEAE.tmp",
392. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERCEAE.tmp.WERInternalMetadata.xml",
393. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERCEED.tmp",
394. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERCEED.tmp.hdmp",
395. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERDF88.tmp",
396. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERDF88.tmp.mdmp",
397. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_e0bfc78dc22baf57413d9e3a2494cb68424d695b_cab_045c7e64\\Report.wer.tmp"
398. ]
399.  
400. [*] Modified Registry Keys: [
401. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\rdshs_RASAPI32",
402. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\rdshs_RASAPI32\\EnableFileTracing",
403. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\rdshs_RASAPI32\\EnableConsoleTracing",
404. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\rdshs_RASAPI32\\FileTracingMask",
405. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\rdshs_RASAPI32\\ConsoleTracingMask",
406. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\rdshs_RASAPI32\\MaxFileSize",
407. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\rdshs_RASAPI32\\FileDirectory",
408. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
409. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
410. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
411. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
412. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
413. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
414. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
415. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider",
416. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\Type",
417. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
418. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\TimeProviders\\NtpClient\\SpecialPollTimeRemaining",
419. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent",
420. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent\\DefaultConsent"
421. ]
422.  
423. [*] Deleted Registry Keys: []
424.  
425. [*] DNS Communications: [
426. {
427. "type": "A",
428. "request": "checkip.amazonaws.com",
429. "answers": [
430. {
431. "data": "52.206.161.133",
432. "type": "A"
433. },
434. {
435. "data": "52.200.125.74",
436. "type": "A"
437. },
438. {
439. "data": "checkip.check-ip.aws.a2z.com",
440. "type": "CNAME"
441. },
442. {
443. "data": "52.6.79.229",
444. "type": "A"
445. },
446. {
447. "data": "checkip.us-east-1.prod.check-ip.aws.a2z.com",
448. "type": "CNAME"
449. },
450. {
451. "data": "34.233.102.38",
452. "type": "A"
453. },
454. {
455. "data": "52.202.139.131",
456. "type": "A"
457. },
458. {
459. "data": "18.211.215.84",
460. "type": "A"
461. }
462. ]
463. }
464. ]
465.  
466. [*] Domains: [
467. {
468. "ip": "52.6.79.229",
469. "domain": "checkip.amazonaws.com"
470. }
471. ]
472.  
473. [*] Network Communication - ICMP: []
474.  
475. [*] Network Communication - HTTP: [
476. {
477. "count": 1,
478. "body": "",
479. "uri": "http://checkip.amazonaws.com/",
480. "user-agent": "",
481. "method": "GET",
482. "host": "checkip.amazonaws.com",
483. "version": "1.1",
484. "path": "/",
485. "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\nConnection: Keep-Alive\r\n\r\n",
486. "port": 80
487. }
488. ]
489.  
490. [*] Network Communication - SMTP: []
491.  
492. [*] Network Communication - Hosts: []
493.  
494. [*] Network Communication - IRC: []
495.  
496. [*] Static Analysis: {
497. "pe": {
498. "peid_signatures": null,
499. "imports": [
500. {
501. "imports": [
502. {
503. "name": "DeleteCriticalSection",
504. "address": "0x46f168"
505. },
506. {
507. "name": "LeaveCriticalSection",
508. "address": "0x46f16c"
509. },
510. {
511. "name": "EnterCriticalSection",
512. "address": "0x46f170"
513. },
514. {
515. "name": "InitializeCriticalSection",
516. "address": "0x46f174"
517. },
518. {
519. "name": "VirtualFree",
520. "address": "0x46f178"
521. },
522. {
523. "name": "VirtualAlloc",
524. "address": "0x46f17c"
525. },
526. {
527. "name": "LocalFree",
528. "address": "0x46f180"
529. },
530. {
531. "name": "LocalAlloc",
532. "address": "0x46f184"
533. },
534. {
535. "name": "GetVersion",
536. "address": "0x46f188"
537. },
538. {
539. "name": "GetCurrentThreadId",
540. "address": "0x46f18c"
541. },
542. {
543. "name": "InterlockedDecrement",
544. "address": "0x46f190"
545. },
546. {
547. "name": "InterlockedIncrement",
548. "address": "0x46f194"
549. },
550. {
551. "name": "VirtualQuery",
552. "address": "0x46f198"
553. },
554. {
555. "name": "WideCharToMultiByte",
556. "address": "0x46f19c"
557. },
558. {
559. "name": "MultiByteToWideChar",
560. "address": "0x46f1a0"
561. },
562. {
563. "name": "lstrlenA",
564. "address": "0x46f1a4"
565. },
566. {
567. "name": "lstrcpynA",
568. "address": "0x46f1a8"
569. },
570. {
571. "name": "LoadLibraryExA",
572. "address": "0x46f1ac"
573. },
574. {
575. "name": "GetThreadLocale",
576. "address": "0x46f1b0"
577. },
578. {
579. "name": "GetStartupInfoA",
580. "address": "0x46f1b4"
581. },
582. {
583. "name": "GetProcAddress",
584. "address": "0x46f1b8"
585. },
586. {
587. "name": "GetModuleHandleA",
588. "address": "0x46f1bc"
589. },
590. {
591. "name": "GetModuleFileNameA",
592. "address": "0x46f1c0"
593. },
594. {
595. "name": "GetLocaleInfoA",
596. "address": "0x46f1c4"
597. },
598. {
599. "name": "GetCommandLineA",
600. "address": "0x46f1c8"
601. },
602. {
603. "name": "FreeLibrary",
604. "address": "0x46f1cc"
605. },
606. {
607. "name": "FindFirstFileA",
608. "address": "0x46f1d0"
609. },
610. {
611. "name": "FindClose",
612. "address": "0x46f1d4"
613. },
614. {
615. "name": "ExitProcess",
616. "address": "0x46f1d8"
617. },
618. {
619. "name": "WriteFile",
620. "address": "0x46f1dc"
621. },
622. {
623. "name": "UnhandledExceptionFilter",
624. "address": "0x46f1e0"
625. },
626. {
627. "name": "RtlUnwind",
628. "address": "0x46f1e4"
629. },
630. {
631. "name": "RaiseException",
632. "address": "0x46f1e8"
633. },
634. {
635. "name": "GetStdHandle",
636. "address": "0x46f1ec"
637. }
638. ],
639. "dll": "kernel32.dll"
640. },
641. {
642. "imports": [
643. {
644. "name": "GetKeyboardType",
645. "address": "0x46f1f4"
646. },
647. {
648. "name": "LoadStringA",
649. "address": "0x46f1f8"
650. },
651. {
652. "name": "MessageBoxA",
653. "address": "0x46f1fc"
654. },
655. {
656. "name": "CharNextA",
657. "address": "0x46f200"
658. }
659. ],
660. "dll": "user32.dll"
661. },
662. {
663. "imports": [
664. {
665. "name": "RegQueryValueExA",
666. "address": "0x46f208"
667. },
668. {
669. "name": "RegOpenKeyExA",
670. "address": "0x46f20c"
671. },
672. {
673. "name": "RegCloseKey",
674. "address": "0x46f210"
675. }
676. ],
677. "dll": "advapi32.dll"
678. },
679. {
680. "imports": [
681. {
682. "name": "SysFreeString",
683. "address": "0x46f218"
684. },
685. {
686. "name": "SysReAllocStringLen",
687. "address": "0x46f21c"
688. },
689. {
690. "name": "SysAllocStringLen",
691. "address": "0x46f220"
692. }
693. ],
694. "dll": "oleaut32.dll"
695. },
696. {
697. "imports": [
698. {
699. "name": "TlsSetValue",
700. "address": "0x46f228"
701. },
702. {
703. "name": "TlsGetValue",
704. "address": "0x46f22c"
705. },
706. {
707. "name": "LocalAlloc",
708. "address": "0x46f230"
709. },
710. {
711. "name": "GetModuleHandleA",
712. "address": "0x46f234"
713. }
714. ],
715. "dll": "kernel32.dll"
716. },
717. {
718. "imports": [
719. {
720. "name": "RegQueryValueExA",
721. "address": "0x46f23c"
722. },
723. {
724. "name": "RegOpenKeyExA",
725. "address": "0x46f240"
726. },
727. {
728. "name": "RegCloseKey",
729. "address": "0x46f244"
730. }
731. ],
732. "dll": "advapi32.dll"
733. },
734. {
735. "imports": [
736. {
737. "name": "lstrcpyA",
738. "address": "0x46f24c"
739. },
740. {
741. "name": "WriteFile",
742. "address": "0x46f250"
743. },
744. {
745. "name": "WaitForSingleObject",
746. "address": "0x46f254"
747. },
748. {
749. "name": "VirtualQuery",
750. "address": "0x46f258"
751. },
752. {
753. "name": "VirtualAlloc",
754. "address": "0x46f25c"
755. },
756. {
757. "name": "Sleep",
758. "address": "0x46f260"
759. },
760. {
761. "name": "SizeofResource",
762. "address": "0x46f264"
763. },
764. {
765. "name": "SetThreadLocale",
766. "address": "0x46f268"
767. },
768. {
769. "name": "SetFilePointer",
770. "address": "0x46f26c"
771. },
772. {
773. "name": "SetEvent",
774. "address": "0x46f270"
775. },
776. {
777. "name": "SetErrorMode",
778. "address": "0x46f274"
779. },
780. {
781. "name": "SetEndOfFile",
782. "address": "0x46f278"
783. },
784. {
785. "name": "ResetEvent",
786. "address": "0x46f27c"
787. },
788. {
789. "name": "ReadFile",
790. "address": "0x46f280"
791. },
792. {
793. "name": "MultiByteToWideChar",
794. "address": "0x46f284"
795. },
796. {
797. "name": "MulDiv",
798. "address": "0x46f288"
799. },
800. {
801. "name": "LockResource",
802. "address": "0x46f28c"
803. },
804. {
805. "name": "LoadResource",
806. "address": "0x46f290"
807. },
808. {
809. "name": "LoadLibraryA",
810. "address": "0x46f294"
811. },
812. {
813. "name": "LeaveCriticalSection",
814. "address": "0x46f298"
815. },
816. {
817. "name": "InitializeCriticalSection",
818. "address": "0x46f29c"
819. },
820. {
821. "name": "GlobalUnlock",
822. "address": "0x46f2a0"
823. },
824. {
825. "name": "GlobalSize",
826. "address": "0x46f2a4"
827. },
828. {
829. "name": "GlobalReAlloc",
830. "address": "0x46f2a8"
831. },
832. {
833. "name": "GlobalHandle",
834. "address": "0x46f2ac"
835. },
836. {
837. "name": "GlobalLock",
838. "address": "0x46f2b0"
839. },
840. {
841. "name": "GlobalFree",
842. "address": "0x46f2b4"
843. },
844. {
845. "name": "GlobalFindAtomA",
846. "address": "0x46f2b8"
847. },
848. {
849. "name": "GlobalDeleteAtom",
850. "address": "0x46f2bc"
851. },
852. {
853. "name": "GlobalAlloc",
854. "address": "0x46f2c0"
855. },
856. {
857. "name": "GlobalAddAtomA",
858. "address": "0x46f2c4"
859. },
860. {
861. "name": "GetVersionExA",
862. "address": "0x46f2c8"
863. },
864. {
865. "name": "GetVersion",
866. "address": "0x46f2cc"
867. },
868. {
869. "name": "GetUserDefaultLCID",
870. "address": "0x46f2d0"
871. },
872. {
873. "name": "GetTickCount",
874. "address": "0x46f2d4"
875. },
876. {
877. "name": "GetThreadLocale",
878. "address": "0x46f2d8"
879. },
880. {
881. "name": "GetSystemInfo",
882. "address": "0x46f2dc"
883. },
884. {
885. "name": "GetStringTypeExA",
886. "address": "0x46f2e0"
887. },
888. {
889. "name": "GetStdHandle",
890. "address": "0x46f2e4"
891. },
892. {
893. "name": "GetProfileStringA",
894. "address": "0x46f2e8"
895. },
896. {
897. "name": "GetProcAddress",
898. "address": "0x46f2ec"
899. },
900. {
901. "name": "GetModuleHandleA",
902. "address": "0x46f2f0"
903. },
904. {
905. "name": "GetModuleFileNameA",
906. "address": "0x46f2f4"
907. },
908. {
909. "name": "GetLocaleInfoA",
910. "address": "0x46f2f8"
911. },
912. {
913. "name": "GetLocalTime",
914. "address": "0x46f2fc"
915. },
916. {
917. "name": "GetLastError",
918. "address": "0x46f300"
919. },
920. {
921. "name": "GetFullPathNameA",
922. "address": "0x46f304"
923. },
924. {
925. "name": "GetDiskFreeSpaceA",
926. "address": "0x46f308"
927. },
928. {
929. "name": "GetDateFormatA",
930. "address": "0x46f30c"
931. },
932. {
933. "name": "GetCurrentThreadId",
934. "address": "0x46f310"
935. },
936. {
937. "name": "GetCurrentProcessId",
938. "address": "0x46f314"
939. },
940. {
941. "name": "GetComputerNameA",
942. "address": "0x46f318"
943. },
944. {
945. "name": "GetCPInfo",
946. "address": "0x46f31c"
947. },
948. {
949. "name": "GetACP",
950. "address": "0x46f320"
951. },
952. {
953. "name": "FreeResource",
954. "address": "0x46f324"
955. },
956. {
957. "name": "InterlockedExchange",
958. "address": "0x46f328"
959. },
960. {
961. "name": "FreeLibrary",
962. "address": "0x46f32c"
963. },
964. {
965. "name": "FormatMessageA",
966. "address": "0x46f330"
967. },
968. {
969. "name": "FindResourceA",
970. "address": "0x46f334"
971. },
972. {
973. "name": "EnumCalendarInfoA",
974. "address": "0x46f338"
975. },
976. {
977. "name": "EnterCriticalSection",
978. "address": "0x46f33c"
979. },
980. {
981. "name": "DeleteCriticalSection",
982. "address": "0x46f340"
983. },
984. {
985. "name": "CreateThread",
986. "address": "0x46f344"
987. },
988. {
989. "name": "CreateFileA",
990. "address": "0x46f348"
991. },
992. {
993. "name": "CreateEventA",
994. "address": "0x46f34c"
995. },
996. {
997. "name": "CompareStringA",
998. "address": "0x46f350"
999. },
1000. {
1001. "name": "CloseHandle",
1002. "address": "0x46f354"
1003. }
1004. ],
1005. "dll": "kernel32.dll"
1006. },
1007. {
1008. "imports": [
1009. {
1010. "name": "VerQueryValueA",
1011. "address": "0x46f35c"
1012. },
1013. {
1014. "name": "GetFileVersionInfoSizeA",
1015. "address": "0x46f360"
1016. },
1017. {
1018. "name": "GetFileVersionInfoA",
1019. "address": "0x46f364"
1020. }
1021. ],
1022. "dll": "version.dll"
1023. },
1024. {
1025. "imports": [
1026. {
1027. "name": "UnrealizeObject",
1028. "address": "0x46f36c"
1029. },
1030. {
1031. "name": "StretchBlt",
1032. "address": "0x46f370"
1033. },
1034. {
1035. "name": "SetWindowOrgEx",
1036. "address": "0x46f374"
1037. },
1038. {
1039. "name": "SetWinMetaFileBits",
1040. "address": "0x46f378"
1041. },
1042. {
1043. "name": "SetViewportOrgEx",
1044. "address": "0x46f37c"
1045. },
1046. {
1047. "name": "SetTextColor",
1048. "address": "0x46f380"
1049. },
1050. {
1051. "name": "SetStretchBltMode",
1052. "address": "0x46f384"
1053. },
1054. {
1055. "name": "SetROP2",
1056. "address": "0x46f388"
1057. },
1058. {
1059. "name": "SetPixel",
1060. "address": "0x46f38c"
1061. },
1062. {
1063. "name": "SetMapMode",
1064. "address": "0x46f390"
1065. },
1066. {
1067. "name": "SetEnhMetaFileBits",
1068. "address": "0x46f394"
1069. },
1070. {
1071. "name": "SetDIBColorTable",
1072. "address": "0x46f398"
1073. },
1074. {
1075. "name": "SetBrushOrgEx",
1076. "address": "0x46f39c"
1077. },
1078. {
1079. "name": "SetBkMode",
1080. "address": "0x46f3a0"
1081. },
1082. {
1083. "name": "SetBkColor",
1084. "address": "0x46f3a4"
1085. },
1086. {
1087. "name": "SelectPalette",
1088. "address": "0x46f3a8"
1089. },
1090. {
1091. "name": "SelectObject",
1092. "address": "0x46f3ac"
1093. },
1094. {
1095. "name": "SelectClipRgn",
1096. "address": "0x46f3b0"
1097. },
1098. {
1099. "name": "ScaleWindowExtEx",
1100. "address": "0x46f3b4"
1101. },
1102. {
1103. "name": "SaveDC",
1104. "address": "0x46f3b8"
1105. },
1106. {
1107. "name": "RestoreDC",
1108. "address": "0x46f3bc"
1109. },
1110. {
1111. "name": "RectVisible",
1112. "address": "0x46f3c0"
1113. },
1114. {
1115. "name": "RealizePalette",
1116. "address": "0x46f3c4"
1117. },
1118. {
1119. "name": "PlayEnhMetaFile",
1120. "address": "0x46f3c8"
1121. },
1122. {
1123. "name": "PathToRegion",
1124. "address": "0x46f3cc"
1125. },
1126. {
1127. "name": "PatBlt",
1128. "address": "0x46f3d0"
1129. },
1130. {
1131. "name": "MoveToEx",
1132. "address": "0x46f3d4"
1133. },
1134. {
1135. "name": "MaskBlt",
1136. "address": "0x46f3d8"
1137. },
1138. {
1139. "name": "LineTo",
1140. "address": "0x46f3dc"
1141. },
1142. {
1143. "name": "LPtoDP",
1144. "address": "0x46f3e0"
1145. },
1146. {
1147. "name": "IntersectClipRect",
1148. "address": "0x46f3e4"
1149. },
1150. {
1151. "name": "GetWindowOrgEx",
1152. "address": "0x46f3e8"
1153. },
1154. {
1155. "name": "GetWinMetaFileBits",
1156. "address": "0x46f3ec"
1157. },
1158. {
1159. "name": "GetTextMetricsA",
1160. "address": "0x46f3f0"
1161. },
1162. {
1163. "name": "GetTextExtentPoint32A",
1164. "address": "0x46f3f4"
1165. },
1166. {
1167. "name": "GetSystemPaletteEntries",
1168. "address": "0x46f3f8"
1169. },
1170. {
1171. "name": "GetStockObject",
1172. "address": "0x46f3fc"
1173. },
1174. {
1175. "name": "GetPixel",
1176. "address": "0x46f400"
1177. },
1178. {
1179. "name": "GetPaletteEntries",
1180. "address": "0x46f404"
1181. },
1182. {
1183. "name": "GetObjectA",
1184. "address": "0x46f408"
1185. },
1186. {
1187. "name": "GetEnhMetaFilePaletteEntries",
1188. "address": "0x46f40c"
1189. },
1190. {
1191. "name": "GetEnhMetaFileHeader",
1192. "address": "0x46f410"
1193. },
1194. {
1195. "name": "GetEnhMetaFileDescriptionA",
1196. "address": "0x46f414"
1197. },
1198. {
1199. "name": "GetEnhMetaFileBits",
1200. "address": "0x46f418"
1201. },
1202. {
1203. "name": "GetDeviceCaps",
1204. "address": "0x46f41c"
1205. },
1206. {
1207. "name": "GetDIBits",
1208. "address": "0x46f420"
1209. },
1210. {
1211. "name": "GetDIBColorTable",
1212. "address": "0x46f424"
1213. },
1214. {
1215. "name": "GetDCOrgEx",
1216. "address": "0x46f428"
1217. },
1218. {
1219. "name": "GetCurrentPositionEx",
1220. "address": "0x46f42c"
1221. },
1222. {
1223. "name": "GetClipBox",
1224. "address": "0x46f430"
1225. },
1226. {
1227. "name": "GetBrushOrgEx",
1228. "address": "0x46f434"
1229. },
1230. {
1231. "name": "GetBitmapBits",
1232. "address": "0x46f438"
1233. },
1234. {
1235. "name": "ExcludeClipRect",
1236. "address": "0x46f43c"
1237. },
1238. {
1239. "name": "EndPage",
1240. "address": "0x46f440"
1241. },
1242. {
1243. "name": "EndDoc",
1244. "address": "0x46f444"
1245. },
1246. {
1247. "name": "DeleteObject",
1248. "address": "0x46f448"
1249. },
1250. {
1251. "name": "DeleteEnhMetaFile",
1252. "address": "0x46f44c"
1253. },
1254. {
1255. "name": "DeleteDC",
1256. "address": "0x46f450"
1257. },
1258. {
1259. "name": "CreateSolidBrush",
1260. "address": "0x46f454"
1261. },
1262. {
1263. "name": "CreatePenIndirect",
1264. "address": "0x46f458"
1265. },
1266. {
1267. "name": "CreatePalette",
1268. "address": "0x46f45c"
1269. },
1270. {
1271. "name": "CreateICA",
1272. "address": "0x46f460"
1273. },
1274. {
1275. "name": "CreateHalftonePalette",
1276. "address": "0x46f464"
1277. },
1278. {
1279. "name": "CreateFontIndirectA",
1280. "address": "0x46f468"
1281. },
1282. {
1283. "name": "CreateEnhMetaFileA",
1284. "address": "0x46f46c"
1285. },
1286. {
1287. "name": "CreateDIBitmap",
1288. "address": "0x46f470"
1289. },
1290. {
1291. "name": "CreateDIBSection",
1292. "address": "0x46f474"
1293. },
1294. {
1295. "name": "CreateDCA",
1296. "address": "0x46f478"
1297. },
1298. {
1299. "name": "CreateCompatibleDC",
1300. "address": "0x46f47c"
1301. },
1302. {
1303. "name": "CreateCompatibleBitmap",
1304. "address": "0x46f480"
1305. },
1306. {
1307. "name": "CreateBrushIndirect",
1308. "address": "0x46f484"
1309. },
1310. {
1311. "name": "CreateBitmap",
1312. "address": "0x46f488"
1313. },
1314. {
1315. "name": "CopyEnhMetaFileA",
1316. "address": "0x46f48c"
1317. },
1318. {
1319. "name": "CloseEnhMetaFile",
1320. "address": "0x46f490"
1321. },
1322. {
1323. "name": "BitBlt",
1324. "address": "0x46f494"
1325. }
1326. ],
1327. "dll": "gdi32.dll"
1328. },
1329. {
1330. "imports": [
1331. {
1332. "name": "CreateWindowExA",
1333. "address": "0x46f49c"
1334. },
1335. {
1336. "name": "WindowFromPoint",
1337. "address": "0x46f4a0"
1338. },
1339. {
1340. "name": "WinHelpA",
1341. "address": "0x46f4a4"
1342. },
1343. {
1344. "name": "WaitMessage",
1345. "address": "0x46f4a8"
1346. },
1347. {
1348. "name": "UpdateWindow",
1349. "address": "0x46f4ac"
1350. },
1351. {
1352. "name": "UnregisterClassA",
1353. "address": "0x46f4b0"
1354. },
1355. {
1356. "name": "UnhookWindowsHookEx",
1357. "address": "0x46f4b4"
1358. },
1359. {
1360. "name": "TranslateMessage",
1361. "address": "0x46f4b8"
1362. },
1363. {
1364. "name": "TranslateMDISysAccel",
1365. "address": "0x46f4bc"
1366. },
1367. {
1368. "name": "TrackPopupMenu",
1369. "address": "0x46f4c0"
1370. },
1371. {
1372. "name": "SystemParametersInfoA",
1373. "address": "0x46f4c4"
1374. },
1375. {
1376. "name": "ShowWindow",
1377. "address": "0x46f4c8"
1378. },
1379. {
1380. "name": "ShowScrollBar",
1381. "address": "0x46f4cc"
1382. },
1383. {
1384. "name": "ShowOwnedPopups",
1385. "address": "0x46f4d0"
1386. },
1387. {
1388. "name": "ShowCursor",
1389. "address": "0x46f4d4"
1390. },
1391. {
1392. "name": "SetWindowsHookExA",
1393. "address": "0x46f4d8"
1394. },
1395. {
1396. "name": "SetWindowTextA",
1397. "address": "0x46f4dc"
1398. },
1399. {
1400. "name": "SetWindowPos",
1401. "address": "0x46f4e0"
1402. },
1403. {
1404. "name": "SetWindowPlacement",
1405. "address": "0x46f4e4"
1406. },
1407. {
1408. "name": "SetWindowLongA",
1409. "address": "0x46f4e8"
1410. },
1411. {
1412. "name": "SetTimer",
1413. "address": "0x46f4ec"
1414. },
1415. {
1416. "name": "SetScrollRange",
1417. "address": "0x46f4f0"
1418. },
1419. {
1420. "name": "SetScrollPos",
1421. "address": "0x46f4f4"
1422. },
1423. {
1424. "name": "SetScrollInfo",
1425. "address": "0x46f4f8"
1426. },
1427. {
1428. "name": "SetRect",
1429. "address": "0x46f4fc"
1430. },
1431. {
1432. "name": "SetPropA",
1433. "address": "0x46f500"
1434. },
1435. {
1436. "name": "SetParent",
1437. "address": "0x46f504"
1438. },
1439. {
1440. "name": "SetMenuItemInfoA",
1441. "address": "0x46f508"
1442. },
1443. {
1444. "name": "SetMenu",
1445. "address": "0x46f50c"
1446. },
1447. {
1448. "name": "SetKeyboardState",
1449. "address": "0x46f510"
1450. },
1451. {
1452. "name": "SetForegroundWindow",
1453. "address": "0x46f514"
1454. },
1455. {
1456. "name": "SetFocus",
1457. "address": "0x46f518"
1458. },
1459. {
1460. "name": "SetCursor",
1461. "address": "0x46f51c"
1462. },
1463. {
1464. "name": "SetClipboardData",
1465. "address": "0x46f520"
1466. },
1467. {
1468. "name": "SetClassLongA",
1469. "address": "0x46f524"
1470. },
1471. {
1472. "name": "SetCapture",
1473. "address": "0x46f528"
1474. },
1475. {
1476. "name": "SetActiveWindow",
1477. "address": "0x46f52c"
1478. },
1479. {
1480. "name": "SendMessageA",
1481. "address": "0x46f530"
1482. },
1483. {
1484. "name": "ScrollWindow",
1485. "address": "0x46f534"
1486. },
1487. {
1488. "name": "ScreenToClient",
1489. "address": "0x46f538"
1490. },
1491. {
1492. "name": "RemovePropA",
1493. "address": "0x46f53c"
1494. },
1495. {
1496. "name": "RemoveMenu",
1497. "address": "0x46f540"
1498. },
1499. {
1500. "name": "ReleaseDC",
1501. "address": "0x46f544"
1502. },
1503. {
1504. "name": "ReleaseCapture",
1505. "address": "0x46f548"
1506. },
1507. {
1508. "name": "RegisterWindowMessageA",
1509. "address": "0x46f54c"
1510. },
1511. {
1512. "name": "RegisterClipboardFormatA",
1513. "address": "0x46f550"
1514. },
1515. {
1516. "name": "RegisterClassA",
1517. "address": "0x46f554"
1518. },
1519. {
1520. "name": "RedrawWindow",
1521. "address": "0x46f558"
1522. },
1523. {
1524. "name": "PtInRect",
1525. "address": "0x46f55c"
1526. },
1527. {
1528. "name": "PostQuitMessage",
1529. "address": "0x46f560"
1530. },
1531. {
1532. "name": "PostMessageA",
1533. "address": "0x46f564"
1534. },
1535. {
1536. "name": "PeekMessageA",
1537. "address": "0x46f568"
1538. },
1539. {
1540. "name": "OpenClipboard",
1541. "address": "0x46f56c"
1542. },
1543. {
1544. "name": "OffsetRect",
1545. "address": "0x46f570"
1546. },
1547. {
1548. "name": "OemToCharA",
1549. "address": "0x46f574"
1550. },
1551. {
1552. "name": "MessageBoxA",
1553. "address": "0x46f578"
1554. },
1555. {
1556. "name": "MessageBeep",
1557. "address": "0x46f57c"
1558. },
1559. {
1560. "name": "MapWindowPoints",
1561. "address": "0x46f580"
1562. },
1563. {
1564. "name": "MapVirtualKeyA",
1565. "address": "0x46f584"
1566. },
1567. {
1568. "name": "LoadStringA",
1569. "address": "0x46f588"
1570. },
1571. {
1572. "name": "LoadKeyboardLayoutA",
1573. "address": "0x46f58c"
1574. },
1575. {
1576. "name": "LoadIconA",
1577. "address": "0x46f590"
1578. },
1579. {
1580. "name": "LoadCursorA",
1581. "address": "0x46f594"
1582. },
1583. {
1584. "name": "LoadBitmapA",
1585. "address": "0x46f598"
1586. },
1587. {
1588. "name": "KillTimer",
1589. "address": "0x46f59c"
1590. },
1591. {
1592. "name": "IsZoomed",
1593. "address": "0x46f5a0"
1594. },
1595. {
1596. "name": "IsWindowVisible",
1597. "address": "0x46f5a4"
1598. },
1599. {
1600. "name": "IsWindowEnabled",
1601. "address": "0x46f5a8"
1602. },
1603. {
1604. "name": "IsWindow",
1605. "address": "0x46f5ac"
1606. },
1607. {
1608. "name": "IsRectEmpty",
1609. "address": "0x46f5b0"
1610. },
1611. {
1612. "name": "IsIconic",
1613. "address": "0x46f5b4"
1614. },
1615. {
1616. "name": "IsDialogMessageA",
1617. "address": "0x46f5b8"
1618. },
1619. {
1620. "name": "IsChild",
1621. "address": "0x46f5bc"
1622. },
1623. {
1624. "name": "IsCharAlphaNumericA",
1625. "address": "0x46f5c0"
1626. },
1627. {
1628. "name": "IsCharAlphaA",
1629. "address": "0x46f5c4"
1630. },
1631. {
1632. "name": "InvalidateRect",
1633. "address": "0x46f5c8"
1634. },
1635. {
1636. "name": "IntersectRect",
1637. "address": "0x46f5cc"
1638. },
1639. {
1640. "name": "InsertMenuItemA",
1641. "address": "0x46f5d0"
1642. },
1643. {
1644. "name": "InsertMenuA",
1645. "address": "0x46f5d4"
1646. },
1647. {
1648. "name": "InflateRect",
1649. "address": "0x46f5d8"
1650. },
1651. {
1652. "name": "GetWindowThreadProcessId",
1653. "address": "0x46f5dc"
1654. },
1655. {
1656. "name": "GetWindowTextA",
1657. "address": "0x46f5e0"
1658. },
1659. {
1660. "name": "GetWindowRect",
1661. "address": "0x46f5e4"
1662. },
1663. {
1664. "name": "GetWindowPlacement",
1665. "address": "0x46f5e8"
1666. },
1667. {
1668. "name": "GetWindowLongA",
1669. "address": "0x46f5ec"
1670. },
1671. {
1672. "name": "GetWindowDC",
1673. "address": "0x46f5f0"
1674. },
1675. {
1676. "name": "GetTopWindow",
1677. "address": "0x46f5f4"
1678. },
1679. {
1680. "name": "GetSystemMetrics",
1681. "address": "0x46f5f8"
1682. },
1683. {
1684. "name": "GetSystemMenu",
1685. "address": "0x46f5fc"
1686. },
1687. {
1688. "name": "GetSysColorBrush",
1689. "address": "0x46f600"
1690. },
1691. {
1692. "name": "GetSysColor",
1693. "address": "0x46f604"
1694. },
1695. {
1696. "name": "GetSubMenu",
1697. "address": "0x46f608"
1698. },
1699. {
1700. "name": "GetScrollRange",
1701. "address": "0x46f60c"
1702. },
1703. {
1704. "name": "GetScrollPos",
1705. "address": "0x46f610"
1706. },
1707. {
1708. "name": "GetScrollInfo",
1709. "address": "0x46f614"
1710. },
1711. {
1712. "name": "GetPropA",
1713. "address": "0x46f618"
1714. },
1715. {
1716. "name": "GetParent",
1717. "address": "0x46f61c"
1718. },
1719. {
1720. "name": "GetWindow",
1721. "address": "0x46f620"
1722. },
1723. {
1724. "name": "GetMessageTime",
1725. "address": "0x46f624"
1726. },
1727. {
1728. "name": "GetMenuStringA",
1729. "address": "0x46f628"
1730. },
1731. {
1732. "name": "GetMenuState",
1733. "address": "0x46f62c"
1734. },
1735. {
1736. "name": "GetMenuItemInfoA",
1737. "address": "0x46f630"
1738. },
1739. {
1740. "name": "GetMenuItemID",
1741. "address": "0x46f634"
1742. },
1743. {
1744. "name": "GetMenuItemCount",
1745. "address": "0x46f638"
1746. },
1747. {
1748. "name": "GetMenu",
1749. "address": "0x46f63c"
1750. },
1751. {
1752. "name": "GetLastActivePopup",
1753. "address": "0x46f640"
1754. },
1755. {
1756. "name": "GetKeyboardState",
1757. "address": "0x46f644"
1758. },
1759. {
1760. "name": "GetKeyboardLayoutList",
1761. "address": "0x46f648"
1762. },
1763. {
1764. "name": "GetKeyboardLayout",
1765. "address": "0x46f64c"
1766. },
1767. {
1768. "name": "GetKeyState",
1769. "address": "0x46f650"
1770. },
1771. {
1772. "name": "GetKeyNameTextA",
1773. "address": "0x46f654"
1774. },
1775. {
1776. "name": "GetIconInfo",
1777. "address": "0x46f658"
1778. },
1779. {
1780. "name": "GetForegroundWindow",
1781. "address": "0x46f65c"
1782. },
1783. {
1784. "name": "GetFocus",
1785. "address": "0x46f660"
1786. },
1787. {
1788. "name": "GetDesktopWindow",
1789. "address": "0x46f664"
1790. },
1791. {
1792. "name": "GetDCEx",
1793. "address": "0x46f668"
1794. },
1795. {
1796. "name": "GetDC",
1797. "address": "0x46f66c"
1798. },
1799. {
1800. "name": "GetCursorPos",
1801. "address": "0x46f670"
1802. },
1803. {
1804. "name": "GetCursor",
1805. "address": "0x46f674"
1806. },
1807. {
1808. "name": "GetClipboardData",
1809. "address": "0x46f678"
1810. },
1811. {
1812. "name": "GetClientRect",
1813. "address": "0x46f67c"
1814. },
1815. {
1816. "name": "GetClassNameA",
1817. "address": "0x46f680"
1818. },
1819. {
1820. "name": "GetClassInfoA",
1821. "address": "0x46f684"
1822. },
1823. {
1824. "name": "GetCapture",
1825. "address": "0x46f688"
1826. },
1827. {
1828. "name": "GetActiveWindow",
1829. "address": "0x46f68c"
1830. },
1831. {
1832. "name": "FrameRect",
1833. "address": "0x46f690"
1834. },
1835. {
1836. "name": "FindWindowA",
1837. "address": "0x46f694"
1838. },
1839. {
1840. "name": "FillRect",
1841. "address": "0x46f698"
1842. },
1843. {
1844. "name": "EqualRect",
1845. "address": "0x46f69c"
1846. },
1847. {
1848. "name": "EnumWindows",
1849. "address": "0x46f6a0"
1850. },
1851. {
1852. "name": "EnumThreadWindows",
1853. "address": "0x46f6a4"
1854. },
1855. {
1856. "name": "EnumClipboardFormats",
1857. "address": "0x46f6a8"
1858. },
1859. {
1860. "name": "EndPaint",
1861. "address": "0x46f6ac"
1862. },
1863. {
1864. "name": "EndDeferWindowPos",
1865. "address": "0x46f6b0"
1866. },
1867. {
1868. "name": "EnableWindow",
1869. "address": "0x46f6b4"
1870. },
1871. {
1872. "name": "EnableScrollBar",
1873. "address": "0x46f6b8"
1874. },
1875. {
1876. "name": "EnableMenuItem",
1877. "address": "0x46f6bc"
1878. },
1879. {
1880. "name": "EmptyClipboard",
1881. "address": "0x46f6c0"
1882. },
1883. {
1884. "name": "DrawTextA",
1885. "address": "0x46f6c4"
1886. },
1887. {
1888. "name": "DrawMenuBar",
1889. "address": "0x46f6c8"
1890. },
1891. {
1892. "name": "DrawIconEx",
1893. "address": "0x46f6cc"
1894. },
1895. {
1896. "name": "DrawIcon",
1897. "address": "0x46f6d0"
1898. },
1899. {
1900. "name": "DrawFrameControl",
1901. "address": "0x46f6d4"
1902. },
1903. {
1904. "name": "DrawEdge",
1905. "address": "0x46f6d8"
1906. },
1907. {
1908. "name": "DispatchMessageA",
1909. "address": "0x46f6dc"
1910. },
1911. {
1912. "name": "DestroyWindow",
1913. "address": "0x46f6e0"
1914. },
1915. {
1916. "name": "DestroyMenu",
1917. "address": "0x46f6e4"
1918. },
1919. {
1920. "name": "DestroyIcon",
1921. "address": "0x46f6e8"
1922. },
1923. {
1924. "name": "DestroyCursor",
1925. "address": "0x46f6ec"
1926. },
1927. {
1928. "name": "DeleteMenu",
1929. "address": "0x46f6f0"
1930. },
1931. {
1932. "name": "DeferWindowPos",
1933. "address": "0x46f6f4"
1934. },
1935. {
1936. "name": "DefWindowProcA",
1937. "address": "0x46f6f8"
1938. },
1939. {
1940. "name": "DefMDIChildProcA",
1941. "address": "0x46f6fc"
1942. },
1943. {
1944. "name": "DefFrameProcA",
1945. "address": "0x46f700"
1946. },
1947. {
1948. "name": "CreatePopupMenu",
1949. "address": "0x46f704"
1950. },
1951. {
1952. "name": "CreateMenu",
1953. "address": "0x46f708"
1954. },
1955. {
1956. "name": "CreateIcon",
1957. "address": "0x46f70c"
1958. },
1959. {
1960. "name": "CloseClipboard",
1961. "address": "0x46f710"
1962. },
1963. {
1964. "name": "ClientToScreen",
1965. "address": "0x46f714"
1966. },
1967. {
1968. "name": "CheckMenuItem",
1969. "address": "0x46f718"
1970. },
1971. {
1972. "name": "CallWindowProcA",
1973. "address": "0x46f71c"
1974. },
1975. {
1976. "name": "CallNextHookEx",
1977. "address": "0x46f720"
1978. },
1979. {
1980. "name": "BeginPaint",
1981. "address": "0x46f724"
1982. },
1983. {
1984. "name": "BeginDeferWindowPos",
1985. "address": "0x46f728"
1986. },
1987. {
1988. "name": "CharNextA",
1989. "address": "0x46f72c"
1990. },
1991. {
1992. "name": "CharLowerBuffA",
1993. "address": "0x46f730"
1994. },
1995. {
1996. "name": "CharLowerA",
1997. "address": "0x46f734"
1998. },
1999. {
2000. "name": "CharUpperBuffA",
2001. "address": "0x46f738"
2002. },
2003. {
2004. "name": "CharToOemA",
2005. "address": "0x46f73c"
2006. },
2007. {
2008. "name": "AdjustWindowRectEx",
2009. "address": "0x46f740"
2010. },
2011. {
2012. "name": "ActivateKeyboardLayout",
2013. "address": "0x46f744"
2014. }
2015. ],
2016. "dll": "user32.dll"
2017. },
2018. {
2019. "imports": [
2020. {
2021. "name": "Sleep",
2022. "address": "0x46f74c"
2023. }
2024. ],
2025. "dll": "kernel32.dll"
2026. },
2027. {
2028. "imports": [
2029. {
2030. "name": "SafeArrayPtrOfIndex",
2031. "address": "0x46f754"
2032. },
2033. {
2034. "name": "SafeArrayGetUBound",
2035. "address": "0x46f758"
2036. },
2037. {
2038. "name": "SafeArrayGetLBound",
2039. "address": "0x46f75c"
2040. },
2041. {
2042. "name": "SafeArrayCreate",
2043. "address": "0x46f760"
2044. },
2045. {
2046. "name": "VariantChangeType",
2047. "address": "0x46f764"
2048. },
2049. {
2050. "name": "VariantCopy",
2051. "address": "0x46f768"
2052. },
2053. {
2054. "name": "VariantClear",
2055. "address": "0x46f76c"
2056. },
2057. {
2058. "name": "VariantInit",
2059. "address": "0x46f770"
2060. }
2061. ],
2062. "dll": "oleaut32.dll"
2063. },
2064. {
2065. "imports": [
2066. {
2067. "name": "CreateStreamOnHGlobal",
2068. "address": "0x46f778"
2069. },
2070. {
2071. "name": "IsAccelerator",
2072. "address": "0x46f77c"
2073. },
2074. {
2075. "name": "OleDraw",
2076. "address": "0x46f780"
2077. },
2078. {
2079. "name": "OleSetMenuDescriptor",
2080. "address": "0x46f784"
2081. },
2082. {
2083. "name": "CoTaskMemFree",
2084. "address": "0x46f788"
2085. },
2086. {
2087. "name": "ProgIDFromCLSID",
2088. "address": "0x46f78c"
2089. },
2090. {
2091. "name": "StringFromCLSID",
2092. "address": "0x46f790"
2093. },
2094. {
2095. "name": "CoCreateInstance",
2096. "address": "0x46f794"
2097. },
2098. {
2099. "name": "CoGetClassObject",
2100. "address": "0x46f798"
2101. },
2102. {
2103. "name": "CoUninitialize",
2104. "address": "0x46f79c"
2105. },
2106. {
2107. "name": "CoInitialize",
2108. "address": "0x46f7a0"
2109. },
2110. {
2111. "name": "IsEqualGUID",
2112. "address": "0x46f7a4"
2113. }
2114. ],
2115. "dll": "ole32.dll"
2116. },
2117. {
2118. "imports": [
2119. {
2120. "name": "GetErrorInfo",
2121. "address": "0x46f7ac"
2122. },
2123. {
2124. "name": "GetActiveObject",
2125. "address": "0x46f7b0"
2126. },
2127. {
2128. "name": "SysFreeString",
2129. "address": "0x46f7b4"
2130. }
2131. ],
2132. "dll": "oleaut32.dll"
2133. },
2134. {
2135. "imports": [
2136. {
2137. "name": "ImageList_SetIconSize",
2138. "address": "0x46f7bc"
2139. },
2140. {
2141. "name": "ImageList_GetIconSize",
2142. "address": "0x46f7c0"
2143. },
2144. {
2145. "name": "ImageList_Write",
2146. "address": "0x46f7c4"
2147. },
2148. {
2149. "name": "ImageList_Read",
2150. "address": "0x46f7c8"
2151. },
2152. {
2153. "name": "ImageList_GetDragImage",
2154. "address": "0x46f7cc"
2155. },
2156. {
2157. "name": "ImageList_DragShowNolock",
2158. "address": "0x46f7d0"
2159. },
2160. {
2161. "name": "ImageList_SetDragCursorImage",
2162. "address": "0x46f7d4"
2163. },
2164. {
2165. "name": "ImageList_DragMove",
2166. "address": "0x46f7d8"
2167. },
2168. {
2169. "name": "ImageList_DragLeave",
2170. "address": "0x46f7dc"
2171. },
2172. {
2173. "name": "ImageList_DragEnter",
2174. "address": "0x46f7e0"
2175. },
2176. {
2177. "name": "ImageList_EndDrag",
2178. "address": "0x46f7e4"
2179. },
2180. {
2181. "name": "ImageList_BeginDrag",
2182. "address": "0x46f7e8"
2183. },
2184. {
2185. "name": "ImageList_Remove",
2186. "address": "0x46f7ec"
2187. },
2188. {
2189. "name": "ImageList_DrawEx",
2190. "address": "0x46f7f0"
2191. },
2192. {
2193. "name": "ImageList_Draw",
2194. "address": "0x46f7f4"
2195. },
2196. {
2197. "name": "ImageList_GetBkColor",
2198. "address": "0x46f7f8"
2199. },
2200. {
2201. "name": "ImageList_SetBkColor",
2202. "address": "0x46f7fc"
2203. },
2204. {
2205. "name": "ImageList_ReplaceIcon",
2206. "address": "0x46f800"
2207. },
2208. {
2209. "name": "ImageList_Add",
2210. "address": "0x46f804"
2211. },
2212. {
2213. "name": "ImageList_GetImageCount",
2214. "address": "0x46f808"
2215. },
2216. {
2217. "name": "ImageList_Destroy",
2218. "address": "0x46f80c"
2219. },
2220. {
2221. "name": "ImageList_Create",
2222. "address": "0x46f810"
2223. }
2224. ],
2225. "dll": "comctl32.dll"
2226. },
2227. {
2228. "imports": [
2229. {
2230. "name": "OpenPrinterA",
2231. "address": "0x46f818"
2232. },
2233. {
2234. "name": "EnumPrintersA",
2235. "address": "0x46f81c"
2236. },
2237. {
2238. "name": "DocumentPropertiesA",
2239. "address": "0x46f820"
2240. },
2241. {
2242. "name": "ClosePrinter",
2243. "address": "0x46f824"
2244. }
2245. ],
2246. "dll": "winspool.drv"
2247. },
2248. {
2249. "imports": [
2250. {
2251. "name": "PrintDlgA",
2252. "address": "0x46f82c"
2253. }
2254. ],
2255. "dll": "comdlg32.dll"
2256. }
2257. ],
2258. "digital_signers": null,
2259. "exported_dll_name": null,
2260. "actual_checksum": "0x000ca079",
2261. "overlay": null,
2262. "imagebase": "0x00400000",
2263. "reported_checksum": "0x00000000",
2264. "icon_hash": null,
2265. "entrypoint": "0x0046304c",
2266. "timestamp": "1992-01-31 02:31:10",
2267. "osversion": "4.0",
2268. "sections": [
2269. {
2270. "name": "CODE",
2271. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2272. "virtual_address": "0x00001000",
2273. "size_of_data": "0x00062200",
2274. "entropy": "6.54",
2275. "raw_address": "0x00000400",
2276. "virtual_size": "0x00062094",
2277. "characteristics_raw": "0x60000020"
2278. },
2279. {
2280. "name": "DATA",
2281. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2282. "virtual_address": "0x00064000",
2283. "size_of_data": "0x00009600",
2284. "entropy": "4.97",
2285. "raw_address": "0x00062600",
2286. "virtual_size": "0x00009528",
2287. "characteristics_raw": "0xc0000040"
2288. },
2289. {
2290. "name": "BSS",
2291. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2292. "virtual_address": "0x0006e000",
2293. "size_of_data": "0x00000000",
2294. "entropy": "0.00",
2295. "raw_address": "0x0006bc00",
2296. "virtual_size": "0x00000d59",
2297. "characteristics_raw": "0xc0000000"
2298. },
2299. {
2300. "name": ".idata",
2301. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2302. "virtual_address": "0x0006f000",
2303. "size_of_data": "0x00002600",
2304. "entropy": "5.01",
2305. "raw_address": "0x0006bc00",
2306. "virtual_size": "0x00002540",
2307. "characteristics_raw": "0xc0000040"
2308. },
2309. {
2310. "name": ".tls",
2311. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2312. "virtual_address": "0x00072000",
2313. "size_of_data": "0x00000000",
2314. "entropy": "0.00",
2315. "raw_address": "0x0006e200",
2316. "virtual_size": "0x00000010",
2317. "characteristics_raw": "0xc0000000"
2318. },
2319. {
2320. "name": ".rdata",
2321. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2322. "virtual_address": "0x00073000",
2323. "size_of_data": "0x00000200",
2324. "entropy": "0.21",
2325. "raw_address": "0x0006e200",
2326. "virtual_size": "0x00000018",
2327. "characteristics_raw": "0x50000040"
2328. },
2329. {
2330. "name": ".reloc",
2331. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2332. "virtual_address": "0x00074000",
2333. "size_of_data": "0x00007200",
2334. "entropy": "6.67",
2335. "raw_address": "0x0006e400",
2336. "virtual_size": "0x00007108",
2337. "characteristics_raw": "0x50000040"
2338. },
2339. {
2340. "name": ".rsrc",
2341. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2342. "virtual_address": "0x0007c000",
2343. "size_of_data": "0x00052000",
2344. "entropy": "6.96",
2345. "raw_address": "0x00075600",
2346. "virtual_size": "0x00051f50",
2347. "characteristics_raw": "0x50000040"
2348. }
2349. ],
2350. "resources": [],
2351. "dirents": [
2352. {
2353. "virtual_address": "0x00000000",
2354. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2355. "size": "0x00000000"
2356. },
2357. {
2358. "virtual_address": "0x0006f000",
2359. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2360. "size": "0x00002540"
2361. },
2362. {
2363. "virtual_address": "0x0007c000",
2364. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2365. "size": "0x00051f50"
2366. },
2367. {
2368. "virtual_address": "0x00000000",
2369. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2370. "size": "0x00000000"
2371. },
2372. {
2373. "virtual_address": "0x00000000",
2374. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2375. "size": "0x00000000"
2376. },
2377. {
2378. "virtual_address": "0x00074000",
2379. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2380. "size": "0x00007108"
2381. },
2382. {
2383. "virtual_address": "0x00000000",
2384. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2385. "size": "0x00000000"
2386. },
2387. {
2388. "virtual_address": "0x00000000",
2389. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2390. "size": "0x00000000"
2391. },
2392. {
2393. "virtual_address": "0x00000000",
2394. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2395. "size": "0x00000000"
2396. },
2397. {
2398. "virtual_address": "0x00073000",
2399. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2400. "size": "0x00000018"
2401. },
2402. {
2403. "virtual_address": "0x00000000",
2404. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2405. "size": "0x00000000"
2406. },
2407. {
2408. "virtual_address": "0x00000000",
2409. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2410. "size": "0x00000000"
2411. },
2412. {
2413. "virtual_address": "0x00000000",
2414. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2415. "size": "0x00000000"
2416. },
2417. {
2418. "virtual_address": "0x00000000",
2419. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2420. "size": "0x00000000"
2421. },
2422. {
2423. "virtual_address": "0x00000000",
2424. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2425. "size": "0x00000000"
2426. },
2427. {
2428. "virtual_address": "0x00000000",
2429. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2430. "size": "0x00000000"
2431. }
2432. ],
2433. "exports": [],
2434. "guest_signers": {},
2435. "imphash": "46116a2f8090728368dbf9ef96584273",
2436. "icon_fuzzy": null,
2437. "icon": null,
2438. "pdbpath": null,
2439. "imported_dll_count": 17,
2440. "versioninfo": []
2441. }
2442. }
2443.  
2444. [*] Resolved APIs: [
2445. "kernel32.dll.GetDiskFreeSpaceExA",
2446. "oleaut32.dll.VariantChangeTypeEx",
2447. "oleaut32.dll.VarNeg",
2448. "oleaut32.dll.VarNot",
2449. "oleaut32.dll.VarAdd",
2450. "oleaut32.dll.VarSub",
2451. "oleaut32.dll.VarMul",
2452. "oleaut32.dll.VarDiv",
2453. "oleaut32.dll.VarIdiv",
2454. "oleaut32.dll.VarMod",
2455. "oleaut32.dll.VarAnd",
2456. "oleaut32.dll.VarOr",
2457. "oleaut32.dll.VarXor",
2458. "oleaut32.dll.VarCmp",
2459. "oleaut32.dll.VarI4FromStr",
2460. "oleaut32.dll.VarR4FromStr",
2461. "oleaut32.dll.VarR8FromStr",
2462. "oleaut32.dll.VarDateFromStr",
2463. "oleaut32.dll.VarCyFromStr",
2464. "oleaut32.dll.VarBoolFromStr",
2465. "oleaut32.dll.VarBstrFromCy",
2466. "oleaut32.dll.VarBstrFromDate",
2467. "oleaut32.dll.VarBstrFromBool",
2468. "user32.dll.GetMonitorInfoA",
2469. "user32.dll.GetSystemMetrics",
2470. "user32.dll.EnumDisplayMonitors",
2471. "dwmapi.dll.DwmIsCompositionEnabled",
2472. "gdi32.dll.GetLayout",
2473. "gdi32.dll.GdiRealizationInfo",
2474. "gdi32.dll.FontIsLinked",
2475. "advapi32.dll.RegOpenKeyExW",
2476. "advapi32.dll.RegQueryInfoKeyW",
2477. "gdi32.dll.GetTextFaceAliasW",
2478. "advapi32.dll.RegEnumValueW",
2479. "advapi32.dll.RegCloseKey",
2480. "advapi32.dll.RegQueryValueExW",
2481. "gdi32.dll.GetFontAssocStatus",
2482. "advapi32.dll.RegQueryValueExA",
2483. "advapi32.dll.RegEnumKeyExW",
2484. "gdi32.dll.GdiIsMetaPrintDC",
2485. "user32.dll.AnimateWindow",
2486. "comctl32.dll.InitializeFlatSB",
2487. "comctl32.dll.UninitializeFlatSB",
2488. "comctl32.dll.FlatSB_GetScrollProp",
2489. "comctl32.dll.FlatSB_SetScrollProp",
2490. "comctl32.dll.FlatSB_EnableScrollBar",
2491. "comctl32.dll.FlatSB_ShowScrollBar",
2492. "comctl32.dll.FlatSB_GetScrollRange",
2493. "comctl32.dll.FlatSB_GetScrollInfo",
2494. "comctl32.dll.FlatSB_GetScrollPos",
2495. "comctl32.dll.FlatSB_SetScrollPos",
2496. "comctl32.dll.FlatSB_SetScrollInfo",
2497. "comctl32.dll.FlatSB_SetScrollRange",
2498. "user32.dll.SetLayeredWindowAttributes",
2499. "ole32.dll.CoCreateInstanceEx",
2500. "ole32.dll.CoInitializeEx",
2501. "ole32.dll.CoAddRefServerProcess",
2502. "ole32.dll.CoReleaseServerProcess",
2503. "ole32.dll.CoResumeClassObjects",
2504. "ole32.dll.CoSuspendClassObjects",
2505. "olepro32.dll.OleCreatePropertyFrame",
2506. "olepro32.dll.OleCreateFontIndirect",
2507. "olepro32.dll.OleCreatePictureIndirect",
2508. "olepro32.dll.OleLoadPicture",
2509. "kernel32.dll.GetModuleHandleW",
2510. "kernel32.dll.VirtualFree",
2511. "kernel32.dll.LoadLibraryW",
2512. "kernel32.dll.SizeofResource",
2513. "kernel32.dll.GetModuleFileNameW",
2514. "kernel32.dll.CreateFileW",
2515. "kernel32.dll.MultiByteToWideChar",
2516. "kernel32.dll.FlushInstructionCache",
2517. "kernel32.dll.GetCurrentProcess",
2518. "kernel32.dll.VirtualAlloc",
2519. "kernel32.dll.LoadLibraryA",
2520. "kernel32.dll.GetModuleFileNameA",
2521. "kernel32.dll.GetModuleHandleA",
2522. "kernel32.dll.VirtualProtect",
2523. "kernel32.dll.CloseHandle",
2524. "kernel32.dll.LoadResource",
2525. "kernel32.dll.FindResourceW",
2526. "kernel32.dll.GetProcAddress",
2527. "kernel32.dll.GetFileSize",
2528. "kernel32.dll.LCMapStringW",
2529. "kernel32.dll.LCMapStringA",
2530. "kernel32.dll.GetStringTypeW",
2531. "kernel32.dll.GetStringTypeA",
2532. "kernel32.dll.HeapAlloc",
2533. "kernel32.dll.GetStartupInfoW",
2534. "kernel32.dll.DeleteCriticalSection",
2535. "kernel32.dll.LeaveCriticalSection",
2536. "kernel32.dll.EnterCriticalSection",
2537. "kernel32.dll.HeapFree",
2538. "kernel32.dll.HeapReAlloc",
2539. "kernel32.dll.HeapCreate",
2540. "kernel32.dll.Sleep",
2541. "kernel32.dll.ExitProcess",
2542. "kernel32.dll.WriteFile",
2543. "kernel32.dll.GetStdHandle",
2544. "kernel32.dll.SetUnhandledExceptionFilter",
2545. "kernel32.dll.FreeEnvironmentStringsW",
2546. "kernel32.dll.GetEnvironmentStringsW",
2547. "kernel32.dll.GetCommandLineW",
2548. "kernel32.dll.SetHandleCount",
2549. "kernel32.dll.GetFileType",
2550. "kernel32.dll.GetStartupInfoA",
2551. "kernel32.dll.TlsGetValue",
2552. "kernel32.dll.TlsAlloc",
2553. "kernel32.dll.TlsSetValue",
2554. "kernel32.dll.TlsFree",
2555. "kernel32.dll.InterlockedIncrement",
2556. "kernel32.dll.SetLastError",
2557. "kernel32.dll.GetCurrentThreadId",
2558. "kernel32.dll.GetLastError",
2559. "kernel32.dll.InterlockedDecrement",
2560. "kernel32.dll.QueryPerformanceCounter",
2561. "kernel32.dll.GetTickCount",
2562. "kernel32.dll.GetCurrentProcessId",
2563. "kernel32.dll.GetSystemTimeAsFileTime",
2564. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
2565. "kernel32.dll.TerminateProcess",
2566. "kernel32.dll.UnhandledExceptionFilter",
2567. "kernel32.dll.IsDebuggerPresent",
2568. "kernel32.dll.RtlUnwind",
2569. "kernel32.dll.GetCPInfo",
2570. "kernel32.dll.GetACP",
2571. "kernel32.dll.GetOEMCP",
2572. "kernel32.dll.IsValidCodePage",
2573. "kernel32.dll.HeapSize",
2574. "kernel32.dll.GetLocaleInfoA",
2575. "kernel32.dll.WideCharToMultiByte",
2576. "psapi.dll.GetModuleInformation",
2577. "psapi.dll.GetModuleBaseNameW",
2578. "psapi.dll.EnumProcessModules",
2579. "shlwapi.dll.StrStrIW",
2580. "shlwapi.dll.PathFileExistsW",
2581. "kernel32.dll.FlsAlloc",
2582. "kernel32.dll.FlsGetValue",
2583. "kernel32.dll.FlsSetValue",
2584. "kernel32.dll.FlsFree",
2585. "mscoree.dll._CorExeMain",
2586. "kernel32.dll.IsProcessorFeaturePresent",
2587. "msvcrt.dll._set_error_mode",
2588. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
2589. "kernel32.dll.FindActCtxSectionStringW",
2590. "kernel32.dll.GetSystemWindowsDirectoryW",
2591. "mscoree.dll.GetProcessExecutableHeap",
2592. "kernelbase.dll.InitializeCriticalSectionAndSpinCount",
2593. "kernel32.dll.ProcessIdToSessionId",
2594. "imm32.dll.ImmCreateContext",
2595. "imm32.dll.ImmDestroyContext",
2596. "imm32.dll.ImmNotifyIME",
2597. "imm32.dll.ImmAssociateContext",
2598. "imm32.dll.ImmReleaseContext",
2599. "imm32.dll.ImmGetContext",
2600. "imm32.dll.ImmGetCompositionStringA",
2601. "imm32.dll.ImmSetCompositionStringA",
2602. "imm32.dll.ImmGetCompositionStringW",
2603. "imm32.dll.ImmSetCompositionStringW",
2604. "imm32.dll.ImmSetCandidateWindow",
2605. "mscorwks.dll.GetCLRFunction",
2606. "mscoree.dll.IEE",
2607. "kernel32.dll.QueryActCtxW",
2608. "shlwapi.dll.UrlIsW",
2609. "mscorwks.dll.IEE",
2610. "ntdll.dll.ZwCreateSection",
2611. "kernel32.dll.MapViewOfFile",
2612. "kernel32.dll.LoadLibraryExW",
2613. "mscorwks.dll._CorExeMain",
2614. "advapi32.dll.RegisterTraceGuidsW",
2615. "advapi32.dll.UnregisterTraceGuids",
2616. "advapi32.dll.GetTraceLoggerHandle",
2617. "advapi32.dll.GetTraceEnableLevel",
2618. "advapi32.dll.GetTraceEnableFlags",
2619. "advapi32.dll.TraceEvent",
2620. "mscoree.dll.GetStartupFlags",
2621. "mscoree.dll.GetHostConfigurationFile",
2622. "mscoree.dll.GetCORSystemDirectory",
2623. "ntdll.dll.RtlUnwind",
2624. "kernel32.dll.IsWow64Process",
2625. "advapi32.dll.AllocateAndInitializeSid",
2626. "advapi32.dll.OpenProcessToken",
2627. "advapi32.dll.GetTokenInformation",
2628. "advapi32.dll.InitializeAcl",
2629. "advapi32.dll.AddAccessAllowedAce",
2630. "advapi32.dll.FreeSid",
2631. "kernel32.dll.SetThreadStackGuarantee",
2632. "kernel32.dll.AddVectoredContinueHandler",
2633. "kernel32.dll.RemoveVectoredContinueHandler",
2634. "advapi32.dll.ConvertSidToStringSidW",
2635. "shell32.dll.SHGetFolderPathW",
2636. "kernel32.dll.FlushProcessWriteBuffers",
2637. "kernel32.dll.GetWriteWatch",
2638. "kernel32.dll.ResetWriteWatch",
2639. "kernel32.dll.CreateMemoryResourceNotification",
2640. "kernel32.dll.QueryMemoryResourceNotification",
2641. "mscoree.dll._CorImageUnloading",
2642. "mscoree.dll._CorValidateImage",
2643. "cryptbase.dll.SystemFunction036",
2644. "uxtheme.dll.ThemeInitApiHook",
2645. "user32.dll.IsProcessDPIAware",
2646. "ole32.dll.CoGetContextToken",
2647. "kernel32.dll.GetVersionExW",
2648. "kernel32.dll.GetFullPathNameW",
2649. "advapi32.dll.CryptAcquireContextA",
2650. "advapi32.dll.CryptReleaseContext",
2651. "advapi32.dll.CryptCreateHash",
2652. "advapi32.dll.CryptDestroyHash",
2653. "advapi32.dll.CryptHashData",
2654. "advapi32.dll.CryptGetHashParam",
2655. "advapi32.dll.CryptImportKey",
2656. "advapi32.dll.CryptExportKey",
2657. "advapi32.dll.CryptGenKey",
2658. "advapi32.dll.CryptGetKeyParam",
2659. "advapi32.dll.CryptDestroyKey",
2660. "advapi32.dll.CryptVerifySignatureA",
2661. "advapi32.dll.CryptSignHashA",
2662. "advapi32.dll.CryptGetProvParam",
2663. "advapi32.dll.CryptGetUserKey",
2664. "advapi32.dll.CryptEnumProvidersA",
2665. "mscoree.dll.GetMetaDataInternalInterface",
2666. "mscorwks.dll.GetMetaDataInternalInterface",
2667. "cryptsp.dll.CryptAcquireContextA",
2668. "cryptsp.dll.CryptImportKey",
2669. "cryptsp.dll.CryptCreateHash",
2670. "cryptsp.dll.CryptHashData",
2671. "cryptsp.dll.CryptVerifySignatureA",
2672. "cryptsp.dll.CryptDestroyHash",
2673. "cryptsp.dll.CryptDestroyKey",
2674. "mscorjit.dll.getJit",
2675. "kernel32.dll.lstrlen",
2676. "kernel32.dll.lstrlenW",
2677. "kernel32.dll.GetUserDefaultUILanguage",
2678. "kernel32.dll.SetErrorMode",
2679. "kernel32.dll.GetFileAttributesExW",
2680. "bcrypt.dll.BCryptGetFipsAlgorithmMode",
2681. "kernel32.dll.GetEnvironmentVariableW",
2682. "cryptsp.dll.CryptAcquireContextW",
2683. "ole32.dll.CreateBindCtx",
2684. "ole32.dll.CoGetObjectContext",
2685. "sechost.dll.LookupAccountNameLocalW",
2686. "advapi32.dll.LookupAccountSidW",
2687. "sechost.dll.LookupAccountSidLocalW",
2688. "cryptsp.dll.CryptGenRandom",
2689. "ole32.dll.NdrOleInitializeExtension",
2690. "ole32.dll.CoGetClassObject",
2691. "ole32.dll.CoGetMarshalSizeMax",
2692. "ole32.dll.CoMarshalInterface",
2693. "ole32.dll.CoUnmarshalInterface",
2694. "ole32.dll.StringFromIID",
2695. "ole32.dll.CoGetPSClsid",
2696. "ole32.dll.CoTaskMemAlloc",
2697. "ole32.dll.CoTaskMemFree",
2698. "ole32.dll.CoCreateInstance",
2699. "ole32.dll.CoReleaseMarshalData",
2700. "ole32.dll.DcomChannelSetHResult",
2701. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
2702. "ole32.dll.MkParseDisplayName",
2703. "oleaut32.dll.#2",
2704. "oleaut32.dll.#6",
2705. "kernel32.dll.GetThreadPreferredUILanguages",
2706. "kernel32.dll.SetThreadPreferredUILanguages",
2707. "kernel32.dll.LocaleNameToLCID",
2708. "kernel32.dll.GetLocaleInfoEx",
2709. "kernel32.dll.LCIDToLocaleName",
2710. "kernel32.dll.GetSystemDefaultLocaleName",
2711. "ole32.dll.BindMoniker",
2712. "sxs.dll.SxsOleAut32RedirectTypeLibrary",
2713. "advapi32.dll.RegOpenKeyW",
2714. "advapi32.dll.RegEnumKeyW",
2715. "advapi32.dll.RegQueryValueW",
2716. "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid",
2717. "sxs.dll.SxsLookupClrGuid",
2718. "kernel32.dll.ReleaseActCtx",
2719. "oleaut32.dll.#9",
2720. "oleaut32.dll.#4",
2721. "oleaut32.dll.#283",
2722. "oleaut32.dll.#284",
2723. "mscoree.dll.GetTokenForVTableEntry",
2724. "mscoree.dll.SetTargetForVTableEntry",
2725. "mscoree.dll.GetTargetForVTableEntry",
2726. "kernel32.dll.LocalAlloc",
2727. "oleaut32.dll.VariantInit",
2728. "oleaut32.dll.VariantClear",
2729. "oleaut32.dll.#7",
2730. "kernel32.dll.CreateEventW",
2731. "kernel32.dll.SwitchToThread",
2732. "kernel32.dll.SetEvent",
2733. "ole32.dll.CoWaitForMultipleHandles",
2734. "ole32.dll.IIDFromString",
2735. "wminet_utils.dll.ResetSecurity",
2736. "wminet_utils.dll.SetSecurity",
2737. "wminet_utils.dll.BlessIWbemServices",
2738. "wminet_utils.dll.BlessIWbemServicesObject",
2739. "wminet_utils.dll.GetPropertyHandle",
2740. "wminet_utils.dll.WritePropertyValue",
2741. "wminet_utils.dll.Clone",
2742. "wminet_utils.dll.VerifyClientKey",
2743. "wminet_utils.dll.GetQualifierSet",
2744. "wminet_utils.dll.Get",
2745. "wminet_utils.dll.Put",
2746. "wminet_utils.dll.Delete",
2747. "wminet_utils.dll.GetNames",
2748. "wminet_utils.dll.BeginEnumeration",
2749. "wminet_utils.dll.Next",
2750. "wminet_utils.dll.EndEnumeration",
2751. "wminet_utils.dll.GetPropertyQualifierSet",
2752. "wminet_utils.dll.GetObjectText",
2753. "wminet_utils.dll.SpawnDerivedClass",
2754. "wminet_utils.dll.SpawnInstance",
2755. "wminet_utils.dll.CompareTo",
2756. "wminet_utils.dll.GetPropertyOrigin",
2757. "wminet_utils.dll.InheritsFrom",
2758. "wminet_utils.dll.GetMethod",
2759. "wminet_utils.dll.PutMethod",
2760. "wminet_utils.dll.DeleteMethod",
2761. "wminet_utils.dll.BeginMethodEnumeration",
2762. "wminet_utils.dll.NextMethod",
2763. "wminet_utils.dll.EndMethodEnumeration",
2764. "wminet_utils.dll.GetMethodQualifierSet",
2765. "wminet_utils.dll.GetMethodOrigin",
2766. "wminet_utils.dll.QualifierSet_Get",
2767. "wminet_utils.dll.QualifierSet_Put",
2768. "wminet_utils.dll.QualifierSet_Delete",
2769. "wminet_utils.dll.QualifierSet_GetNames",
2770. "wminet_utils.dll.QualifierSet_BeginEnumeration",
2771. "wminet_utils.dll.QualifierSet_Next",
2772. "wminet_utils.dll.QualifierSet_EndEnumeration",
2773. "wminet_utils.dll.GetCurrentApartmentType",
2774. "wminet_utils.dll.GetDemultiplexedStub",
2775. "wminet_utils.dll.CreateInstanceEnumWmi",
2776. "wminet_utils.dll.CreateClassEnumWmi",
2777. "wminet_utils.dll.ExecQueryWmi",
2778. "wminet_utils.dll.ExecNotificationQueryWmi",
2779. "wminet_utils.dll.PutInstanceWmi",
2780. "wminet_utils.dll.PutClassWmi",
2781. "wminet_utils.dll.CloneEnumWbemClassObject",
2782. "wminet_utils.dll.ConnectServerWmi",
2783. "ole32.dll.CoUninitialize",
2784. "oleaut32.dll.#500",
2785. "oleaut32.dll.SysStringLen",
2786. "kernel32.dll.RtlZeroMemory",
2787. "kernel32.dll.RegOpenKeyExW",
2788. "advapi32.dll.GetUserNameW",
2789. "kernel32.dll.GetComputerNameW",
2790. "user32.dll.DefWindowProcW",
2791. "gdi32.dll.GetStockObject",
2792. "user32.dll.RegisterClassW",
2793. "user32.dll.CreateWindowExW",
2794. "user32.dll.SetWindowLongW",
2795. "user32.dll.GetWindowLongW",
2796. "kernel32.dll.GetCurrentThread",
2797. "kernel32.dll.DuplicateHandle",
2798. "user32.dll.CallWindowProcW",
2799. "user32.dll.RegisterWindowMessageW",
2800. "advapi32.dll.LookupPrivilegeValueW",
2801. "advapi32.dll.AdjustTokenPrivileges",
2802. "ntdll.dll.NtQuerySystemInformation",
2803. "kernel32.dll.CreateIoCompletionPort",
2804. "kernel32.dll.PostQueuedCompletionStatus",
2805. "ntdll.dll.NtQueryInformationThread",
2806. "ntdll.dll.NtGetCurrentProcessorNumber",
2807. "shfolder.dll.SHGetFolderPathW",
2808. "kernel32.dll.FindFirstFileW",
2809. "kernel32.dll.FindClose",
2810. "kernel32.dll.FindNextFileW",
2811. "kernel32.dll.UnmapViewOfFile",
2812. "kernel32.dll.ReadFile",
2813. "oleaut32.dll.#204",
2814. "oleaut32.dll.#203",
2815. "culture.dll.ConvertLangIdToCultureName",
2816. "mlang.dll.#112",
2817. "wininet.dll.FindFirstUrlCacheEntryA",
2818. "kernel32.dll.SetFileInformationByHandle",
2819. "urlmon.dll.CreateUri",
2820. "kernel32.dll.InitializeSRWLock",
2821. "kernel32.dll.AcquireSRWLockExclusive",
2822. "kernel32.dll.AcquireSRWLockShared",
2823. "kernel32.dll.ReleaseSRWLockExclusive",
2824. "kernel32.dll.ReleaseSRWLockShared",
2825. "wininet.dll.FindNextUrlCacheEntryA",
2826. "urlmon.dll.CreateIUriBuilder",
2827. "urlmon.dll.IntlPercentEncodeNormalize",
2828. "wininet.dll.FindCloseUrlCache",
2829. "cryptsp.dll.CryptGetHashParam",
2830. "cryptsp.dll.CryptReleaseContext",
2831. "vaultcli.dll.VaultEnumerateVaults",
2832. "user32.dll.GetLastInputInfo",
2833. "ole32.dll.CLSIDFromProgIDEx",
2834. "oleaut32.dll.#201",
2835. "user32.dll.GetClientRect",
2836. "user32.dll.GetWindowRect",
2837. "user32.dll.GetParent",
2838. "ole32.dll.OleInitialize",
2839. "ole32.dll.CoRegisterMessageFilter",
2840. "user32.dll.PeekMessageW",
2841. "user32.dll.WaitMessage",
2842. "mscoree.dll.ND_RI2",
2843. "rasapi32.dll.RasEnumConnectionsW",
2844. "rtutils.dll.TraceRegisterExA",
2845. "rtutils.dll.TracePrintfExA",
2846. "sechost.dll.OpenSCManagerW",
2847. "sechost.dll.OpenServiceW",
2848. "sechost.dll.QueryServiceStatus",
2849. "sechost.dll.CloseServiceHandle",
2850. "ws2_32.dll.WSAStartup",
2851. "ws2_32.dll.WSASocketW",
2852. "ws2_32.dll.setsockopt",
2853. "ws2_32.dll.WSAEventSelect",
2854. "ws2_32.dll.ioctlsocket",
2855. "ws2_32.dll.closesocket",
2856. "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2857. "kernel32.dll.LocalFree",
2858. "kernel32.dll.CreateFileMappingW",
2859. "kernel32.dll.VirtualQuery",
2860. "kernel32.dll.ReleaseMutex",
2861. "advapi32.dll.CreateWellKnownSid",
2862. "kernel32.dll.CreateMutexW",
2863. "kernel32.dll.WaitForSingleObject",
2864. "kernel32.dll.OpenMutexW",
2865. "kernel32.dll.OpenProcess",
2866. "kernel32.dll.GetProcessTimes",
2867. "ws2_32.dll.WSAIoctl",
2868. "kernel32.dll.FormatMessageW",
2869. "rasapi32.dll.RasConnectionNotificationW",
2870. "advapi32.dll.RegOpenCurrentUser",
2871. "advapi32.dll.RegNotifyChangeKeyValue",
2872. "sechost.dll.NotifyServiceStatusChangeA",
2873. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
2874. "kernel32.dll.ResetEvent",
2875. "iphlpapi.dll.GetNetworkParams",
2876. "dnsapi.dll.DnsQueryConfig",
2877. "iphlpapi.dll.GetAdaptersAddresses",
2878. "iphlpapi.dll.GetIpInterfaceEntry",
2879. "iphlpapi.dll.GetBestInterfaceEx",
2880. "ws2_32.dll.inet_addr",
2881. "ws2_32.dll.getaddrinfo",
2882. "ws2_32.dll.freeaddrinfo",
2883. "ws2_32.dll.WSAConnect",
2884. "ws2_32.dll.send",
2885. "ws2_32.dll.recv",
2886. "ws2_32.dll.shutdown",
2887. "vssapi.dll.CreateWriter",
2888. "advapi32.dll.LookupAccountNameW",
2889. "samcli.dll.NetLocalGroupGetMembers",
2890. "samlib.dll.SamConnect",
2891. "rpcrt4.dll.NdrClientCall3",
2892. "rpcrt4.dll.RpcStringBindingComposeW",
2893. "rpcrt4.dll.RpcBindingFromStringBindingW",
2894. "rpcrt4.dll.RpcStringFreeW",
2895. "rpcrt4.dll.RpcBindingFree",
2896. "samlib.dll.SamOpenDomain",
2897. "samlib.dll.SamLookupNamesInDomain",
2898. "samlib.dll.SamOpenAlias",
2899. "samlib.dll.SamFreeMemory",
2900. "samlib.dll.SamCloseHandle",
2901. "samlib.dll.SamGetMembersInAlias",
2902. "netutils.dll.NetApiBufferFree",
2903. "samlib.dll.SamEnumerateDomainsInSamServer",
2904. "samlib.dll.SamLookupDomainInSamServer",
2905. "ole32.dll.CoCreateGuid",
2906. "ole32.dll.StringFromCLSID",
2907. "propsys.dll.VariantToPropVariant",
2908. "wbemcore.dll.Reinitialize",
2909. "wbemsvc.dll.DllGetClassObject",
2910. "wbemsvc.dll.DllCanUnloadNow",
2911. "authz.dll.AuthzInitializeContextFromToken",
2912. "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
2913. "authz.dll.AuthzAccessCheck",
2914. "authz.dll.AuthzFreeAuditEvent",
2915. "authz.dll.AuthzFreeContext",
2916. "authz.dll.AuthzInitializeResourceManager",
2917. "authz.dll.AuthzFreeResourceManager",
2918. "rpcrt4.dll.RpcBindingCreateW",
2919. "rpcrt4.dll.RpcBindingBind",
2920. "rpcrt4.dll.I_RpcMapWin32Status",
2921. "advapi32.dll.EventRegister",
2922. "advapi32.dll.EventUnregister",
2923. "advapi32.dll.EventWrite",
2924. "kernel32.dll.RegCloseKey",
2925. "kernel32.dll.RegSetValueExW",
2926. "kernel32.dll.RegQueryValueExW",
2927. "wmisvc.dll.IsImproperShutdownDetected",
2928. "wevtapi.dll.EvtRender",
2929. "wevtapi.dll.EvtNext",
2930. "wevtapi.dll.EvtClose",
2931. "wevtapi.dll.EvtQuery",
2932. "wevtapi.dll.EvtCreateRenderContext",
2933. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
2934. "rpcrt4.dll.RpcBindingSetOption",
2935. "ole32.dll.CoCreateFreeThreadedMarshaler",
2936. "ole32.dll.CreateStreamOnHGlobal",
2937. "advapi32.dll.RegCreateKeyExW",
2938. "advapi32.dll.RegSetValueExW",
2939. "kernelbase.dll.InitializeAcl",
2940. "kernelbase.dll.AddAce",
2941. "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2942. "kernel32.dll.IsThreadAFiber",
2943. "kernel32.dll.OpenProcessToken",
2944. "kernelbase.dll.GetTokenInformation",
2945. "kernelbase.dll.DuplicateTokenEx",
2946. "kernelbase.dll.AdjustTokenPrivileges",
2947. "kernel32.dll.SetThreadToken",
2948. "kernelbase.dll.CheckTokenMembership",
2949. "kernelbase.dll.AllocateAndInitializeSid",
2950. "oleaut32.dll.#285",
2951. "oleaut32.dll.#12",
2952. "oleaut32.dll.#286",
2953. "ole32.dll.CLSIDFromString",
2954. "oleaut32.dll.#17",
2955. "oleaut32.dll.#20",
2956. "oleaut32.dll.#19",
2957. "oleaut32.dll.#25",
2958. "authz.dll.AuthzInitializeContextFromSid",
2959. "ole32.dll.CoRevertToSelf",
2960. "advapi32.dll.LogonUserExExW",
2961. "sspicli.dll.LogonUserExExW",
2962. "ole32.dll.CoGetCallContext",
2963. "ole32.dll.CoImpersonateClient",
2964. "advapi32.dll.OpenThreadToken",
2965. "oleaut32.dll.#8",
2966. "ole32.dll.CoSwitchCallContext",
2967. "oleaut32.dll.#287",
2968. "oleaut32.dll.#288",
2969. "oleaut32.dll.#289",
2970. "kernel32.dll.SortGetHandle",
2971. "kernel32.dll.SortCloseHandle",
2972. "ntmarta.dll.GetMartaExtensionInterface",
2973. "fastprox.dll.DllGetClassObject",
2974. "fastprox.dll.DllCanUnloadNow",
2975. "oleaut32.dll.#290",
2976. "wmi.dll.WmiQueryAllDataW",
2977. "wmi.dll.WmiQuerySingleInstanceW",
2978. "wmi.dll.WmiSetSingleItemW",
2979. "wmi.dll.WmiSetSingleInstanceW",
2980. "wmi.dll.WmiExecuteMethodW",
2981. "wmi.dll.WmiNotificationRegistrationW",
2982. "wmi.dll.WmiMofEnumerateResourcesW",
2983. "wmi.dll.WmiFileHandleToInstanceNameW",
2984. "wmi.dll.WmiDevInstToInstanceNameW",
2985. "wmi.dll.WmiQueryGuidInformation",
2986. "wmi.dll.WmiOpenBlock",
2987. "wmi.dll.WmiCloseBlock",
2988. "wmi.dll.WmiFreeBuffer",
2989. "wmi.dll.WmiEnumerateGuids",
2990. "advapi32.dll.InitiateSystemShutdownExW",
2991. "ole32.dll.CoInitializeSecurity",
2992. "w32time.dll.SvchostEntry_W32Time",
2993. "w32time.dll.SvchostPushServiceGlobals",
2994. "ws2_32.dll.#115",
2995. "ws2_32.dll.#111",
2996. "userenv.dll.RegisterGPNotification",
2997. "gpapi.dll.RegisterGPNotificationInternal",
2998. "sechost.dll.QueryServiceConfigW",
2999. "dsrole.dll.DsRoleGetPrimaryDomainInformation",
3000. "dsrole.dll.DsRoleFreeMemory",
3001. "sspicli.dll.LsaRegisterPolicyChangeNotification",
3002. "w32time.dll.TimeProvClose",
3003. "w32time.dll.TimeProvCommand",
3004. "w32time.dll.TimeProvOpen",
3005. "ws2_32.dll.#23",
3006. "ws2_32.dll.#21",
3007. "ws2_32.dll.#2",
3008. "vmictimeprovider.dll.TimeProvClose",
3009. "vmictimeprovider.dll.TimeProvCommand",
3010. "vmictimeprovider.dll.TimeProvOpen",
3011. "advapi32.dll.EventEnabled",
3012. "ws2_32.dll.GetAddrInfoW",
3013. "ws2_32.dll.FreeAddrInfoW",
3014. "ws2_32.dll.WSAAddressToStringW",
3015. "ws2_32.dll.#3",
3016. "ws2_32.dll.#116",
3017. "sspicli.dll.LsaUnregisterPolicyChangeNotification",
3018. "userenv.dll.UnregisterGPNotification",
3019. "gpapi.dll.UnregisterGPNotificationInternal",
3020. "wersvc.dll.ServiceMain",
3021. "wersvc.dll.SvchostPushServiceGlobals",
3022. "advapi32.dll.RegGetValueW",
3023. "faultrep.dll.WerpInitiateCrashReporting",
3024. "wer.dll.WerpCreateMachineStore",
3025. "shell32.dll.SHGetFolderPathEx",
3026. "ole32.dll.StringFromGUID2",
3027. "profapi.dll.#104",
3028. "userenv.dll.CreateEnvironmentBlock",
3029. "sechost.dll.ConvertSidToStringSidW",
3030. "sspicli.dll.GetUserNameExW",
3031. "userenv.dll.DestroyEnvironmentBlock",
3032. "wer.dll.WerpSvcReportFromMachineQueue",
3033. "advapi32.dll.DuplicateToken",
3034. "advapi32.dll.CheckTokenMembership",
3035. "wtsapi32.dll.WTSQueryUserToken",
3036. "winsta.dll.WinStationQueryInformationW",
3037. "advapi32.dll.ImpersonateLoggedOnUser",
3038. "advapi32.dll.CreateProcessAsUserW",
3039. "advapi32.dll.RevertToSelf",
3040. "imm32.dll.ImmDisableIME",
3041. "psapi.dll.GetModuleFileNameExW",
3042. "version.dll.GetFileVersionInfoSizeW",
3043. "version.dll.GetFileVersionInfoW",
3044. "version.dll.VerQueryValueW",
3045. "wer.dll.WerpCreateIntegratorReportId",
3046. "wer.dll.WerReportCreate",
3047. "wer.dll.WerpSetIntegratorReportId",
3048. "wer.dll.WerReportSetParameter",
3049. "dbgeng.dll.DebugCreate",
3050. "ntdll.dll.CsrGetProcessId",
3051. "ntdll.dll.DbgBreakPoint",
3052. "ntdll.dll.DbgPrint",
3053. "ntdll.dll.DbgPrompt",
3054. "ntdll.dll.DbgUiConvertStateChangeStructure",
3055. "ntdll.dll.DbgUiGetThreadDebugObject",
3056. "ntdll.dll.DbgUiIssueRemoteBreakin",
3057. "ntdll.dll.DbgUiSetThreadDebugObject",
3058. "ntdll.dll.NtAllocateVirtualMemory",
3059. "ntdll.dll.NtClose",
3060. "ntdll.dll.NtCreateDebugObject",
3061. "ntdll.dll.NtCreateFile",
3062. "ntdll.dll.NtDebugActiveProcess",
3063. "ntdll.dll.NtDebugContinue",
3064. "ntdll.dll.NtFreeVirtualMemory",
3065. "ntdll.dll.NtOpenProcess",
3066. "ntdll.dll.NtOpenThread",
3067. "ntdll.dll.NtQueryInformationProcess",
3068. "ntdll.dll.NtQueryMutant",
3069. "ntdll.dll.NtQueryObject",
3070. "ntdll.dll.NtRemoveProcessDebug",
3071. "ntdll.dll.NtResumeThread",
3072. "ntdll.dll.NtSetInformationDebugObject",
3073. "ntdll.dll.NtSetInformationProcess",
3074. "ntdll.dll.NtSystemDebugControl",
3075. "ntdll.dll.NtWaitForDebugEvent",
3076. "ntdll.dll.RtlAnsiStringToUnicodeString",
3077. "ntdll.dll.RtlCreateProcessParameters",
3078. "ntdll.dll.RtlCreateUserProcess",
3079. "ntdll.dll.RtlDestroyProcessParameters",
3080. "ntdll.dll.RtlDosPathNameToNtPathName_U",
3081. "ntdll.dll.RtlFindMessage",
3082. "ntdll.dll.RtlFreeHeap",
3083. "ntdll.dll.RtlFreeUnicodeString",
3084. "ntdll.dll.RtlGetFunctionTableListHead",
3085. "ntdll.dll.RtlGetUnloadEventTrace",
3086. "ntdll.dll.RtlGetUnloadEventTraceEx",
3087. "ntdll.dll.RtlInitAnsiString",
3088. "ntdll.dll.RtlInitUnicodeString",
3089. "ntdll.dll.RtlTryEnterCriticalSection",
3090. "ntdll.dll.RtlUnicodeStringToAnsiString",
3091. "ntdll.dll.NtOpenProcessToken",
3092. "ntdll.dll.NtOpenThreadToken",
3093. "ntdll.dll.NtQueryInformationToken",
3094. "kernel32.dll.CloseProfileUserMapping",
3095. "kernel32.dll.CreateToolhelp32Snapshot",
3096. "kernel32.dll.DebugActiveProcessStop",
3097. "kernel32.dll.DebugBreak",
3098. "kernel32.dll.DebugBreakProcess",
3099. "kernel32.dll.DebugSetProcessKillOnExit",
3100. "kernel32.dll.Module32First",
3101. "kernel32.dll.Module32FirstW",
3102. "kernel32.dll.Module32Next",
3103. "kernel32.dll.Module32NextW",
3104. "kernel32.dll.OpenThread",
3105. "kernel32.dll.Process32First",
3106. "kernel32.dll.Process32FirstW",
3107. "kernel32.dll.Process32Next",
3108. "kernel32.dll.Process32NextW",
3109. "kernel32.dll.SetProcessShutdownParameters",
3110. "kernel32.dll.Thread32First",
3111. "kernel32.dll.Thread32Next",
3112. "kernel32.dll.GetTimeZoneInformation",
3113. "kernel32.dll.Wow64GetThreadSelectorEntry",
3114. "advapi32.dll.CloseServiceHandle",
3115. "advapi32.dll.ControlService",
3116. "advapi32.dll.CreateServiceA",
3117. "advapi32.dll.CreateServiceW",
3118. "advapi32.dll.DeleteService",
3119. "advapi32.dll.EnumServicesStatusExA",
3120. "advapi32.dll.EnumServicesStatusExW",
3121. "advapi32.dll.GetEventLogInformation",
3122. "advapi32.dll.OpenSCManagerA",
3123. "advapi32.dll.OpenSCManagerW",
3124. "advapi32.dll.OpenServiceA",
3125. "advapi32.dll.OpenServiceW",
3126. "advapi32.dll.StartServiceA",
3127. "advapi32.dll.StartServiceW",
3128. "advapi32.dll.GetSidSubAuthority",
3129. "advapi32.dll.GetSidSubAuthorityCount",
3130. "version.dll.GetFileVersionInfoSizeExW",
3131. "version.dll.GetFileVersionInfoExW",
3132. "dbghelp.dll.WinDbgExtensionDllInit",
3133. "dbghelp.dll.ExtensionApiVersion",
3134. "wer.dll.WerpSetDynamicParameter",
3135. "wer.dll.WerReportAddDump",
3136. "wer.dll.WerpSetCallBack",
3137. "wer.dll.WerReportSetUIOption",
3138. "wer.dll.WerpAddRegisteredDataToReport",
3139. "wer.dll.WerReportSubmit",
3140. "user32.dll.LoadStringW",
3141. "sensapi.dll.IsNetworkAlive",
3142. "user32.dll.CharUpperW",
3143. "wer.dll.WerpAddAppCompatData",
3144. "apphelp.dll.SdbGetFileAttributes",
3145. "apphelp.dll.SdbFormatAttribute",
3146. "apphelp.dll.SdbFreeFileAttributes",
3147. "dbghelp.dll.MiniDumpWriteDump",
3148. "kernel32.dll.GetLongPathNameA",
3149. "kernel32.dll.GetLongPathNameW",
3150. "advapi32.dll.RegOpenKeyExA",
3151. "powrprof.dll.CallNtPowerInformation",
3152. "version.dll.GetFileVersionInfoSizeA",
3153. "version.dll.GetFileVersionInfoA",
3154. "version.dll.VerQueryValueA",
3155. "verifier.dll.VerifierEnumerateResource",
3156. "ntdll.dll.NtSuspendProcess",
3157. "ntdll.dll.NtResumeProcess",
3158. "advapi32.dll.QueryTraceW",
3159. "advapi32.dll.IsValidSid",
3160. "advapi32.dll.GetLengthSid",
3161. "advapi32.dll.CopySid",
3162. "advapi32.dll.AddAccessAllowedAceEx",
3163. "advapi32.dll.InitializeSecurityDescriptor",
3164. "advapi32.dll.SetSecurityDescriptorDacl",
3165. "advapi32.dll.RegisterEventSourceW",
3166. "advapi32.dll.ReportEventW",
3167. "advapi32.dll.DeregisterEventSource",
3168. "wer.dll.WerpGetStoreLocation",
3169. "wer.dll.WerpGetStoreType",
3170. "wer.dll.WerReportCloseHandle",
3171. "user32.dll.MsgWaitForMultipleObjects",
3172. "wer.dll.WerpFreeString",
3173. "user32.dll.GetProcessWindowStation",
3174. "user32.dll.GetThreadDesktop",
3175. "user32.dll.GetUserObjectInformationW",
3176. "werui.dll.WerUICreate",
3177. "werui.dll.WerUIStart",
3178. "werui.dll.WerUITerminate",
3179. "werui.dll.WerUIDelete"
3180. ]
3181.  
3182. [*] Static Analysis: {
3183. "pe": {
3184. "peid_signatures": null,
3185. "imports": [
3186. {
3187. "imports": [
3188. {
3189. "name": "DeleteCriticalSection",
3190. "address": "0x46f168"
3191. },
3192. {
3193. "name": "LeaveCriticalSection",
3194. "address": "0x46f16c"
3195. },
3196. {
3197. "name": "EnterCriticalSection",
3198. "address": "0x46f170"
3199. },
3200. {
3201. "name": "InitializeCriticalSection",
3202. "address": "0x46f174"
3203. },
3204. {
3205. "name": "VirtualFree",
3206. "address": "0x46f178"
3207. },
3208. {
3209. "name": "VirtualAlloc",
3210. "address": "0x46f17c"
3211. },
3212. {
3213. "name": "LocalFree",
3214. "address": "0x46f180"
3215. },
3216. {
3217. "name": "LocalAlloc",
3218. "address": "0x46f184"
3219. },
3220. {
3221. "name": "GetVersion",
3222. "address": "0x46f188"
3223. },
3224. {
3225. "name": "GetCurrentThreadId",
3226. "address": "0x46f18c"
3227. },
3228. {
3229. "name": "InterlockedDecrement",
3230. "address": "0x46f190"
3231. },
3232. {
3233. "name": "InterlockedIncrement",
3234. "address": "0x46f194"
3235. },
3236. {
3237. "name": "VirtualQuery",
3238. "address": "0x46f198"
3239. },
3240. {
3241. "name": "WideCharToMultiByte",
3242. "address": "0x46f19c"
3243. },
3244. {
3245. "name": "MultiByteToWideChar",
3246. "address": "0x46f1a0"
3247. },
3248. {
3249. "name": "lstrlenA",
3250. "address": "0x46f1a4"
3251. },
3252. {
3253. "name": "lstrcpynA",
3254. "address": "0x46f1a8"
3255. },
3256. {
3257. "name": "LoadLibraryExA",
3258. "address": "0x46f1ac"
3259. },
3260. {
3261. "name": "GetThreadLocale",
3262. "address": "0x46f1b0"
3263. },
3264. {
3265. "name": "GetStartupInfoA",
3266. "address": "0x46f1b4"
3267. },
3268. {
3269. "name": "GetProcAddress",
3270. "address": "0x46f1b8"
3271. },
3272. {
3273. "name": "GetModuleHandleA",
3274. "address": "0x46f1bc"
3275. },
3276. {
3277. "name": "GetModuleFileNameA",
3278. "address": "0x46f1c0"
3279. },
3280. {
3281. "name": "GetLocaleInfoA",
3282. "address": "0x46f1c4"
3283. },
3284. {
3285. "name": "GetCommandLineA",
3286. "address": "0x46f1c8"
3287. },
3288. {
3289. "name": "FreeLibrary",
3290. "address": "0x46f1cc"
3291. },
3292. {
3293. "name": "FindFirstFileA",
3294. "address": "0x46f1d0"
3295. },
3296. {
3297. "name": "FindClose",
3298. "address": "0x46f1d4"
3299. },
3300. {
3301. "name": "ExitProcess",
3302. "address": "0x46f1d8"
3303. },
3304. {
3305. "name": "WriteFile",
3306. "address": "0x46f1dc"
3307. },
3308. {
3309. "name": "UnhandledExceptionFilter",
3310. "address": "0x46f1e0"
3311. },
3312. {
3313. "name": "RtlUnwind",
3314. "address": "0x46f1e4"
3315. },
3316. {
3317. "name": "RaiseException",
3318. "address": "0x46f1e8"
3319. },
3320. {
3321. "name": "GetStdHandle",
3322. "address": "0x46f1ec"
3323. }
3324. ],
3325. "dll": "kernel32.dll"
3326. },
3327. {
3328. "imports": [
3329. {
3330. "name": "GetKeyboardType",
3331. "address": "0x46f1f4"
3332. },
3333. {
3334. "name": "LoadStringA",
3335. "address": "0x46f1f8"
3336. },
3337. {
3338. "name": "MessageBoxA",
3339. "address": "0x46f1fc"
3340. },
3341. {
3342. "name": "CharNextA",
3343. "address": "0x46f200"
3344. }
3345. ],
3346. "dll": "user32.dll"
3347. },
3348. {
3349. "imports": [
3350. {
3351. "name": "RegQueryValueExA",
3352. "address": "0x46f208"
3353. },
3354. {
3355. "name": "RegOpenKeyExA",
3356. "address": "0x46f20c"
3357. },
3358. {
3359. "name": "RegCloseKey",
3360. "address": "0x46f210"
3361. }
3362. ],
3363. "dll": "advapi32.dll"
3364. },
3365. {
3366. "imports": [
3367. {
3368. "name": "SysFreeString",
3369. "address": "0x46f218"
3370. },
3371. {
3372. "name": "SysReAllocStringLen",
3373. "address": "0x46f21c"
3374. },
3375. {
3376. "name": "SysAllocStringLen",
3377. "address": "0x46f220"
3378. }
3379. ],
3380. "dll": "oleaut32.dll"
3381. },
3382. {
3383. "imports": [
3384. {
3385. "name": "TlsSetValue",
3386. "address": "0x46f228"
3387. },
3388. {
3389. "name": "TlsGetValue",
3390. "address": "0x46f22c"
3391. },
3392. {
3393. "name": "LocalAlloc",
3394. "address": "0x46f230"
3395. },
3396. {
3397. "name": "GetModuleHandleA",
3398. "address": "0x46f234"
3399. }
3400. ],
3401. "dll": "kernel32.dll"
3402. },
3403. {
3404. "imports": [
3405. {
3406. "name": "RegQueryValueExA",
3407. "address": "0x46f23c"
3408. },
3409. {
3410. "name": "RegOpenKeyExA",
3411. "address": "0x46f240"
3412. },
3413. {
3414. "name": "RegCloseKey",
3415. "address": "0x46f244"
3416. }
3417. ],
3418. "dll": "advapi32.dll"
3419. },
3420. {
3421. "imports": [
3422. {
3423. "name": "lstrcpyA",
3424. "address": "0x46f24c"
3425. },
3426. {
3427. "name": "WriteFile",
3428. "address": "0x46f250"
3429. },
3430. {
3431. "name": "WaitForSingleObject",
3432. "address": "0x46f254"
3433. },
3434. {
3435. "name": "VirtualQuery",
3436. "address": "0x46f258"
3437. },
3438. {
3439. "name": "VirtualAlloc",
3440. "address": "0x46f25c"
3441. },
3442. {
3443. "name": "Sleep",
3444. "address": "0x46f260"
3445. },
3446. {
3447. "name": "SizeofResource",
3448. "address": "0x46f264"
3449. },
3450. {
3451. "name": "SetThreadLocale",
3452. "address": "0x46f268"
3453. },
3454. {
3455. "name": "SetFilePointer",
3456. "address": "0x46f26c"
3457. },
3458. {
3459. "name": "SetEvent",
3460. "address": "0x46f270"
3461. },
3462. {
3463. "name": "SetErrorMode",
3464. "address": "0x46f274"
3465. },
3466. {
3467. "name": "SetEndOfFile",
3468. "address": "0x46f278"
3469. },
3470. {
3471. "name": "ResetEvent",
3472. "address": "0x46f27c"
3473. },
3474. {
3475. "name": "ReadFile",
3476. "address": "0x46f280"
3477. },
3478. {
3479. "name": "MultiByteToWideChar",
3480. "address": "0x46f284"
3481. },
3482. {
3483. "name": "MulDiv",
3484. "address": "0x46f288"
3485. },
3486. {
3487. "name": "LockResource",
3488. "address": "0x46f28c"
3489. },
3490. {
3491. "name": "LoadResource",
3492. "address": "0x46f290"
3493. },
3494. {
3495. "name": "LoadLibraryA",
3496. "address": "0x46f294"
3497. },
3498. {
3499. "name": "LeaveCriticalSection",
3500. "address": "0x46f298"
3501. },
3502. {
3503. "name": "InitializeCriticalSection",
3504. "address": "0x46f29c"
3505. },
3506. {
3507. "name": "GlobalUnlock",
3508. "address": "0x46f2a0"
3509. },
3510. {
3511. "name": "GlobalSize",
3512. "address": "0x46f2a4"
3513. },
3514. {
3515. "name": "GlobalReAlloc",
3516. "address": "0x46f2a8"
3517. },
3518. {
3519. "name": "GlobalHandle",
3520. "address": "0x46f2ac"
3521. },
3522. {
3523. "name": "GlobalLock",
3524. "address": "0x46f2b0"
3525. },
3526. {
3527. "name": "GlobalFree",
3528. "address": "0x46f2b4"
3529. },
3530. {
3531. "name": "GlobalFindAtomA",
3532. "address": "0x46f2b8"
3533. },
3534. {
3535. "name": "GlobalDeleteAtom",
3536. "address": "0x46f2bc"
3537. },
3538. {
3539. "name": "GlobalAlloc",
3540. "address": "0x46f2c0"
3541. },
3542. {
3543. "name": "GlobalAddAtomA",
3544. "address": "0x46f2c4"
3545. },
3546. {
3547. "name": "GetVersionExA",
3548. "address": "0x46f2c8"
3549. },
3550. {
3551. "name": "GetVersion",
3552. "address": "0x46f2cc"
3553. },
3554. {
3555. "name": "GetUserDefaultLCID",
3556. "address": "0x46f2d0"
3557. },
3558. {
3559. "name": "GetTickCount",
3560. "address": "0x46f2d4"
3561. },
3562. {
3563. "name": "GetThreadLocale",
3564. "address": "0x46f2d8"
3565. },
3566. {
3567. "name": "GetSystemInfo",
3568. "address": "0x46f2dc"
3569. },
3570. {
3571. "name": "GetStringTypeExA",
3572. "address": "0x46f2e0"
3573. },
3574. {
3575. "name": "GetStdHandle",
3576. "address": "0x46f2e4"
3577. },
3578. {
3579. "name": "GetProfileStringA",
3580. "address": "0x46f2e8"
3581. },
3582. {
3583. "name": "GetProcAddress",
3584. "address": "0x46f2ec"
3585. },
3586. {
3587. "name": "GetModuleHandleA",
3588. "address": "0x46f2f0"
3589. },
3590. {
3591. "name": "GetModuleFileNameA",
3592. "address": "0x46f2f4"
3593. },
3594. {
3595. "name": "GetLocaleInfoA",
3596. "address": "0x46f2f8"
3597. },
3598. {
3599. "name": "GetLocalTime",
3600. "address": "0x46f2fc"
3601. },
3602. {
3603. "name": "GetLastError",
3604. "address": "0x46f300"
3605. },
3606. {
3607. "name": "GetFullPathNameA",
3608. "address": "0x46f304"
3609. },
3610. {
3611. "name": "GetDiskFreeSpaceA",
3612. "address": "0x46f308"
3613. },
3614. {
3615. "name": "GetDateFormatA",
3616. "address": "0x46f30c"
3617. },
3618. {
3619. "name": "GetCurrentThreadId",
3620. "address": "0x46f310"
3621. },
3622. {
3623. "name": "GetCurrentProcessId",
3624. "address": "0x46f314"
3625. },
3626. {
3627. "name": "GetComputerNameA",
3628. "address": "0x46f318"
3629. },
3630. {
3631. "name": "GetCPInfo",
3632. "address": "0x46f31c"
3633. },
3634. {
3635. "name": "GetACP",
3636. "address": "0x46f320"
3637. },
3638. {
3639. "name": "FreeResource",
3640. "address": "0x46f324"
3641. },
3642. {
3643. "name": "InterlockedExchange",
3644. "address": "0x46f328"
3645. },
3646. {
3647. "name": "FreeLibrary",
3648. "address": "0x46f32c"
3649. },
3650. {
3651. "name": "FormatMessageA",
3652. "address": "0x46f330"
3653. },
3654. {
3655. "name": "FindResourceA",
3656. "address": "0x46f334"
3657. },
3658. {
3659. "name": "EnumCalendarInfoA",
3660. "address": "0x46f338"
3661. },
3662. {
3663. "name": "EnterCriticalSection",
3664. "address": "0x46f33c"
3665. },
3666. {
3667. "name": "DeleteCriticalSection",
3668. "address": "0x46f340"
3669. },
3670. {
3671. "name": "CreateThread",
3672. "address": "0x46f344"
3673. },
3674. {
3675. "name": "CreateFileA",
3676. "address": "0x46f348"
3677. },
3678. {
3679. "name": "CreateEventA",
3680. "address": "0x46f34c"
3681. },
3682. {
3683. "name": "CompareStringA",
3684. "address": "0x46f350"
3685. },
3686. {
3687. "name": "CloseHandle",
3688. "address": "0x46f354"
3689. }
3690. ],
3691. "dll": "kernel32.dll"
3692. },
3693. {
3694. "imports": [
3695. {
3696. "name": "VerQueryValueA",
3697. "address": "0x46f35c"
3698. },
3699. {
3700. "name": "GetFileVersionInfoSizeA",
3701. "address": "0x46f360"
3702. },
3703. {
3704. "name": "GetFileVersionInfoA",
3705. "address": "0x46f364"
3706. }
3707. ],
3708. "dll": "version.dll"
3709. },
3710. {
3711. "imports": [
3712. {
3713. "name": "UnrealizeObject",
3714. "address": "0x46f36c"
3715. },
3716. {
3717. "name": "StretchBlt",
3718. "address": "0x46f370"
3719. },
3720. {
3721. "name": "SetWindowOrgEx",
3722. "address": "0x46f374"
3723. },
3724. {
3725. "name": "SetWinMetaFileBits",
3726. "address": "0x46f378"
3727. },
3728. {
3729. "name": "SetViewportOrgEx",
3730. "address": "0x46f37c"
3731. },
3732. {
3733. "name": "SetTextColor",
3734. "address": "0x46f380"
3735. },
3736. {
3737. "name": "SetStretchBltMode",
3738. "address": "0x46f384"
3739. },
3740. {
3741. "name": "SetROP2",
3742. "address": "0x46f388"
3743. },
3744. {
3745. "name": "SetPixel",
3746. "address": "0x46f38c"
3747. },
3748. {
3749. "name": "SetMapMode",
3750. "address": "0x46f390"
3751. },
3752. {
3753. "name": "SetEnhMetaFileBits",
3754. "address": "0x46f394"
3755. },
3756. {
3757. "name": "SetDIBColorTable",
3758. "address": "0x46f398"
3759. },
3760. {
3761. "name": "SetBrushOrgEx",
3762. "address": "0x46f39c"
3763. },
3764. {
3765. "name": "SetBkMode",
3766. "address": "0x46f3a0"
3767. },
3768. {
3769. "name": "SetBkColor",
3770. "address": "0x46f3a4"
3771. },
3772. {
3773. "name": "SelectPalette",
3774. "address": "0x46f3a8"
3775. },
3776. {
3777. "name": "SelectObject",
3778. "address": "0x46f3ac"
3779. },
3780. {
3781. "name": "SelectClipRgn",
3782. "address": "0x46f3b0"
3783. },
3784. {
3785. "name": "ScaleWindowExtEx",
3786. "address": "0x46f3b4"
3787. },
3788. {
3789. "name": "SaveDC",
3790. "address": "0x46f3b8"
3791. },
3792. {
3793. "name": "RestoreDC",
3794. "address": "0x46f3bc"
3795. },
3796. {
3797. "name": "RectVisible",
3798. "address": "0x46f3c0"
3799. },
3800. {
3801. "name": "RealizePalette",
3802. "address": "0x46f3c4"
3803. },
3804. {
3805. "name": "PlayEnhMetaFile",
3806. "address": "0x46f3c8"
3807. },
3808. {
3809. "name": "PathToRegion",
3810. "address": "0x46f3cc"
3811. },
3812. {
3813. "name": "PatBlt",
3814. "address": "0x46f3d0"
3815. },
3816. {
3817. "name": "MoveToEx",
3818. "address": "0x46f3d4"
3819. },
3820. {
3821. "name": "MaskBlt",
3822. "address": "0x46f3d8"
3823. },
3824. {
3825. "name": "LineTo",
3826. "address": "0x46f3dc"
3827. },
3828. {
3829. "name": "LPtoDP",
3830. "address": "0x46f3e0"
3831. },
3832. {
3833. "name": "IntersectClipRect",
3834. "address": "0x46f3e4"
3835. },
3836. {
3837. "name": "GetWindowOrgEx",
3838. "address": "0x46f3e8"
3839. },
3840. {
3841. "name": "GetWinMetaFileBits",
3842. "address": "0x46f3ec"
3843. },
3844. {
3845. "name": "GetTextMetricsA",
3846. "address": "0x46f3f0"
3847. },
3848. {
3849. "name": "GetTextExtentPoint32A",
3850. "address": "0x46f3f4"
3851. },
3852. {
3853. "name": "GetSystemPaletteEntries",
3854. "address": "0x46f3f8"
3855. },
3856. {
3857. "name": "GetStockObject",
3858. "address": "0x46f3fc"
3859. },
3860. {
3861. "name": "GetPixel",
3862. "address": "0x46f400"
3863. },
3864. {
3865. "name": "GetPaletteEntries",
3866. "address": "0x46f404"
3867. },
3868. {
3869. "name": "GetObjectA",
3870. "address": "0x46f408"
3871. },
3872. {
3873. "name": "GetEnhMetaFilePaletteEntries",
3874. "address": "0x46f40c"
3875. },
3876. {
3877. "name": "GetEnhMetaFileHeader",
3878. "address": "0x46f410"
3879. },
3880. {
3881. "name": "GetEnhMetaFileDescriptionA",
3882. "address": "0x46f414"
3883. },
3884. {
3885. "name": "GetEnhMetaFileBits",
3886. "address": "0x46f418"
3887. },
3888. {
3889. "name": "GetDeviceCaps",
3890. "address": "0x46f41c"
3891. },
3892. {
3893. "name": "GetDIBits",
3894. "address": "0x46f420"
3895. },
3896. {
3897. "name": "GetDIBColorTable",
3898. "address": "0x46f424"
3899. },
3900. {
3901. "name": "GetDCOrgEx",
3902. "address": "0x46f428"
3903. },
3904. {
3905. "name": "GetCurrentPositionEx",
3906. "address": "0x46f42c"
3907. },
3908. {
3909. "name": "GetClipBox",
3910. "address": "0x46f430"
3911. },
3912. {
3913. "name": "GetBrushOrgEx",
3914. "address": "0x46f434"
3915. },
3916. {
3917. "name": "GetBitmapBits",
3918. "address": "0x46f438"
3919. },
3920. {
3921. "name": "ExcludeClipRect",
3922. "address": "0x46f43c"
3923. },
3924. {
3925. "name": "EndPage",
3926. "address": "0x46f440"
3927. },
3928. {
3929. "name": "EndDoc",
3930. "address": "0x46f444"
3931. },
3932. {
3933. "name": "DeleteObject",
3934. "address": "0x46f448"
3935. },
3936. {
3937. "name": "DeleteEnhMetaFile",
3938. "address": "0x46f44c"
3939. },
3940. {
3941. "name": "DeleteDC",
3942. "address": "0x46f450"
3943. },
3944. {
3945. "name": "CreateSolidBrush",
3946. "address": "0x46f454"
3947. },
3948. {
3949. "name": "CreatePenIndirect",
3950. "address": "0x46f458"
3951. },
3952. {
3953. "name": "CreatePalette",
3954. "address": "0x46f45c"
3955. },
3956. {
3957. "name": "CreateICA",
3958. "address": "0x46f460"
3959. },
3960. {
3961. "name": "CreateHalftonePalette",
3962. "address": "0x46f464"
3963. },
3964. {
3965. "name": "CreateFontIndirectA",
3966. "address": "0x46f468"
3967. },
3968. {
3969. "name": "CreateEnhMetaFileA",
3970. "address": "0x46f46c"
3971. },
3972. {
3973. "name": "CreateDIBitmap",
3974. "address": "0x46f470"
3975. },
3976. {
3977. "name": "CreateDIBSection",
3978. "address": "0x46f474"
3979. },
3980. {
3981. "name": "CreateDCA",
3982. "address": "0x46f478"
3983. },
3984. {
3985. "name": "CreateCompatibleDC",
3986. "address": "0x46f47c"
3987. },
3988. {
3989. "name": "CreateCompatibleBitmap",
3990. "address": "0x46f480"
3991. },
3992. {
3993. "name": "CreateBrushIndirect",
3994. "address": "0x46f484"
3995. },
3996. {
3997. "name": "CreateBitmap",
3998. "address": "0x46f488"
3999. },
4000. {
4001. "name": "CopyEnhMetaFileA",
4002. "address": "0x46f48c"
4003. },
4004. {
4005. "name": "CloseEnhMetaFile",
4006. "address": "0x46f490"
4007. },
4008. {
4009. "name": "BitBlt",
4010. "address": "0x46f494"
4011. }
4012. ],
4013. "dll": "gdi32.dll"
4014. },
4015. {
4016. "imports": [
4017. {
4018. "name": "CreateWindowExA",
4019. "address": "0x46f49c"
4020. },
4021. {
4022. "name": "WindowFromPoint",
4023. "address": "0x46f4a0"
4024. },
4025. {
4026. "name": "WinHelpA",
4027. "address": "0x46f4a4"
4028. },
4029. {
4030. "name": "WaitMessage",
4031. "address": "0x46f4a8"
4032. },
4033. {
4034. "name": "UpdateWindow",
4035. "address": "0x46f4ac"
4036. },
4037. {
4038. "name": "UnregisterClassA",
4039. "address": "0x46f4b0"
4040. },
4041. {
4042. "name": "UnhookWindowsHookEx",
4043. "address": "0x46f4b4"
4044. },
4045. {
4046. "name": "TranslateMessage",
4047. "address": "0x46f4b8"
4048. },
4049. {
4050. "name": "TranslateMDISysAccel",
4051. "address": "0x46f4bc"
4052. },
4053. {
4054. "name": "TrackPopupMenu",
4055. "address": "0x46f4c0"
4056. },
4057. {
4058. "name": "SystemParametersInfoA",
4059. "address": "0x46f4c4"
4060. },
4061. {
4062. "name": "ShowWindow",
4063. "address": "0x46f4c8"
4064. },
4065. {
4066. "name": "ShowScrollBar",
4067. "address": "0x46f4cc"
4068. },
4069. {
4070. "name": "ShowOwnedPopups",
4071. "address": "0x46f4d0"
4072. },
4073. {
4074. "name": "ShowCursor",
4075. "address": "0x46f4d4"
4076. },
4077. {
4078. "name": "SetWindowsHookExA",
4079. "address": "0x46f4d8"
4080. },
4081. {
4082. "name": "SetWindowTextA",
4083. "address": "0x46f4dc"
4084. },
4085. {
4086. "name": "SetWindowPos",
4087. "address": "0x46f4e0"
4088. },
4089. {
4090. "name": "SetWindowPlacement",
4091. "address": "0x46f4e4"
4092. },
4093. {
4094. "name": "SetWindowLongA",
4095. "address": "0x46f4e8"
4096. },
4097. {
4098. "name": "SetTimer",
4099. "address": "0x46f4ec"
4100. },
4101. {
4102. "name": "SetScrollRange",
4103. "address": "0x46f4f0"
4104. },
4105. {
4106. "name": "SetScrollPos",
4107. "address": "0x46f4f4"
4108. },
4109. {
4110. "name": "SetScrollInfo",
4111. "address": "0x46f4f8"
4112. },
4113. {
4114. "name": "SetRect",
4115. "address": "0x46f4fc"
4116. },
4117. {
4118. "name": "SetPropA",
4119. "address": "0x46f500"
4120. },
4121. {
4122. "name": "SetParent",
4123. "address": "0x46f504"
4124. },
4125. {
4126. "name": "SetMenuItemInfoA",
4127. "address": "0x46f508"
4128. },
4129. {
4130. "name": "SetMenu",
4131. "address": "0x46f50c"
4132. },
4133. {
4134. "name": "SetKeyboardState",
4135. "address": "0x46f510"
4136. },
4137. {
4138. "name": "SetForegroundWindow",
4139. "address": "0x46f514"
4140. },
4141. {
4142. "name": "SetFocus",
4143. "address": "0x46f518"
4144. },
4145. {
4146. "name": "SetCursor",
4147. "address": "0x46f51c"
4148. },
4149. {
4150. "name": "SetClipboardData",
4151. "address": "0x46f520"
4152. },
4153. {
4154. "name": "SetClassLongA",
4155. "address": "0x46f524"
4156. },
4157. {
4158. "name": "SetCapture",
4159. "address": "0x46f528"
4160. },
4161. {
4162. "name": "SetActiveWindow",
4163. "address": "0x46f52c"
4164. },
4165. {
4166. "name": "SendMessageA",
4167. "address": "0x46f530"
4168. },
4169. {
4170. "name": "ScrollWindow",
4171. "address": "0x46f534"
4172. },
4173. {
4174. "name": "ScreenToClient",
4175. "address": "0x46f538"
4176. },
4177. {
4178. "name": "RemovePropA",
4179. "address": "0x46f53c"
4180. },
4181. {
4182. "name": "RemoveMenu",
4183. "address": "0x46f540"
4184. },
4185. {
4186. "name": "ReleaseDC",
4187. "address": "0x46f544"
4188. },
4189. {
4190. "name": "ReleaseCapture",
4191. "address": "0x46f548"
4192. },
4193. {
4194. "name": "RegisterWindowMessageA",
4195. "address": "0x46f54c"
4196. },
4197. {
4198. "name": "RegisterClipboardFormatA",
4199. "address": "0x46f550"
4200. },
4201. {
4202. "name": "RegisterClassA",
4203. "address": "0x46f554"
4204. },
4205. {
4206. "name": "RedrawWindow",
4207. "address": "0x46f558"
4208. },
4209. {
4210. "name": "PtInRect",
4211. "address": "0x46f55c"
4212. },
4213. {
4214. "name": "PostQuitMessage",
4215. "address": "0x46f560"
4216. },
4217. {
4218. "name": "PostMessageA",
4219. "address": "0x46f564"
4220. },
4221. {
4222. "name": "PeekMessageA",
4223. "address": "0x46f568"
4224. },
4225. {
4226. "name": "OpenClipboard",
4227. "address": "0x46f56c"
4228. },
4229. {
4230. "name": "OffsetRect",
4231. "address": "0x46f570"
4232. },
4233. {
4234. "name": "OemToCharA",
4235. "address": "0x46f574"
4236. },
4237. {
4238. "name": "MessageBoxA",
4239. "address": "0x46f578"
4240. },
4241. {
4242. "name": "MessageBeep",
4243. "address": "0x46f57c"
4244. },
4245. {
4246. "name": "MapWindowPoints",
4247. "address": "0x46f580"
4248. },
4249. {
4250. "name": "MapVirtualKeyA",
4251. "address": "0x46f584"
4252. },
4253. {
4254. "name": "LoadStringA",
4255. "address": "0x46f588"
4256. },
4257. {
4258. "name": "LoadKeyboardLayoutA",
4259. "address": "0x46f58c"
4260. },
4261. {
4262. "name": "LoadIconA",
4263. "address": "0x46f590"
4264. },
4265. {
4266. "name": "LoadCursorA",
4267. "address": "0x46f594"
4268. },
4269. {
4270. "name": "LoadBitmapA",
4271. "address": "0x46f598"
4272. },
4273. {
4274. "name": "KillTimer",
4275. "address": "0x46f59c"
4276. },
4277. {
4278. "name": "IsZoomed",
4279. "address": "0x46f5a0"
4280. },
4281. {
4282. "name": "IsWindowVisible",
4283. "address": "0x46f5a4"
4284. },
4285. {
4286. "name": "IsWindowEnabled",
4287. "address": "0x46f5a8"
4288. },
4289. {
4290. "name": "IsWindow",
4291. "address": "0x46f5ac"
4292. },
4293. {
4294. "name": "IsRectEmpty",
4295. "address": "0x46f5b0"
4296. },
4297. {
4298. "name": "IsIconic",
4299. "address": "0x46f5b4"
4300. },
4301. {
4302. "name": "IsDialogMessageA",
4303. "address": "0x46f5b8"
4304. },
4305. {
4306. "name": "IsChild",
4307. "address": "0x46f5bc"
4308. },
4309. {
4310. "name": "IsCharAlphaNumericA",
4311. "address": "0x46f5c0"
4312. },
4313. {
4314. "name": "IsCharAlphaA",
4315. "address": "0x46f5c4"
4316. },
4317. {
4318. "name": "InvalidateRect",
4319. "address": "0x46f5c8"
4320. },
4321. {
4322. "name": "IntersectRect",
4323. "address": "0x46f5cc"
4324. },
4325. {
4326. "name": "InsertMenuItemA",
4327. "address": "0x46f5d0"
4328. },
4329. {
4330. "name": "InsertMenuA",
4331. "address": "0x46f5d4"
4332. },
4333. {
4334. "name": "InflateRect",
4335. "address": "0x46f5d8"
4336. },
4337. {
4338. "name": "GetWindowThreadProcessId",
4339. "address": "0x46f5dc"
4340. },
4341. {
4342. "name": "GetWindowTextA",
4343. "address": "0x46f5e0"
4344. },
4345. {
4346. "name": "GetWindowRect",
4347. "address": "0x46f5e4"
4348. },
4349. {
4350. "name": "GetWindowPlacement",
4351. "address": "0x46f5e8"
4352. },
4353. {
4354. "name": "GetWindowLongA",
4355. "address": "0x46f5ec"
4356. },
4357. {
4358. "name": "GetWindowDC",
4359. "address": "0x46f5f0"
4360. },
4361. {
4362. "name": "GetTopWindow",
4363. "address": "0x46f5f4"
4364. },
4365. {
4366. "name": "GetSystemMetrics",
4367. "address": "0x46f5f8"
4368. },
4369. {
4370. "name": "GetSystemMenu",
4371. "address": "0x46f5fc"
4372. },
4373. {
4374. "name": "GetSysColorBrush",
4375. "address": "0x46f600"
4376. },
4377. {
4378. "name": "GetSysColor",
4379. "address": "0x46f604"
4380. },
4381. {
4382. "name": "GetSubMenu",
4383. "address": "0x46f608"
4384. },
4385. {
4386. "name": "GetScrollRange",
4387. "address": "0x46f60c"
4388. },
4389. {
4390. "name": "GetScrollPos",
4391. "address": "0x46f610"
4392. },
4393. {
4394. "name": "GetScrollInfo",
4395. "address": "0x46f614"
4396. },
4397. {
4398. "name": "GetPropA",
4399. "address": "0x46f618"
4400. },
4401. {
4402. "name": "GetParent",
4403. "address": "0x46f61c"
4404. },
4405. {
4406. "name": "GetWindow",
4407. "address": "0x46f620"
4408. },
4409. {
4410. "name": "GetMessageTime",
4411. "address": "0x46f624"
4412. },
4413. {
4414. "name": "GetMenuStringA",
4415. "address": "0x46f628"
4416. },
4417. {
4418. "name": "GetMenuState",
4419. "address": "0x46f62c"
4420. },
4421. {
4422. "name": "GetMenuItemInfoA",
4423. "address": "0x46f630"
4424. },
4425. {
4426. "name": "GetMenuItemID",
4427. "address": "0x46f634"
4428. },
4429. {
4430. "name": "GetMenuItemCount",
4431. "address": "0x46f638"
4432. },
4433. {
4434. "name": "GetMenu",
4435. "address": "0x46f63c"
4436. },
4437. {
4438. "name": "GetLastActivePopup",
4439. "address": "0x46f640"
4440. },
4441. {
4442. "name": "GetKeyboardState",
4443. "address": "0x46f644"
4444. },
4445. {
4446. "name": "GetKeyboardLayoutList",
4447. "address": "0x46f648"
4448. },
4449. {
4450. "name": "GetKeyboardLayout",
4451. "address": "0x46f64c"
4452. },
4453. {
4454. "name": "GetKeyState",
4455. "address": "0x46f650"
4456. },
4457. {
4458. "name": "GetKeyNameTextA",
4459. "address": "0x46f654"
4460. },
4461. {
4462. "name": "GetIconInfo",
4463. "address": "0x46f658"
4464. },
4465. {
4466. "name": "GetForegroundWindow",
4467. "address": "0x46f65c"
4468. },
4469. {
4470. "name": "GetFocus",
4471. "address": "0x46f660"
4472. },
4473. {
4474. "name": "GetDesktopWindow",
4475. "address": "0x46f664"
4476. },
4477. {
4478. "name": "GetDCEx",
4479. "address": "0x46f668"
4480. },
4481. {
4482. "name": "GetDC",
4483. "address": "0x46f66c"
4484. },
4485. {
4486. "name": "GetCursorPos",
4487. "address": "0x46f670"
4488. },
4489. {
4490. "name": "GetCursor",
4491. "address": "0x46f674"
4492. },
4493. {
4494. "name": "GetClipboardData",
4495. "address": "0x46f678"
4496. },
4497. {
4498. "name": "GetClientRect",
4499. "address": "0x46f67c"
4500. },
4501. {
4502. "name": "GetClassNameA",
4503. "address": "0x46f680"
4504. },
4505. {
4506. "name": "GetClassInfoA",
4507. "address": "0x46f684"
4508. },
4509. {
4510. "name": "GetCapture",
4511. "address": "0x46f688"
4512. },
4513. {
4514. "name": "GetActiveWindow",
4515. "address": "0x46f68c"
4516. },
4517. {
4518. "name": "FrameRect",
4519. "address": "0x46f690"
4520. },
4521. {
4522. "name": "FindWindowA",
4523. "address": "0x46f694"
4524. },
4525. {
4526. "name": "FillRect",
4527. "address": "0x46f698"
4528. },
4529. {
4530. "name": "EqualRect",
4531. "address": "0x46f69c"
4532. },
4533. {
4534. "name": "EnumWindows",
4535. "address": "0x46f6a0"
4536. },
4537. {
4538. "name": "EnumThreadWindows",
4539. "address": "0x46f6a4"
4540. },
4541. {
4542. "name": "EnumClipboardFormats",
4543. "address": "0x46f6a8"
4544. },
4545. {
4546. "name": "EndPaint",
4547. "address": "0x46f6ac"
4548. },
4549. {
4550. "name": "EndDeferWindowPos",
4551. "address": "0x46f6b0"
4552. },
4553. {
4554. "name": "EnableWindow",
4555. "address": "0x46f6b4"
4556. },
4557. {
4558. "name": "EnableScrollBar",
4559. "address": "0x46f6b8"
4560. },
4561. {
4562. "name": "EnableMenuItem",
4563. "address": "0x46f6bc"
4564. },
4565. {
4566. "name": "EmptyClipboard",
4567. "address": "0x46f6c0"
4568. },
4569. {
4570. "name": "DrawTextA",
4571. "address": "0x46f6c4"
4572. },
4573. {
4574. "name": "DrawMenuBar",
4575. "address": "0x46f6c8"
4576. },
4577. {
4578. "name": "DrawIconEx",
4579. "address": "0x46f6cc"
4580. },
4581. {
4582. "name": "DrawIcon",
4583. "address": "0x46f6d0"
4584. },
4585. {
4586. "name": "DrawFrameControl",
4587. "address": "0x46f6d4"
4588. },
4589. {
4590. "name": "DrawEdge",
4591. "address": "0x46f6d8"
4592. },
4593. {
4594. "name": "DispatchMessageA",
4595. "address": "0x46f6dc"
4596. },
4597. {
4598. "name": "DestroyWindow",
4599. "address": "0x46f6e0"
4600. },
4601. {
4602. "name": "DestroyMenu",
4603. "address": "0x46f6e4"
4604. },
4605. {
4606. "name": "DestroyIcon",
4607. "address": "0x46f6e8"
4608. },
4609. {
4610. "name": "DestroyCursor",
4611. "address": "0x46f6ec"
4612. },
4613. {
4614. "name": "DeleteMenu",
4615. "address": "0x46f6f0"
4616. },
4617. {
4618. "name": "DeferWindowPos",
4619. "address": "0x46f6f4"
4620. },
4621. {
4622. "name": "DefWindowProcA",
4623. "address": "0x46f6f8"
4624. },
4625. {
4626. "name": "DefMDIChildProcA",
4627. "address": "0x46f6fc"
4628. },
4629. {
4630. "name": "DefFrameProcA",
4631. "address": "0x46f700"
4632. },
4633. {
4634. "name": "CreatePopupMenu",
4635. "address": "0x46f704"
4636. },
4637. {
4638. "name": "CreateMenu",
4639. "address": "0x46f708"
4640. },
4641. {
4642. "name": "CreateIcon",
4643. "address": "0x46f70c"
4644. },
4645. {
4646. "name": "CloseClipboard",
4647. "address": "0x46f710"
4648. },
4649. {
4650. "name": "ClientToScreen",
4651. "address": "0x46f714"
4652. },
4653. {
4654. "name": "CheckMenuItem",
4655. "address": "0x46f718"
4656. },
4657. {
4658. "name": "CallWindowProcA",
4659. "address": "0x46f71c"
4660. },
4661. {
4662. "name": "CallNextHookEx",
4663. "address": "0x46f720"
4664. },
4665. {
4666. "name": "BeginPaint",
4667. "address": "0x46f724"
4668. },
4669. {
4670. "name": "BeginDeferWindowPos",
4671. "address": "0x46f728"
4672. },
4673. {
4674. "name": "CharNextA",
4675. "address": "0x46f72c"
4676. },
4677. {
4678. "name": "CharLowerBuffA",
4679. "address": "0x46f730"
4680. },
4681. {
4682. "name": "CharLowerA",
4683. "address": "0x46f734"
4684. },
4685. {
4686. "name": "CharUpperBuffA",
4687. "address": "0x46f738"
4688. },
4689. {
4690. "name": "CharToOemA",
4691. "address": "0x46f73c"
4692. },
4693. {
4694. "name": "AdjustWindowRectEx",
4695. "address": "0x46f740"
4696. },
4697. {
4698. "name": "ActivateKeyboardLayout",
4699. "address": "0x46f744"
4700. }
4701. ],
4702. "dll": "user32.dll"
4703. },
4704. {
4705. "imports": [
4706. {
4707. "name": "Sleep",
4708. "address": "0x46f74c"
4709. }
4710. ],
4711. "dll": "kernel32.dll"
4712. },
4713. {
4714. "imports": [
4715. {
4716. "name": "SafeArrayPtrOfIndex",
4717. "address": "0x46f754"
4718. },
4719. {
4720. "name": "SafeArrayGetUBound",
4721. "address": "0x46f758"
4722. },
4723. {
4724. "name": "SafeArrayGetLBound",
4725. "address": "0x46f75c"
4726. },
4727. {
4728. "name": "SafeArrayCreate",
4729. "address": "0x46f760"
4730. },
4731. {
4732. "name": "VariantChangeType",
4733. "address": "0x46f764"
4734. },
4735. {
4736. "name": "VariantCopy",
4737. "address": "0x46f768"
4738. },
4739. {
4740. "name": "VariantClear",
4741. "address": "0x46f76c"
4742. },
4743. {
4744. "name": "VariantInit",
4745. "address": "0x46f770"
4746. }
4747. ],
4748. "dll": "oleaut32.dll"
4749. },
4750. {
4751. "imports": [
4752. {
4753. "name": "CreateStreamOnHGlobal",
4754. "address": "0x46f778"
4755. },
4756. {
4757. "name": "IsAccelerator",
4758. "address": "0x46f77c"
4759. },
4760. {
4761. "name": "OleDraw",
4762. "address": "0x46f780"
4763. },
4764. {
4765. "name": "OleSetMenuDescriptor",
4766. "address": "0x46f784"
4767. },
4768. {
4769. "name": "CoTaskMemFree",
4770. "address": "0x46f788"
4771. },
4772. {
4773. "name": "ProgIDFromCLSID",
4774. "address": "0x46f78c"
4775. },
4776. {
4777. "name": "StringFromCLSID",
4778. "address": "0x46f790"
4779. },
4780. {
4781. "name": "CoCreateInstance",
4782. "address": "0x46f794"
4783. },
4784. {
4785. "name": "CoGetClassObject",
4786. "address": "0x46f798"
4787. },
4788. {
4789. "name": "CoUninitialize",
4790. "address": "0x46f79c"
4791. },
4792. {
4793. "name": "CoInitialize",
4794. "address": "0x46f7a0"
4795. },
4796. {
4797. "name": "IsEqualGUID",
4798. "address": "0x46f7a4"
4799. }
4800. ],
4801. "dll": "ole32.dll"
4802. },
4803. {
4804. "imports": [
4805. {
4806. "name": "GetErrorInfo",
4807. "address": "0x46f7ac"
4808. },
4809. {
4810. "name": "GetActiveObject",
4811. "address": "0x46f7b0"
4812. },
4813. {
4814. "name": "SysFreeString",
4815. "address": "0x46f7b4"
4816. }
4817. ],
4818. "dll": "oleaut32.dll"
4819. },
4820. {
4821. "imports": [
4822. {
4823. "name": "ImageList_SetIconSize",
4824. "address": "0x46f7bc"
4825. },
4826. {
4827. "name": "ImageList_GetIconSize",
4828. "address": "0x46f7c0"
4829. },
4830. {
4831. "name": "ImageList_Write",
4832. "address": "0x46f7c4"
4833. },
4834. {
4835. "name": "ImageList_Read",
4836. "address": "0x46f7c8"
4837. },
4838. {
4839. "name": "ImageList_GetDragImage",
4840. "address": "0x46f7cc"
4841. },
4842. {
4843. "name": "ImageList_DragShowNolock",
4844. "address": "0x46f7d0"
4845. },
4846. {
4847. "name": "ImageList_SetDragCursorImage",
4848. "address": "0x46f7d4"
4849. },
4850. {
4851. "name": "ImageList_DragMove",
4852. "address": "0x46f7d8"
4853. },
4854. {
4855. "name": "ImageList_DragLeave",
4856. "address": "0x46f7dc"
4857. },
4858. {
4859. "name": "ImageList_DragEnter",
4860. "address": "0x46f7e0"
4861. },
4862. {
4863. "name": "ImageList_EndDrag",
4864. "address": "0x46f7e4"
4865. },
4866. {
4867. "name": "ImageList_BeginDrag",
4868. "address": "0x46f7e8"
4869. },
4870. {
4871. "name": "ImageList_Remove",
4872. "address": "0x46f7ec"
4873. },
4874. {
4875. "name": "ImageList_DrawEx",
4876. "address": "0x46f7f0"
4877. },
4878. {
4879. "name": "ImageList_Draw",
4880. "address": "0x46f7f4"
4881. },
4882. {
4883. "name": "ImageList_GetBkColor",
4884. "address": "0x46f7f8"
4885. },
4886. {
4887. "name": "ImageList_SetBkColor",
4888. "address": "0x46f7fc"
4889. },
4890. {
4891. "name": "ImageList_ReplaceIcon",
4892. "address": "0x46f800"
4893. },
4894. {
4895. "name": "ImageList_Add",
4896. "address": "0x46f804"
4897. },
4898. {
4899. "name": "ImageList_GetImageCount",
4900. "address": "0x46f808"
4901. },
4902. {
4903. "name": "ImageList_Destroy",
4904. "address": "0x46f80c"
4905. },
4906. {
4907. "name": "ImageList_Create",
4908. "address": "0x46f810"
4909. }
4910. ],
4911. "dll": "comctl32.dll"
4912. },
4913. {
4914. "imports": [
4915. {
4916. "name": "OpenPrinterA",
4917. "address": "0x46f818"
4918. },
4919. {
4920. "name": "EnumPrintersA",
4921. "address": "0x46f81c"
4922. },
4923. {
4924. "name": "DocumentPropertiesA",
4925. "address": "0x46f820"
4926. },
4927. {
4928. "name": "ClosePrinter",
4929. "address": "0x46f824"
4930. }
4931. ],
4932. "dll": "winspool.drv"
4933. },
4934. {
4935. "imports": [
4936. {
4937. "name": "PrintDlgA",
4938. "address": "0x46f82c"
4939. }
4940. ],
4941. "dll": "comdlg32.dll"
4942. }
4943. ],
4944. "digital_signers": null,
4945. "exported_dll_name": null,
4946. "actual_checksum": "0x000ca079",
4947. "overlay": null,
4948. "imagebase": "0x00400000",
4949. "reported_checksum": "0x00000000",
4950. "icon_hash": null,
4951. "entrypoint": "0x0046304c",
4952. "timestamp": "1992-01-31 02:31:10",
4953. "osversion": "4.0",
4954. "sections": [
4955. {
4956. "name": "CODE",
4957. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4958. "virtual_address": "0x00001000",
4959. "size_of_data": "0x00062200",
4960. "entropy": "6.54",
4961. "raw_address": "0x00000400",
4962. "virtual_size": "0x00062094",
4963. "characteristics_raw": "0x60000020"
4964. },
4965. {
4966. "name": "DATA",
4967. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4968. "virtual_address": "0x00064000",
4969. "size_of_data": "0x00009600",
4970. "entropy": "4.97",
4971. "raw_address": "0x00062600",
4972. "virtual_size": "0x00009528",
4973. "characteristics_raw": "0xc0000040"
4974. },
4975. {
4976. "name": "BSS",
4977. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4978. "virtual_address": "0x0006e000",
4979. "size_of_data": "0x00000000",
4980. "entropy": "0.00",
4981. "raw_address": "0x0006bc00",
4982. "virtual_size": "0x00000d59",
4983. "characteristics_raw": "0xc0000000"
4984. },
4985. {
4986. "name": ".idata",
4987. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4988. "virtual_address": "0x0006f000",
4989. "size_of_data": "0x00002600",
4990. "entropy": "5.01",
4991. "raw_address": "0x0006bc00",
4992. "virtual_size": "0x00002540",
4993. "characteristics_raw": "0xc0000040"
4994. },
4995. {
4996. "name": ".tls",
4997. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4998. "virtual_address": "0x00072000",
4999. "size_of_data": "0x00000000",
5000. "entropy": "0.00",
5001. "raw_address": "0x0006e200",
5002. "virtual_size": "0x00000010",
5003. "characteristics_raw": "0xc0000000"
5004. },
5005. {
5006. "name": ".rdata",
5007. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
5008. "virtual_address": "0x00073000",
5009. "size_of_data": "0x00000200",
5010. "entropy": "0.21",
5011. "raw_address": "0x0006e200",
5012. "virtual_size": "0x00000018",
5013. "characteristics_raw": "0x50000040"
5014. },
5015. {
5016. "name": ".reloc",
5017. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
5018. "virtual_address": "0x00074000",
5019. "size_of_data": "0x00007200",
5020. "entropy": "6.67",
5021. "raw_address": "0x0006e400",
5022. "virtual_size": "0x00007108",
5023. "characteristics_raw": "0x50000040"
5024. },
5025. {
5026. "name": ".rsrc",
5027. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
5028. "virtual_address": "0x0007c000",
5029. "size_of_data": "0x00052000",
5030. "entropy": "6.96",
5031. "raw_address": "0x00075600",
5032. "virtual_size": "0x00051f50",
5033. "characteristics_raw": "0x50000040"
5034. }
5035. ],
5036. "resources": [],
5037. "dirents": [
5038. {
5039. "virtual_address": "0x00000000",
5040. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
5041. "size": "0x00000000"
5042. },
5043. {
5044. "virtual_address": "0x0006f000",
5045. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
5046. "size": "0x00002540"
5047. },
5048. {
5049. "virtual_address": "0x0007c000",
5050. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
5051. "size": "0x00051f50"
5052. },
5053. {
5054. "virtual_address": "0x00000000",
5055. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
5056. "size": "0x00000000"
5057. },
5058. {
5059. "virtual_address": "0x00000000",
5060. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
5061. "size": "0x00000000"
5062. },
5063. {
5064. "virtual_address": "0x00074000",
5065. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
5066. "size": "0x00007108"
5067. },
5068. {
5069. "virtual_address": "0x00000000",
5070. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
5071. "size": "0x00000000"
5072. },
5073. {
5074. "virtual_address": "0x00000000",
5075. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
5076. "size": "0x00000000"
5077. },
5078. {
5079. "virtual_address": "0x00000000",
5080. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
5081. "size": "0x00000000"
5082. },
5083. {
5084. "virtual_address": "0x00073000",
5085. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
5086. "size": "0x00000018"
5087. },
5088. {
5089. "virtual_address": "0x00000000",
5090. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
5091. "size": "0x00000000"
5092. },
5093. {
5094. "virtual_address": "0x00000000",
5095. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
5096. "size": "0x00000000"
5097. },
5098. {
5099. "virtual_address": "0x00000000",
5100. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
5101. "size": "0x00000000"
5102. },
5103. {
5104. "virtual_address": "0x00000000",
5105. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
5106. "size": "0x00000000"
5107. },
5108. {
5109. "virtual_address": "0x00000000",
5110. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
5111. "size": "0x00000000"
5112. },
5113. {
5114. "virtual_address": "0x00000000",
5115. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
5116. "size": "0x00000000"
5117. }
5118. ],
5119. "exports": [],
5120. "guest_signers": {},
5121. "imphash": "46116a2f8090728368dbf9ef96584273",
5122. "icon_fuzzy": null,
5123. "icon": null,
5124. "pdbpath": null,
5125. "imported_dll_count": 17,
5126. "versioninfo": []
5127. }
5128. }