AZORult_ed54fa0e7bbf3554e5b0d09ac647776c_exe_2019-06-27_09_30.json

1.  
2. [*] MalFamily: "Azorult"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "AZORult_ed54fa0e7bbf3554e5b0d09ac647776c.exe"
7. [*] File Size: 635392
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "4090f01fe9c3fe71c23da753a2d4ea9512d6dde233624052e93f534882df312c"
10. [*] MD5: "ed54fa0e7bbf3554e5b0d09ac647776c"
11. [*] SHA1: "e64a599629a433fbcf399c1f1fadc44fe5638bc8"
12. [*] SHA512: "d0f0a4386f492a4992793dcee693a7de34ba3f812222e6252afd700e8746f42bd84f11898b09fd000b8760fa0f48340d5be7d205aa3ae67ce82b4b63d9a3e247"
13. [*] CRC32: "C553F864"
14. [*] SSDEEP: "12288:zMnlidvN1rCQFC53qWagQ3nbA8Lxr3oAK5pCxeTo:zmQFzDFCRUg2VxEAGgxAo"
15.  
16. [*] Process Execution: [
17. "AZORult_ed54fa0e7bbf3554e5b0d09ac647776c.exe",
18. "angnd.exe",
19. "angnd.exe",
20. "services.exe",
21. "lsass.exe"
22. ]
23.  
24. [*] Signatures Detected: [
25. {
26. "Description": "Creates RWX memory",
27. "Details": []
28. },
29. {
30. "Description": "Drops a binary and executes it",
31. "Details": [
32. {
33. "binary": "C:\\Users\\user\\AppData\\Roaming\\angydk\\angnd.exe"
34. }
35. ]
36. },
37. {
38. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
39. "Details": [
40. {
41. "post_no_referer": "HTTP traffic contains a POST request with no referer header"
42. },
43. {
44. "suspicious_request": "http://modestclouds.eu/angel/index.php"
45. }
46. ]
47. },
48. {
49. "Description": "Performs some HTTP requests",
50. "Details": [
51. {
52. "url": "http://modestclouds.eu/angel/index.php"
53. }
54. ]
55. },
56. {
57. "Description": "The binary likely contains encrypted or compressed data.",
58. "Details": [
59. {
60. "section": "name: .rsrc, entropy: 7.08, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x00025c00, virtual_size: 0x00025b70"
61. }
62. ]
63. },
64. {
65. "Description": "Executed a process and injected code into it, probably while unpacking",
66. "Details": [
67. {
68. "Injection": "angnd.exe(1812) -> angnd.exe(2564)"
69. }
70. ]
71. },
72. {
73. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
74. "Details": [
75. {
76. "Spam": "services.exe (504) called API GetSystemTimeAsFileTime 13139039 times"
77. }
78. ]
79. },
80. {
81. "Description": "Steals private information from local Internet browsers",
82. "Details": [
83. {
84. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@doubleclick[1].txt"
85. },
86. {
87. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@advertising[1].txt"
88. },
89. {
90. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.bing[2].txt"
91. },
92. {
93. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@media[2].txt"
94. },
95. {
96. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.google[1].txt"
97. },
98. {
99. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[5].txt"
100. },
101. {
102. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[4].txt"
103. },
104. {
105. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[3].txt"
106. },
107. {
108. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[1].txt"
109. },
110. {
111. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.msn[2].txt"
112. },
113. {
114. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
115. },
116. {
117. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@msn[1].txt"
118. },
119. {
120. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.msn[2].txt"
121. },
122. {
123. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
124. },
125. {
126. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@3lift[1].txt"
127. },
128. {
129. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History"
130. },
131. {
132. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@bing[2].txt"
133. },
134. {
135. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@scorecardresearch[2].txt"
136. },
137. {
138. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies"
139. },
140. {
141. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@atwola[2].txt"
142. }
143. ]
144. },
145. {
146. "Description": "Collects information about installed applications",
147. "Details": [
148. {
149. "Program": "Google Update Helper"
150. },
151. {
152. },
153. {
154. "Program": "Microsoft Excel MUI 2013"
155. },
156. {
157. "Program": "Microsoft Outlook MUI 2013"
158. },
159. {
160. },
161. {
162. "Program": "Google Chrome"
163. },
164. {
165. "Program": "Adobe Flash Player 29 NPAPI"
166. },
167. {
168. "Program": "Adobe Flash Player 29 ActiveX"
169. },
170. {
171. "Program": "Microsoft DCF MUI 2013"
172. },
173. {
174. "Program": "Microsoft Access MUI 2013"
175. },
176. {
177. "Program": "Microsoft Office Proofing Tools 2013 - English"
178. },
179. {
180. "Program": "Adobe Acrobat Reader DC"
181. },
182. {
183. "Program": "Microsoft Publisher MUI 2013"
184. },
185. {
186. "Program": "Microsoft Office Shared MUI 2013"
187. },
188. {
189. "Program": "Microsoft Office OSM MUI 2013"
190. },
191. {
192. "Program": "Microsoft InfoPath MUI 2013"
193. },
194. {
195. "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
196. },
197. {
198. "Program": "Outils de v\\xc3\\xa9rification linguistique 2013 de Microsoft Office\\xc2\\xa0- Fran\\xc3\\xa7ais"
199. },
200. {
201. "Program": "Microsoft Word MUI 2013"
202. },
203. {
204. "Program": "Microsoft OneDrive"
205. },
206. {
207. "Program": "Microsoft Groove MUI 2013"
208. },
209. {
210. "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xc3\\xb1ol"
211. },
212. {
213. },
214. {
215. "Program": "Microsoft Access Setup Metadata MUI 2013"
216. },
217. {
218. "Program": "Microsoft Office OSM UX MUI 2013"
219. },
220. {
221. "Program": "Java Auto Updater"
222. },
223. {
224. "Program": "Microsoft PowerPoint MUI 2013"
225. },
226. {
227. "Program": "Microsoft Office Professional Plus 2013"
228. },
229. {
230. "Program": "Adobe Refresh Manager"
231. },
232. {
233. "Program": "Microsoft Office Proofing 2013"
234. },
235. {
236. "Program": "Microsoft Lync MUI 2013"
237. },
238. {
239. },
240. {
241. "Program": "Microsoft OneNote MUI 2013"
242. }
243. ]
244. },
245. {
246. "Description": "File has been identified by 38 Antiviruses on VirusTotal as malicious",
247. "Details": [
248. {
249. "MicroWorld-eScan": "Trojan.Agent.DZHI"
250. },
251. {
252. "FireEye": "Generic.mg.ed54fa0e7bbf3554"
253. },
254. {
255. "McAfee": "Fareit-FPI!ED54FA0E7BBF"
256. },
257. {
258. "Cylance": "Unsafe"
259. },
260. {
261. "BitDefender": "Trojan.Agent.DZHI"
262. },
263. {
264. "TrendMicro": "TSPY_HPFAREIT.SMROX"
265. },
266. {
267. "Cyren": "W32/Trojan.JKZJ-5669"
268. },
269. {
270. "Symantec": "ML.Attribute.HighConfidence"
271. },
272. {
273. "APEX": "Malicious"
274. },
275. {
276. "Paloalto": "generic.ml"
277. },
278. {
279. "Kaspersky": "HEUR:Trojan.Win32.Kryptik.gen"
280. },
281. {
282. "Rising": "Trojan.Injector!1.AFE3 (CLASSIC)"
283. },
284. {
285. "Ad-Aware": "Trojan.Agent.DZHI"
286. },
287. {
288. "Sophos": "Mal/Fareit-V"
289. },
290. {
291. "DrWeb": "Trojan.PWS.Stealer.23680"
292. },
293. {
294. "Invincea": "heuristic"
295. },
296. {
297. "McAfee-GW-Edition": "BehavesLike.Win32.Fareit.jh"
298. },
299. {
300. "Trapmine": "malicious.high.ml.score"
301. },
302. {
303. "Emsisoft": "Trojan.Agent.DZHI (B)"
304. },
305. {
306. "F-Prot": "W32/Trojan3.AOCN"
307. },
308. {
309. "Fortinet": "W32/Injector.EGGP!tr"
310. },
311. {
312. "Endgame": "malicious (high confidence)"
313. },
314. {
315. "Arcabit": "Trojan.Agent.DZHI"
316. },
317. {
318. "ZoneAlarm": "HEUR:Trojan.Win32.Kryptik.gen"
319. },
320. {
321. "Microsoft": "Trojan:Win32/Wacatac.B!ml"
322. },
323. {
324. "AhnLab-V3": "Win-Trojan/Delphiless.Exp"
325. },
326. {
327. "Acronis": "suspicious"
328. },
329. {
330. "ALYac": "Trojan.Agent.DZHI"
331. },
332. {
333. "MAX": "malware (ai score=82)"
334. },
335. {
336. "ESET-NOD32": "a variant of Win32/Injector.EGGP"
337. },
338. {
339. "TrendMicro-HouseCall": "TSPY_HPFAREIT.SMROX"
340. },
341. {
342. "Tencent": "Win32.Trojan.Inject.Auto"
343. },
344. {
345. "GData": "Trojan.Agent.DZHI"
346. },
347. {
348. "AVG": "Win32:Malware-gen"
349. },
350. {
351. "Cybereason": "malicious.629a43"
352. },
353. {
354. "Avast": "Win32:Malware-gen"
355. },
356. {
357. "CrowdStrike": "win/malicious_confidence_100% (D)"
358. },
359. {
360. "Qihoo-360": "HEUR/QVM05.1.210B.Malware.Gen"
361. }
362. ]
363. },
364. {
365. "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
366. "Details": []
367. },
368. {
369. "Description": "Creates a copy of itself",
370. "Details": [
371. {
372. "copy": "C:\\Users\\user\\AppData\\Roaming\\angydk\\angnd.exe"
373. }
374. ]
375. },
376. {
377. "Description": "Attempts to access Bitcoin/ALTCoin wallets",
378. "Details": [
379. {
380. "file": "C:\\Users\\user\\AppData\\Roaming\\angydk\\wallet.dat"
381. },
382. {
383. "file": "C:\\Users\\user\\AppData\\Roaming\\Adobe\\wallet.dat"
384. },
385. {
386. "file": "C:\\Users\\user\\AppData\\Roaming\\Sun\\wallet.dat"
387. },
388. {
389. "file": "C:\\Users\\user\\AppData\\Roaming\\Identities\\wallet.dat"
390. },
391. {
392. "file": "C:\\Users\\user\\AppData\\Roaming\\Macromedia\\wallet.dat"
393. },
394. {
395. "file": "C:\\Users\\user\\AppData\\wallet.dat"
396. },
397. {
398. "file": "C:\\Users\\user\\AppData\\Roaming\\wallet.dat"
399. },
400. {
401. "file": "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\wallet.dat"
402. },
403. {
404. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\wallet.dat"
405. },
406. {
407. "file": "C:\\Users\\user\\AppData\\Roaming\\Electrum\\wallets\\*"
408. }
409. ]
410. },
411. {
412. "Description": "Harvests credentials from local FTP client softwares",
413. "Details": [
414. {
415. "file": "C:\\Users\\user\\AppData\\Roaming\\filezilla\\recentservers.xml"
416. }
417. ]
418. },
419. {
420. "Description": "Harvests information related to installed instant messenger clients",
421. "Details": [
422. {
423. "file": "C:\\Users\\user\\AppData\\Roaming\\.purple\\accounts.xml"
424. }
425. ]
426. },
427. {
428. "Description": "Harvests information related to installed mail clients",
429. "Details": [
430. {
431. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook"
432. },
433. {
434. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook"
435. },
436. {
437. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b22783abb139fe46b0aad551d64b60e7"
438. },
439. {
440. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001"
441. },
442. {
443. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046"
444. },
445. {
446. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9234ed9445f8fa418a542f350f18f326"
447. },
448. {
449. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
450. },
451. {
452. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
453. },
454. {
455. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
456. },
457. {
458. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\cb23f8734d88734ca66c47c4527fd259"
459. },
460. {
461. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
462. },
463. {
464. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8408552e6dae7d45a0ba01520b6221ff"
465. },
466. {
467. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e"
468. },
469. {
470. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook"
471. },
472. {
473. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046"
474. },
475. {
476. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2"
477. },
478. {
479. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\240a97d961ed46428e29a3f1f1c23670"
480. },
481. {
482. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604"
483. },
484. {
485. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8f92b60606058348930a96946cf329e1"
486. },
487. {
488. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a"
489. },
490. {
491. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
492. }
493. ]
494. },
495. {
496. "Description": "Attempts to interact with an Alternate Data Stream (ADS)",
497. "Details": [
498. {
499. "file": "C:\\Users\\user\\AppData\\Roaming\\angydk\\angnd.exe:ZoneIdentifier"
500. }
501. ]
502. },
503. {
504. "Description": "Collects information to fingerprint the system",
505. "Details": []
506. },
507. {
508. "Description": "Anomalous binary characteristics",
509. "Details": [
510. {
511. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
512. }
513. ]
514. },
515. {
516. "Description": "Created network traffic indicative of malicious activity",
517. "Details": [
518. {
519. "signature": "ET TROJAN Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)"
520. },
521. {
522. "signature": "ET TROJAN AZORult Variant.4 Checkin M2"
523. }
524. ]
525. }
526. ]
527.  
528. [*] Started Service: [
529. "VaultSvc"
530. ]
531.  
532. [*] Executed Commands: [
533. "\"C:\\Users\\user\\AppData\\Roaming\\angydk\\angnd.exe\"",
534. "C:\\Windows\\system32\\lsass.exe"
535. ]
536.  
537. [*] Mutexes: [
538. "A81FB8C6-0BBE6E18-6FC9B5DB-536DA455-933946726"
539. ]
540.  
541. [*] Modified Files: [
542. "C:\\Users\\user\\AppData\\Roaming\\angydk\\angnd.exe",
543. "C:\\Users\\user\\AppData\\Roaming\\angydk\\angnd.exe:ZoneIdentifier",
544. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-console-l1-1-0.dll",
545. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-datetime-l1-1-0.dll",
546. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-debug-l1-1-0.dll",
547. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-errorhandling-l1-1-0.dll",
548. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-1-0.dll",
549. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-2-0.dll",
550. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l2-1-0.dll",
551. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-handle-l1-1-0.dll",
552. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-heap-l1-1-0.dll",
553. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-interlocked-l1-1-0.dll",
554. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-libraryloader-l1-1-0.dll",
555. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-localization-l1-2-0.dll",
556. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-memory-l1-1-0.dll",
557. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-namedpipe-l1-1-0.dll",
558. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processenvironment-l1-1-0.dll",
559. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-0.dll",
560. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-1.dll",
561. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-profile-l1-1-0.dll",
562. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-rtlsupport-l1-1-0.dll",
563. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-string-l1-1-0.dll",
564. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-1-0.dll",
565. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-2-0.dll",
566. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-sysinfo-l1-1-0.dll",
567. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-timezone-l1-1-0.dll",
568. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-util-l1-1-0.dll",
569. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-conio-l1-1-0.dll",
570. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-convert-l1-1-0.dll",
571. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-environment-l1-1-0.dll",
572. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-filesystem-l1-1-0.dll",
573. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-heap-l1-1-0.dll",
574. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-locale-l1-1-0.dll",
575. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-math-l1-1-0.dll",
576. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-multibyte-l1-1-0.dll",
577. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-private-l1-1-0.dll",
578. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-process-l1-1-0.dll",
579. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-runtime-l1-1-0.dll",
580. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-stdio-l1-1-0.dll",
581. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-string-l1-1-0.dll",
582. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-time-l1-1-0.dll",
583. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-utility-l1-1-0.dll",
584. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\freebl3.dll",
585. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\mozglue.dll",
586. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\msvcp140.dll",
587. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nss3.dll",
588. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nssdbm3.dll",
589. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\softokn3.dll",
590. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\ucrtbase.dll",
591. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\vcruntime140.dll",
592. "C:\\Users\\user\\AppData\\Local\\Temp\\303630157465359052914733.tmp",
593. "C:\\Users\\user\\AppData\\Local\\Temp\\30414937159551642847736.tmp",
594. "C:\\Users\\user\\AppData\\Local\\Temp\\30415000218275402140721.tmp",
595. "C:\\Users\\user\\AppData\\Local\\Temp\\304150319924777099523514.tmp",
596. "C:\\Users\\user\\AppData\\Local\\Temp\\304150933246395587712185.tmp",
597. "C:\\Users\\user\\AppData\\Local\\Temp\\curbuf.dat",
598. "C:\\Windows\\sysnative\\LogFiles\\Scm\\9e15f45a-579f-40ff-973c-7890b2e1e338"
599. ]
600.  
601. [*] Deleted Files: [
602. "C:\\Users\\user\\AppData\\Roaming\\angydk\\angnd.exe",
603. "C:\\Users\\user\\AppData\\Local\\Temp\\303630157465359052914733.tmp",
604. "C:\\Users\\user\\AppData\\Local\\Temp\\30414937159551642847736.tmp",
605. "C:\\Users\\user\\AppData\\Local\\Temp\\30415000218275402140721.tmp",
606. "C:\\Users\\user\\AppData\\Local\\Temp\\304150319924777099523514.tmp",
607. "C:\\Users\\user\\AppData\\Local\\Temp\\304150933246395587712185.tmp",
608. "C:\\Users\\user\\AppData\\Local\\Temp\\curbuf.dat",
609. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-console-l1-1-0.dll",
610. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-datetime-l1-1-0.dll",
611. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-debug-l1-1-0.dll",
612. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-errorhandling-l1-1-0.dll",
613. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-1-0.dll",
614. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-2-0.dll",
615. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l2-1-0.dll",
616. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-handle-l1-1-0.dll",
617. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-heap-l1-1-0.dll",
618. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-interlocked-l1-1-0.dll",
619. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-libraryloader-l1-1-0.dll",
620. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-localization-l1-2-0.dll",
621. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-memory-l1-1-0.dll",
622. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-namedpipe-l1-1-0.dll",
623. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processenvironment-l1-1-0.dll",
624. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-0.dll",
625. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-1.dll",
626. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-profile-l1-1-0.dll",
627. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-rtlsupport-l1-1-0.dll",
628. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-string-l1-1-0.dll",
629. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-1-0.dll",
630. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-2-0.dll",
631. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-sysinfo-l1-1-0.dll",
632. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-timezone-l1-1-0.dll",
633. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-util-l1-1-0.dll",
634. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-conio-l1-1-0.dll",
635. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-convert-l1-1-0.dll",
636. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-environment-l1-1-0.dll",
637. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-filesystem-l1-1-0.dll",
638. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-heap-l1-1-0.dll",
639. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-locale-l1-1-0.dll",
640. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-math-l1-1-0.dll",
641. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-multibyte-l1-1-0.dll",
642. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-private-l1-1-0.dll",
643. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-process-l1-1-0.dll",
644. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-runtime-l1-1-0.dll",
645. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-stdio-l1-1-0.dll",
646. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-string-l1-1-0.dll",
647. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-time-l1-1-0.dll",
648. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-utility-l1-1-0.dll",
649. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\freebl3.dll",
650. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\mozglue.dll",
651. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\msvcp140.dll",
652. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nss3.dll",
653. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nssdbm3.dll",
654. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\softokn3.dll",
655. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\ucrtbase.dll",
656. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\vcruntime140.dll",
657. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\"
658. ]
659.  
660. [*] Modified Registry Keys: []
661.  
662. [*] Deleted Registry Keys: []
663.  
664. [*] DNS Communications: [
665. {
666. "type": "A",
667. "request": "modestclouds.eu",
668. "answers": [
669. {
670. "data": "164.132.62.98",
671. "type": "A"
672. }
673. ]
674. }
675. ]
676.  
677. [*] Domains: [
678. {
679. "ip": "164.132.62.98",
680. "domain": "modestclouds.eu"
681. }
682. ]
683.  
684. [*] Network Communication - ICMP: []
685.  
686. [*] Network Communication - HTTP: [
687. {
688. "count": 1,
689. "body": "J/\\xfb5/\\xfb<L\\x8a(9\\xf0N/\\xfb;/\\xfaI/\\xfb=H\\x8aH/\\xfb;O\\xed>;\\xed>2\\xed?N\\xed><\\x8eN/\\xfb4H\\xed>?\\x8cO/\\xfaI/\\xfb8/\\xfb>/\\xfb;N\\x89(9\\xfc(9\\xfd(9\\xfd(8\\x8c(9\\xf1(9\\xfb(9\\xfb(9\\xf1(9\\xfc(9\\xfe(9\\xff(9\\xfa(9\\xfe",
690. "uri": "http://modestclouds.eu/angel/index.php",
691. "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)",
692. "method": "POST",
693. "host": "modestclouds.eu",
694. "version": "1.1",
695. "path": "/angel/index.php",
696. "data": "POST /angel/index.php HTTP/1.1\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)\r\nHost: modestclouds.eu\r\nContent-Length: 105\r\nCache-Control: no-cache\r\n\r\nJ/\\xfb5/\\xfb<L\\x8a(9\\xf0N/\\xfb;/\\xfaI/\\xfb=H\\x8aH/\\xfb;O\\xed>;\\xed>2\\xed?N\\xed><\\x8eN/\\xfb4H\\xed>?\\x8cO/\\xfaI/\\xfb8/\\xfb>/\\xfb;N\\x89(9\\xfc(9\\xfd(9\\xfd(8\\x8c(9\\xf1(9\\xfb(9\\xfb(9\\xf1(9\\xfc(9\\xfe(9\\xff(9\\xfa(9\\xfe",
697. "port": 80
698. },
699. {
700. "count": 1,
701. "body": "",
702. "uri": "http://modestclouds.eu/angel/index.php",
703. "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)",
704. "method": "POST",
705. "host": "modestclouds.eu",
706. "version": "1.1",
707. "path": "/angel/index.php",
708. "data": "POST /angel/index.php HTTP/1.1\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)\r\nHost: modestclouds.eu\r\nContent-Length: 64308\r\nCache-Control: no-cache\r\n\r\n",
709. "port": 80
710. }
711. ]
712.  
713. [*] Network Communication - SMTP: []
714.  
715. [*] Network Communication - Hosts: []
716.  
717. [*] Network Communication - IRC: []
718.  
719. [*] Static Analysis: {
720. "pe": {
721. "peid_signatures": null,
722. "imports": [
723. {
724. "imports": [
725. {
726. "name": "DeleteCriticalSection",
727. "address": "0x46f168"
728. },
729. {
730. "name": "LeaveCriticalSection",
731. "address": "0x46f16c"
732. },
733. {
734. "name": "EnterCriticalSection",
735. "address": "0x46f170"
736. },
737. {
738. "name": "InitializeCriticalSection",
739. "address": "0x46f174"
740. },
741. {
742. "name": "VirtualFree",
743. "address": "0x46f178"
744. },
745. {
746. "name": "VirtualAlloc",
747. "address": "0x46f17c"
748. },
749. {
750. "name": "LocalFree",
751. "address": "0x46f180"
752. },
753. {
754. "name": "LocalAlloc",
755. "address": "0x46f184"
756. },
757. {
758. "name": "GetVersion",
759. "address": "0x46f188"
760. },
761. {
762. "name": "GetCurrentThreadId",
763. "address": "0x46f18c"
764. },
765. {
766. "name": "InterlockedDecrement",
767. "address": "0x46f190"
768. },
769. {
770. "name": "InterlockedIncrement",
771. "address": "0x46f194"
772. },
773. {
774. "name": "VirtualQuery",
775. "address": "0x46f198"
776. },
777. {
778. "name": "WideCharToMultiByte",
779. "address": "0x46f19c"
780. },
781. {
782. "name": "MultiByteToWideChar",
783. "address": "0x46f1a0"
784. },
785. {
786. "name": "lstrlenA",
787. "address": "0x46f1a4"
788. },
789. {
790. "name": "lstrcpynA",
791. "address": "0x46f1a8"
792. },
793. {
794. "name": "LoadLibraryExA",
795. "address": "0x46f1ac"
796. },
797. {
798. "name": "GetThreadLocale",
799. "address": "0x46f1b0"
800. },
801. {
802. "name": "GetStartupInfoA",
803. "address": "0x46f1b4"
804. },
805. {
806. "name": "GetProcAddress",
807. "address": "0x46f1b8"
808. },
809. {
810. "name": "GetModuleHandleA",
811. "address": "0x46f1bc"
812. },
813. {
814. "name": "GetModuleFileNameA",
815. "address": "0x46f1c0"
816. },
817. {
818. "name": "GetLocaleInfoA",
819. "address": "0x46f1c4"
820. },
821. {
822. "name": "GetCommandLineA",
823. "address": "0x46f1c8"
824. },
825. {
826. "name": "FreeLibrary",
827. "address": "0x46f1cc"
828. },
829. {
830. "name": "FindFirstFileA",
831. "address": "0x46f1d0"
832. },
833. {
834. "name": "FindClose",
835. "address": "0x46f1d4"
836. },
837. {
838. "name": "ExitProcess",
839. "address": "0x46f1d8"
840. },
841. {
842. "name": "WriteFile",
843. "address": "0x46f1dc"
844. },
845. {
846. "name": "UnhandledExceptionFilter",
847. "address": "0x46f1e0"
848. },
849. {
850. "name": "RtlUnwind",
851. "address": "0x46f1e4"
852. },
853. {
854. "name": "RaiseException",
855. "address": "0x46f1e8"
856. },
857. {
858. "name": "GetStdHandle",
859. "address": "0x46f1ec"
860. }
861. ],
862. "dll": "kernel32.dll"
863. },
864. {
865. "imports": [
866. {
867. "name": "GetKeyboardType",
868. "address": "0x46f1f4"
869. },
870. {
871. "name": "LoadStringA",
872. "address": "0x46f1f8"
873. },
874. {
875. "name": "MessageBoxA",
876. "address": "0x46f1fc"
877. },
878. {
879. "name": "CharNextA",
880. "address": "0x46f200"
881. }
882. ],
883. "dll": "user32.dll"
884. },
885. {
886. "imports": [
887. {
888. "name": "RegQueryValueExA",
889. "address": "0x46f208"
890. },
891. {
892. "name": "RegOpenKeyExA",
893. "address": "0x46f20c"
894. },
895. {
896. "name": "RegCloseKey",
897. "address": "0x46f210"
898. }
899. ],
900. "dll": "advapi32.dll"
901. },
902. {
903. "imports": [
904. {
905. "name": "SysFreeString",
906. "address": "0x46f218"
907. },
908. {
909. "name": "SysReAllocStringLen",
910. "address": "0x46f21c"
911. },
912. {
913. "name": "SysAllocStringLen",
914. "address": "0x46f220"
915. }
916. ],
917. "dll": "oleaut32.dll"
918. },
919. {
920. "imports": [
921. {
922. "name": "TlsSetValue",
923. "address": "0x46f228"
924. },
925. {
926. "name": "TlsGetValue",
927. "address": "0x46f22c"
928. },
929. {
930. "name": "LocalAlloc",
931. "address": "0x46f230"
932. },
933. {
934. "name": "GetModuleHandleA",
935. "address": "0x46f234"
936. }
937. ],
938. "dll": "kernel32.dll"
939. },
940. {
941. "imports": [
942. {
943. "name": "RegQueryValueExA",
944. "address": "0x46f23c"
945. },
946. {
947. "name": "RegOpenKeyExA",
948. "address": "0x46f240"
949. },
950. {
951. "name": "RegCloseKey",
952. "address": "0x46f244"
953. }
954. ],
955. "dll": "advapi32.dll"
956. },
957. {
958. "imports": [
959. {
960. "name": "lstrcpyA",
961. "address": "0x46f24c"
962. },
963. {
964. "name": "WriteFile",
965. "address": "0x46f250"
966. },
967. {
968. "name": "WaitForSingleObject",
969. "address": "0x46f254"
970. },
971. {
972. "name": "VirtualQuery",
973. "address": "0x46f258"
974. },
975. {
976. "name": "VirtualAlloc",
977. "address": "0x46f25c"
978. },
979. {
980. "name": "Sleep",
981. "address": "0x46f260"
982. },
983. {
984. "name": "SizeofResource",
985. "address": "0x46f264"
986. },
987. {
988. "name": "SetThreadLocale",
989. "address": "0x46f268"
990. },
991. {
992. "name": "SetFilePointer",
993. "address": "0x46f26c"
994. },
995. {
996. "name": "SetEvent",
997. "address": "0x46f270"
998. },
999. {
1000. "name": "SetErrorMode",
1001. "address": "0x46f274"
1002. },
1003. {
1004. "name": "SetEndOfFile",
1005. "address": "0x46f278"
1006. },
1007. {
1008. "name": "ResetEvent",
1009. "address": "0x46f27c"
1010. },
1011. {
1012. "name": "ReadFile",
1013. "address": "0x46f280"
1014. },
1015. {
1016. "name": "MultiByteToWideChar",
1017. "address": "0x46f284"
1018. },
1019. {
1020. "name": "MulDiv",
1021. "address": "0x46f288"
1022. },
1023. {
1024. "name": "LockResource",
1025. "address": "0x46f28c"
1026. },
1027. {
1028. "name": "LoadResource",
1029. "address": "0x46f290"
1030. },
1031. {
1032. "name": "LoadLibraryA",
1033. "address": "0x46f294"
1034. },
1035. {
1036. "name": "LeaveCriticalSection",
1037. "address": "0x46f298"
1038. },
1039. {
1040. "name": "InitializeCriticalSection",
1041. "address": "0x46f29c"
1042. },
1043. {
1044. "name": "GlobalUnlock",
1045. "address": "0x46f2a0"
1046. },
1047. {
1048. "name": "GlobalSize",
1049. "address": "0x46f2a4"
1050. },
1051. {
1052. "name": "GlobalReAlloc",
1053. "address": "0x46f2a8"
1054. },
1055. {
1056. "name": "GlobalHandle",
1057. "address": "0x46f2ac"
1058. },
1059. {
1060. "name": "GlobalLock",
1061. "address": "0x46f2b0"
1062. },
1063. {
1064. "name": "GlobalFree",
1065. "address": "0x46f2b4"
1066. },
1067. {
1068. "name": "GlobalFindAtomA",
1069. "address": "0x46f2b8"
1070. },
1071. {
1072. "name": "GlobalDeleteAtom",
1073. "address": "0x46f2bc"
1074. },
1075. {
1076. "name": "GlobalAlloc",
1077. "address": "0x46f2c0"
1078. },
1079. {
1080. "name": "GlobalAddAtomA",
1081. "address": "0x46f2c4"
1082. },
1083. {
1084. "name": "GetVersionExA",
1085. "address": "0x46f2c8"
1086. },
1087. {
1088. "name": "GetVersion",
1089. "address": "0x46f2cc"
1090. },
1091. {
1092. "name": "GetUserDefaultLCID",
1093. "address": "0x46f2d0"
1094. },
1095. {
1096. "name": "GetTickCount",
1097. "address": "0x46f2d4"
1098. },
1099. {
1100. "name": "GetThreadLocale",
1101. "address": "0x46f2d8"
1102. },
1103. {
1104. "name": "GetSystemInfo",
1105. "address": "0x46f2dc"
1106. },
1107. {
1108. "name": "GetStringTypeExA",
1109. "address": "0x46f2e0"
1110. },
1111. {
1112. "name": "GetStdHandle",
1113. "address": "0x46f2e4"
1114. },
1115. {
1116. "name": "GetProfileStringA",
1117. "address": "0x46f2e8"
1118. },
1119. {
1120. "name": "GetProcAddress",
1121. "address": "0x46f2ec"
1122. },
1123. {
1124. "name": "GetModuleHandleA",
1125. "address": "0x46f2f0"
1126. },
1127. {
1128. "name": "GetModuleFileNameA",
1129. "address": "0x46f2f4"
1130. },
1131. {
1132. "name": "GetLocaleInfoA",
1133. "address": "0x46f2f8"
1134. },
1135. {
1136. "name": "GetLocalTime",
1137. "address": "0x46f2fc"
1138. },
1139. {
1140. "name": "GetLastError",
1141. "address": "0x46f300"
1142. },
1143. {
1144. "name": "GetFullPathNameA",
1145. "address": "0x46f304"
1146. },
1147. {
1148. "name": "GetDiskFreeSpaceA",
1149. "address": "0x46f308"
1150. },
1151. {
1152. "name": "GetDateFormatA",
1153. "address": "0x46f30c"
1154. },
1155. {
1156. "name": "GetCurrentThreadId",
1157. "address": "0x46f310"
1158. },
1159. {
1160. "name": "GetCurrentProcessId",
1161. "address": "0x46f314"
1162. },
1163. {
1164. "name": "GetComputerNameA",
1165. "address": "0x46f318"
1166. },
1167. {
1168. "name": "GetCPInfo",
1169. "address": "0x46f31c"
1170. },
1171. {
1172. "name": "GetACP",
1173. "address": "0x46f320"
1174. },
1175. {
1176. "name": "FreeResource",
1177. "address": "0x46f324"
1178. },
1179. {
1180. "name": "InterlockedExchange",
1181. "address": "0x46f328"
1182. },
1183. {
1184. "name": "FreeLibrary",
1185. "address": "0x46f32c"
1186. },
1187. {
1188. "name": "FormatMessageA",
1189. "address": "0x46f330"
1190. },
1191. {
1192. "name": "FindResourceA",
1193. "address": "0x46f334"
1194. },
1195. {
1196. "name": "EnumCalendarInfoA",
1197. "address": "0x46f338"
1198. },
1199. {
1200. "name": "EnterCriticalSection",
1201. "address": "0x46f33c"
1202. },
1203. {
1204. "name": "DeleteCriticalSection",
1205. "address": "0x46f340"
1206. },
1207. {
1208. "name": "CreateThread",
1209. "address": "0x46f344"
1210. },
1211. {
1212. "name": "CreateFileA",
1213. "address": "0x46f348"
1214. },
1215. {
1216. "name": "CreateEventA",
1217. "address": "0x46f34c"
1218. },
1219. {
1220. "name": "CompareStringA",
1221. "address": "0x46f350"
1222. },
1223. {
1224. "name": "CloseHandle",
1225. "address": "0x46f354"
1226. }
1227. ],
1228. "dll": "kernel32.dll"
1229. },
1230. {
1231. "imports": [
1232. {
1233. "name": "VerQueryValueA",
1234. "address": "0x46f35c"
1235. },
1236. {
1237. "name": "GetFileVersionInfoSizeA",
1238. "address": "0x46f360"
1239. },
1240. {
1241. "name": "GetFileVersionInfoA",
1242. "address": "0x46f364"
1243. }
1244. ],
1245. "dll": "version.dll"
1246. },
1247. {
1248. "imports": [
1249. {
1250. "name": "UnrealizeObject",
1251. "address": "0x46f36c"
1252. },
1253. {
1254. "name": "StretchBlt",
1255. "address": "0x46f370"
1256. },
1257. {
1258. "name": "SetWindowOrgEx",
1259. "address": "0x46f374"
1260. },
1261. {
1262. "name": "SetWinMetaFileBits",
1263. "address": "0x46f378"
1264. },
1265. {
1266. "name": "SetViewportOrgEx",
1267. "address": "0x46f37c"
1268. },
1269. {
1270. "name": "SetTextColor",
1271. "address": "0x46f380"
1272. },
1273. {
1274. "name": "SetStretchBltMode",
1275. "address": "0x46f384"
1276. },
1277. {
1278. "name": "SetROP2",
1279. "address": "0x46f388"
1280. },
1281. {
1282. "name": "SetPixel",
1283. "address": "0x46f38c"
1284. },
1285. {
1286. "name": "SetMapMode",
1287. "address": "0x46f390"
1288. },
1289. {
1290. "name": "SetEnhMetaFileBits",
1291. "address": "0x46f394"
1292. },
1293. {
1294. "name": "SetDIBColorTable",
1295. "address": "0x46f398"
1296. },
1297. {
1298. "name": "SetBrushOrgEx",
1299. "address": "0x46f39c"
1300. },
1301. {
1302. "name": "SetBkMode",
1303. "address": "0x46f3a0"
1304. },
1305. {
1306. "name": "SetBkColor",
1307. "address": "0x46f3a4"
1308. },
1309. {
1310. "name": "SelectPalette",
1311. "address": "0x46f3a8"
1312. },
1313. {
1314. "name": "SelectObject",
1315. "address": "0x46f3ac"
1316. },
1317. {
1318. "name": "SelectClipRgn",
1319. "address": "0x46f3b0"
1320. },
1321. {
1322. "name": "ScaleWindowExtEx",
1323. "address": "0x46f3b4"
1324. },
1325. {
1326. "name": "SaveDC",
1327. "address": "0x46f3b8"
1328. },
1329. {
1330. "name": "RestoreDC",
1331. "address": "0x46f3bc"
1332. },
1333. {
1334. "name": "RectVisible",
1335. "address": "0x46f3c0"
1336. },
1337. {
1338. "name": "RealizePalette",
1339. "address": "0x46f3c4"
1340. },
1341. {
1342. "name": "PlayEnhMetaFile",
1343. "address": "0x46f3c8"
1344. },
1345. {
1346. "name": "PathToRegion",
1347. "address": "0x46f3cc"
1348. },
1349. {
1350. "name": "PatBlt",
1351. "address": "0x46f3d0"
1352. },
1353. {
1354. "name": "MoveToEx",
1355. "address": "0x46f3d4"
1356. },
1357. {
1358. "name": "MaskBlt",
1359. "address": "0x46f3d8"
1360. },
1361. {
1362. "name": "LineTo",
1363. "address": "0x46f3dc"
1364. },
1365. {
1366. "name": "LPtoDP",
1367. "address": "0x46f3e0"
1368. },
1369. {
1370. "name": "IntersectClipRect",
1371. "address": "0x46f3e4"
1372. },
1373. {
1374. "name": "GetWindowOrgEx",
1375. "address": "0x46f3e8"
1376. },
1377. {
1378. "name": "GetWinMetaFileBits",
1379. "address": "0x46f3ec"
1380. },
1381. {
1382. "name": "GetTextMetricsA",
1383. "address": "0x46f3f0"
1384. },
1385. {
1386. "name": "GetTextExtentPoint32A",
1387. "address": "0x46f3f4"
1388. },
1389. {
1390. "name": "GetSystemPaletteEntries",
1391. "address": "0x46f3f8"
1392. },
1393. {
1394. "name": "GetStockObject",
1395. "address": "0x46f3fc"
1396. },
1397. {
1398. "name": "GetPixel",
1399. "address": "0x46f400"
1400. },
1401. {
1402. "name": "GetPaletteEntries",
1403. "address": "0x46f404"
1404. },
1405. {
1406. "name": "GetObjectA",
1407. "address": "0x46f408"
1408. },
1409. {
1410. "name": "GetEnhMetaFilePaletteEntries",
1411. "address": "0x46f40c"
1412. },
1413. {
1414. "name": "GetEnhMetaFileHeader",
1415. "address": "0x46f410"
1416. },
1417. {
1418. "name": "GetEnhMetaFileDescriptionA",
1419. "address": "0x46f414"
1420. },
1421. {
1422. "name": "GetEnhMetaFileBits",
1423. "address": "0x46f418"
1424. },
1425. {
1426. "name": "GetDeviceCaps",
1427. "address": "0x46f41c"
1428. },
1429. {
1430. "name": "GetDIBits",
1431. "address": "0x46f420"
1432. },
1433. {
1434. "name": "GetDIBColorTable",
1435. "address": "0x46f424"
1436. },
1437. {
1438. "name": "GetDCOrgEx",
1439. "address": "0x46f428"
1440. },
1441. {
1442. "name": "GetCurrentPositionEx",
1443. "address": "0x46f42c"
1444. },
1445. {
1446. "name": "GetClipBox",
1447. "address": "0x46f430"
1448. },
1449. {
1450. "name": "GetBrushOrgEx",
1451. "address": "0x46f434"
1452. },
1453. {
1454. "name": "GetBitmapBits",
1455. "address": "0x46f438"
1456. },
1457. {
1458. "name": "ExcludeClipRect",
1459. "address": "0x46f43c"
1460. },
1461. {
1462. "name": "EndPage",
1463. "address": "0x46f440"
1464. },
1465. {
1466. "name": "EndDoc",
1467. "address": "0x46f444"
1468. },
1469. {
1470. "name": "DeleteObject",
1471. "address": "0x46f448"
1472. },
1473. {
1474. "name": "DeleteEnhMetaFile",
1475. "address": "0x46f44c"
1476. },
1477. {
1478. "name": "DeleteDC",
1479. "address": "0x46f450"
1480. },
1481. {
1482. "name": "CreateSolidBrush",
1483. "address": "0x46f454"
1484. },
1485. {
1486. "name": "CreatePenIndirect",
1487. "address": "0x46f458"
1488. },
1489. {
1490. "name": "CreatePalette",
1491. "address": "0x46f45c"
1492. },
1493. {
1494. "name": "CreateICA",
1495. "address": "0x46f460"
1496. },
1497. {
1498. "name": "CreateHalftonePalette",
1499. "address": "0x46f464"
1500. },
1501. {
1502. "name": "CreateFontIndirectA",
1503. "address": "0x46f468"
1504. },
1505. {
1506. "name": "CreateEnhMetaFileA",
1507. "address": "0x46f46c"
1508. },
1509. {
1510. "name": "CreateDIBitmap",
1511. "address": "0x46f470"
1512. },
1513. {
1514. "name": "CreateDIBSection",
1515. "address": "0x46f474"
1516. },
1517. {
1518. "name": "CreateDCA",
1519. "address": "0x46f478"
1520. },
1521. {
1522. "name": "CreateCompatibleDC",
1523. "address": "0x46f47c"
1524. },
1525. {
1526. "name": "CreateCompatibleBitmap",
1527. "address": "0x46f480"
1528. },
1529. {
1530. "name": "CreateBrushIndirect",
1531. "address": "0x46f484"
1532. },
1533. {
1534. "name": "CreateBitmap",
1535. "address": "0x46f488"
1536. },
1537. {
1538. "name": "CopyEnhMetaFileA",
1539. "address": "0x46f48c"
1540. },
1541. {
1542. "name": "CloseEnhMetaFile",
1543. "address": "0x46f490"
1544. },
1545. {
1546. "name": "BitBlt",
1547. "address": "0x46f494"
1548. }
1549. ],
1550. "dll": "gdi32.dll"
1551. },
1552. {
1553. "imports": [
1554. {
1555. "name": "CreateWindowExA",
1556. "address": "0x46f49c"
1557. },
1558. {
1559. "name": "WindowFromPoint",
1560. "address": "0x46f4a0"
1561. },
1562. {
1563. "name": "WinHelpA",
1564. "address": "0x46f4a4"
1565. },
1566. {
1567. "name": "WaitMessage",
1568. "address": "0x46f4a8"
1569. },
1570. {
1571. "name": "UpdateWindow",
1572. "address": "0x46f4ac"
1573. },
1574. {
1575. "name": "UnregisterClassA",
1576. "address": "0x46f4b0"
1577. },
1578. {
1579. "name": "UnhookWindowsHookEx",
1580. "address": "0x46f4b4"
1581. },
1582. {
1583. "name": "TranslateMessage",
1584. "address": "0x46f4b8"
1585. },
1586. {
1587. "name": "TranslateMDISysAccel",
1588. "address": "0x46f4bc"
1589. },
1590. {
1591. "name": "TrackPopupMenu",
1592. "address": "0x46f4c0"
1593. },
1594. {
1595. "name": "SystemParametersInfoA",
1596. "address": "0x46f4c4"
1597. },
1598. {
1599. "name": "ShowWindow",
1600. "address": "0x46f4c8"
1601. },
1602. {
1603. "name": "ShowScrollBar",
1604. "address": "0x46f4cc"
1605. },
1606. {
1607. "name": "ShowOwnedPopups",
1608. "address": "0x46f4d0"
1609. },
1610. {
1611. "name": "ShowCursor",
1612. "address": "0x46f4d4"
1613. },
1614. {
1615. "name": "SetWindowsHookExA",
1616. "address": "0x46f4d8"
1617. },
1618. {
1619. "name": "SetWindowTextA",
1620. "address": "0x46f4dc"
1621. },
1622. {
1623. "name": "SetWindowPos",
1624. "address": "0x46f4e0"
1625. },
1626. {
1627. "name": "SetWindowPlacement",
1628. "address": "0x46f4e4"
1629. },
1630. {
1631. "name": "SetWindowLongA",
1632. "address": "0x46f4e8"
1633. },
1634. {
1635. "name": "SetTimer",
1636. "address": "0x46f4ec"
1637. },
1638. {
1639. "name": "SetScrollRange",
1640. "address": "0x46f4f0"
1641. },
1642. {
1643. "name": "SetScrollPos",
1644. "address": "0x46f4f4"
1645. },
1646. {
1647. "name": "SetScrollInfo",
1648. "address": "0x46f4f8"
1649. },
1650. {
1651. "name": "SetRect",
1652. "address": "0x46f4fc"
1653. },
1654. {
1655. "name": "SetPropA",
1656. "address": "0x46f500"
1657. },
1658. {
1659. "name": "SetParent",
1660. "address": "0x46f504"
1661. },
1662. {
1663. "name": "SetMenuItemInfoA",
1664. "address": "0x46f508"
1665. },
1666. {
1667. "name": "SetMenu",
1668. "address": "0x46f50c"
1669. },
1670. {
1671. "name": "SetKeyboardState",
1672. "address": "0x46f510"
1673. },
1674. {
1675. "name": "SetForegroundWindow",
1676. "address": "0x46f514"
1677. },
1678. {
1679. "name": "SetFocus",
1680. "address": "0x46f518"
1681. },
1682. {
1683. "name": "SetCursor",
1684. "address": "0x46f51c"
1685. },
1686. {
1687. "name": "SetClipboardData",
1688. "address": "0x46f520"
1689. },
1690. {
1691. "name": "SetClassLongA",
1692. "address": "0x46f524"
1693. },
1694. {
1695. "name": "SetCapture",
1696. "address": "0x46f528"
1697. },
1698. {
1699. "name": "SetActiveWindow",
1700. "address": "0x46f52c"
1701. },
1702. {
1703. "name": "SendMessageA",
1704. "address": "0x46f530"
1705. },
1706. {
1707. "name": "ScrollWindow",
1708. "address": "0x46f534"
1709. },
1710. {
1711. "name": "ScreenToClient",
1712. "address": "0x46f538"
1713. },
1714. {
1715. "name": "RemovePropA",
1716. "address": "0x46f53c"
1717. },
1718. {
1719. "name": "RemoveMenu",
1720. "address": "0x46f540"
1721. },
1722. {
1723. "name": "ReleaseDC",
1724. "address": "0x46f544"
1725. },
1726. {
1727. "name": "ReleaseCapture",
1728. "address": "0x46f548"
1729. },
1730. {
1731. "name": "RegisterWindowMessageA",
1732. "address": "0x46f54c"
1733. },
1734. {
1735. "name": "RegisterClipboardFormatA",
1736. "address": "0x46f550"
1737. },
1738. {
1739. "name": "RegisterClassA",
1740. "address": "0x46f554"
1741. },
1742. {
1743. "name": "RedrawWindow",
1744. "address": "0x46f558"
1745. },
1746. {
1747. "name": "PtInRect",
1748. "address": "0x46f55c"
1749. },
1750. {
1751. "name": "PostQuitMessage",
1752. "address": "0x46f560"
1753. },
1754. {
1755. "name": "PostMessageA",
1756. "address": "0x46f564"
1757. },
1758. {
1759. "name": "PeekMessageA",
1760. "address": "0x46f568"
1761. },
1762. {
1763. "name": "OpenClipboard",
1764. "address": "0x46f56c"
1765. },
1766. {
1767. "name": "OffsetRect",
1768. "address": "0x46f570"
1769. },
1770. {
1771. "name": "OemToCharA",
1772. "address": "0x46f574"
1773. },
1774. {
1775. "name": "MessageBoxA",
1776. "address": "0x46f578"
1777. },
1778. {
1779. "name": "MessageBeep",
1780. "address": "0x46f57c"
1781. },
1782. {
1783. "name": "MapWindowPoints",
1784. "address": "0x46f580"
1785. },
1786. {
1787. "name": "MapVirtualKeyA",
1788. "address": "0x46f584"
1789. },
1790. {
1791. "name": "LoadStringA",
1792. "address": "0x46f588"
1793. },
1794. {
1795. "name": "LoadKeyboardLayoutA",
1796. "address": "0x46f58c"
1797. },
1798. {
1799. "name": "LoadIconA",
1800. "address": "0x46f590"
1801. },
1802. {
1803. "name": "LoadCursorA",
1804. "address": "0x46f594"
1805. },
1806. {
1807. "name": "LoadBitmapA",
1808. "address": "0x46f598"
1809. },
1810. {
1811. "name": "KillTimer",
1812. "address": "0x46f59c"
1813. },
1814. {
1815. "name": "IsZoomed",
1816. "address": "0x46f5a0"
1817. },
1818. {
1819. "name": "IsWindowVisible",
1820. "address": "0x46f5a4"
1821. },
1822. {
1823. "name": "IsWindowEnabled",
1824. "address": "0x46f5a8"
1825. },
1826. {
1827. "name": "IsWindow",
1828. "address": "0x46f5ac"
1829. },
1830. {
1831. "name": "IsRectEmpty",
1832. "address": "0x46f5b0"
1833. },
1834. {
1835. "name": "IsIconic",
1836. "address": "0x46f5b4"
1837. },
1838. {
1839. "name": "IsDialogMessageA",
1840. "address": "0x46f5b8"
1841. },
1842. {
1843. "name": "IsChild",
1844. "address": "0x46f5bc"
1845. },
1846. {
1847. "name": "IsCharAlphaNumericA",
1848. "address": "0x46f5c0"
1849. },
1850. {
1851. "name": "IsCharAlphaA",
1852. "address": "0x46f5c4"
1853. },
1854. {
1855. "name": "InvalidateRect",
1856. "address": "0x46f5c8"
1857. },
1858. {
1859. "name": "IntersectRect",
1860. "address": "0x46f5cc"
1861. },
1862. {
1863. "name": "InsertMenuItemA",
1864. "address": "0x46f5d0"
1865. },
1866. {
1867. "name": "InsertMenuA",
1868. "address": "0x46f5d4"
1869. },
1870. {
1871. "name": "InflateRect",
1872. "address": "0x46f5d8"
1873. },
1874. {
1875. "name": "GetWindowThreadProcessId",
1876. "address": "0x46f5dc"
1877. },
1878. {
1879. "name": "GetWindowTextA",
1880. "address": "0x46f5e0"
1881. },
1882. {
1883. "name": "GetWindowRect",
1884. "address": "0x46f5e4"
1885. },
1886. {
1887. "name": "GetWindowPlacement",
1888. "address": "0x46f5e8"
1889. },
1890. {
1891. "name": "GetWindowLongA",
1892. "address": "0x46f5ec"
1893. },
1894. {
1895. "name": "GetWindowDC",
1896. "address": "0x46f5f0"
1897. },
1898. {
1899. "name": "GetTopWindow",
1900. "address": "0x46f5f4"
1901. },
1902. {
1903. "name": "GetSystemMetrics",
1904. "address": "0x46f5f8"
1905. },
1906. {
1907. "name": "GetSystemMenu",
1908. "address": "0x46f5fc"
1909. },
1910. {
1911. "name": "GetSysColorBrush",
1912. "address": "0x46f600"
1913. },
1914. {
1915. "name": "GetSysColor",
1916. "address": "0x46f604"
1917. },
1918. {
1919. "name": "GetSubMenu",
1920. "address": "0x46f608"
1921. },
1922. {
1923. "name": "GetScrollRange",
1924. "address": "0x46f60c"
1925. },
1926. {
1927. "name": "GetScrollPos",
1928. "address": "0x46f610"
1929. },
1930. {
1931. "name": "GetScrollInfo",
1932. "address": "0x46f614"
1933. },
1934. {
1935. "name": "GetPropA",
1936. "address": "0x46f618"
1937. },
1938. {
1939. "name": "GetParent",
1940. "address": "0x46f61c"
1941. },
1942. {
1943. "name": "GetWindow",
1944. "address": "0x46f620"
1945. },
1946. {
1947. "name": "GetMessageTime",
1948. "address": "0x46f624"
1949. },
1950. {
1951. "name": "GetMenuStringA",
1952. "address": "0x46f628"
1953. },
1954. {
1955. "name": "GetMenuState",
1956. "address": "0x46f62c"
1957. },
1958. {
1959. "name": "GetMenuItemInfoA",
1960. "address": "0x46f630"
1961. },
1962. {
1963. "name": "GetMenuItemID",
1964. "address": "0x46f634"
1965. },
1966. {
1967. "name": "GetMenuItemCount",
1968. "address": "0x46f638"
1969. },
1970. {
1971. "name": "GetMenu",
1972. "address": "0x46f63c"
1973. },
1974. {
1975. "name": "GetLastActivePopup",
1976. "address": "0x46f640"
1977. },
1978. {
1979. "name": "GetKeyboardState",
1980. "address": "0x46f644"
1981. },
1982. {
1983. "name": "GetKeyboardLayoutList",
1984. "address": "0x46f648"
1985. },
1986. {
1987. "name": "GetKeyboardLayout",
1988. "address": "0x46f64c"
1989. },
1990. {
1991. "name": "GetKeyState",
1992. "address": "0x46f650"
1993. },
1994. {
1995. "name": "GetKeyNameTextA",
1996. "address": "0x46f654"
1997. },
1998. {
1999. "name": "GetIconInfo",
2000. "address": "0x46f658"
2001. },
2002. {
2003. "name": "GetForegroundWindow",
2004. "address": "0x46f65c"
2005. },
2006. {
2007. "name": "GetFocus",
2008. "address": "0x46f660"
2009. },
2010. {
2011. "name": "GetDesktopWindow",
2012. "address": "0x46f664"
2013. },
2014. {
2015. "name": "GetDCEx",
2016. "address": "0x46f668"
2017. },
2018. {
2019. "name": "GetDC",
2020. "address": "0x46f66c"
2021. },
2022. {
2023. "name": "GetCursorPos",
2024. "address": "0x46f670"
2025. },
2026. {
2027. "name": "GetCursor",
2028. "address": "0x46f674"
2029. },
2030. {
2031. "name": "GetClipboardData",
2032. "address": "0x46f678"
2033. },
2034. {
2035. "name": "GetClientRect",
2036. "address": "0x46f67c"
2037. },
2038. {
2039. "name": "GetClassNameA",
2040. "address": "0x46f680"
2041. },
2042. {
2043. "name": "GetClassInfoA",
2044. "address": "0x46f684"
2045. },
2046. {
2047. "name": "GetCapture",
2048. "address": "0x46f688"
2049. },
2050. {
2051. "name": "GetActiveWindow",
2052. "address": "0x46f68c"
2053. },
2054. {
2055. "name": "FrameRect",
2056. "address": "0x46f690"
2057. },
2058. {
2059. "name": "FindWindowA",
2060. "address": "0x46f694"
2061. },
2062. {
2063. "name": "FillRect",
2064. "address": "0x46f698"
2065. },
2066. {
2067. "name": "EqualRect",
2068. "address": "0x46f69c"
2069. },
2070. {
2071. "name": "EnumWindows",
2072. "address": "0x46f6a0"
2073. },
2074. {
2075. "name": "EnumThreadWindows",
2076. "address": "0x46f6a4"
2077. },
2078. {
2079. "name": "EnumClipboardFormats",
2080. "address": "0x46f6a8"
2081. },
2082. {
2083. "name": "EndPaint",
2084. "address": "0x46f6ac"
2085. },
2086. {
2087. "name": "EndDeferWindowPos",
2088. "address": "0x46f6b0"
2089. },
2090. {
2091. "name": "EnableWindow",
2092. "address": "0x46f6b4"
2093. },
2094. {
2095. "name": "EnableScrollBar",
2096. "address": "0x46f6b8"
2097. },
2098. {
2099. "name": "EnableMenuItem",
2100. "address": "0x46f6bc"
2101. },
2102. {
2103. "name": "EmptyClipboard",
2104. "address": "0x46f6c0"
2105. },
2106. {
2107. "name": "DrawTextA",
2108. "address": "0x46f6c4"
2109. },
2110. {
2111. "name": "DrawMenuBar",
2112. "address": "0x46f6c8"
2113. },
2114. {
2115. "name": "DrawIconEx",
2116. "address": "0x46f6cc"
2117. },
2118. {
2119. "name": "DrawIcon",
2120. "address": "0x46f6d0"
2121. },
2122. {
2123. "name": "DrawFrameControl",
2124. "address": "0x46f6d4"
2125. },
2126. {
2127. "name": "DrawEdge",
2128. "address": "0x46f6d8"
2129. },
2130. {
2131. "name": "DispatchMessageA",
2132. "address": "0x46f6dc"
2133. },
2134. {
2135. "name": "DestroyWindow",
2136. "address": "0x46f6e0"
2137. },
2138. {
2139. "name": "DestroyMenu",
2140. "address": "0x46f6e4"
2141. },
2142. {
2143. "name": "DestroyIcon",
2144. "address": "0x46f6e8"
2145. },
2146. {
2147. "name": "DestroyCursor",
2148. "address": "0x46f6ec"
2149. },
2150. {
2151. "name": "DeleteMenu",
2152. "address": "0x46f6f0"
2153. },
2154. {
2155. "name": "DeferWindowPos",
2156. "address": "0x46f6f4"
2157. },
2158. {
2159. "name": "DefWindowProcA",
2160. "address": "0x46f6f8"
2161. },
2162. {
2163. "name": "DefMDIChildProcA",
2164. "address": "0x46f6fc"
2165. },
2166. {
2167. "name": "DefFrameProcA",
2168. "address": "0x46f700"
2169. },
2170. {
2171. "name": "CreatePopupMenu",
2172. "address": "0x46f704"
2173. },
2174. {
2175. "name": "CreateMenu",
2176. "address": "0x46f708"
2177. },
2178. {
2179. "name": "CreateIcon",
2180. "address": "0x46f70c"
2181. },
2182. {
2183. "name": "CloseClipboard",
2184. "address": "0x46f710"
2185. },
2186. {
2187. "name": "ClientToScreen",
2188. "address": "0x46f714"
2189. },
2190. {
2191. "name": "CheckMenuItem",
2192. "address": "0x46f718"
2193. },
2194. {
2195. "name": "CallWindowProcA",
2196. "address": "0x46f71c"
2197. },
2198. {
2199. "name": "CallNextHookEx",
2200. "address": "0x46f720"
2201. },
2202. {
2203. "name": "BeginPaint",
2204. "address": "0x46f724"
2205. },
2206. {
2207. "name": "BeginDeferWindowPos",
2208. "address": "0x46f728"
2209. },
2210. {
2211. "name": "CharNextA",
2212. "address": "0x46f72c"
2213. },
2214. {
2215. "name": "CharLowerBuffA",
2216. "address": "0x46f730"
2217. },
2218. {
2219. "name": "CharLowerA",
2220. "address": "0x46f734"
2221. },
2222. {
2223. "name": "CharUpperBuffA",
2224. "address": "0x46f738"
2225. },
2226. {
2227. "name": "CharToOemA",
2228. "address": "0x46f73c"
2229. },
2230. {
2231. "name": "AdjustWindowRectEx",
2232. "address": "0x46f740"
2233. },
2234. {
2235. "name": "ActivateKeyboardLayout",
2236. "address": "0x46f744"
2237. }
2238. ],
2239. "dll": "user32.dll"
2240. },
2241. {
2242. "imports": [
2243. {
2244. "name": "Sleep",
2245. "address": "0x46f74c"
2246. }
2247. ],
2248. "dll": "kernel32.dll"
2249. },
2250. {
2251. "imports": [
2252. {
2253. "name": "SafeArrayPtrOfIndex",
2254. "address": "0x46f754"
2255. },
2256. {
2257. "name": "SafeArrayGetUBound",
2258. "address": "0x46f758"
2259. },
2260. {
2261. "name": "SafeArrayGetLBound",
2262. "address": "0x46f75c"
2263. },
2264. {
2265. "name": "SafeArrayCreate",
2266. "address": "0x46f760"
2267. },
2268. {
2269. "name": "VariantChangeType",
2270. "address": "0x46f764"
2271. },
2272. {
2273. "name": "VariantCopy",
2274. "address": "0x46f768"
2275. },
2276. {
2277. "name": "VariantClear",
2278. "address": "0x46f76c"
2279. },
2280. {
2281. "name": "VariantInit",
2282. "address": "0x46f770"
2283. }
2284. ],
2285. "dll": "oleaut32.dll"
2286. },
2287. {
2288. "imports": [
2289. {
2290. "name": "CreateStreamOnHGlobal",
2291. "address": "0x46f778"
2292. },
2293. {
2294. "name": "IsAccelerator",
2295. "address": "0x46f77c"
2296. },
2297. {
2298. "name": "OleDraw",
2299. "address": "0x46f780"
2300. },
2301. {
2302. "name": "OleSetMenuDescriptor",
2303. "address": "0x46f784"
2304. },
2305. {
2306. "name": "CoTaskMemFree",
2307. "address": "0x46f788"
2308. },
2309. {
2310. "name": "ProgIDFromCLSID",
2311. "address": "0x46f78c"
2312. },
2313. {
2314. "name": "StringFromCLSID",
2315. "address": "0x46f790"
2316. },
2317. {
2318. "name": "CoCreateInstance",
2319. "address": "0x46f794"
2320. },
2321. {
2322. "name": "CoGetClassObject",
2323. "address": "0x46f798"
2324. },
2325. {
2326. "name": "CoUninitialize",
2327. "address": "0x46f79c"
2328. },
2329. {
2330. "name": "CoInitialize",
2331. "address": "0x46f7a0"
2332. },
2333. {
2334. "name": "IsEqualGUID",
2335. "address": "0x46f7a4"
2336. }
2337. ],
2338. "dll": "ole32.dll"
2339. },
2340. {
2341. "imports": [
2342. {
2343. "name": "GetErrorInfo",
2344. "address": "0x46f7ac"
2345. },
2346. {
2347. "name": "GetActiveObject",
2348. "address": "0x46f7b0"
2349. },
2350. {
2351. "name": "SysFreeString",
2352. "address": "0x46f7b4"
2353. }
2354. ],
2355. "dll": "oleaut32.dll"
2356. },
2357. {
2358. "imports": [
2359. {
2360. "name": "ImageList_SetIconSize",
2361. "address": "0x46f7bc"
2362. },
2363. {
2364. "name": "ImageList_GetIconSize",
2365. "address": "0x46f7c0"
2366. },
2367. {
2368. "name": "ImageList_Write",
2369. "address": "0x46f7c4"
2370. },
2371. {
2372. "name": "ImageList_Read",
2373. "address": "0x46f7c8"
2374. },
2375. {
2376. "name": "ImageList_GetDragImage",
2377. "address": "0x46f7cc"
2378. },
2379. {
2380. "name": "ImageList_DragShowNolock",
2381. "address": "0x46f7d0"
2382. },
2383. {
2384. "name": "ImageList_SetDragCursorImage",
2385. "address": "0x46f7d4"
2386. },
2387. {
2388. "name": "ImageList_DragMove",
2389. "address": "0x46f7d8"
2390. },
2391. {
2392. "name": "ImageList_DragLeave",
2393. "address": "0x46f7dc"
2394. },
2395. {
2396. "name": "ImageList_DragEnter",
2397. "address": "0x46f7e0"
2398. },
2399. {
2400. "name": "ImageList_EndDrag",
2401. "address": "0x46f7e4"
2402. },
2403. {
2404. "name": "ImageList_BeginDrag",
2405. "address": "0x46f7e8"
2406. },
2407. {
2408. "name": "ImageList_Remove",
2409. "address": "0x46f7ec"
2410. },
2411. {
2412. "name": "ImageList_DrawEx",
2413. "address": "0x46f7f0"
2414. },
2415. {
2416. "name": "ImageList_Draw",
2417. "address": "0x46f7f4"
2418. },
2419. {
2420. "name": "ImageList_GetBkColor",
2421. "address": "0x46f7f8"
2422. },
2423. {
2424. "name": "ImageList_SetBkColor",
2425. "address": "0x46f7fc"
2426. },
2427. {
2428. "name": "ImageList_ReplaceIcon",
2429. "address": "0x46f800"
2430. },
2431. {
2432. "name": "ImageList_Add",
2433. "address": "0x46f804"
2434. },
2435. {
2436. "name": "ImageList_GetImageCount",
2437. "address": "0x46f808"
2438. },
2439. {
2440. "name": "ImageList_Destroy",
2441. "address": "0x46f80c"
2442. },
2443. {
2444. "name": "ImageList_Create",
2445. "address": "0x46f810"
2446. }
2447. ],
2448. "dll": "comctl32.dll"
2449. },
2450. {
2451. "imports": [
2452. {
2453. "name": "OpenPrinterA",
2454. "address": "0x46f818"
2455. },
2456. {
2457. "name": "EnumPrintersA",
2458. "address": "0x46f81c"
2459. },
2460. {
2461. "name": "DocumentPropertiesA",
2462. "address": "0x46f820"
2463. },
2464. {
2465. "name": "ClosePrinter",
2466. "address": "0x46f824"
2467. }
2468. ],
2469. "dll": "winspool.drv"
2470. },
2471. {
2472. "imports": [
2473. {
2474. "name": "PrintDlgA",
2475. "address": "0x46f82c"
2476. }
2477. ],
2478. "dll": "comdlg32.dll"
2479. }
2480. ],
2481. "digital_signers": null,
2482. "exported_dll_name": null,
2483. "actual_checksum": "0x0009ba71",
2484. "overlay": null,
2485. "imagebase": "0x00400000",
2486. "reported_checksum": "0x00000000",
2487. "icon_hash": null,
2488. "entrypoint": "0x0046304c",
2489. "timestamp": "1992-03-02 14:59:08",
2490. "osversion": "4.0",
2491. "sections": [
2492. {
2493. "name": "CODE",
2494. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2495. "virtual_address": "0x00001000",
2496. "size_of_data": "0x00062200",
2497. "entropy": "6.54",
2498. "raw_address": "0x00000400",
2499. "virtual_size": "0x00062094",
2500. "characteristics_raw": "0x60000020"
2501. },
2502. {
2503. "name": "DATA",
2504. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2505. "virtual_address": "0x00064000",
2506. "size_of_data": "0x00009600",
2507. "entropy": "4.97",
2508. "raw_address": "0x00062600",
2509. "virtual_size": "0x00009528",
2510. "characteristics_raw": "0xc0000040"
2511. },
2512. {
2513. "name": "BSS",
2514. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2515. "virtual_address": "0x0006e000",
2516. "size_of_data": "0x00000000",
2517. "entropy": "0.00",
2518. "raw_address": "0x0006bc00",
2519. "virtual_size": "0x00000d59",
2520. "characteristics_raw": "0xc0000000"
2521. },
2522. {
2523. "name": ".idata",
2524. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2525. "virtual_address": "0x0006f000",
2526. "size_of_data": "0x00002600",
2527. "entropy": "5.01",
2528. "raw_address": "0x0006bc00",
2529. "virtual_size": "0x00002540",
2530. "characteristics_raw": "0xc0000040"
2531. },
2532. {
2533. "name": ".tls",
2534. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2535. "virtual_address": "0x00072000",
2536. "size_of_data": "0x00000000",
2537. "entropy": "0.00",
2538. "raw_address": "0x0006e200",
2539. "virtual_size": "0x00000010",
2540. "characteristics_raw": "0xc0000000"
2541. },
2542. {
2543. "name": ".rdata",
2544. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2545. "virtual_address": "0x00073000",
2546. "size_of_data": "0x00000200",
2547. "entropy": "0.21",
2548. "raw_address": "0x0006e200",
2549. "virtual_size": "0x00000018",
2550. "characteristics_raw": "0x50000040"
2551. },
2552. {
2553. "name": ".reloc",
2554. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2555. "virtual_address": "0x00074000",
2556. "size_of_data": "0x00007200",
2557. "entropy": "6.67",
2558. "raw_address": "0x0006e400",
2559. "virtual_size": "0x00007108",
2560. "characteristics_raw": "0x50000040"
2561. },
2562. {
2563. "name": ".rsrc",
2564. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2565. "virtual_address": "0x0007c000",
2566. "size_of_data": "0x00025c00",
2567. "entropy": "7.08",
2568. "raw_address": "0x00075600",
2569. "virtual_size": "0x00025b70",
2570. "characteristics_raw": "0x50000040"
2571. }
2572. ],
2573. "resources": [],
2574. "dirents": [
2575. {
2576. "virtual_address": "0x00000000",
2577. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2578. "size": "0x00000000"
2579. },
2580. {
2581. "virtual_address": "0x0006f000",
2582. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2583. "size": "0x00002540"
2584. },
2585. {
2586. "virtual_address": "0x0007c000",
2587. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2588. "size": "0x00025b70"
2589. },
2590. {
2591. "virtual_address": "0x00000000",
2592. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2593. "size": "0x00000000"
2594. },
2595. {
2596. "virtual_address": "0x00000000",
2597. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2598. "size": "0x00000000"
2599. },
2600. {
2601. "virtual_address": "0x00074000",
2602. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2603. "size": "0x00007108"
2604. },
2605. {
2606. "virtual_address": "0x00000000",
2607. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2608. "size": "0x00000000"
2609. },
2610. {
2611. "virtual_address": "0x00000000",
2612. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2613. "size": "0x00000000"
2614. },
2615. {
2616. "virtual_address": "0x00000000",
2617. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2618. "size": "0x00000000"
2619. },
2620. {
2621. "virtual_address": "0x00073000",
2622. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2623. "size": "0x00000018"
2624. },
2625. {
2626. "virtual_address": "0x00000000",
2627. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2628. "size": "0x00000000"
2629. },
2630. {
2631. "virtual_address": "0x00000000",
2632. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2633. "size": "0x00000000"
2634. },
2635. {
2636. "virtual_address": "0x00000000",
2637. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2638. "size": "0x00000000"
2639. },
2640. {
2641. "virtual_address": "0x00000000",
2642. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2643. "size": "0x00000000"
2644. },
2645. {
2646. "virtual_address": "0x00000000",
2647. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2648. "size": "0x00000000"
2649. },
2650. {
2651. "virtual_address": "0x00000000",
2652. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2653. "size": "0x00000000"
2654. }
2655. ],
2656. "exports": [],
2657. "guest_signers": {},
2658. "imphash": "46116a2f8090728368dbf9ef96584273",
2659. "icon_fuzzy": null,
2660. "icon": null,
2661. "pdbpath": null,
2662. "imported_dll_count": 17,
2663. "versioninfo": []
2664. }
2665. }
2666.  
2667. [*] Resolved APIs: [
2668. "kernel32.dll.GetDiskFreeSpaceExA",
2669. "oleaut32.dll.VariantChangeTypeEx",
2670. "oleaut32.dll.VarNeg",
2671. "oleaut32.dll.VarNot",
2672. "oleaut32.dll.VarAdd",
2673. "oleaut32.dll.VarSub",
2674. "oleaut32.dll.VarMul",
2675. "oleaut32.dll.VarDiv",
2676. "oleaut32.dll.VarIdiv",
2677. "oleaut32.dll.VarMod",
2678. "oleaut32.dll.VarAnd",
2679. "oleaut32.dll.VarOr",
2680. "oleaut32.dll.VarXor",
2681. "oleaut32.dll.VarCmp",
2682. "oleaut32.dll.VarI4FromStr",
2683. "oleaut32.dll.VarR4FromStr",
2684. "oleaut32.dll.VarR8FromStr",
2685. "oleaut32.dll.VarDateFromStr",
2686. "oleaut32.dll.VarCyFromStr",
2687. "oleaut32.dll.VarBoolFromStr",
2688. "oleaut32.dll.VarBstrFromCy",
2689. "oleaut32.dll.VarBstrFromDate",
2690. "oleaut32.dll.VarBstrFromBool",
2691. "user32.dll.GetMonitorInfoA",
2692. "user32.dll.GetSystemMetrics",
2693. "user32.dll.EnumDisplayMonitors",
2694. "dwmapi.dll.DwmIsCompositionEnabled",
2695. "gdi32.dll.GetLayout",
2696. "gdi32.dll.GdiRealizationInfo",
2697. "gdi32.dll.FontIsLinked",
2698. "advapi32.dll.RegOpenKeyExW",
2699. "advapi32.dll.RegQueryInfoKeyW",
2700. "gdi32.dll.GetTextFaceAliasW",
2701. "advapi32.dll.RegEnumValueW",
2702. "advapi32.dll.RegCloseKey",
2703. "advapi32.dll.RegQueryValueExW",
2704. "gdi32.dll.GetFontAssocStatus",
2705. "advapi32.dll.RegQueryValueExA",
2706. "advapi32.dll.RegEnumKeyExW",
2707. "gdi32.dll.GdiIsMetaPrintDC",
2708. "user32.dll.AnimateWindow",
2709. "comctl32.dll.InitializeFlatSB",
2710. "comctl32.dll.UninitializeFlatSB",
2711. "comctl32.dll.FlatSB_GetScrollProp",
2712. "comctl32.dll.FlatSB_SetScrollProp",
2713. "comctl32.dll.FlatSB_EnableScrollBar",
2714. "comctl32.dll.FlatSB_ShowScrollBar",
2715. "comctl32.dll.FlatSB_GetScrollRange",
2716. "comctl32.dll.FlatSB_GetScrollInfo",
2717. "comctl32.dll.FlatSB_GetScrollPos",
2718. "comctl32.dll.FlatSB_SetScrollPos",
2719. "comctl32.dll.FlatSB_SetScrollInfo",
2720. "comctl32.dll.FlatSB_SetScrollRange",
2721. "user32.dll.SetLayeredWindowAttributes",
2722. "ole32.dll.CoCreateInstanceEx",
2723. "ole32.dll.CoInitializeEx",
2724. "ole32.dll.CoAddRefServerProcess",
2725. "ole32.dll.CoReleaseServerProcess",
2726. "ole32.dll.CoResumeClassObjects",
2727. "ole32.dll.CoSuspendClassObjects",
2728. "olepro32.dll.OleCreatePropertyFrame",
2729. "olepro32.dll.OleCreateFontIndirect",
2730. "olepro32.dll.OleCreatePictureIndirect",
2731. "olepro32.dll.OleLoadPicture",
2732. "crypt32.dll.CryptUnprotectData",
2733. "crtdll.dll.wcscmp",
2734. "gdiplus.dll.GdiplusStartup",
2735. "gdiplus.dll.GdiplusShutdown",
2736. "gdiplus.dll.GdipCreateBitmapFromHBITMAP",
2737. "gdiplus.dll.GdipGetImageEncodersSize",
2738. "gdiplus.dll.GdipGetImageEncoders",
2739. "gdiplus.dll.GdipDisposeImage",
2740. "gdiplus.dll.GdipSaveImageToStream",
2741. "ole32.dll.CreateStreamOnHGlobal",
2742. "ole32.dll.GetHGlobalFromStream",
2743. "kernel32.dll.ExpandEnvironmentStringsW",
2744. "kernel32.dll.GetComputerNameW",
2745. "kernel32.dll.GlobalMemoryStatus",
2746. "kernel32.dll.CreateFileW",
2747. "kernel32.dll.GetFileSize",
2748. "kernel32.dll.CloseHandle",
2749. "kernel32.dll.ReadFile",
2750. "kernel32.dll.GetFileAttributesW",
2751. "kernel32.dll.CreateMutexA",
2752. "kernel32.dll.ReleaseMutex",
2753. "kernel32.dll.GetLastError",
2754. "kernel32.dll.GetCurrentDirectoryW",
2755. "kernel32.dll.SetEnvironmentVariableW",
2756. "kernel32.dll.SetCurrentDirectoryW",
2757. "kernel32.dll.FindFirstFileW",
2758. "kernel32.dll.FindNextFileW",
2759. "kernel32.dll.LocalFree",
2760. "kernel32.dll.GetTickCount",
2761. "kernel32.dll.CopyFileW",
2762. "kernel32.dll.FindClose",
2763. "kernel32.dll.GlobalMemoryStatusEx",
2764. "kernel32.dll.CreateToolhelp32Snapshot",
2765. "kernel32.dll.Process32FirstW",
2766. "kernel32.dll.Process32NextW",
2767. "kernel32.dll.GetModuleFileNameW",
2768. "kernel32.dll.SetDllDirectoryW",
2769. "kernel32.dll.GetLocaleInfoA",
2770. "kernel32.dll.GetLocalTime",
2771. "kernel32.dll.GetTimeZoneInformation",
2772. "kernel32.dll.RemoveDirectoryW",
2773. "kernel32.dll.DeleteFileW",
2774. "kernel32.dll.GetLogicalDriveStringsA",
2775. "kernel32.dll.GetDriveTypeA",
2776. "kernel32.dll.CreateProcessW",
2777. "advapi32.dll.GetUserNameW",
2778. "advapi32.dll.RegCreateKeyExW",
2779. "advapi32.dll.AllocateAndInitializeSid",
2780. "advapi32.dll.LookupAccountSidA",
2781. "advapi32.dll.CreateProcessAsUserW",
2782. "advapi32.dll.CheckTokenMembership",
2783. "advapi32.dll.RegOpenKeyW",
2784. "advapi32.dll.RegEnumKeyW",
2785. "advapi32.dll.CryptAcquireContextA",
2786. "advapi32.dll.CryptCreateHash",
2787. "advapi32.dll.CryptHashData",
2788. "advapi32.dll.CryptGetHashParam",
2789. "advapi32.dll.CryptDestroyHash",
2790. "advapi32.dll.CryptReleaseContext",
2791. "user32.dll.EnumDisplayDevicesW",
2792. "user32.dll.wvsprintfA",
2793. "user32.dll.GetKeyboardLayoutList",
2794. "shell32.dll.ShellExecuteExW",
2795. "ntdll.dll.RtlComputeCrc32",
2796. "sechost.dll.LookupAccountSidLocalA",
2797. "wininet.dll.InternetOpenA",
2798. "wininet.dll.InternetConnectA",
2799. "wininet.dll.HttpOpenRequestA",
2800. "wininet.dll.HttpAddRequestHeadersA",
2801. "wininet.dll.HttpSendRequestA",
2802. "wininet.dll.InternetReadFile",
2803. "wininet.dll.InternetCloseHandle",
2804. "wininet.dll.InternetCrackUrlA",
2805. "wininet.dll.InternetSetOptionA",
2806. "rasapi32.dll.RasConnectionNotificationW",
2807. "sechost.dll.NotifyServiceStatusChangeA",
2808. "cryptbase.dll.SystemFunction036",
2809. "nss3.dll.sqlite3_open",
2810. "nss3.dll.sqlite3_close",
2811. "nss3.dll.sqlite3_prepare_v2",
2812. "nss3.dll.sqlite3_step",
2813. "nss3.dll.sqlite3_column_text",
2814. "nss3.dll.sqlite3_column_bytes",
2815. "nss3.dll.sqlite3_finalize",
2816. "nss3.dll.NSS_Init",
2817. "nss3.dll.PK11_GetInternalKeySlot",
2818. "nss3.dll.PK11_Authenticate",
2819. "nss3.dll.PK11SDR_Decrypt",
2820. "nss3.dll.NSS_Shutdown",
2821. "nss3.dll.PK11_FreeSlot",
2822. "kernel32.dll.InitializeCriticalSectionEx",
2823. "ole32.dll.CLSIDFromString",
2824. "vaultcli.dll.VaultOpenVault",
2825. "vaultcli.dll.VaultEnumerateItems",
2826. "vaultcli.dll.VaultGetItem",
2827. "uxtheme.dll.ThemeInitApiHook",
2828. "user32.dll.IsProcessDPIAware",
2829. "mlang.dll.#112",
2830. "wininet.dll.FindFirstUrlCacheEntryA",
2831. "urlmon.dll.CreateUri",
2832. "wininet.dll.FindNextUrlCacheEntryA",
2833. "urlmon.dll.CreateIUriBuilder",
2834. "urlmon.dll.IntlPercentEncodeNormalize",
2835. "wininet.dll.FindCloseUrlCache",
2836. "rpcrt4.dll.RpcStringBindingComposeW",
2837. "rpcrt4.dll.RpcBindingFromStringBindingW",
2838. "rpcrt4.dll.NdrClientCall2",
2839. "cryptbase.dll.SystemFunction041",
2840. "rpcrt4.dll.RpcStringFreeW",
2841. "rpcrt4.dll.RpcBindingFree",
2842. "kernel32.dll.IsProcessorFeaturePresent",
2843. "user32.dll.GetWindowInfo",
2844. "user32.dll.GetAncestor",
2845. "user32.dll.EnumDisplayDevicesA",
2846. "gdi32.dll.ExtTextOutW",
2847. "kernel32.dll.FlsGetValue",
2848. "windowscodecs.dll.DllGetClassObject",
2849. "kernel32.dll.WerRegisterMemoryBlock",
2850. "oleaut32.dll.#8",
2851. "oleaut32.dll.#9",
2852. "oleaut32.dll.#10",
2853. "kernel32.dll.IsWow64Process",
2854. "kernel32.dll.FlsFree"
2855. ]
2856.  
2857. [*] Static Analysis: {
2858. "pe": {
2859. "peid_signatures": null,
2860. "imports": [
2861. {
2862. "imports": [
2863. {
2864. "name": "DeleteCriticalSection",
2865. "address": "0x46f168"
2866. },
2867. {
2868. "name": "LeaveCriticalSection",
2869. "address": "0x46f16c"
2870. },
2871. {
2872. "name": "EnterCriticalSection",
2873. "address": "0x46f170"
2874. },
2875. {
2876. "name": "InitializeCriticalSection",
2877. "address": "0x46f174"
2878. },
2879. {
2880. "name": "VirtualFree",
2881. "address": "0x46f178"
2882. },
2883. {
2884. "name": "VirtualAlloc",
2885. "address": "0x46f17c"
2886. },
2887. {
2888. "name": "LocalFree",
2889. "address": "0x46f180"
2890. },
2891. {
2892. "name": "LocalAlloc",
2893. "address": "0x46f184"
2894. },
2895. {
2896. "name": "GetVersion",
2897. "address": "0x46f188"
2898. },
2899. {
2900. "name": "GetCurrentThreadId",
2901. "address": "0x46f18c"
2902. },
2903. {
2904. "name": "InterlockedDecrement",
2905. "address": "0x46f190"
2906. },
2907. {
2908. "name": "InterlockedIncrement",
2909. "address": "0x46f194"
2910. },
2911. {
2912. "name": "VirtualQuery",
2913. "address": "0x46f198"
2914. },
2915. {
2916. "name": "WideCharToMultiByte",
2917. "address": "0x46f19c"
2918. },
2919. {
2920. "name": "MultiByteToWideChar",
2921. "address": "0x46f1a0"
2922. },
2923. {
2924. "name": "lstrlenA",
2925. "address": "0x46f1a4"
2926. },
2927. {
2928. "name": "lstrcpynA",
2929. "address": "0x46f1a8"
2930. },
2931. {
2932. "name": "LoadLibraryExA",
2933. "address": "0x46f1ac"
2934. },
2935. {
2936. "name": "GetThreadLocale",
2937. "address": "0x46f1b0"
2938. },
2939. {
2940. "name": "GetStartupInfoA",
2941. "address": "0x46f1b4"
2942. },
2943. {
2944. "name": "GetProcAddress",
2945. "address": "0x46f1b8"
2946. },
2947. {
2948. "name": "GetModuleHandleA",
2949. "address": "0x46f1bc"
2950. },
2951. {
2952. "name": "GetModuleFileNameA",
2953. "address": "0x46f1c0"
2954. },
2955. {
2956. "name": "GetLocaleInfoA",
2957. "address": "0x46f1c4"
2958. },
2959. {
2960. "name": "GetCommandLineA",
2961. "address": "0x46f1c8"
2962. },
2963. {
2964. "name": "FreeLibrary",
2965. "address": "0x46f1cc"
2966. },
2967. {
2968. "name": "FindFirstFileA",
2969. "address": "0x46f1d0"
2970. },
2971. {
2972. "name": "FindClose",
2973. "address": "0x46f1d4"
2974. },
2975. {
2976. "name": "ExitProcess",
2977. "address": "0x46f1d8"
2978. },
2979. {
2980. "name": "WriteFile",
2981. "address": "0x46f1dc"
2982. },
2983. {
2984. "name": "UnhandledExceptionFilter",
2985. "address": "0x46f1e0"
2986. },
2987. {
2988. "name": "RtlUnwind",
2989. "address": "0x46f1e4"
2990. },
2991. {
2992. "name": "RaiseException",
2993. "address": "0x46f1e8"
2994. },
2995. {
2996. "name": "GetStdHandle",
2997. "address": "0x46f1ec"
2998. }
2999. ],
3000. "dll": "kernel32.dll"
3001. },
3002. {
3003. "imports": [
3004. {
3005. "name": "GetKeyboardType",
3006. "address": "0x46f1f4"
3007. },
3008. {
3009. "name": "LoadStringA",
3010. "address": "0x46f1f8"
3011. },
3012. {
3013. "name": "MessageBoxA",
3014. "address": "0x46f1fc"
3015. },
3016. {
3017. "name": "CharNextA",
3018. "address": "0x46f200"
3019. }
3020. ],
3021. "dll": "user32.dll"
3022. },
3023. {
3024. "imports": [
3025. {
3026. "name": "RegQueryValueExA",
3027. "address": "0x46f208"
3028. },
3029. {
3030. "name": "RegOpenKeyExA",
3031. "address": "0x46f20c"
3032. },
3033. {
3034. "name": "RegCloseKey",
3035. "address": "0x46f210"
3036. }
3037. ],
3038. "dll": "advapi32.dll"
3039. },
3040. {
3041. "imports": [
3042. {
3043. "name": "SysFreeString",
3044. "address": "0x46f218"
3045. },
3046. {
3047. "name": "SysReAllocStringLen",
3048. "address": "0x46f21c"
3049. },
3050. {
3051. "name": "SysAllocStringLen",
3052. "address": "0x46f220"
3053. }
3054. ],
3055. "dll": "oleaut32.dll"
3056. },
3057. {
3058. "imports": [
3059. {
3060. "name": "TlsSetValue",
3061. "address": "0x46f228"
3062. },
3063. {
3064. "name": "TlsGetValue",
3065. "address": "0x46f22c"
3066. },
3067. {
3068. "name": "LocalAlloc",
3069. "address": "0x46f230"
3070. },
3071. {
3072. "name": "GetModuleHandleA",
3073. "address": "0x46f234"
3074. }
3075. ],
3076. "dll": "kernel32.dll"
3077. },
3078. {
3079. "imports": [
3080. {
3081. "name": "RegQueryValueExA",
3082. "address": "0x46f23c"
3083. },
3084. {
3085. "name": "RegOpenKeyExA",
3086. "address": "0x46f240"
3087. },
3088. {
3089. "name": "RegCloseKey",
3090. "address": "0x46f244"
3091. }
3092. ],
3093. "dll": "advapi32.dll"
3094. },
3095. {
3096. "imports": [
3097. {
3098. "name": "lstrcpyA",
3099. "address": "0x46f24c"
3100. },
3101. {
3102. "name": "WriteFile",
3103. "address": "0x46f250"
3104. },
3105. {
3106. "name": "WaitForSingleObject",
3107. "address": "0x46f254"
3108. },
3109. {
3110. "name": "VirtualQuery",
3111. "address": "0x46f258"
3112. },
3113. {
3114. "name": "VirtualAlloc",
3115. "address": "0x46f25c"
3116. },
3117. {
3118. "name": "Sleep",
3119. "address": "0x46f260"
3120. },
3121. {
3122. "name": "SizeofResource",
3123. "address": "0x46f264"
3124. },
3125. {
3126. "name": "SetThreadLocale",
3127. "address": "0x46f268"
3128. },
3129. {
3130. "name": "SetFilePointer",
3131. "address": "0x46f26c"
3132. },
3133. {
3134. "name": "SetEvent",
3135. "address": "0x46f270"
3136. },
3137. {
3138. "name": "SetErrorMode",
3139. "address": "0x46f274"
3140. },
3141. {
3142. "name": "SetEndOfFile",
3143. "address": "0x46f278"
3144. },
3145. {
3146. "name": "ResetEvent",
3147. "address": "0x46f27c"
3148. },
3149. {
3150. "name": "ReadFile",
3151. "address": "0x46f280"
3152. },
3153. {
3154. "name": "MultiByteToWideChar",
3155. "address": "0x46f284"
3156. },
3157. {
3158. "name": "MulDiv",
3159. "address": "0x46f288"
3160. },
3161. {
3162. "name": "LockResource",
3163. "address": "0x46f28c"
3164. },
3165. {
3166. "name": "LoadResource",
3167. "address": "0x46f290"
3168. },
3169. {
3170. "name": "LoadLibraryA",
3171. "address": "0x46f294"
3172. },
3173. {
3174. "name": "LeaveCriticalSection",
3175. "address": "0x46f298"
3176. },
3177. {
3178. "name": "InitializeCriticalSection",
3179. "address": "0x46f29c"
3180. },
3181. {
3182. "name": "GlobalUnlock",
3183. "address": "0x46f2a0"
3184. },
3185. {
3186. "name": "GlobalSize",
3187. "address": "0x46f2a4"
3188. },
3189. {
3190. "name": "GlobalReAlloc",
3191. "address": "0x46f2a8"
3192. },
3193. {
3194. "name": "GlobalHandle",
3195. "address": "0x46f2ac"
3196. },
3197. {
3198. "name": "GlobalLock",
3199. "address": "0x46f2b0"
3200. },
3201. {
3202. "name": "GlobalFree",
3203. "address": "0x46f2b4"
3204. },
3205. {
3206. "name": "GlobalFindAtomA",
3207. "address": "0x46f2b8"
3208. },
3209. {
3210. "name": "GlobalDeleteAtom",
3211. "address": "0x46f2bc"
3212. },
3213. {
3214. "name": "GlobalAlloc",
3215. "address": "0x46f2c0"
3216. },
3217. {
3218. "name": "GlobalAddAtomA",
3219. "address": "0x46f2c4"
3220. },
3221. {
3222. "name": "GetVersionExA",
3223. "address": "0x46f2c8"
3224. },
3225. {
3226. "name": "GetVersion",
3227. "address": "0x46f2cc"
3228. },
3229. {
3230. "name": "GetUserDefaultLCID",
3231. "address": "0x46f2d0"
3232. },
3233. {
3234. "name": "GetTickCount",
3235. "address": "0x46f2d4"
3236. },
3237. {
3238. "name": "GetThreadLocale",
3239. "address": "0x46f2d8"
3240. },
3241. {
3242. "name": "GetSystemInfo",
3243. "address": "0x46f2dc"
3244. },
3245. {
3246. "name": "GetStringTypeExA",
3247. "address": "0x46f2e0"
3248. },
3249. {
3250. "name": "GetStdHandle",
3251. "address": "0x46f2e4"
3252. },
3253. {
3254. "name": "GetProfileStringA",
3255. "address": "0x46f2e8"
3256. },
3257. {
3258. "name": "GetProcAddress",
3259. "address": "0x46f2ec"
3260. },
3261. {
3262. "name": "GetModuleHandleA",
3263. "address": "0x46f2f0"
3264. },
3265. {
3266. "name": "GetModuleFileNameA",
3267. "address": "0x46f2f4"
3268. },
3269. {
3270. "name": "GetLocaleInfoA",
3271. "address": "0x46f2f8"
3272. },
3273. {
3274. "name": "GetLocalTime",
3275. "address": "0x46f2fc"
3276. },
3277. {
3278. "name": "GetLastError",
3279. "address": "0x46f300"
3280. },
3281. {
3282. "name": "GetFullPathNameA",
3283. "address": "0x46f304"
3284. },
3285. {
3286. "name": "GetDiskFreeSpaceA",
3287. "address": "0x46f308"
3288. },
3289. {
3290. "name": "GetDateFormatA",
3291. "address": "0x46f30c"
3292. },
3293. {
3294. "name": "GetCurrentThreadId",
3295. "address": "0x46f310"
3296. },
3297. {
3298. "name": "GetCurrentProcessId",
3299. "address": "0x46f314"
3300. },
3301. {
3302. "name": "GetComputerNameA",
3303. "address": "0x46f318"
3304. },
3305. {
3306. "name": "GetCPInfo",
3307. "address": "0x46f31c"
3308. },
3309. {
3310. "name": "GetACP",
3311. "address": "0x46f320"
3312. },
3313. {
3314. "name": "FreeResource",
3315. "address": "0x46f324"
3316. },
3317. {
3318. "name": "InterlockedExchange",
3319. "address": "0x46f328"
3320. },
3321. {
3322. "name": "FreeLibrary",
3323. "address": "0x46f32c"
3324. },
3325. {
3326. "name": "FormatMessageA",
3327. "address": "0x46f330"
3328. },
3329. {
3330. "name": "FindResourceA",
3331. "address": "0x46f334"
3332. },
3333. {
3334. "name": "EnumCalendarInfoA",
3335. "address": "0x46f338"
3336. },
3337. {
3338. "name": "EnterCriticalSection",
3339. "address": "0x46f33c"
3340. },
3341. {
3342. "name": "DeleteCriticalSection",
3343. "address": "0x46f340"
3344. },
3345. {
3346. "name": "CreateThread",
3347. "address": "0x46f344"
3348. },
3349. {
3350. "name": "CreateFileA",
3351. "address": "0x46f348"
3352. },
3353. {
3354. "name": "CreateEventA",
3355. "address": "0x46f34c"
3356. },
3357. {
3358. "name": "CompareStringA",
3359. "address": "0x46f350"
3360. },
3361. {
3362. "name": "CloseHandle",
3363. "address": "0x46f354"
3364. }
3365. ],
3366. "dll": "kernel32.dll"
3367. },
3368. {
3369. "imports": [
3370. {
3371. "name": "VerQueryValueA",
3372. "address": "0x46f35c"
3373. },
3374. {
3375. "name": "GetFileVersionInfoSizeA",
3376. "address": "0x46f360"
3377. },
3378. {
3379. "name": "GetFileVersionInfoA",
3380. "address": "0x46f364"
3381. }
3382. ],
3383. "dll": "version.dll"
3384. },
3385. {
3386. "imports": [
3387. {
3388. "name": "UnrealizeObject",
3389. "address": "0x46f36c"
3390. },
3391. {
3392. "name": "StretchBlt",
3393. "address": "0x46f370"
3394. },
3395. {
3396. "name": "SetWindowOrgEx",
3397. "address": "0x46f374"
3398. },
3399. {
3400. "name": "SetWinMetaFileBits",
3401. "address": "0x46f378"
3402. },
3403. {
3404. "name": "SetViewportOrgEx",
3405. "address": "0x46f37c"
3406. },
3407. {
3408. "name": "SetTextColor",
3409. "address": "0x46f380"
3410. },
3411. {
3412. "name": "SetStretchBltMode",
3413. "address": "0x46f384"
3414. },
3415. {
3416. "name": "SetROP2",
3417. "address": "0x46f388"
3418. },
3419. {
3420. "name": "SetPixel",
3421. "address": "0x46f38c"
3422. },
3423. {
3424. "name": "SetMapMode",
3425. "address": "0x46f390"
3426. },
3427. {
3428. "name": "SetEnhMetaFileBits",
3429. "address": "0x46f394"
3430. },
3431. {
3432. "name": "SetDIBColorTable",
3433. "address": "0x46f398"
3434. },
3435. {
3436. "name": "SetBrushOrgEx",
3437. "address": "0x46f39c"
3438. },
3439. {
3440. "name": "SetBkMode",
3441. "address": "0x46f3a0"
3442. },
3443. {
3444. "name": "SetBkColor",
3445. "address": "0x46f3a4"
3446. },
3447. {
3448. "name": "SelectPalette",
3449. "address": "0x46f3a8"
3450. },
3451. {
3452. "name": "SelectObject",
3453. "address": "0x46f3ac"
3454. },
3455. {
3456. "name": "SelectClipRgn",
3457. "address": "0x46f3b0"
3458. },
3459. {
3460. "name": "ScaleWindowExtEx",
3461. "address": "0x46f3b4"
3462. },
3463. {
3464. "name": "SaveDC",
3465. "address": "0x46f3b8"
3466. },
3467. {
3468. "name": "RestoreDC",
3469. "address": "0x46f3bc"
3470. },
3471. {
3472. "name": "RectVisible",
3473. "address": "0x46f3c0"
3474. },
3475. {
3476. "name": "RealizePalette",
3477. "address": "0x46f3c4"
3478. },
3479. {
3480. "name": "PlayEnhMetaFile",
3481. "address": "0x46f3c8"
3482. },
3483. {
3484. "name": "PathToRegion",
3485. "address": "0x46f3cc"
3486. },
3487. {
3488. "name": "PatBlt",
3489. "address": "0x46f3d0"
3490. },
3491. {
3492. "name": "MoveToEx",
3493. "address": "0x46f3d4"
3494. },
3495. {
3496. "name": "MaskBlt",
3497. "address": "0x46f3d8"
3498. },
3499. {
3500. "name": "LineTo",
3501. "address": "0x46f3dc"
3502. },
3503. {
3504. "name": "LPtoDP",
3505. "address": "0x46f3e0"
3506. },
3507. {
3508. "name": "IntersectClipRect",
3509. "address": "0x46f3e4"
3510. },
3511. {
3512. "name": "GetWindowOrgEx",
3513. "address": "0x46f3e8"
3514. },
3515. {
3516. "name": "GetWinMetaFileBits",
3517. "address": "0x46f3ec"
3518. },
3519. {
3520. "name": "GetTextMetricsA",
3521. "address": "0x46f3f0"
3522. },
3523. {
3524. "name": "GetTextExtentPoint32A",
3525. "address": "0x46f3f4"
3526. },
3527. {
3528. "name": "GetSystemPaletteEntries",
3529. "address": "0x46f3f8"
3530. },
3531. {
3532. "name": "GetStockObject",
3533. "address": "0x46f3fc"
3534. },
3535. {
3536. "name": "GetPixel",
3537. "address": "0x46f400"
3538. },
3539. {
3540. "name": "GetPaletteEntries",
3541. "address": "0x46f404"
3542. },
3543. {
3544. "name": "GetObjectA",
3545. "address": "0x46f408"
3546. },
3547. {
3548. "name": "GetEnhMetaFilePaletteEntries",
3549. "address": "0x46f40c"
3550. },
3551. {
3552. "name": "GetEnhMetaFileHeader",
3553. "address": "0x46f410"
3554. },
3555. {
3556. "name": "GetEnhMetaFileDescriptionA",
3557. "address": "0x46f414"
3558. },
3559. {
3560. "name": "GetEnhMetaFileBits",
3561. "address": "0x46f418"
3562. },
3563. {
3564. "name": "GetDeviceCaps",
3565. "address": "0x46f41c"
3566. },
3567. {
3568. "name": "GetDIBits",
3569. "address": "0x46f420"
3570. },
3571. {
3572. "name": "GetDIBColorTable",
3573. "address": "0x46f424"
3574. },
3575. {
3576. "name": "GetDCOrgEx",
3577. "address": "0x46f428"
3578. },
3579. {
3580. "name": "GetCurrentPositionEx",
3581. "address": "0x46f42c"
3582. },
3583. {
3584. "name": "GetClipBox",
3585. "address": "0x46f430"
3586. },
3587. {
3588. "name": "GetBrushOrgEx",
3589. "address": "0x46f434"
3590. },
3591. {
3592. "name": "GetBitmapBits",
3593. "address": "0x46f438"
3594. },
3595. {
3596. "name": "ExcludeClipRect",
3597. "address": "0x46f43c"
3598. },
3599. {
3600. "name": "EndPage",
3601. "address": "0x46f440"
3602. },
3603. {
3604. "name": "EndDoc",
3605. "address": "0x46f444"
3606. },
3607. {
3608. "name": "DeleteObject",
3609. "address": "0x46f448"
3610. },
3611. {
3612. "name": "DeleteEnhMetaFile",
3613. "address": "0x46f44c"
3614. },
3615. {
3616. "name": "DeleteDC",
3617. "address": "0x46f450"
3618. },
3619. {
3620. "name": "CreateSolidBrush",
3621. "address": "0x46f454"
3622. },
3623. {
3624. "name": "CreatePenIndirect",
3625. "address": "0x46f458"
3626. },
3627. {
3628. "name": "CreatePalette",
3629. "address": "0x46f45c"
3630. },
3631. {
3632. "name": "CreateICA",
3633. "address": "0x46f460"
3634. },
3635. {
3636. "name": "CreateHalftonePalette",
3637. "address": "0x46f464"
3638. },
3639. {
3640. "name": "CreateFontIndirectA",
3641. "address": "0x46f468"
3642. },
3643. {
3644. "name": "CreateEnhMetaFileA",
3645. "address": "0x46f46c"
3646. },
3647. {
3648. "name": "CreateDIBitmap",
3649. "address": "0x46f470"
3650. },
3651. {
3652. "name": "CreateDIBSection",
3653. "address": "0x46f474"
3654. },
3655. {
3656. "name": "CreateDCA",
3657. "address": "0x46f478"
3658. },
3659. {
3660. "name": "CreateCompatibleDC",
3661. "address": "0x46f47c"
3662. },
3663. {
3664. "name": "CreateCompatibleBitmap",
3665. "address": "0x46f480"
3666. },
3667. {
3668. "name": "CreateBrushIndirect",
3669. "address": "0x46f484"
3670. },
3671. {
3672. "name": "CreateBitmap",
3673. "address": "0x46f488"
3674. },
3675. {
3676. "name": "CopyEnhMetaFileA",
3677. "address": "0x46f48c"
3678. },
3679. {
3680. "name": "CloseEnhMetaFile",
3681. "address": "0x46f490"
3682. },
3683. {
3684. "name": "BitBlt",
3685. "address": "0x46f494"
3686. }
3687. ],
3688. "dll": "gdi32.dll"
3689. },
3690. {
3691. "imports": [
3692. {
3693. "name": "CreateWindowExA",
3694. "address": "0x46f49c"
3695. },
3696. {
3697. "name": "WindowFromPoint",
3698. "address": "0x46f4a0"
3699. },
3700. {
3701. "name": "WinHelpA",
3702. "address": "0x46f4a4"
3703. },
3704. {
3705. "name": "WaitMessage",
3706. "address": "0x46f4a8"
3707. },
3708. {
3709. "name": "UpdateWindow",
3710. "address": "0x46f4ac"
3711. },
3712. {
3713. "name": "UnregisterClassA",
3714. "address": "0x46f4b0"
3715. },
3716. {
3717. "name": "UnhookWindowsHookEx",
3718. "address": "0x46f4b4"
3719. },
3720. {
3721. "name": "TranslateMessage",
3722. "address": "0x46f4b8"
3723. },
3724. {
3725. "name": "TranslateMDISysAccel",
3726. "address": "0x46f4bc"
3727. },
3728. {
3729. "name": "TrackPopupMenu",
3730. "address": "0x46f4c0"
3731. },
3732. {
3733. "name": "SystemParametersInfoA",
3734. "address": "0x46f4c4"
3735. },
3736. {
3737. "name": "ShowWindow",
3738. "address": "0x46f4c8"
3739. },
3740. {
3741. "name": "ShowScrollBar",
3742. "address": "0x46f4cc"
3743. },
3744. {
3745. "name": "ShowOwnedPopups",
3746. "address": "0x46f4d0"
3747. },
3748. {
3749. "name": "ShowCursor",
3750. "address": "0x46f4d4"
3751. },
3752. {
3753. "name": "SetWindowsHookExA",
3754. "address": "0x46f4d8"
3755. },
3756. {
3757. "name": "SetWindowTextA",
3758. "address": "0x46f4dc"
3759. },
3760. {
3761. "name": "SetWindowPos",
3762. "address": "0x46f4e0"
3763. },
3764. {
3765. "name": "SetWindowPlacement",
3766. "address": "0x46f4e4"
3767. },
3768. {
3769. "name": "SetWindowLongA",
3770. "address": "0x46f4e8"
3771. },
3772. {
3773. "name": "SetTimer",
3774. "address": "0x46f4ec"
3775. },
3776. {
3777. "name": "SetScrollRange",
3778. "address": "0x46f4f0"
3779. },
3780. {
3781. "name": "SetScrollPos",
3782. "address": "0x46f4f4"
3783. },
3784. {
3785. "name": "SetScrollInfo",
3786. "address": "0x46f4f8"
3787. },
3788. {
3789. "name": "SetRect",
3790. "address": "0x46f4fc"
3791. },
3792. {
3793. "name": "SetPropA",
3794. "address": "0x46f500"
3795. },
3796. {
3797. "name": "SetParent",
3798. "address": "0x46f504"
3799. },
3800. {
3801. "name": "SetMenuItemInfoA",
3802. "address": "0x46f508"
3803. },
3804. {
3805. "name": "SetMenu",
3806. "address": "0x46f50c"
3807. },
3808. {
3809. "name": "SetKeyboardState",
3810. "address": "0x46f510"
3811. },
3812. {
3813. "name": "SetForegroundWindow",
3814. "address": "0x46f514"
3815. },
3816. {
3817. "name": "SetFocus",
3818. "address": "0x46f518"
3819. },
3820. {
3821. "name": "SetCursor",
3822. "address": "0x46f51c"
3823. },
3824. {
3825. "name": "SetClipboardData",
3826. "address": "0x46f520"
3827. },
3828. {
3829. "name": "SetClassLongA",
3830. "address": "0x46f524"
3831. },
3832. {
3833. "name": "SetCapture",
3834. "address": "0x46f528"
3835. },
3836. {
3837. "name": "SetActiveWindow",
3838. "address": "0x46f52c"
3839. },
3840. {
3841. "name": "SendMessageA",
3842. "address": "0x46f530"
3843. },
3844. {
3845. "name": "ScrollWindow",
3846. "address": "0x46f534"
3847. },
3848. {
3849. "name": "ScreenToClient",
3850. "address": "0x46f538"
3851. },
3852. {
3853. "name": "RemovePropA",
3854. "address": "0x46f53c"
3855. },
3856. {
3857. "name": "RemoveMenu",
3858. "address": "0x46f540"
3859. },
3860. {
3861. "name": "ReleaseDC",
3862. "address": "0x46f544"
3863. },
3864. {
3865. "name": "ReleaseCapture",
3866. "address": "0x46f548"
3867. },
3868. {
3869. "name": "RegisterWindowMessageA",
3870. "address": "0x46f54c"
3871. },
3872. {
3873. "name": "RegisterClipboardFormatA",
3874. "address": "0x46f550"
3875. },
3876. {
3877. "name": "RegisterClassA",
3878. "address": "0x46f554"
3879. },
3880. {
3881. "name": "RedrawWindow",
3882. "address": "0x46f558"
3883. },
3884. {
3885. "name": "PtInRect",
3886. "address": "0x46f55c"
3887. },
3888. {
3889. "name": "PostQuitMessage",
3890. "address": "0x46f560"
3891. },
3892. {
3893. "name": "PostMessageA",
3894. "address": "0x46f564"
3895. },
3896. {
3897. "name": "PeekMessageA",
3898. "address": "0x46f568"
3899. },
3900. {
3901. "name": "OpenClipboard",
3902. "address": "0x46f56c"
3903. },
3904. {
3905. "name": "OffsetRect",
3906. "address": "0x46f570"
3907. },
3908. {
3909. "name": "OemToCharA",
3910. "address": "0x46f574"
3911. },
3912. {
3913. "name": "MessageBoxA",
3914. "address": "0x46f578"
3915. },
3916. {
3917. "name": "MessageBeep",
3918. "address": "0x46f57c"
3919. },
3920. {
3921. "name": "MapWindowPoints",
3922. "address": "0x46f580"
3923. },
3924. {
3925. "name": "MapVirtualKeyA",
3926. "address": "0x46f584"
3927. },
3928. {
3929. "name": "LoadStringA",
3930. "address": "0x46f588"
3931. },
3932. {
3933. "name": "LoadKeyboardLayoutA",
3934. "address": "0x46f58c"
3935. },
3936. {
3937. "name": "LoadIconA",
3938. "address": "0x46f590"
3939. },
3940. {
3941. "name": "LoadCursorA",
3942. "address": "0x46f594"
3943. },
3944. {
3945. "name": "LoadBitmapA",
3946. "address": "0x46f598"
3947. },
3948. {
3949. "name": "KillTimer",
3950. "address": "0x46f59c"
3951. },
3952. {
3953. "name": "IsZoomed",
3954. "address": "0x46f5a0"
3955. },
3956. {
3957. "name": "IsWindowVisible",
3958. "address": "0x46f5a4"
3959. },
3960. {
3961. "name": "IsWindowEnabled",
3962. "address": "0x46f5a8"
3963. },
3964. {
3965. "name": "IsWindow",
3966. "address": "0x46f5ac"
3967. },
3968. {
3969. "name": "IsRectEmpty",
3970. "address": "0x46f5b0"
3971. },
3972. {
3973. "name": "IsIconic",
3974. "address": "0x46f5b4"
3975. },
3976. {
3977. "name": "IsDialogMessageA",
3978. "address": "0x46f5b8"
3979. },
3980. {
3981. "name": "IsChild",
3982. "address": "0x46f5bc"
3983. },
3984. {
3985. "name": "IsCharAlphaNumericA",
3986. "address": "0x46f5c0"
3987. },
3988. {
3989. "name": "IsCharAlphaA",
3990. "address": "0x46f5c4"
3991. },
3992. {
3993. "name": "InvalidateRect",
3994. "address": "0x46f5c8"
3995. },
3996. {
3997. "name": "IntersectRect",
3998. "address": "0x46f5cc"
3999. },
4000. {
4001. "name": "InsertMenuItemA",
4002. "address": "0x46f5d0"
4003. },
4004. {
4005. "name": "InsertMenuA",
4006. "address": "0x46f5d4"
4007. },
4008. {
4009. "name": "InflateRect",
4010. "address": "0x46f5d8"
4011. },
4012. {
4013. "name": "GetWindowThreadProcessId",
4014. "address": "0x46f5dc"
4015. },
4016. {
4017. "name": "GetWindowTextA",
4018. "address": "0x46f5e0"
4019. },
4020. {
4021. "name": "GetWindowRect",
4022. "address": "0x46f5e4"
4023. },
4024. {
4025. "name": "GetWindowPlacement",
4026. "address": "0x46f5e8"
4027. },
4028. {
4029. "name": "GetWindowLongA",
4030. "address": "0x46f5ec"
4031. },
4032. {
4033. "name": "GetWindowDC",
4034. "address": "0x46f5f0"
4035. },
4036. {
4037. "name": "GetTopWindow",
4038. "address": "0x46f5f4"
4039. },
4040. {
4041. "name": "GetSystemMetrics",
4042. "address": "0x46f5f8"
4043. },
4044. {
4045. "name": "GetSystemMenu",
4046. "address": "0x46f5fc"
4047. },
4048. {
4049. "name": "GetSysColorBrush",
4050. "address": "0x46f600"
4051. },
4052. {
4053. "name": "GetSysColor",
4054. "address": "0x46f604"
4055. },
4056. {
4057. "name": "GetSubMenu",
4058. "address": "0x46f608"
4059. },
4060. {
4061. "name": "GetScrollRange",
4062. "address": "0x46f60c"
4063. },
4064. {
4065. "name": "GetScrollPos",
4066. "address": "0x46f610"
4067. },
4068. {
4069. "name": "GetScrollInfo",
4070. "address": "0x46f614"
4071. },
4072. {
4073. "name": "GetPropA",
4074. "address": "0x46f618"
4075. },
4076. {
4077. "name": "GetParent",
4078. "address": "0x46f61c"
4079. },
4080. {
4081. "name": "GetWindow",
4082. "address": "0x46f620"
4083. },
4084. {
4085. "name": "GetMessageTime",
4086. "address": "0x46f624"
4087. },
4088. {
4089. "name": "GetMenuStringA",
4090. "address": "0x46f628"
4091. },
4092. {
4093. "name": "GetMenuState",
4094. "address": "0x46f62c"
4095. },
4096. {
4097. "name": "GetMenuItemInfoA",
4098. "address": "0x46f630"
4099. },
4100. {
4101. "name": "GetMenuItemID",
4102. "address": "0x46f634"
4103. },
4104. {
4105. "name": "GetMenuItemCount",
4106. "address": "0x46f638"
4107. },
4108. {
4109. "name": "GetMenu",
4110. "address": "0x46f63c"
4111. },
4112. {
4113. "name": "GetLastActivePopup",
4114. "address": "0x46f640"
4115. },
4116. {
4117. "name": "GetKeyboardState",
4118. "address": "0x46f644"
4119. },
4120. {
4121. "name": "GetKeyboardLayoutList",
4122. "address": "0x46f648"
4123. },
4124. {
4125. "name": "GetKeyboardLayout",
4126. "address": "0x46f64c"
4127. },
4128. {
4129. "name": "GetKeyState",
4130. "address": "0x46f650"
4131. },
4132. {
4133. "name": "GetKeyNameTextA",
4134. "address": "0x46f654"
4135. },
4136. {
4137. "name": "GetIconInfo",
4138. "address": "0x46f658"
4139. },
4140. {
4141. "name": "GetForegroundWindow",
4142. "address": "0x46f65c"
4143. },
4144. {
4145. "name": "GetFocus",
4146. "address": "0x46f660"
4147. },
4148. {
4149. "name": "GetDesktopWindow",
4150. "address": "0x46f664"
4151. },
4152. {
4153. "name": "GetDCEx",
4154. "address": "0x46f668"
4155. },
4156. {
4157. "name": "GetDC",
4158. "address": "0x46f66c"
4159. },
4160. {
4161. "name": "GetCursorPos",
4162. "address": "0x46f670"
4163. },
4164. {
4165. "name": "GetCursor",
4166. "address": "0x46f674"
4167. },
4168. {
4169. "name": "GetClipboardData",
4170. "address": "0x46f678"
4171. },
4172. {
4173. "name": "GetClientRect",
4174. "address": "0x46f67c"
4175. },
4176. {
4177. "name": "GetClassNameA",
4178. "address": "0x46f680"
4179. },
4180. {
4181. "name": "GetClassInfoA",
4182. "address": "0x46f684"
4183. },
4184. {
4185. "name": "GetCapture",
4186. "address": "0x46f688"
4187. },
4188. {
4189. "name": "GetActiveWindow",
4190. "address": "0x46f68c"
4191. },
4192. {
4193. "name": "FrameRect",
4194. "address": "0x46f690"
4195. },
4196. {
4197. "name": "FindWindowA",
4198. "address": "0x46f694"
4199. },
4200. {
4201. "name": "FillRect",
4202. "address": "0x46f698"
4203. },
4204. {
4205. "name": "EqualRect",
4206. "address": "0x46f69c"
4207. },
4208. {
4209. "name": "EnumWindows",
4210. "address": "0x46f6a0"
4211. },
4212. {
4213. "name": "EnumThreadWindows",
4214. "address": "0x46f6a4"
4215. },
4216. {
4217. "name": "EnumClipboardFormats",
4218. "address": "0x46f6a8"
4219. },
4220. {
4221. "name": "EndPaint",
4222. "address": "0x46f6ac"
4223. },
4224. {
4225. "name": "EndDeferWindowPos",
4226. "address": "0x46f6b0"
4227. },
4228. {
4229. "name": "EnableWindow",
4230. "address": "0x46f6b4"
4231. },
4232. {
4233. "name": "EnableScrollBar",
4234. "address": "0x46f6b8"
4235. },
4236. {
4237. "name": "EnableMenuItem",
4238. "address": "0x46f6bc"
4239. },
4240. {
4241. "name": "EmptyClipboard",
4242. "address": "0x46f6c0"
4243. },
4244. {
4245. "name": "DrawTextA",
4246. "address": "0x46f6c4"
4247. },
4248. {
4249. "name": "DrawMenuBar",
4250. "address": "0x46f6c8"
4251. },
4252. {
4253. "name": "DrawIconEx",
4254. "address": "0x46f6cc"
4255. },
4256. {
4257. "name": "DrawIcon",
4258. "address": "0x46f6d0"
4259. },
4260. {
4261. "name": "DrawFrameControl",
4262. "address": "0x46f6d4"
4263. },
4264. {
4265. "name": "DrawEdge",
4266. "address": "0x46f6d8"
4267. },
4268. {
4269. "name": "DispatchMessageA",
4270. "address": "0x46f6dc"
4271. },
4272. {
4273. "name": "DestroyWindow",
4274. "address": "0x46f6e0"
4275. },
4276. {
4277. "name": "DestroyMenu",
4278. "address": "0x46f6e4"
4279. },
4280. {
4281. "name": "DestroyIcon",
4282. "address": "0x46f6e8"
4283. },
4284. {
4285. "name": "DestroyCursor",
4286. "address": "0x46f6ec"
4287. },
4288. {
4289. "name": "DeleteMenu",
4290. "address": "0x46f6f0"
4291. },
4292. {
4293. "name": "DeferWindowPos",
4294. "address": "0x46f6f4"
4295. },
4296. {
4297. "name": "DefWindowProcA",
4298. "address": "0x46f6f8"
4299. },
4300. {
4301. "name": "DefMDIChildProcA",
4302. "address": "0x46f6fc"
4303. },
4304. {
4305. "name": "DefFrameProcA",
4306. "address": "0x46f700"
4307. },
4308. {
4309. "name": "CreatePopupMenu",
4310. "address": "0x46f704"
4311. },
4312. {
4313. "name": "CreateMenu",
4314. "address": "0x46f708"
4315. },
4316. {
4317. "name": "CreateIcon",
4318. "address": "0x46f70c"
4319. },
4320. {
4321. "name": "CloseClipboard",
4322. "address": "0x46f710"
4323. },
4324. {
4325. "name": "ClientToScreen",
4326. "address": "0x46f714"
4327. },
4328. {
4329. "name": "CheckMenuItem",
4330. "address": "0x46f718"
4331. },
4332. {
4333. "name": "CallWindowProcA",
4334. "address": "0x46f71c"
4335. },
4336. {
4337. "name": "CallNextHookEx",
4338. "address": "0x46f720"
4339. },
4340. {
4341. "name": "BeginPaint",
4342. "address": "0x46f724"
4343. },
4344. {
4345. "name": "BeginDeferWindowPos",
4346. "address": "0x46f728"
4347. },
4348. {
4349. "name": "CharNextA",
4350. "address": "0x46f72c"
4351. },
4352. {
4353. "name": "CharLowerBuffA",
4354. "address": "0x46f730"
4355. },
4356. {
4357. "name": "CharLowerA",
4358. "address": "0x46f734"
4359. },
4360. {
4361. "name": "CharUpperBuffA",
4362. "address": "0x46f738"
4363. },
4364. {
4365. "name": "CharToOemA",
4366. "address": "0x46f73c"
4367. },
4368. {
4369. "name": "AdjustWindowRectEx",
4370. "address": "0x46f740"
4371. },
4372. {
4373. "name": "ActivateKeyboardLayout",
4374. "address": "0x46f744"
4375. }
4376. ],
4377. "dll": "user32.dll"
4378. },
4379. {
4380. "imports": [
4381. {
4382. "name": "Sleep",
4383. "address": "0x46f74c"
4384. }
4385. ],
4386. "dll": "kernel32.dll"
4387. },
4388. {
4389. "imports": [
4390. {
4391. "name": "SafeArrayPtrOfIndex",
4392. "address": "0x46f754"
4393. },
4394. {
4395. "name": "SafeArrayGetUBound",
4396. "address": "0x46f758"
4397. },
4398. {
4399. "name": "SafeArrayGetLBound",
4400. "address": "0x46f75c"
4401. },
4402. {
4403. "name": "SafeArrayCreate",
4404. "address": "0x46f760"
4405. },
4406. {
4407. "name": "VariantChangeType",
4408. "address": "0x46f764"
4409. },
4410. {
4411. "name": "VariantCopy",
4412. "address": "0x46f768"
4413. },
4414. {
4415. "name": "VariantClear",
4416. "address": "0x46f76c"
4417. },
4418. {
4419. "name": "VariantInit",
4420. "address": "0x46f770"
4421. }
4422. ],
4423. "dll": "oleaut32.dll"
4424. },
4425. {
4426. "imports": [
4427. {
4428. "name": "CreateStreamOnHGlobal",
4429. "address": "0x46f778"
4430. },
4431. {
4432. "name": "IsAccelerator",
4433. "address": "0x46f77c"
4434. },
4435. {
4436. "name": "OleDraw",
4437. "address": "0x46f780"
4438. },
4439. {
4440. "name": "OleSetMenuDescriptor",
4441. "address": "0x46f784"
4442. },
4443. {
4444. "name": "CoTaskMemFree",
4445. "address": "0x46f788"
4446. },
4447. {
4448. "name": "ProgIDFromCLSID",
4449. "address": "0x46f78c"
4450. },
4451. {
4452. "name": "StringFromCLSID",
4453. "address": "0x46f790"
4454. },
4455. {
4456. "name": "CoCreateInstance",
4457. "address": "0x46f794"
4458. },
4459. {
4460. "name": "CoGetClassObject",
4461. "address": "0x46f798"
4462. },
4463. {
4464. "name": "CoUninitialize",
4465. "address": "0x46f79c"
4466. },
4467. {
4468. "name": "CoInitialize",
4469. "address": "0x46f7a0"
4470. },
4471. {
4472. "name": "IsEqualGUID",
4473. "address": "0x46f7a4"
4474. }
4475. ],
4476. "dll": "ole32.dll"
4477. },
4478. {
4479. "imports": [
4480. {
4481. "name": "GetErrorInfo",
4482. "address": "0x46f7ac"
4483. },
4484. {
4485. "name": "GetActiveObject",
4486. "address": "0x46f7b0"
4487. },
4488. {
4489. "name": "SysFreeString",
4490. "address": "0x46f7b4"
4491. }
4492. ],
4493. "dll": "oleaut32.dll"
4494. },
4495. {
4496. "imports": [
4497. {
4498. "name": "ImageList_SetIconSize",
4499. "address": "0x46f7bc"
4500. },
4501. {
4502. "name": "ImageList_GetIconSize",
4503. "address": "0x46f7c0"
4504. },
4505. {
4506. "name": "ImageList_Write",
4507. "address": "0x46f7c4"
4508. },
4509. {
4510. "name": "ImageList_Read",
4511. "address": "0x46f7c8"
4512. },
4513. {
4514. "name": "ImageList_GetDragImage",
4515. "address": "0x46f7cc"
4516. },
4517. {
4518. "name": "ImageList_DragShowNolock",
4519. "address": "0x46f7d0"
4520. },
4521. {
4522. "name": "ImageList_SetDragCursorImage",
4523. "address": "0x46f7d4"
4524. },
4525. {
4526. "name": "ImageList_DragMove",
4527. "address": "0x46f7d8"
4528. },
4529. {
4530. "name": "ImageList_DragLeave",
4531. "address": "0x46f7dc"
4532. },
4533. {
4534. "name": "ImageList_DragEnter",
4535. "address": "0x46f7e0"
4536. },
4537. {
4538. "name": "ImageList_EndDrag",
4539. "address": "0x46f7e4"
4540. },
4541. {
4542. "name": "ImageList_BeginDrag",
4543. "address": "0x46f7e8"
4544. },
4545. {
4546. "name": "ImageList_Remove",
4547. "address": "0x46f7ec"
4548. },
4549. {
4550. "name": "ImageList_DrawEx",
4551. "address": "0x46f7f0"
4552. },
4553. {
4554. "name": "ImageList_Draw",
4555. "address": "0x46f7f4"
4556. },
4557. {
4558. "name": "ImageList_GetBkColor",
4559. "address": "0x46f7f8"
4560. },
4561. {
4562. "name": "ImageList_SetBkColor",
4563. "address": "0x46f7fc"
4564. },
4565. {
4566. "name": "ImageList_ReplaceIcon",
4567. "address": "0x46f800"
4568. },
4569. {
4570. "name": "ImageList_Add",
4571. "address": "0x46f804"
4572. },
4573. {
4574. "name": "ImageList_GetImageCount",
4575. "address": "0x46f808"
4576. },
4577. {
4578. "name": "ImageList_Destroy",
4579. "address": "0x46f80c"
4580. },
4581. {
4582. "name": "ImageList_Create",
4583. "address": "0x46f810"
4584. }
4585. ],
4586. "dll": "comctl32.dll"
4587. },
4588. {
4589. "imports": [
4590. {
4591. "name": "OpenPrinterA",
4592. "address": "0x46f818"
4593. },
4594. {
4595. "name": "EnumPrintersA",
4596. "address": "0x46f81c"
4597. },
4598. {
4599. "name": "DocumentPropertiesA",
4600. "address": "0x46f820"
4601. },
4602. {
4603. "name": "ClosePrinter",
4604. "address": "0x46f824"
4605. }
4606. ],
4607. "dll": "winspool.drv"
4608. },
4609. {
4610. "imports": [
4611. {
4612. "name": "PrintDlgA",
4613. "address": "0x46f82c"
4614. }
4615. ],
4616. "dll": "comdlg32.dll"
4617. }
4618. ],
4619. "digital_signers": null,
4620. "exported_dll_name": null,
4621. "actual_checksum": "0x0009ba71",
4622. "overlay": null,
4623. "imagebase": "0x00400000",
4624. "reported_checksum": "0x00000000",
4625. "icon_hash": null,
4626. "entrypoint": "0x0046304c",
4627. "timestamp": "1992-03-02 14:59:08",
4628. "osversion": "4.0",
4629. "sections": [
4630. {
4631. "name": "CODE",
4632. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4633. "virtual_address": "0x00001000",
4634. "size_of_data": "0x00062200",
4635. "entropy": "6.54",
4636. "raw_address": "0x00000400",
4637. "virtual_size": "0x00062094",
4638. "characteristics_raw": "0x60000020"
4639. },
4640. {
4641. "name": "DATA",
4642. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4643. "virtual_address": "0x00064000",
4644. "size_of_data": "0x00009600",
4645. "entropy": "4.97",
4646. "raw_address": "0x00062600",
4647. "virtual_size": "0x00009528",
4648. "characteristics_raw": "0xc0000040"
4649. },
4650. {
4651. "name": "BSS",
4652. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4653. "virtual_address": "0x0006e000",
4654. "size_of_data": "0x00000000",
4655. "entropy": "0.00",
4656. "raw_address": "0x0006bc00",
4657. "virtual_size": "0x00000d59",
4658. "characteristics_raw": "0xc0000000"
4659. },
4660. {
4661. "name": ".idata",
4662. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4663. "virtual_address": "0x0006f000",
4664. "size_of_data": "0x00002600",
4665. "entropy": "5.01",
4666. "raw_address": "0x0006bc00",
4667. "virtual_size": "0x00002540",
4668. "characteristics_raw": "0xc0000040"
4669. },
4670. {
4671. "name": ".tls",
4672. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4673. "virtual_address": "0x00072000",
4674. "size_of_data": "0x00000000",
4675. "entropy": "0.00",
4676. "raw_address": "0x0006e200",
4677. "virtual_size": "0x00000010",
4678. "characteristics_raw": "0xc0000000"
4679. },
4680. {
4681. "name": ".rdata",
4682. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4683. "virtual_address": "0x00073000",
4684. "size_of_data": "0x00000200",
4685. "entropy": "0.21",
4686. "raw_address": "0x0006e200",
4687. "virtual_size": "0x00000018",
4688. "characteristics_raw": "0x50000040"
4689. },
4690. {
4691. "name": ".reloc",
4692. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4693. "virtual_address": "0x00074000",
4694. "size_of_data": "0x00007200",
4695. "entropy": "6.67",
4696. "raw_address": "0x0006e400",
4697. "virtual_size": "0x00007108",
4698. "characteristics_raw": "0x50000040"
4699. },
4700. {
4701. "name": ".rsrc",
4702. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4703. "virtual_address": "0x0007c000",
4704. "size_of_data": "0x00025c00",
4705. "entropy": "7.08",
4706. "raw_address": "0x00075600",
4707. "virtual_size": "0x00025b70",
4708. "characteristics_raw": "0x50000040"
4709. }
4710. ],
4711. "resources": [],
4712. "dirents": [
4713. {
4714. "virtual_address": "0x00000000",
4715. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
4716. "size": "0x00000000"
4717. },
4718. {
4719. "virtual_address": "0x0006f000",
4720. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
4721. "size": "0x00002540"
4722. },
4723. {
4724. "virtual_address": "0x0007c000",
4725. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
4726. "size": "0x00025b70"
4727. },
4728. {
4729. "virtual_address": "0x00000000",
4730. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
4731. "size": "0x00000000"
4732. },
4733. {
4734. "virtual_address": "0x00000000",
4735. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
4736. "size": "0x00000000"
4737. },
4738. {
4739. "virtual_address": "0x00074000",
4740. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
4741. "size": "0x00007108"
4742. },
4743. {
4744. "virtual_address": "0x00000000",
4745. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
4746. "size": "0x00000000"
4747. },
4748. {
4749. "virtual_address": "0x00000000",
4750. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
4751. "size": "0x00000000"
4752. },
4753. {
4754. "virtual_address": "0x00000000",
4755. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
4756. "size": "0x00000000"
4757. },
4758. {
4759. "virtual_address": "0x00073000",
4760. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
4761. "size": "0x00000018"
4762. },
4763. {
4764. "virtual_address": "0x00000000",
4765. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
4766. "size": "0x00000000"
4767. },
4768. {
4769. "virtual_address": "0x00000000",
4770. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
4771. "size": "0x00000000"
4772. },
4773. {
4774. "virtual_address": "0x00000000",
4775. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
4776. "size": "0x00000000"
4777. },
4778. {
4779. "virtual_address": "0x00000000",
4780. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
4781. "size": "0x00000000"
4782. },
4783. {
4784. "virtual_address": "0x00000000",
4785. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
4786. "size": "0x00000000"
4787. },
4788. {
4789. "virtual_address": "0x00000000",
4790. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
4791. "size": "0x00000000"
4792. }
4793. ],
4794. "exports": [],
4795. "guest_signers": {},
4796. "imphash": "46116a2f8090728368dbf9ef96584273",
4797. "icon_fuzzy": null,
4798. "icon": null,
4799. "pdbpath": null,
4800. "imported_dll_count": 17,
4801. "versioninfo": []
4802. }
4803. }