AZORult_7e737724659016819f1ba63b01e5732a_exe_2019-06-27_09_30.json

1.  
2. [*] MalFamily: "Azorult"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "AZORult_7e737724659016819f1ba63b01e5732a.exe"
7. [*] File Size: 689664
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "4eb0099736e377d14e5fdc8a4cd6c2cf9de70b531c75ce53621c315695365df6"
10. [*] MD5: "7e737724659016819f1ba63b01e5732a"
11. [*] SHA1: "9c3f443d5a304a69b50d97c67d2142f7c018e289"
12. [*] SHA512: "984a04cc2c2b12bdc80379b1bd80fdceb0c11d729865dda6e696bf674b1c9c742a79265d4fde50b3fe79768021fd27078b6161ecc461aa85ee22f71813ffd156"
13. [*] CRC32: "17548FAE"
14. [*] SSDEEP: "12288:H0f1JN1W7i2ku4Na0L4CIzxL5zrd7k8vG:He/N1oku4/cZbzxI8u"
15.  
16. [*] Process Execution: [
17. "AZORult_7e737724659016819f1ba63b01e5732a.exe",
18. "jeffohn.exe",
19. "jeffohn.exe",
20. "cmd.exe",
21. "timeout.exe",
22. "services.exe",
23. "lsass.exe",
24. "taskhost.exe",
25. "sc.exe",
26. "svchost.exe",
27. "WerFault.exe",
28. "wermgr.exe",
29. "svchost.exe"
30. ]
31.  
32. [*] Signatures Detected: [
33. {
34. "Description": "At least one process apparently crashed during execution",
35. "Details": []
36. },
37. {
38. "Description": "Creates RWX memory",
39. "Details": []
40. },
41. {
42. "Description": "A process created a hidden window",
43. "Details": [
44. {
45. "Process": "jeffohn.exe -> C:\\Windows\\System32\\cmd.exe"
46. }
47. ]
48. },
49. {
50. "Description": "Drops a binary and executes it",
51. "Details": [
52. {
53. "binary": "C:\\Users\\user\\AppData\\Roaming\\jeffoth\\jeffohn.exe"
54. }
55. ]
56. },
57. {
58. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
59. "Details": [
60. {
61. "post_no_referer": "HTTP traffic contains a POST request with no referer header"
62. },
63. {
64. "suspicious_request": "http://hst.fidelityinvest.online/index.php"
65. }
66. ]
67. },
68. {
69. "Description": "Performs some HTTP requests",
70. "Details": [
71. {
72. "url": "http://hst.fidelityinvest.online/index.php"
73. }
74. ]
75. },
76. {
77. "Description": "The binary likely contains encrypted or compressed data.",
78. "Details": [
79. {
80. "section": "name: .rsrc, entropy: 6.96, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x0002a000, virtual_size: 0x00029e20"
81. }
82. ]
83. },
84. {
85. "Description": "Executed a process and injected code into it, probably while unpacking",
86. "Details": [
87. {
88. "Injection": "jeffohn.exe(2432) -> jeffohn.exe(1396)"
89. }
90. ]
91. },
92. {
93. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
94. "Details": [
95. {
96. "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 9756914 times"
97. }
98. ]
99. },
100. {
101. "Description": "Steals private information from local Internet browsers",
102. "Details": [
103. {
104. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@doubleclick[1].txt"
105. },
106. {
107. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@advertising[1].txt"
108. },
109. {
110. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.bing[2].txt"
111. },
112. {
113. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@media[2].txt"
114. },
115. {
116. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.google[1].txt"
117. },
118. {
119. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[5].txt"
120. },
121. {
122. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[4].txt"
123. },
124. {
125. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[3].txt"
126. },
127. {
128. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google[1].txt"
129. },
130. {
131. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.msn[2].txt"
132. },
133. {
134. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
135. },
136. {
137. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@msn[1].txt"
138. },
139. {
140. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.msn[2].txt"
141. },
142. {
143. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
144. },
145. {
146. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@3lift[1].txt"
147. },
148. {
149. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History"
150. },
151. {
152. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@bing[2].txt"
153. },
154. {
155. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@scorecardresearch[2].txt"
156. },
157. {
158. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies"
159. },
160. {
161. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@atwola[2].txt"
162. }
163. ]
164. },
165. {
166. "Description": "Collects information about installed applications",
167. "Details": [
168. {
169. "Program": "Google Update Helper"
170. },
171. {
172. },
173. {
174. "Program": "Microsoft Excel MUI 2013"
175. },
176. {
177. "Program": "Microsoft Outlook MUI 2013"
178. },
179. {
180. },
181. {
182. "Program": "Google Chrome"
183. },
184. {
185. "Program": "Adobe Flash Player 29 NPAPI"
186. },
187. {
188. "Program": "Adobe Flash Player 29 ActiveX"
189. },
190. {
191. "Program": "Microsoft DCF MUI 2013"
192. },
193. {
194. "Program": "Microsoft Access MUI 2013"
195. },
196. {
197. "Program": "Microsoft Office Proofing Tools 2013 - English"
198. },
199. {
200. "Program": "Adobe Acrobat Reader DC"
201. },
202. {
203. "Program": "Microsoft Publisher MUI 2013"
204. },
205. {
206. "Program": "Microsoft Office Shared MUI 2013"
207. },
208. {
209. "Program": "Microsoft Office OSM MUI 2013"
210. },
211. {
212. "Program": "Microsoft InfoPath MUI 2013"
213. },
214. {
215. "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
216. },
217. {
218. "Program": "Outils de v\\xc3\\xa9rification linguistique 2013 de Microsoft Office\\xc2\\xa0- Fran\\xc3\\xa7ais"
219. },
220. {
221. "Program": "Microsoft Word MUI 2013"
222. },
223. {
224. "Program": "Microsoft OneDrive"
225. },
226. {
227. "Program": "Microsoft Groove MUI 2013"
228. },
229. {
230. "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xc3\\xb1ol"
231. },
232. {
233. },
234. {
235. "Program": "Microsoft Access Setup Metadata MUI 2013"
236. },
237. {
238. "Program": "Microsoft Office OSM UX MUI 2013"
239. },
240. {
241. "Program": "Java Auto Updater"
242. },
243. {
244. "Program": "Microsoft PowerPoint MUI 2013"
245. },
246. {
247. "Program": "Microsoft Office Professional Plus 2013"
248. },
249. {
250. "Program": "Adobe Refresh Manager"
251. },
252. {
253. "Program": "Microsoft Office Proofing 2013"
254. },
255. {
256. "Program": "Microsoft Lync MUI 2013"
257. },
258. {
259. },
260. {
261. "Program": "Microsoft OneNote MUI 2013"
262. }
263. ]
264. },
265. {
266. "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
267. "Details": []
268. },
269. {
270. "Description": "Checks the system manufacturer, likely for anti-virtualization",
271. "Details": []
272. },
273. {
274. "Description": "Creates a copy of itself",
275. "Details": [
276. {
277. "copy": "C:\\Users\\user\\AppData\\Roaming\\jeffoth\\jeffohn.exe"
278. }
279. ]
280. },
281. {
282. "Description": "Attempts to access Bitcoin/ALTCoin wallets",
283. "Details": [
284. {
285. "file": "C:\\Users\\user\\AppData\\Roaming\\Adobe\\wallet.dat"
286. },
287. {
288. "file": "C:\\Users\\user\\AppData\\Roaming\\Sun\\wallet.dat"
289. },
290. {
291. "file": "C:\\Users\\user\\AppData\\Roaming\\jeffoth\\wallet.dat"
292. },
293. {
294. "file": "C:\\Users\\user\\AppData\\Roaming\\Identities\\wallet.dat"
295. },
296. {
297. "file": "C:\\Users\\user\\AppData\\Roaming\\Macromedia\\wallet.dat"
298. },
299. {
300. "file": "C:\\Users\\user\\AppData\\wallet.dat"
301. },
302. {
303. "file": "C:\\Users\\user\\AppData\\Roaming\\wallet.dat"
304. },
305. {
306. "file": "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\wallet.dat"
307. },
308. {
309. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\wallet.dat"
310. },
311. {
312. "file": "C:\\Users\\user\\AppData\\Roaming\\Electrum\\wallets\\*"
313. }
314. ]
315. },
316. {
317. "Description": "Harvests credentials from local FTP client softwares",
318. "Details": [
319. {
320. "file": "C:\\Users\\user\\AppData\\Roaming\\filezilla\\recentservers.xml"
321. }
322. ]
323. },
324. {
325. "Description": "Harvests information related to installed instant messenger clients",
326. "Details": [
327. {
328. "file": "C:\\Users\\user\\AppData\\Roaming\\.purple\\accounts.xml"
329. }
330. ]
331. },
332. {
333. "Description": "Harvests information related to installed mail clients",
334. "Details": [
335. {
336. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook"
337. },
338. {
339. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook"
340. },
341. {
342. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b22783abb139fe46b0aad551d64b60e7"
343. },
344. {
345. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001"
346. },
347. {
348. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046"
349. },
350. {
351. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9234ed9445f8fa418a542f350f18f326"
352. },
353. {
354. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
355. },
356. {
357. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
358. },
359. {
360. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
361. },
362. {
363. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\cb23f8734d88734ca66c47c4527fd259"
364. },
365. {
366. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
367. },
368. {
369. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8408552e6dae7d45a0ba01520b6221ff"
370. },
371. {
372. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e"
373. },
374. {
375. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook"
376. },
377. {
378. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046"
379. },
380. {
381. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2"
382. },
383. {
384. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\240a97d961ed46428e29a3f1f1c23670"
385. },
386. {
387. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604"
388. },
389. {
390. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8f92b60606058348930a96946cf329e1"
391. },
392. {
393. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a"
394. },
395. {
396. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
397. }
398. ]
399. },
400. {
401. "Description": "Attempts to interact with an Alternate Data Stream (ADS)",
402. "Details": [
403. {
404. "file": "C:\\Users\\user\\AppData\\Roaming\\jeffoth\\jeffohn.exe:ZoneIdentifier"
405. }
406. ]
407. },
408. {
409. "Description": "Collects information to fingerprint the system",
410. "Details": []
411. },
412. {
413. "Description": "Anomalous binary characteristics",
414. "Details": [
415. {
416. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
417. }
418. ]
419. },
420. {
421. "Description": "Created network traffic indicative of malicious activity",
422. "Details": [
423. {
424. "signature": "ET TROJAN Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)"
425. },
426. {
427. "signature": "ET TROJAN AZORult Variant.4 Checkin M2"
428. }
429. ]
430. }
431. ]
432.  
433. [*] Started Service: [
434. "VaultSvc",
435. "WerSvc",
436. "W32Time"
437. ]
438.  
439. [*] Executed Commands: [
440. "\"C:\\Users\\user\\AppData\\Roaming\\jeffoth\\jeffohn.exe\"",
441. "C:\\Windows\\System32\\cmd.exe /c C:\\Windows\\system32\\timeout.exe 3 & del \"jeffohn.exe\"",
442. "C:\\Windows\\system32\\lsass.exe",
443. "taskhost.exe $(Arg0)",
444. "C:\\Windows\\system32\\sc.exe start w32time task_started",
445. "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup",
446. "C:\\Windows\\system32\\svchost.exe -k LocalService",
447. "C:\\Windows\\system32\\timeout.exe 3",
448. "C:\\Windows\\system32\\WerFault.exe -u -p 2940 -s 288",
449. "\"C:\\Windows\\system32\\wermgr.exe\" \"-queuereporting_svc\" \"C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_075c152c\""
450. ]
451.  
452. [*] Mutexes: [
453. "A81FB8C6-0BBE6E18-6FC9B5DB-536DA455-933946726",
454. "Local\\WERReportingForProcess2940",
455. "Global\\\\xe5\\x88\\x90\\xc2\\x8a",
456. "Global\\\\xed\\x95\\xb0\\xc7\\x99",
457. "WERUI_BEX64-eb71ef964c95de5826f5dbf6417783430b96dd1"
458. ]
459.  
460. [*] Modified Files: [
461. "C:\\Users\\user\\AppData\\Roaming\\jeffoth\\jeffohn.exe",
462. "C:\\Users\\user\\AppData\\Roaming\\jeffoth\\jeffohn.exe:ZoneIdentifier",
463. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-console-l1-1-0.dll",
464. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-datetime-l1-1-0.dll",
465. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-debug-l1-1-0.dll",
466. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-errorhandling-l1-1-0.dll",
467. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-1-0.dll",
468. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-2-0.dll",
469. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l2-1-0.dll",
470. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-handle-l1-1-0.dll",
471. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-heap-l1-1-0.dll",
472. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-interlocked-l1-1-0.dll",
473. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-libraryloader-l1-1-0.dll",
474. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-localization-l1-2-0.dll",
475. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-memory-l1-1-0.dll",
476. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-namedpipe-l1-1-0.dll",
477. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processenvironment-l1-1-0.dll",
478. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-0.dll",
479. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-1.dll",
480. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-profile-l1-1-0.dll",
481. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-rtlsupport-l1-1-0.dll",
482. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-string-l1-1-0.dll",
483. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-1-0.dll",
484. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-2-0.dll",
485. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-sysinfo-l1-1-0.dll",
486. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-timezone-l1-1-0.dll",
487. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-util-l1-1-0.dll",
488. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-conio-l1-1-0.dll",
489. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-convert-l1-1-0.dll",
490. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-environment-l1-1-0.dll",
491. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-filesystem-l1-1-0.dll",
492. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-heap-l1-1-0.dll",
493. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-locale-l1-1-0.dll",
494. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-math-l1-1-0.dll",
495. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-multibyte-l1-1-0.dll",
496. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-private-l1-1-0.dll",
497. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-process-l1-1-0.dll",
498. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-runtime-l1-1-0.dll",
499. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-stdio-l1-1-0.dll",
500. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-string-l1-1-0.dll",
501. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-time-l1-1-0.dll",
502. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-utility-l1-1-0.dll",
503. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\freebl3.dll",
504. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\mozglue.dll",
505. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\msvcp140.dll",
506. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nss3.dll",
507. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nssdbm3.dll",
508. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\softokn3.dll",
509. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\ucrtbase.dll",
510. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\vcruntime140.dll",
511. "C:\\Users\\user\\AppData\\Local\\Temp\\266007348176247098012788.tmp",
512. "C:\\Users\\user\\AppData\\Local\\Temp\\266520789491450436885344.tmp",
513. "C:\\Users\\user\\AppData\\Local\\Temp\\266521563234303010243891.tmp",
514. "C:\\Users\\user\\AppData\\Local\\Temp\\266522037512321030435368.tmp",
515. "C:\\Users\\user\\AppData\\Local\\Temp\\266522657853713039354893.tmp",
516. "C:\\Users\\user\\AppData\\Local\\Temp\\curbuf.dat",
517. "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
518. "C:\\Windows\\sysnative\\LogFiles\\Scm\\7bbc503c-5977-4798-a4ae-61483a7e030d",
519. "\\??\\PIPE\\lsarpc",
520. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERAE77.tmp.appcompat.txt",
521. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERB1D4.tmp.WERInternalMetadata.xml",
522. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERB223.tmp.hdmp",
523. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBCE2.tmp.mdmp",
524. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_075c152c\\WERAE77.tmp.appcompat.txt",
525. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_075c152c\\WERB1D4.tmp.WERInternalMetadata.xml",
526. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_075c152c\\WERB223.tmp.hdmp",
527. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_075c152c\\WERBCE2.tmp.mdmp",
528. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_075c152c\\Report.wer",
529. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_075c152c\\Report.wer.tmp"
530. ]
531.  
532. [*] Deleted Files: [
533. "C:\\Users\\user\\AppData\\Roaming\\jeffoth\\jeffohn.exe",
534. "C:\\Users\\user\\AppData\\Local\\Temp\\266007348176247098012788.tmp",
535. "C:\\Users\\user\\AppData\\Local\\Temp\\266520789491450436885344.tmp",
536. "C:\\Users\\user\\AppData\\Local\\Temp\\266521563234303010243891.tmp",
537. "C:\\Users\\user\\AppData\\Local\\Temp\\266522037512321030435368.tmp",
538. "C:\\Users\\user\\AppData\\Local\\Temp\\266522657853713039354893.tmp",
539. "C:\\Users\\user\\AppData\\Local\\Temp\\curbuf.dat",
540. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-console-l1-1-0.dll",
541. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-datetime-l1-1-0.dll",
542. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-debug-l1-1-0.dll",
543. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-errorhandling-l1-1-0.dll",
544. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-1-0.dll",
545. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-2-0.dll",
546. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l2-1-0.dll",
547. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-handle-l1-1-0.dll",
548. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-heap-l1-1-0.dll",
549. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-interlocked-l1-1-0.dll",
550. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-libraryloader-l1-1-0.dll",
551. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-localization-l1-2-0.dll",
552. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-memory-l1-1-0.dll",
553. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-namedpipe-l1-1-0.dll",
554. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processenvironment-l1-1-0.dll",
555. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-0.dll",
556. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-1.dll",
557. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-profile-l1-1-0.dll",
558. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-rtlsupport-l1-1-0.dll",
559. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-string-l1-1-0.dll",
560. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-1-0.dll",
561. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-2-0.dll",
562. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-sysinfo-l1-1-0.dll",
563. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-timezone-l1-1-0.dll",
564. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-util-l1-1-0.dll",
565. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-conio-l1-1-0.dll",
566. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-convert-l1-1-0.dll",
567. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-environment-l1-1-0.dll",
568. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-filesystem-l1-1-0.dll",
569. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-heap-l1-1-0.dll",
570. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-locale-l1-1-0.dll",
571. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-math-l1-1-0.dll",
572. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-multibyte-l1-1-0.dll",
573. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-private-l1-1-0.dll",
574. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-process-l1-1-0.dll",
575. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-runtime-l1-1-0.dll",
576. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-stdio-l1-1-0.dll",
577. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-string-l1-1-0.dll",
578. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-time-l1-1-0.dll",
579. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-utility-l1-1-0.dll",
580. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\freebl3.dll",
581. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\mozglue.dll",
582. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\msvcp140.dll",
583. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nss3.dll",
584. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nssdbm3.dll",
585. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\softokn3.dll",
586. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\ucrtbase.dll",
587. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\vcruntime140.dll",
588. "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\",
589. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERAE77.tmp",
590. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERAE77.tmp.appcompat.txt",
591. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERB1D4.tmp",
592. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERB1D4.tmp.WERInternalMetadata.xml",
593. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERB223.tmp",
594. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERB223.tmp.hdmp",
595. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBCE2.tmp",
596. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBCE2.tmp.mdmp",
597. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_075c152c\\Report.wer.tmp"
598. ]
599.  
600. [*] Modified Registry Keys: [
601. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
602. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\Type",
603. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\TimeProviders\\NtpClient\\SpecialPollTimeRemaining",
604. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent",
605. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent\\DefaultConsent"
606. ]
607.  
608. [*] Deleted Registry Keys: []
609.  
610. [*] DNS Communications: [
611. {
612. "type": "A",
613. "request": "hst.fidelityinvest.online",
614. "answers": [
615. {
616. "data": "185.229.239.28",
617. "type": "A"
618. }
619. ]
620. }
621. ]
622.  
623. [*] Domains: [
624. {
625. "ip": "185.229.239.28",
626. "domain": "hst.fidelityinvest.online"
627. }
628. ]
629.  
630. [*] Network Communication - ICMP: []
631.  
632. [*] Network Communication - HTTP: [
633. {
634. "count": 1,
635. "body": "J/\\xfb5/\\xfb<L\\x8a(9\\xf0N/\\xfb;/\\xfaI/\\xfb=H\\x8aH/\\xfb;O\\xed>;\\xed>2\\xed?N\\xed><\\x8eN/\\xfb4H\\xed>?\\x8cO/\\xfaI/\\xfb8/\\xfb>/\\xfb;N\\x89(9\\xfc(9\\xfd(9\\xfd(8\\x8c(9\\xf1(9\\xfb(9\\xfb(9\\xf1(9\\xfc(9\\xfe(9\\xff(9\\xfa(9\\xfe",
636. "uri": "http://hst.fidelityinvest.online/index.php",
637. "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)",
638. "method": "POST",
639. "host": "hst.fidelityinvest.online",
640. "version": "1.1",
641. "path": "/index.php",
642. "data": "POST /index.php HTTP/1.1\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)\r\nHost: hst.fidelityinvest.online\r\nContent-Length: 105\r\nCache-Control: no-cache\r\n\r\nJ/\\xfb5/\\xfb<L\\x8a(9\\xf0N/\\xfb;/\\xfaI/\\xfb=H\\x8aH/\\xfb;O\\xed>;\\xed>2\\xed?N\\xed><\\x8eN/\\xfb4H\\xed>?\\x8cO/\\xfaI/\\xfb8/\\xfb>/\\xfb;N\\x89(9\\xfc(9\\xfd(9\\xfd(8\\x8c(9\\xf1(9\\xfb(9\\xfb(9\\xf1(9\\xfc(9\\xfe(9\\xff(9\\xfa(9\\xfe",
643. "port": 80
644. },
645. {
646. "count": 1,
647. "body": "",
648. "uri": "http://hst.fidelityinvest.online/index.php",
649. "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)",
650. "method": "POST",
651. "host": "hst.fidelityinvest.online",
652. "version": "1.1",
653. "path": "/index.php",
654. "data": "POST /index.php HTTP/1.1\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)\r\nHost: hst.fidelityinvest.online\r\nContent-Length: 64378\r\nCache-Control: no-cache\r\n\r\n",
655. "port": 80
656. }
657. ]
658.  
659. [*] Network Communication - SMTP: []
660.  
661. [*] Network Communication - Hosts: []
662.  
663. [*] Network Communication - IRC: []
664.  
665. [*] Static Analysis: {
666. "pe": {
667. "peid_signatures": null,
668. "imports": [
669. {
670. "imports": [
671. {
672. "name": "DeleteCriticalSection",
673. "address": "0x476168"
674. },
675. {
676. "name": "LeaveCriticalSection",
677. "address": "0x47616c"
678. },
679. {
680. "name": "EnterCriticalSection",
681. "address": "0x476170"
682. },
683. {
684. "name": "InitializeCriticalSection",
685. "address": "0x476174"
686. },
687. {
688. "name": "VirtualFree",
689. "address": "0x476178"
690. },
691. {
692. "name": "VirtualAlloc",
693. "address": "0x47617c"
694. },
695. {
696. "name": "LocalFree",
697. "address": "0x476180"
698. },
699. {
700. "name": "LocalAlloc",
701. "address": "0x476184"
702. },
703. {
704. "name": "GetVersion",
705. "address": "0x476188"
706. },
707. {
708. "name": "GetCurrentThreadId",
709. "address": "0x47618c"
710. },
711. {
712. "name": "InterlockedDecrement",
713. "address": "0x476190"
714. },
715. {
716. "name": "InterlockedIncrement",
717. "address": "0x476194"
718. },
719. {
720. "name": "VirtualQuery",
721. "address": "0x476198"
722. },
723. {
724. "name": "WideCharToMultiByte",
725. "address": "0x47619c"
726. },
727. {
728. "name": "MultiByteToWideChar",
729. "address": "0x4761a0"
730. },
731. {
732. "name": "lstrlenA",
733. "address": "0x4761a4"
734. },
735. {
736. "name": "lstrcpynA",
737. "address": "0x4761a8"
738. },
739. {
740. "name": "LoadLibraryExA",
741. "address": "0x4761ac"
742. },
743. {
744. "name": "GetThreadLocale",
745. "address": "0x4761b0"
746. },
747. {
748. "name": "GetStartupInfoA",
749. "address": "0x4761b4"
750. },
751. {
752. "name": "GetProcAddress",
753. "address": "0x4761b8"
754. },
755. {
756. "name": "GetModuleHandleA",
757. "address": "0x4761bc"
758. },
759. {
760. "name": "GetModuleFileNameA",
761. "address": "0x4761c0"
762. },
763. {
764. "name": "GetLocaleInfoA",
765. "address": "0x4761c4"
766. },
767. {
768. "name": "GetCommandLineA",
769. "address": "0x4761c8"
770. },
771. {
772. "name": "FreeLibrary",
773. "address": "0x4761cc"
774. },
775. {
776. "name": "FindFirstFileA",
777. "address": "0x4761d0"
778. },
779. {
780. "name": "FindClose",
781. "address": "0x4761d4"
782. },
783. {
784. "name": "ExitProcess",
785. "address": "0x4761d8"
786. },
787. {
788. "name": "ExitThread",
789. "address": "0x4761dc"
790. },
791. {
792. "name": "CreateThread",
793. "address": "0x4761e0"
794. },
795. {
796. "name": "WriteFile",
797. "address": "0x4761e4"
798. },
799. {
800. "name": "UnhandledExceptionFilter",
801. "address": "0x4761e8"
802. },
803. {
804. "name": "RtlUnwind",
805. "address": "0x4761ec"
806. },
807. {
808. "name": "RaiseException",
809. "address": "0x4761f0"
810. },
811. {
812. "name": "GetStdHandle",
813. "address": "0x4761f4"
814. }
815. ],
816. "dll": "kernel32.dll"
817. },
818. {
819. "imports": [
820. {
821. "name": "GetKeyboardType",
822. "address": "0x4761fc"
823. },
824. {
825. "name": "LoadStringA",
826. "address": "0x476200"
827. },
828. {
829. "name": "MessageBoxA",
830. "address": "0x476204"
831. },
832. {
833. "name": "CharNextA",
834. "address": "0x476208"
835. }
836. ],
837. "dll": "user32.dll"
838. },
839. {
840. "imports": [
841. {
842. "name": "RegQueryValueExA",
843. "address": "0x476210"
844. },
845. {
846. "name": "RegOpenKeyExA",
847. "address": "0x476214"
848. },
849. {
850. "name": "RegCloseKey",
851. "address": "0x476218"
852. }
853. ],
854. "dll": "advapi32.dll"
855. },
856. {
857. "imports": [
858. {
859. "name": "SysFreeString",
860. "address": "0x476220"
861. },
862. {
863. "name": "SysReAllocStringLen",
864. "address": "0x476224"
865. },
866. {
867. "name": "SysAllocStringLen",
868. "address": "0x476228"
869. }
870. ],
871. "dll": "oleaut32.dll"
872. },
873. {
874. "imports": [
875. {
876. "name": "TlsSetValue",
877. "address": "0x476230"
878. },
879. {
880. "name": "TlsGetValue",
881. "address": "0x476234"
882. },
883. {
884. "name": "LocalAlloc",
885. "address": "0x476238"
886. },
887. {
888. "name": "GetModuleHandleA",
889. "address": "0x47623c"
890. }
891. ],
892. "dll": "kernel32.dll"
893. },
894. {
895. "imports": [
896. {
897. "name": "RegQueryValueExA",
898. "address": "0x476244"
899. },
900. {
901. "name": "RegOpenKeyExA",
902. "address": "0x476248"
903. },
904. {
905. "name": "RegCloseKey",
906. "address": "0x47624c"
907. }
908. ],
909. "dll": "advapi32.dll"
910. },
911. {
912. "imports": [
913. {
914. "name": "lstrcpyA",
915. "address": "0x476254"
916. },
917. {
918. "name": "WriteFile",
919. "address": "0x476258"
920. },
921. {
922. "name": "WaitForSingleObject",
923. "address": "0x47625c"
924. },
925. {
926. "name": "VirtualQuery",
927. "address": "0x476260"
928. },
929. {
930. "name": "VirtualAlloc",
931. "address": "0x476264"
932. },
933. {
934. "name": "SuspendThread",
935. "address": "0x476268"
936. },
937. {
938. "name": "Sleep",
939. "address": "0x47626c"
940. },
941. {
942. "name": "SizeofResource",
943. "address": "0x476270"
944. },
945. {
946. "name": "SetThreadPriority",
947. "address": "0x476274"
948. },
949. {
950. "name": "SetThreadLocale",
951. "address": "0x476278"
952. },
953. {
954. "name": "SetFilePointer",
955. "address": "0x47627c"
956. },
957. {
958. "name": "SetEvent",
959. "address": "0x476280"
960. },
961. {
962. "name": "SetErrorMode",
963. "address": "0x476284"
964. },
965. {
966. "name": "SetEndOfFile",
967. "address": "0x476288"
968. },
969. {
970. "name": "ResumeThread",
971. "address": "0x47628c"
972. },
973. {
974. "name": "ResetEvent",
975. "address": "0x476290"
976. },
977. {
978. "name": "ReadFile",
979. "address": "0x476294"
980. },
981. {
982. "name": "MultiByteToWideChar",
983. "address": "0x476298"
984. },
985. {
986. "name": "MulDiv",
987. "address": "0x47629c"
988. },
989. {
990. "name": "LockResource",
991. "address": "0x4762a0"
992. },
993. {
994. "name": "LoadResource",
995. "address": "0x4762a4"
996. },
997. {
998. "name": "LoadLibraryA",
999. "address": "0x4762a8"
1000. },
1001. {
1002. "name": "LeaveCriticalSection",
1003. "address": "0x4762ac"
1004. },
1005. {
1006. "name": "InitializeCriticalSection",
1007. "address": "0x4762b0"
1008. },
1009. {
1010. "name": "GlobalUnlock",
1011. "address": "0x4762b4"
1012. },
1013. {
1014. "name": "GlobalSize",
1015. "address": "0x4762b8"
1016. },
1017. {
1018. "name": "GlobalReAlloc",
1019. "address": "0x4762bc"
1020. },
1021. {
1022. "name": "GlobalHandle",
1023. "address": "0x4762c0"
1024. },
1025. {
1026. "name": "GlobalLock",
1027. "address": "0x4762c4"
1028. },
1029. {
1030. "name": "GlobalFree",
1031. "address": "0x4762c8"
1032. },
1033. {
1034. "name": "GlobalFindAtomA",
1035. "address": "0x4762cc"
1036. },
1037. {
1038. "name": "GlobalDeleteAtom",
1039. "address": "0x4762d0"
1040. },
1041. {
1042. "name": "GlobalAlloc",
1043. "address": "0x4762d4"
1044. },
1045. {
1046. "name": "GlobalAddAtomA",
1047. "address": "0x4762d8"
1048. },
1049. {
1050. "name": "GetVersionExA",
1051. "address": "0x4762dc"
1052. },
1053. {
1054. "name": "GetVersion",
1055. "address": "0x4762e0"
1056. },
1057. {
1058. "name": "GetUserDefaultLCID",
1059. "address": "0x4762e4"
1060. },
1061. {
1062. "name": "GetTickCount",
1063. "address": "0x4762e8"
1064. },
1065. {
1066. "name": "GetThreadLocale",
1067. "address": "0x4762ec"
1068. },
1069. {
1070. "name": "GetTempPathA",
1071. "address": "0x4762f0"
1072. },
1073. {
1074. "name": "GetSystemInfo",
1075. "address": "0x4762f4"
1076. },
1077. {
1078. "name": "GetStringTypeExA",
1079. "address": "0x4762f8"
1080. },
1081. {
1082. "name": "GetStdHandle",
1083. "address": "0x4762fc"
1084. },
1085. {
1086. "name": "GetProfileStringA",
1087. "address": "0x476300"
1088. },
1089. {
1090. "name": "GetProcAddress",
1091. "address": "0x476304"
1092. },
1093. {
1094. "name": "GetModuleHandleA",
1095. "address": "0x476308"
1096. },
1097. {
1098. "name": "GetModuleFileNameA",
1099. "address": "0x47630c"
1100. },
1101. {
1102. "name": "GetLocaleInfoA",
1103. "address": "0x476310"
1104. },
1105. {
1106. "name": "GetLocalTime",
1107. "address": "0x476314"
1108. },
1109. {
1110. "name": "GetLastError",
1111. "address": "0x476318"
1112. },
1113. {
1114. "name": "GetFullPathNameA",
1115. "address": "0x47631c"
1116. },
1117. {
1118. "name": "GetFileSize",
1119. "address": "0x476320"
1120. },
1121. {
1122. "name": "GetExitCodeThread",
1123. "address": "0x476324"
1124. },
1125. {
1126. "name": "GetDiskFreeSpaceA",
1127. "address": "0x476328"
1128. },
1129. {
1130. "name": "GetDateFormatA",
1131. "address": "0x47632c"
1132. },
1133. {
1134. "name": "GetCurrentThreadId",
1135. "address": "0x476330"
1136. },
1137. {
1138. "name": "GetCurrentProcessId",
1139. "address": "0x476334"
1140. },
1141. {
1142. "name": "GetCPInfo",
1143. "address": "0x476338"
1144. },
1145. {
1146. "name": "GetACP",
1147. "address": "0x47633c"
1148. },
1149. {
1150. "name": "FreeResource",
1151. "address": "0x476340"
1152. },
1153. {
1154. "name": "InterlockedIncrement",
1155. "address": "0x476344"
1156. },
1157. {
1158. "name": "InterlockedExchange",
1159. "address": "0x476348"
1160. },
1161. {
1162. "name": "InterlockedDecrement",
1163. "address": "0x47634c"
1164. },
1165. {
1166. "name": "FreeLibrary",
1167. "address": "0x476350"
1168. },
1169. {
1170. "name": "FormatMessageA",
1171. "address": "0x476354"
1172. },
1173. {
1174. "name": "FindResourceA",
1175. "address": "0x476358"
1176. },
1177. {
1178. "name": "FindFirstFileA",
1179. "address": "0x47635c"
1180. },
1181. {
1182. "name": "FindClose",
1183. "address": "0x476360"
1184. },
1185. {
1186. "name": "FileTimeToLocalFileTime",
1187. "address": "0x476364"
1188. },
1189. {
1190. "name": "FileTimeToDosDateTime",
1191. "address": "0x476368"
1192. },
1193. {
1194. "name": "EnumCalendarInfoA",
1195. "address": "0x47636c"
1196. },
1197. {
1198. "name": "EnterCriticalSection",
1199. "address": "0x476370"
1200. },
1201. {
1202. "name": "DeleteCriticalSection",
1203. "address": "0x476374"
1204. },
1205. {
1206. "name": "CreateThread",
1207. "address": "0x476378"
1208. },
1209. {
1210. "name": "CreateFileA",
1211. "address": "0x47637c"
1212. },
1213. {
1214. "name": "CreateEventA",
1215. "address": "0x476380"
1216. },
1217. {
1218. "name": "CompareStringA",
1219. "address": "0x476384"
1220. },
1221. {
1222. "name": "CloseHandle",
1223. "address": "0x476388"
1224. }
1225. ],
1226. "dll": "kernel32.dll"
1227. },
1228. {
1229. "imports": [
1230. {
1231. "name": "VerQueryValueA",
1232. "address": "0x476390"
1233. },
1234. {
1235. "name": "GetFileVersionInfoSizeA",
1236. "address": "0x476394"
1237. },
1238. {
1239. "name": "GetFileVersionInfoA",
1240. "address": "0x476398"
1241. }
1242. ],
1243. "dll": "version.dll"
1244. },
1245. {
1246. "imports": [
1247. {
1248. "name": "UnrealizeObject",
1249. "address": "0x4763a0"
1250. },
1251. {
1252. "name": "StretchBlt",
1253. "address": "0x4763a4"
1254. },
1255. {
1256. "name": "SetWindowOrgEx",
1257. "address": "0x4763a8"
1258. },
1259. {
1260. "name": "SetWinMetaFileBits",
1261. "address": "0x4763ac"
1262. },
1263. {
1264. "name": "SetViewportOrgEx",
1265. "address": "0x4763b0"
1266. },
1267. {
1268. "name": "SetTextColor",
1269. "address": "0x4763b4"
1270. },
1271. {
1272. "name": "SetStretchBltMode",
1273. "address": "0x4763b8"
1274. },
1275. {
1276. "name": "SetROP2",
1277. "address": "0x4763bc"
1278. },
1279. {
1280. "name": "SetPixel",
1281. "address": "0x4763c0"
1282. },
1283. {
1284. "name": "SetMapMode",
1285. "address": "0x4763c4"
1286. },
1287. {
1288. "name": "SetEnhMetaFileBits",
1289. "address": "0x4763c8"
1290. },
1291. {
1292. "name": "SetDIBColorTable",
1293. "address": "0x4763cc"
1294. },
1295. {
1296. "name": "SetBrushOrgEx",
1297. "address": "0x4763d0"
1298. },
1299. {
1300. "name": "SetBkMode",
1301. "address": "0x4763d4"
1302. },
1303. {
1304. "name": "SetBkColor",
1305. "address": "0x4763d8"
1306. },
1307. {
1308. "name": "SelectPalette",
1309. "address": "0x4763dc"
1310. },
1311. {
1312. "name": "SelectObject",
1313. "address": "0x4763e0"
1314. },
1315. {
1316. "name": "ScaleWindowExtEx",
1317. "address": "0x4763e4"
1318. },
1319. {
1320. "name": "SaveDC",
1321. "address": "0x4763e8"
1322. },
1323. {
1324. "name": "RestoreDC",
1325. "address": "0x4763ec"
1326. },
1327. {
1328. "name": "RectVisible",
1329. "address": "0x4763f0"
1330. },
1331. {
1332. "name": "RealizePalette",
1333. "address": "0x4763f4"
1334. },
1335. {
1336. "name": "PlayEnhMetaFile",
1337. "address": "0x4763f8"
1338. },
1339. {
1340. "name": "PatBlt",
1341. "address": "0x4763fc"
1342. },
1343. {
1344. "name": "MoveToEx",
1345. "address": "0x476400"
1346. },
1347. {
1348. "name": "MaskBlt",
1349. "address": "0x476404"
1350. },
1351. {
1352. "name": "LineTo",
1353. "address": "0x476408"
1354. },
1355. {
1356. "name": "LPtoDP",
1357. "address": "0x47640c"
1358. },
1359. {
1360. "name": "IntersectClipRect",
1361. "address": "0x476410"
1362. },
1363. {
1364. "name": "GetWindowOrgEx",
1365. "address": "0x476414"
1366. },
1367. {
1368. "name": "GetWinMetaFileBits",
1369. "address": "0x476418"
1370. },
1371. {
1372. "name": "GetTextMetricsA",
1373. "address": "0x47641c"
1374. },
1375. {
1376. "name": "GetTextExtentPoint32A",
1377. "address": "0x476420"
1378. },
1379. {
1380. "name": "GetSystemPaletteEntries",
1381. "address": "0x476424"
1382. },
1383. {
1384. "name": "GetStockObject",
1385. "address": "0x476428"
1386. },
1387. {
1388. "name": "GetPixel",
1389. "address": "0x47642c"
1390. },
1391. {
1392. "name": "GetPaletteEntries",
1393. "address": "0x476430"
1394. },
1395. {
1396. "name": "GetObjectA",
1397. "address": "0x476434"
1398. },
1399. {
1400. "name": "GetEnhMetaFilePaletteEntries",
1401. "address": "0x476438"
1402. },
1403. {
1404. "name": "GetEnhMetaFileHeader",
1405. "address": "0x47643c"
1406. },
1407. {
1408. "name": "GetEnhMetaFileDescriptionA",
1409. "address": "0x476440"
1410. },
1411. {
1412. "name": "GetEnhMetaFileBits",
1413. "address": "0x476444"
1414. },
1415. {
1416. "name": "GetDeviceCaps",
1417. "address": "0x476448"
1418. },
1419. {
1420. "name": "GetDIBits",
1421. "address": "0x47644c"
1422. },
1423. {
1424. "name": "GetDIBColorTable",
1425. "address": "0x476450"
1426. },
1427. {
1428. "name": "GetDCOrgEx",
1429. "address": "0x476454"
1430. },
1431. {
1432. "name": "GetCurrentPositionEx",
1433. "address": "0x476458"
1434. },
1435. {
1436. "name": "GetClipBox",
1437. "address": "0x47645c"
1438. },
1439. {
1440. "name": "GetBrushOrgEx",
1441. "address": "0x476460"
1442. },
1443. {
1444. "name": "GetBitmapBits",
1445. "address": "0x476464"
1446. },
1447. {
1448. "name": "ExcludeClipRect",
1449. "address": "0x476468"
1450. },
1451. {
1452. "name": "EndPage",
1453. "address": "0x47646c"
1454. },
1455. {
1456. "name": "EndDoc",
1457. "address": "0x476470"
1458. },
1459. {
1460. "name": "DeleteObject",
1461. "address": "0x476474"
1462. },
1463. {
1464. "name": "DeleteEnhMetaFile",
1465. "address": "0x476478"
1466. },
1467. {
1468. "name": "DeleteDC",
1469. "address": "0x47647c"
1470. },
1471. {
1472. "name": "CreateSolidBrush",
1473. "address": "0x476480"
1474. },
1475. {
1476. "name": "CreatePenIndirect",
1477. "address": "0x476484"
1478. },
1479. {
1480. "name": "CreatePalette",
1481. "address": "0x476488"
1482. },
1483. {
1484. "name": "CreateICA",
1485. "address": "0x47648c"
1486. },
1487. {
1488. "name": "CreateHalftonePalette",
1489. "address": "0x476490"
1490. },
1491. {
1492. "name": "CreateFontIndirectA",
1493. "address": "0x476494"
1494. },
1495. {
1496. "name": "CreateEnhMetaFileA",
1497. "address": "0x476498"
1498. },
1499. {
1500. "name": "CreateDIBitmap",
1501. "address": "0x47649c"
1502. },
1503. {
1504. "name": "CreateDIBSection",
1505. "address": "0x4764a0"
1506. },
1507. {
1508. "name": "CreateDCA",
1509. "address": "0x4764a4"
1510. },
1511. {
1512. "name": "CreateCompatibleDC",
1513. "address": "0x4764a8"
1514. },
1515. {
1516. "name": "CreateCompatibleBitmap",
1517. "address": "0x4764ac"
1518. },
1519. {
1520. "name": "CreateBrushIndirect",
1521. "address": "0x4764b0"
1522. },
1523. {
1524. "name": "CreateBitmap",
1525. "address": "0x4764b4"
1526. },
1527. {
1528. "name": "CopyEnhMetaFileA",
1529. "address": "0x4764b8"
1530. },
1531. {
1532. "name": "CloseEnhMetaFile",
1533. "address": "0x4764bc"
1534. },
1535. {
1536. "name": "BitBlt",
1537. "address": "0x4764c0"
1538. }
1539. ],
1540. "dll": "gdi32.dll"
1541. },
1542. {
1543. "imports": [
1544. {
1545. "name": "CreateWindowExA",
1546. "address": "0x4764c8"
1547. },
1548. {
1549. "name": "WindowFromPoint",
1550. "address": "0x4764cc"
1551. },
1552. {
1553. "name": "WinHelpA",
1554. "address": "0x4764d0"
1555. },
1556. {
1557. "name": "WaitMessage",
1558. "address": "0x4764d4"
1559. },
1560. {
1561. "name": "UpdateWindow",
1562. "address": "0x4764d8"
1563. },
1564. {
1565. "name": "UnregisterClassA",
1566. "address": "0x4764dc"
1567. },
1568. {
1569. "name": "UnhookWindowsHookEx",
1570. "address": "0x4764e0"
1571. },
1572. {
1573. "name": "TranslateMessage",
1574. "address": "0x4764e4"
1575. },
1576. {
1577. "name": "TranslateMDISysAccel",
1578. "address": "0x4764e8"
1579. },
1580. {
1581. "name": "TrackPopupMenu",
1582. "address": "0x4764ec"
1583. },
1584. {
1585. "name": "SystemParametersInfoA",
1586. "address": "0x4764f0"
1587. },
1588. {
1589. "name": "ShowWindow",
1590. "address": "0x4764f4"
1591. },
1592. {
1593. "name": "ShowScrollBar",
1594. "address": "0x4764f8"
1595. },
1596. {
1597. "name": "ShowOwnedPopups",
1598. "address": "0x4764fc"
1599. },
1600. {
1601. "name": "ShowCursor",
1602. "address": "0x476500"
1603. },
1604. {
1605. "name": "SetWindowsHookExA",
1606. "address": "0x476504"
1607. },
1608. {
1609. "name": "SetWindowPos",
1610. "address": "0x476508"
1611. },
1612. {
1613. "name": "SetWindowPlacement",
1614. "address": "0x47650c"
1615. },
1616. {
1617. "name": "SetWindowLongA",
1618. "address": "0x476510"
1619. },
1620. {
1621. "name": "SetTimer",
1622. "address": "0x476514"
1623. },
1624. {
1625. "name": "SetScrollRange",
1626. "address": "0x476518"
1627. },
1628. {
1629. "name": "SetScrollPos",
1630. "address": "0x47651c"
1631. },
1632. {
1633. "name": "SetScrollInfo",
1634. "address": "0x476520"
1635. },
1636. {
1637. "name": "SetRect",
1638. "address": "0x476524"
1639. },
1640. {
1641. "name": "SetPropA",
1642. "address": "0x476528"
1643. },
1644. {
1645. "name": "SetParent",
1646. "address": "0x47652c"
1647. },
1648. {
1649. "name": "SetMenuItemInfoA",
1650. "address": "0x476530"
1651. },
1652. {
1653. "name": "SetMenu",
1654. "address": "0x476534"
1655. },
1656. {
1657. "name": "SetForegroundWindow",
1658. "address": "0x476538"
1659. },
1660. {
1661. "name": "SetFocus",
1662. "address": "0x47653c"
1663. },
1664. {
1665. "name": "SetCursor",
1666. "address": "0x476540"
1667. },
1668. {
1669. "name": "SetClassLongA",
1670. "address": "0x476544"
1671. },
1672. {
1673. "name": "SetCapture",
1674. "address": "0x476548"
1675. },
1676. {
1677. "name": "SetActiveWindow",
1678. "address": "0x47654c"
1679. },
1680. {
1681. "name": "SendMessageA",
1682. "address": "0x476550"
1683. },
1684. {
1685. "name": "ScrollWindow",
1686. "address": "0x476554"
1687. },
1688. {
1689. "name": "ScreenToClient",
1690. "address": "0x476558"
1691. },
1692. {
1693. "name": "RemovePropA",
1694. "address": "0x47655c"
1695. },
1696. {
1697. "name": "RemoveMenu",
1698. "address": "0x476560"
1699. },
1700. {
1701. "name": "ReleaseDC",
1702. "address": "0x476564"
1703. },
1704. {
1705. "name": "ReleaseCapture",
1706. "address": "0x476568"
1707. },
1708. {
1709. "name": "RegisterWindowMessageA",
1710. "address": "0x47656c"
1711. },
1712. {
1713. "name": "RegisterClipboardFormatA",
1714. "address": "0x476570"
1715. },
1716. {
1717. "name": "RegisterClassA",
1718. "address": "0x476574"
1719. },
1720. {
1721. "name": "RedrawWindow",
1722. "address": "0x476578"
1723. },
1724. {
1725. "name": "PtInRect",
1726. "address": "0x47657c"
1727. },
1728. {
1729. "name": "PostQuitMessage",
1730. "address": "0x476580"
1731. },
1732. {
1733. "name": "PostMessageA",
1734. "address": "0x476584"
1735. },
1736. {
1737. "name": "PeekMessageA",
1738. "address": "0x476588"
1739. },
1740. {
1741. "name": "OffsetRect",
1742. "address": "0x47658c"
1743. },
1744. {
1745. "name": "OemToCharA",
1746. "address": "0x476590"
1747. },
1748. {
1749. "name": "MsgWaitForMultipleObjects",
1750. "address": "0x476594"
1751. },
1752. {
1753. "name": "MessageBoxA",
1754. "address": "0x476598"
1755. },
1756. {
1757. "name": "MapWindowPoints",
1758. "address": "0x47659c"
1759. },
1760. {
1761. "name": "MapVirtualKeyA",
1762. "address": "0x4765a0"
1763. },
1764. {
1765. "name": "LoadStringA",
1766. "address": "0x4765a4"
1767. },
1768. {
1769. "name": "LoadKeyboardLayoutA",
1770. "address": "0x4765a8"
1771. },
1772. {
1773. "name": "LoadIconA",
1774. "address": "0x4765ac"
1775. },
1776. {
1777. "name": "LoadCursorA",
1778. "address": "0x4765b0"
1779. },
1780. {
1781. "name": "LoadBitmapA",
1782. "address": "0x4765b4"
1783. },
1784. {
1785. "name": "KillTimer",
1786. "address": "0x4765b8"
1787. },
1788. {
1789. "name": "IsZoomed",
1790. "address": "0x4765bc"
1791. },
1792. {
1793. "name": "IsWindowVisible",
1794. "address": "0x4765c0"
1795. },
1796. {
1797. "name": "IsWindowEnabled",
1798. "address": "0x4765c4"
1799. },
1800. {
1801. "name": "IsWindow",
1802. "address": "0x4765c8"
1803. },
1804. {
1805. "name": "IsRectEmpty",
1806. "address": "0x4765cc"
1807. },
1808. {
1809. "name": "IsIconic",
1810. "address": "0x4765d0"
1811. },
1812. {
1813. "name": "IsDialogMessageA",
1814. "address": "0x4765d4"
1815. },
1816. {
1817. "name": "IsChild",
1818. "address": "0x4765d8"
1819. },
1820. {
1821. "name": "InvalidateRect",
1822. "address": "0x4765dc"
1823. },
1824. {
1825. "name": "IntersectRect",
1826. "address": "0x4765e0"
1827. },
1828. {
1829. "name": "InsertMenuItemA",
1830. "address": "0x4765e4"
1831. },
1832. {
1833. "name": "InsertMenuA",
1834. "address": "0x4765e8"
1835. },
1836. {
1837. "name": "InflateRect",
1838. "address": "0x4765ec"
1839. },
1840. {
1841. "name": "GetWindowThreadProcessId",
1842. "address": "0x4765f0"
1843. },
1844. {
1845. "name": "GetWindowTextA",
1846. "address": "0x4765f4"
1847. },
1848. {
1849. "name": "GetWindowRect",
1850. "address": "0x4765f8"
1851. },
1852. {
1853. "name": "GetWindowPlacement",
1854. "address": "0x4765fc"
1855. },
1856. {
1857. "name": "GetWindowLongA",
1858. "address": "0x476600"
1859. },
1860. {
1861. "name": "GetWindowDC",
1862. "address": "0x476604"
1863. },
1864. {
1865. "name": "GetTopWindow",
1866. "address": "0x476608"
1867. },
1868. {
1869. "name": "GetSystemMetrics",
1870. "address": "0x47660c"
1871. },
1872. {
1873. "name": "GetSystemMenu",
1874. "address": "0x476610"
1875. },
1876. {
1877. "name": "GetSysColorBrush",
1878. "address": "0x476614"
1879. },
1880. {
1881. "name": "GetSysColor",
1882. "address": "0x476618"
1883. },
1884. {
1885. "name": "GetSubMenu",
1886. "address": "0x47661c"
1887. },
1888. {
1889. "name": "GetScrollRange",
1890. "address": "0x476620"
1891. },
1892. {
1893. "name": "GetScrollPos",
1894. "address": "0x476624"
1895. },
1896. {
1897. "name": "GetScrollInfo",
1898. "address": "0x476628"
1899. },
1900. {
1901. "name": "GetPropA",
1902. "address": "0x47662c"
1903. },
1904. {
1905. "name": "GetParent",
1906. "address": "0x476630"
1907. },
1908. {
1909. "name": "GetWindow",
1910. "address": "0x476634"
1911. },
1912. {
1913. "name": "GetMessageTime",
1914. "address": "0x476638"
1915. },
1916. {
1917. "name": "GetMenuStringA",
1918. "address": "0x47663c"
1919. },
1920. {
1921. "name": "GetMenuState",
1922. "address": "0x476640"
1923. },
1924. {
1925. "name": "GetMenuItemInfoA",
1926. "address": "0x476644"
1927. },
1928. {
1929. "name": "GetMenuItemID",
1930. "address": "0x476648"
1931. },
1932. {
1933. "name": "GetMenuItemCount",
1934. "address": "0x47664c"
1935. },
1936. {
1937. "name": "GetMenu",
1938. "address": "0x476650"
1939. },
1940. {
1941. "name": "GetLastActivePopup",
1942. "address": "0x476654"
1943. },
1944. {
1945. "name": "GetKeyboardState",
1946. "address": "0x476658"
1947. },
1948. {
1949. "name": "GetKeyboardLayoutList",
1950. "address": "0x47665c"
1951. },
1952. {
1953. "name": "GetKeyboardLayout",
1954. "address": "0x476660"
1955. },
1956. {
1957. "name": "GetKeyState",
1958. "address": "0x476664"
1959. },
1960. {
1961. "name": "GetKeyNameTextA",
1962. "address": "0x476668"
1963. },
1964. {
1965. "name": "GetIconInfo",
1966. "address": "0x47666c"
1967. },
1968. {
1969. "name": "GetForegroundWindow",
1970. "address": "0x476670"
1971. },
1972. {
1973. "name": "GetFocus",
1974. "address": "0x476674"
1975. },
1976. {
1977. "name": "GetDesktopWindow",
1978. "address": "0x476678"
1979. },
1980. {
1981. "name": "GetDCEx",
1982. "address": "0x47667c"
1983. },
1984. {
1985. "name": "GetDC",
1986. "address": "0x476680"
1987. },
1988. {
1989. "name": "GetCursorPos",
1990. "address": "0x476684"
1991. },
1992. {
1993. "name": "GetCursor",
1994. "address": "0x476688"
1995. },
1996. {
1997. "name": "GetClipboardData",
1998. "address": "0x47668c"
1999. },
2000. {
2001. "name": "GetClientRect",
2002. "address": "0x476690"
2003. },
2004. {
2005. "name": "GetClassNameA",
2006. "address": "0x476694"
2007. },
2008. {
2009. "name": "GetClassInfoA",
2010. "address": "0x476698"
2011. },
2012. {
2013. "name": "GetCapture",
2014. "address": "0x47669c"
2015. },
2016. {
2017. "name": "GetActiveWindow",
2018. "address": "0x4766a0"
2019. },
2020. {
2021. "name": "FrameRect",
2022. "address": "0x4766a4"
2023. },
2024. {
2025. "name": "FindWindowA",
2026. "address": "0x4766a8"
2027. },
2028. {
2029. "name": "FillRect",
2030. "address": "0x4766ac"
2031. },
2032. {
2033. "name": "EqualRect",
2034. "address": "0x4766b0"
2035. },
2036. {
2037. "name": "EnumWindows",
2038. "address": "0x4766b4"
2039. },
2040. {
2041. "name": "EnumThreadWindows",
2042. "address": "0x4766b8"
2043. },
2044. {
2045. "name": "EndPaint",
2046. "address": "0x4766bc"
2047. },
2048. {
2049. "name": "EnableWindow",
2050. "address": "0x4766c0"
2051. },
2052. {
2053. "name": "EnableScrollBar",
2054. "address": "0x4766c4"
2055. },
2056. {
2057. "name": "EnableMenuItem",
2058. "address": "0x4766c8"
2059. },
2060. {
2061. "name": "DrawTextA",
2062. "address": "0x4766cc"
2063. },
2064. {
2065. "name": "DrawMenuBar",
2066. "address": "0x4766d0"
2067. },
2068. {
2069. "name": "DrawIconEx",
2070. "address": "0x4766d4"
2071. },
2072. {
2073. "name": "DrawIcon",
2074. "address": "0x4766d8"
2075. },
2076. {
2077. "name": "DrawFrameControl",
2078. "address": "0x4766dc"
2079. },
2080. {
2081. "name": "DrawEdge",
2082. "address": "0x4766e0"
2083. },
2084. {
2085. "name": "DispatchMessageA",
2086. "address": "0x4766e4"
2087. },
2088. {
2089. "name": "DestroyWindow",
2090. "address": "0x4766e8"
2091. },
2092. {
2093. "name": "DestroyMenu",
2094. "address": "0x4766ec"
2095. },
2096. {
2097. "name": "DestroyIcon",
2098. "address": "0x4766f0"
2099. },
2100. {
2101. "name": "DestroyCursor",
2102. "address": "0x4766f4"
2103. },
2104. {
2105. "name": "DeleteMenu",
2106. "address": "0x4766f8"
2107. },
2108. {
2109. "name": "DefWindowProcA",
2110. "address": "0x4766fc"
2111. },
2112. {
2113. "name": "DefMDIChildProcA",
2114. "address": "0x476700"
2115. },
2116. {
2117. "name": "DefFrameProcA",
2118. "address": "0x476704"
2119. },
2120. {
2121. "name": "CreatePopupMenu",
2122. "address": "0x476708"
2123. },
2124. {
2125. "name": "CreateMenu",
2126. "address": "0x47670c"
2127. },
2128. {
2129. "name": "CreateIcon",
2130. "address": "0x476710"
2131. },
2132. {
2133. "name": "ClientToScreen",
2134. "address": "0x476714"
2135. },
2136. {
2137. "name": "CheckMenuItem",
2138. "address": "0x476718"
2139. },
2140. {
2141. "name": "CallWindowProcA",
2142. "address": "0x47671c"
2143. },
2144. {
2145. "name": "CallNextHookEx",
2146. "address": "0x476720"
2147. },
2148. {
2149. "name": "BeginPaint",
2150. "address": "0x476724"
2151. },
2152. {
2153. "name": "CharNextA",
2154. "address": "0x476728"
2155. },
2156. {
2157. "name": "CharLowerBuffA",
2158. "address": "0x47672c"
2159. },
2160. {
2161. "name": "CharLowerA",
2162. "address": "0x476730"
2163. },
2164. {
2165. "name": "CharToOemA",
2166. "address": "0x476734"
2167. },
2168. {
2169. "name": "AdjustWindowRectEx",
2170. "address": "0x476738"
2171. },
2172. {
2173. "name": "ActivateKeyboardLayout",
2174. "address": "0x47673c"
2175. }
2176. ],
2177. "dll": "user32.dll"
2178. },
2179. {
2180. "imports": [
2181. {
2182. "name": "Sleep",
2183. "address": "0x476744"
2184. }
2185. ],
2186. "dll": "kernel32.dll"
2187. },
2188. {
2189. "imports": [
2190. {
2191. "name": "SafeArrayPtrOfIndex",
2192. "address": "0x47674c"
2193. },
2194. {
2195. "name": "SafeArrayGetUBound",
2196. "address": "0x476750"
2197. },
2198. {
2199. "name": "SafeArrayGetLBound",
2200. "address": "0x476754"
2201. },
2202. {
2203. "name": "SafeArrayCreate",
2204. "address": "0x476758"
2205. },
2206. {
2207. "name": "VariantChangeType",
2208. "address": "0x47675c"
2209. },
2210. {
2211. "name": "VariantCopy",
2212. "address": "0x476760"
2213. },
2214. {
2215. "name": "VariantClear",
2216. "address": "0x476764"
2217. },
2218. {
2219. "name": "VariantInit",
2220. "address": "0x476768"
2221. }
2222. ],
2223. "dll": "oleaut32.dll"
2224. },
2225. {
2226. "imports": [
2227. {
2228. "name": "CreateStreamOnHGlobal",
2229. "address": "0x476770"
2230. },
2231. {
2232. "name": "IsAccelerator",
2233. "address": "0x476774"
2234. },
2235. {
2236. "name": "OleDraw",
2237. "address": "0x476778"
2238. },
2239. {
2240. "name": "OleSetMenuDescriptor",
2241. "address": "0x47677c"
2242. },
2243. {
2244. "name": "CoCreateInstance",
2245. "address": "0x476780"
2246. },
2247. {
2248. "name": "CoGetClassObject",
2249. "address": "0x476784"
2250. },
2251. {
2252. "name": "CoUninitialize",
2253. "address": "0x476788"
2254. },
2255. {
2256. "name": "CoInitialize",
2257. "address": "0x47678c"
2258. },
2259. {
2260. "name": "IsEqualGUID",
2261. "address": "0x476790"
2262. }
2263. ],
2264. "dll": "ole32.dll"
2265. },
2266. {
2267. "imports": [
2268. {
2269. "name": "GetErrorInfo",
2270. "address": "0x476798"
2271. },
2272. {
2273. "name": "SysFreeString",
2274. "address": "0x47679c"
2275. }
2276. ],
2277. "dll": "oleaut32.dll"
2278. },
2279. {
2280. "imports": [
2281. {
2282. "name": "ImageList_SetIconSize",
2283. "address": "0x4767a4"
2284. },
2285. {
2286. "name": "ImageList_GetIconSize",
2287. "address": "0x4767a8"
2288. },
2289. {
2290. "name": "ImageList_Write",
2291. "address": "0x4767ac"
2292. },
2293. {
2294. "name": "ImageList_Read",
2295. "address": "0x4767b0"
2296. },
2297. {
2298. "name": "ImageList_GetDragImage",
2299. "address": "0x4767b4"
2300. },
2301. {
2302. "name": "ImageList_DragShowNolock",
2303. "address": "0x4767b8"
2304. },
2305. {
2306. "name": "ImageList_SetDragCursorImage",
2307. "address": "0x4767bc"
2308. },
2309. {
2310. "name": "ImageList_DragMove",
2311. "address": "0x4767c0"
2312. },
2313. {
2314. "name": "ImageList_DragLeave",
2315. "address": "0x4767c4"
2316. },
2317. {
2318. "name": "ImageList_DragEnter",
2319. "address": "0x4767c8"
2320. },
2321. {
2322. "name": "ImageList_EndDrag",
2323. "address": "0x4767cc"
2324. },
2325. {
2326. "name": "ImageList_BeginDrag",
2327. "address": "0x4767d0"
2328. },
2329. {
2330. "name": "ImageList_Remove",
2331. "address": "0x4767d4"
2332. },
2333. {
2334. "name": "ImageList_DrawEx",
2335. "address": "0x4767d8"
2336. },
2337. {
2338. "name": "ImageList_Draw",
2339. "address": "0x4767dc"
2340. },
2341. {
2342. "name": "ImageList_GetBkColor",
2343. "address": "0x4767e0"
2344. },
2345. {
2346. "name": "ImageList_SetBkColor",
2347. "address": "0x4767e4"
2348. },
2349. {
2350. "name": "ImageList_ReplaceIcon",
2351. "address": "0x4767e8"
2352. },
2353. {
2354. "name": "ImageList_Add",
2355. "address": "0x4767ec"
2356. },
2357. {
2358. "name": "ImageList_GetImageCount",
2359. "address": "0x4767f0"
2360. },
2361. {
2362. "name": "ImageList_Destroy",
2363. "address": "0x4767f4"
2364. },
2365. {
2366. "name": "ImageList_Create",
2367. "address": "0x4767f8"
2368. }
2369. ],
2370. "dll": "comctl32.dll"
2371. },
2372. {
2373. "imports": [
2374. {
2375. "name": "OpenPrinterA",
2376. "address": "0x476800"
2377. },
2378. {
2379. "name": "EnumPrintersA",
2380. "address": "0x476804"
2381. },
2382. {
2383. "name": "DocumentPropertiesA",
2384. "address": "0x476808"
2385. },
2386. {
2387. "name": "ClosePrinter",
2388. "address": "0x47680c"
2389. }
2390. ],
2391. "dll": "winspool.drv"
2392. },
2393. {
2394. "imports": [
2395. {
2396. "name": "PrintDlgA",
2397. "address": "0x476814"
2398. }
2399. ],
2400. "dll": "comdlg32.dll"
2401. }
2402. ],
2403. "digital_signers": null,
2404. "exported_dll_name": null,
2405. "actual_checksum": "0x000a8994",
2406. "overlay": null,
2407. "imagebase": "0x00400000",
2408. "reported_checksum": "0x00000000",
2409. "icon_hash": null,
2410. "entrypoint": "0x0046a7a0",
2411. "timestamp": "1992-04-26 01:18:37",
2412. "osversion": "4.0",
2413. "sections": [
2414. {
2415. "name": "CODE",
2416. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2417. "virtual_address": "0x00001000",
2418. "size_of_data": "0x00069800",
2419. "entropy": "6.53",
2420. "raw_address": "0x00000400",
2421. "virtual_size": "0x000697e8",
2422. "characteristics_raw": "0x60000020"
2423. },
2424. {
2425. "name": "DATA",
2426. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2427. "virtual_address": "0x0006b000",
2428. "size_of_data": "0x00009e00",
2429. "entropy": "5.04",
2430. "raw_address": "0x00069c00",
2431. "virtual_size": "0x00009ca8",
2432. "characteristics_raw": "0xc0000040"
2433. },
2434. {
2435. "name": "BSS",
2436. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2437. "virtual_address": "0x00075000",
2438. "size_of_data": "0x00000000",
2439. "entropy": "0.00",
2440. "raw_address": "0x00073a00",
2441. "virtual_size": "0x00000fa9",
2442. "characteristics_raw": "0xc0000000"
2443. },
2444. {
2445. "name": ".idata",
2446. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2447. "virtual_address": "0x00076000",
2448. "size_of_data": "0x00002600",
2449. "entropy": "4.83",
2450. "raw_address": "0x00073a00",
2451. "virtual_size": "0x000024c6",
2452. "characteristics_raw": "0xc0000040"
2453. },
2454. {
2455. "name": ".tls",
2456. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2457. "virtual_address": "0x00079000",
2458. "size_of_data": "0x00000000",
2459. "entropy": "0.00",
2460. "raw_address": "0x00076000",
2461. "virtual_size": "0x00000010",
2462. "characteristics_raw": "0xc0000000"
2463. },
2464. {
2465. "name": ".rdata",
2466. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2467. "virtual_address": "0x0007a000",
2468. "size_of_data": "0x00000200",
2469. "entropy": "0.21",
2470. "raw_address": "0x00076000",
2471. "virtual_size": "0x00000018",
2472. "characteristics_raw": "0x50000040"
2473. },
2474. {
2475. "name": ".reloc",
2476. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2477. "virtual_address": "0x0007b000",
2478. "size_of_data": "0x00008400",
2479. "entropy": "6.65",
2480. "raw_address": "0x00076200",
2481. "virtual_size": "0x000083a4",
2482. "characteristics_raw": "0x50000040"
2483. },
2484. {
2485. "name": ".rsrc",
2486. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2487. "virtual_address": "0x00084000",
2488. "size_of_data": "0x0002a000",
2489. "entropy": "6.96",
2490. "raw_address": "0x0007e600",
2491. "virtual_size": "0x00029e20",
2492. "characteristics_raw": "0x50000040"
2493. }
2494. ],
2495. "resources": [],
2496. "dirents": [
2497. {
2498. "virtual_address": "0x00000000",
2499. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2500. "size": "0x00000000"
2501. },
2502. {
2503. "virtual_address": "0x00076000",
2504. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2505. "size": "0x000024c6"
2506. },
2507. {
2508. "virtual_address": "0x00084000",
2509. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2510. "size": "0x00029e20"
2511. },
2512. {
2513. "virtual_address": "0x00000000",
2514. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2515. "size": "0x00000000"
2516. },
2517. {
2518. "virtual_address": "0x00000000",
2519. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2520. "size": "0x00000000"
2521. },
2522. {
2523. "virtual_address": "0x0007b000",
2524. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2525. "size": "0x000083a4"
2526. },
2527. {
2528. "virtual_address": "0x00000000",
2529. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2530. "size": "0x00000000"
2531. },
2532. {
2533. "virtual_address": "0x00000000",
2534. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2535. "size": "0x00000000"
2536. },
2537. {
2538. "virtual_address": "0x00000000",
2539. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2540. "size": "0x00000000"
2541. },
2542. {
2543. "virtual_address": "0x0007a000",
2544. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2545. "size": "0x00000018"
2546. },
2547. {
2548. "virtual_address": "0x00000000",
2549. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2550. "size": "0x00000000"
2551. },
2552. {
2553. "virtual_address": "0x00000000",
2554. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2555. "size": "0x00000000"
2556. },
2557. {
2558. "virtual_address": "0x00000000",
2559. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2560. "size": "0x00000000"
2561. },
2562. {
2563. "virtual_address": "0x00000000",
2564. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2565. "size": "0x00000000"
2566. },
2567. {
2568. "virtual_address": "0x00000000",
2569. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2570. "size": "0x00000000"
2571. },
2572. {
2573. "virtual_address": "0x00000000",
2574. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2575. "size": "0x00000000"
2576. }
2577. ],
2578. "exports": [],
2579. "guest_signers": {},
2580. "imphash": "d553c8d26e9a2369ccc8481987fa6051",
2581. "icon_fuzzy": null,
2582. "icon": null,
2583. "pdbpath": null,
2584. "imported_dll_count": 17,
2585. "versioninfo": []
2586. }
2587. }
2588.  
2589. [*] Resolved APIs: [
2590. "kernel32.dll.GetDiskFreeSpaceExA",
2591. "oleaut32.dll.VariantChangeTypeEx",
2592. "oleaut32.dll.VarNeg",
2593. "oleaut32.dll.VarNot",
2594. "oleaut32.dll.VarAdd",
2595. "oleaut32.dll.VarSub",
2596. "oleaut32.dll.VarMul",
2597. "oleaut32.dll.VarDiv",
2598. "oleaut32.dll.VarIdiv",
2599. "oleaut32.dll.VarMod",
2600. "oleaut32.dll.VarAnd",
2601. "oleaut32.dll.VarOr",
2602. "oleaut32.dll.VarXor",
2603. "oleaut32.dll.VarCmp",
2604. "oleaut32.dll.VarI4FromStr",
2605. "oleaut32.dll.VarR4FromStr",
2606. "oleaut32.dll.VarR8FromStr",
2607. "oleaut32.dll.VarDateFromStr",
2608. "oleaut32.dll.VarCyFromStr",
2609. "oleaut32.dll.VarBoolFromStr",
2610. "oleaut32.dll.VarBstrFromCy",
2611. "oleaut32.dll.VarBstrFromDate",
2612. "oleaut32.dll.VarBstrFromBool",
2613. "user32.dll.GetMonitorInfoA",
2614. "user32.dll.GetSystemMetrics",
2615. "user32.dll.EnumDisplayMonitors",
2616. "dwmapi.dll.DwmIsCompositionEnabled",
2617. "gdi32.dll.GetLayout",
2618. "gdi32.dll.GdiRealizationInfo",
2619. "gdi32.dll.FontIsLinked",
2620. "advapi32.dll.RegOpenKeyExW",
2621. "advapi32.dll.RegQueryInfoKeyW",
2622. "gdi32.dll.GetTextFaceAliasW",
2623. "advapi32.dll.RegEnumValueW",
2624. "advapi32.dll.RegCloseKey",
2625. "advapi32.dll.RegQueryValueExW",
2626. "gdi32.dll.GetFontAssocStatus",
2627. "advapi32.dll.RegQueryValueExA",
2628. "advapi32.dll.RegEnumKeyExW",
2629. "gdi32.dll.GdiIsMetaPrintDC",
2630. "user32.dll.AnimateWindow",
2631. "comctl32.dll.InitializeFlatSB",
2632. "comctl32.dll.UninitializeFlatSB",
2633. "comctl32.dll.FlatSB_GetScrollProp",
2634. "comctl32.dll.FlatSB_SetScrollProp",
2635. "comctl32.dll.FlatSB_EnableScrollBar",
2636. "comctl32.dll.FlatSB_ShowScrollBar",
2637. "comctl32.dll.FlatSB_GetScrollRange",
2638. "comctl32.dll.FlatSB_GetScrollInfo",
2639. "comctl32.dll.FlatSB_GetScrollPos",
2640. "comctl32.dll.FlatSB_SetScrollPos",
2641. "comctl32.dll.FlatSB_SetScrollInfo",
2642. "comctl32.dll.FlatSB_SetScrollRange",
2643. "user32.dll.SetLayeredWindowAttributes",
2644. "ole32.dll.CoCreateInstanceEx",
2645. "ole32.dll.CoInitializeEx",
2646. "ole32.dll.CoAddRefServerProcess",
2647. "ole32.dll.CoReleaseServerProcess",
2648. "ole32.dll.CoResumeClassObjects",
2649. "ole32.dll.CoSuspendClassObjects",
2650. "olepro32.dll.OleCreatePropertyFrame",
2651. "olepro32.dll.OleCreateFontIndirect",
2652. "olepro32.dll.OleCreatePictureIndirect",
2653. "olepro32.dll.OleLoadPicture",
2654. "crypt32.dll.CryptUnprotectData",
2655. "crtdll.dll.wcscmp",
2656. "gdiplus.dll.GdiplusStartup",
2657. "gdiplus.dll.GdiplusShutdown",
2658. "gdiplus.dll.GdipCreateBitmapFromHBITMAP",
2659. "gdiplus.dll.GdipGetImageEncodersSize",
2660. "gdiplus.dll.GdipGetImageEncoders",
2661. "gdiplus.dll.GdipDisposeImage",
2662. "gdiplus.dll.GdipSaveImageToStream",
2663. "ole32.dll.CreateStreamOnHGlobal",
2664. "ole32.dll.GetHGlobalFromStream",
2665. "kernel32.dll.ExpandEnvironmentStringsW",
2666. "kernel32.dll.GetComputerNameW",
2667. "kernel32.dll.GlobalMemoryStatus",
2668. "kernel32.dll.CreateFileW",
2669. "kernel32.dll.GetFileSize",
2670. "kernel32.dll.CloseHandle",
2671. "kernel32.dll.ReadFile",
2672. "kernel32.dll.GetFileAttributesW",
2673. "kernel32.dll.CreateMutexA",
2674. "kernel32.dll.ReleaseMutex",
2675. "kernel32.dll.GetLastError",
2676. "kernel32.dll.GetCurrentDirectoryW",
2677. "kernel32.dll.SetEnvironmentVariableW",
2678. "kernel32.dll.SetCurrentDirectoryW",
2679. "kernel32.dll.FindFirstFileW",
2680. "kernel32.dll.FindNextFileW",
2681. "kernel32.dll.LocalFree",
2682. "kernel32.dll.GetTickCount",
2683. "kernel32.dll.CopyFileW",
2684. "kernel32.dll.FindClose",
2685. "kernel32.dll.GlobalMemoryStatusEx",
2686. "kernel32.dll.CreateToolhelp32Snapshot",
2687. "kernel32.dll.Process32FirstW",
2688. "kernel32.dll.Process32NextW",
2689. "kernel32.dll.GetModuleFileNameW",
2690. "kernel32.dll.SetDllDirectoryW",
2691. "kernel32.dll.GetLocaleInfoA",
2692. "kernel32.dll.GetLocalTime",
2693. "kernel32.dll.GetTimeZoneInformation",
2694. "kernel32.dll.RemoveDirectoryW",
2695. "kernel32.dll.DeleteFileW",
2696. "kernel32.dll.GetLogicalDriveStringsA",
2697. "kernel32.dll.GetDriveTypeA",
2698. "kernel32.dll.CreateProcessW",
2699. "advapi32.dll.GetUserNameW",
2700. "advapi32.dll.RegCreateKeyExW",
2701. "advapi32.dll.AllocateAndInitializeSid",
2702. "advapi32.dll.LookupAccountSidA",
2703. "advapi32.dll.CreateProcessAsUserW",
2704. "advapi32.dll.CheckTokenMembership",
2705. "advapi32.dll.RegOpenKeyW",
2706. "advapi32.dll.RegEnumKeyW",
2707. "advapi32.dll.CryptAcquireContextA",
2708. "advapi32.dll.CryptCreateHash",
2709. "advapi32.dll.CryptHashData",
2710. "advapi32.dll.CryptGetHashParam",
2711. "advapi32.dll.CryptDestroyHash",
2712. "advapi32.dll.CryptReleaseContext",
2713. "user32.dll.EnumDisplayDevicesW",
2714. "user32.dll.wvsprintfA",
2715. "user32.dll.GetKeyboardLayoutList",
2716. "shell32.dll.ShellExecuteExW",
2717. "ntdll.dll.RtlComputeCrc32",
2718. "sechost.dll.LookupAccountSidLocalA",
2719. "wininet.dll.InternetOpenA",
2720. "wininet.dll.InternetConnectA",
2721. "wininet.dll.HttpOpenRequestA",
2722. "wininet.dll.HttpAddRequestHeadersA",
2723. "wininet.dll.HttpSendRequestA",
2724. "wininet.dll.InternetReadFile",
2725. "wininet.dll.InternetCloseHandle",
2726. "wininet.dll.InternetCrackUrlA",
2727. "wininet.dll.InternetSetOptionA",
2728. "rasapi32.dll.RasConnectionNotificationW",
2729. "sechost.dll.NotifyServiceStatusChangeA",
2730. "cryptbase.dll.SystemFunction036",
2731. "nss3.dll.sqlite3_open",
2732. "nss3.dll.sqlite3_close",
2733. "nss3.dll.sqlite3_prepare_v2",
2734. "nss3.dll.sqlite3_step",
2735. "nss3.dll.sqlite3_column_text",
2736. "nss3.dll.sqlite3_column_bytes",
2737. "nss3.dll.sqlite3_finalize",
2738. "nss3.dll.NSS_Init",
2739. "nss3.dll.PK11_GetInternalKeySlot",
2740. "nss3.dll.PK11_Authenticate",
2741. "nss3.dll.PK11SDR_Decrypt",
2742. "nss3.dll.NSS_Shutdown",
2743. "nss3.dll.PK11_FreeSlot",
2744. "kernel32.dll.InitializeCriticalSectionEx",
2745. "ole32.dll.CLSIDFromString",
2746. "vaultcli.dll.VaultOpenVault",
2747. "vaultcli.dll.VaultEnumerateItems",
2748. "vaultcli.dll.VaultGetItem",
2749. "uxtheme.dll.ThemeInitApiHook",
2750. "user32.dll.IsProcessDPIAware",
2751. "mlang.dll.#112",
2752. "wininet.dll.FindFirstUrlCacheEntryA",
2753. "urlmon.dll.CreateUri",
2754. "wininet.dll.FindNextUrlCacheEntryA",
2755. "urlmon.dll.CreateIUriBuilder",
2756. "urlmon.dll.IntlPercentEncodeNormalize",
2757. "wininet.dll.FindCloseUrlCache",
2758. "rpcrt4.dll.RpcStringBindingComposeW",
2759. "rpcrt4.dll.RpcBindingFromStringBindingW",
2760. "rpcrt4.dll.NdrClientCall2",
2761. "cryptbase.dll.SystemFunction041",
2762. "rpcrt4.dll.RpcStringFreeW",
2763. "rpcrt4.dll.RpcBindingFree",
2764. "kernel32.dll.IsProcessorFeaturePresent",
2765. "user32.dll.GetWindowInfo",
2766. "user32.dll.GetAncestor",
2767. "user32.dll.EnumDisplayDevicesA",
2768. "gdi32.dll.ExtTextOutW",
2769. "kernel32.dll.FlsGetValue",
2770. "windowscodecs.dll.DllGetClassObject",
2771. "kernel32.dll.WerRegisterMemoryBlock",
2772. "oleaut32.dll.#8",
2773. "oleaut32.dll.#9",
2774. "oleaut32.dll.#10",
2775. "kernel32.dll.IsWow64Process",
2776. "kernel32.dll.FlsFree",
2777. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
2778. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
2779. "comctl32.dll.#386",
2780. "advapi32.dll.UnregisterTraceGuids",
2781. "comctl32.dll.#321",
2782. "kernel32.dll.SetThreadUILanguage",
2783. "kernel32.dll.CopyFileExW",
2784. "kernel32.dll.IsDebuggerPresent",
2785. "kernel32.dll.SetConsoleInputExeNameW",
2786. "kernel32.dll.SortGetHandle",
2787. "kernel32.dll.SortCloseHandle",
2788. "sechost.dll.LookupAccountNameLocalW",
2789. "advapi32.dll.LookupAccountSidW",
2790. "sechost.dll.LookupAccountSidLocalW",
2791. "wersvc.dll.ServiceMain",
2792. "wersvc.dll.SvchostPushServiceGlobals",
2793. "advapi32.dll.RegGetValueW",
2794. "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2795. "faultrep.dll.WerpInitiateCrashReporting",
2796. "wer.dll.WerpCreateMachineStore",
2797. "shell32.dll.SHGetFolderPathEx",
2798. "ole32.dll.StringFromGUID2",
2799. "profapi.dll.#104",
2800. "userenv.dll.CreateEnvironmentBlock",
2801. "sechost.dll.ConvertSidToStringSidW",
2802. "sspicli.dll.GetUserNameExW",
2803. "userenv.dll.DestroyEnvironmentBlock",
2804. "wer.dll.WerpSvcReportFromMachineQueue",
2805. "advapi32.dll.OpenProcessToken",
2806. "advapi32.dll.DuplicateToken",
2807. "advapi32.dll.FreeSid",
2808. "wtsapi32.dll.WTSQueryUserToken",
2809. "winsta.dll.WinStationQueryInformationW",
2810. "advapi32.dll.CreateWellKnownSid",
2811. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
2812. "rpcrt4.dll.NdrClientCall3",
2813. "advapi32.dll.ImpersonateLoggedOnUser",
2814. "advapi32.dll.RevertToSelf",
2815. "ole32.dll.CoInitializeSecurity",
2816. "ole32.dll.CoCreateInstance",
2817. "w32time.dll.SvchostEntry_W32Time",
2818. "w32time.dll.SvchostPushServiceGlobals",
2819. "ws2_32.dll.#115",
2820. "ws2_32.dll.WSASocketW",
2821. "ws2_32.dll.WSAIoctl",
2822. "ws2_32.dll.#111",
2823. "userenv.dll.RegisterGPNotification",
2824. "gpapi.dll.RegisterGPNotificationInternal",
2825. "sechost.dll.OpenSCManagerW",
2826. "sechost.dll.OpenServiceW",
2827. "sechost.dll.CloseServiceHandle",
2828. "sechost.dll.QueryServiceConfigW",
2829. "dsrole.dll.DsRoleGetPrimaryDomainInformation",
2830. "dsrole.dll.DsRoleFreeMemory",
2831. "sspicli.dll.LsaRegisterPolicyChangeNotification",
2832. "w32time.dll.TimeProvClose",
2833. "w32time.dll.TimeProvCommand",
2834. "w32time.dll.TimeProvOpen",
2835. "ws2_32.dll.getaddrinfo",
2836. "ws2_32.dll.freeaddrinfo",
2837. "ws2_32.dll.#23",
2838. "ws2_32.dll.#21",
2839. "ws2_32.dll.#2",
2840. "ws2_32.dll.WSAEventSelect",
2841. "ws2_32.dll.GetAddrInfoW",
2842. "vmictimeprovider.dll.TimeProvClose",
2843. "vmictimeprovider.dll.TimeProvCommand",
2844. "vmictimeprovider.dll.TimeProvOpen",
2845. "advapi32.dll.EventRegister",
2846. "advapi32.dll.EventEnabled",
2847. "advapi32.dll.EventWrite",
2848. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
2849. "ws2_32.dll.FreeAddrInfoW",
2850. "ws2_32.dll.WSAAddressToStringW",
2851. "ws2_32.dll.#3",
2852. "ws2_32.dll.#116",
2853. "advapi32.dll.EventUnregister",
2854. "sspicli.dll.LsaUnregisterPolicyChangeNotification",
2855. "userenv.dll.UnregisterGPNotification",
2856. "gpapi.dll.UnregisterGPNotificationInternal",
2857. "imm32.dll.ImmDisableIME",
2858. "psapi.dll.GetModuleFileNameExW",
2859. "version.dll.GetFileVersionInfoSizeW",
2860. "version.dll.GetFileVersionInfoW",
2861. "version.dll.VerQueryValueW",
2862. "wer.dll.WerpCreateIntegratorReportId",
2863. "wer.dll.WerReportCreate",
2864. "wer.dll.WerpSetIntegratorReportId",
2865. "wer.dll.WerReportSetParameter",
2866. "dbgeng.dll.DebugCreate",
2867. "ntdll.dll.CsrGetProcessId",
2868. "ntdll.dll.DbgBreakPoint",
2869. "ntdll.dll.DbgPrint",
2870. "ntdll.dll.DbgPrompt",
2871. "ntdll.dll.DbgUiConvertStateChangeStructure",
2872. "ntdll.dll.DbgUiGetThreadDebugObject",
2873. "ntdll.dll.DbgUiIssueRemoteBreakin",
2874. "ntdll.dll.DbgUiSetThreadDebugObject",
2875. "ntdll.dll.NtAllocateVirtualMemory",
2876. "ntdll.dll.NtClose",
2877. "ntdll.dll.NtCreateDebugObject",
2878. "ntdll.dll.NtCreateFile",
2879. "ntdll.dll.NtDebugActiveProcess",
2880. "ntdll.dll.NtDebugContinue",
2881. "ntdll.dll.NtFreeVirtualMemory",
2882. "ntdll.dll.NtOpenProcess",
2883. "ntdll.dll.NtOpenThread",
2884. "ntdll.dll.NtQueryInformationProcess",
2885. "ntdll.dll.NtQueryInformationThread",
2886. "ntdll.dll.NtQueryMutant",
2887. "ntdll.dll.NtQueryObject",
2888. "ntdll.dll.NtQuerySystemInformation",
2889. "ntdll.dll.NtRemoveProcessDebug",
2890. "ntdll.dll.NtResumeThread",
2891. "ntdll.dll.NtSetInformationDebugObject",
2892. "ntdll.dll.NtSetInformationProcess",
2893. "ntdll.dll.NtSystemDebugControl",
2894. "ntdll.dll.NtWaitForDebugEvent",
2895. "ntdll.dll.RtlAnsiStringToUnicodeString",
2896. "ntdll.dll.RtlCreateProcessParameters",
2897. "ntdll.dll.RtlCreateUserProcess",
2898. "ntdll.dll.RtlDestroyProcessParameters",
2899. "ntdll.dll.RtlDosPathNameToNtPathName_U",
2900. "ntdll.dll.RtlFindMessage",
2901. "ntdll.dll.RtlFreeHeap",
2902. "ntdll.dll.RtlFreeUnicodeString",
2903. "ntdll.dll.RtlGetFunctionTableListHead",
2904. "ntdll.dll.RtlGetUnloadEventTrace",
2905. "ntdll.dll.RtlGetUnloadEventTraceEx",
2906. "ntdll.dll.RtlInitAnsiString",
2907. "ntdll.dll.RtlInitUnicodeString",
2908. "ntdll.dll.RtlTryEnterCriticalSection",
2909. "ntdll.dll.RtlUnicodeStringToAnsiString",
2910. "ntdll.dll.NtOpenProcessToken",
2911. "ntdll.dll.NtOpenThreadToken",
2912. "ntdll.dll.NtQueryInformationToken",
2913. "kernel32.dll.CloseProfileUserMapping",
2914. "kernel32.dll.DebugActiveProcessStop",
2915. "kernel32.dll.DebugBreak",
2916. "kernel32.dll.DebugBreakProcess",
2917. "kernel32.dll.DebugSetProcessKillOnExit",
2918. "kernel32.dll.Module32First",
2919. "kernel32.dll.Module32FirstW",
2920. "kernel32.dll.Module32Next",
2921. "kernel32.dll.Module32NextW",
2922. "kernel32.dll.OpenThread",
2923. "kernel32.dll.Process32First",
2924. "kernel32.dll.Process32Next",
2925. "kernel32.dll.ProcessIdToSessionId",
2926. "kernel32.dll.SetProcessShutdownParameters",
2927. "kernel32.dll.Thread32First",
2928. "kernel32.dll.Thread32Next",
2929. "kernel32.dll.DuplicateHandle",
2930. "kernel32.dll.Wow64GetThreadSelectorEntry",
2931. "advapi32.dll.CloseServiceHandle",
2932. "advapi32.dll.ControlService",
2933. "advapi32.dll.CreateServiceA",
2934. "advapi32.dll.CreateServiceW",
2935. "advapi32.dll.DeleteService",
2936. "advapi32.dll.EnumServicesStatusExA",
2937. "advapi32.dll.EnumServicesStatusExW",
2938. "advapi32.dll.GetEventLogInformation",
2939. "advapi32.dll.GetTokenInformation",
2940. "advapi32.dll.OpenSCManagerA",
2941. "advapi32.dll.OpenSCManagerW",
2942. "advapi32.dll.OpenServiceA",
2943. "advapi32.dll.OpenServiceW",
2944. "advapi32.dll.StartServiceA",
2945. "advapi32.dll.StartServiceW",
2946. "advapi32.dll.GetSidSubAuthority",
2947. "advapi32.dll.GetSidSubAuthorityCount",
2948. "version.dll.GetFileVersionInfoSizeExW",
2949. "version.dll.GetFileVersionInfoExW",
2950. "dbghelp.dll.WinDbgExtensionDllInit",
2951. "dbghelp.dll.ExtensionApiVersion",
2952. "wer.dll.WerpSetDynamicParameter",
2953. "wer.dll.WerReportAddDump",
2954. "wer.dll.WerpSetCallBack",
2955. "wer.dll.WerReportSetUIOption",
2956. "wer.dll.WerpAddRegisteredDataToReport",
2957. "wer.dll.WerReportSubmit",
2958. "user32.dll.LoadStringW",
2959. "advapi32.dll.RegSetValueExW",
2960. "sensapi.dll.IsNetworkAlive",
2961. "user32.dll.CharUpperW",
2962. "wer.dll.WerpAddAppCompatData",
2963. "apphelp.dll.SdbGetFileAttributes",
2964. "apphelp.dll.SdbFormatAttribute",
2965. "apphelp.dll.SdbFreeFileAttributes",
2966. "cryptsp.dll.CryptAcquireContextW",
2967. "cryptsp.dll.CryptCreateHash",
2968. "cryptsp.dll.CryptHashData",
2969. "cryptsp.dll.CryptGetHashParam",
2970. "cryptsp.dll.CryptDestroyHash",
2971. "cryptsp.dll.CryptReleaseContext",
2972. "dbghelp.dll.MiniDumpWriteDump",
2973. "kernel32.dll.GetLongPathNameA",
2974. "kernel32.dll.GetLongPathNameW",
2975. "kernel32.dll.GetProcessTimes",
2976. "advapi32.dll.RegOpenKeyExA",
2977. "powrprof.dll.CallNtPowerInformation",
2978. "psapi.dll.EnumProcessModules",
2979. "version.dll.GetFileVersionInfoSizeA",
2980. "version.dll.GetFileVersionInfoA",
2981. "version.dll.VerQueryValueA",
2982. "verifier.dll.VerifierEnumerateResource",
2983. "ntdll.dll.NtSuspendProcess",
2984. "ntdll.dll.NtResumeProcess",
2985. "advapi32.dll.QueryTraceW",
2986. "advapi32.dll.IsValidSid",
2987. "advapi32.dll.GetLengthSid",
2988. "advapi32.dll.CopySid",
2989. "advapi32.dll.InitializeAcl",
2990. "advapi32.dll.AddAccessAllowedAceEx",
2991. "advapi32.dll.InitializeSecurityDescriptor",
2992. "advapi32.dll.SetSecurityDescriptorDacl",
2993. "advapi32.dll.RegisterEventSourceW",
2994. "advapi32.dll.ReportEventW",
2995. "advapi32.dll.DeregisterEventSource",
2996. "wer.dll.WerpGetStoreLocation",
2997. "wer.dll.WerpGetStoreType",
2998. "wer.dll.WerReportCloseHandle",
2999. "user32.dll.MsgWaitForMultipleObjects",
3000. "wer.dll.WerpFreeString",
3001. "user32.dll.GetProcessWindowStation",
3002. "user32.dll.GetThreadDesktop",
3003. "user32.dll.GetUserObjectInformationW",
3004. "werui.dll.WerUICreate",
3005. "werui.dll.WerUIStart",
3006. "werui.dll.WerUITerminate",
3007. "werui.dll.WerUIDelete"
3008. ]
3009.  
3010. [*] Static Analysis: {
3011. "pe": {
3012. "peid_signatures": null,
3013. "imports": [
3014. {
3015. "imports": [
3016. {
3017. "name": "DeleteCriticalSection",
3018. "address": "0x476168"
3019. },
3020. {
3021. "name": "LeaveCriticalSection",
3022. "address": "0x47616c"
3023. },
3024. {
3025. "name": "EnterCriticalSection",
3026. "address": "0x476170"
3027. },
3028. {
3029. "name": "InitializeCriticalSection",
3030. "address": "0x476174"
3031. },
3032. {
3033. "name": "VirtualFree",
3034. "address": "0x476178"
3035. },
3036. {
3037. "name": "VirtualAlloc",
3038. "address": "0x47617c"
3039. },
3040. {
3041. "name": "LocalFree",
3042. "address": "0x476180"
3043. },
3044. {
3045. "name": "LocalAlloc",
3046. "address": "0x476184"
3047. },
3048. {
3049. "name": "GetVersion",
3050. "address": "0x476188"
3051. },
3052. {
3053. "name": "GetCurrentThreadId",
3054. "address": "0x47618c"
3055. },
3056. {
3057. "name": "InterlockedDecrement",
3058. "address": "0x476190"
3059. },
3060. {
3061. "name": "InterlockedIncrement",
3062. "address": "0x476194"
3063. },
3064. {
3065. "name": "VirtualQuery",
3066. "address": "0x476198"
3067. },
3068. {
3069. "name": "WideCharToMultiByte",
3070. "address": "0x47619c"
3071. },
3072. {
3073. "name": "MultiByteToWideChar",
3074. "address": "0x4761a0"
3075. },
3076. {
3077. "name": "lstrlenA",
3078. "address": "0x4761a4"
3079. },
3080. {
3081. "name": "lstrcpynA",
3082. "address": "0x4761a8"
3083. },
3084. {
3085. "name": "LoadLibraryExA",
3086. "address": "0x4761ac"
3087. },
3088. {
3089. "name": "GetThreadLocale",
3090. "address": "0x4761b0"
3091. },
3092. {
3093. "name": "GetStartupInfoA",
3094. "address": "0x4761b4"
3095. },
3096. {
3097. "name": "GetProcAddress",
3098. "address": "0x4761b8"
3099. },
3100. {
3101. "name": "GetModuleHandleA",
3102. "address": "0x4761bc"
3103. },
3104. {
3105. "name": "GetModuleFileNameA",
3106. "address": "0x4761c0"
3107. },
3108. {
3109. "name": "GetLocaleInfoA",
3110. "address": "0x4761c4"
3111. },
3112. {
3113. "name": "GetCommandLineA",
3114. "address": "0x4761c8"
3115. },
3116. {
3117. "name": "FreeLibrary",
3118. "address": "0x4761cc"
3119. },
3120. {
3121. "name": "FindFirstFileA",
3122. "address": "0x4761d0"
3123. },
3124. {
3125. "name": "FindClose",
3126. "address": "0x4761d4"
3127. },
3128. {
3129. "name": "ExitProcess",
3130. "address": "0x4761d8"
3131. },
3132. {
3133. "name": "ExitThread",
3134. "address": "0x4761dc"
3135. },
3136. {
3137. "name": "CreateThread",
3138. "address": "0x4761e0"
3139. },
3140. {
3141. "name": "WriteFile",
3142. "address": "0x4761e4"
3143. },
3144. {
3145. "name": "UnhandledExceptionFilter",
3146. "address": "0x4761e8"
3147. },
3148. {
3149. "name": "RtlUnwind",
3150. "address": "0x4761ec"
3151. },
3152. {
3153. "name": "RaiseException",
3154. "address": "0x4761f0"
3155. },
3156. {
3157. "name": "GetStdHandle",
3158. "address": "0x4761f4"
3159. }
3160. ],
3161. "dll": "kernel32.dll"
3162. },
3163. {
3164. "imports": [
3165. {
3166. "name": "GetKeyboardType",
3167. "address": "0x4761fc"
3168. },
3169. {
3170. "name": "LoadStringA",
3171. "address": "0x476200"
3172. },
3173. {
3174. "name": "MessageBoxA",
3175. "address": "0x476204"
3176. },
3177. {
3178. "name": "CharNextA",
3179. "address": "0x476208"
3180. }
3181. ],
3182. "dll": "user32.dll"
3183. },
3184. {
3185. "imports": [
3186. {
3187. "name": "RegQueryValueExA",
3188. "address": "0x476210"
3189. },
3190. {
3191. "name": "RegOpenKeyExA",
3192. "address": "0x476214"
3193. },
3194. {
3195. "name": "RegCloseKey",
3196. "address": "0x476218"
3197. }
3198. ],
3199. "dll": "advapi32.dll"
3200. },
3201. {
3202. "imports": [
3203. {
3204. "name": "SysFreeString",
3205. "address": "0x476220"
3206. },
3207. {
3208. "name": "SysReAllocStringLen",
3209. "address": "0x476224"
3210. },
3211. {
3212. "name": "SysAllocStringLen",
3213. "address": "0x476228"
3214. }
3215. ],
3216. "dll": "oleaut32.dll"
3217. },
3218. {
3219. "imports": [
3220. {
3221. "name": "TlsSetValue",
3222. "address": "0x476230"
3223. },
3224. {
3225. "name": "TlsGetValue",
3226. "address": "0x476234"
3227. },
3228. {
3229. "name": "LocalAlloc",
3230. "address": "0x476238"
3231. },
3232. {
3233. "name": "GetModuleHandleA",
3234. "address": "0x47623c"
3235. }
3236. ],
3237. "dll": "kernel32.dll"
3238. },
3239. {
3240. "imports": [
3241. {
3242. "name": "RegQueryValueExA",
3243. "address": "0x476244"
3244. },
3245. {
3246. "name": "RegOpenKeyExA",
3247. "address": "0x476248"
3248. },
3249. {
3250. "name": "RegCloseKey",
3251. "address": "0x47624c"
3252. }
3253. ],
3254. "dll": "advapi32.dll"
3255. },
3256. {
3257. "imports": [
3258. {
3259. "name": "lstrcpyA",
3260. "address": "0x476254"
3261. },
3262. {
3263. "name": "WriteFile",
3264. "address": "0x476258"
3265. },
3266. {
3267. "name": "WaitForSingleObject",
3268. "address": "0x47625c"
3269. },
3270. {
3271. "name": "VirtualQuery",
3272. "address": "0x476260"
3273. },
3274. {
3275. "name": "VirtualAlloc",
3276. "address": "0x476264"
3277. },
3278. {
3279. "name": "SuspendThread",
3280. "address": "0x476268"
3281. },
3282. {
3283. "name": "Sleep",
3284. "address": "0x47626c"
3285. },
3286. {
3287. "name": "SizeofResource",
3288. "address": "0x476270"
3289. },
3290. {
3291. "name": "SetThreadPriority",
3292. "address": "0x476274"
3293. },
3294. {
3295. "name": "SetThreadLocale",
3296. "address": "0x476278"
3297. },
3298. {
3299. "name": "SetFilePointer",
3300. "address": "0x47627c"
3301. },
3302. {
3303. "name": "SetEvent",
3304. "address": "0x476280"
3305. },
3306. {
3307. "name": "SetErrorMode",
3308. "address": "0x476284"
3309. },
3310. {
3311. "name": "SetEndOfFile",
3312. "address": "0x476288"
3313. },
3314. {
3315. "name": "ResumeThread",
3316. "address": "0x47628c"
3317. },
3318. {
3319. "name": "ResetEvent",
3320. "address": "0x476290"
3321. },
3322. {
3323. "name": "ReadFile",
3324. "address": "0x476294"
3325. },
3326. {
3327. "name": "MultiByteToWideChar",
3328. "address": "0x476298"
3329. },
3330. {
3331. "name": "MulDiv",
3332. "address": "0x47629c"
3333. },
3334. {
3335. "name": "LockResource",
3336. "address": "0x4762a0"
3337. },
3338. {
3339. "name": "LoadResource",
3340. "address": "0x4762a4"
3341. },
3342. {
3343. "name": "LoadLibraryA",
3344. "address": "0x4762a8"
3345. },
3346. {
3347. "name": "LeaveCriticalSection",
3348. "address": "0x4762ac"
3349. },
3350. {
3351. "name": "InitializeCriticalSection",
3352. "address": "0x4762b0"
3353. },
3354. {
3355. "name": "GlobalUnlock",
3356. "address": "0x4762b4"
3357. },
3358. {
3359. "name": "GlobalSize",
3360. "address": "0x4762b8"
3361. },
3362. {
3363. "name": "GlobalReAlloc",
3364. "address": "0x4762bc"
3365. },
3366. {
3367. "name": "GlobalHandle",
3368. "address": "0x4762c0"
3369. },
3370. {
3371. "name": "GlobalLock",
3372. "address": "0x4762c4"
3373. },
3374. {
3375. "name": "GlobalFree",
3376. "address": "0x4762c8"
3377. },
3378. {
3379. "name": "GlobalFindAtomA",
3380. "address": "0x4762cc"
3381. },
3382. {
3383. "name": "GlobalDeleteAtom",
3384. "address": "0x4762d0"
3385. },
3386. {
3387. "name": "GlobalAlloc",
3388. "address": "0x4762d4"
3389. },
3390. {
3391. "name": "GlobalAddAtomA",
3392. "address": "0x4762d8"
3393. },
3394. {
3395. "name": "GetVersionExA",
3396. "address": "0x4762dc"
3397. },
3398. {
3399. "name": "GetVersion",
3400. "address": "0x4762e0"
3401. },
3402. {
3403. "name": "GetUserDefaultLCID",
3404. "address": "0x4762e4"
3405. },
3406. {
3407. "name": "GetTickCount",
3408. "address": "0x4762e8"
3409. },
3410. {
3411. "name": "GetThreadLocale",
3412. "address": "0x4762ec"
3413. },
3414. {
3415. "name": "GetTempPathA",
3416. "address": "0x4762f0"
3417. },
3418. {
3419. "name": "GetSystemInfo",
3420. "address": "0x4762f4"
3421. },
3422. {
3423. "name": "GetStringTypeExA",
3424. "address": "0x4762f8"
3425. },
3426. {
3427. "name": "GetStdHandle",
3428. "address": "0x4762fc"
3429. },
3430. {
3431. "name": "GetProfileStringA",
3432. "address": "0x476300"
3433. },
3434. {
3435. "name": "GetProcAddress",
3436. "address": "0x476304"
3437. },
3438. {
3439. "name": "GetModuleHandleA",
3440. "address": "0x476308"
3441. },
3442. {
3443. "name": "GetModuleFileNameA",
3444. "address": "0x47630c"
3445. },
3446. {
3447. "name": "GetLocaleInfoA",
3448. "address": "0x476310"
3449. },
3450. {
3451. "name": "GetLocalTime",
3452. "address": "0x476314"
3453. },
3454. {
3455. "name": "GetLastError",
3456. "address": "0x476318"
3457. },
3458. {
3459. "name": "GetFullPathNameA",
3460. "address": "0x47631c"
3461. },
3462. {
3463. "name": "GetFileSize",
3464. "address": "0x476320"
3465. },
3466. {
3467. "name": "GetExitCodeThread",
3468. "address": "0x476324"
3469. },
3470. {
3471. "name": "GetDiskFreeSpaceA",
3472. "address": "0x476328"
3473. },
3474. {
3475. "name": "GetDateFormatA",
3476. "address": "0x47632c"
3477. },
3478. {
3479. "name": "GetCurrentThreadId",
3480. "address": "0x476330"
3481. },
3482. {
3483. "name": "GetCurrentProcessId",
3484. "address": "0x476334"
3485. },
3486. {
3487. "name": "GetCPInfo",
3488. "address": "0x476338"
3489. },
3490. {
3491. "name": "GetACP",
3492. "address": "0x47633c"
3493. },
3494. {
3495. "name": "FreeResource",
3496. "address": "0x476340"
3497. },
3498. {
3499. "name": "InterlockedIncrement",
3500. "address": "0x476344"
3501. },
3502. {
3503. "name": "InterlockedExchange",
3504. "address": "0x476348"
3505. },
3506. {
3507. "name": "InterlockedDecrement",
3508. "address": "0x47634c"
3509. },
3510. {
3511. "name": "FreeLibrary",
3512. "address": "0x476350"
3513. },
3514. {
3515. "name": "FormatMessageA",
3516. "address": "0x476354"
3517. },
3518. {
3519. "name": "FindResourceA",
3520. "address": "0x476358"
3521. },
3522. {
3523. "name": "FindFirstFileA",
3524. "address": "0x47635c"
3525. },
3526. {
3527. "name": "FindClose",
3528. "address": "0x476360"
3529. },
3530. {
3531. "name": "FileTimeToLocalFileTime",
3532. "address": "0x476364"
3533. },
3534. {
3535. "name": "FileTimeToDosDateTime",
3536. "address": "0x476368"
3537. },
3538. {
3539. "name": "EnumCalendarInfoA",
3540. "address": "0x47636c"
3541. },
3542. {
3543. "name": "EnterCriticalSection",
3544. "address": "0x476370"
3545. },
3546. {
3547. "name": "DeleteCriticalSection",
3548. "address": "0x476374"
3549. },
3550. {
3551. "name": "CreateThread",
3552. "address": "0x476378"
3553. },
3554. {
3555. "name": "CreateFileA",
3556. "address": "0x47637c"
3557. },
3558. {
3559. "name": "CreateEventA",
3560. "address": "0x476380"
3561. },
3562. {
3563. "name": "CompareStringA",
3564. "address": "0x476384"
3565. },
3566. {
3567. "name": "CloseHandle",
3568. "address": "0x476388"
3569. }
3570. ],
3571. "dll": "kernel32.dll"
3572. },
3573. {
3574. "imports": [
3575. {
3576. "name": "VerQueryValueA",
3577. "address": "0x476390"
3578. },
3579. {
3580. "name": "GetFileVersionInfoSizeA",
3581. "address": "0x476394"
3582. },
3583. {
3584. "name": "GetFileVersionInfoA",
3585. "address": "0x476398"
3586. }
3587. ],
3588. "dll": "version.dll"
3589. },
3590. {
3591. "imports": [
3592. {
3593. "name": "UnrealizeObject",
3594. "address": "0x4763a0"
3595. },
3596. {
3597. "name": "StretchBlt",
3598. "address": "0x4763a4"
3599. },
3600. {
3601. "name": "SetWindowOrgEx",
3602. "address": "0x4763a8"
3603. },
3604. {
3605. "name": "SetWinMetaFileBits",
3606. "address": "0x4763ac"
3607. },
3608. {
3609. "name": "SetViewportOrgEx",
3610. "address": "0x4763b0"
3611. },
3612. {
3613. "name": "SetTextColor",
3614. "address": "0x4763b4"
3615. },
3616. {
3617. "name": "SetStretchBltMode",
3618. "address": "0x4763b8"
3619. },
3620. {
3621. "name": "SetROP2",
3622. "address": "0x4763bc"
3623. },
3624. {
3625. "name": "SetPixel",
3626. "address": "0x4763c0"
3627. },
3628. {
3629. "name": "SetMapMode",
3630. "address": "0x4763c4"
3631. },
3632. {
3633. "name": "SetEnhMetaFileBits",
3634. "address": "0x4763c8"
3635. },
3636. {
3637. "name": "SetDIBColorTable",
3638. "address": "0x4763cc"
3639. },
3640. {
3641. "name": "SetBrushOrgEx",
3642. "address": "0x4763d0"
3643. },
3644. {
3645. "name": "SetBkMode",
3646. "address": "0x4763d4"
3647. },
3648. {
3649. "name": "SetBkColor",
3650. "address": "0x4763d8"
3651. },
3652. {
3653. "name": "SelectPalette",
3654. "address": "0x4763dc"
3655. },
3656. {
3657. "name": "SelectObject",
3658. "address": "0x4763e0"
3659. },
3660. {
3661. "name": "ScaleWindowExtEx",
3662. "address": "0x4763e4"
3663. },
3664. {
3665. "name": "SaveDC",
3666. "address": "0x4763e8"
3667. },
3668. {
3669. "name": "RestoreDC",
3670. "address": "0x4763ec"
3671. },
3672. {
3673. "name": "RectVisible",
3674. "address": "0x4763f0"
3675. },
3676. {
3677. "name": "RealizePalette",
3678. "address": "0x4763f4"
3679. },
3680. {
3681. "name": "PlayEnhMetaFile",
3682. "address": "0x4763f8"
3683. },
3684. {
3685. "name": "PatBlt",
3686. "address": "0x4763fc"
3687. },
3688. {
3689. "name": "MoveToEx",
3690. "address": "0x476400"
3691. },
3692. {
3693. "name": "MaskBlt",
3694. "address": "0x476404"
3695. },
3696. {
3697. "name": "LineTo",
3698. "address": "0x476408"
3699. },
3700. {
3701. "name": "LPtoDP",
3702. "address": "0x47640c"
3703. },
3704. {
3705. "name": "IntersectClipRect",
3706. "address": "0x476410"
3707. },
3708. {
3709. "name": "GetWindowOrgEx",
3710. "address": "0x476414"
3711. },
3712. {
3713. "name": "GetWinMetaFileBits",
3714. "address": "0x476418"
3715. },
3716. {
3717. "name": "GetTextMetricsA",
3718. "address": "0x47641c"
3719. },
3720. {
3721. "name": "GetTextExtentPoint32A",
3722. "address": "0x476420"
3723. },
3724. {
3725. "name": "GetSystemPaletteEntries",
3726. "address": "0x476424"
3727. },
3728. {
3729. "name": "GetStockObject",
3730. "address": "0x476428"
3731. },
3732. {
3733. "name": "GetPixel",
3734. "address": "0x47642c"
3735. },
3736. {
3737. "name": "GetPaletteEntries",
3738. "address": "0x476430"
3739. },
3740. {
3741. "name": "GetObjectA",
3742. "address": "0x476434"
3743. },
3744. {
3745. "name": "GetEnhMetaFilePaletteEntries",
3746. "address": "0x476438"
3747. },
3748. {
3749. "name": "GetEnhMetaFileHeader",
3750. "address": "0x47643c"
3751. },
3752. {
3753. "name": "GetEnhMetaFileDescriptionA",
3754. "address": "0x476440"
3755. },
3756. {
3757. "name": "GetEnhMetaFileBits",
3758. "address": "0x476444"
3759. },
3760. {
3761. "name": "GetDeviceCaps",
3762. "address": "0x476448"
3763. },
3764. {
3765. "name": "GetDIBits",
3766. "address": "0x47644c"
3767. },
3768. {
3769. "name": "GetDIBColorTable",
3770. "address": "0x476450"
3771. },
3772. {
3773. "name": "GetDCOrgEx",
3774. "address": "0x476454"
3775. },
3776. {
3777. "name": "GetCurrentPositionEx",
3778. "address": "0x476458"
3779. },
3780. {
3781. "name": "GetClipBox",
3782. "address": "0x47645c"
3783. },
3784. {
3785. "name": "GetBrushOrgEx",
3786. "address": "0x476460"
3787. },
3788. {
3789. "name": "GetBitmapBits",
3790. "address": "0x476464"
3791. },
3792. {
3793. "name": "ExcludeClipRect",
3794. "address": "0x476468"
3795. },
3796. {
3797. "name": "EndPage",
3798. "address": "0x47646c"
3799. },
3800. {
3801. "name": "EndDoc",
3802. "address": "0x476470"
3803. },
3804. {
3805. "name": "DeleteObject",
3806. "address": "0x476474"
3807. },
3808. {
3809. "name": "DeleteEnhMetaFile",
3810. "address": "0x476478"
3811. },
3812. {
3813. "name": "DeleteDC",
3814. "address": "0x47647c"
3815. },
3816. {
3817. "name": "CreateSolidBrush",
3818. "address": "0x476480"
3819. },
3820. {
3821. "name": "CreatePenIndirect",
3822. "address": "0x476484"
3823. },
3824. {
3825. "name": "CreatePalette",
3826. "address": "0x476488"
3827. },
3828. {
3829. "name": "CreateICA",
3830. "address": "0x47648c"
3831. },
3832. {
3833. "name": "CreateHalftonePalette",
3834. "address": "0x476490"
3835. },
3836. {
3837. "name": "CreateFontIndirectA",
3838. "address": "0x476494"
3839. },
3840. {
3841. "name": "CreateEnhMetaFileA",
3842. "address": "0x476498"
3843. },
3844. {
3845. "name": "CreateDIBitmap",
3846. "address": "0x47649c"
3847. },
3848. {
3849. "name": "CreateDIBSection",
3850. "address": "0x4764a0"
3851. },
3852. {
3853. "name": "CreateDCA",
3854. "address": "0x4764a4"
3855. },
3856. {
3857. "name": "CreateCompatibleDC",
3858. "address": "0x4764a8"
3859. },
3860. {
3861. "name": "CreateCompatibleBitmap",
3862. "address": "0x4764ac"
3863. },
3864. {
3865. "name": "CreateBrushIndirect",
3866. "address": "0x4764b0"
3867. },
3868. {
3869. "name": "CreateBitmap",
3870. "address": "0x4764b4"
3871. },
3872. {
3873. "name": "CopyEnhMetaFileA",
3874. "address": "0x4764b8"
3875. },
3876. {
3877. "name": "CloseEnhMetaFile",
3878. "address": "0x4764bc"
3879. },
3880. {
3881. "name": "BitBlt",
3882. "address": "0x4764c0"
3883. }
3884. ],
3885. "dll": "gdi32.dll"
3886. },
3887. {
3888. "imports": [
3889. {
3890. "name": "CreateWindowExA",
3891. "address": "0x4764c8"
3892. },
3893. {
3894. "name": "WindowFromPoint",
3895. "address": "0x4764cc"
3896. },
3897. {
3898. "name": "WinHelpA",
3899. "address": "0x4764d0"
3900. },
3901. {
3902. "name": "WaitMessage",
3903. "address": "0x4764d4"
3904. },
3905. {
3906. "name": "UpdateWindow",
3907. "address": "0x4764d8"
3908. },
3909. {
3910. "name": "UnregisterClassA",
3911. "address": "0x4764dc"
3912. },
3913. {
3914. "name": "UnhookWindowsHookEx",
3915. "address": "0x4764e0"
3916. },
3917. {
3918. "name": "TranslateMessage",
3919. "address": "0x4764e4"
3920. },
3921. {
3922. "name": "TranslateMDISysAccel",
3923. "address": "0x4764e8"
3924. },
3925. {
3926. "name": "TrackPopupMenu",
3927. "address": "0x4764ec"
3928. },
3929. {
3930. "name": "SystemParametersInfoA",
3931. "address": "0x4764f0"
3932. },
3933. {
3934. "name": "ShowWindow",
3935. "address": "0x4764f4"
3936. },
3937. {
3938. "name": "ShowScrollBar",
3939. "address": "0x4764f8"
3940. },
3941. {
3942. "name": "ShowOwnedPopups",
3943. "address": "0x4764fc"
3944. },
3945. {
3946. "name": "ShowCursor",
3947. "address": "0x476500"
3948. },
3949. {
3950. "name": "SetWindowsHookExA",
3951. "address": "0x476504"
3952. },
3953. {
3954. "name": "SetWindowPos",
3955. "address": "0x476508"
3956. },
3957. {
3958. "name": "SetWindowPlacement",
3959. "address": "0x47650c"
3960. },
3961. {
3962. "name": "SetWindowLongA",
3963. "address": "0x476510"
3964. },
3965. {
3966. "name": "SetTimer",
3967. "address": "0x476514"
3968. },
3969. {
3970. "name": "SetScrollRange",
3971. "address": "0x476518"
3972. },
3973. {
3974. "name": "SetScrollPos",
3975. "address": "0x47651c"
3976. },
3977. {
3978. "name": "SetScrollInfo",
3979. "address": "0x476520"
3980. },
3981. {
3982. "name": "SetRect",
3983. "address": "0x476524"
3984. },
3985. {
3986. "name": "SetPropA",
3987. "address": "0x476528"
3988. },
3989. {
3990. "name": "SetParent",
3991. "address": "0x47652c"
3992. },
3993. {
3994. "name": "SetMenuItemInfoA",
3995. "address": "0x476530"
3996. },
3997. {
3998. "name": "SetMenu",
3999. "address": "0x476534"
4000. },
4001. {
4002. "name": "SetForegroundWindow",
4003. "address": "0x476538"
4004. },
4005. {
4006. "name": "SetFocus",
4007. "address": "0x47653c"
4008. },
4009. {
4010. "name": "SetCursor",
4011. "address": "0x476540"
4012. },
4013. {
4014. "name": "SetClassLongA",
4015. "address": "0x476544"
4016. },
4017. {
4018. "name": "SetCapture",
4019. "address": "0x476548"
4020. },
4021. {
4022. "name": "SetActiveWindow",
4023. "address": "0x47654c"
4024. },
4025. {
4026. "name": "SendMessageA",
4027. "address": "0x476550"
4028. },
4029. {
4030. "name": "ScrollWindow",
4031. "address": "0x476554"
4032. },
4033. {
4034. "name": "ScreenToClient",
4035. "address": "0x476558"
4036. },
4037. {
4038. "name": "RemovePropA",
4039. "address": "0x47655c"
4040. },
4041. {
4042. "name": "RemoveMenu",
4043. "address": "0x476560"
4044. },
4045. {
4046. "name": "ReleaseDC",
4047. "address": "0x476564"
4048. },
4049. {
4050. "name": "ReleaseCapture",
4051. "address": "0x476568"
4052. },
4053. {
4054. "name": "RegisterWindowMessageA",
4055. "address": "0x47656c"
4056. },
4057. {
4058. "name": "RegisterClipboardFormatA",
4059. "address": "0x476570"
4060. },
4061. {
4062. "name": "RegisterClassA",
4063. "address": "0x476574"
4064. },
4065. {
4066. "name": "RedrawWindow",
4067. "address": "0x476578"
4068. },
4069. {
4070. "name": "PtInRect",
4071. "address": "0x47657c"
4072. },
4073. {
4074. "name": "PostQuitMessage",
4075. "address": "0x476580"
4076. },
4077. {
4078. "name": "PostMessageA",
4079. "address": "0x476584"
4080. },
4081. {
4082. "name": "PeekMessageA",
4083. "address": "0x476588"
4084. },
4085. {
4086. "name": "OffsetRect",
4087. "address": "0x47658c"
4088. },
4089. {
4090. "name": "OemToCharA",
4091. "address": "0x476590"
4092. },
4093. {
4094. "name": "MsgWaitForMultipleObjects",
4095. "address": "0x476594"
4096. },
4097. {
4098. "name": "MessageBoxA",
4099. "address": "0x476598"
4100. },
4101. {
4102. "name": "MapWindowPoints",
4103. "address": "0x47659c"
4104. },
4105. {
4106. "name": "MapVirtualKeyA",
4107. "address": "0x4765a0"
4108. },
4109. {
4110. "name": "LoadStringA",
4111. "address": "0x4765a4"
4112. },
4113. {
4114. "name": "LoadKeyboardLayoutA",
4115. "address": "0x4765a8"
4116. },
4117. {
4118. "name": "LoadIconA",
4119. "address": "0x4765ac"
4120. },
4121. {
4122. "name": "LoadCursorA",
4123. "address": "0x4765b0"
4124. },
4125. {
4126. "name": "LoadBitmapA",
4127. "address": "0x4765b4"
4128. },
4129. {
4130. "name": "KillTimer",
4131. "address": "0x4765b8"
4132. },
4133. {
4134. "name": "IsZoomed",
4135. "address": "0x4765bc"
4136. },
4137. {
4138. "name": "IsWindowVisible",
4139. "address": "0x4765c0"
4140. },
4141. {
4142. "name": "IsWindowEnabled",
4143. "address": "0x4765c4"
4144. },
4145. {
4146. "name": "IsWindow",
4147. "address": "0x4765c8"
4148. },
4149. {
4150. "name": "IsRectEmpty",
4151. "address": "0x4765cc"
4152. },
4153. {
4154. "name": "IsIconic",
4155. "address": "0x4765d0"
4156. },
4157. {
4158. "name": "IsDialogMessageA",
4159. "address": "0x4765d4"
4160. },
4161. {
4162. "name": "IsChild",
4163. "address": "0x4765d8"
4164. },
4165. {
4166. "name": "InvalidateRect",
4167. "address": "0x4765dc"
4168. },
4169. {
4170. "name": "IntersectRect",
4171. "address": "0x4765e0"
4172. },
4173. {
4174. "name": "InsertMenuItemA",
4175. "address": "0x4765e4"
4176. },
4177. {
4178. "name": "InsertMenuA",
4179. "address": "0x4765e8"
4180. },
4181. {
4182. "name": "InflateRect",
4183. "address": "0x4765ec"
4184. },
4185. {
4186. "name": "GetWindowThreadProcessId",
4187. "address": "0x4765f0"
4188. },
4189. {
4190. "name": "GetWindowTextA",
4191. "address": "0x4765f4"
4192. },
4193. {
4194. "name": "GetWindowRect",
4195. "address": "0x4765f8"
4196. },
4197. {
4198. "name": "GetWindowPlacement",
4199. "address": "0x4765fc"
4200. },
4201. {
4202. "name": "GetWindowLongA",
4203. "address": "0x476600"
4204. },
4205. {
4206. "name": "GetWindowDC",
4207. "address": "0x476604"
4208. },
4209. {
4210. "name": "GetTopWindow",
4211. "address": "0x476608"
4212. },
4213. {
4214. "name": "GetSystemMetrics",
4215. "address": "0x47660c"
4216. },
4217. {
4218. "name": "GetSystemMenu",
4219. "address": "0x476610"
4220. },
4221. {
4222. "name": "GetSysColorBrush",
4223. "address": "0x476614"
4224. },
4225. {
4226. "name": "GetSysColor",
4227. "address": "0x476618"
4228. },
4229. {
4230. "name": "GetSubMenu",
4231. "address": "0x47661c"
4232. },
4233. {
4234. "name": "GetScrollRange",
4235. "address": "0x476620"
4236. },
4237. {
4238. "name": "GetScrollPos",
4239. "address": "0x476624"
4240. },
4241. {
4242. "name": "GetScrollInfo",
4243. "address": "0x476628"
4244. },
4245. {
4246. "name": "GetPropA",
4247. "address": "0x47662c"
4248. },
4249. {
4250. "name": "GetParent",
4251. "address": "0x476630"
4252. },
4253. {
4254. "name": "GetWindow",
4255. "address": "0x476634"
4256. },
4257. {
4258. "name": "GetMessageTime",
4259. "address": "0x476638"
4260. },
4261. {
4262. "name": "GetMenuStringA",
4263. "address": "0x47663c"
4264. },
4265. {
4266. "name": "GetMenuState",
4267. "address": "0x476640"
4268. },
4269. {
4270. "name": "GetMenuItemInfoA",
4271. "address": "0x476644"
4272. },
4273. {
4274. "name": "GetMenuItemID",
4275. "address": "0x476648"
4276. },
4277. {
4278. "name": "GetMenuItemCount",
4279. "address": "0x47664c"
4280. },
4281. {
4282. "name": "GetMenu",
4283. "address": "0x476650"
4284. },
4285. {
4286. "name": "GetLastActivePopup",
4287. "address": "0x476654"
4288. },
4289. {
4290. "name": "GetKeyboardState",
4291. "address": "0x476658"
4292. },
4293. {
4294. "name": "GetKeyboardLayoutList",
4295. "address": "0x47665c"
4296. },
4297. {
4298. "name": "GetKeyboardLayout",
4299. "address": "0x476660"
4300. },
4301. {
4302. "name": "GetKeyState",
4303. "address": "0x476664"
4304. },
4305. {
4306. "name": "GetKeyNameTextA",
4307. "address": "0x476668"
4308. },
4309. {
4310. "name": "GetIconInfo",
4311. "address": "0x47666c"
4312. },
4313. {
4314. "name": "GetForegroundWindow",
4315. "address": "0x476670"
4316. },
4317. {
4318. "name": "GetFocus",
4319. "address": "0x476674"
4320. },
4321. {
4322. "name": "GetDesktopWindow",
4323. "address": "0x476678"
4324. },
4325. {
4326. "name": "GetDCEx",
4327. "address": "0x47667c"
4328. },
4329. {
4330. "name": "GetDC",
4331. "address": "0x476680"
4332. },
4333. {
4334. "name": "GetCursorPos",
4335. "address": "0x476684"
4336. },
4337. {
4338. "name": "GetCursor",
4339. "address": "0x476688"
4340. },
4341. {
4342. "name": "GetClipboardData",
4343. "address": "0x47668c"
4344. },
4345. {
4346. "name": "GetClientRect",
4347. "address": "0x476690"
4348. },
4349. {
4350. "name": "GetClassNameA",
4351. "address": "0x476694"
4352. },
4353. {
4354. "name": "GetClassInfoA",
4355. "address": "0x476698"
4356. },
4357. {
4358. "name": "GetCapture",
4359. "address": "0x47669c"
4360. },
4361. {
4362. "name": "GetActiveWindow",
4363. "address": "0x4766a0"
4364. },
4365. {
4366. "name": "FrameRect",
4367. "address": "0x4766a4"
4368. },
4369. {
4370. "name": "FindWindowA",
4371. "address": "0x4766a8"
4372. },
4373. {
4374. "name": "FillRect",
4375. "address": "0x4766ac"
4376. },
4377. {
4378. "name": "EqualRect",
4379. "address": "0x4766b0"
4380. },
4381. {
4382. "name": "EnumWindows",
4383. "address": "0x4766b4"
4384. },
4385. {
4386. "name": "EnumThreadWindows",
4387. "address": "0x4766b8"
4388. },
4389. {
4390. "name": "EndPaint",
4391. "address": "0x4766bc"
4392. },
4393. {
4394. "name": "EnableWindow",
4395. "address": "0x4766c0"
4396. },
4397. {
4398. "name": "EnableScrollBar",
4399. "address": "0x4766c4"
4400. },
4401. {
4402. "name": "EnableMenuItem",
4403. "address": "0x4766c8"
4404. },
4405. {
4406. "name": "DrawTextA",
4407. "address": "0x4766cc"
4408. },
4409. {
4410. "name": "DrawMenuBar",
4411. "address": "0x4766d0"
4412. },
4413. {
4414. "name": "DrawIconEx",
4415. "address": "0x4766d4"
4416. },
4417. {
4418. "name": "DrawIcon",
4419. "address": "0x4766d8"
4420. },
4421. {
4422. "name": "DrawFrameControl",
4423. "address": "0x4766dc"
4424. },
4425. {
4426. "name": "DrawEdge",
4427. "address": "0x4766e0"
4428. },
4429. {
4430. "name": "DispatchMessageA",
4431. "address": "0x4766e4"
4432. },
4433. {
4434. "name": "DestroyWindow",
4435. "address": "0x4766e8"
4436. },
4437. {
4438. "name": "DestroyMenu",
4439. "address": "0x4766ec"
4440. },
4441. {
4442. "name": "DestroyIcon",
4443. "address": "0x4766f0"
4444. },
4445. {
4446. "name": "DestroyCursor",
4447. "address": "0x4766f4"
4448. },
4449. {
4450. "name": "DeleteMenu",
4451. "address": "0x4766f8"
4452. },
4453. {
4454. "name": "DefWindowProcA",
4455. "address": "0x4766fc"
4456. },
4457. {
4458. "name": "DefMDIChildProcA",
4459. "address": "0x476700"
4460. },
4461. {
4462. "name": "DefFrameProcA",
4463. "address": "0x476704"
4464. },
4465. {
4466. "name": "CreatePopupMenu",
4467. "address": "0x476708"
4468. },
4469. {
4470. "name": "CreateMenu",
4471. "address": "0x47670c"
4472. },
4473. {
4474. "name": "CreateIcon",
4475. "address": "0x476710"
4476. },
4477. {
4478. "name": "ClientToScreen",
4479. "address": "0x476714"
4480. },
4481. {
4482. "name": "CheckMenuItem",
4483. "address": "0x476718"
4484. },
4485. {
4486. "name": "CallWindowProcA",
4487. "address": "0x47671c"
4488. },
4489. {
4490. "name": "CallNextHookEx",
4491. "address": "0x476720"
4492. },
4493. {
4494. "name": "BeginPaint",
4495. "address": "0x476724"
4496. },
4497. {
4498. "name": "CharNextA",
4499. "address": "0x476728"
4500. },
4501. {
4502. "name": "CharLowerBuffA",
4503. "address": "0x47672c"
4504. },
4505. {
4506. "name": "CharLowerA",
4507. "address": "0x476730"
4508. },
4509. {
4510. "name": "CharToOemA",
4511. "address": "0x476734"
4512. },
4513. {
4514. "name": "AdjustWindowRectEx",
4515. "address": "0x476738"
4516. },
4517. {
4518. "name": "ActivateKeyboardLayout",
4519. "address": "0x47673c"
4520. }
4521. ],
4522. "dll": "user32.dll"
4523. },
4524. {
4525. "imports": [
4526. {
4527. "name": "Sleep",
4528. "address": "0x476744"
4529. }
4530. ],
4531. "dll": "kernel32.dll"
4532. },
4533. {
4534. "imports": [
4535. {
4536. "name": "SafeArrayPtrOfIndex",
4537. "address": "0x47674c"
4538. },
4539. {
4540. "name": "SafeArrayGetUBound",
4541. "address": "0x476750"
4542. },
4543. {
4544. "name": "SafeArrayGetLBound",
4545. "address": "0x476754"
4546. },
4547. {
4548. "name": "SafeArrayCreate",
4549. "address": "0x476758"
4550. },
4551. {
4552. "name": "VariantChangeType",
4553. "address": "0x47675c"
4554. },
4555. {
4556. "name": "VariantCopy",
4557. "address": "0x476760"
4558. },
4559. {
4560. "name": "VariantClear",
4561. "address": "0x476764"
4562. },
4563. {
4564. "name": "VariantInit",
4565. "address": "0x476768"
4566. }
4567. ],
4568. "dll": "oleaut32.dll"
4569. },
4570. {
4571. "imports": [
4572. {
4573. "name": "CreateStreamOnHGlobal",
4574. "address": "0x476770"
4575. },
4576. {
4577. "name": "IsAccelerator",
4578. "address": "0x476774"
4579. },
4580. {
4581. "name": "OleDraw",
4582. "address": "0x476778"
4583. },
4584. {
4585. "name": "OleSetMenuDescriptor",
4586. "address": "0x47677c"
4587. },
4588. {
4589. "name": "CoCreateInstance",
4590. "address": "0x476780"
4591. },
4592. {
4593. "name": "CoGetClassObject",
4594. "address": "0x476784"
4595. },
4596. {
4597. "name": "CoUninitialize",
4598. "address": "0x476788"
4599. },
4600. {
4601. "name": "CoInitialize",
4602. "address": "0x47678c"
4603. },
4604. {
4605. "name": "IsEqualGUID",
4606. "address": "0x476790"
4607. }
4608. ],
4609. "dll": "ole32.dll"
4610. },
4611. {
4612. "imports": [
4613. {
4614. "name": "GetErrorInfo",
4615. "address": "0x476798"
4616. },
4617. {
4618. "name": "SysFreeString",
4619. "address": "0x47679c"
4620. }
4621. ],
4622. "dll": "oleaut32.dll"
4623. },
4624. {
4625. "imports": [
4626. {
4627. "name": "ImageList_SetIconSize",
4628. "address": "0x4767a4"
4629. },
4630. {
4631. "name": "ImageList_GetIconSize",
4632. "address": "0x4767a8"
4633. },
4634. {
4635. "name": "ImageList_Write",
4636. "address": "0x4767ac"
4637. },
4638. {
4639. "name": "ImageList_Read",
4640. "address": "0x4767b0"
4641. },
4642. {
4643. "name": "ImageList_GetDragImage",
4644. "address": "0x4767b4"
4645. },
4646. {
4647. "name": "ImageList_DragShowNolock",
4648. "address": "0x4767b8"
4649. },
4650. {
4651. "name": "ImageList_SetDragCursorImage",
4652. "address": "0x4767bc"
4653. },
4654. {
4655. "name": "ImageList_DragMove",
4656. "address": "0x4767c0"
4657. },
4658. {
4659. "name": "ImageList_DragLeave",
4660. "address": "0x4767c4"
4661. },
4662. {
4663. "name": "ImageList_DragEnter",
4664. "address": "0x4767c8"
4665. },
4666. {
4667. "name": "ImageList_EndDrag",
4668. "address": "0x4767cc"
4669. },
4670. {
4671. "name": "ImageList_BeginDrag",
4672. "address": "0x4767d0"
4673. },
4674. {
4675. "name": "ImageList_Remove",
4676. "address": "0x4767d4"
4677. },
4678. {
4679. "name": "ImageList_DrawEx",
4680. "address": "0x4767d8"
4681. },
4682. {
4683. "name": "ImageList_Draw",
4684. "address": "0x4767dc"
4685. },
4686. {
4687. "name": "ImageList_GetBkColor",
4688. "address": "0x4767e0"
4689. },
4690. {
4691. "name": "ImageList_SetBkColor",
4692. "address": "0x4767e4"
4693. },
4694. {
4695. "name": "ImageList_ReplaceIcon",
4696. "address": "0x4767e8"
4697. },
4698. {
4699. "name": "ImageList_Add",
4700. "address": "0x4767ec"
4701. },
4702. {
4703. "name": "ImageList_GetImageCount",
4704. "address": "0x4767f0"
4705. },
4706. {
4707. "name": "ImageList_Destroy",
4708. "address": "0x4767f4"
4709. },
4710. {
4711. "name": "ImageList_Create",
4712. "address": "0x4767f8"
4713. }
4714. ],
4715. "dll": "comctl32.dll"
4716. },
4717. {
4718. "imports": [
4719. {
4720. "name": "OpenPrinterA",
4721. "address": "0x476800"
4722. },
4723. {
4724. "name": "EnumPrintersA",
4725. "address": "0x476804"
4726. },
4727. {
4728. "name": "DocumentPropertiesA",
4729. "address": "0x476808"
4730. },
4731. {
4732. "name": "ClosePrinter",
4733. "address": "0x47680c"
4734. }
4735. ],
4736. "dll": "winspool.drv"
4737. },
4738. {
4739. "imports": [
4740. {
4741. "name": "PrintDlgA",
4742. "address": "0x476814"
4743. }
4744. ],
4745. "dll": "comdlg32.dll"
4746. }
4747. ],
4748. "digital_signers": null,
4749. "exported_dll_name": null,
4750. "actual_checksum": "0x000a8994",
4751. "overlay": null,
4752. "imagebase": "0x00400000",
4753. "reported_checksum": "0x00000000",
4754. "icon_hash": null,
4755. "entrypoint": "0x0046a7a0",
4756. "timestamp": "1992-04-26 01:18:37",
4757. "osversion": "4.0",
4758. "sections": [
4759. {
4760. "name": "CODE",
4761. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4762. "virtual_address": "0x00001000",
4763. "size_of_data": "0x00069800",
4764. "entropy": "6.53",
4765. "raw_address": "0x00000400",
4766. "virtual_size": "0x000697e8",
4767. "characteristics_raw": "0x60000020"
4768. },
4769. {
4770. "name": "DATA",
4771. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4772. "virtual_address": "0x0006b000",
4773. "size_of_data": "0x00009e00",
4774. "entropy": "5.04",
4775. "raw_address": "0x00069c00",
4776. "virtual_size": "0x00009ca8",
4777. "characteristics_raw": "0xc0000040"
4778. },
4779. {
4780. "name": "BSS",
4781. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4782. "virtual_address": "0x00075000",
4783. "size_of_data": "0x00000000",
4784. "entropy": "0.00",
4785. "raw_address": "0x00073a00",
4786. "virtual_size": "0x00000fa9",
4787. "characteristics_raw": "0xc0000000"
4788. },
4789. {
4790. "name": ".idata",
4791. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4792. "virtual_address": "0x00076000",
4793. "size_of_data": "0x00002600",
4794. "entropy": "4.83",
4795. "raw_address": "0x00073a00",
4796. "virtual_size": "0x000024c6",
4797. "characteristics_raw": "0xc0000040"
4798. },
4799. {
4800. "name": ".tls",
4801. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4802. "virtual_address": "0x00079000",
4803. "size_of_data": "0x00000000",
4804. "entropy": "0.00",
4805. "raw_address": "0x00076000",
4806. "virtual_size": "0x00000010",
4807. "characteristics_raw": "0xc0000000"
4808. },
4809. {
4810. "name": ".rdata",
4811. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4812. "virtual_address": "0x0007a000",
4813. "size_of_data": "0x00000200",
4814. "entropy": "0.21",
4815. "raw_address": "0x00076000",
4816. "virtual_size": "0x00000018",
4817. "characteristics_raw": "0x50000040"
4818. },
4819. {
4820. "name": ".reloc",
4821. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4822. "virtual_address": "0x0007b000",
4823. "size_of_data": "0x00008400",
4824. "entropy": "6.65",
4825. "raw_address": "0x00076200",
4826. "virtual_size": "0x000083a4",
4827. "characteristics_raw": "0x50000040"
4828. },
4829. {
4830. "name": ".rsrc",
4831. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4832. "virtual_address": "0x00084000",
4833. "size_of_data": "0x0002a000",
4834. "entropy": "6.96",
4835. "raw_address": "0x0007e600",
4836. "virtual_size": "0x00029e20",
4837. "characteristics_raw": "0x50000040"
4838. }
4839. ],
4840. "resources": [],
4841. "dirents": [
4842. {
4843. "virtual_address": "0x00000000",
4844. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
4845. "size": "0x00000000"
4846. },
4847. {
4848. "virtual_address": "0x00076000",
4849. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
4850. "size": "0x000024c6"
4851. },
4852. {
4853. "virtual_address": "0x00084000",
4854. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
4855. "size": "0x00029e20"
4856. },
4857. {
4858. "virtual_address": "0x00000000",
4859. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
4860. "size": "0x00000000"
4861. },
4862. {
4863. "virtual_address": "0x00000000",
4864. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
4865. "size": "0x00000000"
4866. },
4867. {
4868. "virtual_address": "0x0007b000",
4869. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
4870. "size": "0x000083a4"
4871. },
4872. {
4873. "virtual_address": "0x00000000",
4874. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
4875. "size": "0x00000000"
4876. },
4877. {
4878. "virtual_address": "0x00000000",
4879. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
4880. "size": "0x00000000"
4881. },
4882. {
4883. "virtual_address": "0x00000000",
4884. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
4885. "size": "0x00000000"
4886. },
4887. {
4888. "virtual_address": "0x0007a000",
4889. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
4890. "size": "0x00000018"
4891. },
4892. {
4893. "virtual_address": "0x00000000",
4894. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
4895. "size": "0x00000000"
4896. },
4897. {
4898. "virtual_address": "0x00000000",
4899. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
4900. "size": "0x00000000"
4901. },
4902. {
4903. "virtual_address": "0x00000000",
4904. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
4905. "size": "0x00000000"
4906. },
4907. {
4908. "virtual_address": "0x00000000",
4909. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
4910. "size": "0x00000000"
4911. },
4912. {
4913. "virtual_address": "0x00000000",
4914. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
4915. "size": "0x00000000"
4916. },
4917. {
4918. "virtual_address": "0x00000000",
4919. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
4920. "size": "0x00000000"
4921. }
4922. ],
4923. "exports": [],
4924. "guest_signers": {},
4925. "imphash": "d553c8d26e9a2369ccc8481987fa6051",
4926. "icon_fuzzy": null,
4927. "icon": null,
4928. "pdbpath": null,
4929. "imported_dll_count": 17,
4930. "versioninfo": []
4931. }
4932. }