reayx_exe_2019-06-27_11_30.json

1.  
2. [*] MalFamily: "Meretam"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "reayx.exe"
7. [*] File Size: 663552
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "cd6a8b1ccb54652bda20bc5ce9cb134bd4eb6482f8a1731151399a7eb9746269"
10. [*] MD5: "63678274328832e7e24b8f0950f81c22"
11. [*] SHA1: "ace41d82bbd8dc014aa21b86043537c4067f665e"
12. [*] SHA512: "6badc8f8d8ee56579a80de7a9f3ac6ea6fff21420d571ace24032c77dcab3638f75ccbf06d73da1b4ada61cfddaf8e65fbf98afda7a51391c6b8f334dc4b0cbb"
13. [*] CRC32: "AF8729AE"
14. [*] SSDEEP: "12288:h/TrrruOOW1BRCncwMqvVYhDpPd6JzyDg4h/CM/8kDik6r7cMk4YEP:BeOVonMyVQDpPdoziFSkDik6rgx"
15.  
16. [*] Process Execution: [
17. "reayx.exe",
18. "cmd.exe",
19. "powershell.exe",
20. "cmd.exe",
21. "sc.exe",
22. "cmd.exe",
23. "sc.exe",
24. "cmd.exe",
25. "sc.exe",
26. "cmd.exe",
27. "sc.exe",
28. "cmd.exe",
29. "powershell.exe",
30. "teayx.exe",
31. "cmd.exe",
32. "powershell.exe",
33. "cmd.exe",
34. "sc.exe",
35. "cmd.exe",
36. "sc.exe",
37. "svchost.exe",
38. "svchost.exe",
39. "WMIADAP.exe",
40. "svchost.exe",
41. "WmiPrvSE.exe",
42. "svchost.exe"
43. ]
44.  
45. [*] Signatures Detected: [
46. {
47. "Description": "Creates RWX memory",
48. "Details": []
49. },
50. {
51. "Description": "Possible date expiration check, exits too soon after checking local time",
52. "Details": [
53. {
54. "process": "cmd.exe, PID 2292"
55. }
56. ]
57. },
58. {
59. "Description": "A process attempted to delay the analysis task.",
60. "Details": [
61. {
62. "Process": "svchost.exe tried to sleep 250 seconds, actually delayed analysis time by 0 seconds"
63. }
64. ]
65. },
66. {
67. "Description": "A process created a hidden window",
68. "Details": [
69. {
70. "Process": "reayx.exe -> cmd"
71. },
72. {
73. "Process": "reayx.exe -> cmd"
74. },
75. {
76. "Process": "reayx.exe -> cmd"
77. },
78. {
79. "Process": "teayx.exe -> cmd"
80. },
81. {
82. "Process": "teayx.exe -> cmd"
83. },
84. {
85. "Process": "teayx.exe -> cmd"
86. },
87. {
88. "Process": "svchost.exe -> \\\\?\\C:\\Windows\\system32\\wbem\\WMIADAP.EXE"
89. }
90. ]
91. },
92. {
93. "Description": "Drops a binary and executes it",
94. "Details": [
95. {
96. "binary": "C:\\Users\\user\\AppData\\Roaming\\diskram\\teayx.exe"
97. }
98. ]
99. },
100. {
101. "Description": "Attempts to stop active services",
102. "Details": [
103. {
104. "servicename": "WinDefend"
105. }
106. ]
107. },
108. {
109. "Description": "Spoofs its process name and/or associated pathname to appear as a legitimate process",
110. "Details": [
111. {
112. "modified_name": "svchost.exe",
113. "modified_path": "C:\\Users\\user\\AppData\\Roaming\\diskram\\teayx.exe",
114. "original_name": "svchost.exe",
115. "original_path": "C:\\Windows\\system32\\svchost.exe"
116. }
117. ]
118. },
119. {
120. "Description": "Creates a hidden or system file",
121. "Details": [
122. {
123. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF973c6e.TMP"
124. },
125. {
126. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF97495e.TMP"
127. }
128. ]
129. },
130. {
131. "Description": "File has been identified by 11 Antiviruses on VirusTotal as malicious",
132. "Details": [
133. {
134. "ESET-NOD32": "a variant of Generik.DVJQWLD"
135. },
136. {
137. "Avast": "Win32:Malware-gen"
138. },
139. {
140. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
141. },
142. {
143. "Paloalto": "generic.ml"
144. },
145. {
146. "McAfee-GW-Edition": "Artemis"
147. },
148. {
149. "Webroot": "W32.Trojan.Gen"
150. },
151. {
152. "Microsoft": "Trojan:Win32/MereTam.A"
153. },
154. {
155. "ZoneAlarm": "Trojan-Banker.Win32.Trickster.edl"
156. },
157. {
158. "McAfee": "Artemis!636782743288"
159. },
160. {
161. "Ikarus": "Trojan.Win32.Trickbot"
162. },
163. {
164. "AVG": "FileRepMalware"
165. }
166. ]
167. },
168. {
169. "Description": "Creates a copy of itself",
170. "Details": [
171. {
172. "copy": "C:\\Users\\user\\AppData\\Roaming\\diskram\\teayx.exe"
173. }
174. ]
175. },
176. {
177. "Description": "Attempts to disable Windows Defender",
178. "Details": []
179. }
180. ]
181.  
182. [*] Started Service: []
183.  
184. [*] Executed Commands: [
185. "\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
186. "cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
187. "\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend",
188. "cmd /c sc stop WinDefend",
189. "\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend",
190. "cmd /c sc delete WinDefend",
191. "C:\\Windows\\system32\\cmd.exe /c sc stop WinDefend",
192. "C:\\Windows\\system32\\cmd.exe /c sc delete WinDefend",
193. "C:\\Windows\\system32\\cmd.exe /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
194. "C:\\Users\\user\\AppData\\Roaming\\diskram\\teayx.exe",
195. "powershell Set-MpPreference -DisableRealtimeMonitoring $true",
196. "sc stop WinDefend",
197. "sc delete WinDefend",
198. "C:\\Windows\\system32\\svchost.exe",
199. "\\\\?\\C:\\Windows\\system32\\wbem\\WMIADAP.EXE wmiadap.exe /F /T /R",
200. "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
201. ]
202.  
203. [*] Mutexes: [
204. "Local\\ZoneAttributeCacheCounterMutex",
205. "Local\\ZonesCacheCounterMutex",
206. "Local\\ZonesLockedCacheCounterMutex",
207. "Global\\CLR_CASOFF_MUTEX",
208. "Global\\838B6C9EB27932960",
209. "Global\\ADAP_WMI_ENTRY",
210. "Global\\RefreshRA_Mutex",
211. "Global\\RefreshRA_Mutex_Lib",
212. "Global\\RefreshRA_Mutex_Flag"
213. ]
214.  
215. [*] Modified Files: [
216. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-0000000000-0000000000-0000000000-1000\\00000000-0000-0000-0000-000000000000b_00000000-0000-0000-0000-000000000000",
217. "C:\\Users\\user\\AppData\\Roaming\\diskram\\teayx.exe",
218. "C:\\Users\\user\\AppData\\Local\\Temp\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
219. "\\??\\PIPE\\srvsvc",
220. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\NNJLGKFZV04ZJSMS0F4S.temp",
221. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF973c6e.TMP",
222. "C:\\Windows\\SysWOW64\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
223. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\3W6LO0DP9WVJP74NWDEC.temp",
224. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms",
225. "C:\\Users\\user\\AppData\\Roaming\\diskram\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
226. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\HFI1VGX4P8O5IAT29L1Y.temp",
227. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF97495e.TMP",
228. "\\Device\\LanmanDatagramReceiver",
229. "C:\\Windows\\sysnative\\Tasks\\BrowserDatStorage",
230. "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl_new.h",
231. "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl.h",
232. "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl_new.ini",
233. "\\??\\PIPE\\samr",
234. "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
235. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
236. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
237. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
238. "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
239. "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
240. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
241. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
242. "\\??\\WMIDataDevice"
243. ]
244.  
245. [*] Deleted Files: [
246. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF973c6e.TMP",
247. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1200.9919171",
248. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1200.9919171",
249. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1200.9919171",
250. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\3W6LO0DP9WVJP74NWDEC.temp",
251. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch.492.9950000",
252. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.492.9950000",
253. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch.492.9950000",
254. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF97495e.TMP",
255. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2416.9933109",
256. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2416.9933109",
257. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2416.9933109",
258. "C:\\Windows\\Tasks\\BrowserDatStorage.job",
259. "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl.h",
260. "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl_new.h"
261. ]
262.  
263. [*] Modified Registry Keys: [
264. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
265. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
266. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender",
267. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\DisableAntiSpyware",
268. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection",
269. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableBehaviorMonitoring",
270. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableOnAccessProtection",
271. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableOnRealtimeEnable",
272. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableIOAVProtection",
273. "DisableNotifications",
274. "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
275. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8CCD8A5F-D472-4EE2-9D0C-9F8794CF7DBB}\\Path",
276. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8CCD8A5F-D472-4EE2-9D0C-9F8794CF7DBB}\\Hash",
277. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\BrowserDatStorage\\Id",
278. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\BrowserDatStorage\\Index",
279. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8CCD8A5F-D472-4EE2-9D0C-9F8794CF7DBB}\\Triggers",
280. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8CCD8A5F-D472-4EE2-9D0C-9F8794CF7DBB}\\DynamicInfo",
281. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
282. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\PreviousServiceShutdown",
283. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ProcessID",
284. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
285. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
286. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
287. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
288. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
289. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
290. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider",
291. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\IDE\\DiskVBOX_HARDDISK___________________________1.0_____\\5&33d1638a&0&0.0.0_0-{00000000-0000-0000-0000-000000000000}",
292. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\advapi32.dll[MofResourceName]",
293. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\en-US\\advapi32.dll.mui[MofResourceName]",
294. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\ACPI.sys[ACPIMOFResource]",
295. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\en-US\\ACPI.sys.mui[ACPIMOFResource]",
296. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\ndis.sys[MofResourceName]",
297. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\en-US\\ndis.sys.mui[MofResourceName]",
298. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\mssmbios.sys[MofResource]",
299. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\mssmbios.sys.mui[MofResource]",
300. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\HDAudBus.sys[HDAudioMofName]",
301. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\HDAudBus.sys.mui[HDAudioMofName]",
302. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\intelppm.sys[PROCESSORWMI]",
303. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\intelppm.sys.mui[PROCESSORWMI]",
304. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\System32\\Drivers\\portcls.SYS[PortclsMof]",
305. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\System32\\Drivers\\en-US\\portcls.SYS.mui[PortclsMof]",
306. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\monitor.sys[MonitorWMI]"
307. ]
308.  
309. [*] Deleted Registry Keys: [
310. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
311. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
312. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
313. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
314. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\CompatibilityAdapter\\Signatures\\BrowserDatStorage.job",
315. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\CompatibilityAdapter\\Signatures\\BrowserDatStorage.job.fp",
316. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
317. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\monitor.sys[MonitorWMI]"
318. ]
319.  
320. [*] DNS Communications: []
321.  
322. [*] Domains: []
323.  
324. [*] Network Communication - ICMP: []
325.  
326. [*] Network Communication - HTTP: []
327.  
328. [*] Network Communication - SMTP: []
329.  
330. [*] Network Communication - Hosts: []
331.  
332. [*] Network Communication - IRC: []
333.  
334. [*] Static Analysis: {
335. "pe": {
336. "peid_signatures": null,
337. "imports": [
338. {
339. "imports": [
340. {
341. "name": "GetCommandLineA",
342. "address": "0x448130"
343. },
344. {
345. "name": "TerminateProcess",
346. "address": "0x448134"
347. },
348. {
349. "name": "HeapReAlloc",
350. "address": "0x448138"
351. },
352. {
353. "name": "HeapSize",
354. "address": "0x44813c"
355. },
356. {
357. "name": "HeapDestroy",
358. "address": "0x448140"
359. },
360. {
361. "name": "HeapCreate",
362. "address": "0x448144"
363. },
364. {
365. "name": "VirtualFree",
366. "address": "0x448148"
367. },
368. {
369. "name": "IsBadWritePtr",
370. "address": "0x44814c"
371. },
372. {
373. "name": "QueryPerformanceCounter",
374. "address": "0x448150"
375. },
376. {
377. "name": "GetCurrentProcessId",
378. "address": "0x448154"
379. },
380. {
381. "name": "SetUnhandledExceptionFilter",
382. "address": "0x448158"
383. },
384. {
385. "name": "GetTimeZoneInformation",
386. "address": "0x44815c"
387. },
388. {
389. "name": "GetStdHandle",
390. "address": "0x448160"
391. },
392. {
393. "name": "UnhandledExceptionFilter",
394. "address": "0x448164"
395. },
396. {
397. "name": "FreeEnvironmentStringsA",
398. "address": "0x448168"
399. },
400. {
401. "name": "GetEnvironmentStrings",
402. "address": "0x44816c"
403. },
404. {
405. "name": "GetStartupInfoA",
406. "address": "0x448170"
407. },
408. {
409. "name": "GetEnvironmentStringsW",
410. "address": "0x448174"
411. },
412. {
413. "name": "SetHandleCount",
414. "address": "0x448178"
415. },
416. {
417. "name": "GetFileType",
418. "address": "0x44817c"
419. },
420. {
421. "name": "LCMapStringA",
422. "address": "0x448180"
423. },
424. {
425. "name": "LCMapStringW",
426. "address": "0x448184"
427. },
428. {
429. "name": "GetStringTypeA",
430. "address": "0x448188"
431. },
432. {
433. "name": "GetStringTypeW",
434. "address": "0x44818c"
435. },
436. {
437. "name": "IsBadReadPtr",
438. "address": "0x448190"
439. },
440. {
441. "name": "IsBadCodePtr",
442. "address": "0x448194"
443. },
444. {
445. "name": "GetUserDefaultLCID",
446. "address": "0x448198"
447. },
448. {
449. "name": "EnumSystemLocalesA",
450. "address": "0x44819c"
451. },
452. {
453. "name": "IsValidLocale",
454. "address": "0x4481a0"
455. },
456. {
457. "name": "IsValidCodePage",
458. "address": "0x4481a4"
459. },
460. {
461. "name": "SetStdHandle",
462. "address": "0x4481a8"
463. },
464. {
465. "name": "SetEnvironmentVariableA",
466. "address": "0x4481ac"
467. },
468. {
469. "name": "GetLocaleInfoW",
470. "address": "0x4481b0"
471. },
472. {
473. "name": "HeapFree",
474. "address": "0x4481b4"
475. },
476. {
477. "name": "VirtualQuery",
478. "address": "0x4481b8"
479. },
480. {
481. "name": "GetSystemInfo",
482. "address": "0x4481bc"
483. },
484. {
485. "name": "VirtualAlloc",
486. "address": "0x4481c0"
487. },
488. {
489. "name": "VirtualProtect",
490. "address": "0x4481c4"
491. },
492. {
493. "name": "GetSystemTimeAsFileTime",
494. "address": "0x4481c8"
495. },
496. {
497. "name": "ExitProcess",
498. "address": "0x4481cc"
499. },
500. {
501. "name": "RtlUnwind",
502. "address": "0x4481d0"
503. },
504. {
505. "name": "HeapAlloc",
506. "address": "0x4481d4"
507. },
508. {
509. "name": "SetErrorMode",
510. "address": "0x4481d8"
511. },
512. {
513. "name": "LocalFileTimeToFileTime",
514. "address": "0x4481dc"
515. },
516. {
517. "name": "FileTimeToLocalFileTime",
518. "address": "0x4481e0"
519. },
520. {
521. "name": "GetOEMCP",
522. "address": "0x4481e4"
523. },
524. {
525. "name": "GetCPInfo",
526. "address": "0x4481e8"
527. },
528. {
529. "name": "GetShortPathNameA",
530. "address": "0x4481ec"
531. },
532. {
533. "name": "CreateFileA",
534. "address": "0x4481f0"
535. },
536. {
537. "name": "GetVolumeInformationA",
538. "address": "0x4481f4"
539. },
540. {
541. "name": "FindFirstFileA",
542. "address": "0x4481f8"
543. },
544. {
545. "name": "FindClose",
546. "address": "0x4481fc"
547. },
548. {
549. "name": "GetCurrentProcess",
550. "address": "0x448200"
551. },
552. {
553. "name": "DuplicateHandle",
554. "address": "0x448204"
555. },
556. {
557. "name": "GetFileSize",
558. "address": "0x448208"
559. },
560. {
561. "name": "SetEndOfFile",
562. "address": "0x44820c"
563. },
564. {
565. "name": "UnlockFile",
566. "address": "0x448210"
567. },
568. {
569. "name": "LockFile",
570. "address": "0x448214"
571. },
572. {
573. "name": "FlushFileBuffers",
574. "address": "0x448218"
575. },
576. {
577. "name": "SetFilePointer",
578. "address": "0x44821c"
579. },
580. {
581. "name": "WriteFile",
582. "address": "0x448220"
583. },
584. {
585. "name": "ReadFile",
586. "address": "0x448224"
587. },
588. {
589. "name": "DeleteFileA",
590. "address": "0x448228"
591. },
592. {
593. "name": "MoveFileA",
594. "address": "0x44822c"
595. },
596. {
597. "name": "TlsFree",
598. "address": "0x448230"
599. },
600. {
601. "name": "LocalReAlloc",
602. "address": "0x448234"
603. },
604. {
605. "name": "TlsSetValue",
606. "address": "0x448238"
607. },
608. {
609. "name": "TlsAlloc",
610. "address": "0x44823c"
611. },
612. {
613. "name": "TlsGetValue",
614. "address": "0x448240"
615. },
616. {
617. "name": "EnterCriticalSection",
618. "address": "0x448244"
619. },
620. {
621. "name": "GlobalHandle",
622. "address": "0x448248"
623. },
624. {
625. "name": "GlobalReAlloc",
626. "address": "0x44824c"
627. },
628. {
629. "name": "LeaveCriticalSection",
630. "address": "0x448250"
631. },
632. {
633. "name": "LocalAlloc",
634. "address": "0x448254"
635. },
636. {
637. "name": "InterlockedIncrement",
638. "address": "0x448258"
639. },
640. {
641. "name": "GetCurrentDirectoryA",
642. "address": "0x44825c"
643. },
644. {
645. "name": "GlobalFlags",
646. "address": "0x448260"
647. },
648. {
649. "name": "InterlockedDecrement",
650. "address": "0x448264"
651. },
652. {
653. "name": "SystemTimeToFileTime",
654. "address": "0x448268"
655. },
656. {
657. "name": "FileTimeToSystemTime",
658. "address": "0x44826c"
659. },
660. {
661. "name": "SetLastError",
662. "address": "0x448270"
663. },
664. {
665. "name": "MulDiv",
666. "address": "0x448274"
667. },
668. {
669. "name": "FormatMessageA",
670. "address": "0x448278"
671. },
672. {
673. "name": "LocalFree",
674. "address": "0x44827c"
675. },
676. {
677. "name": "GetDiskFreeSpaceA",
678. "address": "0x448280"
679. },
680. {
681. "name": "GetFullPathNameA",
682. "address": "0x448284"
683. },
684. {
685. "name": "GetTempFileNameA",
686. "address": "0x448288"
687. },
688. {
689. "name": "GetFileTime",
690. "address": "0x44828c"
691. },
692. {
693. "name": "SetFileTime",
694. "address": "0x448290"
695. },
696. {
697. "name": "GetFileAttributesA",
698. "address": "0x448294"
699. },
700. {
701. "name": "GlobalGetAtomNameA",
702. "address": "0x448298"
703. },
704. {
705. "name": "GlobalFindAtomA",
706. "address": "0x44829c"
707. },
708. {
709. "name": "lstrcatA",
710. "address": "0x4482a0"
711. },
712. {
713. "name": "lstrcmpW",
714. "address": "0x4482a4"
715. },
716. {
717. "name": "GetTickCount",
718. "address": "0x4482a8"
719. },
720. {
721. "name": "GetPrivateProfileStringA",
722. "address": "0x4482ac"
723. },
724. {
725. "name": "WritePrivateProfileStringA",
726. "address": "0x4482b0"
727. },
728. {
729. "name": "GetPrivateProfileIntA",
730. "address": "0x4482b4"
731. },
732. {
733. "name": "lstrcpynA",
734. "address": "0x4482b8"
735. },
736. {
737. "name": "CloseHandle",
738. "address": "0x4482bc"
739. },
740. {
741. "name": "GlobalAddAtomA",
742. "address": "0x4482c0"
743. },
744. {
745. "name": "GetCurrentThread",
746. "address": "0x4482c4"
747. },
748. {
749. "name": "GetCurrentThreadId",
750. "address": "0x4482c8"
751. },
752. {
753. "name": "GlobalAlloc",
754. "address": "0x4482cc"
755. },
756. {
757. "name": "FreeLibrary",
758. "address": "0x4482d0"
759. },
760. {
761. "name": "GlobalDeleteAtom",
762. "address": "0x4482d4"
763. },
764. {
765. "name": "lstrcmpA",
766. "address": "0x4482d8"
767. },
768. {
769. "name": "GetModuleFileNameA",
770. "address": "0x4482dc"
771. },
772. {
773. "name": "GetModuleHandleA",
774. "address": "0x4482e0"
775. },
776. {
777. "name": "ConvertDefaultLocale",
778. "address": "0x4482e4"
779. },
780. {
781. "name": "EnumResourceLanguagesA",
782. "address": "0x4482e8"
783. },
784. {
785. "name": "lstrcpyA",
786. "address": "0x4482ec"
787. },
788. {
789. "name": "GlobalLock",
790. "address": "0x4482f0"
791. },
792. {
793. "name": "GlobalUnlock",
794. "address": "0x4482f4"
795. },
796. {
797. "name": "GlobalFree",
798. "address": "0x4482f8"
799. },
800. {
801. "name": "FreeResource",
802. "address": "0x4482fc"
803. },
804. {
805. "name": "RaiseException",
806. "address": "0x448300"
807. },
808. {
809. "name": "DeleteCriticalSection",
810. "address": "0x448304"
811. },
812. {
813. "name": "InitializeCriticalSection",
814. "address": "0x448308"
815. },
816. {
817. "name": "GetLastError",
818. "address": "0x44830c"
819. },
820. {
821. "name": "lstrlenA",
822. "address": "0x448310"
823. },
824. {
825. "name": "lstrcmpiA",
826. "address": "0x448314"
827. },
828. {
829. "name": "GetStringTypeExA",
830. "address": "0x448318"
831. },
832. {
833. "name": "CompareStringA",
834. "address": "0x44831c"
835. },
836. {
837. "name": "CompareStringW",
838. "address": "0x448320"
839. },
840. {
841. "name": "MultiByteToWideChar",
842. "address": "0x448324"
843. },
844. {
845. "name": "GetVersion",
846. "address": "0x448328"
847. },
848. {
849. "name": "WideCharToMultiByte",
850. "address": "0x44832c"
851. },
852. {
853. "name": "LoadResource",
854. "address": "0x448330"
855. },
856. {
857. "name": "LockResource",
858. "address": "0x448334"
859. },
860. {
861. "name": "SizeofResource",
862. "address": "0x448338"
863. },
864. {
865. "name": "FindResourceA",
866. "address": "0x44833c"
867. },
868. {
869. "name": "GetThreadLocale",
870. "address": "0x448340"
871. },
872. {
873. "name": "GetLocaleInfoA",
874. "address": "0x448344"
875. },
876. {
877. "name": "GetACP",
878. "address": "0x448348"
879. },
880. {
881. "name": "InterlockedExchange",
882. "address": "0x44834c"
883. },
884. {
885. "name": "GetVersionExA",
886. "address": "0x448350"
887. },
888. {
889. "name": "LoadLibraryA",
890. "address": "0x448354"
891. },
892. {
893. "name": "FreeEnvironmentStringsW",
894. "address": "0x448358"
895. },
896. {
897. "name": "GetProcAddress",
898. "address": "0x44835c"
899. }
900. ],
901. "dll": "KERNEL32.dll"
902. },
903. {
904. "imports": [
905. {
906. "name": "LockWindowUpdate",
907. "address": "0x4483cc"
908. },
909. {
910. "name": "RegisterWindowMessageA",
911. "address": "0x4483d0"
912. },
913. {
914. "name": "WinHelpA",
915. "address": "0x4483d4"
916. },
917. {
918. "name": "GetCapture",
919. "address": "0x4483d8"
920. },
921. {
922. "name": "CreateWindowExA",
923. "address": "0x4483dc"
924. },
925. {
926. "name": "GetClassLongA",
927. "address": "0x4483e0"
928. },
929. {
930. "name": "GetClassInfoExA",
931. "address": "0x4483e4"
932. },
933. {
934. "name": "GetClassNameA",
935. "address": "0x4483e8"
936. },
937. {
938. "name": "SetPropA",
939. "address": "0x4483ec"
940. },
941. {
942. "name": "GetPropA",
943. "address": "0x4483f0"
944. },
945. {
946. "name": "RemovePropA",
947. "address": "0x4483f4"
948. },
949. {
950. "name": "IsChild",
951. "address": "0x4483f8"
952. },
953. {
954. "name": "GetForegroundWindow",
955. "address": "0x4483fc"
956. },
957. {
958. "name": "BeginDeferWindowPos",
959. "address": "0x448400"
960. },
961. {
962. "name": "EndDeferWindowPos",
963. "address": "0x448404"
964. },
965. {
966. "name": "GetTopWindow",
967. "address": "0x448408"
968. },
969. {
970. "name": "UnhookWindowsHookEx",
971. "address": "0x44840c"
972. },
973. {
974. "name": "GetMessageTime",
975. "address": "0x448410"
976. },
977. {
978. "name": "GetMessagePos",
979. "address": "0x448414"
980. },
981. {
982. "name": "LoadIconA",
983. "address": "0x448418"
984. },
985. {
986. "name": "MapWindowPoints",
987. "address": "0x44841c"
988. },
989. {
990. "name": "ScrollWindow",
991. "address": "0x448420"
992. },
993. {
994. "name": "TrackPopupMenu",
995. "address": "0x448424"
996. },
997. {
998. "name": "SetScrollRange",
999. "address": "0x448428"
1000. },
1001. {
1002. "name": "GetScrollRange",
1003. "address": "0x44842c"
1004. },
1005. {
1006. "name": "SetScrollPos",
1007. "address": "0x448430"
1008. },
1009. {
1010. "name": "GetScrollPos",
1011. "address": "0x448434"
1012. },
1013. {
1014. "name": "SetForegroundWindow",
1015. "address": "0x448438"
1016. },
1017. {
1018. "name": "ShowScrollBar",
1019. "address": "0x44843c"
1020. },
1021. {
1022. "name": "GetClientRect",
1023. "address": "0x448440"
1024. },
1025. {
1026. "name": "GetMenu",
1027. "address": "0x448444"
1028. },
1029. {
1030. "name": "GetSubMenu",
1031. "address": "0x448448"
1032. },
1033. {
1034. "name": "GetMenuItemID",
1035. "address": "0x44844c"
1036. },
1037. {
1038. "name": "GetMenuItemCount",
1039. "address": "0x448450"
1040. },
1041. {
1042. "name": "GetSysColor",
1043. "address": "0x448454"
1044. },
1045. {
1046. "name": "AdjustWindowRectEx",
1047. "address": "0x448458"
1048. },
1049. {
1050. "name": "ScreenToClient",
1051. "address": "0x44845c"
1052. },
1053. {
1054. "name": "EqualRect",
1055. "address": "0x448460"
1056. },
1057. {
1058. "name": "DeferWindowPos",
1059. "address": "0x448464"
1060. },
1061. {
1062. "name": "GetScrollInfo",
1063. "address": "0x448468"
1064. },
1065. {
1066. "name": "SetScrollInfo",
1067. "address": "0x44846c"
1068. },
1069. {
1070. "name": "GetClassInfoA",
1071. "address": "0x448470"
1072. },
1073. {
1074. "name": "RegisterClassA",
1075. "address": "0x448474"
1076. },
1077. {
1078. "name": "DefWindowProcA",
1079. "address": "0x448478"
1080. },
1081. {
1082. "name": "CallWindowProcA",
1083. "address": "0x44847c"
1084. },
1085. {
1086. "name": "OffsetRect",
1087. "address": "0x448480"
1088. },
1089. {
1090. "name": "IntersectRect",
1091. "address": "0x448484"
1092. },
1093. {
1094. "name": "SystemParametersInfoA",
1095. "address": "0x448488"
1096. },
1097. {
1098. "name": "IsIconic",
1099. "address": "0x44848c"
1100. },
1101. {
1102. "name": "GetWindowPlacement",
1103. "address": "0x448490"
1104. },
1105. {
1106. "name": "GetWindowRect",
1107. "address": "0x448494"
1108. },
1109. {
1110. "name": "CopyRect",
1111. "address": "0x448498"
1112. },
1113. {
1114. "name": "PtInRect",
1115. "address": "0x44849c"
1116. },
1117. {
1118. "name": "RegisterClipboardFormatA",
1119. "address": "0x4484a0"
1120. },
1121. {
1122. "name": "GetWindow",
1123. "address": "0x4484a4"
1124. },
1125. {
1126. "name": "SetWindowContextHelpId",
1127. "address": "0x4484a8"
1128. },
1129. {
1130. "name": "MapDialogRect",
1131. "address": "0x4484ac"
1132. },
1133. {
1134. "name": "wsprintfA",
1135. "address": "0x4484b0"
1136. },
1137. {
1138. "name": "SetRect",
1139. "address": "0x4484b4"
1140. },
1141. {
1142. "name": "GetWindowTextA",
1143. "address": "0x4484b8"
1144. },
1145. {
1146. "name": "SetWindowPos",
1147. "address": "0x4484bc"
1148. },
1149. {
1150. "name": "SetFocus",
1151. "address": "0x4484c0"
1152. },
1153. {
1154. "name": "ShowWindow",
1155. "address": "0x4484c4"
1156. },
1157. {
1158. "name": "MoveWindow",
1159. "address": "0x4484c8"
1160. },
1161. {
1162. "name": "GetDCEx",
1163. "address": "0x4484cc"
1164. },
1165. {
1166. "name": "GetDlgCtrlID",
1167. "address": "0x4484d0"
1168. },
1169. {
1170. "name": "SetWindowTextA",
1171. "address": "0x4484d4"
1172. },
1173. {
1174. "name": "IsDialogMessageA",
1175. "address": "0x4484d8"
1176. },
1177. {
1178. "name": "IsDlgButtonChecked",
1179. "address": "0x4484dc"
1180. },
1181. {
1182. "name": "SendDlgItemMessageA",
1183. "address": "0x4484e0"
1184. },
1185. {
1186. "name": "SetMenuItemBitmaps",
1187. "address": "0x4484e4"
1188. },
1189. {
1190. "name": "GetFocus",
1191. "address": "0x4484e8"
1192. },
1193. {
1194. "name": "ModifyMenuA",
1195. "address": "0x4484ec"
1196. },
1197. {
1198. "name": "GetMenuState",
1199. "address": "0x4484f0"
1200. },
1201. {
1202. "name": "EnableMenuItem",
1203. "address": "0x4484f4"
1204. },
1205. {
1206. "name": "CheckMenuItem",
1207. "address": "0x4484f8"
1208. },
1209. {
1210. "name": "GetMenuCheckMarkDimensions",
1211. "address": "0x4484fc"
1212. },
1213. {
1214. "name": "LoadBitmapA",
1215. "address": "0x448500"
1216. },
1217. {
1218. "name": "SetWindowsHookExA",
1219. "address": "0x448504"
1220. },
1221. {
1222. "name": "CallNextHookEx",
1223. "address": "0x448508"
1224. },
1225. {
1226. "name": "GetMessageA",
1227. "address": "0x44850c"
1228. },
1229. {
1230. "name": "TranslateMessage",
1231. "address": "0x448510"
1232. },
1233. {
1234. "name": "DispatchMessageA",
1235. "address": "0x448514"
1236. },
1237. {
1238. "name": "IsWindowVisible",
1239. "address": "0x448518"
1240. },
1241. {
1242. "name": "GetKeyState",
1243. "address": "0x44851c"
1244. },
1245. {
1246. "name": "PeekMessageA",
1247. "address": "0x448520"
1248. },
1249. {
1250. "name": "GetCursorPos",
1251. "address": "0x448524"
1252. },
1253. {
1254. "name": "ValidateRect",
1255. "address": "0x448528"
1256. },
1257. {
1258. "name": "CharNextA",
1259. "address": "0x44852c"
1260. },
1261. {
1262. "name": "DestroyIcon",
1263. "address": "0x448530"
1264. },
1265. {
1266. "name": "GetSysColorBrush",
1267. "address": "0x448534"
1268. },
1269. {
1270. "name": "EndPaint",
1271. "address": "0x448538"
1272. },
1273. {
1274. "name": "BeginPaint",
1275. "address": "0x44853c"
1276. },
1277. {
1278. "name": "GetWindowDC",
1279. "address": "0x448540"
1280. },
1281. {
1282. "name": "GrayStringA",
1283. "address": "0x448544"
1284. },
1285. {
1286. "name": "DrawTextExA",
1287. "address": "0x448548"
1288. },
1289. {
1290. "name": "DrawTextA",
1291. "address": "0x44854c"
1292. },
1293. {
1294. "name": "TabbedTextOutA",
1295. "address": "0x448550"
1296. },
1297. {
1298. "name": "SetParent",
1299. "address": "0x448554"
1300. },
1301. {
1302. "name": "GetSystemMenu",
1303. "address": "0x448558"
1304. },
1305. {
1306. "name": "DeleteMenu",
1307. "address": "0x44855c"
1308. },
1309. {
1310. "name": "MessageBoxA",
1311. "address": "0x448560"
1312. },
1313. {
1314. "name": "GetLastActivePopup",
1315. "address": "0x448564"
1316. },
1317. {
1318. "name": "ShowOwnedPopups",
1319. "address": "0x448568"
1320. },
1321. {
1322. "name": "SetCursor",
1323. "address": "0x44856c"
1324. },
1325. {
1326. "name": "PostMessageA",
1327. "address": "0x448570"
1328. },
1329. {
1330. "name": "PostQuitMessage",
1331. "address": "0x448574"
1332. },
1333. {
1334. "name": "GetDesktopWindow",
1335. "address": "0x448578"
1336. },
1337. {
1338. "name": "GetActiveWindow",
1339. "address": "0x44857c"
1340. },
1341. {
1342. "name": "SetActiveWindow",
1343. "address": "0x448580"
1344. },
1345. {
1346. "name": "GetSystemMetrics",
1347. "address": "0x448584"
1348. },
1349. {
1350. "name": "CreateDialogIndirectParamA",
1351. "address": "0x448588"
1352. },
1353. {
1354. "name": "DestroyWindow",
1355. "address": "0x44858c"
1356. },
1357. {
1358. "name": "IsWindow",
1359. "address": "0x448590"
1360. },
1361. {
1362. "name": "GetWindowLongA",
1363. "address": "0x448594"
1364. },
1365. {
1366. "name": "GetDlgItem",
1367. "address": "0x448598"
1368. },
1369. {
1370. "name": "WindowFromPoint",
1371. "address": "0x44859c"
1372. },
1373. {
1374. "name": "GetMenuItemInfoA",
1375. "address": "0x4485a0"
1376. },
1377. {
1378. "name": "InflateRect",
1379. "address": "0x4485a4"
1380. },
1381. {
1382. "name": "IsWindowEnabled",
1383. "address": "0x4485a8"
1384. },
1385. {
1386. "name": "GetParent",
1387. "address": "0x4485ac"
1388. },
1389. {
1390. "name": "GetNextDlgTabItem",
1391. "address": "0x4485b0"
1392. },
1393. {
1394. "name": "EndDialog",
1395. "address": "0x4485b4"
1396. },
1397. {
1398. "name": "UnregisterClassA",
1399. "address": "0x4485b8"
1400. },
1401. {
1402. "name": "CharUpperA",
1403. "address": "0x4485bc"
1404. },
1405. {
1406. "name": "SendMessageA",
1407. "address": "0x4485c0"
1408. },
1409. {
1410. "name": "EnableWindow",
1411. "address": "0x4485c4"
1412. },
1413. {
1414. "name": "UpdateWindow",
1415. "address": "0x4485c8"
1416. },
1417. {
1418. "name": "PostThreadMessageA",
1419. "address": "0x4485cc"
1420. },
1421. {
1422. "name": "MessageBeep",
1423. "address": "0x4485d0"
1424. },
1425. {
1426. "name": "GetNextDlgGroupItem",
1427. "address": "0x4485d4"
1428. },
1429. {
1430. "name": "InvalidateRgn",
1431. "address": "0x4485d8"
1432. },
1433. {
1434. "name": "SetWindowLongA",
1435. "address": "0x4485dc"
1436. },
1437. {
1438. "name": "CopyAcceleratorTableA",
1439. "address": "0x4485e0"
1440. },
1441. {
1442. "name": "GetDC",
1443. "address": "0x4485e4"
1444. },
1445. {
1446. "name": "ReleaseDC",
1447. "address": "0x4485e8"
1448. },
1449. {
1450. "name": "IsZoomed",
1451. "address": "0x4485ec"
1452. },
1453. {
1454. "name": "LoadMenuA",
1455. "address": "0x4485f0"
1456. },
1457. {
1458. "name": "DestroyMenu",
1459. "address": "0x4485f4"
1460. },
1461. {
1462. "name": "UnpackDDElParam",
1463. "address": "0x4485f8"
1464. },
1465. {
1466. "name": "ReuseDDElParam",
1467. "address": "0x4485fc"
1468. },
1469. {
1470. "name": "LoadAcceleratorsA",
1471. "address": "0x448600"
1472. },
1473. {
1474. "name": "InsertMenuItemA",
1475. "address": "0x448604"
1476. },
1477. {
1478. "name": "CreatePopupMenu",
1479. "address": "0x448608"
1480. },
1481. {
1482. "name": "SetRectEmpty",
1483. "address": "0x44860c"
1484. },
1485. {
1486. "name": "BringWindowToTop",
1487. "address": "0x448610"
1488. },
1489. {
1490. "name": "SetMenu",
1491. "address": "0x448614"
1492. },
1493. {
1494. "name": "TranslateAcceleratorA",
1495. "address": "0x448618"
1496. },
1497. {
1498. "name": "ReleaseCapture",
1499. "address": "0x44861c"
1500. },
1501. {
1502. "name": "LoadCursorA",
1503. "address": "0x448620"
1504. },
1505. {
1506. "name": "SetCapture",
1507. "address": "0x448624"
1508. },
1509. {
1510. "name": "KillTimer",
1511. "address": "0x448628"
1512. },
1513. {
1514. "name": "SetTimer",
1515. "address": "0x44862c"
1516. },
1517. {
1518. "name": "InvalidateRect",
1519. "address": "0x448630"
1520. },
1521. {
1522. "name": "ClientToScreen",
1523. "address": "0x448634"
1524. },
1525. {
1526. "name": "SetWindowRgn",
1527. "address": "0x448638"
1528. },
1529. {
1530. "name": "DrawIcon",
1531. "address": "0x44863c"
1532. },
1533. {
1534. "name": "FillRect",
1535. "address": "0x448640"
1536. },
1537. {
1538. "name": "IsRectEmpty",
1539. "address": "0x448644"
1540. },
1541. {
1542. "name": "FindWindowA",
1543. "address": "0x448648"
1544. },
1545. {
1546. "name": "GetMenuStringA",
1547. "address": "0x44864c"
1548. },
1549. {
1550. "name": "GetWindowTextLengthA",
1551. "address": "0x448650"
1552. },
1553. {
1554. "name": "InsertMenuA",
1555. "address": "0x448654"
1556. },
1557. {
1558. "name": "AppendMenuA",
1559. "address": "0x448658"
1560. }
1561. ],
1562. "dll": "USER32.dll"
1563. },
1564. {
1565. "imports": [
1566. {
1567. "name": "SetMapMode",
1568. "address": "0x448050"
1569. },
1570. {
1571. "name": "ExcludeClipRect",
1572. "address": "0x448054"
1573. },
1574. {
1575. "name": "IntersectClipRect",
1576. "address": "0x448058"
1577. },
1578. {
1579. "name": "SelectClipRgn",
1580. "address": "0x44805c"
1581. },
1582. {
1583. "name": "CreateRectRgn",
1584. "address": "0x448060"
1585. },
1586. {
1587. "name": "GetViewportExtEx",
1588. "address": "0x448064"
1589. },
1590. {
1591. "name": "GetWindowExtEx",
1592. "address": "0x448068"
1593. },
1594. {
1595. "name": "BitBlt",
1596. "address": "0x44806c"
1597. },
1598. {
1599. "name": "GetPixel",
1600. "address": "0x448070"
1601. },
1602. {
1603. "name": "PtVisible",
1604. "address": "0x448074"
1605. },
1606. {
1607. "name": "RectVisible",
1608. "address": "0x448078"
1609. },
1610. {
1611. "name": "TextOutA",
1612. "address": "0x44807c"
1613. },
1614. {
1615. "name": "ExtTextOutA",
1616. "address": "0x448080"
1617. },
1618. {
1619. "name": "Escape",
1620. "address": "0x448084"
1621. },
1622. {
1623. "name": "SetViewportOrgEx",
1624. "address": "0x448088"
1625. },
1626. {
1627. "name": "OffsetViewportOrgEx",
1628. "address": "0x44808c"
1629. },
1630. {
1631. "name": "SetViewportExtEx",
1632. "address": "0x448090"
1633. },
1634. {
1635. "name": "ScaleViewportExtEx",
1636. "address": "0x448094"
1637. },
1638. {
1639. "name": "ScaleWindowExtEx",
1640. "address": "0x448098"
1641. },
1642. {
1643. "name": "ExtSelectClipRgn",
1644. "address": "0x44809c"
1645. },
1646. {
1647. "name": "CreatePatternBrush",
1648. "address": "0x4480a0"
1649. },
1650. {
1651. "name": "GetStockObject",
1652. "address": "0x4480a4"
1653. },
1654. {
1655. "name": "CreateSolidBrush",
1656. "address": "0x4480a8"
1657. },
1658. {
1659. "name": "CreateFontIndirectA",
1660. "address": "0x4480ac"
1661. },
1662. {
1663. "name": "GetBkColor",
1664. "address": "0x4480b0"
1665. },
1666. {
1667. "name": "GetTextColor",
1668. "address": "0x4480b4"
1669. },
1670. {
1671. "name": "CreateRectRgnIndirect",
1672. "address": "0x4480b8"
1673. },
1674. {
1675. "name": "GetRgnBox",
1676. "address": "0x4480bc"
1677. },
1678. {
1679. "name": "PatBlt",
1680. "address": "0x4480c0"
1681. },
1682. {
1683. "name": "SetRectRgn",
1684. "address": "0x4480c4"
1685. },
1686. {
1687. "name": "CombineRgn",
1688. "address": "0x4480c8"
1689. },
1690. {
1691. "name": "GetMapMode",
1692. "address": "0x4480cc"
1693. },
1694. {
1695. "name": "SetBkMode",
1696. "address": "0x4480d0"
1697. },
1698. {
1699. "name": "RestoreDC",
1700. "address": "0x4480d4"
1701. },
1702. {
1703. "name": "SaveDC",
1704. "address": "0x4480d8"
1705. },
1706. {
1707. "name": "CreateFontA",
1708. "address": "0x4480dc"
1709. },
1710. {
1711. "name": "GetCharWidthA",
1712. "address": "0x4480e0"
1713. },
1714. {
1715. "name": "DeleteObject",
1716. "address": "0x4480e4"
1717. },
1718. {
1719. "name": "StretchDIBits",
1720. "address": "0x4480e8"
1721. },
1722. {
1723. "name": "DeleteDC",
1724. "address": "0x4480ec"
1725. },
1726. {
1727. "name": "GetTextExtentPoint32A",
1728. "address": "0x4480f0"
1729. },
1730. {
1731. "name": "GetTextMetricsA",
1732. "address": "0x4480f4"
1733. },
1734. {
1735. "name": "SelectObject",
1736. "address": "0x4480f8"
1737. },
1738. {
1739. "name": "CreateCompatibleDC",
1740. "address": "0x4480fc"
1741. },
1742. {
1743. "name": "CreateCompatibleBitmap",
1744. "address": "0x448100"
1745. },
1746. {
1747. "name": "Ellipse",
1748. "address": "0x448104"
1749. },
1750. {
1751. "name": "LPtoDP",
1752. "address": "0x448108"
1753. },
1754. {
1755. "name": "CreateEllipticRgn",
1756. "address": "0x44810c"
1757. },
1758. {
1759. "name": "GetDeviceCaps",
1760. "address": "0x448110"
1761. },
1762. {
1763. "name": "GetObjectA",
1764. "address": "0x448114"
1765. },
1766. {
1767. "name": "SetBkColor",
1768. "address": "0x448118"
1769. },
1770. {
1771. "name": "SetTextColor",
1772. "address": "0x44811c"
1773. },
1774. {
1775. "name": "GetClipBox",
1776. "address": "0x448120"
1777. },
1778. {
1779. "name": "SetWindowExtEx",
1780. "address": "0x448124"
1781. },
1782. {
1783. "name": "CreateBitmap",
1784. "address": "0x448128"
1785. }
1786. ],
1787. "dll": "GDI32.dll"
1788. },
1789. {
1790. "imports": [
1791. {
1792. "name": "GetSaveFileNameA",
1793. "address": "0x448670"
1794. },
1795. {
1796. "name": "GetFileTitleA",
1797. "address": "0x448674"
1798. },
1799. {
1800. "name": "GetOpenFileNameA",
1801. "address": "0x448678"
1802. }
1803. ],
1804. "dll": "comdlg32.dll"
1805. },
1806. {
1807. "imports": [
1808. {
1809. "name": "OpenPrinterA",
1810. "address": "0x448660"
1811. },
1812. {
1813. "name": "DocumentPropertiesA",
1814. "address": "0x448664"
1815. },
1816. {
1817. "name": "ClosePrinter",
1818. "address": "0x448668"
1819. }
1820. ],
1821. "dll": "WINSPOOL.DRV"
1822. },
1823. {
1824. "imports": [
1825. {
1826. "name": "RegSetValueA",
1827. "address": "0x448000"
1828. },
1829. {
1830. "name": "RegQueryValueExA",
1831. "address": "0x448004"
1832. },
1833. {
1834. "name": "RegOpenKeyExA",
1835. "address": "0x448008"
1836. },
1837. {
1838. "name": "RegDeleteKeyA",
1839. "address": "0x44800c"
1840. },
1841. {
1842. "name": "RegEnumKeyA",
1843. "address": "0x448010"
1844. },
1845. {
1846. "name": "RegOpenKeyA",
1847. "address": "0x448014"
1848. },
1849. {
1850. "name": "RegQueryValueA",
1851. "address": "0x448018"
1852. },
1853. {
1854. "name": "RegCreateKeyExA",
1855. "address": "0x44801c"
1856. },
1857. {
1858. "name": "RegSetValueExA",
1859. "address": "0x448020"
1860. },
1861. {
1862. "name": "RegDeleteValueA",
1863. "address": "0x448024"
1864. },
1865. {
1866. "name": "SetFileSecurityA",
1867. "address": "0x448028"
1868. },
1869. {
1870. "name": "RegCreateKeyA",
1871. "address": "0x44802c"
1872. },
1873. {
1874. "name": "RegCloseKey",
1875. "address": "0x448030"
1876. },
1877. {
1878. "name": "GetFileSecurityA",
1879. "address": "0x448034"
1880. }
1881. ],
1882. "dll": "ADVAPI32.dll"
1883. },
1884. {
1885. "imports": [
1886. {
1887. "name": "DragFinish",
1888. "address": "0x44839c"
1889. },
1890. {
1891. "name": "DragQueryFileA",
1892. "address": "0x4483a0"
1893. },
1894. {
1895. "name": "ExtractIconA",
1896. "address": "0x4483a4"
1897. },
1898. {
1899. "name": "SHGetFileInfoA",
1900. "address": "0x4483a8"
1901. },
1902. {
1903. "name": "DragAcceptFiles",
1904. "address": "0x4483ac"
1905. }
1906. ],
1907. "dll": "SHELL32.dll"
1908. },
1909. {
1910. "imports": [
1911. {
1912. "name": null,
1913. "address": "0x44803c"
1914. },
1915. {
1916. "name": "ImageList_Draw",
1917. "address": "0x448040"
1918. },
1919. {
1920. "name": "ImageList_GetImageInfo",
1921. "address": "0x448044"
1922. },
1923. {
1924. "name": "ImageList_Destroy",
1925. "address": "0x448048"
1926. }
1927. ],
1928. "dll": "COMCTL32.dll"
1929. },
1930. {
1931. "imports": [
1932. {
1933. "name": "PathRemoveExtensionA",
1934. "address": "0x4483b4"
1935. },
1936. {
1937. "name": "PathFindFileNameA",
1938. "address": "0x4483b8"
1939. },
1940. {
1941. "name": "PathStripToRootA",
1942. "address": "0x4483bc"
1943. },
1944. {
1945. "name": "PathFindExtensionA",
1946. "address": "0x4483c0"
1947. },
1948. {
1949. "name": "PathIsUNCA",
1950. "address": "0x4483c4"
1951. }
1952. ],
1953. "dll": "SHLWAPI.dll"
1954. },
1955. {
1956. "imports": [
1957. {
1958. "name": null,
1959. "address": "0x4486c0"
1960. }
1961. ],
1962. "dll": "oledlg.dll"
1963. },
1964. {
1965. "imports": [
1966. {
1967. "name": "CoGetClassObject",
1968. "address": "0x448680"
1969. },
1970. {
1971. "name": "CoTaskMemAlloc",
1972. "address": "0x448684"
1973. },
1974. {
1975. "name": "StgOpenStorageOnILockBytes",
1976. "address": "0x448688"
1977. },
1978. {
1979. "name": "CoTaskMemFree",
1980. "address": "0x44868c"
1981. },
1982. {
1983. "name": "OleInitialize",
1984. "address": "0x448690"
1985. },
1986. {
1987. "name": "CoFreeUnusedLibraries",
1988. "address": "0x448694"
1989. },
1990. {
1991. "name": "OleUninitialize",
1992. "address": "0x448698"
1993. },
1994. {
1995. "name": "CLSIDFromString",
1996. "address": "0x44869c"
1997. },
1998. {
1999. "name": "CLSIDFromProgID",
2000. "address": "0x4486a0"
2001. },
2002. {
2003. "name": "StgCreateDocfileOnILockBytes",
2004. "address": "0x4486a4"
2005. },
2006. {
2007. "name": "CreateILockBytesOnHGlobal",
2008. "address": "0x4486a8"
2009. },
2010. {
2011. "name": "CoRevokeClassObject",
2012. "address": "0x4486ac"
2013. },
2014. {
2015. "name": "OleIsCurrentClipboard",
2016. "address": "0x4486b0"
2017. },
2018. {
2019. "name": "OleFlushClipboard",
2020. "address": "0x4486b4"
2021. },
2022. {
2023. "name": "CoRegisterMessageFilter",
2024. "address": "0x4486b8"
2025. }
2026. ],
2027. "dll": "ole32.dll"
2028. },
2029. {
2030. "imports": [
2031. {
2032. "name": "VariantTimeToSystemTime",
2033. "address": "0x448364"
2034. },
2035. {
2036. "name": "SysFreeString",
2037. "address": "0x448368"
2038. },
2039. {
2040. "name": "SysAllocStringLen",
2041. "address": "0x44836c"
2042. },
2043. {
2044. "name": "VariantClear",
2045. "address": "0x448370"
2046. },
2047. {
2048. "name": "VariantChangeType",
2049. "address": "0x448374"
2050. },
2051. {
2052. "name": "VariantInit",
2053. "address": "0x448378"
2054. },
2055. {
2056. "name": "SysStringLen",
2057. "address": "0x44837c"
2058. },
2059. {
2060. "name": "SysAllocStringByteLen",
2061. "address": "0x448380"
2062. },
2063. {
2064. "name": "VariantCopy",
2065. "address": "0x448384"
2066. },
2067. {
2068. "name": "SysAllocString",
2069. "address": "0x448388"
2070. },
2071. {
2072. "name": "OleCreateFontIndirect",
2073. "address": "0x44838c"
2074. },
2075. {
2076. "name": "SafeArrayDestroy",
2077. "address": "0x448390"
2078. },
2079. {
2080. "name": "SystemTimeToVariantTime",
2081. "address": "0x448394"
2082. }
2083. ],
2084. "dll": "OLEAUT32.dll"
2085. }
2086. ],
2087. "digital_signers": null,
2088. "exported_dll_name": null,
2089. "actual_checksum": "0x000a749d",
2090. "overlay": null,
2091. "imagebase": "0x00400000",
2092. "reported_checksum": "0x00000000",
2093. "icon_hash": null,
2094. "entrypoint": "0x00418c57",
2095. "timestamp": "2019-06-26 14:11:27",
2096. "osversion": "4.0",
2097. "sections": [
2098. {
2099. "name": ".text",
2100. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2101. "virtual_address": "0x00001000",
2102. "size_of_data": "0x00047000",
2103. "entropy": "6.52",
2104. "raw_address": "0x00001000",
2105. "virtual_size": "0x000468fb",
2106. "characteristics_raw": "0x60000020"
2107. },
2108. {
2109. "name": ".rdata",
2110. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2111. "virtual_address": "0x00048000",
2112. "size_of_data": "0x0004b000",
2113. "entropy": "6.24",
2114. "raw_address": "0x00048000",
2115. "virtual_size": "0x0004ae26",
2116. "characteristics_raw": "0x40000040"
2117. },
2118. {
2119. "name": ".data",
2120. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2121. "virtual_address": "0x00093000",
2122. "size_of_data": "0x00003000",
2123. "entropy": "3.96",
2124. "raw_address": "0x00093000",
2125. "virtual_size": "0x00006094",
2126. "characteristics_raw": "0xc0000040"
2127. },
2128. {
2129. "name": ".rsrc",
2130. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2131. "virtual_address": "0x0009a000",
2132. "size_of_data": "0x0000c000",
2133. "entropy": "4.94",
2134. "raw_address": "0x00096000",
2135. "virtual_size": "0x0000b578",
2136. "characteristics_raw": "0x40000040"
2137. }
2138. ],
2139. "resources": [],
2140. "dirents": [
2141. {
2142. "virtual_address": "0x00000000",
2143. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2144. "size": "0x00000000"
2145. },
2146. {
2147. "virtual_address": "0x00090a48",
2148. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2149. "size": "0x00000104"
2150. },
2151. {
2152. "virtual_address": "0x0009a000",
2153. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2154. "size": "0x0000b578"
2155. },
2156. {
2157. "virtual_address": "0x00000000",
2158. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2159. "size": "0x00000000"
2160. },
2161. {
2162. "virtual_address": "0x00000000",
2163. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2164. "size": "0x00000000"
2165. },
2166. {
2167. "virtual_address": "0x00000000",
2168. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2169. "size": "0x00000000"
2170. },
2171. {
2172. "virtual_address": "0x00000000",
2173. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2174. "size": "0x00000000"
2175. },
2176. {
2177. "virtual_address": "0x00000000",
2178. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2179. "size": "0x00000000"
2180. },
2181. {
2182. "virtual_address": "0x00000000",
2183. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2184. "size": "0x00000000"
2185. },
2186. {
2187. "virtual_address": "0x00000000",
2188. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2189. "size": "0x00000000"
2190. },
2191. {
2192. "virtual_address": "0x0008abe0",
2193. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2194. "size": "0x00000048"
2195. },
2196. {
2197. "virtual_address": "0x00000000",
2198. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2199. "size": "0x00000000"
2200. },
2201. {
2202. "virtual_address": "0x00048000",
2203. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2204. "size": "0x000006c8"
2205. },
2206. {
2207. "virtual_address": "0x00090998",
2208. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2209. "size": "0x00000040"
2210. },
2211. {
2212. "virtual_address": "0x00000000",
2213. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2214. "size": "0x00000000"
2215. },
2216. {
2217. "virtual_address": "0x00000000",
2218. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2219. "size": "0x00000000"
2220. }
2221. ],
2222. "exports": [],
2223. "guest_signers": {},
2224. "imphash": "7a377bb2d9e9a9d3215f8897afdc67d6",
2225. "icon_fuzzy": null,
2226. "icon": null,
2227. "pdbpath": null,
2228. "imported_dll_count": 12,
2229. "versioninfo": []
2230. }
2231. }
2232.  
2233. [*] Resolved APIs: [
2234. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
2235. "kernel32.dll.FlsAlloc",
2236. "kernel32.dll.FlsGetValue",
2237. "kernel32.dll.FlsSetValue",
2238. "kernel32.dll.FlsFree",
2239. "kernel32.dll.IsProcessorFeaturePresent",
2240. "user32.dll.NotifyWinEvent",
2241. "advapi32.dll.CryptAcquireContextA",
2242. "cryptsp.dll.CryptAcquireContextA",
2243. "kernel32.dll.CreateFileMappingA",
2244. "kernel32.dll.MapViewOfFile",
2245. "kernel32.dll.VirtualAlloc",
2246. "ntdll.dll.memcpy",
2247. "kernel32.dll.GetCurrentProcess",
2248. "kernel32.dll.CloseHandle",
2249. "advapi32.dll.OpenProcessToken",
2250. "advapi32.dll.GetTokenInformation",
2251. "kernel32.dll.Wow64EnableWow64FsRedirection",
2252. "advapi32.dll.RegCloseKey",
2253. "advapi32.dll.RegCreateKeyW",
2254. "advapi32.dll.RegOpenKeyExW",
2255. "advapi32.dll.RegSetValueExW",
2256. "shell32.dll.ShellExecuteA",
2257. "ole32.dll.OleInitialize",
2258. "cryptbase.dll.SystemFunction036",
2259. "ole32.dll.CreateBindCtx",
2260. "ole32.dll.CoTaskMemAlloc",
2261. "propsys.dll.PSCreateMemoryPropertyStore",
2262. "propsys.dll.PSPropertyBag_WriteDWORD",
2263. "ole32.dll.CoGetApartmentType",
2264. "ole32.dll.CoRegisterInitializeSpy",
2265. "ole32.dll.CoTaskMemFree",
2266. "comctl32.dll.#236",
2267. "oleaut32.dll.#6",
2268. "ole32.dll.CoGetMalloc",
2269. "propsys.dll.PSPropertyBag_ReadDWORD",
2270. "propsys.dll.PSPropertyBag_ReadGUID",
2271. "comctl32.dll.#320",
2272. "comctl32.dll.#324",
2273. "comctl32.dll.#323",
2274. "advapi32.dll.RegEnumKeyW",
2275. "advapi32.dll.OpenThreadToken",
2276. "ole32.dll.StringFromGUID2",
2277. "apphelp.dll.ApphelpCheckShellObject",
2278. "ole32.dll.CoCreateInstance",
2279. "urlmon.dll.CreateUri",
2280. "kernel32.dll.InitializeSRWLock",
2281. "kernel32.dll.AcquireSRWLockExclusive",
2282. "kernel32.dll.AcquireSRWLockShared",
2283. "kernel32.dll.ReleaseSRWLockExclusive",
2284. "kernel32.dll.ReleaseSRWLockShared",
2285. "comctl32.dll.#328",
2286. "comctl32.dll.#334",
2287. "oleaut32.dll.#2",
2288. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
2289. "shell32.dll.#102",
2290. "propsys.dll.PSPropertyBag_ReadStrAlloc",
2291. "ole32.dll.CoInitializeEx",
2292. "advapi32.dll.InitializeSecurityDescriptor",
2293. "advapi32.dll.SetEntriesInAclW",
2294. "ntmarta.dll.GetMartaExtensionInterface",
2295. "advapi32.dll.SetSecurityDescriptorDacl",
2296. "advapi32.dll.IsTextUnicode",
2297. "comctl32.dll.#332",
2298. "comctl32.dll.#338",
2299. "comctl32.dll.#339",
2300. "ole32.dll.CoUninitialize",
2301. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
2302. "sechost.dll.ConvertSidToStringSidW",
2303. "profapi.dll.#104",
2304. "propsys.dll.#430",
2305. "advapi32.dll.RegGetValueW",
2306. "ole32.dll.CoTaskMemRealloc",
2307. "propsys.dll.InitPropVariantFromStringAsVector",
2308. "propsys.dll.PSCoerceToCanonicalValue",
2309. "propsys.dll.PropVariantToStringAlloc",
2310. "ole32.dll.PropVariantClear",
2311. "ole32.dll.CoAllowSetForegroundWindow",
2312. "comctl32.dll.#386",
2313. "shell32.dll.SHGetFolderPathW",
2314. "advapi32.dll.SaferGetPolicyInformation",
2315. "ntdll.dll.RtlDllShutdownInProgress",
2316. "comctl32.dll.#329",
2317. "ole32.dll.OleUninitialize",
2318. "ole32.dll.CoRevokeInitializeSpy",
2319. "comctl32.dll.#388",
2320. "oleaut32.dll.#500",
2321. "advapi32.dll.CryptImportKey",
2322. "advapi32.dll.CryptEncrypt",
2323. "cryptsp.dll.CryptImportKey",
2324. "cryptbase.dll.SystemFunction040",
2325. "cryptbase.dll.SystemFunction041",
2326. "cryptsp.dll.CryptEncrypt",
2327. "advapi32.dll.UnregisterTraceGuids",
2328. "comctl32.dll.#321",
2329. "kernel32.dll.SetThreadUILanguage",
2330. "kernel32.dll.CopyFileExW",
2331. "kernel32.dll.IsDebuggerPresent",
2332. "kernel32.dll.SetConsoleInputExeNameW",
2333. "kernel32.dll.SortGetHandle",
2334. "kernel32.dll.SortCloseHandle",
2335. "uxtheme.dll.ThemeInitApiHook",
2336. "user32.dll.IsProcessDPIAware",
2337. "shell32.dll.#66",
2338. "comctl32.dll.#385",
2339. "comctl32.dll.#336",
2340. "linkinfo.dll.IsValidLinkInfo",
2341. "propsys.dll.#417",
2342. "propsys.dll.PSGetNameFromPropertyKey",
2343. "propsys.dll.PSStringFromPropertyKey",
2344. "propsys.dll.InitVariantFromBuffer",
2345. "oleaut32.dll.#9",
2346. "propsys.dll.PropVariantToGUID",
2347. "comctl32.dll.#333",
2348. "linkinfo.dll.CreateLinkInfoW",
2349. "user32.dll.IsCharAlphaW",
2350. "user32.dll.CharPrevW",
2351. "ntshrui.dll.GetNetResourceFromLocalPathW",
2352. "srvcli.dll.NetShareEnum",
2353. "cscapi.dll.CscNetApiGetInterface",
2354. "slc.dll.SLGetWindowsInformationDWORD",
2355. "shlwapi.dll.PathRemoveFileSpecW",
2356. "linkinfo.dll.DestroyLinkInfo",
2357. "propsys.dll.PropVariantToBoolean",
2358. "cryptsp.dll.CryptAcquireContextW",
2359. "cryptsp.dll.CryptGenRandom",
2360. "cryptsp.dll.CryptReleaseContext",
2361. "advapi32.dll.GetSecurityInfo",
2362. "advapi32.dll.SetSecurityInfo",
2363. "advapi32.dll.GetSecurityDescriptorControl",
2364. "advapi32.dll.RegQueryInfoKeyW",
2365. "advapi32.dll.RegEnumKeyExW",
2366. "advapi32.dll.RegEnumValueW",
2367. "advapi32.dll.RegQueryValueExW",
2368. "shlwapi.dll.UrlIsW",
2369. "msvcrt.dll._set_error_mode",
2370. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
2371. "kernel32.dll.FindActCtxSectionStringW",
2372. "kernel32.dll.GetSystemWindowsDirectoryW",
2373. "mscoree.dll.GetProcessExecutableHeap",
2374. "mscorwks.dll.DllGetClassObjectInternal",
2375. "mscorwks.dll.GetCLRFunction",
2376. "advapi32.dll.RegisterTraceGuidsW",
2377. "advapi32.dll.GetTraceLoggerHandle",
2378. "advapi32.dll.GetTraceEnableLevel",
2379. "advapi32.dll.GetTraceEnableFlags",
2380. "advapi32.dll.TraceEvent",
2381. "mscoree.dll.IEE",
2382. "mscorwks.dll.IEE",
2383. "mscoree.dll.GetStartupFlags",
2384. "mscoree.dll.GetHostConfigurationFile",
2385. "mscoree.dll.GetCORSystemDirectory",
2386. "ntdll.dll.RtlVirtualUnwind",
2387. "kernel32.dll.IsWow64Process",
2388. "advapi32.dll.AllocateAndInitializeSid",
2389. "advapi32.dll.InitializeAcl",
2390. "advapi32.dll.AddAccessAllowedAce",
2391. "advapi32.dll.FreeSid",
2392. "kernel32.dll.SetThreadStackGuarantee",
2393. "kernel32.dll.AddVectoredContinueHandler",
2394. "kernel32.dll.RemoveVectoredContinueHandler",
2395. "advapi32.dll.ConvertSidToStringSidW",
2396. "kernel32.dll.FlushProcessWriteBuffers",
2397. "kernel32.dll.GetWriteWatch",
2398. "kernel32.dll.ResetWriteWatch",
2399. "kernel32.dll.CreateMemoryResourceNotification",
2400. "kernel32.dll.QueryMemoryResourceNotification",
2401. "kernel32.dll.GlobalMemoryStatusEx",
2402. "ole32.dll.CoGetContextToken",
2403. "oleaut32.dll.#149",
2404. "kernel32.dll.GetUserDefaultUILanguage",
2405. "kernel32.dll.GetVersionExW",
2406. "kernel32.dll.GetFullPathNameW",
2407. "kernel32.dll.SetErrorMode",
2408. "kernel32.dll.GetFileAttributesExW",
2409. "version.dll.GetFileVersionInfoSizeW",
2410. "version.dll.GetFileVersionInfoW",
2411. "version.dll.VerQueryValueW",
2412. "kernel32.dll.lstrlen",
2413. "kernel32.dll.lstrlenW",
2414. "mscoree.dll.ND_RI2",
2415. "kernel32.dll.lstrcpy",
2416. "kernel32.dll.lstrcpyW",
2417. "version.dll.VerLanguageNameW",
2418. "kernel32.dll.GetCurrentProcessId",
2419. "advapi32.dll.LookupPrivilegeValueW",
2420. "advapi32.dll.AdjustTokenPrivileges",
2421. "kernel32.dll.OpenProcess",
2422. "psapi.dll.EnumProcessModules",
2423. "psapi.dll.GetModuleInformation",
2424. "psapi.dll.GetModuleBaseNameW",
2425. "psapi.dll.GetModuleFileNameExW",
2426. "kernel32.dll.GetExitCodeProcess",
2427. "ntdll.dll.NtQuerySystemInformation",
2428. "user32.dll.EnumWindows",
2429. "user32.dll.GetWindowThreadProcessId",
2430. "kernel32.dll.WerSetFlags",
2431. "kernel32.dll.SetThreadPreferredUILanguages",
2432. "kernel32.dll.GetThreadPreferredUILanguages",
2433. "kernel32.dll.GetUserDefaultLocaleName",
2434. "kernel32.dll.GetEnvironmentVariableW",
2435. "advapi32.dll.CryptReleaseContext",
2436. "advapi32.dll.CryptCreateHash",
2437. "advapi32.dll.CryptDestroyHash",
2438. "advapi32.dll.CryptHashData",
2439. "advapi32.dll.CryptGetHashParam",
2440. "advapi32.dll.CryptExportKey",
2441. "advapi32.dll.CryptGenKey",
2442. "advapi32.dll.CryptGetKeyParam",
2443. "advapi32.dll.CryptDestroyKey",
2444. "advapi32.dll.CryptVerifySignatureA",
2445. "advapi32.dll.CryptSignHashA",
2446. "advapi32.dll.CryptGetProvParam",
2447. "advapi32.dll.CryptGetUserKey",
2448. "advapi32.dll.CryptEnumProvidersA",
2449. "cryptsp.dll.CryptHashData",
2450. "cryptsp.dll.CryptGetHashParam",
2451. "cryptsp.dll.CryptDestroyHash",
2452. "cryptsp.dll.CryptDestroyKey",
2453. "mscoree.dll.GetTokenForVTableEntry",
2454. "mscoree.dll.SetTargetForVTableEntry",
2455. "mscoree.dll.GetTargetForVTableEntry",
2456. "culture.dll.ConvertLangIdToCultureName",
2457. "ole32.dll.CoCreateGuid",
2458. "kernel32.dll.CreateFileW",
2459. "kernel32.dll.GetConsoleScreenBufferInfo",
2460. "kernel32.dll.LocalFree",
2461. "kernel32.dll.LocalAlloc",
2462. "mscoree.dll.ND_RI4",
2463. "advapi32.dll.DuplicateTokenEx",
2464. "advapi32.dll.CheckTokenMembership",
2465. "kernel32.dll.GetConsoleTitleW",
2466. "mscorjit.dll.getJit",
2467. "kernel32.dll.SetConsoleTitleW",
2468. "kernel32.dll.SetConsoleCtrlHandler",
2469. "kernel32.dll.CreateEventW",
2470. "ntdll.dll.WinSqmIsOptedIn",
2471. "kernel32.dll.ExpandEnvironmentStringsW",
2472. "shfolder.dll.SHGetFolderPathW",
2473. "kernel32.dll.SetEnvironmentVariableW",
2474. "kernel32.dll.GetACP",
2475. "kernel32.dll.UnmapViewOfFile",
2476. "kernel32.dll.GetFileType",
2477. "kernel32.dll.ReadFile",
2478. "kernel32.dll.GetSystemInfo",
2479. "kernel32.dll.VirtualQuery",
2480. "secur32.dll.GetUserNameExW",
2481. "advapi32.dll.GetUserNameW",
2482. "kernel32.dll.ReleaseMutex",
2483. "advapi32.dll.RegisterEventSourceW",
2484. "advapi32.dll.DeregisterEventSource",
2485. "advapi32.dll.ReportEventW",
2486. "kernel32.dll.GetLogicalDrives",
2487. "kernel32.dll.GetDriveTypeW",
2488. "kernel32.dll.GetVolumeInformationW",
2489. "kernel32.dll.GetCurrentDirectoryW",
2490. "kernel32.dll.GetLastError",
2491. "kernel32.dll.GetStdHandle",
2492. "kernel32.dll.GetConsoleMode",
2493. "kernel32.dll.SetEvent",
2494. "kernel32.dll.FindFirstFileW",
2495. "kernel32.dll.FindClose",
2496. "mscoree.dll.DllGetClassObject",
2497. "diasymreader.dll.DllGetClassObjectInternal",
2498. "kernel32.dll.GetConsoleOutputCP",
2499. "gdi32.dll.TranslateCharsetInfo",
2500. "kernel32.dll.SetConsoleTextAttribute",
2501. "kernel32.dll.WriteConsoleW",
2502. "mscoree.dll.CorExitProcess",
2503. "mscorwks.dll.CorExitProcess",
2504. "mscorwks.dll._CorDllMain",
2505. "kernel32.dll.CreateActCtxW",
2506. "kernel32.dll.AddRefActCtx",
2507. "kernel32.dll.ReleaseActCtx",
2508. "kernel32.dll.ActivateActCtx",
2509. "kernel32.dll.DeactivateActCtx",
2510. "kernel32.dll.GetCurrentActCtx",
2511. "kernel32.dll.QueryActCtxW",
2512. "netutils.dll.NetApiBufferFree",
2513. "crypt32.dll.CryptProtectData",
2514. "ntdll.dll.RtlUnwind",
2515. "mscoree.dll._CorExeMain",
2516. "mscoree.dll._CorImageUnloading",
2517. "mscoree.dll._CorValidateImage",
2518. "cryptsp.dll.CryptExportKey",
2519. "cryptsp.dll.CryptCreateHash",
2520. "kernel32.dll.SwitchToThread",
2521. "sechost.dll.LookupAccountNameLocalW",
2522. "advapi32.dll.LookupAccountSidW",
2523. "sechost.dll.LookupAccountSidLocalW",
2524. "sspicli.dll.GetUserNameExW",
2525. "shlwapi.dll.PathFindFileNameW",
2526. "advapi32.dll.WmiMofEnumerateResourcesW",
2527. "advapi32.dll.WmiFreeBuffer",
2528. "advapi32.dll.WmiCloseBlock",
2529. "propsys.dll.PropVariantToVariant",
2530. "wbemcore.dll.Shutdown",
2531. "kernel32.dll.LocaleNameToLCID",
2532. "kernel32.dll.GetLocaleInfoEx",
2533. "kernel32.dll.LCIDToLocaleName",
2534. "kernel32.dll.GetSystemDefaultLocaleName",
2535. "fastprox.dll.DllGetClassObject",
2536. "fastprox.dll.DllCanUnloadNow",
2537. "oleaut32.dll.#283",
2538. "oleaut32.dll.#284",
2539. "kernel32.dll.RegOpenKeyExW",
2540. "psapi.dll.EnumProcesses",
2541. "ole32.dll.CoGetClassObject",
2542. "ole32.dll.CoGetMarshalSizeMax",
2543. "ole32.dll.CoMarshalInterface",
2544. "ole32.dll.CoUnmarshalInterface",
2545. "ole32.dll.StringFromIID",
2546. "ole32.dll.CoGetPSClsid",
2547. "ole32.dll.CoReleaseMarshalData",
2548. "ole32.dll.DcomChannelSetHResult",
2549. "vssapi.dll.CreateWriter",
2550. "advapi32.dll.LookupAccountNameW",
2551. "samcli.dll.NetLocalGroupGetMembers",
2552. "samlib.dll.SamConnect",
2553. "rpcrt4.dll.NdrClientCall3",
2554. "rpcrt4.dll.RpcStringBindingComposeW",
2555. "rpcrt4.dll.RpcBindingFromStringBindingW",
2556. "rpcrt4.dll.RpcStringFreeW",
2557. "rpcrt4.dll.RpcBindingFree",
2558. "samlib.dll.SamOpenDomain",
2559. "samlib.dll.SamLookupNamesInDomain",
2560. "samlib.dll.SamOpenAlias",
2561. "samlib.dll.SamFreeMemory",
2562. "samlib.dll.SamCloseHandle",
2563. "samlib.dll.SamGetMembersInAlias",
2564. "samlib.dll.SamEnumerateDomainsInSamServer",
2565. "samlib.dll.SamLookupDomainInSamServer",
2566. "ole32.dll.StringFromCLSID",
2567. "oleaut32.dll.#4",
2568. "oleaut32.dll.#7",
2569. "propsys.dll.VariantToPropVariant",
2570. "wbemcore.dll.Reinitialize",
2571. "wbemsvc.dll.DllGetClassObject",
2572. "wbemsvc.dll.DllCanUnloadNow",
2573. "authz.dll.AuthzInitializeContextFromToken",
2574. "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
2575. "authz.dll.AuthzAccessCheck",
2576. "authz.dll.AuthzFreeAuditEvent",
2577. "authz.dll.AuthzFreeContext",
2578. "authz.dll.AuthzInitializeResourceManager",
2579. "authz.dll.AuthzFreeResourceManager",
2580. "rpcrt4.dll.RpcBindingCreateW",
2581. "rpcrt4.dll.RpcBindingBind",
2582. "rpcrt4.dll.I_RpcMapWin32Status",
2583. "advapi32.dll.EventRegister",
2584. "advapi32.dll.EventUnregister",
2585. "advapi32.dll.EventWrite",
2586. "kernel32.dll.RegCloseKey",
2587. "kernel32.dll.RegSetValueExW",
2588. "kernel32.dll.RegQueryValueExW",
2589. "wmisvc.dll.IsImproperShutdownDetected",
2590. "wevtapi.dll.EvtRender",
2591. "wevtapi.dll.EvtNext",
2592. "wevtapi.dll.EvtClose",
2593. "wevtapi.dll.EvtQuery",
2594. "wevtapi.dll.EvtCreateRenderContext",
2595. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
2596. "rpcrt4.dll.RpcBindingSetOption",
2597. "ole32.dll.CoCreateFreeThreadedMarshaler",
2598. "ole32.dll.CreateStreamOnHGlobal",
2599. "advapi32.dll.RegCreateKeyExW",
2600. "kernelbase.dll.InitializeAcl",
2601. "kernelbase.dll.AddAce",
2602. "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2603. "kernel32.dll.IsThreadAFiber",
2604. "kernel32.dll.OpenProcessToken",
2605. "kernelbase.dll.GetTokenInformation",
2606. "kernelbase.dll.DuplicateTokenEx",
2607. "kernelbase.dll.AdjustTokenPrivileges",
2608. "kernelbase.dll.AllocateAndInitializeSid",
2609. "kernelbase.dll.CheckTokenMembership",
2610. "oleaut32.dll.#285",
2611. "advapi32.dll.RegOpenKeyW",
2612. "kernel32.dll.SetThreadToken",
2613. "ole32.dll.CLSIDFromString",
2614. "oleaut32.dll.#17",
2615. "oleaut32.dll.#20",
2616. "oleaut32.dll.#19",
2617. "oleaut32.dll.#25",
2618. "oleaut32.dll.#286",
2619. "authz.dll.AuthzInitializeContextFromSid",
2620. "ole32.dll.CoGetCallContext",
2621. "ole32.dll.CoImpersonateClient",
2622. "ole32.dll.CoRevertToSelf",
2623. "oleaut32.dll.#8",
2624. "ole32.dll.CoSwitchCallContext"
2625. ]
2626.  
2627. [*] Static Analysis: {
2628. "pe": {
2629. "peid_signatures": null,
2630. "imports": [
2631. {
2632. "imports": [
2633. {
2634. "name": "GetCommandLineA",
2635. "address": "0x448130"
2636. },
2637. {
2638. "name": "TerminateProcess",
2639. "address": "0x448134"
2640. },
2641. {
2642. "name": "HeapReAlloc",
2643. "address": "0x448138"
2644. },
2645. {
2646. "name": "HeapSize",
2647. "address": "0x44813c"
2648. },
2649. {
2650. "name": "HeapDestroy",
2651. "address": "0x448140"
2652. },
2653. {
2654. "name": "HeapCreate",
2655. "address": "0x448144"
2656. },
2657. {
2658. "name": "VirtualFree",
2659. "address": "0x448148"
2660. },
2661. {
2662. "name": "IsBadWritePtr",
2663. "address": "0x44814c"
2664. },
2665. {
2666. "name": "QueryPerformanceCounter",
2667. "address": "0x448150"
2668. },
2669. {
2670. "name": "GetCurrentProcessId",
2671. "address": "0x448154"
2672. },
2673. {
2674. "name": "SetUnhandledExceptionFilter",
2675. "address": "0x448158"
2676. },
2677. {
2678. "name": "GetTimeZoneInformation",
2679. "address": "0x44815c"
2680. },
2681. {
2682. "name": "GetStdHandle",
2683. "address": "0x448160"
2684. },
2685. {
2686. "name": "UnhandledExceptionFilter",
2687. "address": "0x448164"
2688. },
2689. {
2690. "name": "FreeEnvironmentStringsA",
2691. "address": "0x448168"
2692. },
2693. {
2694. "name": "GetEnvironmentStrings",
2695. "address": "0x44816c"
2696. },
2697. {
2698. "name": "GetStartupInfoA",
2699. "address": "0x448170"
2700. },
2701. {
2702. "name": "GetEnvironmentStringsW",
2703. "address": "0x448174"
2704. },
2705. {
2706. "name": "SetHandleCount",
2707. "address": "0x448178"
2708. },
2709. {
2710. "name": "GetFileType",
2711. "address": "0x44817c"
2712. },
2713. {
2714. "name": "LCMapStringA",
2715. "address": "0x448180"
2716. },
2717. {
2718. "name": "LCMapStringW",
2719. "address": "0x448184"
2720. },
2721. {
2722. "name": "GetStringTypeA",
2723. "address": "0x448188"
2724. },
2725. {
2726. "name": "GetStringTypeW",
2727. "address": "0x44818c"
2728. },
2729. {
2730. "name": "IsBadReadPtr",
2731. "address": "0x448190"
2732. },
2733. {
2734. "name": "IsBadCodePtr",
2735. "address": "0x448194"
2736. },
2737. {
2738. "name": "GetUserDefaultLCID",
2739. "address": "0x448198"
2740. },
2741. {
2742. "name": "EnumSystemLocalesA",
2743. "address": "0x44819c"
2744. },
2745. {
2746. "name": "IsValidLocale",
2747. "address": "0x4481a0"
2748. },
2749. {
2750. "name": "IsValidCodePage",
2751. "address": "0x4481a4"
2752. },
2753. {
2754. "name": "SetStdHandle",
2755. "address": "0x4481a8"
2756. },
2757. {
2758. "name": "SetEnvironmentVariableA",
2759. "address": "0x4481ac"
2760. },
2761. {
2762. "name": "GetLocaleInfoW",
2763. "address": "0x4481b0"
2764. },
2765. {
2766. "name": "HeapFree",
2767. "address": "0x4481b4"
2768. },
2769. {
2770. "name": "VirtualQuery",
2771. "address": "0x4481b8"
2772. },
2773. {
2774. "name": "GetSystemInfo",
2775. "address": "0x4481bc"
2776. },
2777. {
2778. "name": "VirtualAlloc",
2779. "address": "0x4481c0"
2780. },
2781. {
2782. "name": "VirtualProtect",
2783. "address": "0x4481c4"
2784. },
2785. {
2786. "name": "GetSystemTimeAsFileTime",
2787. "address": "0x4481c8"
2788. },
2789. {
2790. "name": "ExitProcess",
2791. "address": "0x4481cc"
2792. },
2793. {
2794. "name": "RtlUnwind",
2795. "address": "0x4481d0"
2796. },
2797. {
2798. "name": "HeapAlloc",
2799. "address": "0x4481d4"
2800. },
2801. {
2802. "name": "SetErrorMode",
2803. "address": "0x4481d8"
2804. },
2805. {
2806. "name": "LocalFileTimeToFileTime",
2807. "address": "0x4481dc"
2808. },
2809. {
2810. "name": "FileTimeToLocalFileTime",
2811. "address": "0x4481e0"
2812. },
2813. {
2814. "name": "GetOEMCP",
2815. "address": "0x4481e4"
2816. },
2817. {
2818. "name": "GetCPInfo",
2819. "address": "0x4481e8"
2820. },
2821. {
2822. "name": "GetShortPathNameA",
2823. "address": "0x4481ec"
2824. },
2825. {
2826. "name": "CreateFileA",
2827. "address": "0x4481f0"
2828. },
2829. {
2830. "name": "GetVolumeInformationA",
2831. "address": "0x4481f4"
2832. },
2833. {
2834. "name": "FindFirstFileA",
2835. "address": "0x4481f8"
2836. },
2837. {
2838. "name": "FindClose",
2839. "address": "0x4481fc"
2840. },
2841. {
2842. "name": "GetCurrentProcess",
2843. "address": "0x448200"
2844. },
2845. {
2846. "name": "DuplicateHandle",
2847. "address": "0x448204"
2848. },
2849. {
2850. "name": "GetFileSize",
2851. "address": "0x448208"
2852. },
2853. {
2854. "name": "SetEndOfFile",
2855. "address": "0x44820c"
2856. },
2857. {
2858. "name": "UnlockFile",
2859. "address": "0x448210"
2860. },
2861. {
2862. "name": "LockFile",
2863. "address": "0x448214"
2864. },
2865. {
2866. "name": "FlushFileBuffers",
2867. "address": "0x448218"
2868. },
2869. {
2870. "name": "SetFilePointer",
2871. "address": "0x44821c"
2872. },
2873. {
2874. "name": "WriteFile",
2875. "address": "0x448220"
2876. },
2877. {
2878. "name": "ReadFile",
2879. "address": "0x448224"
2880. },
2881. {
2882. "name": "DeleteFileA",
2883. "address": "0x448228"
2884. },
2885. {
2886. "name": "MoveFileA",
2887. "address": "0x44822c"
2888. },
2889. {
2890. "name": "TlsFree",
2891. "address": "0x448230"
2892. },
2893. {
2894. "name": "LocalReAlloc",
2895. "address": "0x448234"
2896. },
2897. {
2898. "name": "TlsSetValue",
2899. "address": "0x448238"
2900. },
2901. {
2902. "name": "TlsAlloc",
2903. "address": "0x44823c"
2904. },
2905. {
2906. "name": "TlsGetValue",
2907. "address": "0x448240"
2908. },
2909. {
2910. "name": "EnterCriticalSection",
2911. "address": "0x448244"
2912. },
2913. {
2914. "name": "GlobalHandle",
2915. "address": "0x448248"
2916. },
2917. {
2918. "name": "GlobalReAlloc",
2919. "address": "0x44824c"
2920. },
2921. {
2922. "name": "LeaveCriticalSection",
2923. "address": "0x448250"
2924. },
2925. {
2926. "name": "LocalAlloc",
2927. "address": "0x448254"
2928. },
2929. {
2930. "name": "InterlockedIncrement",
2931. "address": "0x448258"
2932. },
2933. {
2934. "name": "GetCurrentDirectoryA",
2935. "address": "0x44825c"
2936. },
2937. {
2938. "name": "GlobalFlags",
2939. "address": "0x448260"
2940. },
2941. {
2942. "name": "InterlockedDecrement",
2943. "address": "0x448264"
2944. },
2945. {
2946. "name": "SystemTimeToFileTime",
2947. "address": "0x448268"
2948. },
2949. {
2950. "name": "FileTimeToSystemTime",
2951. "address": "0x44826c"
2952. },
2953. {
2954. "name": "SetLastError",
2955. "address": "0x448270"
2956. },
2957. {
2958. "name": "MulDiv",
2959. "address": "0x448274"
2960. },
2961. {
2962. "name": "FormatMessageA",
2963. "address": "0x448278"
2964. },
2965. {
2966. "name": "LocalFree",
2967. "address": "0x44827c"
2968. },
2969. {
2970. "name": "GetDiskFreeSpaceA",
2971. "address": "0x448280"
2972. },
2973. {
2974. "name": "GetFullPathNameA",
2975. "address": "0x448284"
2976. },
2977. {
2978. "name": "GetTempFileNameA",
2979. "address": "0x448288"
2980. },
2981. {
2982. "name": "GetFileTime",
2983. "address": "0x44828c"
2984. },
2985. {
2986. "name": "SetFileTime",
2987. "address": "0x448290"
2988. },
2989. {
2990. "name": "GetFileAttributesA",
2991. "address": "0x448294"
2992. },
2993. {
2994. "name": "GlobalGetAtomNameA",
2995. "address": "0x448298"
2996. },
2997. {
2998. "name": "GlobalFindAtomA",
2999. "address": "0x44829c"
3000. },
3001. {
3002. "name": "lstrcatA",
3003. "address": "0x4482a0"
3004. },
3005. {
3006. "name": "lstrcmpW",
3007. "address": "0x4482a4"
3008. },
3009. {
3010. "name": "GetTickCount",
3011. "address": "0x4482a8"
3012. },
3013. {
3014. "name": "GetPrivateProfileStringA",
3015. "address": "0x4482ac"
3016. },
3017. {
3018. "name": "WritePrivateProfileStringA",
3019. "address": "0x4482b0"
3020. },
3021. {
3022. "name": "GetPrivateProfileIntA",
3023. "address": "0x4482b4"
3024. },
3025. {
3026. "name": "lstrcpynA",
3027. "address": "0x4482b8"
3028. },
3029. {
3030. "name": "CloseHandle",
3031. "address": "0x4482bc"
3032. },
3033. {
3034. "name": "GlobalAddAtomA",
3035. "address": "0x4482c0"
3036. },
3037. {
3038. "name": "GetCurrentThread",
3039. "address": "0x4482c4"
3040. },
3041. {
3042. "name": "GetCurrentThreadId",
3043. "address": "0x4482c8"
3044. },
3045. {
3046. "name": "GlobalAlloc",
3047. "address": "0x4482cc"
3048. },
3049. {
3050. "name": "FreeLibrary",
3051. "address": "0x4482d0"
3052. },
3053. {
3054. "name": "GlobalDeleteAtom",
3055. "address": "0x4482d4"
3056. },
3057. {
3058. "name": "lstrcmpA",
3059. "address": "0x4482d8"
3060. },
3061. {
3062. "name": "GetModuleFileNameA",
3063. "address": "0x4482dc"
3064. },
3065. {
3066. "name": "GetModuleHandleA",
3067. "address": "0x4482e0"
3068. },
3069. {
3070. "name": "ConvertDefaultLocale",
3071. "address": "0x4482e4"
3072. },
3073. {
3074. "name": "EnumResourceLanguagesA",
3075. "address": "0x4482e8"
3076. },
3077. {
3078. "name": "lstrcpyA",
3079. "address": "0x4482ec"
3080. },
3081. {
3082. "name": "GlobalLock",
3083. "address": "0x4482f0"
3084. },
3085. {
3086. "name": "GlobalUnlock",
3087. "address": "0x4482f4"
3088. },
3089. {
3090. "name": "GlobalFree",
3091. "address": "0x4482f8"
3092. },
3093. {
3094. "name": "FreeResource",
3095. "address": "0x4482fc"
3096. },
3097. {
3098. "name": "RaiseException",
3099. "address": "0x448300"
3100. },
3101. {
3102. "name": "DeleteCriticalSection",
3103. "address": "0x448304"
3104. },
3105. {
3106. "name": "InitializeCriticalSection",
3107. "address": "0x448308"
3108. },
3109. {
3110. "name": "GetLastError",
3111. "address": "0x44830c"
3112. },
3113. {
3114. "name": "lstrlenA",
3115. "address": "0x448310"
3116. },
3117. {
3118. "name": "lstrcmpiA",
3119. "address": "0x448314"
3120. },
3121. {
3122. "name": "GetStringTypeExA",
3123. "address": "0x448318"
3124. },
3125. {
3126. "name": "CompareStringA",
3127. "address": "0x44831c"
3128. },
3129. {
3130. "name": "CompareStringW",
3131. "address": "0x448320"
3132. },
3133. {
3134. "name": "MultiByteToWideChar",
3135. "address": "0x448324"
3136. },
3137. {
3138. "name": "GetVersion",
3139. "address": "0x448328"
3140. },
3141. {
3142. "name": "WideCharToMultiByte",
3143. "address": "0x44832c"
3144. },
3145. {
3146. "name": "LoadResource",
3147. "address": "0x448330"
3148. },
3149. {
3150. "name": "LockResource",
3151. "address": "0x448334"
3152. },
3153. {
3154. "name": "SizeofResource",
3155. "address": "0x448338"
3156. },
3157. {
3158. "name": "FindResourceA",
3159. "address": "0x44833c"
3160. },
3161. {
3162. "name": "GetThreadLocale",
3163. "address": "0x448340"
3164. },
3165. {
3166. "name": "GetLocaleInfoA",
3167. "address": "0x448344"
3168. },
3169. {
3170. "name": "GetACP",
3171. "address": "0x448348"
3172. },
3173. {
3174. "name": "InterlockedExchange",
3175. "address": "0x44834c"
3176. },
3177. {
3178. "name": "GetVersionExA",
3179. "address": "0x448350"
3180. },
3181. {
3182. "name": "LoadLibraryA",
3183. "address": "0x448354"
3184. },
3185. {
3186. "name": "FreeEnvironmentStringsW",
3187. "address": "0x448358"
3188. },
3189. {
3190. "name": "GetProcAddress",
3191. "address": "0x44835c"
3192. }
3193. ],
3194. "dll": "KERNEL32.dll"
3195. },
3196. {
3197. "imports": [
3198. {
3199. "name": "LockWindowUpdate",
3200. "address": "0x4483cc"
3201. },
3202. {
3203. "name": "RegisterWindowMessageA",
3204. "address": "0x4483d0"
3205. },
3206. {
3207. "name": "WinHelpA",
3208. "address": "0x4483d4"
3209. },
3210. {
3211. "name": "GetCapture",
3212. "address": "0x4483d8"
3213. },
3214. {
3215. "name": "CreateWindowExA",
3216. "address": "0x4483dc"
3217. },
3218. {
3219. "name": "GetClassLongA",
3220. "address": "0x4483e0"
3221. },
3222. {
3223. "name": "GetClassInfoExA",
3224. "address": "0x4483e4"
3225. },
3226. {
3227. "name": "GetClassNameA",
3228. "address": "0x4483e8"
3229. },
3230. {
3231. "name": "SetPropA",
3232. "address": "0x4483ec"
3233. },
3234. {
3235. "name": "GetPropA",
3236. "address": "0x4483f0"
3237. },
3238. {
3239. "name": "RemovePropA",
3240. "address": "0x4483f4"
3241. },
3242. {
3243. "name": "IsChild",
3244. "address": "0x4483f8"
3245. },
3246. {
3247. "name": "GetForegroundWindow",
3248. "address": "0x4483fc"
3249. },
3250. {
3251. "name": "BeginDeferWindowPos",
3252. "address": "0x448400"
3253. },
3254. {
3255. "name": "EndDeferWindowPos",
3256. "address": "0x448404"
3257. },
3258. {
3259. "name": "GetTopWindow",
3260. "address": "0x448408"
3261. },
3262. {
3263. "name": "UnhookWindowsHookEx",
3264. "address": "0x44840c"
3265. },
3266. {
3267. "name": "GetMessageTime",
3268. "address": "0x448410"
3269. },
3270. {
3271. "name": "GetMessagePos",
3272. "address": "0x448414"
3273. },
3274. {
3275. "name": "LoadIconA",
3276. "address": "0x448418"
3277. },
3278. {
3279. "name": "MapWindowPoints",
3280. "address": "0x44841c"
3281. },
3282. {
3283. "name": "ScrollWindow",
3284. "address": "0x448420"
3285. },
3286. {
3287. "name": "TrackPopupMenu",
3288. "address": "0x448424"
3289. },
3290. {
3291. "name": "SetScrollRange",
3292. "address": "0x448428"
3293. },
3294. {
3295. "name": "GetScrollRange",
3296. "address": "0x44842c"
3297. },
3298. {
3299. "name": "SetScrollPos",
3300. "address": "0x448430"
3301. },
3302. {
3303. "name": "GetScrollPos",
3304. "address": "0x448434"
3305. },
3306. {
3307. "name": "SetForegroundWindow",
3308. "address": "0x448438"
3309. },
3310. {
3311. "name": "ShowScrollBar",
3312. "address": "0x44843c"
3313. },
3314. {
3315. "name": "GetClientRect",
3316. "address": "0x448440"
3317. },
3318. {
3319. "name": "GetMenu",
3320. "address": "0x448444"
3321. },
3322. {
3323. "name": "GetSubMenu",
3324. "address": "0x448448"
3325. },
3326. {
3327. "name": "GetMenuItemID",
3328. "address": "0x44844c"
3329. },
3330. {
3331. "name": "GetMenuItemCount",
3332. "address": "0x448450"
3333. },
3334. {
3335. "name": "GetSysColor",
3336. "address": "0x448454"
3337. },
3338. {
3339. "name": "AdjustWindowRectEx",
3340. "address": "0x448458"
3341. },
3342. {
3343. "name": "ScreenToClient",
3344. "address": "0x44845c"
3345. },
3346. {
3347. "name": "EqualRect",
3348. "address": "0x448460"
3349. },
3350. {
3351. "name": "DeferWindowPos",
3352. "address": "0x448464"
3353. },
3354. {
3355. "name": "GetScrollInfo",
3356. "address": "0x448468"
3357. },
3358. {
3359. "name": "SetScrollInfo",
3360. "address": "0x44846c"
3361. },
3362. {
3363. "name": "GetClassInfoA",
3364. "address": "0x448470"
3365. },
3366. {
3367. "name": "RegisterClassA",
3368. "address": "0x448474"
3369. },
3370. {
3371. "name": "DefWindowProcA",
3372. "address": "0x448478"
3373. },
3374. {
3375. "name": "CallWindowProcA",
3376. "address": "0x44847c"
3377. },
3378. {
3379. "name": "OffsetRect",
3380. "address": "0x448480"
3381. },
3382. {
3383. "name": "IntersectRect",
3384. "address": "0x448484"
3385. },
3386. {
3387. "name": "SystemParametersInfoA",
3388. "address": "0x448488"
3389. },
3390. {
3391. "name": "IsIconic",
3392. "address": "0x44848c"
3393. },
3394. {
3395. "name": "GetWindowPlacement",
3396. "address": "0x448490"
3397. },
3398. {
3399. "name": "GetWindowRect",
3400. "address": "0x448494"
3401. },
3402. {
3403. "name": "CopyRect",
3404. "address": "0x448498"
3405. },
3406. {
3407. "name": "PtInRect",
3408. "address": "0x44849c"
3409. },
3410. {
3411. "name": "RegisterClipboardFormatA",
3412. "address": "0x4484a0"
3413. },
3414. {
3415. "name": "GetWindow",
3416. "address": "0x4484a4"
3417. },
3418. {
3419. "name": "SetWindowContextHelpId",
3420. "address": "0x4484a8"
3421. },
3422. {
3423. "name": "MapDialogRect",
3424. "address": "0x4484ac"
3425. },
3426. {
3427. "name": "wsprintfA",
3428. "address": "0x4484b0"
3429. },
3430. {
3431. "name": "SetRect",
3432. "address": "0x4484b4"
3433. },
3434. {
3435. "name": "GetWindowTextA",
3436. "address": "0x4484b8"
3437. },
3438. {
3439. "name": "SetWindowPos",
3440. "address": "0x4484bc"
3441. },
3442. {
3443. "name": "SetFocus",
3444. "address": "0x4484c0"
3445. },
3446. {
3447. "name": "ShowWindow",
3448. "address": "0x4484c4"
3449. },
3450. {
3451. "name": "MoveWindow",
3452. "address": "0x4484c8"
3453. },
3454. {
3455. "name": "GetDCEx",
3456. "address": "0x4484cc"
3457. },
3458. {
3459. "name": "GetDlgCtrlID",
3460. "address": "0x4484d0"
3461. },
3462. {
3463. "name": "SetWindowTextA",
3464. "address": "0x4484d4"
3465. },
3466. {
3467. "name": "IsDialogMessageA",
3468. "address": "0x4484d8"
3469. },
3470. {
3471. "name": "IsDlgButtonChecked",
3472. "address": "0x4484dc"
3473. },
3474. {
3475. "name": "SendDlgItemMessageA",
3476. "address": "0x4484e0"
3477. },
3478. {
3479. "name": "SetMenuItemBitmaps",
3480. "address": "0x4484e4"
3481. },
3482. {
3483. "name": "GetFocus",
3484. "address": "0x4484e8"
3485. },
3486. {
3487. "name": "ModifyMenuA",
3488. "address": "0x4484ec"
3489. },
3490. {
3491. "name": "GetMenuState",
3492. "address": "0x4484f0"
3493. },
3494. {
3495. "name": "EnableMenuItem",
3496. "address": "0x4484f4"
3497. },
3498. {
3499. "name": "CheckMenuItem",
3500. "address": "0x4484f8"
3501. },
3502. {
3503. "name": "GetMenuCheckMarkDimensions",
3504. "address": "0x4484fc"
3505. },
3506. {
3507. "name": "LoadBitmapA",
3508. "address": "0x448500"
3509. },
3510. {
3511. "name": "SetWindowsHookExA",
3512. "address": "0x448504"
3513. },
3514. {
3515. "name": "CallNextHookEx",
3516. "address": "0x448508"
3517. },
3518. {
3519. "name": "GetMessageA",
3520. "address": "0x44850c"
3521. },
3522. {
3523. "name": "TranslateMessage",
3524. "address": "0x448510"
3525. },
3526. {
3527. "name": "DispatchMessageA",
3528. "address": "0x448514"
3529. },
3530. {
3531. "name": "IsWindowVisible",
3532. "address": "0x448518"
3533. },
3534. {
3535. "name": "GetKeyState",
3536. "address": "0x44851c"
3537. },
3538. {
3539. "name": "PeekMessageA",
3540. "address": "0x448520"
3541. },
3542. {
3543. "name": "GetCursorPos",
3544. "address": "0x448524"
3545. },
3546. {
3547. "name": "ValidateRect",
3548. "address": "0x448528"
3549. },
3550. {
3551. "name": "CharNextA",
3552. "address": "0x44852c"
3553. },
3554. {
3555. "name": "DestroyIcon",
3556. "address": "0x448530"
3557. },
3558. {
3559. "name": "GetSysColorBrush",
3560. "address": "0x448534"
3561. },
3562. {
3563. "name": "EndPaint",
3564. "address": "0x448538"
3565. },
3566. {
3567. "name": "BeginPaint",
3568. "address": "0x44853c"
3569. },
3570. {
3571. "name": "GetWindowDC",
3572. "address": "0x448540"
3573. },
3574. {
3575. "name": "GrayStringA",
3576. "address": "0x448544"
3577. },
3578. {
3579. "name": "DrawTextExA",
3580. "address": "0x448548"
3581. },
3582. {
3583. "name": "DrawTextA",
3584. "address": "0x44854c"
3585. },
3586. {
3587. "name": "TabbedTextOutA",
3588. "address": "0x448550"
3589. },
3590. {
3591. "name": "SetParent",
3592. "address": "0x448554"
3593. },
3594. {
3595. "name": "GetSystemMenu",
3596. "address": "0x448558"
3597. },
3598. {
3599. "name": "DeleteMenu",
3600. "address": "0x44855c"
3601. },
3602. {
3603. "name": "MessageBoxA",
3604. "address": "0x448560"
3605. },
3606. {
3607. "name": "GetLastActivePopup",
3608. "address": "0x448564"
3609. },
3610. {
3611. "name": "ShowOwnedPopups",
3612. "address": "0x448568"
3613. },
3614. {
3615. "name": "SetCursor",
3616. "address": "0x44856c"
3617. },
3618. {
3619. "name": "PostMessageA",
3620. "address": "0x448570"
3621. },
3622. {
3623. "name": "PostQuitMessage",
3624. "address": "0x448574"
3625. },
3626. {
3627. "name": "GetDesktopWindow",
3628. "address": "0x448578"
3629. },
3630. {
3631. "name": "GetActiveWindow",
3632. "address": "0x44857c"
3633. },
3634. {
3635. "name": "SetActiveWindow",
3636. "address": "0x448580"
3637. },
3638. {
3639. "name": "GetSystemMetrics",
3640. "address": "0x448584"
3641. },
3642. {
3643. "name": "CreateDialogIndirectParamA",
3644. "address": "0x448588"
3645. },
3646. {
3647. "name": "DestroyWindow",
3648. "address": "0x44858c"
3649. },
3650. {
3651. "name": "IsWindow",
3652. "address": "0x448590"
3653. },
3654. {
3655. "name": "GetWindowLongA",
3656. "address": "0x448594"
3657. },
3658. {
3659. "name": "GetDlgItem",
3660. "address": "0x448598"
3661. },
3662. {
3663. "name": "WindowFromPoint",
3664. "address": "0x44859c"
3665. },
3666. {
3667. "name": "GetMenuItemInfoA",
3668. "address": "0x4485a0"
3669. },
3670. {
3671. "name": "InflateRect",
3672. "address": "0x4485a4"
3673. },
3674. {
3675. "name": "IsWindowEnabled",
3676. "address": "0x4485a8"
3677. },
3678. {
3679. "name": "GetParent",
3680. "address": "0x4485ac"
3681. },
3682. {
3683. "name": "GetNextDlgTabItem",
3684. "address": "0x4485b0"
3685. },
3686. {
3687. "name": "EndDialog",
3688. "address": "0x4485b4"
3689. },
3690. {
3691. "name": "UnregisterClassA",
3692. "address": "0x4485b8"
3693. },
3694. {
3695. "name": "CharUpperA",
3696. "address": "0x4485bc"
3697. },
3698. {
3699. "name": "SendMessageA",
3700. "address": "0x4485c0"
3701. },
3702. {
3703. "name": "EnableWindow",
3704. "address": "0x4485c4"
3705. },
3706. {
3707. "name": "UpdateWindow",
3708. "address": "0x4485c8"
3709. },
3710. {
3711. "name": "PostThreadMessageA",
3712. "address": "0x4485cc"
3713. },
3714. {
3715. "name": "MessageBeep",
3716. "address": "0x4485d0"
3717. },
3718. {
3719. "name": "GetNextDlgGroupItem",
3720. "address": "0x4485d4"
3721. },
3722. {
3723. "name": "InvalidateRgn",
3724. "address": "0x4485d8"
3725. },
3726. {
3727. "name": "SetWindowLongA",
3728. "address": "0x4485dc"
3729. },
3730. {
3731. "name": "CopyAcceleratorTableA",
3732. "address": "0x4485e0"
3733. },
3734. {
3735. "name": "GetDC",
3736. "address": "0x4485e4"
3737. },
3738. {
3739. "name": "ReleaseDC",
3740. "address": "0x4485e8"
3741. },
3742. {
3743. "name": "IsZoomed",
3744. "address": "0x4485ec"
3745. },
3746. {
3747. "name": "LoadMenuA",
3748. "address": "0x4485f0"
3749. },
3750. {
3751. "name": "DestroyMenu",
3752. "address": "0x4485f4"
3753. },
3754. {
3755. "name": "UnpackDDElParam",
3756. "address": "0x4485f8"
3757. },
3758. {
3759. "name": "ReuseDDElParam",
3760. "address": "0x4485fc"
3761. },
3762. {
3763. "name": "LoadAcceleratorsA",
3764. "address": "0x448600"
3765. },
3766. {
3767. "name": "InsertMenuItemA",
3768. "address": "0x448604"
3769. },
3770. {
3771. "name": "CreatePopupMenu",
3772. "address": "0x448608"
3773. },
3774. {
3775. "name": "SetRectEmpty",
3776. "address": "0x44860c"
3777. },
3778. {
3779. "name": "BringWindowToTop",
3780. "address": "0x448610"
3781. },
3782. {
3783. "name": "SetMenu",
3784. "address": "0x448614"
3785. },
3786. {
3787. "name": "TranslateAcceleratorA",
3788. "address": "0x448618"
3789. },
3790. {
3791. "name": "ReleaseCapture",
3792. "address": "0x44861c"
3793. },
3794. {
3795. "name": "LoadCursorA",
3796. "address": "0x448620"
3797. },
3798. {
3799. "name": "SetCapture",
3800. "address": "0x448624"
3801. },
3802. {
3803. "name": "KillTimer",
3804. "address": "0x448628"
3805. },
3806. {
3807. "name": "SetTimer",
3808. "address": "0x44862c"
3809. },
3810. {
3811. "name": "InvalidateRect",
3812. "address": "0x448630"
3813. },
3814. {
3815. "name": "ClientToScreen",
3816. "address": "0x448634"
3817. },
3818. {
3819. "name": "SetWindowRgn",
3820. "address": "0x448638"
3821. },
3822. {
3823. "name": "DrawIcon",
3824. "address": "0x44863c"
3825. },
3826. {
3827. "name": "FillRect",
3828. "address": "0x448640"
3829. },
3830. {
3831. "name": "IsRectEmpty",
3832. "address": "0x448644"
3833. },
3834. {
3835. "name": "FindWindowA",
3836. "address": "0x448648"
3837. },
3838. {
3839. "name": "GetMenuStringA",
3840. "address": "0x44864c"
3841. },
3842. {
3843. "name": "GetWindowTextLengthA",
3844. "address": "0x448650"
3845. },
3846. {
3847. "name": "InsertMenuA",
3848. "address": "0x448654"
3849. },
3850. {
3851. "name": "AppendMenuA",
3852. "address": "0x448658"
3853. }
3854. ],
3855. "dll": "USER32.dll"
3856. },
3857. {
3858. "imports": [
3859. {
3860. "name": "SetMapMode",
3861. "address": "0x448050"
3862. },
3863. {
3864. "name": "ExcludeClipRect",
3865. "address": "0x448054"
3866. },
3867. {
3868. "name": "IntersectClipRect",
3869. "address": "0x448058"
3870. },
3871. {
3872. "name": "SelectClipRgn",
3873. "address": "0x44805c"
3874. },
3875. {
3876. "name": "CreateRectRgn",
3877. "address": "0x448060"
3878. },
3879. {
3880. "name": "GetViewportExtEx",
3881. "address": "0x448064"
3882. },
3883. {
3884. "name": "GetWindowExtEx",
3885. "address": "0x448068"
3886. },
3887. {
3888. "name": "BitBlt",
3889. "address": "0x44806c"
3890. },
3891. {
3892. "name": "GetPixel",
3893. "address": "0x448070"
3894. },
3895. {
3896. "name": "PtVisible",
3897. "address": "0x448074"
3898. },
3899. {
3900. "name": "RectVisible",
3901. "address": "0x448078"
3902. },
3903. {
3904. "name": "TextOutA",
3905. "address": "0x44807c"
3906. },
3907. {
3908. "name": "ExtTextOutA",
3909. "address": "0x448080"
3910. },
3911. {
3912. "name": "Escape",
3913. "address": "0x448084"
3914. },
3915. {
3916. "name": "SetViewportOrgEx",
3917. "address": "0x448088"
3918. },
3919. {
3920. "name": "OffsetViewportOrgEx",
3921. "address": "0x44808c"
3922. },
3923. {
3924. "name": "SetViewportExtEx",
3925. "address": "0x448090"
3926. },
3927. {
3928. "name": "ScaleViewportExtEx",
3929. "address": "0x448094"
3930. },
3931. {
3932. "name": "ScaleWindowExtEx",
3933. "address": "0x448098"
3934. },
3935. {
3936. "name": "ExtSelectClipRgn",
3937. "address": "0x44809c"
3938. },
3939. {
3940. "name": "CreatePatternBrush",
3941. "address": "0x4480a0"
3942. },
3943. {
3944. "name": "GetStockObject",
3945. "address": "0x4480a4"
3946. },
3947. {
3948. "name": "CreateSolidBrush",
3949. "address": "0x4480a8"
3950. },
3951. {
3952. "name": "CreateFontIndirectA",
3953. "address": "0x4480ac"
3954. },
3955. {
3956. "name": "GetBkColor",
3957. "address": "0x4480b0"
3958. },
3959. {
3960. "name": "GetTextColor",
3961. "address": "0x4480b4"
3962. },
3963. {
3964. "name": "CreateRectRgnIndirect",
3965. "address": "0x4480b8"
3966. },
3967. {
3968. "name": "GetRgnBox",
3969. "address": "0x4480bc"
3970. },
3971. {
3972. "name": "PatBlt",
3973. "address": "0x4480c0"
3974. },
3975. {
3976. "name": "SetRectRgn",
3977. "address": "0x4480c4"
3978. },
3979. {
3980. "name": "CombineRgn",
3981. "address": "0x4480c8"
3982. },
3983. {
3984. "name": "GetMapMode",
3985. "address": "0x4480cc"
3986. },
3987. {
3988. "name": "SetBkMode",
3989. "address": "0x4480d0"
3990. },
3991. {
3992. "name": "RestoreDC",
3993. "address": "0x4480d4"
3994. },
3995. {
3996. "name": "SaveDC",
3997. "address": "0x4480d8"
3998. },
3999. {
4000. "name": "CreateFontA",
4001. "address": "0x4480dc"
4002. },
4003. {
4004. "name": "GetCharWidthA",
4005. "address": "0x4480e0"
4006. },
4007. {
4008. "name": "DeleteObject",
4009. "address": "0x4480e4"
4010. },
4011. {
4012. "name": "StretchDIBits",
4013. "address": "0x4480e8"
4014. },
4015. {
4016. "name": "DeleteDC",
4017. "address": "0x4480ec"
4018. },
4019. {
4020. "name": "GetTextExtentPoint32A",
4021. "address": "0x4480f0"
4022. },
4023. {
4024. "name": "GetTextMetricsA",
4025. "address": "0x4480f4"
4026. },
4027. {
4028. "name": "SelectObject",
4029. "address": "0x4480f8"
4030. },
4031. {
4032. "name": "CreateCompatibleDC",
4033. "address": "0x4480fc"
4034. },
4035. {
4036. "name": "CreateCompatibleBitmap",
4037. "address": "0x448100"
4038. },
4039. {
4040. "name": "Ellipse",
4041. "address": "0x448104"
4042. },
4043. {
4044. "name": "LPtoDP",
4045. "address": "0x448108"
4046. },
4047. {
4048. "name": "CreateEllipticRgn",
4049. "address": "0x44810c"
4050. },
4051. {
4052. "name": "GetDeviceCaps",
4053. "address": "0x448110"
4054. },
4055. {
4056. "name": "GetObjectA",
4057. "address": "0x448114"
4058. },
4059. {
4060. "name": "SetBkColor",
4061. "address": "0x448118"
4062. },
4063. {
4064. "name": "SetTextColor",
4065. "address": "0x44811c"
4066. },
4067. {
4068. "name": "GetClipBox",
4069. "address": "0x448120"
4070. },
4071. {
4072. "name": "SetWindowExtEx",
4073. "address": "0x448124"
4074. },
4075. {
4076. "name": "CreateBitmap",
4077. "address": "0x448128"
4078. }
4079. ],
4080. "dll": "GDI32.dll"
4081. },
4082. {
4083. "imports": [
4084. {
4085. "name": "GetSaveFileNameA",
4086. "address": "0x448670"
4087. },
4088. {
4089. "name": "GetFileTitleA",
4090. "address": "0x448674"
4091. },
4092. {
4093. "name": "GetOpenFileNameA",
4094. "address": "0x448678"
4095. }
4096. ],
4097. "dll": "comdlg32.dll"
4098. },
4099. {
4100. "imports": [
4101. {
4102. "name": "OpenPrinterA",
4103. "address": "0x448660"
4104. },
4105. {
4106. "name": "DocumentPropertiesA",
4107. "address": "0x448664"
4108. },
4109. {
4110. "name": "ClosePrinter",
4111. "address": "0x448668"
4112. }
4113. ],
4114. "dll": "WINSPOOL.DRV"
4115. },
4116. {
4117. "imports": [
4118. {
4119. "name": "RegSetValueA",
4120. "address": "0x448000"
4121. },
4122. {
4123. "name": "RegQueryValueExA",
4124. "address": "0x448004"
4125. },
4126. {
4127. "name": "RegOpenKeyExA",
4128. "address": "0x448008"
4129. },
4130. {
4131. "name": "RegDeleteKeyA",
4132. "address": "0x44800c"
4133. },
4134. {
4135. "name": "RegEnumKeyA",
4136. "address": "0x448010"
4137. },
4138. {
4139. "name": "RegOpenKeyA",
4140. "address": "0x448014"
4141. },
4142. {
4143. "name": "RegQueryValueA",
4144. "address": "0x448018"
4145. },
4146. {
4147. "name": "RegCreateKeyExA",
4148. "address": "0x44801c"
4149. },
4150. {
4151. "name": "RegSetValueExA",
4152. "address": "0x448020"
4153. },
4154. {
4155. "name": "RegDeleteValueA",
4156. "address": "0x448024"
4157. },
4158. {
4159. "name": "SetFileSecurityA",
4160. "address": "0x448028"
4161. },
4162. {
4163. "name": "RegCreateKeyA",
4164. "address": "0x44802c"
4165. },
4166. {
4167. "name": "RegCloseKey",
4168. "address": "0x448030"
4169. },
4170. {
4171. "name": "GetFileSecurityA",
4172. "address": "0x448034"
4173. }
4174. ],
4175. "dll": "ADVAPI32.dll"
4176. },
4177. {
4178. "imports": [
4179. {
4180. "name": "DragFinish",
4181. "address": "0x44839c"
4182. },
4183. {
4184. "name": "DragQueryFileA",
4185. "address": "0x4483a0"
4186. },
4187. {
4188. "name": "ExtractIconA",
4189. "address": "0x4483a4"
4190. },
4191. {
4192. "name": "SHGetFileInfoA",
4193. "address": "0x4483a8"
4194. },
4195. {
4196. "name": "DragAcceptFiles",
4197. "address": "0x4483ac"
4198. }
4199. ],
4200. "dll": "SHELL32.dll"
4201. },
4202. {
4203. "imports": [
4204. {
4205. "name": null,
4206. "address": "0x44803c"
4207. },
4208. {
4209. "name": "ImageList_Draw",
4210. "address": "0x448040"
4211. },
4212. {
4213. "name": "ImageList_GetImageInfo",
4214. "address": "0x448044"
4215. },
4216. {
4217. "name": "ImageList_Destroy",
4218. "address": "0x448048"
4219. }
4220. ],
4221. "dll": "COMCTL32.dll"
4222. },
4223. {
4224. "imports": [
4225. {
4226. "name": "PathRemoveExtensionA",
4227. "address": "0x4483b4"
4228. },
4229. {
4230. "name": "PathFindFileNameA",
4231. "address": "0x4483b8"
4232. },
4233. {
4234. "name": "PathStripToRootA",
4235. "address": "0x4483bc"
4236. },
4237. {
4238. "name": "PathFindExtensionA",
4239. "address": "0x4483c0"
4240. },
4241. {
4242. "name": "PathIsUNCA",
4243. "address": "0x4483c4"
4244. }
4245. ],
4246. "dll": "SHLWAPI.dll"
4247. },
4248. {
4249. "imports": [
4250. {
4251. "name": null,
4252. "address": "0x4486c0"
4253. }
4254. ],
4255. "dll": "oledlg.dll"
4256. },
4257. {
4258. "imports": [
4259. {
4260. "name": "CoGetClassObject",
4261. "address": "0x448680"
4262. },
4263. {
4264. "name": "CoTaskMemAlloc",
4265. "address": "0x448684"
4266. },
4267. {
4268. "name": "StgOpenStorageOnILockBytes",
4269. "address": "0x448688"
4270. },
4271. {
4272. "name": "CoTaskMemFree",
4273. "address": "0x44868c"
4274. },
4275. {
4276. "name": "OleInitialize",
4277. "address": "0x448690"
4278. },
4279. {
4280. "name": "CoFreeUnusedLibraries",
4281. "address": "0x448694"
4282. },
4283. {
4284. "name": "OleUninitialize",
4285. "address": "0x448698"
4286. },
4287. {
4288. "name": "CLSIDFromString",
4289. "address": "0x44869c"
4290. },
4291. {
4292. "name": "CLSIDFromProgID",
4293. "address": "0x4486a0"
4294. },
4295. {
4296. "name": "StgCreateDocfileOnILockBytes",
4297. "address": "0x4486a4"
4298. },
4299. {
4300. "name": "CreateILockBytesOnHGlobal",
4301. "address": "0x4486a8"
4302. },
4303. {
4304. "name": "CoRevokeClassObject",
4305. "address": "0x4486ac"
4306. },
4307. {
4308. "name": "OleIsCurrentClipboard",
4309. "address": "0x4486b0"
4310. },
4311. {
4312. "name": "OleFlushClipboard",
4313. "address": "0x4486b4"
4314. },
4315. {
4316. "name": "CoRegisterMessageFilter",
4317. "address": "0x4486b8"
4318. }
4319. ],
4320. "dll": "ole32.dll"
4321. },
4322. {
4323. "imports": [
4324. {
4325. "name": "VariantTimeToSystemTime",
4326. "address": "0x448364"
4327. },
4328. {
4329. "name": "SysFreeString",
4330. "address": "0x448368"
4331. },
4332. {
4333. "name": "SysAllocStringLen",
4334. "address": "0x44836c"
4335. },
4336. {
4337. "name": "VariantClear",
4338. "address": "0x448370"
4339. },
4340. {
4341. "name": "VariantChangeType",
4342. "address": "0x448374"
4343. },
4344. {
4345. "name": "VariantInit",
4346. "address": "0x448378"
4347. },
4348. {
4349. "name": "SysStringLen",
4350. "address": "0x44837c"
4351. },
4352. {
4353. "name": "SysAllocStringByteLen",
4354. "address": "0x448380"
4355. },
4356. {
4357. "name": "VariantCopy",
4358. "address": "0x448384"
4359. },
4360. {
4361. "name": "SysAllocString",
4362. "address": "0x448388"
4363. },
4364. {
4365. "name": "OleCreateFontIndirect",
4366. "address": "0x44838c"
4367. },
4368. {
4369. "name": "SafeArrayDestroy",
4370. "address": "0x448390"
4371. },
4372. {
4373. "name": "SystemTimeToVariantTime",
4374. "address": "0x448394"
4375. }
4376. ],
4377. "dll": "OLEAUT32.dll"
4378. }
4379. ],
4380. "digital_signers": null,
4381. "exported_dll_name": null,
4382. "actual_checksum": "0x000a749d",
4383. "overlay": null,
4384. "imagebase": "0x00400000",
4385. "reported_checksum": "0x00000000",
4386. "icon_hash": null,
4387. "entrypoint": "0x00418c57",
4388. "timestamp": "2019-06-26 14:11:27",
4389. "osversion": "4.0",
4390. "sections": [
4391. {
4392. "name": ".text",
4393. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4394. "virtual_address": "0x00001000",
4395. "size_of_data": "0x00047000",
4396. "entropy": "6.52",
4397. "raw_address": "0x00001000",
4398. "virtual_size": "0x000468fb",
4399. "characteristics_raw": "0x60000020"
4400. },
4401. {
4402. "name": ".rdata",
4403. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
4404. "virtual_address": "0x00048000",
4405. "size_of_data": "0x0004b000",
4406. "entropy": "6.24",
4407. "raw_address": "0x00048000",
4408. "virtual_size": "0x0004ae26",
4409. "characteristics_raw": "0x40000040"
4410. },
4411. {
4412. "name": ".data",
4413. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4414. "virtual_address": "0x00093000",
4415. "size_of_data": "0x00003000",
4416. "entropy": "3.96",
4417. "raw_address": "0x00093000",
4418. "virtual_size": "0x00006094",
4419. "characteristics_raw": "0xc0000040"
4420. },
4421. {
4422. "name": ".rsrc",
4423. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
4424. "virtual_address": "0x0009a000",
4425. "size_of_data": "0x0000c000",
4426. "entropy": "4.94",
4427. "raw_address": "0x00096000",
4428. "virtual_size": "0x0000b578",
4429. "characteristics_raw": "0x40000040"
4430. }
4431. ],
4432. "resources": [],
4433. "dirents": [
4434. {
4435. "virtual_address": "0x00000000",
4436. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
4437. "size": "0x00000000"
4438. },
4439. {
4440. "virtual_address": "0x00090a48",
4441. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
4442. "size": "0x00000104"
4443. },
4444. {
4445. "virtual_address": "0x0009a000",
4446. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
4447. "size": "0x0000b578"
4448. },
4449. {
4450. "virtual_address": "0x00000000",
4451. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
4452. "size": "0x00000000"
4453. },
4454. {
4455. "virtual_address": "0x00000000",
4456. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
4457. "size": "0x00000000"
4458. },
4459. {
4460. "virtual_address": "0x00000000",
4461. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
4462. "size": "0x00000000"
4463. },
4464. {
4465. "virtual_address": "0x00000000",
4466. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
4467. "size": "0x00000000"
4468. },
4469. {
4470. "virtual_address": "0x00000000",
4471. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
4472. "size": "0x00000000"
4473. },
4474. {
4475. "virtual_address": "0x00000000",
4476. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
4477. "size": "0x00000000"
4478. },
4479. {
4480. "virtual_address": "0x00000000",
4481. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
4482. "size": "0x00000000"
4483. },
4484. {
4485. "virtual_address": "0x0008abe0",
4486. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
4487. "size": "0x00000048"
4488. },
4489. {
4490. "virtual_address": "0x00000000",
4491. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
4492. "size": "0x00000000"
4493. },
4494. {
4495. "virtual_address": "0x00048000",
4496. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
4497. "size": "0x000006c8"
4498. },
4499. {
4500. "virtual_address": "0x00090998",
4501. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
4502. "size": "0x00000040"
4503. },
4504. {
4505. "virtual_address": "0x00000000",
4506. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
4507. "size": "0x00000000"
4508. },
4509. {
4510. "virtual_address": "0x00000000",
4511. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
4512. "size": "0x00000000"
4513. }
4514. ],
4515. "exports": [],
4516. "guest_signers": {},
4517. "imphash": "7a377bb2d9e9a9d3215f8897afdc67d6",
4518. "icon_fuzzy": null,
4519. "icon": null,
4520. "pdbpath": null,
4521. "imported_dll_count": 12,
4522. "versioninfo": []
4523. }
4524. }