Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Fareit"
- [*] MalScore: 10.0
- [*] File Name: "Exes_1b1ea32aecb9542361b0f22fe6c01687.exe"
- [*] File Size: 763398
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "7690bc275d7d050d55b362241e3af12537e5e573880d44b66ee1d08d487040bf"
- [*] MD5: "1b1ea32aecb9542361b0f22fe6c01687"
- [*] SHA1: "2935b312644550e5d4d6a819a6b47ae884f7cb2d"
- [*] SHA512: "1385e623fc65eb36aff5dcf9ab64a84f610845ea94c61af5f58baf52b74ede2416e8c2fc62546d2c6e7a4167b3e402c3b06e157a92b07fd3c90176c390827b01"
- [*] CRC32: "E9733DE3"
- [*] SSDEEP: "12288:llrimWMa6mz043JSjaT13Az0ZwYgGApOUpGpdE8T9hKXnAjqVv5:7em9mLUO6W7gGApOUwfEAgAj0"
- [*] Process Execution: [
- "Exes_1b1ea32aecb9542361b0f22fe6c01687.exe",
- "Exes_1b1ea32aecb9542361b0f22fe6c01687.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: .rsrc, entropy: 7.40, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x00036800, virtual_size: 0x0003661c"
- }
- ]
- },
- {
- "Description": "Executed a process and injected code into it, probably while unpacking",
- "Details": [
- {
- "Injection": "Exes_1b1ea32aecb9542361b0f22fe6c01687.exe(2576) -> Exes_1b1ea32aecb9542361b0f22fe6c01687.exe(848)"
- }
- ]
- },
- {
- "Description": "File has been identified by 57 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Gen:Variant.Ulise.39188"
- },
- {
- "FireEye": "Generic.mg.1b1ea32aecb95423"
- },
- {
- "CAT-QuickHeal": "TrojanPWS.Fareit"
- },
- {
- "McAfee": "RDN/Generic.grp"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "Alibaba": "TrojanPSW:Win32/Injector.81a10216"
- },
- {
- "K7GW": "Riskware ( 0040eff71 )"
- },
- {
- "K7AntiVirus": "Riskware ( 0040eff71 )"
- },
- {
- "Arcabit": "Trojan.Ulise.D9914"
- },
- {
- "TrendMicro": "TSPY_HPFAREIT.SMROX"
- },
- {
- "NANO-Antivirus": "Trojan.Win32.Stealer.frmqcy"
- },
- {
- "F-Prot": "W32/Fareit.DCP"
- },
- {
- "Symantec": "Trojan Horse"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Avast": "Win32:Malware-gen"
- },
- {
- "Kaspersky": "HEUR:Trojan-PSW.Win32.Fareit.gen"
- },
- {
- "BitDefender": "Gen:Variant.Ulise.39188"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "Tencent": "Win32.Trojan-qqpass.Qqrob.Dxni"
- },
- {
- "Ad-Aware": "Gen:Variant.Ulise.39188"
- },
- {
- "Emsisoft": "Gen:Variant.Ulise.39188 (B)"
- },
- {
- "Comodo": "Malware@#9pi3bx4n36gj"
- },
- {
- "F-Secure": "Trojan.TR/Injector.apwfv"
- },
- {
- "DrWeb": "Trojan.PWS.Stealer.19347"
- },
- {
- "Zillya": "Trojan.Agent.Win32.1106599"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Fareit.bc"
- },
- {
- "Trapmine": "malicious.high.ml.score"
- },
- {
- "Sophos": "Mal/Fareit-V"
- },
- {
- "Ikarus": "Trojan.Inject"
- },
- {
- "Cyren": "W32/Fareit.RFJW-6171"
- },
- {
- "Jiangmin": "Trojan.Kryptik.pb"
- },
- {
- "Avira": "TR/Injector.apwfv"
- },
- {
- "MAX": "malware (ai score=100)"
- },
- {
- "Antiy-AVL": "Trojan[PSW]/Win32.Fareit"
- },
- {
- "Microsoft": "Trojan:Win32/Wacatac.B!ml"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "AegisLab": "Trojan.Win32.Fareit.4!c"
- },
- {
- "ZoneAlarm": "HEUR:Trojan-PSW.Win32.Fareit.gen"
- },
- {
- "GData": "Gen:Variant.Ulise.39188"
- },
- {
- "AhnLab-V3": "Win-Trojan/Delphiless.Exp"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "ALYac": "Gen:Variant.Ulise.39188"
- },
- {
- "VBA32": "TScope.Trojan.Delf"
- },
- {
- "Malwarebytes": "Trojan.MalPack.DLF"
- },
- {
- "ESET-NOD32": "a variant of Win32/Injector.EGCL"
- },
- {
- "TrendMicro-HouseCall": "TSPY_HPFAREIT.SMROX"
- },
- {
- "Rising": "Trojan.Injector!1.AFE3 (CLOUD)"
- },
- {
- "Yandex": "Trojan.Injector!RRGWYhh8Lw0"
- },
- {
- "SentinelOne": "DFI - Malicious PE"
- },
- {
- "Fortinet": "W32/Injector.EGCL!tr"
- },
- {
- "Webroot": "W32.Trojan.Gen"
- },
- {
- "AVG": "Win32:Malware-gen"
- },
- {
- "Cybereason": "malicious.aecb95"
- },
- {
- "Panda": "Trj/CI.A"
- },
- {
- "CrowdStrike": "win/malicious_confidence_100% (W)"
- },
- {
- "Qihoo-360": "Win32/Trojan.PSW.ccc"
- }
- ]
- },
- {
- "Description": "Anomalous binary characteristics",
- "Details": [
- {
- "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_1b1ea32aecb9542361b0f22fe6c01687.exe\""
- ]
- [*] Mutexes: []
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DeleteCriticalSection",
- "address": "0x47d12c"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x47d130"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x47d134"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x47d138"
- },
- {
- "name": "VirtualFree",
- "address": "0x47d13c"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x47d140"
- },
- {
- "name": "LocalFree",
- "address": "0x47d144"
- },
- {
- "name": "LocalAlloc",
- "address": "0x47d148"
- },
- {
- "name": "GetTickCount",
- "address": "0x47d14c"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x47d150"
- },
- {
- "name": "GetVersion",
- "address": "0x47d154"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x47d158"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x47d15c"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x47d160"
- },
- {
- "name": "VirtualQuery",
- "address": "0x47d164"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x47d168"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x47d16c"
- },
- {
- "name": "lstrlenA",
- "address": "0x47d170"
- },
- {
- "name": "lstrcpynA",
- "address": "0x47d174"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x47d178"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x47d17c"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x47d180"
- },
- {
- "name": "GetProcAddress",
- "address": "0x47d184"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x47d188"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x47d18c"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x47d190"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x47d194"
- },
- {
- "name": "FreeLibrary",
- "address": "0x47d198"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x47d19c"
- },
- {
- "name": "FindClose",
- "address": "0x47d1a0"
- },
- {
- "name": "ExitProcess",
- "address": "0x47d1a4"
- },
- {
- "name": "WriteFile",
- "address": "0x47d1a8"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x47d1ac"
- },
- {
- "name": "RtlUnwind",
- "address": "0x47d1b0"
- },
- {
- "name": "RaiseException",
- "address": "0x47d1b4"
- },
- {
- "name": "GetStdHandle",
- "address": "0x47d1b8"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "GetKeyboardType",
- "address": "0x47d1c0"
- },
- {
- "name": "LoadStringA",
- "address": "0x47d1c4"
- },
- {
- "name": "MessageBoxA",
- "address": "0x47d1c8"
- },
- {
- "name": "CharNextA",
- "address": "0x47d1cc"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x47d1d4"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x47d1d8"
- },
- {
- "name": "RegCloseKey",
- "address": "0x47d1dc"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "SysFreeString",
- "address": "0x47d1e4"
- },
- {
- "name": "SysReAllocStringLen",
- "address": "0x47d1e8"
- },
- {
- "name": "SysAllocStringLen",
- "address": "0x47d1ec"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "TlsSetValue",
- "address": "0x47d1f4"
- },
- {
- "name": "TlsGetValue",
- "address": "0x47d1f8"
- },
- {
- "name": "LocalAlloc",
- "address": "0x47d1fc"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x47d200"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x47d208"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x47d20c"
- },
- {
- "name": "RegCloseKey",
- "address": "0x47d210"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "lstrcpyA",
- "address": "0x47d218"
- },
- {
- "name": "WriteFile",
- "address": "0x47d21c"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x47d220"
- },
- {
- "name": "VirtualQuery",
- "address": "0x47d224"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x47d228"
- },
- {
- "name": "Sleep",
- "address": "0x47d22c"
- },
- {
- "name": "SizeofResource",
- "address": "0x47d230"
- },
- {
- "name": "SetThreadLocale",
- "address": "0x47d234"
- },
- {
- "name": "SetFilePointer",
- "address": "0x47d238"
- },
- {
- "name": "SetEvent",
- "address": "0x47d23c"
- },
- {
- "name": "SetErrorMode",
- "address": "0x47d240"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x47d244"
- },
- {
- "name": "ResetEvent",
- "address": "0x47d248"
- },
- {
- "name": "ReadFile",
- "address": "0x47d24c"
- },
- {
- "name": "MulDiv",
- "address": "0x47d250"
- },
- {
- "name": "LockResource",
- "address": "0x47d254"
- },
- {
- "name": "LoadResource",
- "address": "0x47d258"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x47d25c"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x47d260"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x47d264"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x47d268"
- },
- {
- "name": "GlobalReAlloc",
- "address": "0x47d26c"
- },
- {
- "name": "GlobalHandle",
- "address": "0x47d270"
- },
- {
- "name": "GlobalLock",
- "address": "0x47d274"
- },
- {
- "name": "GlobalFree",
- "address": "0x47d278"
- },
- {
- "name": "GlobalFindAtomA",
- "address": "0x47d27c"
- },
- {
- "name": "GlobalDeleteAtom",
- "address": "0x47d280"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x47d284"
- },
- {
- "name": "GlobalAddAtomA",
- "address": "0x47d288"
- },
- {
- "name": "GetVersionExA",
- "address": "0x47d28c"
- },
- {
- "name": "GetVersion",
- "address": "0x47d290"
- },
- {
- "name": "GetTickCount",
- "address": "0x47d294"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x47d298"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x47d29c"
- },
- {
- "name": "GetStringTypeExA",
- "address": "0x47d2a0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x47d2a4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x47d2a8"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x47d2ac"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x47d2b0"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x47d2b4"
- },
- {
- "name": "GetLocalTime",
- "address": "0x47d2b8"
- },
- {
- "name": "GetLastError",
- "address": "0x47d2bc"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x47d2c0"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x47d2c4"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x47d2c8"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x47d2cc"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x47d2d0"
- },
- {
- "name": "GetCPInfo",
- "address": "0x47d2d4"
- },
- {
- "name": "GetACP",
- "address": "0x47d2d8"
- },
- {
- "name": "FreeResource",
- "address": "0x47d2dc"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x47d2e0"
- },
- {
- "name": "FreeLibrary",
- "address": "0x47d2e4"
- },
- {
- "name": "FormatMessageA",
- "address": "0x47d2e8"
- },
- {
- "name": "FindResourceA",
- "address": "0x47d2ec"
- },
- {
- "name": "EnumCalendarInfoA",
- "address": "0x47d2f0"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x47d2f4"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x47d2f8"
- },
- {
- "name": "CreateThread",
- "address": "0x47d2fc"
- },
- {
- "name": "CreateFileA",
- "address": "0x47d300"
- },
- {
- "name": "CreateEventA",
- "address": "0x47d304"
- },
- {
- "name": "CompareStringA",
- "address": "0x47d308"
- },
- {
- "name": "CloseHandle",
- "address": "0x47d30c"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "VerQueryValueA",
- "address": "0x47d314"
- },
- {
- "name": "GetFileVersionInfoSizeA",
- "address": "0x47d318"
- },
- {
- "name": "GetFileVersionInfoA",
- "address": "0x47d31c"
- }
- ],
- "dll": "version.dll"
- },
- {
- "imports": [
- {
- "name": "UnrealizeObject",
- "address": "0x47d324"
- },
- {
- "name": "TextOutA",
- "address": "0x47d328"
- },
- {
- "name": "StretchBlt",
- "address": "0x47d32c"
- },
- {
- "name": "SetWindowOrgEx",
- "address": "0x47d330"
- },
- {
- "name": "SetWinMetaFileBits",
- "address": "0x47d334"
- },
- {
- "name": "SetViewportOrgEx",
- "address": "0x47d338"
- },
- {
- "name": "SetTextColor",
- "address": "0x47d33c"
- },
- {
- "name": "SetTextAlign",
- "address": "0x47d340"
- },
- {
- "name": "SetStretchBltMode",
- "address": "0x47d344"
- },
- {
- "name": "SetROP2",
- "address": "0x47d348"
- },
- {
- "name": "SetPixel",
- "address": "0x47d34c"
- },
- {
- "name": "SetEnhMetaFileBits",
- "address": "0x47d350"
- },
- {
- "name": "SetDIBColorTable",
- "address": "0x47d354"
- },
- {
- "name": "SetBrushOrgEx",
- "address": "0x47d358"
- },
- {
- "name": "SetBkMode",
- "address": "0x47d35c"
- },
- {
- "name": "SetBkColor",
- "address": "0x47d360"
- },
- {
- "name": "SelectPalette",
- "address": "0x47d364"
- },
- {
- "name": "SelectObject",
- "address": "0x47d368"
- },
- {
- "name": "SelectClipRgn",
- "address": "0x47d36c"
- },
- {
- "name": "ScaleWindowExtEx",
- "address": "0x47d370"
- },
- {
- "name": "SaveDC",
- "address": "0x47d374"
- },
- {
- "name": "RoundRect",
- "address": "0x47d378"
- },
- {
- "name": "RestoreDC",
- "address": "0x47d37c"
- },
- {
- "name": "Rectangle",
- "address": "0x47d380"
- },
- {
- "name": "RectVisible",
- "address": "0x47d384"
- },
- {
- "name": "RealizePalette",
- "address": "0x47d388"
- },
- {
- "name": "Polyline",
- "address": "0x47d38c"
- },
- {
- "name": "Polygon",
- "address": "0x47d390"
- },
- {
- "name": "PlayEnhMetaFile",
- "address": "0x47d394"
- },
- {
- "name": "Pie",
- "address": "0x47d398"
- },
- {
- "name": "PatBlt",
- "address": "0x47d39c"
- },
- {
- "name": "MoveToEx",
- "address": "0x47d3a0"
- },
- {
- "name": "MaskBlt",
- "address": "0x47d3a4"
- },
- {
- "name": "LineTo",
- "address": "0x47d3a8"
- },
- {
- "name": "LPtoDP",
- "address": "0x47d3ac"
- },
- {
- "name": "IntersectClipRect",
- "address": "0x47d3b0"
- },
- {
- "name": "GetWindowOrgEx",
- "address": "0x47d3b4"
- },
- {
- "name": "GetWinMetaFileBits",
- "address": "0x47d3b8"
- },
- {
- "name": "GetTextMetricsA",
- "address": "0x47d3bc"
- },
- {
- "name": "GetTextExtentPoint32A",
- "address": "0x47d3c0"
- },
- {
- "name": "GetTextAlign",
- "address": "0x47d3c4"
- },
- {
- "name": "GetSystemPaletteEntries",
- "address": "0x47d3c8"
- },
- {
- "name": "GetStockObject",
- "address": "0x47d3cc"
- },
- {
- "name": "GetPixel",
- "address": "0x47d3d0"
- },
- {
- "name": "GetPaletteEntries",
- "address": "0x47d3d4"
- },
- {
- "name": "GetObjectA",
- "address": "0x47d3d8"
- },
- {
- "name": "GetEnhMetaFilePaletteEntries",
- "address": "0x47d3dc"
- },
- {
- "name": "GetEnhMetaFileHeader",
- "address": "0x47d3e0"
- },
- {
- "name": "GetEnhMetaFileBits",
- "address": "0x47d3e4"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x47d3e8"
- },
- {
- "name": "GetDIBits",
- "address": "0x47d3ec"
- },
- {
- "name": "GetDIBColorTable",
- "address": "0x47d3f0"
- },
- {
- "name": "GetDCOrgEx",
- "address": "0x47d3f4"
- },
- {
- "name": "GetCurrentPositionEx",
- "address": "0x47d3f8"
- },
- {
- "name": "GetClipBox",
- "address": "0x47d3fc"
- },
- {
- "name": "GetBrushOrgEx",
- "address": "0x47d400"
- },
- {
- "name": "GetBkMode",
- "address": "0x47d404"
- },
- {
- "name": "GetBkColor",
- "address": "0x47d408"
- },
- {
- "name": "GetBitmapBits",
- "address": "0x47d40c"
- },
- {
- "name": "ExtTextOutA",
- "address": "0x47d410"
- },
- {
- "name": "ExtSelectClipRgn",
- "address": "0x47d414"
- },
- {
- "name": "ExtCreatePen",
- "address": "0x47d418"
- },
- {
- "name": "ExcludeClipRect",
- "address": "0x47d41c"
- },
- {
- "name": "EndDoc",
- "address": "0x47d420"
- },
- {
- "name": "Ellipse",
- "address": "0x47d424"
- },
- {
- "name": "DeleteObject",
- "address": "0x47d428"
- },
- {
- "name": "DeleteEnhMetaFile",
- "address": "0x47d42c"
- },
- {
- "name": "DeleteDC",
- "address": "0x47d430"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x47d434"
- },
- {
- "name": "CreateRectRgn",
- "address": "0x47d438"
- },
- {
- "name": "CreatePolygonRgn",
- "address": "0x47d43c"
- },
- {
- "name": "CreatePenIndirect",
- "address": "0x47d440"
- },
- {
- "name": "CreatePalette",
- "address": "0x47d444"
- },
- {
- "name": "CreateHalftonePalette",
- "address": "0x47d448"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x47d44c"
- },
- {
- "name": "CreateDIBitmap",
- "address": "0x47d450"
- },
- {
- "name": "CreateDIBSection",
- "address": "0x47d454"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x47d458"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x47d45c"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x47d460"
- },
- {
- "name": "CreateBitmap",
- "address": "0x47d464"
- },
- {
- "name": "CopyEnhMetaFileA",
- "address": "0x47d468"
- },
- {
- "name": "BitBlt",
- "address": "0x47d46c"
- },
- {
- "name": "Arc",
- "address": "0x47d470"
- }
- ],
- "dll": "gdi32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateWindowExA",
- "address": "0x47d478"
- },
- {
- "name": "WindowFromPoint",
- "address": "0x47d47c"
- },
- {
- "name": "WinHelpA",
- "address": "0x47d480"
- },
- {
- "name": "WaitMessage",
- "address": "0x47d484"
- },
- {
- "name": "UpdateWindow",
- "address": "0x47d488"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x47d48c"
- },
- {
- "name": "UnhookWindowsHookEx",
- "address": "0x47d490"
- },
- {
- "name": "TranslateMessage",
- "address": "0x47d494"
- },
- {
- "name": "TranslateMDISysAccel",
- "address": "0x47d498"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x47d49c"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x47d4a0"
- },
- {
- "name": "ShowWindow",
- "address": "0x47d4a4"
- },
- {
- "name": "ShowScrollBar",
- "address": "0x47d4a8"
- },
- {
- "name": "ShowOwnedPopups",
- "address": "0x47d4ac"
- },
- {
- "name": "ShowCursor",
- "address": "0x47d4b0"
- },
- {
- "name": "SetWindowsHookExA",
- "address": "0x47d4b4"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x47d4b8"
- },
- {
- "name": "SetWindowPos",
- "address": "0x47d4bc"
- },
- {
- "name": "SetWindowPlacement",
- "address": "0x47d4c0"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x47d4c4"
- },
- {
- "name": "SetTimer",
- "address": "0x47d4c8"
- },
- {
- "name": "SetScrollRange",
- "address": "0x47d4cc"
- },
- {
- "name": "SetScrollPos",
- "address": "0x47d4d0"
- },
- {
- "name": "SetScrollInfo",
- "address": "0x47d4d4"
- },
- {
- "name": "SetRect",
- "address": "0x47d4d8"
- },
- {
- "name": "SetPropA",
- "address": "0x47d4dc"
- },
- {
- "name": "SetParent",
- "address": "0x47d4e0"
- },
- {
- "name": "SetMenuItemInfoA",
- "address": "0x47d4e4"
- },
- {
- "name": "SetMenu",
- "address": "0x47d4e8"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x47d4ec"
- },
- {
- "name": "SetFocus",
- "address": "0x47d4f0"
- },
- {
- "name": "SetCursor",
- "address": "0x47d4f4"
- },
- {
- "name": "SetClassLongA",
- "address": "0x47d4f8"
- },
- {
- "name": "SetCapture",
- "address": "0x47d4fc"
- },
- {
- "name": "SetActiveWindow",
- "address": "0x47d500"
- },
- {
- "name": "SendMessageA",
- "address": "0x47d504"
- },
- {
- "name": "ScrollWindow",
- "address": "0x47d508"
- },
- {
- "name": "ScreenToClient",
- "address": "0x47d50c"
- },
- {
- "name": "RemovePropA",
- "address": "0x47d510"
- },
- {
- "name": "RemoveMenu",
- "address": "0x47d514"
- },
- {
- "name": "ReleaseDC",
- "address": "0x47d518"
- },
- {
- "name": "ReleaseCapture",
- "address": "0x47d51c"
- },
- {
- "name": "RegisterWindowMessageA",
- "address": "0x47d520"
- },
- {
- "name": "RegisterClipboardFormatA",
- "address": "0x47d524"
- },
- {
- "name": "RegisterClassA",
- "address": "0x47d528"
- },
- {
- "name": "RedrawWindow",
- "address": "0x47d52c"
- },
- {
- "name": "PtInRect",
- "address": "0x47d530"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x47d534"
- },
- {
- "name": "PostMessageA",
- "address": "0x47d538"
- },
- {
- "name": "PeekMessageA",
- "address": "0x47d53c"
- },
- {
- "name": "OffsetRect",
- "address": "0x47d540"
- },
- {
- "name": "OemToCharA",
- "address": "0x47d544"
- },
- {
- "name": "MessageBoxA",
- "address": "0x47d548"
- },
- {
- "name": "MapWindowPoints",
- "address": "0x47d54c"
- },
- {
- "name": "MapVirtualKeyA",
- "address": "0x47d550"
- },
- {
- "name": "LoadStringA",
- "address": "0x47d554"
- },
- {
- "name": "LoadKeyboardLayoutA",
- "address": "0x47d558"
- },
- {
- "name": "LoadIconA",
- "address": "0x47d55c"
- },
- {
- "name": "LoadCursorA",
- "address": "0x47d560"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x47d564"
- },
- {
- "name": "KillTimer",
- "address": "0x47d568"
- },
- {
- "name": "IsZoomed",
- "address": "0x47d56c"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x47d570"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x47d574"
- },
- {
- "name": "IsWindow",
- "address": "0x47d578"
- },
- {
- "name": "IsRectEmpty",
- "address": "0x47d57c"
- },
- {
- "name": "IsIconic",
- "address": "0x47d580"
- },
- {
- "name": "IsDialogMessageA",
- "address": "0x47d584"
- },
- {
- "name": "IsChild",
- "address": "0x47d588"
- },
- {
- "name": "InvalidateRect",
- "address": "0x47d58c"
- },
- {
- "name": "IntersectRect",
- "address": "0x47d590"
- },
- {
- "name": "InsertMenuItemA",
- "address": "0x47d594"
- },
- {
- "name": "InsertMenuA",
- "address": "0x47d598"
- },
- {
- "name": "InflateRect",
- "address": "0x47d59c"
- },
- {
- "name": "GetWindowThreadProcessId",
- "address": "0x47d5a0"
- },
- {
- "name": "GetWindowTextA",
- "address": "0x47d5a4"
- },
- {
- "name": "GetWindowRect",
- "address": "0x47d5a8"
- },
- {
- "name": "GetWindowPlacement",
- "address": "0x47d5ac"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x47d5b0"
- },
- {
- "name": "GetWindowDC",
- "address": "0x47d5b4"
- },
- {
- "name": "GetTopWindow",
- "address": "0x47d5b8"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x47d5bc"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x47d5c0"
- },
- {
- "name": "GetSysColorBrush",
- "address": "0x47d5c4"
- },
- {
- "name": "GetSysColor",
- "address": "0x47d5c8"
- },
- {
- "name": "GetSubMenu",
- "address": "0x47d5cc"
- },
- {
- "name": "GetScrollRange",
- "address": "0x47d5d0"
- },
- {
- "name": "GetScrollPos",
- "address": "0x47d5d4"
- },
- {
- "name": "GetScrollInfo",
- "address": "0x47d5d8"
- },
- {
- "name": "GetPropA",
- "address": "0x47d5dc"
- },
- {
- "name": "GetParent",
- "address": "0x47d5e0"
- },
- {
- "name": "GetWindow",
- "address": "0x47d5e4"
- },
- {
- "name": "GetMenuStringA",
- "address": "0x47d5e8"
- },
- {
- "name": "GetMenuState",
- "address": "0x47d5ec"
- },
- {
- "name": "GetMenuItemInfoA",
- "address": "0x47d5f0"
- },
- {
- "name": "GetMenuItemID",
- "address": "0x47d5f4"
- },
- {
- "name": "GetMenuItemCount",
- "address": "0x47d5f8"
- },
- {
- "name": "GetMenu",
- "address": "0x47d5fc"
- },
- {
- "name": "GetLastActivePopup",
- "address": "0x47d600"
- },
- {
- "name": "GetKeyboardState",
- "address": "0x47d604"
- },
- {
- "name": "GetKeyboardLayoutList",
- "address": "0x47d608"
- },
- {
- "name": "GetKeyboardLayout",
- "address": "0x47d60c"
- },
- {
- "name": "GetKeyState",
- "address": "0x47d610"
- },
- {
- "name": "GetKeyNameTextA",
- "address": "0x47d614"
- },
- {
- "name": "GetIconInfo",
- "address": "0x47d618"
- },
- {
- "name": "GetForegroundWindow",
- "address": "0x47d61c"
- },
- {
- "name": "GetFocus",
- "address": "0x47d620"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x47d624"
- },
- {
- "name": "GetDCEx",
- "address": "0x47d628"
- },
- {
- "name": "GetDC",
- "address": "0x47d62c"
- },
- {
- "name": "GetCursorPos",
- "address": "0x47d630"
- },
- {
- "name": "GetCursor",
- "address": "0x47d634"
- },
- {
- "name": "GetClipboardData",
- "address": "0x47d638"
- },
- {
- "name": "GetClientRect",
- "address": "0x47d63c"
- },
- {
- "name": "GetClassNameA",
- "address": "0x47d640"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x47d644"
- },
- {
- "name": "GetCapture",
- "address": "0x47d648"
- },
- {
- "name": "GetActiveWindow",
- "address": "0x47d64c"
- },
- {
- "name": "FrameRect",
- "address": "0x47d650"
- },
- {
- "name": "FindWindowA",
- "address": "0x47d654"
- },
- {
- "name": "FillRect",
- "address": "0x47d658"
- },
- {
- "name": "EqualRect",
- "address": "0x47d65c"
- },
- {
- "name": "EnumWindows",
- "address": "0x47d660"
- },
- {
- "name": "EnumThreadWindows",
- "address": "0x47d664"
- },
- {
- "name": "EndPaint",
- "address": "0x47d668"
- },
- {
- "name": "EnableWindow",
- "address": "0x47d66c"
- },
- {
- "name": "EnableScrollBar",
- "address": "0x47d670"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x47d674"
- },
- {
- "name": "DrawTextA",
- "address": "0x47d678"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x47d67c"
- },
- {
- "name": "DrawIconEx",
- "address": "0x47d680"
- },
- {
- "name": "DrawIcon",
- "address": "0x47d684"
- },
- {
- "name": "DrawFrameControl",
- "address": "0x47d688"
- },
- {
- "name": "DrawFocusRect",
- "address": "0x47d68c"
- },
- {
- "name": "DrawEdge",
- "address": "0x47d690"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x47d694"
- },
- {
- "name": "DestroyWindow",
- "address": "0x47d698"
- },
- {
- "name": "DestroyMenu",
- "address": "0x47d69c"
- },
- {
- "name": "DestroyIcon",
- "address": "0x47d6a0"
- },
- {
- "name": "DestroyCursor",
- "address": "0x47d6a4"
- },
- {
- "name": "DeleteMenu",
- "address": "0x47d6a8"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x47d6ac"
- },
- {
- "name": "DefMDIChildProcA",
- "address": "0x47d6b0"
- },
- {
- "name": "DefFrameProcA",
- "address": "0x47d6b4"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x47d6b8"
- },
- {
- "name": "CreateMenu",
- "address": "0x47d6bc"
- },
- {
- "name": "CreateIcon",
- "address": "0x47d6c0"
- },
- {
- "name": "ClientToScreen",
- "address": "0x47d6c4"
- },
- {
- "name": "CheckMenuItem",
- "address": "0x47d6c8"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x47d6cc"
- },
- {
- "name": "CallNextHookEx",
- "address": "0x47d6d0"
- },
- {
- "name": "BringWindowToTop",
- "address": "0x47d6d4"
- },
- {
- "name": "BeginPaint",
- "address": "0x47d6d8"
- },
- {
- "name": "CharNextA",
- "address": "0x47d6dc"
- },
- {
- "name": "CharLowerBuffA",
- "address": "0x47d6e0"
- },
- {
- "name": "CharLowerA",
- "address": "0x47d6e4"
- },
- {
- "name": "CharUpperBuffA",
- "address": "0x47d6e8"
- },
- {
- "name": "CharToOemA",
- "address": "0x47d6ec"
- },
- {
- "name": "AdjustWindowRectEx",
- "address": "0x47d6f0"
- },
- {
- "name": "ActivateKeyboardLayout",
- "address": "0x47d6f4"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "Sleep",
- "address": "0x47d6fc"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "SafeArrayPtrOfIndex",
- "address": "0x47d704"
- },
- {
- "name": "SafeArrayGetUBound",
- "address": "0x47d708"
- },
- {
- "name": "SafeArrayGetLBound",
- "address": "0x47d70c"
- },
- {
- "name": "SafeArrayCreate",
- "address": "0x47d710"
- },
- {
- "name": "VariantChangeType",
- "address": "0x47d714"
- },
- {
- "name": "VariantCopy",
- "address": "0x47d718"
- },
- {
- "name": "VariantClear",
- "address": "0x47d71c"
- },
- {
- "name": "VariantInit",
- "address": "0x47d720"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_SetIconSize",
- "address": "0x47d728"
- },
- {
- "name": "ImageList_GetIconSize",
- "address": "0x47d72c"
- },
- {
- "name": "ImageList_Write",
- "address": "0x47d730"
- },
- {
- "name": "ImageList_Read",
- "address": "0x47d734"
- },
- {
- "name": "ImageList_GetDragImage",
- "address": "0x47d738"
- },
- {
- "name": "ImageList_DragShowNolock",
- "address": "0x47d73c"
- },
- {
- "name": "ImageList_SetDragCursorImage",
- "address": "0x47d740"
- },
- {
- "name": "ImageList_DragMove",
- "address": "0x47d744"
- },
- {
- "name": "ImageList_DragLeave",
- "address": "0x47d748"
- },
- {
- "name": "ImageList_DragEnter",
- "address": "0x47d74c"
- },
- {
- "name": "ImageList_EndDrag",
- "address": "0x47d750"
- },
- {
- "name": "ImageList_BeginDrag",
- "address": "0x47d754"
- },
- {
- "name": "ImageList_Remove",
- "address": "0x47d758"
- },
- {
- "name": "ImageList_DrawEx",
- "address": "0x47d75c"
- },
- {
- "name": "ImageList_Draw",
- "address": "0x47d760"
- },
- {
- "name": "ImageList_GetBkColor",
- "address": "0x47d764"
- },
- {
- "name": "ImageList_SetBkColor",
- "address": "0x47d768"
- },
- {
- "name": "ImageList_ReplaceIcon",
- "address": "0x47d76c"
- },
- {
- "name": "ImageList_Add",
- "address": "0x47d770"
- },
- {
- "name": "ImageList_GetImageCount",
- "address": "0x47d774"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x47d778"
- },
- {
- "name": "ImageList_Create",
- "address": "0x47d77c"
- }
- ],
- "dll": "comctl32.dll"
- },
- {
- "imports": [
- {
- "name": "ReplaceTextA",
- "address": "0x47d784"
- },
- {
- "name": "FindTextA",
- "address": "0x47d788"
- }
- ],
- "dll": "comdlg32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000c3d69",
- "overlay": {
- "size": "0x00000206",
- "offset": "0x000ba400"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00470ff8",
- "timestamp": "1992-01-20 05:30:17",
- "osversion": "4.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00070200",
- "entropy": "6.51",
- "raw_address": "0x00000400",
- "virtual_size": "0x00070040",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00072000",
- "size_of_data": "0x00009400",
- "entropy": "5.04",
- "raw_address": "0x00070600",
- "virtual_size": "0x00009370",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "BSS",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0007c000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00079a00",
- "virtual_size": "0x00000d21",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0007d000",
- "size_of_data": "0x00002400",
- "entropy": "4.93",
- "raw_address": "0x00079a00",
- "virtual_size": "0x00002286",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".tls",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00080000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x0007be00",
- "virtual_size": "0x00000010",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00081000",
- "size_of_data": "0x00000200",
- "entropy": "0.16",
- "raw_address": "0x0007be00",
- "virtual_size": "0x00000018",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00082000",
- "size_of_data": "0x00007c00",
- "entropy": "6.65",
- "raw_address": "0x0007c000",
- "virtual_size": "0x00007bf8",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0008a000",
- "size_of_data": "0x00036800",
- "entropy": "7.40",
- "raw_address": "0x00083c00",
- "virtual_size": "0x0003661c",
- "characteristics_raw": "0x50000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0007d000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00002286"
- },
- {
- "virtual_address": "0x0008a000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x0003661c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00082000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00007bf8"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00081000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "115a4c7ae85e70a5c7e1301091e6456a",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 14,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.GetDiskFreeSpaceExA",
- "oleaut32.dll.VariantChangeTypeEx",
- "oleaut32.dll.VarNeg",
- "oleaut32.dll.VarNot",
- "oleaut32.dll.VarAdd",
- "oleaut32.dll.VarSub",
- "oleaut32.dll.VarMul",
- "oleaut32.dll.VarDiv",
- "oleaut32.dll.VarIdiv",
- "oleaut32.dll.VarMod",
- "oleaut32.dll.VarAnd",
- "oleaut32.dll.VarOr",
- "oleaut32.dll.VarXor",
- "oleaut32.dll.VarCmp",
- "oleaut32.dll.VarI4FromStr",
- "oleaut32.dll.VarR4FromStr",
- "oleaut32.dll.VarR8FromStr",
- "oleaut32.dll.VarDateFromStr",
- "oleaut32.dll.VarCyFromStr",
- "oleaut32.dll.VarBoolFromStr",
- "oleaut32.dll.VarBstrFromCy",
- "oleaut32.dll.VarBstrFromDate",
- "oleaut32.dll.VarBstrFromBool",
- "user32.dll.GetMonitorInfoA",
- "user32.dll.GetSystemMetrics",
- "user32.dll.EnumDisplayMonitors",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "gdi32.dll.GetTextFaceAliasW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "advapi32.dll.RegEnumKeyExW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "user32.dll.AnimateWindow",
- "comctl32.dll.InitializeFlatSB",
- "comctl32.dll.UninitializeFlatSB",
- "comctl32.dll.FlatSB_GetScrollProp",
- "comctl32.dll.FlatSB_SetScrollProp",
- "comctl32.dll.FlatSB_EnableScrollBar",
- "comctl32.dll.FlatSB_ShowScrollBar",
- "comctl32.dll.FlatSB_GetScrollRange",
- "comctl32.dll.FlatSB_GetScrollInfo",
- "comctl32.dll.FlatSB_GetScrollPos",
- "comctl32.dll.FlatSB_SetScrollPos",
- "comctl32.dll.FlatSB_SetScrollInfo",
- "comctl32.dll.FlatSB_SetScrollRange",
- "user32.dll.SetLayeredWindowAttributes"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DeleteCriticalSection",
- "address": "0x47d12c"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x47d130"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x47d134"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x47d138"
- },
- {
- "name": "VirtualFree",
- "address": "0x47d13c"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x47d140"
- },
- {
- "name": "LocalFree",
- "address": "0x47d144"
- },
- {
- "name": "LocalAlloc",
- "address": "0x47d148"
- },
- {
- "name": "GetTickCount",
- "address": "0x47d14c"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x47d150"
- },
- {
- "name": "GetVersion",
- "address": "0x47d154"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x47d158"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x47d15c"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x47d160"
- },
- {
- "name": "VirtualQuery",
- "address": "0x47d164"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x47d168"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x47d16c"
- },
- {
- "name": "lstrlenA",
- "address": "0x47d170"
- },
- {
- "name": "lstrcpynA",
- "address": "0x47d174"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x47d178"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x47d17c"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x47d180"
- },
- {
- "name": "GetProcAddress",
- "address": "0x47d184"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x47d188"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x47d18c"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x47d190"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x47d194"
- },
- {
- "name": "FreeLibrary",
- "address": "0x47d198"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x47d19c"
- },
- {
- "name": "FindClose",
- "address": "0x47d1a0"
- },
- {
- "name": "ExitProcess",
- "address": "0x47d1a4"
- },
- {
- "name": "WriteFile",
- "address": "0x47d1a8"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x47d1ac"
- },
- {
- "name": "RtlUnwind",
- "address": "0x47d1b0"
- },
- {
- "name": "RaiseException",
- "address": "0x47d1b4"
- },
- {
- "name": "GetStdHandle",
- "address": "0x47d1b8"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "GetKeyboardType",
- "address": "0x47d1c0"
- },
- {
- "name": "LoadStringA",
- "address": "0x47d1c4"
- },
- {
- "name": "MessageBoxA",
- "address": "0x47d1c8"
- },
- {
- "name": "CharNextA",
- "address": "0x47d1cc"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x47d1d4"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x47d1d8"
- },
- {
- "name": "RegCloseKey",
- "address": "0x47d1dc"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "SysFreeString",
- "address": "0x47d1e4"
- },
- {
- "name": "SysReAllocStringLen",
- "address": "0x47d1e8"
- },
- {
- "name": "SysAllocStringLen",
- "address": "0x47d1ec"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "TlsSetValue",
- "address": "0x47d1f4"
- },
- {
- "name": "TlsGetValue",
- "address": "0x47d1f8"
- },
- {
- "name": "LocalAlloc",
- "address": "0x47d1fc"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x47d200"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x47d208"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x47d20c"
- },
- {
- "name": "RegCloseKey",
- "address": "0x47d210"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "lstrcpyA",
- "address": "0x47d218"
- },
- {
- "name": "WriteFile",
- "address": "0x47d21c"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x47d220"
- },
- {
- "name": "VirtualQuery",
- "address": "0x47d224"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x47d228"
- },
- {
- "name": "Sleep",
- "address": "0x47d22c"
- },
- {
- "name": "SizeofResource",
- "address": "0x47d230"
- },
- {
- "name": "SetThreadLocale",
- "address": "0x47d234"
- },
- {
- "name": "SetFilePointer",
- "address": "0x47d238"
- },
- {
- "name": "SetEvent",
- "address": "0x47d23c"
- },
- {
- "name": "SetErrorMode",
- "address": "0x47d240"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x47d244"
- },
- {
- "name": "ResetEvent",
- "address": "0x47d248"
- },
- {
- "name": "ReadFile",
- "address": "0x47d24c"
- },
- {
- "name": "MulDiv",
- "address": "0x47d250"
- },
- {
- "name": "LockResource",
- "address": "0x47d254"
- },
- {
- "name": "LoadResource",
- "address": "0x47d258"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x47d25c"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x47d260"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x47d264"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x47d268"
- },
- {
- "name": "GlobalReAlloc",
- "address": "0x47d26c"
- },
- {
- "name": "GlobalHandle",
- "address": "0x47d270"
- },
- {
- "name": "GlobalLock",
- "address": "0x47d274"
- },
- {
- "name": "GlobalFree",
- "address": "0x47d278"
- },
- {
- "name": "GlobalFindAtomA",
- "address": "0x47d27c"
- },
- {
- "name": "GlobalDeleteAtom",
- "address": "0x47d280"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x47d284"
- },
- {
- "name": "GlobalAddAtomA",
- "address": "0x47d288"
- },
- {
- "name": "GetVersionExA",
- "address": "0x47d28c"
- },
- {
- "name": "GetVersion",
- "address": "0x47d290"
- },
- {
- "name": "GetTickCount",
- "address": "0x47d294"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x47d298"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x47d29c"
- },
- {
- "name": "GetStringTypeExA",
- "address": "0x47d2a0"
- },
- {
- "name": "GetStdHandle",
- "address": "0x47d2a4"
- },
- {
- "name": "GetProcAddress",
- "address": "0x47d2a8"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x47d2ac"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x47d2b0"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x47d2b4"
- },
- {
- "name": "GetLocalTime",
- "address": "0x47d2b8"
- },
- {
- "name": "GetLastError",
- "address": "0x47d2bc"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x47d2c0"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x47d2c4"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x47d2c8"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x47d2cc"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x47d2d0"
- },
- {
- "name": "GetCPInfo",
- "address": "0x47d2d4"
- },
- {
- "name": "GetACP",
- "address": "0x47d2d8"
- },
- {
- "name": "FreeResource",
- "address": "0x47d2dc"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x47d2e0"
- },
- {
- "name": "FreeLibrary",
- "address": "0x47d2e4"
- },
- {
- "name": "FormatMessageA",
- "address": "0x47d2e8"
- },
- {
- "name": "FindResourceA",
- "address": "0x47d2ec"
- },
- {
- "name": "EnumCalendarInfoA",
- "address": "0x47d2f0"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x47d2f4"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x47d2f8"
- },
- {
- "name": "CreateThread",
- "address": "0x47d2fc"
- },
- {
- "name": "CreateFileA",
- "address": "0x47d300"
- },
- {
- "name": "CreateEventA",
- "address": "0x47d304"
- },
- {
- "name": "CompareStringA",
- "address": "0x47d308"
- },
- {
- "name": "CloseHandle",
- "address": "0x47d30c"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "VerQueryValueA",
- "address": "0x47d314"
- },
- {
- "name": "GetFileVersionInfoSizeA",
- "address": "0x47d318"
- },
- {
- "name": "GetFileVersionInfoA",
- "address": "0x47d31c"
- }
- ],
- "dll": "version.dll"
- },
- {
- "imports": [
- {
- "name": "UnrealizeObject",
- "address": "0x47d324"
- },
- {
- "name": "TextOutA",
- "address": "0x47d328"
- },
- {
- "name": "StretchBlt",
- "address": "0x47d32c"
- },
- {
- "name": "SetWindowOrgEx",
- "address": "0x47d330"
- },
- {
- "name": "SetWinMetaFileBits",
- "address": "0x47d334"
- },
- {
- "name": "SetViewportOrgEx",
- "address": "0x47d338"
- },
- {
- "name": "SetTextColor",
- "address": "0x47d33c"
- },
- {
- "name": "SetTextAlign",
- "address": "0x47d340"
- },
- {
- "name": "SetStretchBltMode",
- "address": "0x47d344"
- },
- {
- "name": "SetROP2",
- "address": "0x47d348"
- },
- {
- "name": "SetPixel",
- "address": "0x47d34c"
- },
- {
- "name": "SetEnhMetaFileBits",
- "address": "0x47d350"
- },
- {
- "name": "SetDIBColorTable",
- "address": "0x47d354"
- },
- {
- "name": "SetBrushOrgEx",
- "address": "0x47d358"
- },
- {
- "name": "SetBkMode",
- "address": "0x47d35c"
- },
- {
- "name": "SetBkColor",
- "address": "0x47d360"
- },
- {
- "name": "SelectPalette",
- "address": "0x47d364"
- },
- {
- "name": "SelectObject",
- "address": "0x47d368"
- },
- {
- "name": "SelectClipRgn",
- "address": "0x47d36c"
- },
- {
- "name": "ScaleWindowExtEx",
- "address": "0x47d370"
- },
- {
- "name": "SaveDC",
- "address": "0x47d374"
- },
- {
- "name": "RoundRect",
- "address": "0x47d378"
- },
- {
- "name": "RestoreDC",
- "address": "0x47d37c"
- },
- {
- "name": "Rectangle",
- "address": "0x47d380"
- },
- {
- "name": "RectVisible",
- "address": "0x47d384"
- },
- {
- "name": "RealizePalette",
- "address": "0x47d388"
- },
- {
- "name": "Polyline",
- "address": "0x47d38c"
- },
- {
- "name": "Polygon",
- "address": "0x47d390"
- },
- {
- "name": "PlayEnhMetaFile",
- "address": "0x47d394"
- },
- {
- "name": "Pie",
- "address": "0x47d398"
- },
- {
- "name": "PatBlt",
- "address": "0x47d39c"
- },
- {
- "name": "MoveToEx",
- "address": "0x47d3a0"
- },
- {
- "name": "MaskBlt",
- "address": "0x47d3a4"
- },
- {
- "name": "LineTo",
- "address": "0x47d3a8"
- },
- {
- "name": "LPtoDP",
- "address": "0x47d3ac"
- },
- {
- "name": "IntersectClipRect",
- "address": "0x47d3b0"
- },
- {
- "name": "GetWindowOrgEx",
- "address": "0x47d3b4"
- },
- {
- "name": "GetWinMetaFileBits",
- "address": "0x47d3b8"
- },
- {
- "name": "GetTextMetricsA",
- "address": "0x47d3bc"
- },
- {
- "name": "GetTextExtentPoint32A",
- "address": "0x47d3c0"
- },
- {
- "name": "GetTextAlign",
- "address": "0x47d3c4"
- },
- {
- "name": "GetSystemPaletteEntries",
- "address": "0x47d3c8"
- },
- {
- "name": "GetStockObject",
- "address": "0x47d3cc"
- },
- {
- "name": "GetPixel",
- "address": "0x47d3d0"
- },
- {
- "name": "GetPaletteEntries",
- "address": "0x47d3d4"
- },
- {
- "name": "GetObjectA",
- "address": "0x47d3d8"
- },
- {
- "name": "GetEnhMetaFilePaletteEntries",
- "address": "0x47d3dc"
- },
- {
- "name": "GetEnhMetaFileHeader",
- "address": "0x47d3e0"
- },
- {
- "name": "GetEnhMetaFileBits",
- "address": "0x47d3e4"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x47d3e8"
- },
- {
- "name": "GetDIBits",
- "address": "0x47d3ec"
- },
- {
- "name": "GetDIBColorTable",
- "address": "0x47d3f0"
- },
- {
- "name": "GetDCOrgEx",
- "address": "0x47d3f4"
- },
- {
- "name": "GetCurrentPositionEx",
- "address": "0x47d3f8"
- },
- {
- "name": "GetClipBox",
- "address": "0x47d3fc"
- },
- {
- "name": "GetBrushOrgEx",
- "address": "0x47d400"
- },
- {
- "name": "GetBkMode",
- "address": "0x47d404"
- },
- {
- "name": "GetBkColor",
- "address": "0x47d408"
- },
- {
- "name": "GetBitmapBits",
- "address": "0x47d40c"
- },
- {
- "name": "ExtTextOutA",
- "address": "0x47d410"
- },
- {
- "name": "ExtSelectClipRgn",
- "address": "0x47d414"
- },
- {
- "name": "ExtCreatePen",
- "address": "0x47d418"
- },
- {
- "name": "ExcludeClipRect",
- "address": "0x47d41c"
- },
- {
- "name": "EndDoc",
- "address": "0x47d420"
- },
- {
- "name": "Ellipse",
- "address": "0x47d424"
- },
- {
- "name": "DeleteObject",
- "address": "0x47d428"
- },
- {
- "name": "DeleteEnhMetaFile",
- "address": "0x47d42c"
- },
- {
- "name": "DeleteDC",
- "address": "0x47d430"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x47d434"
- },
- {
- "name": "CreateRectRgn",
- "address": "0x47d438"
- },
- {
- "name": "CreatePolygonRgn",
- "address": "0x47d43c"
- },
- {
- "name": "CreatePenIndirect",
- "address": "0x47d440"
- },
- {
- "name": "CreatePalette",
- "address": "0x47d444"
- },
- {
- "name": "CreateHalftonePalette",
- "address": "0x47d448"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x47d44c"
- },
- {
- "name": "CreateDIBitmap",
- "address": "0x47d450"
- },
- {
- "name": "CreateDIBSection",
- "address": "0x47d454"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x47d458"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x47d45c"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x47d460"
- },
- {
- "name": "CreateBitmap",
- "address": "0x47d464"
- },
- {
- "name": "CopyEnhMetaFileA",
- "address": "0x47d468"
- },
- {
- "name": "BitBlt",
- "address": "0x47d46c"
- },
- {
- "name": "Arc",
- "address": "0x47d470"
- }
- ],
- "dll": "gdi32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateWindowExA",
- "address": "0x47d478"
- },
- {
- "name": "WindowFromPoint",
- "address": "0x47d47c"
- },
- {
- "name": "WinHelpA",
- "address": "0x47d480"
- },
- {
- "name": "WaitMessage",
- "address": "0x47d484"
- },
- {
- "name": "UpdateWindow",
- "address": "0x47d488"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x47d48c"
- },
- {
- "name": "UnhookWindowsHookEx",
- "address": "0x47d490"
- },
- {
- "name": "TranslateMessage",
- "address": "0x47d494"
- },
- {
- "name": "TranslateMDISysAccel",
- "address": "0x47d498"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x47d49c"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x47d4a0"
- },
- {
- "name": "ShowWindow",
- "address": "0x47d4a4"
- },
- {
- "name": "ShowScrollBar",
- "address": "0x47d4a8"
- },
- {
- "name": "ShowOwnedPopups",
- "address": "0x47d4ac"
- },
- {
- "name": "ShowCursor",
- "address": "0x47d4b0"
- },
- {
- "name": "SetWindowsHookExA",
- "address": "0x47d4b4"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x47d4b8"
- },
- {
- "name": "SetWindowPos",
- "address": "0x47d4bc"
- },
- {
- "name": "SetWindowPlacement",
- "address": "0x47d4c0"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x47d4c4"
- },
- {
- "name": "SetTimer",
- "address": "0x47d4c8"
- },
- {
- "name": "SetScrollRange",
- "address": "0x47d4cc"
- },
- {
- "name": "SetScrollPos",
- "address": "0x47d4d0"
- },
- {
- "name": "SetScrollInfo",
- "address": "0x47d4d4"
- },
- {
- "name": "SetRect",
- "address": "0x47d4d8"
- },
- {
- "name": "SetPropA",
- "address": "0x47d4dc"
- },
- {
- "name": "SetParent",
- "address": "0x47d4e0"
- },
- {
- "name": "SetMenuItemInfoA",
- "address": "0x47d4e4"
- },
- {
- "name": "SetMenu",
- "address": "0x47d4e8"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x47d4ec"
- },
- {
- "name": "SetFocus",
- "address": "0x47d4f0"
- },
- {
- "name": "SetCursor",
- "address": "0x47d4f4"
- },
- {
- "name": "SetClassLongA",
- "address": "0x47d4f8"
- },
- {
- "name": "SetCapture",
- "address": "0x47d4fc"
- },
- {
- "name": "SetActiveWindow",
- "address": "0x47d500"
- },
- {
- "name": "SendMessageA",
- "address": "0x47d504"
- },
- {
- "name": "ScrollWindow",
- "address": "0x47d508"
- },
- {
- "name": "ScreenToClient",
- "address": "0x47d50c"
- },
- {
- "name": "RemovePropA",
- "address": "0x47d510"
- },
- {
- "name": "RemoveMenu",
- "address": "0x47d514"
- },
- {
- "name": "ReleaseDC",
- "address": "0x47d518"
- },
- {
- "name": "ReleaseCapture",
- "address": "0x47d51c"
- },
- {
- "name": "RegisterWindowMessageA",
- "address": "0x47d520"
- },
- {
- "name": "RegisterClipboardFormatA",
- "address": "0x47d524"
- },
- {
- "name": "RegisterClassA",
- "address": "0x47d528"
- },
- {
- "name": "RedrawWindow",
- "address": "0x47d52c"
- },
- {
- "name": "PtInRect",
- "address": "0x47d530"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x47d534"
- },
- {
- "name": "PostMessageA",
- "address": "0x47d538"
- },
- {
- "name": "PeekMessageA",
- "address": "0x47d53c"
- },
- {
- "name": "OffsetRect",
- "address": "0x47d540"
- },
- {
- "name": "OemToCharA",
- "address": "0x47d544"
- },
- {
- "name": "MessageBoxA",
- "address": "0x47d548"
- },
- {
- "name": "MapWindowPoints",
- "address": "0x47d54c"
- },
- {
- "name": "MapVirtualKeyA",
- "address": "0x47d550"
- },
- {
- "name": "LoadStringA",
- "address": "0x47d554"
- },
- {
- "name": "LoadKeyboardLayoutA",
- "address": "0x47d558"
- },
- {
- "name": "LoadIconA",
- "address": "0x47d55c"
- },
- {
- "name": "LoadCursorA",
- "address": "0x47d560"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x47d564"
- },
- {
- "name": "KillTimer",
- "address": "0x47d568"
- },
- {
- "name": "IsZoomed",
- "address": "0x47d56c"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x47d570"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x47d574"
- },
- {
- "name": "IsWindow",
- "address": "0x47d578"
- },
- {
- "name": "IsRectEmpty",
- "address": "0x47d57c"
- },
- {
- "name": "IsIconic",
- "address": "0x47d580"
- },
- {
- "name": "IsDialogMessageA",
- "address": "0x47d584"
- },
- {
- "name": "IsChild",
- "address": "0x47d588"
- },
- {
- "name": "InvalidateRect",
- "address": "0x47d58c"
- },
- {
- "name": "IntersectRect",
- "address": "0x47d590"
- },
- {
- "name": "InsertMenuItemA",
- "address": "0x47d594"
- },
- {
- "name": "InsertMenuA",
- "address": "0x47d598"
- },
- {
- "name": "InflateRect",
- "address": "0x47d59c"
- },
- {
- "name": "GetWindowThreadProcessId",
- "address": "0x47d5a0"
- },
- {
- "name": "GetWindowTextA",
- "address": "0x47d5a4"
- },
- {
- "name": "GetWindowRect",
- "address": "0x47d5a8"
- },
- {
- "name": "GetWindowPlacement",
- "address": "0x47d5ac"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x47d5b0"
- },
- {
- "name": "GetWindowDC",
- "address": "0x47d5b4"
- },
- {
- "name": "GetTopWindow",
- "address": "0x47d5b8"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x47d5bc"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x47d5c0"
- },
- {
- "name": "GetSysColorBrush",
- "address": "0x47d5c4"
- },
- {
- "name": "GetSysColor",
- "address": "0x47d5c8"
- },
- {
- "name": "GetSubMenu",
- "address": "0x47d5cc"
- },
- {
- "name": "GetScrollRange",
- "address": "0x47d5d0"
- },
- {
- "name": "GetScrollPos",
- "address": "0x47d5d4"
- },
- {
- "name": "GetScrollInfo",
- "address": "0x47d5d8"
- },
- {
- "name": "GetPropA",
- "address": "0x47d5dc"
- },
- {
- "name": "GetParent",
- "address": "0x47d5e0"
- },
- {
- "name": "GetWindow",
- "address": "0x47d5e4"
- },
- {
- "name": "GetMenuStringA",
- "address": "0x47d5e8"
- },
- {
- "name": "GetMenuState",
- "address": "0x47d5ec"
- },
- {
- "name": "GetMenuItemInfoA",
- "address": "0x47d5f0"
- },
- {
- "name": "GetMenuItemID",
- "address": "0x47d5f4"
- },
- {
- "name": "GetMenuItemCount",
- "address": "0x47d5f8"
- },
- {
- "name": "GetMenu",
- "address": "0x47d5fc"
- },
- {
- "name": "GetLastActivePopup",
- "address": "0x47d600"
- },
- {
- "name": "GetKeyboardState",
- "address": "0x47d604"
- },
- {
- "name": "GetKeyboardLayoutList",
- "address": "0x47d608"
- },
- {
- "name": "GetKeyboardLayout",
- "address": "0x47d60c"
- },
- {
- "name": "GetKeyState",
- "address": "0x47d610"
- },
- {
- "name": "GetKeyNameTextA",
- "address": "0x47d614"
- },
- {
- "name": "GetIconInfo",
- "address": "0x47d618"
- },
- {
- "name": "GetForegroundWindow",
- "address": "0x47d61c"
- },
- {
- "name": "GetFocus",
- "address": "0x47d620"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x47d624"
- },
- {
- "name": "GetDCEx",
- "address": "0x47d628"
- },
- {
- "name": "GetDC",
- "address": "0x47d62c"
- },
- {
- "name": "GetCursorPos",
- "address": "0x47d630"
- },
- {
- "name": "GetCursor",
- "address": "0x47d634"
- },
- {
- "name": "GetClipboardData",
- "address": "0x47d638"
- },
- {
- "name": "GetClientRect",
- "address": "0x47d63c"
- },
- {
- "name": "GetClassNameA",
- "address": "0x47d640"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x47d644"
- },
- {
- "name": "GetCapture",
- "address": "0x47d648"
- },
- {
- "name": "GetActiveWindow",
- "address": "0x47d64c"
- },
- {
- "name": "FrameRect",
- "address": "0x47d650"
- },
- {
- "name": "FindWindowA",
- "address": "0x47d654"
- },
- {
- "name": "FillRect",
- "address": "0x47d658"
- },
- {
- "name": "EqualRect",
- "address": "0x47d65c"
- },
- {
- "name": "EnumWindows",
- "address": "0x47d660"
- },
- {
- "name": "EnumThreadWindows",
- "address": "0x47d664"
- },
- {
- "name": "EndPaint",
- "address": "0x47d668"
- },
- {
- "name": "EnableWindow",
- "address": "0x47d66c"
- },
- {
- "name": "EnableScrollBar",
- "address": "0x47d670"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x47d674"
- },
- {
- "name": "DrawTextA",
- "address": "0x47d678"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x47d67c"
- },
- {
- "name": "DrawIconEx",
- "address": "0x47d680"
- },
- {
- "name": "DrawIcon",
- "address": "0x47d684"
- },
- {
- "name": "DrawFrameControl",
- "address": "0x47d688"
- },
- {
- "name": "DrawFocusRect",
- "address": "0x47d68c"
- },
- {
- "name": "DrawEdge",
- "address": "0x47d690"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x47d694"
- },
- {
- "name": "DestroyWindow",
- "address": "0x47d698"
- },
- {
- "name": "DestroyMenu",
- "address": "0x47d69c"
- },
- {
- "name": "DestroyIcon",
- "address": "0x47d6a0"
- },
- {
- "name": "DestroyCursor",
- "address": "0x47d6a4"
- },
- {
- "name": "DeleteMenu",
- "address": "0x47d6a8"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x47d6ac"
- },
- {
- "name": "DefMDIChildProcA",
- "address": "0x47d6b0"
- },
- {
- "name": "DefFrameProcA",
- "address": "0x47d6b4"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x47d6b8"
- },
- {
- "name": "CreateMenu",
- "address": "0x47d6bc"
- },
- {
- "name": "CreateIcon",
- "address": "0x47d6c0"
- },
- {
- "name": "ClientToScreen",
- "address": "0x47d6c4"
- },
- {
- "name": "CheckMenuItem",
- "address": "0x47d6c8"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x47d6cc"
- },
- {
- "name": "CallNextHookEx",
- "address": "0x47d6d0"
- },
- {
- "name": "BringWindowToTop",
- "address": "0x47d6d4"
- },
- {
- "name": "BeginPaint",
- "address": "0x47d6d8"
- },
- {
- "name": "CharNextA",
- "address": "0x47d6dc"
- },
- {
- "name": "CharLowerBuffA",
- "address": "0x47d6e0"
- },
- {
- "name": "CharLowerA",
- "address": "0x47d6e4"
- },
- {
- "name": "CharUpperBuffA",
- "address": "0x47d6e8"
- },
- {
- "name": "CharToOemA",
- "address": "0x47d6ec"
- },
- {
- "name": "AdjustWindowRectEx",
- "address": "0x47d6f0"
- },
- {
- "name": "ActivateKeyboardLayout",
- "address": "0x47d6f4"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "Sleep",
- "address": "0x47d6fc"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "SafeArrayPtrOfIndex",
- "address": "0x47d704"
- },
- {
- "name": "SafeArrayGetUBound",
- "address": "0x47d708"
- },
- {
- "name": "SafeArrayGetLBound",
- "address": "0x47d70c"
- },
- {
- "name": "SafeArrayCreate",
- "address": "0x47d710"
- },
- {
- "name": "VariantChangeType",
- "address": "0x47d714"
- },
- {
- "name": "VariantCopy",
- "address": "0x47d718"
- },
- {
- "name": "VariantClear",
- "address": "0x47d71c"
- },
- {
- "name": "VariantInit",
- "address": "0x47d720"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_SetIconSize",
- "address": "0x47d728"
- },
- {
- "name": "ImageList_GetIconSize",
- "address": "0x47d72c"
- },
- {
- "name": "ImageList_Write",
- "address": "0x47d730"
- },
- {
- "name": "ImageList_Read",
- "address": "0x47d734"
- },
- {
- "name": "ImageList_GetDragImage",
- "address": "0x47d738"
- },
- {
- "name": "ImageList_DragShowNolock",
- "address": "0x47d73c"
- },
- {
- "name": "ImageList_SetDragCursorImage",
- "address": "0x47d740"
- },
- {
- "name": "ImageList_DragMove",
- "address": "0x47d744"
- },
- {
- "name": "ImageList_DragLeave",
- "address": "0x47d748"
- },
- {
- "name": "ImageList_DragEnter",
- "address": "0x47d74c"
- },
- {
- "name": "ImageList_EndDrag",
- "address": "0x47d750"
- },
- {
- "name": "ImageList_BeginDrag",
- "address": "0x47d754"
- },
- {
- "name": "ImageList_Remove",
- "address": "0x47d758"
- },
- {
- "name": "ImageList_DrawEx",
- "address": "0x47d75c"
- },
- {
- "name": "ImageList_Draw",
- "address": "0x47d760"
- },
- {
- "name": "ImageList_GetBkColor",
- "address": "0x47d764"
- },
- {
- "name": "ImageList_SetBkColor",
- "address": "0x47d768"
- },
- {
- "name": "ImageList_ReplaceIcon",
- "address": "0x47d76c"
- },
- {
- "name": "ImageList_Add",
- "address": "0x47d770"
- },
- {
- "name": "ImageList_GetImageCount",
- "address": "0x47d774"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x47d778"
- },
- {
- "name": "ImageList_Create",
- "address": "0x47d77c"
- }
- ],
- "dll": "comctl32.dll"
- },
- {
- "imports": [
- {
- "name": "ReplaceTextA",
- "address": "0x47d784"
- },
- {
- "name": "FindTextA",
- "address": "0x47d788"
- }
- ],
- "dll": "comdlg32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000c3d69",
- "overlay": {
- "size": "0x00000206",
- "offset": "0x000ba400"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00470ff8",
- "timestamp": "1992-01-20 05:30:17",
- "osversion": "4.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00070200",
- "entropy": "6.51",
- "raw_address": "0x00000400",
- "virtual_size": "0x00070040",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00072000",
- "size_of_data": "0x00009400",
- "entropy": "5.04",
- "raw_address": "0x00070600",
- "virtual_size": "0x00009370",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "BSS",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0007c000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00079a00",
- "virtual_size": "0x00000d21",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0007d000",
- "size_of_data": "0x00002400",
- "entropy": "4.93",
- "raw_address": "0x00079a00",
- "virtual_size": "0x00002286",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".tls",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00080000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x0007be00",
- "virtual_size": "0x00000010",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00081000",
- "size_of_data": "0x00000200",
- "entropy": "0.16",
- "raw_address": "0x0007be00",
- "virtual_size": "0x00000018",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00082000",
- "size_of_data": "0x00007c00",
- "entropy": "6.65",
- "raw_address": "0x0007c000",
- "virtual_size": "0x00007bf8",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0008a000",
- "size_of_data": "0x00036800",
- "entropy": "7.40",
- "raw_address": "0x00083c00",
- "virtual_size": "0x0003661c",
- "characteristics_raw": "0x50000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0007d000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00002286"
- },
- {
- "virtual_address": "0x0008a000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x0003661c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00082000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00007bf8"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00081000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "115a4c7ae85e70a5c7e1301091e6456a",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 14,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
