9874100.json

1.  
2. [*] MalFamily: "Malicious"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "9874100"
7. [*] File Size: 599040
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "b4fc798fde165d6d17631a3c6c982a383f32d4abedc460fe8a650ace5f258fef"
10. [*] MD5: "7b0c155d7ec7fcd784eeda3873ac3e51"
11. [*] SHA1: "7750c072b0c37bb2c73c1f3b3c8f052b71e55616"
12. [*] SHA512: "c451b5e52b2325683c5937257467528797f22b41cd3b057fc22535c49f2d73bea436455e742690412daaf789e6e08dab22cc6e17cc1bb4a1bb1f7ada2d4ec0be"
13. [*] CRC32: "E0F57D3C"
14. [*] SSDEEP: "12288:9fIKMF//5bkMof1NHR+SAlOOkS6tlKs0FQLHJ:VvMZ54MINHRFACZ/DuuJ"
15.  
16. [*] Process Execution: [
17. "9874100.exe",
18. "isou.exe",
19. "isou.exe"
20. ]
21.  
22. [*] Signatures Detected: [
23. {
24. "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
25. "Details": [
26. {
27. "IP": "185.79.156.23:80"
28. }
29. ]
30. },
31. {
32. "Description": "Creates RWX memory",
33. "Details": []
34. },
35. {
36. "Description": "Possible date expiration check, exits too soon after checking local time",
37. "Details": [
38. {
39. "process": "isou.exe, PID 200"
40. }
41. ]
42. },
43. {
44. "Description": "Drops a binary and executes it",
45. "Details": [
46. {
47. "binary": "C:\\Users\\user\\AppData\\Roaming\\lsiwk\\isou.exe"
48. }
49. ]
50. },
51. {
52. "Description": "The binary likely contains encrypted or compressed data.",
53. "Details": [
54. {
55. "section": "name: .rsrc, entropy: 7.22, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x00026c00, virtual_size: 0x00026ad4"
56. }
57. ]
58. },
59. {
60. "Description": "Executed a process and injected code into it, probably while unpacking",
61. "Details": [
62. {
63. "Injection": "isou.exe(1168) -> isou.exe(200)"
64. }
65. ]
66. },
67. {
68. "Description": "Installs itself for autorun at Windows startup",
69. "Details": [
70. {
71. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\lsiwk.vbs"
72. },
73. {
74. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\lsiwk.vbs"
75. }
76. ]
77. },
78. {
79. "Description": "File has been identified by 28 Antiviruses on VirusTotal as malicious",
80. "Details": [
81. {
82. "MicroWorld-eScan": "Gen:Variant.Strictor.198030"
83. },
84. {
85. "FireEye": "Generic.mg.7b0c155d7ec7fcd7"
86. },
87. {
88. "Qihoo-360": "HEUR/QVM05.1.CF1B.Malware.Gen"
89. },
90. {
91. "McAfee": "Artemis!7B0C155D7EC7"
92. },
93. {
94. "BitDefender": "Gen:Variant.Strictor.198030"
95. },
96. {
97. "K7GW": "Riskware ( 0040eff71 )"
98. },
99. {
100. "K7AntiVirus": "Riskware ( 0040eff71 )"
101. },
102. {
103. "Invincea": "heuristic"
104. },
105. {
106. "Symantec": "ML.Attribute.HighConfidence"
107. },
108. {
109. "APEX": "Malicious"
110. },
111. {
112. "Paloalto": "generic.ml"
113. },
114. {
115. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
116. },
117. {
118. "Endgame": "malicious (high confidence)"
119. },
120. {
121. "TrendMicro": "TSPY_HPFAREIT.SMROX"
122. },
123. {
124. "McAfee-GW-Edition": "BehavesLike.Win32.Fareit.hh"
125. },
126. {
127. "Webroot": "W32.Rogue.Gen"
128. },
129. {
130. "Microsoft": "Trojan:Win32/Fuerboos.E!cl"
131. },
132. {
133. "AhnLab-V3": "Win-Trojan/Delphiless.Exp"
134. },
135. {
136. "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
137. },
138. {
139. "ESET-NOD32": "a variant of Win32/Injector.EFYV"
140. },
141. {
142. "Acronis": "suspicious"
143. },
144. {
145. "Cylance": "Unsafe"
146. },
147. {
148. "TrendMicro-HouseCall": "TSPY_HPFAREIT.SMROX"
149. },
150. {
151. "Fortinet": "W32/GenKryptik.CEMY!tr"
152. },
153. {
154. "AVG": "Win32:Malware-gen"
155. },
156. {
157. "Cybereason": "malicious.2b0c37"
158. },
159. {
160. "Avast": "Win32:Malware-gen"
161. },
162. {
163. "CrowdStrike": "win/malicious_confidence_80% (D)"
164. }
165. ]
166. },
167. {
168. "Description": "Creates a copy of itself",
169. "Details": [
170. {
171. "copy": "C:\\Users\\user\\AppData\\Roaming\\lsiwk\\isou.exe"
172. }
173. ]
174. },
175. {
176. "Description": "Attempts to interact with an Alternate Data Stream (ADS)",
177. "Details": [
178. {
179. "file": "C:\\Users\\user\\AppData\\Roaming\\lsiwk\\isou.exe:ZoneIdentifier"
180. }
181. ]
182. },
183. {
184. "Description": "Collects information to fingerprint the system",
185. "Details": []
186. },
187. {
188. "Description": "Anomalous binary characteristics",
189. "Details": [
190. {
191. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
192. }
193. ]
194. }
195. ]
196.  
197. [*] Started Service: []
198.  
199. [*] Executed Commands: [
200. "\"C:\\Users\\user\\AppData\\Roaming\\lsiwk\\isou.exe\""
201. ]
202.  
203. [*] Mutexes: [
204. "A81FB8C6-0BBE6E18-6FC9B5DB-536DA455-933946726"
205. ]
206.  
207. [*] Modified Files: [
208. "C:\\Users\\user\\AppData\\Roaming\\lsiwk\\isou.exe",
209. "C:\\Users\\user\\AppData\\Roaming\\lsiwk\\isou.exe:ZoneIdentifier",
210. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\lsiwk.vbs"
211. ]
212.  
213. [*] Deleted Files: [
214. "C:\\Users\\user\\AppData\\Roaming\\lsiwk\\isou.exe",
215. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\lsiwk.vbs"
216. ]
217.  
218. [*] Modified Registry Keys: []
219.  
220. [*] Deleted Registry Keys: []
221.  
222. [*] DNS Communications: []
223.  
224. [*] Domains: []
225.  
226. [*] Network Communication - ICMP: []
227.  
228. [*] Network Communication - HTTP: []
229.  
230. [*] Network Communication - SMTP: []
231.  
232. [*] Network Communication - Hosts: []
233.  
234. [*] Network Communication - IRC: []
235.  
236. [*] Static Analysis: {
237. "pe": {
238. "peid_signatures": null,
239. "imports": [
240. {
241. "imports": [
242. {
243. "name": "DeleteCriticalSection",
244. "address": "0x466140"
245. },
246. {
247. "name": "LeaveCriticalSection",
248. "address": "0x466144"
249. },
250. {
251. "name": "EnterCriticalSection",
252. "address": "0x466148"
253. },
254. {
255. "name": "InitializeCriticalSection",
256. "address": "0x46614c"
257. },
258. {
259. "name": "VirtualFree",
260. "address": "0x466150"
261. },
262. {
263. "name": "VirtualAlloc",
264. "address": "0x466154"
265. },
266. {
267. "name": "LocalFree",
268. "address": "0x466158"
269. },
270. {
271. "name": "LocalAlloc",
272. "address": "0x46615c"
273. },
274. {
275. "name": "GetVersion",
276. "address": "0x466160"
277. },
278. {
279. "name": "GetCurrentThreadId",
280. "address": "0x466164"
281. },
282. {
283. "name": "InterlockedDecrement",
284. "address": "0x466168"
285. },
286. {
287. "name": "InterlockedIncrement",
288. "address": "0x46616c"
289. },
290. {
291. "name": "VirtualQuery",
292. "address": "0x466170"
293. },
294. {
295. "name": "WideCharToMultiByte",
296. "address": "0x466174"
297. },
298. {
299. "name": "MultiByteToWideChar",
300. "address": "0x466178"
301. },
302. {
303. "name": "lstrlenA",
304. "address": "0x46617c"
305. },
306. {
307. "name": "lstrcpynA",
308. "address": "0x466180"
309. },
310. {
311. "name": "LoadLibraryExA",
312. "address": "0x466184"
313. },
314. {
315. "name": "GetThreadLocale",
316. "address": "0x466188"
317. },
318. {
319. "name": "GetStartupInfoA",
320. "address": "0x46618c"
321. },
322. {
323. "name": "GetProcAddress",
324. "address": "0x466190"
325. },
326. {
327. "name": "GetModuleHandleA",
328. "address": "0x466194"
329. },
330. {
331. "name": "GetModuleFileNameA",
332. "address": "0x466198"
333. },
334. {
335. "name": "GetLocaleInfoA",
336. "address": "0x46619c"
337. },
338. {
339. "name": "GetCommandLineA",
340. "address": "0x4661a0"
341. },
342. {
343. "name": "FreeLibrary",
344. "address": "0x4661a4"
345. },
346. {
347. "name": "FindFirstFileA",
348. "address": "0x4661a8"
349. },
350. {
351. "name": "FindClose",
352. "address": "0x4661ac"
353. },
354. {
355. "name": "ExitProcess",
356. "address": "0x4661b0"
357. },
358. {
359. "name": "WriteFile",
360. "address": "0x4661b4"
361. },
362. {
363. "name": "UnhandledExceptionFilter",
364. "address": "0x4661b8"
365. },
366. {
367. "name": "RtlUnwind",
368. "address": "0x4661bc"
369. },
370. {
371. "name": "RaiseException",
372. "address": "0x4661c0"
373. },
374. {
375. "name": "GetStdHandle",
376. "address": "0x4661c4"
377. }
378. ],
379. "dll": "kernel32.dll"
380. },
381. {
382. "imports": [
383. {
384. "name": "GetKeyboardType",
385. "address": "0x4661cc"
386. },
387. {
388. "name": "LoadStringA",
389. "address": "0x4661d0"
390. },
391. {
392. "name": "MessageBoxA",
393. "address": "0x4661d4"
394. },
395. {
396. "name": "CharNextA",
397. "address": "0x4661d8"
398. }
399. ],
400. "dll": "user32.dll"
401. },
402. {
403. "imports": [
404. {
405. "name": "RegQueryValueExA",
406. "address": "0x4661e0"
407. },
408. {
409. "name": "RegOpenKeyExA",
410. "address": "0x4661e4"
411. },
412. {
413. "name": "RegCloseKey",
414. "address": "0x4661e8"
415. }
416. ],
417. "dll": "advapi32.dll"
418. },
419. {
420. "imports": [
421. {
422. "name": "SysFreeString",
423. "address": "0x4661f0"
424. },
425. {
426. "name": "SysReAllocStringLen",
427. "address": "0x4661f4"
428. },
429. {
430. "name": "SysAllocStringLen",
431. "address": "0x4661f8"
432. }
433. ],
434. "dll": "oleaut32.dll"
435. },
436. {
437. "imports": [
438. {
439. "name": "TlsSetValue",
440. "address": "0x466200"
441. },
442. {
443. "name": "TlsGetValue",
444. "address": "0x466204"
445. },
446. {
447. "name": "LocalAlloc",
448. "address": "0x466208"
449. },
450. {
451. "name": "GetModuleHandleA",
452. "address": "0x46620c"
453. }
454. ],
455. "dll": "kernel32.dll"
456. },
457. {
458. "imports": [
459. {
460. "name": "RegQueryValueExA",
461. "address": "0x466214"
462. },
463. {
464. "name": "RegOpenKeyExA",
465. "address": "0x466218"
466. },
467. {
468. "name": "RegCloseKey",
469. "address": "0x46621c"
470. }
471. ],
472. "dll": "advapi32.dll"
473. },
474. {
475. "imports": [
476. {
477. "name": "lstrcpyA",
478. "address": "0x466224"
479. },
480. {
481. "name": "WriteFile",
482. "address": "0x466228"
483. },
484. {
485. "name": "WaitForSingleObject",
486. "address": "0x46622c"
487. },
488. {
489. "name": "VirtualQuery",
490. "address": "0x466230"
491. },
492. {
493. "name": "VirtualAlloc",
494. "address": "0x466234"
495. },
496. {
497. "name": "Sleep",
498. "address": "0x466238"
499. },
500. {
501. "name": "SizeofResource",
502. "address": "0x46623c"
503. },
504. {
505. "name": "SetThreadLocale",
506. "address": "0x466240"
507. },
508. {
509. "name": "SetFilePointer",
510. "address": "0x466244"
511. },
512. {
513. "name": "SetEvent",
514. "address": "0x466248"
515. },
516. {
517. "name": "SetErrorMode",
518. "address": "0x46624c"
519. },
520. {
521. "name": "SetEndOfFile",
522. "address": "0x466250"
523. },
524. {
525. "name": "ResetEvent",
526. "address": "0x466254"
527. },
528. {
529. "name": "ReadFile",
530. "address": "0x466258"
531. },
532. {
533. "name": "MulDiv",
534. "address": "0x46625c"
535. },
536. {
537. "name": "LockResource",
538. "address": "0x466260"
539. },
540. {
541. "name": "LoadResource",
542. "address": "0x466264"
543. },
544. {
545. "name": "LoadLibraryA",
546. "address": "0x466268"
547. },
548. {
549. "name": "LeaveCriticalSection",
550. "address": "0x46626c"
551. },
552. {
553. "name": "InitializeCriticalSection",
554. "address": "0x466270"
555. },
556. {
557. "name": "GlobalUnlock",
558. "address": "0x466274"
559. },
560. {
561. "name": "GlobalSize",
562. "address": "0x466278"
563. },
564. {
565. "name": "GlobalReAlloc",
566. "address": "0x46627c"
567. },
568. {
569. "name": "GlobalHandle",
570. "address": "0x466280"
571. },
572. {
573. "name": "GlobalLock",
574. "address": "0x466284"
575. },
576. {
577. "name": "GlobalFree",
578. "address": "0x466288"
579. },
580. {
581. "name": "GlobalFindAtomA",
582. "address": "0x46628c"
583. },
584. {
585. "name": "GlobalDeleteAtom",
586. "address": "0x466290"
587. },
588. {
589. "name": "GlobalAlloc",
590. "address": "0x466294"
591. },
592. {
593. "name": "GlobalAddAtomA",
594. "address": "0x466298"
595. },
596. {
597. "name": "GetVersionExA",
598. "address": "0x46629c"
599. },
600. {
601. "name": "GetVersion",
602. "address": "0x4662a0"
603. },
604. {
605. "name": "GetTickCount",
606. "address": "0x4662a4"
607. },
608. {
609. "name": "GetThreadLocale",
610. "address": "0x4662a8"
611. },
612. {
613. "name": "GetSystemInfo",
614. "address": "0x4662ac"
615. },
616. {
617. "name": "GetStringTypeExA",
618. "address": "0x4662b0"
619. },
620. {
621. "name": "GetStdHandle",
622. "address": "0x4662b4"
623. },
624. {
625. "name": "GetProfileStringA",
626. "address": "0x4662b8"
627. },
628. {
629. "name": "GetProcAddress",
630. "address": "0x4662bc"
631. },
632. {
633. "name": "GetModuleHandleA",
634. "address": "0x4662c0"
635. },
636. {
637. "name": "GetModuleFileNameA",
638. "address": "0x4662c4"
639. },
640. {
641. "name": "GetLocaleInfoA",
642. "address": "0x4662c8"
643. },
644. {
645. "name": "GetLocalTime",
646. "address": "0x4662cc"
647. },
648. {
649. "name": "GetLastError",
650. "address": "0x4662d0"
651. },
652. {
653. "name": "GetFullPathNameA",
654. "address": "0x4662d4"
655. },
656. {
657. "name": "GetDiskFreeSpaceA",
658. "address": "0x4662d8"
659. },
660. {
661. "name": "GetDateFormatA",
662. "address": "0x4662dc"
663. },
664. {
665. "name": "GetCurrentThreadId",
666. "address": "0x4662e0"
667. },
668. {
669. "name": "GetCurrentProcessId",
670. "address": "0x4662e4"
671. },
672. {
673. "name": "GetCPInfo",
674. "address": "0x4662e8"
675. },
676. {
677. "name": "GetACP",
678. "address": "0x4662ec"
679. },
680. {
681. "name": "FreeResource",
682. "address": "0x4662f0"
683. },
684. {
685. "name": "InterlockedExchange",
686. "address": "0x4662f4"
687. },
688. {
689. "name": "FreeLibrary",
690. "address": "0x4662f8"
691. },
692. {
693. "name": "FormatMessageA",
694. "address": "0x4662fc"
695. },
696. {
697. "name": "FindResourceA",
698. "address": "0x466300"
699. },
700. {
701. "name": "EnumCalendarInfoA",
702. "address": "0x466304"
703. },
704. {
705. "name": "EnterCriticalSection",
706. "address": "0x466308"
707. },
708. {
709. "name": "DeleteCriticalSection",
710. "address": "0x46630c"
711. },
712. {
713. "name": "CreateThread",
714. "address": "0x466310"
715. },
716. {
717. "name": "CreateFileA",
718. "address": "0x466314"
719. },
720. {
721. "name": "CreateEventA",
722. "address": "0x466318"
723. },
724. {
725. "name": "CompareStringA",
726. "address": "0x46631c"
727. },
728. {
729. "name": "CloseHandle",
730. "address": "0x466320"
731. }
732. ],
733. "dll": "kernel32.dll"
734. },
735. {
736. "imports": [
737. {
738. "name": "VerQueryValueA",
739. "address": "0x466328"
740. },
741. {
742. "name": "GetFileVersionInfoSizeA",
743. "address": "0x46632c"
744. },
745. {
746. "name": "GetFileVersionInfoA",
747. "address": "0x466330"
748. }
749. ],
750. "dll": "version.dll"
751. },
752. {
753. "imports": [
754. {
755. "name": "UnrealizeObject",
756. "address": "0x466338"
757. },
758. {
759. "name": "StretchBlt",
760. "address": "0x46633c"
761. },
762. {
763. "name": "SetWindowOrgEx",
764. "address": "0x466340"
765. },
766. {
767. "name": "SetViewportOrgEx",
768. "address": "0x466344"
769. },
770. {
771. "name": "SetTextColor",
772. "address": "0x466348"
773. },
774. {
775. "name": "SetStretchBltMode",
776. "address": "0x46634c"
777. },
778. {
779. "name": "SetROP2",
780. "address": "0x466350"
781. },
782. {
783. "name": "SetPixel",
784. "address": "0x466354"
785. },
786. {
787. "name": "SetDIBColorTable",
788. "address": "0x466358"
789. },
790. {
791. "name": "SetBrushOrgEx",
792. "address": "0x46635c"
793. },
794. {
795. "name": "SetBkMode",
796. "address": "0x466360"
797. },
798. {
799. "name": "SetBkColor",
800. "address": "0x466364"
801. },
802. {
803. "name": "SelectPalette",
804. "address": "0x466368"
805. },
806. {
807. "name": "SelectObject",
808. "address": "0x46636c"
809. },
810. {
811. "name": "ScaleWindowExtEx",
812. "address": "0x466370"
813. },
814. {
815. "name": "SaveDC",
816. "address": "0x466374"
817. },
818. {
819. "name": "RestoreDC",
820. "address": "0x466378"
821. },
822. {
823. "name": "Rectangle",
824. "address": "0x46637c"
825. },
826. {
827. "name": "RectVisible",
828. "address": "0x466380"
829. },
830. {
831. "name": "RealizePalette",
832. "address": "0x466384"
833. },
834. {
835. "name": "PatBlt",
836. "address": "0x466388"
837. },
838. {
839. "name": "MoveToEx",
840. "address": "0x46638c"
841. },
842. {
843. "name": "MaskBlt",
844. "address": "0x466390"
845. },
846. {
847. "name": "LineTo",
848. "address": "0x466394"
849. },
850. {
851. "name": "IntersectClipRect",
852. "address": "0x466398"
853. },
854. {
855. "name": "GetWindowOrgEx",
856. "address": "0x46639c"
857. },
858. {
859. "name": "GetTextMetricsA",
860. "address": "0x4663a0"
861. },
862. {
863. "name": "GetTextExtentPoint32A",
864. "address": "0x4663a4"
865. },
866. {
867. "name": "GetSystemPaletteEntries",
868. "address": "0x4663a8"
869. },
870. {
871. "name": "GetStockObject",
872. "address": "0x4663ac"
873. },
874. {
875. "name": "GetPixel",
876. "address": "0x4663b0"
877. },
878. {
879. "name": "GetPaletteEntries",
880. "address": "0x4663b4"
881. },
882. {
883. "name": "GetObjectA",
884. "address": "0x4663b8"
885. },
886. {
887. "name": "GetDeviceCaps",
888. "address": "0x4663bc"
889. },
890. {
891. "name": "GetDIBits",
892. "address": "0x4663c0"
893. },
894. {
895. "name": "GetDIBColorTable",
896. "address": "0x4663c4"
897. },
898. {
899. "name": "GetDCOrgEx",
900. "address": "0x4663c8"
901. },
902. {
903. "name": "GetCurrentPositionEx",
904. "address": "0x4663cc"
905. },
906. {
907. "name": "GetClipBox",
908. "address": "0x4663d0"
909. },
910. {
911. "name": "GetBrushOrgEx",
912. "address": "0x4663d4"
913. },
914. {
915. "name": "GetBitmapBits",
916. "address": "0x4663d8"
917. },
918. {
919. "name": "ExtTextOutA",
920. "address": "0x4663dc"
921. },
922. {
923. "name": "ExcludeClipRect",
924. "address": "0x4663e0"
925. },
926. {
927. "name": "EndPage",
928. "address": "0x4663e4"
929. },
930. {
931. "name": "EndDoc",
932. "address": "0x4663e8"
933. },
934. {
935. "name": "DeleteObject",
936. "address": "0x4663ec"
937. },
938. {
939. "name": "DeleteDC",
940. "address": "0x4663f0"
941. },
942. {
943. "name": "CreateSolidBrush",
944. "address": "0x4663f4"
945. },
946. {
947. "name": "CreatePenIndirect",
948. "address": "0x4663f8"
949. },
950. {
951. "name": "CreatePen",
952. "address": "0x4663fc"
953. },
954. {
955. "name": "CreatePalette",
956. "address": "0x466400"
957. },
958. {
959. "name": "CreateICA",
960. "address": "0x466404"
961. },
962. {
963. "name": "CreateHalftonePalette",
964. "address": "0x466408"
965. },
966. {
967. "name": "CreateFontIndirectA",
968. "address": "0x46640c"
969. },
970. {
971. "name": "CreateDIBitmap",
972. "address": "0x466410"
973. },
974. {
975. "name": "CreateDIBSection",
976. "address": "0x466414"
977. },
978. {
979. "name": "CreateDCA",
980. "address": "0x466418"
981. },
982. {
983. "name": "CreateCompatibleDC",
984. "address": "0x46641c"
985. },
986. {
987. "name": "CreateCompatibleBitmap",
988. "address": "0x466420"
989. },
990. {
991. "name": "CreateBrushIndirect",
992. "address": "0x466424"
993. },
994. {
995. "name": "CreateBitmap",
996. "address": "0x466428"
997. },
998. {
999. "name": "BitBlt",
1000. "address": "0x46642c"
1001. }
1002. ],
1003. "dll": "gdi32.dll"
1004. },
1005. {
1006. "imports": [
1007. {
1008. "name": "CreateWindowExA",
1009. "address": "0x466434"
1010. },
1011. {
1012. "name": "WindowFromPoint",
1013. "address": "0x466438"
1014. },
1015. {
1016. "name": "WinHelpA",
1017. "address": "0x46643c"
1018. },
1019. {
1020. "name": "WaitMessage",
1021. "address": "0x466440"
1022. },
1023. {
1024. "name": "ValidateRect",
1025. "address": "0x466444"
1026. },
1027. {
1028. "name": "UpdateWindow",
1029. "address": "0x466448"
1030. },
1031. {
1032. "name": "UnregisterClassA",
1033. "address": "0x46644c"
1034. },
1035. {
1036. "name": "UnhookWindowsHookEx",
1037. "address": "0x466450"
1038. },
1039. {
1040. "name": "TranslateMessage",
1041. "address": "0x466454"
1042. },
1043. {
1044. "name": "TranslateMDISysAccel",
1045. "address": "0x466458"
1046. },
1047. {
1048. "name": "TrackPopupMenu",
1049. "address": "0x46645c"
1050. },
1051. {
1052. "name": "SystemParametersInfoA",
1053. "address": "0x466460"
1054. },
1055. {
1056. "name": "ShowWindow",
1057. "address": "0x466464"
1058. },
1059. {
1060. "name": "ShowScrollBar",
1061. "address": "0x466468"
1062. },
1063. {
1064. "name": "ShowOwnedPopups",
1065. "address": "0x46646c"
1066. },
1067. {
1068. "name": "ShowCursor",
1069. "address": "0x466470"
1070. },
1071. {
1072. "name": "SetWindowsHookExA",
1073. "address": "0x466474"
1074. },
1075. {
1076. "name": "SetWindowTextA",
1077. "address": "0x466478"
1078. },
1079. {
1080. "name": "SetWindowPos",
1081. "address": "0x46647c"
1082. },
1083. {
1084. "name": "SetWindowPlacement",
1085. "address": "0x466480"
1086. },
1087. {
1088. "name": "SetWindowLongA",
1089. "address": "0x466484"
1090. },
1091. {
1092. "name": "SetTimer",
1093. "address": "0x466488"
1094. },
1095. {
1096. "name": "SetScrollRange",
1097. "address": "0x46648c"
1098. },
1099. {
1100. "name": "SetScrollPos",
1101. "address": "0x466490"
1102. },
1103. {
1104. "name": "SetScrollInfo",
1105. "address": "0x466494"
1106. },
1107. {
1108. "name": "SetRect",
1109. "address": "0x466498"
1110. },
1111. {
1112. "name": "SetPropA",
1113. "address": "0x46649c"
1114. },
1115. {
1116. "name": "SetParent",
1117. "address": "0x4664a0"
1118. },
1119. {
1120. "name": "SetMenuItemInfoA",
1121. "address": "0x4664a4"
1122. },
1123. {
1124. "name": "SetMenu",
1125. "address": "0x4664a8"
1126. },
1127. {
1128. "name": "SetForegroundWindow",
1129. "address": "0x4664ac"
1130. },
1131. {
1132. "name": "SetFocus",
1133. "address": "0x4664b0"
1134. },
1135. {
1136. "name": "SetCursor",
1137. "address": "0x4664b4"
1138. },
1139. {
1140. "name": "SetClassLongA",
1141. "address": "0x4664b8"
1142. },
1143. {
1144. "name": "SetCapture",
1145. "address": "0x4664bc"
1146. },
1147. {
1148. "name": "SetActiveWindow",
1149. "address": "0x4664c0"
1150. },
1151. {
1152. "name": "SendMessageA",
1153. "address": "0x4664c4"
1154. },
1155. {
1156. "name": "ScrollWindow",
1157. "address": "0x4664c8"
1158. },
1159. {
1160. "name": "ScreenToClient",
1161. "address": "0x4664cc"
1162. },
1163. {
1164. "name": "RemovePropA",
1165. "address": "0x4664d0"
1166. },
1167. {
1168. "name": "RemoveMenu",
1169. "address": "0x4664d4"
1170. },
1171. {
1172. "name": "ReleaseDC",
1173. "address": "0x4664d8"
1174. },
1175. {
1176. "name": "ReleaseCapture",
1177. "address": "0x4664dc"
1178. },
1179. {
1180. "name": "RegisterWindowMessageA",
1181. "address": "0x4664e0"
1182. },
1183. {
1184. "name": "RegisterClipboardFormatA",
1185. "address": "0x4664e4"
1186. },
1187. {
1188. "name": "RegisterClassA",
1189. "address": "0x4664e8"
1190. },
1191. {
1192. "name": "RedrawWindow",
1193. "address": "0x4664ec"
1194. },
1195. {
1196. "name": "PtInRect",
1197. "address": "0x4664f0"
1198. },
1199. {
1200. "name": "PostQuitMessage",
1201. "address": "0x4664f4"
1202. },
1203. {
1204. "name": "PostMessageA",
1205. "address": "0x4664f8"
1206. },
1207. {
1208. "name": "PeekMessageA",
1209. "address": "0x4664fc"
1210. },
1211. {
1212. "name": "OffsetRect",
1213. "address": "0x466500"
1214. },
1215. {
1216. "name": "OemToCharA",
1217. "address": "0x466504"
1218. },
1219. {
1220. "name": "MessageBoxA",
1221. "address": "0x466508"
1222. },
1223. {
1224. "name": "MapWindowPoints",
1225. "address": "0x46650c"
1226. },
1227. {
1228. "name": "MapVirtualKeyA",
1229. "address": "0x466510"
1230. },
1231. {
1232. "name": "LoadStringA",
1233. "address": "0x466514"
1234. },
1235. {
1236. "name": "LoadKeyboardLayoutA",
1237. "address": "0x466518"
1238. },
1239. {
1240. "name": "LoadIconA",
1241. "address": "0x46651c"
1242. },
1243. {
1244. "name": "LoadCursorA",
1245. "address": "0x466520"
1246. },
1247. {
1248. "name": "LoadBitmapA",
1249. "address": "0x466524"
1250. },
1251. {
1252. "name": "KillTimer",
1253. "address": "0x466528"
1254. },
1255. {
1256. "name": "IsZoomed",
1257. "address": "0x46652c"
1258. },
1259. {
1260. "name": "IsWindowVisible",
1261. "address": "0x466530"
1262. },
1263. {
1264. "name": "IsWindowEnabled",
1265. "address": "0x466534"
1266. },
1267. {
1268. "name": "IsWindow",
1269. "address": "0x466538"
1270. },
1271. {
1272. "name": "IsRectEmpty",
1273. "address": "0x46653c"
1274. },
1275. {
1276. "name": "IsIconic",
1277. "address": "0x466540"
1278. },
1279. {
1280. "name": "IsDialogMessageA",
1281. "address": "0x466544"
1282. },
1283. {
1284. "name": "IsChild",
1285. "address": "0x466548"
1286. },
1287. {
1288. "name": "InvalidateRect",
1289. "address": "0x46654c"
1290. },
1291. {
1292. "name": "IntersectRect",
1293. "address": "0x466550"
1294. },
1295. {
1296. "name": "InsertMenuItemA",
1297. "address": "0x466554"
1298. },
1299. {
1300. "name": "InsertMenuA",
1301. "address": "0x466558"
1302. },
1303. {
1304. "name": "InflateRect",
1305. "address": "0x46655c"
1306. },
1307. {
1308. "name": "GetWindowThreadProcessId",
1309. "address": "0x466560"
1310. },
1311. {
1312. "name": "GetWindowTextA",
1313. "address": "0x466564"
1314. },
1315. {
1316. "name": "GetWindowRect",
1317. "address": "0x466568"
1318. },
1319. {
1320. "name": "GetWindowPlacement",
1321. "address": "0x46656c"
1322. },
1323. {
1324. "name": "GetWindowLongA",
1325. "address": "0x466570"
1326. },
1327. {
1328. "name": "GetWindowDC",
1329. "address": "0x466574"
1330. },
1331. {
1332. "name": "GetTopWindow",
1333. "address": "0x466578"
1334. },
1335. {
1336. "name": "GetSystemMetrics",
1337. "address": "0x46657c"
1338. },
1339. {
1340. "name": "GetSystemMenu",
1341. "address": "0x466580"
1342. },
1343. {
1344. "name": "GetSysColorBrush",
1345. "address": "0x466584"
1346. },
1347. {
1348. "name": "GetSysColor",
1349. "address": "0x466588"
1350. },
1351. {
1352. "name": "GetSubMenu",
1353. "address": "0x46658c"
1354. },
1355. {
1356. "name": "GetScrollRange",
1357. "address": "0x466590"
1358. },
1359. {
1360. "name": "GetScrollPos",
1361. "address": "0x466594"
1362. },
1363. {
1364. "name": "GetScrollInfo",
1365. "address": "0x466598"
1366. },
1367. {
1368. "name": "GetPropA",
1369. "address": "0x46659c"
1370. },
1371. {
1372. "name": "GetParent",
1373. "address": "0x4665a0"
1374. },
1375. {
1376. "name": "GetWindow",
1377. "address": "0x4665a4"
1378. },
1379. {
1380. "name": "GetMenuStringA",
1381. "address": "0x4665a8"
1382. },
1383. {
1384. "name": "GetMenuState",
1385. "address": "0x4665ac"
1386. },
1387. {
1388. "name": "GetMenuItemInfoA",
1389. "address": "0x4665b0"
1390. },
1391. {
1392. "name": "GetMenuItemID",
1393. "address": "0x4665b4"
1394. },
1395. {
1396. "name": "GetMenuItemCount",
1397. "address": "0x4665b8"
1398. },
1399. {
1400. "name": "GetMenu",
1401. "address": "0x4665bc"
1402. },
1403. {
1404. "name": "GetLastActivePopup",
1405. "address": "0x4665c0"
1406. },
1407. {
1408. "name": "GetKeyboardState",
1409. "address": "0x4665c4"
1410. },
1411. {
1412. "name": "GetKeyboardLayoutList",
1413. "address": "0x4665c8"
1414. },
1415. {
1416. "name": "GetKeyboardLayout",
1417. "address": "0x4665cc"
1418. },
1419. {
1420. "name": "GetKeyState",
1421. "address": "0x4665d0"
1422. },
1423. {
1424. "name": "GetKeyNameTextA",
1425. "address": "0x4665d4"
1426. },
1427. {
1428. "name": "GetIconInfo",
1429. "address": "0x4665d8"
1430. },
1431. {
1432. "name": "GetForegroundWindow",
1433. "address": "0x4665dc"
1434. },
1435. {
1436. "name": "GetFocus",
1437. "address": "0x4665e0"
1438. },
1439. {
1440. "name": "GetDesktopWindow",
1441. "address": "0x4665e4"
1442. },
1443. {
1444. "name": "GetDCEx",
1445. "address": "0x4665e8"
1446. },
1447. {
1448. "name": "GetDC",
1449. "address": "0x4665ec"
1450. },
1451. {
1452. "name": "GetCursorPos",
1453. "address": "0x4665f0"
1454. },
1455. {
1456. "name": "GetCursor",
1457. "address": "0x4665f4"
1458. },
1459. {
1460. "name": "GetClientRect",
1461. "address": "0x4665f8"
1462. },
1463. {
1464. "name": "GetClassNameA",
1465. "address": "0x4665fc"
1466. },
1467. {
1468. "name": "GetClassInfoA",
1469. "address": "0x466600"
1470. },
1471. {
1472. "name": "GetCapture",
1473. "address": "0x466604"
1474. },
1475. {
1476. "name": "GetActiveWindow",
1477. "address": "0x466608"
1478. },
1479. {
1480. "name": "FrameRect",
1481. "address": "0x46660c"
1482. },
1483. {
1484. "name": "FindWindowA",
1485. "address": "0x466610"
1486. },
1487. {
1488. "name": "FillRect",
1489. "address": "0x466614"
1490. },
1491. {
1492. "name": "EqualRect",
1493. "address": "0x466618"
1494. },
1495. {
1496. "name": "EnumWindows",
1497. "address": "0x46661c"
1498. },
1499. {
1500. "name": "EnumThreadWindows",
1501. "address": "0x466620"
1502. },
1503. {
1504. "name": "EndPaint",
1505. "address": "0x466624"
1506. },
1507. {
1508. "name": "EnableWindow",
1509. "address": "0x466628"
1510. },
1511. {
1512. "name": "EnableScrollBar",
1513. "address": "0x46662c"
1514. },
1515. {
1516. "name": "EnableMenuItem",
1517. "address": "0x466630"
1518. },
1519. {
1520. "name": "DrawTextA",
1521. "address": "0x466634"
1522. },
1523. {
1524. "name": "DrawMenuBar",
1525. "address": "0x466638"
1526. },
1527. {
1528. "name": "DrawIconEx",
1529. "address": "0x46663c"
1530. },
1531. {
1532. "name": "DrawIcon",
1533. "address": "0x466640"
1534. },
1535. {
1536. "name": "DrawFrameControl",
1537. "address": "0x466644"
1538. },
1539. {
1540. "name": "DrawFocusRect",
1541. "address": "0x466648"
1542. },
1543. {
1544. "name": "DrawEdge",
1545. "address": "0x46664c"
1546. },
1547. {
1548. "name": "DispatchMessageA",
1549. "address": "0x466650"
1550. },
1551. {
1552. "name": "DestroyWindow",
1553. "address": "0x466654"
1554. },
1555. {
1556. "name": "DestroyMenu",
1557. "address": "0x466658"
1558. },
1559. {
1560. "name": "DestroyIcon",
1561. "address": "0x46665c"
1562. },
1563. {
1564. "name": "DestroyCursor",
1565. "address": "0x466660"
1566. },
1567. {
1568. "name": "DeleteMenu",
1569. "address": "0x466664"
1570. },
1571. {
1572. "name": "DefWindowProcA",
1573. "address": "0x466668"
1574. },
1575. {
1576. "name": "DefMDIChildProcA",
1577. "address": "0x46666c"
1578. },
1579. {
1580. "name": "DefFrameProcA",
1581. "address": "0x466670"
1582. },
1583. {
1584. "name": "CreatePopupMenu",
1585. "address": "0x466674"
1586. },
1587. {
1588. "name": "CreateMenu",
1589. "address": "0x466678"
1590. },
1591. {
1592. "name": "CreateIcon",
1593. "address": "0x46667c"
1594. },
1595. {
1596. "name": "ClientToScreen",
1597. "address": "0x466680"
1598. },
1599. {
1600. "name": "CheckMenuItem",
1601. "address": "0x466684"
1602. },
1603. {
1604. "name": "CallWindowProcA",
1605. "address": "0x466688"
1606. },
1607. {
1608. "name": "CallNextHookEx",
1609. "address": "0x46668c"
1610. },
1611. {
1612. "name": "BeginPaint",
1613. "address": "0x466690"
1614. },
1615. {
1616. "name": "CharNextA",
1617. "address": "0x466694"
1618. },
1619. {
1620. "name": "CharLowerA",
1621. "address": "0x466698"
1622. },
1623. {
1624. "name": "CharToOemA",
1625. "address": "0x46669c"
1626. },
1627. {
1628. "name": "AdjustWindowRectEx",
1629. "address": "0x4666a0"
1630. },
1631. {
1632. "name": "ActivateKeyboardLayout",
1633. "address": "0x4666a4"
1634. }
1635. ],
1636. "dll": "user32.dll"
1637. },
1638. {
1639. "imports": [
1640. {
1641. "name": "Sleep",
1642. "address": "0x4666ac"
1643. }
1644. ],
1645. "dll": "kernel32.dll"
1646. },
1647. {
1648. "imports": [
1649. {
1650. "name": "SafeArrayPtrOfIndex",
1651. "address": "0x4666b4"
1652. },
1653. {
1654. "name": "SafeArrayGetUBound",
1655. "address": "0x4666b8"
1656. },
1657. {
1658. "name": "SafeArrayGetLBound",
1659. "address": "0x4666bc"
1660. },
1661. {
1662. "name": "SafeArrayCreate",
1663. "address": "0x4666c0"
1664. },
1665. {
1666. "name": "VariantChangeType",
1667. "address": "0x4666c4"
1668. },
1669. {
1670. "name": "VariantCopy",
1671. "address": "0x4666c8"
1672. },
1673. {
1674. "name": "VariantClear",
1675. "address": "0x4666cc"
1676. },
1677. {
1678. "name": "VariantInit",
1679. "address": "0x4666d0"
1680. }
1681. ],
1682. "dll": "oleaut32.dll"
1683. },
1684. {
1685. "imports": [
1686. {
1687. "name": "ImageList_SetIconSize",
1688. "address": "0x4666d8"
1689. },
1690. {
1691. "name": "ImageList_GetIconSize",
1692. "address": "0x4666dc"
1693. },
1694. {
1695. "name": "ImageList_Write",
1696. "address": "0x4666e0"
1697. },
1698. {
1699. "name": "ImageList_Read",
1700. "address": "0x4666e4"
1701. },
1702. {
1703. "name": "ImageList_GetDragImage",
1704. "address": "0x4666e8"
1705. },
1706. {
1707. "name": "ImageList_DragShowNolock",
1708. "address": "0x4666ec"
1709. },
1710. {
1711. "name": "ImageList_SetDragCursorImage",
1712. "address": "0x4666f0"
1713. },
1714. {
1715. "name": "ImageList_DragMove",
1716. "address": "0x4666f4"
1717. },
1718. {
1719. "name": "ImageList_DragLeave",
1720. "address": "0x4666f8"
1721. },
1722. {
1723. "name": "ImageList_DragEnter",
1724. "address": "0x4666fc"
1725. },
1726. {
1727. "name": "ImageList_EndDrag",
1728. "address": "0x466700"
1729. },
1730. {
1731. "name": "ImageList_BeginDrag",
1732. "address": "0x466704"
1733. },
1734. {
1735. "name": "ImageList_Remove",
1736. "address": "0x466708"
1737. },
1738. {
1739. "name": "ImageList_DrawEx",
1740. "address": "0x46670c"
1741. },
1742. {
1743. "name": "ImageList_Draw",
1744. "address": "0x466710"
1745. },
1746. {
1747. "name": "ImageList_GetBkColor",
1748. "address": "0x466714"
1749. },
1750. {
1751. "name": "ImageList_SetBkColor",
1752. "address": "0x466718"
1753. },
1754. {
1755. "name": "ImageList_ReplaceIcon",
1756. "address": "0x46671c"
1757. },
1758. {
1759. "name": "ImageList_Add",
1760. "address": "0x466720"
1761. },
1762. {
1763. "name": "ImageList_GetImageCount",
1764. "address": "0x466724"
1765. },
1766. {
1767. "name": "ImageList_Destroy",
1768. "address": "0x466728"
1769. },
1770. {
1771. "name": "ImageList_Create",
1772. "address": "0x46672c"
1773. },
1774. {
1775. "name": "InitCommonControls",
1776. "address": "0x466730"
1777. }
1778. ],
1779. "dll": "comctl32.dll"
1780. },
1781. {
1782. "imports": [
1783. {
1784. "name": "OpenPrinterA",
1785. "address": "0x466738"
1786. },
1787. {
1788. "name": "EnumPrintersA",
1789. "address": "0x46673c"
1790. },
1791. {
1792. "name": "DocumentPropertiesA",
1793. "address": "0x466740"
1794. },
1795. {
1796. "name": "ClosePrinter",
1797. "address": "0x466744"
1798. }
1799. ],
1800. "dll": "winspool.drv"
1801. },
1802. {
1803. "imports": [
1804. {
1805. "name": "PrintDlgA",
1806. "address": "0x46674c"
1807. }
1808. ],
1809. "dll": "comdlg32.dll"
1810. }
1811. ],
1812. "digital_signers": null,
1813. "exported_dll_name": null,
1814. "actual_checksum": "0x0009b687",
1815. "overlay": null,
1816. "imagebase": "0x00400000",
1817. "reported_checksum": "0x00000000",
1818. "icon_hash": null,
1819. "entrypoint": "0x0045a020",
1820. "timestamp": "1991-12-25 14:06:39",
1821. "osversion": "4.0",
1822. "sections": [
1823. {
1824. "name": "CODE",
1825. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1826. "virtual_address": "0x00001000",
1827. "size_of_data": "0x00059200",
1828. "entropy": "6.51",
1829. "raw_address": "0x00000400",
1830. "virtual_size": "0x00059068",
1831. "characteristics_raw": "0x60000020"
1832. },
1833. {
1834. "name": "DATA",
1835. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1836. "virtual_address": "0x0005b000",
1837. "size_of_data": "0x00009400",
1838. "entropy": "4.95",
1839. "raw_address": "0x00059600",
1840. "virtual_size": "0x00009224",
1841. "characteristics_raw": "0xc0000040"
1842. },
1843. {
1844. "name": "BSS",
1845. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1846. "virtual_address": "0x00065000",
1847. "size_of_data": "0x00000000",
1848. "entropy": "0.00",
1849. "raw_address": "0x00062a00",
1850. "virtual_size": "0x00000cfd",
1851. "characteristics_raw": "0xc0000000"
1852. },
1853. {
1854. "name": ".idata",
1855. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1856. "virtual_address": "0x00066000",
1857. "size_of_data": "0x00002200",
1858. "entropy": "4.80",
1859. "raw_address": "0x00062a00",
1860. "virtual_size": "0x000020e4",
1861. "characteristics_raw": "0xc0000040"
1862. },
1863. {
1864. "name": ".tls",
1865. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1866. "virtual_address": "0x00069000",
1867. "size_of_data": "0x00000000",
1868. "entropy": "0.00",
1869. "raw_address": "0x00064c00",
1870. "virtual_size": "0x00000010",
1871. "characteristics_raw": "0xc0000000"
1872. },
1873. {
1874. "name": ".rdata",
1875. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1876. "virtual_address": "0x0006a000",
1877. "size_of_data": "0x00000200",
1878. "entropy": "0.21",
1879. "raw_address": "0x00064c00",
1880. "virtual_size": "0x00000018",
1881. "characteristics_raw": "0x50000040"
1882. },
1883. {
1884. "name": ".reloc",
1885. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1886. "virtual_address": "0x0006b000",
1887. "size_of_data": "0x00006a00",
1888. "entropy": "6.66",
1889. "raw_address": "0x00064e00",
1890. "virtual_size": "0x000069a8",
1891. "characteristics_raw": "0x50000040"
1892. },
1893. {
1894. "name": ".rsrc",
1895. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1896. "virtual_address": "0x00072000",
1897. "size_of_data": "0x00026c00",
1898. "entropy": "7.22",
1899. "raw_address": "0x0006b800",
1900. "virtual_size": "0x00026ad4",
1901. "characteristics_raw": "0x50000040"
1902. }
1903. ],
1904. "resources": [],
1905. "dirents": [
1906. {
1907. "virtual_address": "0x00000000",
1908. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1909. "size": "0x00000000"
1910. },
1911. {
1912. "virtual_address": "0x00066000",
1913. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1914. "size": "0x000020e4"
1915. },
1916. {
1917. "virtual_address": "0x00072000",
1918. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1919. "size": "0x00026ad4"
1920. },
1921. {
1922. "virtual_address": "0x00000000",
1923. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1924. "size": "0x00000000"
1925. },
1926. {
1927. "virtual_address": "0x00000000",
1928. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1929. "size": "0x00000000"
1930. },
1931. {
1932. "virtual_address": "0x0006b000",
1933. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1934. "size": "0x000069a8"
1935. },
1936. {
1937. "virtual_address": "0x00000000",
1938. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1939. "size": "0x00000000"
1940. },
1941. {
1942. "virtual_address": "0x00000000",
1943. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1944. "size": "0x00000000"
1945. },
1946. {
1947. "virtual_address": "0x00000000",
1948. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1949. "size": "0x00000000"
1950. },
1951. {
1952. "virtual_address": "0x0006a000",
1953. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1954. "size": "0x00000018"
1955. },
1956. {
1957. "virtual_address": "0x00000000",
1958. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1959. "size": "0x00000000"
1960. },
1961. {
1962. "virtual_address": "0x00000000",
1963. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1964. "size": "0x00000000"
1965. },
1966. {
1967. "virtual_address": "0x00000000",
1968. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1969. "size": "0x00000000"
1970. },
1971. {
1972. "virtual_address": "0x00000000",
1973. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1974. "size": "0x00000000"
1975. },
1976. {
1977. "virtual_address": "0x00000000",
1978. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1979. "size": "0x00000000"
1980. },
1981. {
1982. "virtual_address": "0x00000000",
1983. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1984. "size": "0x00000000"
1985. }
1986. ],
1987. "exports": [],
1988. "guest_signers": {},
1989. "imphash": "a4c69f0c0a976ff6c66b234a50f95a0c",
1990. "icon_fuzzy": null,
1991. "icon": null,
1992. "pdbpath": null,
1993. "imported_dll_count": 15,
1994. "versioninfo": []
1995. }
1996. }
1997.  
1998. [*] Resolved APIs: [
1999. "kernel32.dll.GetDiskFreeSpaceExA",
2000. "oleaut32.dll.VariantChangeTypeEx",
2001. "oleaut32.dll.VarNeg",
2002. "oleaut32.dll.VarNot",
2003. "oleaut32.dll.VarAdd",
2004. "oleaut32.dll.VarSub",
2005. "oleaut32.dll.VarMul",
2006. "oleaut32.dll.VarDiv",
2007. "oleaut32.dll.VarIdiv",
2008. "oleaut32.dll.VarMod",
2009. "oleaut32.dll.VarAnd",
2010. "oleaut32.dll.VarOr",
2011. "oleaut32.dll.VarXor",
2012. "oleaut32.dll.VarCmp",
2013. "oleaut32.dll.VarI4FromStr",
2014. "oleaut32.dll.VarR4FromStr",
2015. "oleaut32.dll.VarR8FromStr",
2016. "oleaut32.dll.VarDateFromStr",
2017. "oleaut32.dll.VarCyFromStr",
2018. "oleaut32.dll.VarBoolFromStr",
2019. "oleaut32.dll.VarBstrFromCy",
2020. "oleaut32.dll.VarBstrFromDate",
2021. "oleaut32.dll.VarBstrFromBool",
2022. "user32.dll.GetMonitorInfoA",
2023. "user32.dll.GetSystemMetrics",
2024. "user32.dll.EnumDisplayMonitors",
2025. "dwmapi.dll.DwmIsCompositionEnabled",
2026. "gdi32.dll.GetLayout",
2027. "gdi32.dll.GdiRealizationInfo",
2028. "gdi32.dll.FontIsLinked",
2029. "advapi32.dll.RegOpenKeyExW",
2030. "advapi32.dll.RegQueryInfoKeyW",
2031. "gdi32.dll.GetTextFaceAliasW",
2032. "advapi32.dll.RegEnumValueW",
2033. "advapi32.dll.RegCloseKey",
2034. "advapi32.dll.RegQueryValueExW",
2035. "gdi32.dll.GetFontAssocStatus",
2036. "advapi32.dll.RegQueryValueExA",
2037. "advapi32.dll.RegEnumKeyExW",
2038. "gdi32.dll.GdiIsMetaPrintDC",
2039. "user32.dll.AnimateWindow",
2040. "comctl32.dll.InitializeFlatSB",
2041. "comctl32.dll.UninitializeFlatSB",
2042. "comctl32.dll.FlatSB_GetScrollProp",
2043. "comctl32.dll.FlatSB_SetScrollProp",
2044. "comctl32.dll.FlatSB_EnableScrollBar",
2045. "comctl32.dll.FlatSB_ShowScrollBar",
2046. "comctl32.dll.FlatSB_GetScrollRange",
2047. "comctl32.dll.FlatSB_GetScrollInfo",
2048. "comctl32.dll.FlatSB_GetScrollPos",
2049. "comctl32.dll.FlatSB_SetScrollPos",
2050. "comctl32.dll.FlatSB_SetScrollInfo",
2051. "comctl32.dll.FlatSB_SetScrollRange",
2052. "user32.dll.SetLayeredWindowAttributes",
2053. "crypt32.dll.CryptUnprotectData",
2054. "crtdll.dll.wcscmp",
2055. "gdiplus.dll.GdiplusStartup",
2056. "gdiplus.dll.GdiplusShutdown",
2057. "gdiplus.dll.GdipCreateBitmapFromHBITMAP",
2058. "gdiplus.dll.GdipGetImageEncodersSize",
2059. "gdiplus.dll.GdipGetImageEncoders",
2060. "gdiplus.dll.GdipDisposeImage",
2061. "gdiplus.dll.GdipSaveImageToStream",
2062. "ole32.dll.CreateStreamOnHGlobal",
2063. "ole32.dll.GetHGlobalFromStream",
2064. "kernel32.dll.ExpandEnvironmentStringsW",
2065. "kernel32.dll.GetComputerNameW",
2066. "kernel32.dll.GlobalMemoryStatus",
2067. "kernel32.dll.CreateFileW",
2068. "kernel32.dll.GetFileSize",
2069. "kernel32.dll.CloseHandle",
2070. "kernel32.dll.ReadFile",
2071. "kernel32.dll.GetFileAttributesW",
2072. "kernel32.dll.CreateMutexA",
2073. "kernel32.dll.ReleaseMutex",
2074. "kernel32.dll.GetLastError",
2075. "kernel32.dll.GetCurrentDirectoryW",
2076. "kernel32.dll.SetEnvironmentVariableW",
2077. "kernel32.dll.SetCurrentDirectoryW",
2078. "kernel32.dll.FindFirstFileW",
2079. "kernel32.dll.FindNextFileW",
2080. "kernel32.dll.LocalFree",
2081. "kernel32.dll.GetTickCount",
2082. "kernel32.dll.CopyFileW",
2083. "kernel32.dll.FindClose",
2084. "kernel32.dll.GlobalMemoryStatusEx",
2085. "kernel32.dll.CreateToolhelp32Snapshot",
2086. "kernel32.dll.Process32FirstW",
2087. "kernel32.dll.Process32NextW",
2088. "kernel32.dll.GetModuleFileNameW",
2089. "kernel32.dll.SetDllDirectoryW",
2090. "kernel32.dll.GetLocaleInfoA",
2091. "kernel32.dll.GetLocalTime",
2092. "kernel32.dll.GetTimeZoneInformation",
2093. "kernel32.dll.RemoveDirectoryW",
2094. "kernel32.dll.DeleteFileW",
2095. "kernel32.dll.GetLogicalDriveStringsA",
2096. "kernel32.dll.GetDriveTypeA",
2097. "kernel32.dll.CreateProcessW",
2098. "advapi32.dll.GetUserNameW",
2099. "advapi32.dll.RegCreateKeyExW",
2100. "advapi32.dll.AllocateAndInitializeSid",
2101. "advapi32.dll.LookupAccountSidA",
2102. "advapi32.dll.CreateProcessAsUserW",
2103. "advapi32.dll.CheckTokenMembership",
2104. "advapi32.dll.RegOpenKeyW",
2105. "advapi32.dll.RegEnumKeyW",
2106. "advapi32.dll.CryptAcquireContextA",
2107. "advapi32.dll.CryptCreateHash",
2108. "advapi32.dll.CryptHashData",
2109. "advapi32.dll.CryptGetHashParam",
2110. "advapi32.dll.CryptDestroyHash",
2111. "advapi32.dll.CryptReleaseContext",
2112. "user32.dll.EnumDisplayDevicesW",
2113. "user32.dll.wvsprintfA",
2114. "user32.dll.GetKeyboardLayoutList",
2115. "shell32.dll.ShellExecuteExW",
2116. "ntdll.dll.RtlComputeCrc32",
2117. "sechost.dll.LookupAccountSidLocalA",
2118. "wininet.dll.InternetOpenA",
2119. "wininet.dll.InternetConnectA",
2120. "wininet.dll.HttpOpenRequestA",
2121. "wininet.dll.HttpAddRequestHeadersA",
2122. "wininet.dll.HttpSendRequestA",
2123. "wininet.dll.InternetReadFile",
2124. "wininet.dll.InternetCloseHandle",
2125. "wininet.dll.InternetCrackUrlA",
2126. "wininet.dll.InternetSetOptionA",
2127. "rasapi32.dll.RasConnectionNotificationW",
2128. "sechost.dll.NotifyServiceStatusChangeA",
2129. "cryptbase.dll.SystemFunction036",
2130. "wsock32.dll.WSAStartup",
2131. "wsock32.dll.gethostbyname",
2132. "wsock32.dll.socket",
2133. "wsock32.dll.send",
2134. "wsock32.dll.recv",
2135. "wsock32.dll.htons",
2136. "wsock32.dll.connect",
2137. "wsock32.dll.closesocket",
2138. "rpcrt4.dll.RpcBindingFree"
2139. ]
2140.  
2141. [*] Static Analysis: {
2142. "pe": {
2143. "peid_signatures": null,
2144. "imports": [
2145. {
2146. "imports": [
2147. {
2148. "name": "DeleteCriticalSection",
2149. "address": "0x466140"
2150. },
2151. {
2152. "name": "LeaveCriticalSection",
2153. "address": "0x466144"
2154. },
2155. {
2156. "name": "EnterCriticalSection",
2157. "address": "0x466148"
2158. },
2159. {
2160. "name": "InitializeCriticalSection",
2161. "address": "0x46614c"
2162. },
2163. {
2164. "name": "VirtualFree",
2165. "address": "0x466150"
2166. },
2167. {
2168. "name": "VirtualAlloc",
2169. "address": "0x466154"
2170. },
2171. {
2172. "name": "LocalFree",
2173. "address": "0x466158"
2174. },
2175. {
2176. "name": "LocalAlloc",
2177. "address": "0x46615c"
2178. },
2179. {
2180. "name": "GetVersion",
2181. "address": "0x466160"
2182. },
2183. {
2184. "name": "GetCurrentThreadId",
2185. "address": "0x466164"
2186. },
2187. {
2188. "name": "InterlockedDecrement",
2189. "address": "0x466168"
2190. },
2191. {
2192. "name": "InterlockedIncrement",
2193. "address": "0x46616c"
2194. },
2195. {
2196. "name": "VirtualQuery",
2197. "address": "0x466170"
2198. },
2199. {
2200. "name": "WideCharToMultiByte",
2201. "address": "0x466174"
2202. },
2203. {
2204. "name": "MultiByteToWideChar",
2205. "address": "0x466178"
2206. },
2207. {
2208. "name": "lstrlenA",
2209. "address": "0x46617c"
2210. },
2211. {
2212. "name": "lstrcpynA",
2213. "address": "0x466180"
2214. },
2215. {
2216. "name": "LoadLibraryExA",
2217. "address": "0x466184"
2218. },
2219. {
2220. "name": "GetThreadLocale",
2221. "address": "0x466188"
2222. },
2223. {
2224. "name": "GetStartupInfoA",
2225. "address": "0x46618c"
2226. },
2227. {
2228. "name": "GetProcAddress",
2229. "address": "0x466190"
2230. },
2231. {
2232. "name": "GetModuleHandleA",
2233. "address": "0x466194"
2234. },
2235. {
2236. "name": "GetModuleFileNameA",
2237. "address": "0x466198"
2238. },
2239. {
2240. "name": "GetLocaleInfoA",
2241. "address": "0x46619c"
2242. },
2243. {
2244. "name": "GetCommandLineA",
2245. "address": "0x4661a0"
2246. },
2247. {
2248. "name": "FreeLibrary",
2249. "address": "0x4661a4"
2250. },
2251. {
2252. "name": "FindFirstFileA",
2253. "address": "0x4661a8"
2254. },
2255. {
2256. "name": "FindClose",
2257. "address": "0x4661ac"
2258. },
2259. {
2260. "name": "ExitProcess",
2261. "address": "0x4661b0"
2262. },
2263. {
2264. "name": "WriteFile",
2265. "address": "0x4661b4"
2266. },
2267. {
2268. "name": "UnhandledExceptionFilter",
2269. "address": "0x4661b8"
2270. },
2271. {
2272. "name": "RtlUnwind",
2273. "address": "0x4661bc"
2274. },
2275. {
2276. "name": "RaiseException",
2277. "address": "0x4661c0"
2278. },
2279. {
2280. "name": "GetStdHandle",
2281. "address": "0x4661c4"
2282. }
2283. ],
2284. "dll": "kernel32.dll"
2285. },
2286. {
2287. "imports": [
2288. {
2289. "name": "GetKeyboardType",
2290. "address": "0x4661cc"
2291. },
2292. {
2293. "name": "LoadStringA",
2294. "address": "0x4661d0"
2295. },
2296. {
2297. "name": "MessageBoxA",
2298. "address": "0x4661d4"
2299. },
2300. {
2301. "name": "CharNextA",
2302. "address": "0x4661d8"
2303. }
2304. ],
2305. "dll": "user32.dll"
2306. },
2307. {
2308. "imports": [
2309. {
2310. "name": "RegQueryValueExA",
2311. "address": "0x4661e0"
2312. },
2313. {
2314. "name": "RegOpenKeyExA",
2315. "address": "0x4661e4"
2316. },
2317. {
2318. "name": "RegCloseKey",
2319. "address": "0x4661e8"
2320. }
2321. ],
2322. "dll": "advapi32.dll"
2323. },
2324. {
2325. "imports": [
2326. {
2327. "name": "SysFreeString",
2328. "address": "0x4661f0"
2329. },
2330. {
2331. "name": "SysReAllocStringLen",
2332. "address": "0x4661f4"
2333. },
2334. {
2335. "name": "SysAllocStringLen",
2336. "address": "0x4661f8"
2337. }
2338. ],
2339. "dll": "oleaut32.dll"
2340. },
2341. {
2342. "imports": [
2343. {
2344. "name": "TlsSetValue",
2345. "address": "0x466200"
2346. },
2347. {
2348. "name": "TlsGetValue",
2349. "address": "0x466204"
2350. },
2351. {
2352. "name": "LocalAlloc",
2353. "address": "0x466208"
2354. },
2355. {
2356. "name": "GetModuleHandleA",
2357. "address": "0x46620c"
2358. }
2359. ],
2360. "dll": "kernel32.dll"
2361. },
2362. {
2363. "imports": [
2364. {
2365. "name": "RegQueryValueExA",
2366. "address": "0x466214"
2367. },
2368. {
2369. "name": "RegOpenKeyExA",
2370. "address": "0x466218"
2371. },
2372. {
2373. "name": "RegCloseKey",
2374. "address": "0x46621c"
2375. }
2376. ],
2377. "dll": "advapi32.dll"
2378. },
2379. {
2380. "imports": [
2381. {
2382. "name": "lstrcpyA",
2383. "address": "0x466224"
2384. },
2385. {
2386. "name": "WriteFile",
2387. "address": "0x466228"
2388. },
2389. {
2390. "name": "WaitForSingleObject",
2391. "address": "0x46622c"
2392. },
2393. {
2394. "name": "VirtualQuery",
2395. "address": "0x466230"
2396. },
2397. {
2398. "name": "VirtualAlloc",
2399. "address": "0x466234"
2400. },
2401. {
2402. "name": "Sleep",
2403. "address": "0x466238"
2404. },
2405. {
2406. "name": "SizeofResource",
2407. "address": "0x46623c"
2408. },
2409. {
2410. "name": "SetThreadLocale",
2411. "address": "0x466240"
2412. },
2413. {
2414. "name": "SetFilePointer",
2415. "address": "0x466244"
2416. },
2417. {
2418. "name": "SetEvent",
2419. "address": "0x466248"
2420. },
2421. {
2422. "name": "SetErrorMode",
2423. "address": "0x46624c"
2424. },
2425. {
2426. "name": "SetEndOfFile",
2427. "address": "0x466250"
2428. },
2429. {
2430. "name": "ResetEvent",
2431. "address": "0x466254"
2432. },
2433. {
2434. "name": "ReadFile",
2435. "address": "0x466258"
2436. },
2437. {
2438. "name": "MulDiv",
2439. "address": "0x46625c"
2440. },
2441. {
2442. "name": "LockResource",
2443. "address": "0x466260"
2444. },
2445. {
2446. "name": "LoadResource",
2447. "address": "0x466264"
2448. },
2449. {
2450. "name": "LoadLibraryA",
2451. "address": "0x466268"
2452. },
2453. {
2454. "name": "LeaveCriticalSection",
2455. "address": "0x46626c"
2456. },
2457. {
2458. "name": "InitializeCriticalSection",
2459. "address": "0x466270"
2460. },
2461. {
2462. "name": "GlobalUnlock",
2463. "address": "0x466274"
2464. },
2465. {
2466. "name": "GlobalSize",
2467. "address": "0x466278"
2468. },
2469. {
2470. "name": "GlobalReAlloc",
2471. "address": "0x46627c"
2472. },
2473. {
2474. "name": "GlobalHandle",
2475. "address": "0x466280"
2476. },
2477. {
2478. "name": "GlobalLock",
2479. "address": "0x466284"
2480. },
2481. {
2482. "name": "GlobalFree",
2483. "address": "0x466288"
2484. },
2485. {
2486. "name": "GlobalFindAtomA",
2487. "address": "0x46628c"
2488. },
2489. {
2490. "name": "GlobalDeleteAtom",
2491. "address": "0x466290"
2492. },
2493. {
2494. "name": "GlobalAlloc",
2495. "address": "0x466294"
2496. },
2497. {
2498. "name": "GlobalAddAtomA",
2499. "address": "0x466298"
2500. },
2501. {
2502. "name": "GetVersionExA",
2503. "address": "0x46629c"
2504. },
2505. {
2506. "name": "GetVersion",
2507. "address": "0x4662a0"
2508. },
2509. {
2510. "name": "GetTickCount",
2511. "address": "0x4662a4"
2512. },
2513. {
2514. "name": "GetThreadLocale",
2515. "address": "0x4662a8"
2516. },
2517. {
2518. "name": "GetSystemInfo",
2519. "address": "0x4662ac"
2520. },
2521. {
2522. "name": "GetStringTypeExA",
2523. "address": "0x4662b0"
2524. },
2525. {
2526. "name": "GetStdHandle",
2527. "address": "0x4662b4"
2528. },
2529. {
2530. "name": "GetProfileStringA",
2531. "address": "0x4662b8"
2532. },
2533. {
2534. "name": "GetProcAddress",
2535. "address": "0x4662bc"
2536. },
2537. {
2538. "name": "GetModuleHandleA",
2539. "address": "0x4662c0"
2540. },
2541. {
2542. "name": "GetModuleFileNameA",
2543. "address": "0x4662c4"
2544. },
2545. {
2546. "name": "GetLocaleInfoA",
2547. "address": "0x4662c8"
2548. },
2549. {
2550. "name": "GetLocalTime",
2551. "address": "0x4662cc"
2552. },
2553. {
2554. "name": "GetLastError",
2555. "address": "0x4662d0"
2556. },
2557. {
2558. "name": "GetFullPathNameA",
2559. "address": "0x4662d4"
2560. },
2561. {
2562. "name": "GetDiskFreeSpaceA",
2563. "address": "0x4662d8"
2564. },
2565. {
2566. "name": "GetDateFormatA",
2567. "address": "0x4662dc"
2568. },
2569. {
2570. "name": "GetCurrentThreadId",
2571. "address": "0x4662e0"
2572. },
2573. {
2574. "name": "GetCurrentProcessId",
2575. "address": "0x4662e4"
2576. },
2577. {
2578. "name": "GetCPInfo",
2579. "address": "0x4662e8"
2580. },
2581. {
2582. "name": "GetACP",
2583. "address": "0x4662ec"
2584. },
2585. {
2586. "name": "FreeResource",
2587. "address": "0x4662f0"
2588. },
2589. {
2590. "name": "InterlockedExchange",
2591. "address": "0x4662f4"
2592. },
2593. {
2594. "name": "FreeLibrary",
2595. "address": "0x4662f8"
2596. },
2597. {
2598. "name": "FormatMessageA",
2599. "address": "0x4662fc"
2600. },
2601. {
2602. "name": "FindResourceA",
2603. "address": "0x466300"
2604. },
2605. {
2606. "name": "EnumCalendarInfoA",
2607. "address": "0x466304"
2608. },
2609. {
2610. "name": "EnterCriticalSection",
2611. "address": "0x466308"
2612. },
2613. {
2614. "name": "DeleteCriticalSection",
2615. "address": "0x46630c"
2616. },
2617. {
2618. "name": "CreateThread",
2619. "address": "0x466310"
2620. },
2621. {
2622. "name": "CreateFileA",
2623. "address": "0x466314"
2624. },
2625. {
2626. "name": "CreateEventA",
2627. "address": "0x466318"
2628. },
2629. {
2630. "name": "CompareStringA",
2631. "address": "0x46631c"
2632. },
2633. {
2634. "name": "CloseHandle",
2635. "address": "0x466320"
2636. }
2637. ],
2638. "dll": "kernel32.dll"
2639. },
2640. {
2641. "imports": [
2642. {
2643. "name": "VerQueryValueA",
2644. "address": "0x466328"
2645. },
2646. {
2647. "name": "GetFileVersionInfoSizeA",
2648. "address": "0x46632c"
2649. },
2650. {
2651. "name": "GetFileVersionInfoA",
2652. "address": "0x466330"
2653. }
2654. ],
2655. "dll": "version.dll"
2656. },
2657. {
2658. "imports": [
2659. {
2660. "name": "UnrealizeObject",
2661. "address": "0x466338"
2662. },
2663. {
2664. "name": "StretchBlt",
2665. "address": "0x46633c"
2666. },
2667. {
2668. "name": "SetWindowOrgEx",
2669. "address": "0x466340"
2670. },
2671. {
2672. "name": "SetViewportOrgEx",
2673. "address": "0x466344"
2674. },
2675. {
2676. "name": "SetTextColor",
2677. "address": "0x466348"
2678. },
2679. {
2680. "name": "SetStretchBltMode",
2681. "address": "0x46634c"
2682. },
2683. {
2684. "name": "SetROP2",
2685. "address": "0x466350"
2686. },
2687. {
2688. "name": "SetPixel",
2689. "address": "0x466354"
2690. },
2691. {
2692. "name": "SetDIBColorTable",
2693. "address": "0x466358"
2694. },
2695. {
2696. "name": "SetBrushOrgEx",
2697. "address": "0x46635c"
2698. },
2699. {
2700. "name": "SetBkMode",
2701. "address": "0x466360"
2702. },
2703. {
2704. "name": "SetBkColor",
2705. "address": "0x466364"
2706. },
2707. {
2708. "name": "SelectPalette",
2709. "address": "0x466368"
2710. },
2711. {
2712. "name": "SelectObject",
2713. "address": "0x46636c"
2714. },
2715. {
2716. "name": "ScaleWindowExtEx",
2717. "address": "0x466370"
2718. },
2719. {
2720. "name": "SaveDC",
2721. "address": "0x466374"
2722. },
2723. {
2724. "name": "RestoreDC",
2725. "address": "0x466378"
2726. },
2727. {
2728. "name": "Rectangle",
2729. "address": "0x46637c"
2730. },
2731. {
2732. "name": "RectVisible",
2733. "address": "0x466380"
2734. },
2735. {
2736. "name": "RealizePalette",
2737. "address": "0x466384"
2738. },
2739. {
2740. "name": "PatBlt",
2741. "address": "0x466388"
2742. },
2743. {
2744. "name": "MoveToEx",
2745. "address": "0x46638c"
2746. },
2747. {
2748. "name": "MaskBlt",
2749. "address": "0x466390"
2750. },
2751. {
2752. "name": "LineTo",
2753. "address": "0x466394"
2754. },
2755. {
2756. "name": "IntersectClipRect",
2757. "address": "0x466398"
2758. },
2759. {
2760. "name": "GetWindowOrgEx",
2761. "address": "0x46639c"
2762. },
2763. {
2764. "name": "GetTextMetricsA",
2765. "address": "0x4663a0"
2766. },
2767. {
2768. "name": "GetTextExtentPoint32A",
2769. "address": "0x4663a4"
2770. },
2771. {
2772. "name": "GetSystemPaletteEntries",
2773. "address": "0x4663a8"
2774. },
2775. {
2776. "name": "GetStockObject",
2777. "address": "0x4663ac"
2778. },
2779. {
2780. "name": "GetPixel",
2781. "address": "0x4663b0"
2782. },
2783. {
2784. "name": "GetPaletteEntries",
2785. "address": "0x4663b4"
2786. },
2787. {
2788. "name": "GetObjectA",
2789. "address": "0x4663b8"
2790. },
2791. {
2792. "name": "GetDeviceCaps",
2793. "address": "0x4663bc"
2794. },
2795. {
2796. "name": "GetDIBits",
2797. "address": "0x4663c0"
2798. },
2799. {
2800. "name": "GetDIBColorTable",
2801. "address": "0x4663c4"
2802. },
2803. {
2804. "name": "GetDCOrgEx",
2805. "address": "0x4663c8"
2806. },
2807. {
2808. "name": "GetCurrentPositionEx",
2809. "address": "0x4663cc"
2810. },
2811. {
2812. "name": "GetClipBox",
2813. "address": "0x4663d0"
2814. },
2815. {
2816. "name": "GetBrushOrgEx",
2817. "address": "0x4663d4"
2818. },
2819. {
2820. "name": "GetBitmapBits",
2821. "address": "0x4663d8"
2822. },
2823. {
2824. "name": "ExtTextOutA",
2825. "address": "0x4663dc"
2826. },
2827. {
2828. "name": "ExcludeClipRect",
2829. "address": "0x4663e0"
2830. },
2831. {
2832. "name": "EndPage",
2833. "address": "0x4663e4"
2834. },
2835. {
2836. "name": "EndDoc",
2837. "address": "0x4663e8"
2838. },
2839. {
2840. "name": "DeleteObject",
2841. "address": "0x4663ec"
2842. },
2843. {
2844. "name": "DeleteDC",
2845. "address": "0x4663f0"
2846. },
2847. {
2848. "name": "CreateSolidBrush",
2849. "address": "0x4663f4"
2850. },
2851. {
2852. "name": "CreatePenIndirect",
2853. "address": "0x4663f8"
2854. },
2855. {
2856. "name": "CreatePen",
2857. "address": "0x4663fc"
2858. },
2859. {
2860. "name": "CreatePalette",
2861. "address": "0x466400"
2862. },
2863. {
2864. "name": "CreateICA",
2865. "address": "0x466404"
2866. },
2867. {
2868. "name": "CreateHalftonePalette",
2869. "address": "0x466408"
2870. },
2871. {
2872. "name": "CreateFontIndirectA",
2873. "address": "0x46640c"
2874. },
2875. {
2876. "name": "CreateDIBitmap",
2877. "address": "0x466410"
2878. },
2879. {
2880. "name": "CreateDIBSection",
2881. "address": "0x466414"
2882. },
2883. {
2884. "name": "CreateDCA",
2885. "address": "0x466418"
2886. },
2887. {
2888. "name": "CreateCompatibleDC",
2889. "address": "0x46641c"
2890. },
2891. {
2892. "name": "CreateCompatibleBitmap",
2893. "address": "0x466420"
2894. },
2895. {
2896. "name": "CreateBrushIndirect",
2897. "address": "0x466424"
2898. },
2899. {
2900. "name": "CreateBitmap",
2901. "address": "0x466428"
2902. },
2903. {
2904. "name": "BitBlt",
2905. "address": "0x46642c"
2906. }
2907. ],
2908. "dll": "gdi32.dll"
2909. },
2910. {
2911. "imports": [
2912. {
2913. "name": "CreateWindowExA",
2914. "address": "0x466434"
2915. },
2916. {
2917. "name": "WindowFromPoint",
2918. "address": "0x466438"
2919. },
2920. {
2921. "name": "WinHelpA",
2922. "address": "0x46643c"
2923. },
2924. {
2925. "name": "WaitMessage",
2926. "address": "0x466440"
2927. },
2928. {
2929. "name": "ValidateRect",
2930. "address": "0x466444"
2931. },
2932. {
2933. "name": "UpdateWindow",
2934. "address": "0x466448"
2935. },
2936. {
2937. "name": "UnregisterClassA",
2938. "address": "0x46644c"
2939. },
2940. {
2941. "name": "UnhookWindowsHookEx",
2942. "address": "0x466450"
2943. },
2944. {
2945. "name": "TranslateMessage",
2946. "address": "0x466454"
2947. },
2948. {
2949. "name": "TranslateMDISysAccel",
2950. "address": "0x466458"
2951. },
2952. {
2953. "name": "TrackPopupMenu",
2954. "address": "0x46645c"
2955. },
2956. {
2957. "name": "SystemParametersInfoA",
2958. "address": "0x466460"
2959. },
2960. {
2961. "name": "ShowWindow",
2962. "address": "0x466464"
2963. },
2964. {
2965. "name": "ShowScrollBar",
2966. "address": "0x466468"
2967. },
2968. {
2969. "name": "ShowOwnedPopups",
2970. "address": "0x46646c"
2971. },
2972. {
2973. "name": "ShowCursor",
2974. "address": "0x466470"
2975. },
2976. {
2977. "name": "SetWindowsHookExA",
2978. "address": "0x466474"
2979. },
2980. {
2981. "name": "SetWindowTextA",
2982. "address": "0x466478"
2983. },
2984. {
2985. "name": "SetWindowPos",
2986. "address": "0x46647c"
2987. },
2988. {
2989. "name": "SetWindowPlacement",
2990. "address": "0x466480"
2991. },
2992. {
2993. "name": "SetWindowLongA",
2994. "address": "0x466484"
2995. },
2996. {
2997. "name": "SetTimer",
2998. "address": "0x466488"
2999. },
3000. {
3001. "name": "SetScrollRange",
3002. "address": "0x46648c"
3003. },
3004. {
3005. "name": "SetScrollPos",
3006. "address": "0x466490"
3007. },
3008. {
3009. "name": "SetScrollInfo",
3010. "address": "0x466494"
3011. },
3012. {
3013. "name": "SetRect",
3014. "address": "0x466498"
3015. },
3016. {
3017. "name": "SetPropA",
3018. "address": "0x46649c"
3019. },
3020. {
3021. "name": "SetParent",
3022. "address": "0x4664a0"
3023. },
3024. {
3025. "name": "SetMenuItemInfoA",
3026. "address": "0x4664a4"
3027. },
3028. {
3029. "name": "SetMenu",
3030. "address": "0x4664a8"
3031. },
3032. {
3033. "name": "SetForegroundWindow",
3034. "address": "0x4664ac"
3035. },
3036. {
3037. "name": "SetFocus",
3038. "address": "0x4664b0"
3039. },
3040. {
3041. "name": "SetCursor",
3042. "address": "0x4664b4"
3043. },
3044. {
3045. "name": "SetClassLongA",
3046. "address": "0x4664b8"
3047. },
3048. {
3049. "name": "SetCapture",
3050. "address": "0x4664bc"
3051. },
3052. {
3053. "name": "SetActiveWindow",
3054. "address": "0x4664c0"
3055. },
3056. {
3057. "name": "SendMessageA",
3058. "address": "0x4664c4"
3059. },
3060. {
3061. "name": "ScrollWindow",
3062. "address": "0x4664c8"
3063. },
3064. {
3065. "name": "ScreenToClient",
3066. "address": "0x4664cc"
3067. },
3068. {
3069. "name": "RemovePropA",
3070. "address": "0x4664d0"
3071. },
3072. {
3073. "name": "RemoveMenu",
3074. "address": "0x4664d4"
3075. },
3076. {
3077. "name": "ReleaseDC",
3078. "address": "0x4664d8"
3079. },
3080. {
3081. "name": "ReleaseCapture",
3082. "address": "0x4664dc"
3083. },
3084. {
3085. "name": "RegisterWindowMessageA",
3086. "address": "0x4664e0"
3087. },
3088. {
3089. "name": "RegisterClipboardFormatA",
3090. "address": "0x4664e4"
3091. },
3092. {
3093. "name": "RegisterClassA",
3094. "address": "0x4664e8"
3095. },
3096. {
3097. "name": "RedrawWindow",
3098. "address": "0x4664ec"
3099. },
3100. {
3101. "name": "PtInRect",
3102. "address": "0x4664f0"
3103. },
3104. {
3105. "name": "PostQuitMessage",
3106. "address": "0x4664f4"
3107. },
3108. {
3109. "name": "PostMessageA",
3110. "address": "0x4664f8"
3111. },
3112. {
3113. "name": "PeekMessageA",
3114. "address": "0x4664fc"
3115. },
3116. {
3117. "name": "OffsetRect",
3118. "address": "0x466500"
3119. },
3120. {
3121. "name": "OemToCharA",
3122. "address": "0x466504"
3123. },
3124. {
3125. "name": "MessageBoxA",
3126. "address": "0x466508"
3127. },
3128. {
3129. "name": "MapWindowPoints",
3130. "address": "0x46650c"
3131. },
3132. {
3133. "name": "MapVirtualKeyA",
3134. "address": "0x466510"
3135. },
3136. {
3137. "name": "LoadStringA",
3138. "address": "0x466514"
3139. },
3140. {
3141. "name": "LoadKeyboardLayoutA",
3142. "address": "0x466518"
3143. },
3144. {
3145. "name": "LoadIconA",
3146. "address": "0x46651c"
3147. },
3148. {
3149. "name": "LoadCursorA",
3150. "address": "0x466520"
3151. },
3152. {
3153. "name": "LoadBitmapA",
3154. "address": "0x466524"
3155. },
3156. {
3157. "name": "KillTimer",
3158. "address": "0x466528"
3159. },
3160. {
3161. "name": "IsZoomed",
3162. "address": "0x46652c"
3163. },
3164. {
3165. "name": "IsWindowVisible",
3166. "address": "0x466530"
3167. },
3168. {
3169. "name": "IsWindowEnabled",
3170. "address": "0x466534"
3171. },
3172. {
3173. "name": "IsWindow",
3174. "address": "0x466538"
3175. },
3176. {
3177. "name": "IsRectEmpty",
3178. "address": "0x46653c"
3179. },
3180. {
3181. "name": "IsIconic",
3182. "address": "0x466540"
3183. },
3184. {
3185. "name": "IsDialogMessageA",
3186. "address": "0x466544"
3187. },
3188. {
3189. "name": "IsChild",
3190. "address": "0x466548"
3191. },
3192. {
3193. "name": "InvalidateRect",
3194. "address": "0x46654c"
3195. },
3196. {
3197. "name": "IntersectRect",
3198. "address": "0x466550"
3199. },
3200. {
3201. "name": "InsertMenuItemA",
3202. "address": "0x466554"
3203. },
3204. {
3205. "name": "InsertMenuA",
3206. "address": "0x466558"
3207. },
3208. {
3209. "name": "InflateRect",
3210. "address": "0x46655c"
3211. },
3212. {
3213. "name": "GetWindowThreadProcessId",
3214. "address": "0x466560"
3215. },
3216. {
3217. "name": "GetWindowTextA",
3218. "address": "0x466564"
3219. },
3220. {
3221. "name": "GetWindowRect",
3222. "address": "0x466568"
3223. },
3224. {
3225. "name": "GetWindowPlacement",
3226. "address": "0x46656c"
3227. },
3228. {
3229. "name": "GetWindowLongA",
3230. "address": "0x466570"
3231. },
3232. {
3233. "name": "GetWindowDC",
3234. "address": "0x466574"
3235. },
3236. {
3237. "name": "GetTopWindow",
3238. "address": "0x466578"
3239. },
3240. {
3241. "name": "GetSystemMetrics",
3242. "address": "0x46657c"
3243. },
3244. {
3245. "name": "GetSystemMenu",
3246. "address": "0x466580"
3247. },
3248. {
3249. "name": "GetSysColorBrush",
3250. "address": "0x466584"
3251. },
3252. {
3253. "name": "GetSysColor",
3254. "address": "0x466588"
3255. },
3256. {
3257. "name": "GetSubMenu",
3258. "address": "0x46658c"
3259. },
3260. {
3261. "name": "GetScrollRange",
3262. "address": "0x466590"
3263. },
3264. {
3265. "name": "GetScrollPos",
3266. "address": "0x466594"
3267. },
3268. {
3269. "name": "GetScrollInfo",
3270. "address": "0x466598"
3271. },
3272. {
3273. "name": "GetPropA",
3274. "address": "0x46659c"
3275. },
3276. {
3277. "name": "GetParent",
3278. "address": "0x4665a0"
3279. },
3280. {
3281. "name": "GetWindow",
3282. "address": "0x4665a4"
3283. },
3284. {
3285. "name": "GetMenuStringA",
3286. "address": "0x4665a8"
3287. },
3288. {
3289. "name": "GetMenuState",
3290. "address": "0x4665ac"
3291. },
3292. {
3293. "name": "GetMenuItemInfoA",
3294. "address": "0x4665b0"
3295. },
3296. {
3297. "name": "GetMenuItemID",
3298. "address": "0x4665b4"
3299. },
3300. {
3301. "name": "GetMenuItemCount",
3302. "address": "0x4665b8"
3303. },
3304. {
3305. "name": "GetMenu",
3306. "address": "0x4665bc"
3307. },
3308. {
3309. "name": "GetLastActivePopup",
3310. "address": "0x4665c0"
3311. },
3312. {
3313. "name": "GetKeyboardState",
3314. "address": "0x4665c4"
3315. },
3316. {
3317. "name": "GetKeyboardLayoutList",
3318. "address": "0x4665c8"
3319. },
3320. {
3321. "name": "GetKeyboardLayout",
3322. "address": "0x4665cc"
3323. },
3324. {
3325. "name": "GetKeyState",
3326. "address": "0x4665d0"
3327. },
3328. {
3329. "name": "GetKeyNameTextA",
3330. "address": "0x4665d4"
3331. },
3332. {
3333. "name": "GetIconInfo",
3334. "address": "0x4665d8"
3335. },
3336. {
3337. "name": "GetForegroundWindow",
3338. "address": "0x4665dc"
3339. },
3340. {
3341. "name": "GetFocus",
3342. "address": "0x4665e0"
3343. },
3344. {
3345. "name": "GetDesktopWindow",
3346. "address": "0x4665e4"
3347. },
3348. {
3349. "name": "GetDCEx",
3350. "address": "0x4665e8"
3351. },
3352. {
3353. "name": "GetDC",
3354. "address": "0x4665ec"
3355. },
3356. {
3357. "name": "GetCursorPos",
3358. "address": "0x4665f0"
3359. },
3360. {
3361. "name": "GetCursor",
3362. "address": "0x4665f4"
3363. },
3364. {
3365. "name": "GetClientRect",
3366. "address": "0x4665f8"
3367. },
3368. {
3369. "name": "GetClassNameA",
3370. "address": "0x4665fc"
3371. },
3372. {
3373. "name": "GetClassInfoA",
3374. "address": "0x466600"
3375. },
3376. {
3377. "name": "GetCapture",
3378. "address": "0x466604"
3379. },
3380. {
3381. "name": "GetActiveWindow",
3382. "address": "0x466608"
3383. },
3384. {
3385. "name": "FrameRect",
3386. "address": "0x46660c"
3387. },
3388. {
3389. "name": "FindWindowA",
3390. "address": "0x466610"
3391. },
3392. {
3393. "name": "FillRect",
3394. "address": "0x466614"
3395. },
3396. {
3397. "name": "EqualRect",
3398. "address": "0x466618"
3399. },
3400. {
3401. "name": "EnumWindows",
3402. "address": "0x46661c"
3403. },
3404. {
3405. "name": "EnumThreadWindows",
3406. "address": "0x466620"
3407. },
3408. {
3409. "name": "EndPaint",
3410. "address": "0x466624"
3411. },
3412. {
3413. "name": "EnableWindow",
3414. "address": "0x466628"
3415. },
3416. {
3417. "name": "EnableScrollBar",
3418. "address": "0x46662c"
3419. },
3420. {
3421. "name": "EnableMenuItem",
3422. "address": "0x466630"
3423. },
3424. {
3425. "name": "DrawTextA",
3426. "address": "0x466634"
3427. },
3428. {
3429. "name": "DrawMenuBar",
3430. "address": "0x466638"
3431. },
3432. {
3433. "name": "DrawIconEx",
3434. "address": "0x46663c"
3435. },
3436. {
3437. "name": "DrawIcon",
3438. "address": "0x466640"
3439. },
3440. {
3441. "name": "DrawFrameControl",
3442. "address": "0x466644"
3443. },
3444. {
3445. "name": "DrawFocusRect",
3446. "address": "0x466648"
3447. },
3448. {
3449. "name": "DrawEdge",
3450. "address": "0x46664c"
3451. },
3452. {
3453. "name": "DispatchMessageA",
3454. "address": "0x466650"
3455. },
3456. {
3457. "name": "DestroyWindow",
3458. "address": "0x466654"
3459. },
3460. {
3461. "name": "DestroyMenu",
3462. "address": "0x466658"
3463. },
3464. {
3465. "name": "DestroyIcon",
3466. "address": "0x46665c"
3467. },
3468. {
3469. "name": "DestroyCursor",
3470. "address": "0x466660"
3471. },
3472. {
3473. "name": "DeleteMenu",
3474. "address": "0x466664"
3475. },
3476. {
3477. "name": "DefWindowProcA",
3478. "address": "0x466668"
3479. },
3480. {
3481. "name": "DefMDIChildProcA",
3482. "address": "0x46666c"
3483. },
3484. {
3485. "name": "DefFrameProcA",
3486. "address": "0x466670"
3487. },
3488. {
3489. "name": "CreatePopupMenu",
3490. "address": "0x466674"
3491. },
3492. {
3493. "name": "CreateMenu",
3494. "address": "0x466678"
3495. },
3496. {
3497. "name": "CreateIcon",
3498. "address": "0x46667c"
3499. },
3500. {
3501. "name": "ClientToScreen",
3502. "address": "0x466680"
3503. },
3504. {
3505. "name": "CheckMenuItem",
3506. "address": "0x466684"
3507. },
3508. {
3509. "name": "CallWindowProcA",
3510. "address": "0x466688"
3511. },
3512. {
3513. "name": "CallNextHookEx",
3514. "address": "0x46668c"
3515. },
3516. {
3517. "name": "BeginPaint",
3518. "address": "0x466690"
3519. },
3520. {
3521. "name": "CharNextA",
3522. "address": "0x466694"
3523. },
3524. {
3525. "name": "CharLowerA",
3526. "address": "0x466698"
3527. },
3528. {
3529. "name": "CharToOemA",
3530. "address": "0x46669c"
3531. },
3532. {
3533. "name": "AdjustWindowRectEx",
3534. "address": "0x4666a0"
3535. },
3536. {
3537. "name": "ActivateKeyboardLayout",
3538. "address": "0x4666a4"
3539. }
3540. ],
3541. "dll": "user32.dll"
3542. },
3543. {
3544. "imports": [
3545. {
3546. "name": "Sleep",
3547. "address": "0x4666ac"
3548. }
3549. ],
3550. "dll": "kernel32.dll"
3551. },
3552. {
3553. "imports": [
3554. {
3555. "name": "SafeArrayPtrOfIndex",
3556. "address": "0x4666b4"
3557. },
3558. {
3559. "name": "SafeArrayGetUBound",
3560. "address": "0x4666b8"
3561. },
3562. {
3563. "name": "SafeArrayGetLBound",
3564. "address": "0x4666bc"
3565. },
3566. {
3567. "name": "SafeArrayCreate",
3568. "address": "0x4666c0"
3569. },
3570. {
3571. "name": "VariantChangeType",
3572. "address": "0x4666c4"
3573. },
3574. {
3575. "name": "VariantCopy",
3576. "address": "0x4666c8"
3577. },
3578. {
3579. "name": "VariantClear",
3580. "address": "0x4666cc"
3581. },
3582. {
3583. "name": "VariantInit",
3584. "address": "0x4666d0"
3585. }
3586. ],
3587. "dll": "oleaut32.dll"
3588. },
3589. {
3590. "imports": [
3591. {
3592. "name": "ImageList_SetIconSize",
3593. "address": "0x4666d8"
3594. },
3595. {
3596. "name": "ImageList_GetIconSize",
3597. "address": "0x4666dc"
3598. },
3599. {
3600. "name": "ImageList_Write",
3601. "address": "0x4666e0"
3602. },
3603. {
3604. "name": "ImageList_Read",
3605. "address": "0x4666e4"
3606. },
3607. {
3608. "name": "ImageList_GetDragImage",
3609. "address": "0x4666e8"
3610. },
3611. {
3612. "name": "ImageList_DragShowNolock",
3613. "address": "0x4666ec"
3614. },
3615. {
3616. "name": "ImageList_SetDragCursorImage",
3617. "address": "0x4666f0"
3618. },
3619. {
3620. "name": "ImageList_DragMove",
3621. "address": "0x4666f4"
3622. },
3623. {
3624. "name": "ImageList_DragLeave",
3625. "address": "0x4666f8"
3626. },
3627. {
3628. "name": "ImageList_DragEnter",
3629. "address": "0x4666fc"
3630. },
3631. {
3632. "name": "ImageList_EndDrag",
3633. "address": "0x466700"
3634. },
3635. {
3636. "name": "ImageList_BeginDrag",
3637. "address": "0x466704"
3638. },
3639. {
3640. "name": "ImageList_Remove",
3641. "address": "0x466708"
3642. },
3643. {
3644. "name": "ImageList_DrawEx",
3645. "address": "0x46670c"
3646. },
3647. {
3648. "name": "ImageList_Draw",
3649. "address": "0x466710"
3650. },
3651. {
3652. "name": "ImageList_GetBkColor",
3653. "address": "0x466714"
3654. },
3655. {
3656. "name": "ImageList_SetBkColor",
3657. "address": "0x466718"
3658. },
3659. {
3660. "name": "ImageList_ReplaceIcon",
3661. "address": "0x46671c"
3662. },
3663. {
3664. "name": "ImageList_Add",
3665. "address": "0x466720"
3666. },
3667. {
3668. "name": "ImageList_GetImageCount",
3669. "address": "0x466724"
3670. },
3671. {
3672. "name": "ImageList_Destroy",
3673. "address": "0x466728"
3674. },
3675. {
3676. "name": "ImageList_Create",
3677. "address": "0x46672c"
3678. },
3679. {
3680. "name": "InitCommonControls",
3681. "address": "0x466730"
3682. }
3683. ],
3684. "dll": "comctl32.dll"
3685. },
3686. {
3687. "imports": [
3688. {
3689. "name": "OpenPrinterA",
3690. "address": "0x466738"
3691. },
3692. {
3693. "name": "EnumPrintersA",
3694. "address": "0x46673c"
3695. },
3696. {
3697. "name": "DocumentPropertiesA",
3698. "address": "0x466740"
3699. },
3700. {
3701. "name": "ClosePrinter",
3702. "address": "0x466744"
3703. }
3704. ],
3705. "dll": "winspool.drv"
3706. },
3707. {
3708. "imports": [
3709. {
3710. "name": "PrintDlgA",
3711. "address": "0x46674c"
3712. }
3713. ],
3714. "dll": "comdlg32.dll"
3715. }
3716. ],
3717. "digital_signers": null,
3718. "exported_dll_name": null,
3719. "actual_checksum": "0x0009b687",
3720. "overlay": null,
3721. "imagebase": "0x00400000",
3722. "reported_checksum": "0x00000000",
3723. "icon_hash": null,
3724. "entrypoint": "0x0045a020",
3725. "timestamp": "1991-12-25 14:06:39",
3726. "osversion": "4.0",
3727. "sections": [
3728. {
3729. "name": "CODE",
3730. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
3731. "virtual_address": "0x00001000",
3732. "size_of_data": "0x00059200",
3733. "entropy": "6.51",
3734. "raw_address": "0x00000400",
3735. "virtual_size": "0x00059068",
3736. "characteristics_raw": "0x60000020"
3737. },
3738. {
3739. "name": "DATA",
3740. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3741. "virtual_address": "0x0005b000",
3742. "size_of_data": "0x00009400",
3743. "entropy": "4.95",
3744. "raw_address": "0x00059600",
3745. "virtual_size": "0x00009224",
3746. "characteristics_raw": "0xc0000040"
3747. },
3748. {
3749. "name": "BSS",
3750. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3751. "virtual_address": "0x00065000",
3752. "size_of_data": "0x00000000",
3753. "entropy": "0.00",
3754. "raw_address": "0x00062a00",
3755. "virtual_size": "0x00000cfd",
3756. "characteristics_raw": "0xc0000000"
3757. },
3758. {
3759. "name": ".idata",
3760. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3761. "virtual_address": "0x00066000",
3762. "size_of_data": "0x00002200",
3763. "entropy": "4.80",
3764. "raw_address": "0x00062a00",
3765. "virtual_size": "0x000020e4",
3766. "characteristics_raw": "0xc0000040"
3767. },
3768. {
3769. "name": ".tls",
3770. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3771. "virtual_address": "0x00069000",
3772. "size_of_data": "0x00000000",
3773. "entropy": "0.00",
3774. "raw_address": "0x00064c00",
3775. "virtual_size": "0x00000010",
3776. "characteristics_raw": "0xc0000000"
3777. },
3778. {
3779. "name": ".rdata",
3780. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
3781. "virtual_address": "0x0006a000",
3782. "size_of_data": "0x00000200",
3783. "entropy": "0.21",
3784. "raw_address": "0x00064c00",
3785. "virtual_size": "0x00000018",
3786. "characteristics_raw": "0x50000040"
3787. },
3788. {
3789. "name": ".reloc",
3790. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
3791. "virtual_address": "0x0006b000",
3792. "size_of_data": "0x00006a00",
3793. "entropy": "6.66",
3794. "raw_address": "0x00064e00",
3795. "virtual_size": "0x000069a8",
3796. "characteristics_raw": "0x50000040"
3797. },
3798. {
3799. "name": ".rsrc",
3800. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
3801. "virtual_address": "0x00072000",
3802. "size_of_data": "0x00026c00",
3803. "entropy": "7.22",
3804. "raw_address": "0x0006b800",
3805. "virtual_size": "0x00026ad4",
3806. "characteristics_raw": "0x50000040"
3807. }
3808. ],
3809. "resources": [],
3810. "dirents": [
3811. {
3812. "virtual_address": "0x00000000",
3813. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
3814. "size": "0x00000000"
3815. },
3816. {
3817. "virtual_address": "0x00066000",
3818. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
3819. "size": "0x000020e4"
3820. },
3821. {
3822. "virtual_address": "0x00072000",
3823. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
3824. "size": "0x00026ad4"
3825. },
3826. {
3827. "virtual_address": "0x00000000",
3828. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
3829. "size": "0x00000000"
3830. },
3831. {
3832. "virtual_address": "0x00000000",
3833. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
3834. "size": "0x00000000"
3835. },
3836. {
3837. "virtual_address": "0x0006b000",
3838. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
3839. "size": "0x000069a8"
3840. },
3841. {
3842. "virtual_address": "0x00000000",
3843. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
3844. "size": "0x00000000"
3845. },
3846. {
3847. "virtual_address": "0x00000000",
3848. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
3849. "size": "0x00000000"
3850. },
3851. {
3852. "virtual_address": "0x00000000",
3853. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
3854. "size": "0x00000000"
3855. },
3856. {
3857. "virtual_address": "0x0006a000",
3858. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
3859. "size": "0x00000018"
3860. },
3861. {
3862. "virtual_address": "0x00000000",
3863. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
3864. "size": "0x00000000"
3865. },
3866. {
3867. "virtual_address": "0x00000000",
3868. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
3869. "size": "0x00000000"
3870. },
3871. {
3872. "virtual_address": "0x00000000",
3873. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
3874. "size": "0x00000000"
3875. },
3876. {
3877. "virtual_address": "0x00000000",
3878. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
3879. "size": "0x00000000"
3880. },
3881. {
3882. "virtual_address": "0x00000000",
3883. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
3884. "size": "0x00000000"
3885. },
3886. {
3887. "virtual_address": "0x00000000",
3888. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
3889. "size": "0x00000000"
3890. }
3891. ],
3892. "exports": [],
3893. "guest_signers": {},
3894. "imphash": "a4c69f0c0a976ff6c66b234a50f95a0c",
3895. "icon_fuzzy": null,
3896. "icon": null,
3897. "pdbpath": null,
3898. "imported_dll_count": 15,
3899. "versioninfo": []
3900. }
3901. }