f5_jpg.json

1.  
2. [*] MalFamily: "Dwud"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "f5.jpg"
7. [*] File Size: 806912
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "7c9e935e0cbf772fca2a93f51368cacc4440919ffbd1ba17106973346cc4ef64"
10. [*] MD5: "bc481feb004a51adcc8a0188634c3bea"
11. [*] SHA1: "27b21c06fb9ea9ec5e8cbeed31b343b94e9dfec4"
12. [*] SHA512: "061c2f2050f9fb7758cd5b7d2e2b0cb2f42f3c2e6f3caa0d25aa43e9dfcf5595959b7718874cd5a66e7a9e840c99af899b17a3398e95091b6922b0ae500696d6"
13. [*] CRC32: "6F78F9D8"
14. [*] SSDEEP: "12288:cdqUJz8sEoMW54nHLZQBAz3U9Yo/1Azd+Y3je1fUf66LNtJOcmqFXYchuiT4:cU+FSW54nmK3UmjzlQfUS6PDTh"
15.  
16. [*] Process Execution: [
17. "f5.jpg",
18. "f5.jpg"
19. ]
20.  
21. [*] Signatures Detected: [
22. {
23. "Description": "Creates RWX memory",
24. "Details": []
25. },
26. {
27. "Description": "The binary likely contains encrypted or compressed data.",
28. "Details": [
29. {
30. "section": "name: .rsrc, entropy: 7.18, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x00038e00, virtual_size: 0x00038df4"
31. }
32. ]
33. },
34. {
35. "Description": "Executed a process and injected code into it, probably while unpacking",
36. "Details": [
37. {
38. "Injection": "f5.jpg(344) -> f5.jpg(1804)"
39. }
40. ]
41. },
42. {
43. "Description": "File has been identified by 53 Antiviruses on VirusTotal as malicious",
44. "Details": [
45. {
46. "MicroWorld-eScan": "Trojan.Agent.DWUD"
47. },
48. {
49. "CAT-QuickHeal": "Backdoor.NetWiredRC"
50. },
51. {
52. "ALYac": "Trojan.Agent.DWUD"
53. },
54. {
55. "AegisLab": "Trojan.Win32.NetWiredRC.4!c"
56. },
57. {
58. "BitDefender": "Trojan.Agent.DWUD"
59. },
60. {
61. "K7GW": "Trojan ( 0054dfbc1 )"
62. },
63. {
64. "K7AntiVirus": "Trojan ( 0054dfbc1 )"
65. },
66. {
67. "Invincea": "heuristic"
68. },
69. {
70. "NANO-Antivirus": "Trojan.Win32.NetWiredRC.fqdoce"
71. },
72. {
73. "Cyren": "W32/Trojan.CMD.gen!Eldorado"
74. },
75. {
76. "Symantec": "Trojan.Gen.MBT"
77. },
78. {
79. "Zoner": "Trojan.Win32.78120"
80. },
81. {
82. "APEX": "Malicious"
83. },
84. {
85. "ClamAV": "Win.Dropper.Genkryptik-6968862-0"
86. },
87. {
88. "Kaspersky": "HEUR:Backdoor.Win32.NetWiredRC.gen"
89. },
90. {
91. "Alibaba": "Backdoor:Win32/Skeeyah.6f927e0f"
92. },
93. {
94. "ViRobot": "Trojan.Win32.Z.Injector.806912.FY"
95. },
96. {
97. "Ad-Aware": "Trojan.Agent.DWUD"
98. },
99. {
100. "Sophos": "Mal/Fareit-Q"
101. },
102. {
103. "Comodo": "Malware@#2z32rnse1cak8"
104. },
105. {
106. "F-Secure": "Trojan.TR/Injector.pabzb"
107. },
108. {
109. "DrWeb": "Trojan.PWS.Stealer.26197"
110. },
111. {
112. "TrendMicro": "TrojanSpy.Win32.LOKI.SMD1.hp"
113. },
114. {
115. "McAfee-GW-Edition": "BehavesLike.Win32.Fareit.bh"
116. },
117. {
118. "Trapmine": "malicious.moderate.ml.score"
119. },
120. {
121. "FireEye": "Generic.mg.bc481feb004a51ad"
122. },
123. {
124. "Emsisoft": "Trojan.Agent.DWUD (B)"
125. },
126. {
127. "SentinelOne": "DFI - Malicious PE"
128. },
129. {
130. "F-Prot": "W32/Trojan.CMD.gen!Eldorado"
131. },
132. {
133. "Webroot": "W32.Trojan.Gen"
134. },
135. {
136. "Avira": "TR/Injector.pabzb"
137. },
138. {
139. "Fortinet": "W32/GenKryptik.DFRN!tr"
140. },
141. {
142. "Antiy-AVL": "Trojan[Backdoor]/Win32.NetWiredRC"
143. },
144. {
145. "Endgame": "malicious (high confidence)"
146. },
147. {
148. "Microsoft": "Trojan:Win32/Skeeyah.A!bit"
149. },
150. {
151. "ZoneAlarm": "HEUR:Backdoor.Win32.NetWiredRC.gen"
152. },
153. {
154. "AhnLab-V3": "Win-Trojan/Delphiless.Exp"
155. },
156. {
157. "Acronis": "suspicious"
158. },
159. {
160. "McAfee": "Packed-FTB!BC481FEB004A"
161. },
162. {
163. "MAX": "malware (ai score=100)"
164. },
165. {
166. "VBA32": "Backdoor.NetWiredRC"
167. },
168. {
169. "Panda": "Trj/CI.A"
170. },
171. {
172. "Arcabit": "Trojan.Agent.DWUD"
173. },
174. {
175. "ESET-NOD32": "a variant of Win32/Injector.EFJY"
176. },
177. {
178. "TrendMicro-HouseCall": "TrojanSpy.Win32.LOKI.SMD1.hp"
179. },
180. {
181. "Rising": "Malware.Heuristic.MLite(100%) (AI-LITE:7LxjClPPz6tN9mW9VR0UTQ)"
182. },
183. {
184. "Ikarus": "Trojan-Spy.Keylogger.AgentTesla"
185. },
186. {
187. "GData": "Trojan.Agent.DWUD"
188. },
189. {
190. "AVG": "Win32:Malware-gen"
191. },
192. {
193. "Cybereason": "malicious.6fb9ea"
194. },
195. {
196. "Avast": "Win32:Malware-gen"
197. },
198. {
199. "CrowdStrike": "win/malicious_confidence_100% (W)"
200. },
201. {
202. "Qihoo-360": "Win32/Trojan.9ca"
203. }
204. ]
205. },
206. {
207. "Description": "Anomalous binary characteristics",
208. "Details": [
209. {
210. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
211. }
212. ]
213. }
214. ]
215.  
216. [*] Started Service: []
217.  
218. [*] Executed Commands: [
219. "\"C:\\Users\\user\\AppData\\Local\\Temp\\f5.jpg\""
220. ]
221.  
222. [*] Mutexes: []
223.  
224. [*] Modified Files: []
225.  
226. [*] Deleted Files: []
227.  
228. [*] Modified Registry Keys: []
229.  
230. [*] Deleted Registry Keys: []
231.  
232. [*] DNS Communications: []
233.  
234. [*] Domains: []
235.  
236. [*] Network Communication - ICMP: []
237.  
238. [*] Network Communication - HTTP: []
239.  
240. [*] Network Communication - SMTP: []
241.  
242. [*] Network Communication - Hosts: []
243.  
244. [*] Network Communication - IRC: []
245.  
246. [*] Static Analysis: {
247. "pe": {
248. "peid_signatures": null,
249. "imports": [
250. {
251. "imports": [
252. {
253. "name": "DeleteCriticalSection",
254. "address": "0x483154"
255. },
256. {
257. "name": "LeaveCriticalSection",
258. "address": "0x483158"
259. },
260. {
261. "name": "EnterCriticalSection",
262. "address": "0x48315c"
263. },
264. {
265. "name": "InitializeCriticalSection",
266. "address": "0x483160"
267. },
268. {
269. "name": "VirtualFree",
270. "address": "0x483164"
271. },
272. {
273. "name": "VirtualAlloc",
274. "address": "0x483168"
275. },
276. {
277. "name": "LocalFree",
278. "address": "0x48316c"
279. },
280. {
281. "name": "LocalAlloc",
282. "address": "0x483170"
283. },
284. {
285. "name": "GetVersion",
286. "address": "0x483174"
287. },
288. {
289. "name": "GetCurrentThreadId",
290. "address": "0x483178"
291. },
292. {
293. "name": "InterlockedDecrement",
294. "address": "0x48317c"
295. },
296. {
297. "name": "InterlockedIncrement",
298. "address": "0x483180"
299. },
300. {
301. "name": "VirtualQuery",
302. "address": "0x483184"
303. },
304. {
305. "name": "WideCharToMultiByte",
306. "address": "0x483188"
307. },
308. {
309. "name": "MultiByteToWideChar",
310. "address": "0x48318c"
311. },
312. {
313. "name": "lstrlenA",
314. "address": "0x483190"
315. },
316. {
317. "name": "lstrcpynA",
318. "address": "0x483194"
319. },
320. {
321. "name": "LoadLibraryExA",
322. "address": "0x483198"
323. },
324. {
325. "name": "GetThreadLocale",
326. "address": "0x48319c"
327. },
328. {
329. "name": "GetStartupInfoA",
330. "address": "0x4831a0"
331. },
332. {
333. "name": "GetProcAddress",
334. "address": "0x4831a4"
335. },
336. {
337. "name": "GetModuleHandleA",
338. "address": "0x4831a8"
339. },
340. {
341. "name": "GetModuleFileNameA",
342. "address": "0x4831ac"
343. },
344. {
345. "name": "GetLocaleInfoA",
346. "address": "0x4831b0"
347. },
348. {
349. "name": "GetCommandLineA",
350. "address": "0x4831b4"
351. },
352. {
353. "name": "FreeLibrary",
354. "address": "0x4831b8"
355. },
356. {
357. "name": "FindFirstFileA",
358. "address": "0x4831bc"
359. },
360. {
361. "name": "FindClose",
362. "address": "0x4831c0"
363. },
364. {
365. "name": "ExitProcess",
366. "address": "0x4831c4"
367. },
368. {
369. "name": "WriteFile",
370. "address": "0x4831c8"
371. },
372. {
373. "name": "UnhandledExceptionFilter",
374. "address": "0x4831cc"
375. },
376. {
377. "name": "RtlUnwind",
378. "address": "0x4831d0"
379. },
380. {
381. "name": "RaiseException",
382. "address": "0x4831d4"
383. },
384. {
385. "name": "GetStdHandle",
386. "address": "0x4831d8"
387. }
388. ],
389. "dll": "kernel32.dll"
390. },
391. {
392. "imports": [
393. {
394. "name": "GetKeyboardType",
395. "address": "0x4831e0"
396. },
397. {
398. "name": "LoadStringA",
399. "address": "0x4831e4"
400. },
401. {
402. "name": "MessageBoxA",
403. "address": "0x4831e8"
404. },
405. {
406. "name": "CharNextA",
407. "address": "0x4831ec"
408. }
409. ],
410. "dll": "user32.dll"
411. },
412. {
413. "imports": [
414. {
415. "name": "RegQueryValueExA",
416. "address": "0x4831f4"
417. },
418. {
419. "name": "RegOpenKeyExA",
420. "address": "0x4831f8"
421. },
422. {
423. "name": "RegCloseKey",
424. "address": "0x4831fc"
425. }
426. ],
427. "dll": "advapi32.dll"
428. },
429. {
430. "imports": [
431. {
432. "name": "SysFreeString",
433. "address": "0x483204"
434. },
435. {
436. "name": "SysReAllocStringLen",
437. "address": "0x483208"
438. },
439. {
440. "name": "SysAllocStringLen",
441. "address": "0x48320c"
442. }
443. ],
444. "dll": "oleaut32.dll"
445. },
446. {
447. "imports": [
448. {
449. "name": "TlsSetValue",
450. "address": "0x483214"
451. },
452. {
453. "name": "TlsGetValue",
454. "address": "0x483218"
455. },
456. {
457. "name": "LocalAlloc",
458. "address": "0x48321c"
459. },
460. {
461. "name": "GetModuleHandleA",
462. "address": "0x483220"
463. }
464. ],
465. "dll": "kernel32.dll"
466. },
467. {
468. "imports": [
469. {
470. "name": "RegQueryValueExA",
471. "address": "0x483228"
472. },
473. {
474. "name": "RegOpenKeyExA",
475. "address": "0x48322c"
476. },
477. {
478. "name": "RegCloseKey",
479. "address": "0x483230"
480. }
481. ],
482. "dll": "advapi32.dll"
483. },
484. {
485. "imports": [
486. {
487. "name": "lstrcpyA",
488. "address": "0x483238"
489. },
490. {
491. "name": "WriteFile",
492. "address": "0x48323c"
493. },
494. {
495. "name": "WaitForSingleObject",
496. "address": "0x483240"
497. },
498. {
499. "name": "VirtualQuery",
500. "address": "0x483244"
501. },
502. {
503. "name": "VirtualProtectEx",
504. "address": "0x483248"
505. },
506. {
507. "name": "VirtualFree",
508. "address": "0x48324c"
509. },
510. {
511. "name": "VirtualAlloc",
512. "address": "0x483250"
513. },
514. {
515. "name": "Sleep",
516. "address": "0x483254"
517. },
518. {
519. "name": "SizeofResource",
520. "address": "0x483258"
521. },
522. {
523. "name": "SetThreadLocale",
524. "address": "0x48325c"
525. },
526. {
527. "name": "SetFilePointer",
528. "address": "0x483260"
529. },
530. {
531. "name": "SetEvent",
532. "address": "0x483264"
533. },
534. {
535. "name": "SetErrorMode",
536. "address": "0x483268"
537. },
538. {
539. "name": "SetEndOfFile",
540. "address": "0x48326c"
541. },
542. {
543. "name": "ResetEvent",
544. "address": "0x483270"
545. },
546. {
547. "name": "ReadFile",
548. "address": "0x483274"
549. },
550. {
551. "name": "MultiByteToWideChar",
552. "address": "0x483278"
553. },
554. {
555. "name": "MulDiv",
556. "address": "0x48327c"
557. },
558. {
559. "name": "LockResource",
560. "address": "0x483280"
561. },
562. {
563. "name": "LoadResource",
564. "address": "0x483284"
565. },
566. {
567. "name": "LoadLibraryA",
568. "address": "0x483288"
569. },
570. {
571. "name": "LeaveCriticalSection",
572. "address": "0x48328c"
573. },
574. {
575. "name": "InitializeCriticalSection",
576. "address": "0x483290"
577. },
578. {
579. "name": "GlobalUnlock",
580. "address": "0x483294"
581. },
582. {
583. "name": "GlobalReAlloc",
584. "address": "0x483298"
585. },
586. {
587. "name": "GlobalHandle",
588. "address": "0x48329c"
589. },
590. {
591. "name": "GlobalLock",
592. "address": "0x4832a0"
593. },
594. {
595. "name": "GlobalFree",
596. "address": "0x4832a4"
597. },
598. {
599. "name": "GlobalFindAtomA",
600. "address": "0x4832a8"
601. },
602. {
603. "name": "GlobalDeleteAtom",
604. "address": "0x4832ac"
605. },
606. {
607. "name": "GlobalAlloc",
608. "address": "0x4832b0"
609. },
610. {
611. "name": "GlobalAddAtomA",
612. "address": "0x4832b4"
613. },
614. {
615. "name": "GetVersionExA",
616. "address": "0x4832b8"
617. },
618. {
619. "name": "GetVersion",
620. "address": "0x4832bc"
621. },
622. {
623. "name": "GetTickCount",
624. "address": "0x4832c0"
625. },
626. {
627. "name": "GetThreadLocale",
628. "address": "0x4832c4"
629. },
630. {
631. "name": "GetSystemInfo",
632. "address": "0x4832c8"
633. },
634. {
635. "name": "GetStringTypeExA",
636. "address": "0x4832cc"
637. },
638. {
639. "name": "GetStdHandle",
640. "address": "0x4832d0"
641. },
642. {
643. "name": "GetProcAddress",
644. "address": "0x4832d4"
645. },
646. {
647. "name": "GetModuleHandleA",
648. "address": "0x4832d8"
649. },
650. {
651. "name": "GetModuleFileNameA",
652. "address": "0x4832dc"
653. },
654. {
655. "name": "GetLocaleInfoA",
656. "address": "0x4832e0"
657. },
658. {
659. "name": "GetLocalTime",
660. "address": "0x4832e4"
661. },
662. {
663. "name": "GetLastError",
664. "address": "0x4832e8"
665. },
666. {
667. "name": "GetFullPathNameA",
668. "address": "0x4832ec"
669. },
670. {
671. "name": "GetDiskFreeSpaceA",
672. "address": "0x4832f0"
673. },
674. {
675. "name": "GetDateFormatA",
676. "address": "0x4832f4"
677. },
678. {
679. "name": "GetCurrentThreadId",
680. "address": "0x4832f8"
681. },
682. {
683. "name": "GetCurrentProcessId",
684. "address": "0x4832fc"
685. },
686. {
687. "name": "GetCPInfo",
688. "address": "0x483300"
689. },
690. {
691. "name": "GetACP",
692. "address": "0x483304"
693. },
694. {
695. "name": "FreeResource",
696. "address": "0x483308"
697. },
698. {
699. "name": "InterlockedExchange",
700. "address": "0x48330c"
701. },
702. {
703. "name": "FreeLibrary",
704. "address": "0x483310"
705. },
706. {
707. "name": "FormatMessageA",
708. "address": "0x483314"
709. },
710. {
711. "name": "FindResourceA",
712. "address": "0x483318"
713. },
714. {
715. "name": "EnumCalendarInfoA",
716. "address": "0x48331c"
717. },
718. {
719. "name": "EnterCriticalSection",
720. "address": "0x483320"
721. },
722. {
723. "name": "DeleteCriticalSection",
724. "address": "0x483324"
725. },
726. {
727. "name": "CreateThread",
728. "address": "0x483328"
729. },
730. {
731. "name": "CreateFileA",
732. "address": "0x48332c"
733. },
734. {
735. "name": "CreateEventA",
736. "address": "0x483330"
737. },
738. {
739. "name": "CompareStringA",
740. "address": "0x483334"
741. },
742. {
743. "name": "CloseHandle",
744. "address": "0x483338"
745. }
746. ],
747. "dll": "kernel32.dll"
748. },
749. {
750. "imports": [
751. {
752. "name": "VerQueryValueA",
753. "address": "0x483340"
754. },
755. {
756. "name": "GetFileVersionInfoSizeA",
757. "address": "0x483344"
758. },
759. {
760. "name": "GetFileVersionInfoA",
761. "address": "0x483348"
762. }
763. ],
764. "dll": "version.dll"
765. },
766. {
767. "imports": [
768. {
769. "name": "UnrealizeObject",
770. "address": "0x483350"
771. },
772. {
773. "name": "StretchBlt",
774. "address": "0x483354"
775. },
776. {
777. "name": "SetWindowOrgEx",
778. "address": "0x483358"
779. },
780. {
781. "name": "SetViewportOrgEx",
782. "address": "0x48335c"
783. },
784. {
785. "name": "SetTextColor",
786. "address": "0x483360"
787. },
788. {
789. "name": "SetStretchBltMode",
790. "address": "0x483364"
791. },
792. {
793. "name": "SetROP2",
794. "address": "0x483368"
795. },
796. {
797. "name": "SetPixel",
798. "address": "0x48336c"
799. },
800. {
801. "name": "SetDIBColorTable",
802. "address": "0x483370"
803. },
804. {
805. "name": "SetBrushOrgEx",
806. "address": "0x483374"
807. },
808. {
809. "name": "SetBkMode",
810. "address": "0x483378"
811. },
812. {
813. "name": "SetBkColor",
814. "address": "0x48337c"
815. },
816. {
817. "name": "SelectPalette",
818. "address": "0x483380"
819. },
820. {
821. "name": "SelectObject",
822. "address": "0x483384"
823. },
824. {
825. "name": "SaveDC",
826. "address": "0x483388"
827. },
828. {
829. "name": "RestoreDC",
830. "address": "0x48338c"
831. },
832. {
833. "name": "RectVisible",
834. "address": "0x483390"
835. },
836. {
837. "name": "RealizePalette",
838. "address": "0x483394"
839. },
840. {
841. "name": "PatBlt",
842. "address": "0x483398"
843. },
844. {
845. "name": "MoveToEx",
846. "address": "0x48339c"
847. },
848. {
849. "name": "MaskBlt",
850. "address": "0x4833a0"
851. },
852. {
853. "name": "LineTo",
854. "address": "0x4833a4"
855. },
856. {
857. "name": "IntersectClipRect",
858. "address": "0x4833a8"
859. },
860. {
861. "name": "GetWindowOrgEx",
862. "address": "0x4833ac"
863. },
864. {
865. "name": "GetTextMetricsA",
866. "address": "0x4833b0"
867. },
868. {
869. "name": "GetTextExtentPoint32A",
870. "address": "0x4833b4"
871. },
872. {
873. "name": "GetSystemPaletteEntries",
874. "address": "0x4833b8"
875. },
876. {
877. "name": "GetStockObject",
878. "address": "0x4833bc"
879. },
880. {
881. "name": "GetPixel",
882. "address": "0x4833c0"
883. },
884. {
885. "name": "GetPaletteEntries",
886. "address": "0x4833c4"
887. },
888. {
889. "name": "GetObjectA",
890. "address": "0x4833c8"
891. },
892. {
893. "name": "GetDeviceCaps",
894. "address": "0x4833cc"
895. },
896. {
897. "name": "GetDIBits",
898. "address": "0x4833d0"
899. },
900. {
901. "name": "GetDIBColorTable",
902. "address": "0x4833d4"
903. },
904. {
905. "name": "GetDCOrgEx",
906. "address": "0x4833d8"
907. },
908. {
909. "name": "GetCurrentPositionEx",
910. "address": "0x4833dc"
911. },
912. {
913. "name": "GetClipBox",
914. "address": "0x4833e0"
915. },
916. {
917. "name": "GetBrushOrgEx",
918. "address": "0x4833e4"
919. },
920. {
921. "name": "GetBitmapBits",
922. "address": "0x4833e8"
923. },
924. {
925. "name": "ExtTextOutA",
926. "address": "0x4833ec"
927. },
928. {
929. "name": "ExcludeClipRect",
930. "address": "0x4833f0"
931. },
932. {
933. "name": "DeleteObject",
934. "address": "0x4833f4"
935. },
936. {
937. "name": "DeleteDC",
938. "address": "0x4833f8"
939. },
940. {
941. "name": "CreateSolidBrush",
942. "address": "0x4833fc"
943. },
944. {
945. "name": "CreatePenIndirect",
946. "address": "0x483400"
947. },
948. {
949. "name": "CreatePalette",
950. "address": "0x483404"
951. },
952. {
953. "name": "CreateHalftonePalette",
954. "address": "0x483408"
955. },
956. {
957. "name": "CreateFontIndirectA",
958. "address": "0x48340c"
959. },
960. {
961. "name": "CreateDIBitmap",
962. "address": "0x483410"
963. },
964. {
965. "name": "CreateDIBSection",
966. "address": "0x483414"
967. },
968. {
969. "name": "CreateCompatibleDC",
970. "address": "0x483418"
971. },
972. {
973. "name": "CreateCompatibleBitmap",
974. "address": "0x48341c"
975. },
976. {
977. "name": "CreateBrushIndirect",
978. "address": "0x483420"
979. },
980. {
981. "name": "CreateBitmap",
982. "address": "0x483424"
983. },
984. {
985. "name": "BitBlt",
986. "address": "0x483428"
987. }
988. ],
989. "dll": "gdi32.dll"
990. },
991. {
992. "imports": [
993. {
994. "name": "CreateWindowExA",
995. "address": "0x483430"
996. },
997. {
998. "name": "WindowFromPoint",
999. "address": "0x483434"
1000. },
1001. {
1002. "name": "WinHelpA",
1003. "address": "0x483438"
1004. },
1005. {
1006. "name": "WaitMessage",
1007. "address": "0x48343c"
1008. },
1009. {
1010. "name": "UpdateWindow",
1011. "address": "0x483440"
1012. },
1013. {
1014. "name": "UnregisterClassA",
1015. "address": "0x483444"
1016. },
1017. {
1018. "name": "UnhookWindowsHookEx",
1019. "address": "0x483448"
1020. },
1021. {
1022. "name": "TranslateMessage",
1023. "address": "0x48344c"
1024. },
1025. {
1026. "name": "TranslateMDISysAccel",
1027. "address": "0x483450"
1028. },
1029. {
1030. "name": "TrackPopupMenu",
1031. "address": "0x483454"
1032. },
1033. {
1034. "name": "SystemParametersInfoA",
1035. "address": "0x483458"
1036. },
1037. {
1038. "name": "ShowWindow",
1039. "address": "0x48345c"
1040. },
1041. {
1042. "name": "ShowScrollBar",
1043. "address": "0x483460"
1044. },
1045. {
1046. "name": "ShowOwnedPopups",
1047. "address": "0x483464"
1048. },
1049. {
1050. "name": "ShowCursor",
1051. "address": "0x483468"
1052. },
1053. {
1054. "name": "SetWindowsHookExA",
1055. "address": "0x48346c"
1056. },
1057. {
1058. "name": "SetWindowTextA",
1059. "address": "0x483470"
1060. },
1061. {
1062. "name": "SetWindowPos",
1063. "address": "0x483474"
1064. },
1065. {
1066. "name": "SetWindowPlacement",
1067. "address": "0x483478"
1068. },
1069. {
1070. "name": "SetWindowLongA",
1071. "address": "0x48347c"
1072. },
1073. {
1074. "name": "SetTimer",
1075. "address": "0x483480"
1076. },
1077. {
1078. "name": "SetScrollRange",
1079. "address": "0x483484"
1080. },
1081. {
1082. "name": "SetScrollPos",
1083. "address": "0x483488"
1084. },
1085. {
1086. "name": "SetScrollInfo",
1087. "address": "0x48348c"
1088. },
1089. {
1090. "name": "SetRect",
1091. "address": "0x483490"
1092. },
1093. {
1094. "name": "SetPropA",
1095. "address": "0x483494"
1096. },
1097. {
1098. "name": "SetParent",
1099. "address": "0x483498"
1100. },
1101. {
1102. "name": "SetMenuItemInfoA",
1103. "address": "0x48349c"
1104. },
1105. {
1106. "name": "SetMenu",
1107. "address": "0x4834a0"
1108. },
1109. {
1110. "name": "SetForegroundWindow",
1111. "address": "0x4834a4"
1112. },
1113. {
1114. "name": "SetFocus",
1115. "address": "0x4834a8"
1116. },
1117. {
1118. "name": "SetCursor",
1119. "address": "0x4834ac"
1120. },
1121. {
1122. "name": "SetClassLongA",
1123. "address": "0x4834b0"
1124. },
1125. {
1126. "name": "SetCapture",
1127. "address": "0x4834b4"
1128. },
1129. {
1130. "name": "SetActiveWindow",
1131. "address": "0x4834b8"
1132. },
1133. {
1134. "name": "SendMessageA",
1135. "address": "0x4834bc"
1136. },
1137. {
1138. "name": "ScrollWindow",
1139. "address": "0x4834c0"
1140. },
1141. {
1142. "name": "ScreenToClient",
1143. "address": "0x4834c4"
1144. },
1145. {
1146. "name": "RemovePropA",
1147. "address": "0x4834c8"
1148. },
1149. {
1150. "name": "RemoveMenu",
1151. "address": "0x4834cc"
1152. },
1153. {
1154. "name": "ReleaseDC",
1155. "address": "0x4834d0"
1156. },
1157. {
1158. "name": "ReleaseCapture",
1159. "address": "0x4834d4"
1160. },
1161. {
1162. "name": "RegisterWindowMessageA",
1163. "address": "0x4834d8"
1164. },
1165. {
1166. "name": "RegisterClipboardFormatA",
1167. "address": "0x4834dc"
1168. },
1169. {
1170. "name": "RegisterClassA",
1171. "address": "0x4834e0"
1172. },
1173. {
1174. "name": "RedrawWindow",
1175. "address": "0x4834e4"
1176. },
1177. {
1178. "name": "PtInRect",
1179. "address": "0x4834e8"
1180. },
1181. {
1182. "name": "PostQuitMessage",
1183. "address": "0x4834ec"
1184. },
1185. {
1186. "name": "PostMessageA",
1187. "address": "0x4834f0"
1188. },
1189. {
1190. "name": "PeekMessageA",
1191. "address": "0x4834f4"
1192. },
1193. {
1194. "name": "OffsetRect",
1195. "address": "0x4834f8"
1196. },
1197. {
1198. "name": "OemToCharA",
1199. "address": "0x4834fc"
1200. },
1201. {
1202. "name": "MessageBoxA",
1203. "address": "0x483500"
1204. },
1205. {
1206. "name": "MapWindowPoints",
1207. "address": "0x483504"
1208. },
1209. {
1210. "name": "MapVirtualKeyA",
1211. "address": "0x483508"
1212. },
1213. {
1214. "name": "LoadStringA",
1215. "address": "0x48350c"
1216. },
1217. {
1218. "name": "LoadKeyboardLayoutA",
1219. "address": "0x483510"
1220. },
1221. {
1222. "name": "LoadIconA",
1223. "address": "0x483514"
1224. },
1225. {
1226. "name": "LoadCursorA",
1227. "address": "0x483518"
1228. },
1229. {
1230. "name": "LoadBitmapA",
1231. "address": "0x48351c"
1232. },
1233. {
1234. "name": "KillTimer",
1235. "address": "0x483520"
1236. },
1237. {
1238. "name": "IsZoomed",
1239. "address": "0x483524"
1240. },
1241. {
1242. "name": "IsWindowVisible",
1243. "address": "0x483528"
1244. },
1245. {
1246. "name": "IsWindowEnabled",
1247. "address": "0x48352c"
1248. },
1249. {
1250. "name": "IsWindow",
1251. "address": "0x483530"
1252. },
1253. {
1254. "name": "IsRectEmpty",
1255. "address": "0x483534"
1256. },
1257. {
1258. "name": "IsIconic",
1259. "address": "0x483538"
1260. },
1261. {
1262. "name": "IsDialogMessageA",
1263. "address": "0x48353c"
1264. },
1265. {
1266. "name": "IsChild",
1267. "address": "0x483540"
1268. },
1269. {
1270. "name": "InvalidateRect",
1271. "address": "0x483544"
1272. },
1273. {
1274. "name": "IntersectRect",
1275. "address": "0x483548"
1276. },
1277. {
1278. "name": "InsertMenuItemA",
1279. "address": "0x48354c"
1280. },
1281. {
1282. "name": "InsertMenuA",
1283. "address": "0x483550"
1284. },
1285. {
1286. "name": "InflateRect",
1287. "address": "0x483554"
1288. },
1289. {
1290. "name": "GetWindowThreadProcessId",
1291. "address": "0x483558"
1292. },
1293. {
1294. "name": "GetWindowTextA",
1295. "address": "0x48355c"
1296. },
1297. {
1298. "name": "GetWindowRect",
1299. "address": "0x483560"
1300. },
1301. {
1302. "name": "GetWindowPlacement",
1303. "address": "0x483564"
1304. },
1305. {
1306. "name": "GetWindowLongA",
1307. "address": "0x483568"
1308. },
1309. {
1310. "name": "GetWindowDC",
1311. "address": "0x48356c"
1312. },
1313. {
1314. "name": "GetTopWindow",
1315. "address": "0x483570"
1316. },
1317. {
1318. "name": "GetSystemMetrics",
1319. "address": "0x483574"
1320. },
1321. {
1322. "name": "GetSystemMenu",
1323. "address": "0x483578"
1324. },
1325. {
1326. "name": "GetSysColorBrush",
1327. "address": "0x48357c"
1328. },
1329. {
1330. "name": "GetSysColor",
1331. "address": "0x483580"
1332. },
1333. {
1334. "name": "GetSubMenu",
1335. "address": "0x483584"
1336. },
1337. {
1338. "name": "GetScrollRange",
1339. "address": "0x483588"
1340. },
1341. {
1342. "name": "GetScrollPos",
1343. "address": "0x48358c"
1344. },
1345. {
1346. "name": "GetScrollInfo",
1347. "address": "0x483590"
1348. },
1349. {
1350. "name": "GetPropA",
1351. "address": "0x483594"
1352. },
1353. {
1354. "name": "GetParent",
1355. "address": "0x483598"
1356. },
1357. {
1358. "name": "GetWindow",
1359. "address": "0x48359c"
1360. },
1361. {
1362. "name": "GetMenuStringA",
1363. "address": "0x4835a0"
1364. },
1365. {
1366. "name": "GetMenuState",
1367. "address": "0x4835a4"
1368. },
1369. {
1370. "name": "GetMenuItemInfoA",
1371. "address": "0x4835a8"
1372. },
1373. {
1374. "name": "GetMenuItemID",
1375. "address": "0x4835ac"
1376. },
1377. {
1378. "name": "GetMenuItemCount",
1379. "address": "0x4835b0"
1380. },
1381. {
1382. "name": "GetMenu",
1383. "address": "0x4835b4"
1384. },
1385. {
1386. "name": "GetLastInputInfo",
1387. "address": "0x4835b8"
1388. },
1389. {
1390. "name": "GetLastActivePopup",
1391. "address": "0x4835bc"
1392. },
1393. {
1394. "name": "GetKeyboardState",
1395. "address": "0x4835c0"
1396. },
1397. {
1398. "name": "GetKeyboardLayoutList",
1399. "address": "0x4835c4"
1400. },
1401. {
1402. "name": "GetKeyboardLayout",
1403. "address": "0x4835c8"
1404. },
1405. {
1406. "name": "GetKeyState",
1407. "address": "0x4835cc"
1408. },
1409. {
1410. "name": "GetKeyNameTextA",
1411. "address": "0x4835d0"
1412. },
1413. {
1414. "name": "GetIconInfo",
1415. "address": "0x4835d4"
1416. },
1417. {
1418. "name": "GetForegroundWindow",
1419. "address": "0x4835d8"
1420. },
1421. {
1422. "name": "GetFocus",
1423. "address": "0x4835dc"
1424. },
1425. {
1426. "name": "GetDlgItem",
1427. "address": "0x4835e0"
1428. },
1429. {
1430. "name": "GetDesktopWindow",
1431. "address": "0x4835e4"
1432. },
1433. {
1434. "name": "GetDCEx",
1435. "address": "0x4835e8"
1436. },
1437. {
1438. "name": "GetDC",
1439. "address": "0x4835ec"
1440. },
1441. {
1442. "name": "GetCursorPos",
1443. "address": "0x4835f0"
1444. },
1445. {
1446. "name": "GetCursor",
1447. "address": "0x4835f4"
1448. },
1449. {
1450. "name": "GetClipboardViewer",
1451. "address": "0x4835f8"
1452. },
1453. {
1454. "name": "GetClientRect",
1455. "address": "0x4835fc"
1456. },
1457. {
1458. "name": "GetClassNameA",
1459. "address": "0x483600"
1460. },
1461. {
1462. "name": "GetClassInfoA",
1463. "address": "0x483604"
1464. },
1465. {
1466. "name": "GetCapture",
1467. "address": "0x483608"
1468. },
1469. {
1470. "name": "GetActiveWindow",
1471. "address": "0x48360c"
1472. },
1473. {
1474. "name": "FrameRect",
1475. "address": "0x483610"
1476. },
1477. {
1478. "name": "FindWindowA",
1479. "address": "0x483614"
1480. },
1481. {
1482. "name": "FillRect",
1483. "address": "0x483618"
1484. },
1485. {
1486. "name": "EqualRect",
1487. "address": "0x48361c"
1488. },
1489. {
1490. "name": "EnumWindows",
1491. "address": "0x483620"
1492. },
1493. {
1494. "name": "EnumThreadWindows",
1495. "address": "0x483624"
1496. },
1497. {
1498. "name": "EndPaint",
1499. "address": "0x483628"
1500. },
1501. {
1502. "name": "EnableWindow",
1503. "address": "0x48362c"
1504. },
1505. {
1506. "name": "EnableScrollBar",
1507. "address": "0x483630"
1508. },
1509. {
1510. "name": "EnableMenuItem",
1511. "address": "0x483634"
1512. },
1513. {
1514. "name": "DrawTextA",
1515. "address": "0x483638"
1516. },
1517. {
1518. "name": "DrawMenuBar",
1519. "address": "0x48363c"
1520. },
1521. {
1522. "name": "DrawIconEx",
1523. "address": "0x483640"
1524. },
1525. {
1526. "name": "DrawIcon",
1527. "address": "0x483644"
1528. },
1529. {
1530. "name": "DrawFrameControl",
1531. "address": "0x483648"
1532. },
1533. {
1534. "name": "DrawFocusRect",
1535. "address": "0x48364c"
1536. },
1537. {
1538. "name": "DrawEdge",
1539. "address": "0x483650"
1540. },
1541. {
1542. "name": "DispatchMessageA",
1543. "address": "0x483654"
1544. },
1545. {
1546. "name": "DestroyWindow",
1547. "address": "0x483658"
1548. },
1549. {
1550. "name": "DestroyMenu",
1551. "address": "0x48365c"
1552. },
1553. {
1554. "name": "DestroyIcon",
1555. "address": "0x483660"
1556. },
1557. {
1558. "name": "DestroyCursor",
1559. "address": "0x483664"
1560. },
1561. {
1562. "name": "DeleteMenu",
1563. "address": "0x483668"
1564. },
1565. {
1566. "name": "DefWindowProcA",
1567. "address": "0x48366c"
1568. },
1569. {
1570. "name": "DefMDIChildProcA",
1571. "address": "0x483670"
1572. },
1573. {
1574. "name": "DefFrameProcA",
1575. "address": "0x483674"
1576. },
1577. {
1578. "name": "CreatePopupMenu",
1579. "address": "0x483678"
1580. },
1581. {
1582. "name": "CreateMenu",
1583. "address": "0x48367c"
1584. },
1585. {
1586. "name": "CreateIcon",
1587. "address": "0x483680"
1588. },
1589. {
1590. "name": "ClientToScreen",
1591. "address": "0x483684"
1592. },
1593. {
1594. "name": "CheckMenuItem",
1595. "address": "0x483688"
1596. },
1597. {
1598. "name": "CallWindowProcA",
1599. "address": "0x48368c"
1600. },
1601. {
1602. "name": "CallNextHookEx",
1603. "address": "0x483690"
1604. },
1605. {
1606. "name": "BeginPaint",
1607. "address": "0x483694"
1608. },
1609. {
1610. "name": "CharNextA",
1611. "address": "0x483698"
1612. },
1613. {
1614. "name": "CharLowerA",
1615. "address": "0x48369c"
1616. },
1617. {
1618. "name": "CharUpperBuffA",
1619. "address": "0x4836a0"
1620. },
1621. {
1622. "name": "CharToOemA",
1623. "address": "0x4836a4"
1624. },
1625. {
1626. "name": "AdjustWindowRectEx",
1627. "address": "0x4836a8"
1628. },
1629. {
1630. "name": "ActivateKeyboardLayout",
1631. "address": "0x4836ac"
1632. }
1633. ],
1634. "dll": "user32.dll"
1635. },
1636. {
1637. "imports": [
1638. {
1639. "name": "Sleep",
1640. "address": "0x4836b4"
1641. }
1642. ],
1643. "dll": "kernel32.dll"
1644. },
1645. {
1646. "imports": [
1647. {
1648. "name": "SafeArrayPtrOfIndex",
1649. "address": "0x4836bc"
1650. },
1651. {
1652. "name": "SafeArrayPutElement",
1653. "address": "0x4836c0"
1654. },
1655. {
1656. "name": "SafeArrayGetElement",
1657. "address": "0x4836c4"
1658. },
1659. {
1660. "name": "SafeArrayUnaccessData",
1661. "address": "0x4836c8"
1662. },
1663. {
1664. "name": "SafeArrayAccessData",
1665. "address": "0x4836cc"
1666. },
1667. {
1668. "name": "SafeArrayGetUBound",
1669. "address": "0x4836d0"
1670. },
1671. {
1672. "name": "SafeArrayGetLBound",
1673. "address": "0x4836d4"
1674. },
1675. {
1676. "name": "SafeArrayCreate",
1677. "address": "0x4836d8"
1678. },
1679. {
1680. "name": "VariantChangeType",
1681. "address": "0x4836dc"
1682. },
1683. {
1684. "name": "VariantCopyInd",
1685. "address": "0x4836e0"
1686. },
1687. {
1688. "name": "VariantCopy",
1689. "address": "0x4836e4"
1690. },
1691. {
1692. "name": "VariantClear",
1693. "address": "0x4836e8"
1694. },
1695. {
1696. "name": "VariantInit",
1697. "address": "0x4836ec"
1698. }
1699. ],
1700. "dll": "oleaut32.dll"
1701. },
1702. {
1703. "imports": [
1704. {
1705. "name": "CoUninitialize",
1706. "address": "0x4836f4"
1707. },
1708. {
1709. "name": "CoInitialize",
1710. "address": "0x4836f8"
1711. }
1712. ],
1713. "dll": "ole32.dll"
1714. },
1715. {
1716. "imports": [
1717. {
1718. "name": "GetErrorInfo",
1719. "address": "0x483700"
1720. },
1721. {
1722. "name": "SysFreeString",
1723. "address": "0x483704"
1724. }
1725. ],
1726. "dll": "oleaut32.dll"
1727. },
1728. {
1729. "imports": [
1730. {
1731. "name": "ImageList_SetIconSize",
1732. "address": "0x48370c"
1733. },
1734. {
1735. "name": "ImageList_GetIconSize",
1736. "address": "0x483710"
1737. },
1738. {
1739. "name": "ImageList_Write",
1740. "address": "0x483714"
1741. },
1742. {
1743. "name": "ImageList_Read",
1744. "address": "0x483718"
1745. },
1746. {
1747. "name": "ImageList_GetDragImage",
1748. "address": "0x48371c"
1749. },
1750. {
1751. "name": "ImageList_DragShowNolock",
1752. "address": "0x483720"
1753. },
1754. {
1755. "name": "ImageList_SetDragCursorImage",
1756. "address": "0x483724"
1757. },
1758. {
1759. "name": "ImageList_DragMove",
1760. "address": "0x483728"
1761. },
1762. {
1763. "name": "ImageList_DragLeave",
1764. "address": "0x48372c"
1765. },
1766. {
1767. "name": "ImageList_DragEnter",
1768. "address": "0x483730"
1769. },
1770. {
1771. "name": "ImageList_EndDrag",
1772. "address": "0x483734"
1773. },
1774. {
1775. "name": "ImageList_BeginDrag",
1776. "address": "0x483738"
1777. },
1778. {
1779. "name": "ImageList_Remove",
1780. "address": "0x48373c"
1781. },
1782. {
1783. "name": "ImageList_DrawEx",
1784. "address": "0x483740"
1785. },
1786. {
1787. "name": "ImageList_Draw",
1788. "address": "0x483744"
1789. },
1790. {
1791. "name": "ImageList_GetBkColor",
1792. "address": "0x483748"
1793. },
1794. {
1795. "name": "ImageList_SetBkColor",
1796. "address": "0x48374c"
1797. },
1798. {
1799. "name": "ImageList_ReplaceIcon",
1800. "address": "0x483750"
1801. },
1802. {
1803. "name": "ImageList_Add",
1804. "address": "0x483754"
1805. },
1806. {
1807. "name": "ImageList_GetImageCount",
1808. "address": "0x483758"
1809. },
1810. {
1811. "name": "ImageList_Destroy",
1812. "address": "0x48375c"
1813. },
1814. {
1815. "name": "ImageList_Create",
1816. "address": "0x483760"
1817. }
1818. ],
1819. "dll": "comctl32.dll"
1820. },
1821. {
1822. "imports": [
1823. {
1824. "name": "GetSaveFileNameA",
1825. "address": "0x483768"
1826. },
1827. {
1828. "name": "GetOpenFileNameA",
1829. "address": "0x48376c"
1830. }
1831. ],
1832. "dll": "comdlg32.dll"
1833. }
1834. ],
1835. "digital_signers": null,
1836. "exported_dll_name": null,
1837. "actual_checksum": "0x000c9b64",
1838. "overlay": {
1839. "size": "0x00000200",
1840. "offset": "0x000c4e00"
1841. },
1842. "imagebase": "0x00400000",
1843. "reported_checksum": "0x00000000",
1844. "icon_hash": null,
1845. "entrypoint": "0x0047477c",
1846. "timestamp": "1992-05-07 20:59:57",
1847. "osversion": "4.0",
1848. "sections": [
1849. {
1850. "name": "CODE",
1851. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1852. "virtual_address": "0x00001000",
1853. "size_of_data": "0x00073800",
1854. "entropy": "6.57",
1855. "raw_address": "0x00000400",
1856. "virtual_size": "0x000737c4",
1857. "characteristics_raw": "0x60000020"
1858. },
1859. {
1860. "name": "DATA",
1861. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1862. "virtual_address": "0x00075000",
1863. "size_of_data": "0x0000d000",
1864. "entropy": "3.93",
1865. "raw_address": "0x00073c00",
1866. "virtual_size": "0x0000cef0",
1867. "characteristics_raw": "0xc0000040"
1868. },
1869. {
1870. "name": "BSS",
1871. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1872. "virtual_address": "0x00082000",
1873. "size_of_data": "0x00000000",
1874. "entropy": "0.00",
1875. "raw_address": "0x00080c00",
1876. "virtual_size": "0x00000c45",
1877. "characteristics_raw": "0xc0000000"
1878. },
1879. {
1880. "name": ".idata",
1881. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1882. "virtual_address": "0x00083000",
1883. "size_of_data": "0x00002200",
1884. "entropy": "4.91",
1885. "raw_address": "0x00080c00",
1886. "virtual_size": "0x00002174",
1887. "characteristics_raw": "0xc0000040"
1888. },
1889. {
1890. "name": ".tls",
1891. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1892. "virtual_address": "0x00086000",
1893. "size_of_data": "0x00000000",
1894. "entropy": "0.00",
1895. "raw_address": "0x00082e00",
1896. "virtual_size": "0x00000010",
1897. "characteristics_raw": "0xc0000000"
1898. },
1899. {
1900. "name": ".rdata",
1901. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1902. "virtual_address": "0x00087000",
1903. "size_of_data": "0x00000200",
1904. "entropy": "0.21",
1905. "raw_address": "0x00082e00",
1906. "virtual_size": "0x00000018",
1907. "characteristics_raw": "0x50000040"
1908. },
1909. {
1910. "name": ".reloc",
1911. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1912. "virtual_address": "0x00088000",
1913. "size_of_data": "0x00009000",
1914. "entropy": "6.61",
1915. "raw_address": "0x00083000",
1916. "virtual_size": "0x00008e40",
1917. "characteristics_raw": "0x50000040"
1918. },
1919. {
1920. "name": ".rsrc",
1921. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1922. "virtual_address": "0x00091000",
1923. "size_of_data": "0x00038e00",
1924. "entropy": "7.18",
1925. "raw_address": "0x0008c000",
1926. "virtual_size": "0x00038df4",
1927. "characteristics_raw": "0x50000040"
1928. }
1929. ],
1930. "resources": [],
1931. "dirents": [
1932. {
1933. "virtual_address": "0x00000000",
1934. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1935. "size": "0x00000000"
1936. },
1937. {
1938. "virtual_address": "0x00083000",
1939. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1940. "size": "0x00002174"
1941. },
1942. {
1943. "virtual_address": "0x00091000",
1944. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1945. "size": "0x00038df4"
1946. },
1947. {
1948. "virtual_address": "0x00000000",
1949. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1950. "size": "0x00000000"
1951. },
1952. {
1953. "virtual_address": "0x00000000",
1954. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1955. "size": "0x00000000"
1956. },
1957. {
1958. "virtual_address": "0x00088000",
1959. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1960. "size": "0x00008e40"
1961. },
1962. {
1963. "virtual_address": "0x00000000",
1964. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1965. "size": "0x00000000"
1966. },
1967. {
1968. "virtual_address": "0x00000000",
1969. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1970. "size": "0x00000000"
1971. },
1972. {
1973. "virtual_address": "0x00000000",
1974. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1975. "size": "0x00000000"
1976. },
1977. {
1978. "virtual_address": "0x00087000",
1979. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1980. "size": "0x00000018"
1981. },
1982. {
1983. "virtual_address": "0x00000000",
1984. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1985. "size": "0x00000000"
1986. },
1987. {
1988. "virtual_address": "0x00000000",
1989. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1990. "size": "0x00000000"
1991. },
1992. {
1993. "virtual_address": "0x00000000",
1994. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1995. "size": "0x00000000"
1996. },
1997. {
1998. "virtual_address": "0x00000000",
1999. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2000. "size": "0x00000000"
2001. },
2002. {
2003. "virtual_address": "0x00000000",
2004. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2005. "size": "0x00000000"
2006. },
2007. {
2008. "virtual_address": "0x00000000",
2009. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2010. "size": "0x00000000"
2011. }
2012. ],
2013. "exports": [],
2014. "guest_signers": {},
2015. "imphash": "08d63d076187e00ae831c8357d868390",
2016. "icon_fuzzy": null,
2017. "icon": null,
2018. "pdbpath": null,
2019. "imported_dll_count": 16,
2020. "versioninfo": []
2021. }
2022. }
2023.  
2024. [*] Resolved APIs: [
2025. "kernel32.dll.GetDiskFreeSpaceExA",
2026. "oleaut32.dll.VariantChangeTypeEx",
2027. "oleaut32.dll.VarNeg",
2028. "oleaut32.dll.VarNot",
2029. "oleaut32.dll.VarAdd",
2030. "oleaut32.dll.VarSub",
2031. "oleaut32.dll.VarMul",
2032. "oleaut32.dll.VarDiv",
2033. "oleaut32.dll.VarIdiv",
2034. "oleaut32.dll.VarMod",
2035. "oleaut32.dll.VarAnd",
2036. "oleaut32.dll.VarOr",
2037. "oleaut32.dll.VarXor",
2038. "oleaut32.dll.VarCmp",
2039. "oleaut32.dll.VarI4FromStr",
2040. "oleaut32.dll.VarR4FromStr",
2041. "oleaut32.dll.VarR8FromStr",
2042. "oleaut32.dll.VarDateFromStr",
2043. "oleaut32.dll.VarCyFromStr",
2044. "oleaut32.dll.VarBoolFromStr",
2045. "oleaut32.dll.VarBstrFromCy",
2046. "oleaut32.dll.VarBstrFromDate",
2047. "oleaut32.dll.VarBstrFromBool",
2048. "user32.dll.GetMonitorInfoA",
2049. "user32.dll.GetSystemMetrics",
2050. "user32.dll.EnumDisplayMonitors",
2051. "dwmapi.dll.DwmIsCompositionEnabled",
2052. "gdi32.dll.GetLayout",
2053. "gdi32.dll.GdiRealizationInfo",
2054. "gdi32.dll.FontIsLinked",
2055. "advapi32.dll.RegOpenKeyExW",
2056. "advapi32.dll.RegQueryInfoKeyW",
2057. "gdi32.dll.GetTextFaceAliasW",
2058. "advapi32.dll.RegEnumValueW",
2059. "advapi32.dll.RegCloseKey",
2060. "advapi32.dll.RegQueryValueExW",
2061. "gdi32.dll.GetFontAssocStatus",
2062. "advapi32.dll.RegQueryValueExA",
2063. "advapi32.dll.RegEnumKeyExW",
2064. "gdi32.dll.GdiIsMetaPrintDC",
2065. "user32.dll.AnimateWindow",
2066. "comctl32.dll.InitializeFlatSB",
2067. "comctl32.dll.UninitializeFlatSB",
2068. "comctl32.dll.FlatSB_GetScrollProp",
2069. "comctl32.dll.FlatSB_SetScrollProp",
2070. "comctl32.dll.FlatSB_EnableScrollBar",
2071. "comctl32.dll.FlatSB_ShowScrollBar",
2072. "comctl32.dll.FlatSB_GetScrollRange",
2073. "comctl32.dll.FlatSB_GetScrollInfo",
2074. "comctl32.dll.FlatSB_GetScrollPos",
2075. "comctl32.dll.FlatSB_SetScrollPos",
2076. "comctl32.dll.FlatSB_SetScrollInfo",
2077. "comctl32.dll.FlatSB_SetScrollRange",
2078. "user32.dll.SetLayeredWindowAttributes",
2079. "ole32.dll.CoCreateInstanceEx",
2080. "ole32.dll.CoInitializeEx",
2081. "ole32.dll.CoAddRefServerProcess",
2082. "ole32.dll.CoReleaseServerProcess",
2083. "ole32.dll.CoResumeClassObjects",
2084. "ole32.dll.CoSuspendClassObjects"
2085. ]
2086.  
2087. [*] Static Analysis: {
2088. "pe": {
2089. "peid_signatures": null,
2090. "imports": [
2091. {
2092. "imports": [
2093. {
2094. "name": "DeleteCriticalSection",
2095. "address": "0x483154"
2096. },
2097. {
2098. "name": "LeaveCriticalSection",
2099. "address": "0x483158"
2100. },
2101. {
2102. "name": "EnterCriticalSection",
2103. "address": "0x48315c"
2104. },
2105. {
2106. "name": "InitializeCriticalSection",
2107. "address": "0x483160"
2108. },
2109. {
2110. "name": "VirtualFree",
2111. "address": "0x483164"
2112. },
2113. {
2114. "name": "VirtualAlloc",
2115. "address": "0x483168"
2116. },
2117. {
2118. "name": "LocalFree",
2119. "address": "0x48316c"
2120. },
2121. {
2122. "name": "LocalAlloc",
2123. "address": "0x483170"
2124. },
2125. {
2126. "name": "GetVersion",
2127. "address": "0x483174"
2128. },
2129. {
2130. "name": "GetCurrentThreadId",
2131. "address": "0x483178"
2132. },
2133. {
2134. "name": "InterlockedDecrement",
2135. "address": "0x48317c"
2136. },
2137. {
2138. "name": "InterlockedIncrement",
2139. "address": "0x483180"
2140. },
2141. {
2142. "name": "VirtualQuery",
2143. "address": "0x483184"
2144. },
2145. {
2146. "name": "WideCharToMultiByte",
2147. "address": "0x483188"
2148. },
2149. {
2150. "name": "MultiByteToWideChar",
2151. "address": "0x48318c"
2152. },
2153. {
2154. "name": "lstrlenA",
2155. "address": "0x483190"
2156. },
2157. {
2158. "name": "lstrcpynA",
2159. "address": "0x483194"
2160. },
2161. {
2162. "name": "LoadLibraryExA",
2163. "address": "0x483198"
2164. },
2165. {
2166. "name": "GetThreadLocale",
2167. "address": "0x48319c"
2168. },
2169. {
2170. "name": "GetStartupInfoA",
2171. "address": "0x4831a0"
2172. },
2173. {
2174. "name": "GetProcAddress",
2175. "address": "0x4831a4"
2176. },
2177. {
2178. "name": "GetModuleHandleA",
2179. "address": "0x4831a8"
2180. },
2181. {
2182. "name": "GetModuleFileNameA",
2183. "address": "0x4831ac"
2184. },
2185. {
2186. "name": "GetLocaleInfoA",
2187. "address": "0x4831b0"
2188. },
2189. {
2190. "name": "GetCommandLineA",
2191. "address": "0x4831b4"
2192. },
2193. {
2194. "name": "FreeLibrary",
2195. "address": "0x4831b8"
2196. },
2197. {
2198. "name": "FindFirstFileA",
2199. "address": "0x4831bc"
2200. },
2201. {
2202. "name": "FindClose",
2203. "address": "0x4831c0"
2204. },
2205. {
2206. "name": "ExitProcess",
2207. "address": "0x4831c4"
2208. },
2209. {
2210. "name": "WriteFile",
2211. "address": "0x4831c8"
2212. },
2213. {
2214. "name": "UnhandledExceptionFilter",
2215. "address": "0x4831cc"
2216. },
2217. {
2218. "name": "RtlUnwind",
2219. "address": "0x4831d0"
2220. },
2221. {
2222. "name": "RaiseException",
2223. "address": "0x4831d4"
2224. },
2225. {
2226. "name": "GetStdHandle",
2227. "address": "0x4831d8"
2228. }
2229. ],
2230. "dll": "kernel32.dll"
2231. },
2232. {
2233. "imports": [
2234. {
2235. "name": "GetKeyboardType",
2236. "address": "0x4831e0"
2237. },
2238. {
2239. "name": "LoadStringA",
2240. "address": "0x4831e4"
2241. },
2242. {
2243. "name": "MessageBoxA",
2244. "address": "0x4831e8"
2245. },
2246. {
2247. "name": "CharNextA",
2248. "address": "0x4831ec"
2249. }
2250. ],
2251. "dll": "user32.dll"
2252. },
2253. {
2254. "imports": [
2255. {
2256. "name": "RegQueryValueExA",
2257. "address": "0x4831f4"
2258. },
2259. {
2260. "name": "RegOpenKeyExA",
2261. "address": "0x4831f8"
2262. },
2263. {
2264. "name": "RegCloseKey",
2265. "address": "0x4831fc"
2266. }
2267. ],
2268. "dll": "advapi32.dll"
2269. },
2270. {
2271. "imports": [
2272. {
2273. "name": "SysFreeString",
2274. "address": "0x483204"
2275. },
2276. {
2277. "name": "SysReAllocStringLen",
2278. "address": "0x483208"
2279. },
2280. {
2281. "name": "SysAllocStringLen",
2282. "address": "0x48320c"
2283. }
2284. ],
2285. "dll": "oleaut32.dll"
2286. },
2287. {
2288. "imports": [
2289. {
2290. "name": "TlsSetValue",
2291. "address": "0x483214"
2292. },
2293. {
2294. "name": "TlsGetValue",
2295. "address": "0x483218"
2296. },
2297. {
2298. "name": "LocalAlloc",
2299. "address": "0x48321c"
2300. },
2301. {
2302. "name": "GetModuleHandleA",
2303. "address": "0x483220"
2304. }
2305. ],
2306. "dll": "kernel32.dll"
2307. },
2308. {
2309. "imports": [
2310. {
2311. "name": "RegQueryValueExA",
2312. "address": "0x483228"
2313. },
2314. {
2315. "name": "RegOpenKeyExA",
2316. "address": "0x48322c"
2317. },
2318. {
2319. "name": "RegCloseKey",
2320. "address": "0x483230"
2321. }
2322. ],
2323. "dll": "advapi32.dll"
2324. },
2325. {
2326. "imports": [
2327. {
2328. "name": "lstrcpyA",
2329. "address": "0x483238"
2330. },
2331. {
2332. "name": "WriteFile",
2333. "address": "0x48323c"
2334. },
2335. {
2336. "name": "WaitForSingleObject",
2337. "address": "0x483240"
2338. },
2339. {
2340. "name": "VirtualQuery",
2341. "address": "0x483244"
2342. },
2343. {
2344. "name": "VirtualProtectEx",
2345. "address": "0x483248"
2346. },
2347. {
2348. "name": "VirtualFree",
2349. "address": "0x48324c"
2350. },
2351. {
2352. "name": "VirtualAlloc",
2353. "address": "0x483250"
2354. },
2355. {
2356. "name": "Sleep",
2357. "address": "0x483254"
2358. },
2359. {
2360. "name": "SizeofResource",
2361. "address": "0x483258"
2362. },
2363. {
2364. "name": "SetThreadLocale",
2365. "address": "0x48325c"
2366. },
2367. {
2368. "name": "SetFilePointer",
2369. "address": "0x483260"
2370. },
2371. {
2372. "name": "SetEvent",
2373. "address": "0x483264"
2374. },
2375. {
2376. "name": "SetErrorMode",
2377. "address": "0x483268"
2378. },
2379. {
2380. "name": "SetEndOfFile",
2381. "address": "0x48326c"
2382. },
2383. {
2384. "name": "ResetEvent",
2385. "address": "0x483270"
2386. },
2387. {
2388. "name": "ReadFile",
2389. "address": "0x483274"
2390. },
2391. {
2392. "name": "MultiByteToWideChar",
2393. "address": "0x483278"
2394. },
2395. {
2396. "name": "MulDiv",
2397. "address": "0x48327c"
2398. },
2399. {
2400. "name": "LockResource",
2401. "address": "0x483280"
2402. },
2403. {
2404. "name": "LoadResource",
2405. "address": "0x483284"
2406. },
2407. {
2408. "name": "LoadLibraryA",
2409. "address": "0x483288"
2410. },
2411. {
2412. "name": "LeaveCriticalSection",
2413. "address": "0x48328c"
2414. },
2415. {
2416. "name": "InitializeCriticalSection",
2417. "address": "0x483290"
2418. },
2419. {
2420. "name": "GlobalUnlock",
2421. "address": "0x483294"
2422. },
2423. {
2424. "name": "GlobalReAlloc",
2425. "address": "0x483298"
2426. },
2427. {
2428. "name": "GlobalHandle",
2429. "address": "0x48329c"
2430. },
2431. {
2432. "name": "GlobalLock",
2433. "address": "0x4832a0"
2434. },
2435. {
2436. "name": "GlobalFree",
2437. "address": "0x4832a4"
2438. },
2439. {
2440. "name": "GlobalFindAtomA",
2441. "address": "0x4832a8"
2442. },
2443. {
2444. "name": "GlobalDeleteAtom",
2445. "address": "0x4832ac"
2446. },
2447. {
2448. "name": "GlobalAlloc",
2449. "address": "0x4832b0"
2450. },
2451. {
2452. "name": "GlobalAddAtomA",
2453. "address": "0x4832b4"
2454. },
2455. {
2456. "name": "GetVersionExA",
2457. "address": "0x4832b8"
2458. },
2459. {
2460. "name": "GetVersion",
2461. "address": "0x4832bc"
2462. },
2463. {
2464. "name": "GetTickCount",
2465. "address": "0x4832c0"
2466. },
2467. {
2468. "name": "GetThreadLocale",
2469. "address": "0x4832c4"
2470. },
2471. {
2472. "name": "GetSystemInfo",
2473. "address": "0x4832c8"
2474. },
2475. {
2476. "name": "GetStringTypeExA",
2477. "address": "0x4832cc"
2478. },
2479. {
2480. "name": "GetStdHandle",
2481. "address": "0x4832d0"
2482. },
2483. {
2484. "name": "GetProcAddress",
2485. "address": "0x4832d4"
2486. },
2487. {
2488. "name": "GetModuleHandleA",
2489. "address": "0x4832d8"
2490. },
2491. {
2492. "name": "GetModuleFileNameA",
2493. "address": "0x4832dc"
2494. },
2495. {
2496. "name": "GetLocaleInfoA",
2497. "address": "0x4832e0"
2498. },
2499. {
2500. "name": "GetLocalTime",
2501. "address": "0x4832e4"
2502. },
2503. {
2504. "name": "GetLastError",
2505. "address": "0x4832e8"
2506. },
2507. {
2508. "name": "GetFullPathNameA",
2509. "address": "0x4832ec"
2510. },
2511. {
2512. "name": "GetDiskFreeSpaceA",
2513. "address": "0x4832f0"
2514. },
2515. {
2516. "name": "GetDateFormatA",
2517. "address": "0x4832f4"
2518. },
2519. {
2520. "name": "GetCurrentThreadId",
2521. "address": "0x4832f8"
2522. },
2523. {
2524. "name": "GetCurrentProcessId",
2525. "address": "0x4832fc"
2526. },
2527. {
2528. "name": "GetCPInfo",
2529. "address": "0x483300"
2530. },
2531. {
2532. "name": "GetACP",
2533. "address": "0x483304"
2534. },
2535. {
2536. "name": "FreeResource",
2537. "address": "0x483308"
2538. },
2539. {
2540. "name": "InterlockedExchange",
2541. "address": "0x48330c"
2542. },
2543. {
2544. "name": "FreeLibrary",
2545. "address": "0x483310"
2546. },
2547. {
2548. "name": "FormatMessageA",
2549. "address": "0x483314"
2550. },
2551. {
2552. "name": "FindResourceA",
2553. "address": "0x483318"
2554. },
2555. {
2556. "name": "EnumCalendarInfoA",
2557. "address": "0x48331c"
2558. },
2559. {
2560. "name": "EnterCriticalSection",
2561. "address": "0x483320"
2562. },
2563. {
2564. "name": "DeleteCriticalSection",
2565. "address": "0x483324"
2566. },
2567. {
2568. "name": "CreateThread",
2569. "address": "0x483328"
2570. },
2571. {
2572. "name": "CreateFileA",
2573. "address": "0x48332c"
2574. },
2575. {
2576. "name": "CreateEventA",
2577. "address": "0x483330"
2578. },
2579. {
2580. "name": "CompareStringA",
2581. "address": "0x483334"
2582. },
2583. {
2584. "name": "CloseHandle",
2585. "address": "0x483338"
2586. }
2587. ],
2588. "dll": "kernel32.dll"
2589. },
2590. {
2591. "imports": [
2592. {
2593. "name": "VerQueryValueA",
2594. "address": "0x483340"
2595. },
2596. {
2597. "name": "GetFileVersionInfoSizeA",
2598. "address": "0x483344"
2599. },
2600. {
2601. "name": "GetFileVersionInfoA",
2602. "address": "0x483348"
2603. }
2604. ],
2605. "dll": "version.dll"
2606. },
2607. {
2608. "imports": [
2609. {
2610. "name": "UnrealizeObject",
2611. "address": "0x483350"
2612. },
2613. {
2614. "name": "StretchBlt",
2615. "address": "0x483354"
2616. },
2617. {
2618. "name": "SetWindowOrgEx",
2619. "address": "0x483358"
2620. },
2621. {
2622. "name": "SetViewportOrgEx",
2623. "address": "0x48335c"
2624. },
2625. {
2626. "name": "SetTextColor",
2627. "address": "0x483360"
2628. },
2629. {
2630. "name": "SetStretchBltMode",
2631. "address": "0x483364"
2632. },
2633. {
2634. "name": "SetROP2",
2635. "address": "0x483368"
2636. },
2637. {
2638. "name": "SetPixel",
2639. "address": "0x48336c"
2640. },
2641. {
2642. "name": "SetDIBColorTable",
2643. "address": "0x483370"
2644. },
2645. {
2646. "name": "SetBrushOrgEx",
2647. "address": "0x483374"
2648. },
2649. {
2650. "name": "SetBkMode",
2651. "address": "0x483378"
2652. },
2653. {
2654. "name": "SetBkColor",
2655. "address": "0x48337c"
2656. },
2657. {
2658. "name": "SelectPalette",
2659. "address": "0x483380"
2660. },
2661. {
2662. "name": "SelectObject",
2663. "address": "0x483384"
2664. },
2665. {
2666. "name": "SaveDC",
2667. "address": "0x483388"
2668. },
2669. {
2670. "name": "RestoreDC",
2671. "address": "0x48338c"
2672. },
2673. {
2674. "name": "RectVisible",
2675. "address": "0x483390"
2676. },
2677. {
2678. "name": "RealizePalette",
2679. "address": "0x483394"
2680. },
2681. {
2682. "name": "PatBlt",
2683. "address": "0x483398"
2684. },
2685. {
2686. "name": "MoveToEx",
2687. "address": "0x48339c"
2688. },
2689. {
2690. "name": "MaskBlt",
2691. "address": "0x4833a0"
2692. },
2693. {
2694. "name": "LineTo",
2695. "address": "0x4833a4"
2696. },
2697. {
2698. "name": "IntersectClipRect",
2699. "address": "0x4833a8"
2700. },
2701. {
2702. "name": "GetWindowOrgEx",
2703. "address": "0x4833ac"
2704. },
2705. {
2706. "name": "GetTextMetricsA",
2707. "address": "0x4833b0"
2708. },
2709. {
2710. "name": "GetTextExtentPoint32A",
2711. "address": "0x4833b4"
2712. },
2713. {
2714. "name": "GetSystemPaletteEntries",
2715. "address": "0x4833b8"
2716. },
2717. {
2718. "name": "GetStockObject",
2719. "address": "0x4833bc"
2720. },
2721. {
2722. "name": "GetPixel",
2723. "address": "0x4833c0"
2724. },
2725. {
2726. "name": "GetPaletteEntries",
2727. "address": "0x4833c4"
2728. },
2729. {
2730. "name": "GetObjectA",
2731. "address": "0x4833c8"
2732. },
2733. {
2734. "name": "GetDeviceCaps",
2735. "address": "0x4833cc"
2736. },
2737. {
2738. "name": "GetDIBits",
2739. "address": "0x4833d0"
2740. },
2741. {
2742. "name": "GetDIBColorTable",
2743. "address": "0x4833d4"
2744. },
2745. {
2746. "name": "GetDCOrgEx",
2747. "address": "0x4833d8"
2748. },
2749. {
2750. "name": "GetCurrentPositionEx",
2751. "address": "0x4833dc"
2752. },
2753. {
2754. "name": "GetClipBox",
2755. "address": "0x4833e0"
2756. },
2757. {
2758. "name": "GetBrushOrgEx",
2759. "address": "0x4833e4"
2760. },
2761. {
2762. "name": "GetBitmapBits",
2763. "address": "0x4833e8"
2764. },
2765. {
2766. "name": "ExtTextOutA",
2767. "address": "0x4833ec"
2768. },
2769. {
2770. "name": "ExcludeClipRect",
2771. "address": "0x4833f0"
2772. },
2773. {
2774. "name": "DeleteObject",
2775. "address": "0x4833f4"
2776. },
2777. {
2778. "name": "DeleteDC",
2779. "address": "0x4833f8"
2780. },
2781. {
2782. "name": "CreateSolidBrush",
2783. "address": "0x4833fc"
2784. },
2785. {
2786. "name": "CreatePenIndirect",
2787. "address": "0x483400"
2788. },
2789. {
2790. "name": "CreatePalette",
2791. "address": "0x483404"
2792. },
2793. {
2794. "name": "CreateHalftonePalette",
2795. "address": "0x483408"
2796. },
2797. {
2798. "name": "CreateFontIndirectA",
2799. "address": "0x48340c"
2800. },
2801. {
2802. "name": "CreateDIBitmap",
2803. "address": "0x483410"
2804. },
2805. {
2806. "name": "CreateDIBSection",
2807. "address": "0x483414"
2808. },
2809. {
2810. "name": "CreateCompatibleDC",
2811. "address": "0x483418"
2812. },
2813. {
2814. "name": "CreateCompatibleBitmap",
2815. "address": "0x48341c"
2816. },
2817. {
2818. "name": "CreateBrushIndirect",
2819. "address": "0x483420"
2820. },
2821. {
2822. "name": "CreateBitmap",
2823. "address": "0x483424"
2824. },
2825. {
2826. "name": "BitBlt",
2827. "address": "0x483428"
2828. }
2829. ],
2830. "dll": "gdi32.dll"
2831. },
2832. {
2833. "imports": [
2834. {
2835. "name": "CreateWindowExA",
2836. "address": "0x483430"
2837. },
2838. {
2839. "name": "WindowFromPoint",
2840. "address": "0x483434"
2841. },
2842. {
2843. "name": "WinHelpA",
2844. "address": "0x483438"
2845. },
2846. {
2847. "name": "WaitMessage",
2848. "address": "0x48343c"
2849. },
2850. {
2851. "name": "UpdateWindow",
2852. "address": "0x483440"
2853. },
2854. {
2855. "name": "UnregisterClassA",
2856. "address": "0x483444"
2857. },
2858. {
2859. "name": "UnhookWindowsHookEx",
2860. "address": "0x483448"
2861. },
2862. {
2863. "name": "TranslateMessage",
2864. "address": "0x48344c"
2865. },
2866. {
2867. "name": "TranslateMDISysAccel",
2868. "address": "0x483450"
2869. },
2870. {
2871. "name": "TrackPopupMenu",
2872. "address": "0x483454"
2873. },
2874. {
2875. "name": "SystemParametersInfoA",
2876. "address": "0x483458"
2877. },
2878. {
2879. "name": "ShowWindow",
2880. "address": "0x48345c"
2881. },
2882. {
2883. "name": "ShowScrollBar",
2884. "address": "0x483460"
2885. },
2886. {
2887. "name": "ShowOwnedPopups",
2888. "address": "0x483464"
2889. },
2890. {
2891. "name": "ShowCursor",
2892. "address": "0x483468"
2893. },
2894. {
2895. "name": "SetWindowsHookExA",
2896. "address": "0x48346c"
2897. },
2898. {
2899. "name": "SetWindowTextA",
2900. "address": "0x483470"
2901. },
2902. {
2903. "name": "SetWindowPos",
2904. "address": "0x483474"
2905. },
2906. {
2907. "name": "SetWindowPlacement",
2908. "address": "0x483478"
2909. },
2910. {
2911. "name": "SetWindowLongA",
2912. "address": "0x48347c"
2913. },
2914. {
2915. "name": "SetTimer",
2916. "address": "0x483480"
2917. },
2918. {
2919. "name": "SetScrollRange",
2920. "address": "0x483484"
2921. },
2922. {
2923. "name": "SetScrollPos",
2924. "address": "0x483488"
2925. },
2926. {
2927. "name": "SetScrollInfo",
2928. "address": "0x48348c"
2929. },
2930. {
2931. "name": "SetRect",
2932. "address": "0x483490"
2933. },
2934. {
2935. "name": "SetPropA",
2936. "address": "0x483494"
2937. },
2938. {
2939. "name": "SetParent",
2940. "address": "0x483498"
2941. },
2942. {
2943. "name": "SetMenuItemInfoA",
2944. "address": "0x48349c"
2945. },
2946. {
2947. "name": "SetMenu",
2948. "address": "0x4834a0"
2949. },
2950. {
2951. "name": "SetForegroundWindow",
2952. "address": "0x4834a4"
2953. },
2954. {
2955. "name": "SetFocus",
2956. "address": "0x4834a8"
2957. },
2958. {
2959. "name": "SetCursor",
2960. "address": "0x4834ac"
2961. },
2962. {
2963. "name": "SetClassLongA",
2964. "address": "0x4834b0"
2965. },
2966. {
2967. "name": "SetCapture",
2968. "address": "0x4834b4"
2969. },
2970. {
2971. "name": "SetActiveWindow",
2972. "address": "0x4834b8"
2973. },
2974. {
2975. "name": "SendMessageA",
2976. "address": "0x4834bc"
2977. },
2978. {
2979. "name": "ScrollWindow",
2980. "address": "0x4834c0"
2981. },
2982. {
2983. "name": "ScreenToClient",
2984. "address": "0x4834c4"
2985. },
2986. {
2987. "name": "RemovePropA",
2988. "address": "0x4834c8"
2989. },
2990. {
2991. "name": "RemoveMenu",
2992. "address": "0x4834cc"
2993. },
2994. {
2995. "name": "ReleaseDC",
2996. "address": "0x4834d0"
2997. },
2998. {
2999. "name": "ReleaseCapture",
3000. "address": "0x4834d4"
3001. },
3002. {
3003. "name": "RegisterWindowMessageA",
3004. "address": "0x4834d8"
3005. },
3006. {
3007. "name": "RegisterClipboardFormatA",
3008. "address": "0x4834dc"
3009. },
3010. {
3011. "name": "RegisterClassA",
3012. "address": "0x4834e0"
3013. },
3014. {
3015. "name": "RedrawWindow",
3016. "address": "0x4834e4"
3017. },
3018. {
3019. "name": "PtInRect",
3020. "address": "0x4834e8"
3021. },
3022. {
3023. "name": "PostQuitMessage",
3024. "address": "0x4834ec"
3025. },
3026. {
3027. "name": "PostMessageA",
3028. "address": "0x4834f0"
3029. },
3030. {
3031. "name": "PeekMessageA",
3032. "address": "0x4834f4"
3033. },
3034. {
3035. "name": "OffsetRect",
3036. "address": "0x4834f8"
3037. },
3038. {
3039. "name": "OemToCharA",
3040. "address": "0x4834fc"
3041. },
3042. {
3043. "name": "MessageBoxA",
3044. "address": "0x483500"
3045. },
3046. {
3047. "name": "MapWindowPoints",
3048. "address": "0x483504"
3049. },
3050. {
3051. "name": "MapVirtualKeyA",
3052. "address": "0x483508"
3053. },
3054. {
3055. "name": "LoadStringA",
3056. "address": "0x48350c"
3057. },
3058. {
3059. "name": "LoadKeyboardLayoutA",
3060. "address": "0x483510"
3061. },
3062. {
3063. "name": "LoadIconA",
3064. "address": "0x483514"
3065. },
3066. {
3067. "name": "LoadCursorA",
3068. "address": "0x483518"
3069. },
3070. {
3071. "name": "LoadBitmapA",
3072. "address": "0x48351c"
3073. },
3074. {
3075. "name": "KillTimer",
3076. "address": "0x483520"
3077. },
3078. {
3079. "name": "IsZoomed",
3080. "address": "0x483524"
3081. },
3082. {
3083. "name": "IsWindowVisible",
3084. "address": "0x483528"
3085. },
3086. {
3087. "name": "IsWindowEnabled",
3088. "address": "0x48352c"
3089. },
3090. {
3091. "name": "IsWindow",
3092. "address": "0x483530"
3093. },
3094. {
3095. "name": "IsRectEmpty",
3096. "address": "0x483534"
3097. },
3098. {
3099. "name": "IsIconic",
3100. "address": "0x483538"
3101. },
3102. {
3103. "name": "IsDialogMessageA",
3104. "address": "0x48353c"
3105. },
3106. {
3107. "name": "IsChild",
3108. "address": "0x483540"
3109. },
3110. {
3111. "name": "InvalidateRect",
3112. "address": "0x483544"
3113. },
3114. {
3115. "name": "IntersectRect",
3116. "address": "0x483548"
3117. },
3118. {
3119. "name": "InsertMenuItemA",
3120. "address": "0x48354c"
3121. },
3122. {
3123. "name": "InsertMenuA",
3124. "address": "0x483550"
3125. },
3126. {
3127. "name": "InflateRect",
3128. "address": "0x483554"
3129. },
3130. {
3131. "name": "GetWindowThreadProcessId",
3132. "address": "0x483558"
3133. },
3134. {
3135. "name": "GetWindowTextA",
3136. "address": "0x48355c"
3137. },
3138. {
3139. "name": "GetWindowRect",
3140. "address": "0x483560"
3141. },
3142. {
3143. "name": "GetWindowPlacement",
3144. "address": "0x483564"
3145. },
3146. {
3147. "name": "GetWindowLongA",
3148. "address": "0x483568"
3149. },
3150. {
3151. "name": "GetWindowDC",
3152. "address": "0x48356c"
3153. },
3154. {
3155. "name": "GetTopWindow",
3156. "address": "0x483570"
3157. },
3158. {
3159. "name": "GetSystemMetrics",
3160. "address": "0x483574"
3161. },
3162. {
3163. "name": "GetSystemMenu",
3164. "address": "0x483578"
3165. },
3166. {
3167. "name": "GetSysColorBrush",
3168. "address": "0x48357c"
3169. },
3170. {
3171. "name": "GetSysColor",
3172. "address": "0x483580"
3173. },
3174. {
3175. "name": "GetSubMenu",
3176. "address": "0x483584"
3177. },
3178. {
3179. "name": "GetScrollRange",
3180. "address": "0x483588"
3181. },
3182. {
3183. "name": "GetScrollPos",
3184. "address": "0x48358c"
3185. },
3186. {
3187. "name": "GetScrollInfo",
3188. "address": "0x483590"
3189. },
3190. {
3191. "name": "GetPropA",
3192. "address": "0x483594"
3193. },
3194. {
3195. "name": "GetParent",
3196. "address": "0x483598"
3197. },
3198. {
3199. "name": "GetWindow",
3200. "address": "0x48359c"
3201. },
3202. {
3203. "name": "GetMenuStringA",
3204. "address": "0x4835a0"
3205. },
3206. {
3207. "name": "GetMenuState",
3208. "address": "0x4835a4"
3209. },
3210. {
3211. "name": "GetMenuItemInfoA",
3212. "address": "0x4835a8"
3213. },
3214. {
3215. "name": "GetMenuItemID",
3216. "address": "0x4835ac"
3217. },
3218. {
3219. "name": "GetMenuItemCount",
3220. "address": "0x4835b0"
3221. },
3222. {
3223. "name": "GetMenu",
3224. "address": "0x4835b4"
3225. },
3226. {
3227. "name": "GetLastInputInfo",
3228. "address": "0x4835b8"
3229. },
3230. {
3231. "name": "GetLastActivePopup",
3232. "address": "0x4835bc"
3233. },
3234. {
3235. "name": "GetKeyboardState",
3236. "address": "0x4835c0"
3237. },
3238. {
3239. "name": "GetKeyboardLayoutList",
3240. "address": "0x4835c4"
3241. },
3242. {
3243. "name": "GetKeyboardLayout",
3244. "address": "0x4835c8"
3245. },
3246. {
3247. "name": "GetKeyState",
3248. "address": "0x4835cc"
3249. },
3250. {
3251. "name": "GetKeyNameTextA",
3252. "address": "0x4835d0"
3253. },
3254. {
3255. "name": "GetIconInfo",
3256. "address": "0x4835d4"
3257. },
3258. {
3259. "name": "GetForegroundWindow",
3260. "address": "0x4835d8"
3261. },
3262. {
3263. "name": "GetFocus",
3264. "address": "0x4835dc"
3265. },
3266. {
3267. "name": "GetDlgItem",
3268. "address": "0x4835e0"
3269. },
3270. {
3271. "name": "GetDesktopWindow",
3272. "address": "0x4835e4"
3273. },
3274. {
3275. "name": "GetDCEx",
3276. "address": "0x4835e8"
3277. },
3278. {
3279. "name": "GetDC",
3280. "address": "0x4835ec"
3281. },
3282. {
3283. "name": "GetCursorPos",
3284. "address": "0x4835f0"
3285. },
3286. {
3287. "name": "GetCursor",
3288. "address": "0x4835f4"
3289. },
3290. {
3291. "name": "GetClipboardViewer",
3292. "address": "0x4835f8"
3293. },
3294. {
3295. "name": "GetClientRect",
3296. "address": "0x4835fc"
3297. },
3298. {
3299. "name": "GetClassNameA",
3300. "address": "0x483600"
3301. },
3302. {
3303. "name": "GetClassInfoA",
3304. "address": "0x483604"
3305. },
3306. {
3307. "name": "GetCapture",
3308. "address": "0x483608"
3309. },
3310. {
3311. "name": "GetActiveWindow",
3312. "address": "0x48360c"
3313. },
3314. {
3315. "name": "FrameRect",
3316. "address": "0x483610"
3317. },
3318. {
3319. "name": "FindWindowA",
3320. "address": "0x483614"
3321. },
3322. {
3323. "name": "FillRect",
3324. "address": "0x483618"
3325. },
3326. {
3327. "name": "EqualRect",
3328. "address": "0x48361c"
3329. },
3330. {
3331. "name": "EnumWindows",
3332. "address": "0x483620"
3333. },
3334. {
3335. "name": "EnumThreadWindows",
3336. "address": "0x483624"
3337. },
3338. {
3339. "name": "EndPaint",
3340. "address": "0x483628"
3341. },
3342. {
3343. "name": "EnableWindow",
3344. "address": "0x48362c"
3345. },
3346. {
3347. "name": "EnableScrollBar",
3348. "address": "0x483630"
3349. },
3350. {
3351. "name": "EnableMenuItem",
3352. "address": "0x483634"
3353. },
3354. {
3355. "name": "DrawTextA",
3356. "address": "0x483638"
3357. },
3358. {
3359. "name": "DrawMenuBar",
3360. "address": "0x48363c"
3361. },
3362. {
3363. "name": "DrawIconEx",
3364. "address": "0x483640"
3365. },
3366. {
3367. "name": "DrawIcon",
3368. "address": "0x483644"
3369. },
3370. {
3371. "name": "DrawFrameControl",
3372. "address": "0x483648"
3373. },
3374. {
3375. "name": "DrawFocusRect",
3376. "address": "0x48364c"
3377. },
3378. {
3379. "name": "DrawEdge",
3380. "address": "0x483650"
3381. },
3382. {
3383. "name": "DispatchMessageA",
3384. "address": "0x483654"
3385. },
3386. {
3387. "name": "DestroyWindow",
3388. "address": "0x483658"
3389. },
3390. {
3391. "name": "DestroyMenu",
3392. "address": "0x48365c"
3393. },
3394. {
3395. "name": "DestroyIcon",
3396. "address": "0x483660"
3397. },
3398. {
3399. "name": "DestroyCursor",
3400. "address": "0x483664"
3401. },
3402. {
3403. "name": "DeleteMenu",
3404. "address": "0x483668"
3405. },
3406. {
3407. "name": "DefWindowProcA",
3408. "address": "0x48366c"
3409. },
3410. {
3411. "name": "DefMDIChildProcA",
3412. "address": "0x483670"
3413. },
3414. {
3415. "name": "DefFrameProcA",
3416. "address": "0x483674"
3417. },
3418. {
3419. "name": "CreatePopupMenu",
3420. "address": "0x483678"
3421. },
3422. {
3423. "name": "CreateMenu",
3424. "address": "0x48367c"
3425. },
3426. {
3427. "name": "CreateIcon",
3428. "address": "0x483680"
3429. },
3430. {
3431. "name": "ClientToScreen",
3432. "address": "0x483684"
3433. },
3434. {
3435. "name": "CheckMenuItem",
3436. "address": "0x483688"
3437. },
3438. {
3439. "name": "CallWindowProcA",
3440. "address": "0x48368c"
3441. },
3442. {
3443. "name": "CallNextHookEx",
3444. "address": "0x483690"
3445. },
3446. {
3447. "name": "BeginPaint",
3448. "address": "0x483694"
3449. },
3450. {
3451. "name": "CharNextA",
3452. "address": "0x483698"
3453. },
3454. {
3455. "name": "CharLowerA",
3456. "address": "0x48369c"
3457. },
3458. {
3459. "name": "CharUpperBuffA",
3460. "address": "0x4836a0"
3461. },
3462. {
3463. "name": "CharToOemA",
3464. "address": "0x4836a4"
3465. },
3466. {
3467. "name": "AdjustWindowRectEx",
3468. "address": "0x4836a8"
3469. },
3470. {
3471. "name": "ActivateKeyboardLayout",
3472. "address": "0x4836ac"
3473. }
3474. ],
3475. "dll": "user32.dll"
3476. },
3477. {
3478. "imports": [
3479. {
3480. "name": "Sleep",
3481. "address": "0x4836b4"
3482. }
3483. ],
3484. "dll": "kernel32.dll"
3485. },
3486. {
3487. "imports": [
3488. {
3489. "name": "SafeArrayPtrOfIndex",
3490. "address": "0x4836bc"
3491. },
3492. {
3493. "name": "SafeArrayPutElement",
3494. "address": "0x4836c0"
3495. },
3496. {
3497. "name": "SafeArrayGetElement",
3498. "address": "0x4836c4"
3499. },
3500. {
3501. "name": "SafeArrayUnaccessData",
3502. "address": "0x4836c8"
3503. },
3504. {
3505. "name": "SafeArrayAccessData",
3506. "address": "0x4836cc"
3507. },
3508. {
3509. "name": "SafeArrayGetUBound",
3510. "address": "0x4836d0"
3511. },
3512. {
3513. "name": "SafeArrayGetLBound",
3514. "address": "0x4836d4"
3515. },
3516. {
3517. "name": "SafeArrayCreate",
3518. "address": "0x4836d8"
3519. },
3520. {
3521. "name": "VariantChangeType",
3522. "address": "0x4836dc"
3523. },
3524. {
3525. "name": "VariantCopyInd",
3526. "address": "0x4836e0"
3527. },
3528. {
3529. "name": "VariantCopy",
3530. "address": "0x4836e4"
3531. },
3532. {
3533. "name": "VariantClear",
3534. "address": "0x4836e8"
3535. },
3536. {
3537. "name": "VariantInit",
3538. "address": "0x4836ec"
3539. }
3540. ],
3541. "dll": "oleaut32.dll"
3542. },
3543. {
3544. "imports": [
3545. {
3546. "name": "CoUninitialize",
3547. "address": "0x4836f4"
3548. },
3549. {
3550. "name": "CoInitialize",
3551. "address": "0x4836f8"
3552. }
3553. ],
3554. "dll": "ole32.dll"
3555. },
3556. {
3557. "imports": [
3558. {
3559. "name": "GetErrorInfo",
3560. "address": "0x483700"
3561. },
3562. {
3563. "name": "SysFreeString",
3564. "address": "0x483704"
3565. }
3566. ],
3567. "dll": "oleaut32.dll"
3568. },
3569. {
3570. "imports": [
3571. {
3572. "name": "ImageList_SetIconSize",
3573. "address": "0x48370c"
3574. },
3575. {
3576. "name": "ImageList_GetIconSize",
3577. "address": "0x483710"
3578. },
3579. {
3580. "name": "ImageList_Write",
3581. "address": "0x483714"
3582. },
3583. {
3584. "name": "ImageList_Read",
3585. "address": "0x483718"
3586. },
3587. {
3588. "name": "ImageList_GetDragImage",
3589. "address": "0x48371c"
3590. },
3591. {
3592. "name": "ImageList_DragShowNolock",
3593. "address": "0x483720"
3594. },
3595. {
3596. "name": "ImageList_SetDragCursorImage",
3597. "address": "0x483724"
3598. },
3599. {
3600. "name": "ImageList_DragMove",
3601. "address": "0x483728"
3602. },
3603. {
3604. "name": "ImageList_DragLeave",
3605. "address": "0x48372c"
3606. },
3607. {
3608. "name": "ImageList_DragEnter",
3609. "address": "0x483730"
3610. },
3611. {
3612. "name": "ImageList_EndDrag",
3613. "address": "0x483734"
3614. },
3615. {
3616. "name": "ImageList_BeginDrag",
3617. "address": "0x483738"
3618. },
3619. {
3620. "name": "ImageList_Remove",
3621. "address": "0x48373c"
3622. },
3623. {
3624. "name": "ImageList_DrawEx",
3625. "address": "0x483740"
3626. },
3627. {
3628. "name": "ImageList_Draw",
3629. "address": "0x483744"
3630. },
3631. {
3632. "name": "ImageList_GetBkColor",
3633. "address": "0x483748"
3634. },
3635. {
3636. "name": "ImageList_SetBkColor",
3637. "address": "0x48374c"
3638. },
3639. {
3640. "name": "ImageList_ReplaceIcon",
3641. "address": "0x483750"
3642. },
3643. {
3644. "name": "ImageList_Add",
3645. "address": "0x483754"
3646. },
3647. {
3648. "name": "ImageList_GetImageCount",
3649. "address": "0x483758"
3650. },
3651. {
3652. "name": "ImageList_Destroy",
3653. "address": "0x48375c"
3654. },
3655. {
3656. "name": "ImageList_Create",
3657. "address": "0x483760"
3658. }
3659. ],
3660. "dll": "comctl32.dll"
3661. },
3662. {
3663. "imports": [
3664. {
3665. "name": "GetSaveFileNameA",
3666. "address": "0x483768"
3667. },
3668. {
3669. "name": "GetOpenFileNameA",
3670. "address": "0x48376c"
3671. }
3672. ],
3673. "dll": "comdlg32.dll"
3674. }
3675. ],
3676. "digital_signers": null,
3677. "exported_dll_name": null,
3678. "actual_checksum": "0x000c9b64",
3679. "overlay": {
3680. "size": "0x00000200",
3681. "offset": "0x000c4e00"
3682. },
3683. "imagebase": "0x00400000",
3684. "reported_checksum": "0x00000000",
3685. "icon_hash": null,
3686. "entrypoint": "0x0047477c",
3687. "timestamp": "1992-05-07 20:59:57",
3688. "osversion": "4.0",
3689. "sections": [
3690. {
3691. "name": "CODE",
3692. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
3693. "virtual_address": "0x00001000",
3694. "size_of_data": "0x00073800",
3695. "entropy": "6.57",
3696. "raw_address": "0x00000400",
3697. "virtual_size": "0x000737c4",
3698. "characteristics_raw": "0x60000020"
3699. },
3700. {
3701. "name": "DATA",
3702. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3703. "virtual_address": "0x00075000",
3704. "size_of_data": "0x0000d000",
3705. "entropy": "3.93",
3706. "raw_address": "0x00073c00",
3707. "virtual_size": "0x0000cef0",
3708. "characteristics_raw": "0xc0000040"
3709. },
3710. {
3711. "name": "BSS",
3712. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3713. "virtual_address": "0x00082000",
3714. "size_of_data": "0x00000000",
3715. "entropy": "0.00",
3716. "raw_address": "0x00080c00",
3717. "virtual_size": "0x00000c45",
3718. "characteristics_raw": "0xc0000000"
3719. },
3720. {
3721. "name": ".idata",
3722. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3723. "virtual_address": "0x00083000",
3724. "size_of_data": "0x00002200",
3725. "entropy": "4.91",
3726. "raw_address": "0x00080c00",
3727. "virtual_size": "0x00002174",
3728. "characteristics_raw": "0xc0000040"
3729. },
3730. {
3731. "name": ".tls",
3732. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
3733. "virtual_address": "0x00086000",
3734. "size_of_data": "0x00000000",
3735. "entropy": "0.00",
3736. "raw_address": "0x00082e00",
3737. "virtual_size": "0x00000010",
3738. "characteristics_raw": "0xc0000000"
3739. },
3740. {
3741. "name": ".rdata",
3742. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
3743. "virtual_address": "0x00087000",
3744. "size_of_data": "0x00000200",
3745. "entropy": "0.21",
3746. "raw_address": "0x00082e00",
3747. "virtual_size": "0x00000018",
3748. "characteristics_raw": "0x50000040"
3749. },
3750. {
3751. "name": ".reloc",
3752. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
3753. "virtual_address": "0x00088000",
3754. "size_of_data": "0x00009000",
3755. "entropy": "6.61",
3756. "raw_address": "0x00083000",
3757. "virtual_size": "0x00008e40",
3758. "characteristics_raw": "0x50000040"
3759. },
3760. {
3761. "name": ".rsrc",
3762. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
3763. "virtual_address": "0x00091000",
3764. "size_of_data": "0x00038e00",
3765. "entropy": "7.18",
3766. "raw_address": "0x0008c000",
3767. "virtual_size": "0x00038df4",
3768. "characteristics_raw": "0x50000040"
3769. }
3770. ],
3771. "resources": [],
3772. "dirents": [
3773. {
3774. "virtual_address": "0x00000000",
3775. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
3776. "size": "0x00000000"
3777. },
3778. {
3779. "virtual_address": "0x00083000",
3780. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
3781. "size": "0x00002174"
3782. },
3783. {
3784. "virtual_address": "0x00091000",
3785. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
3786. "size": "0x00038df4"
3787. },
3788. {
3789. "virtual_address": "0x00000000",
3790. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
3791. "size": "0x00000000"
3792. },
3793. {
3794. "virtual_address": "0x00000000",
3795. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
3796. "size": "0x00000000"
3797. },
3798. {
3799. "virtual_address": "0x00088000",
3800. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
3801. "size": "0x00008e40"
3802. },
3803. {
3804. "virtual_address": "0x00000000",
3805. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
3806. "size": "0x00000000"
3807. },
3808. {
3809. "virtual_address": "0x00000000",
3810. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
3811. "size": "0x00000000"
3812. },
3813. {
3814. "virtual_address": "0x00000000",
3815. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
3816. "size": "0x00000000"
3817. },
3818. {
3819. "virtual_address": "0x00087000",
3820. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
3821. "size": "0x00000018"
3822. },
3823. {
3824. "virtual_address": "0x00000000",
3825. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
3826. "size": "0x00000000"
3827. },
3828. {
3829. "virtual_address": "0x00000000",
3830. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
3831. "size": "0x00000000"
3832. },
3833. {
3834. "virtual_address": "0x00000000",
3835. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
3836. "size": "0x00000000"
3837. },
3838. {
3839. "virtual_address": "0x00000000",
3840. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
3841. "size": "0x00000000"
3842. },
3843. {
3844. "virtual_address": "0x00000000",
3845. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
3846. "size": "0x00000000"
3847. },
3848. {
3849. "virtual_address": "0x00000000",
3850. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
3851. "size": "0x00000000"
3852. }
3853. ],
3854. "exports": [],
3855. "guest_signers": {},
3856. "imphash": "08d63d076187e00ae831c8357d868390",
3857. "icon_fuzzy": null,
3858. "icon": null,
3859. "pdbpath": null,
3860. "imported_dll_count": 16,
3861. "versioninfo": []
3862. }
3863. }