Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Exes_b7b8cf0f47d331d3999297600f35b3ea.exe"
- [*] File Size: 880128
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "4eb0fcc4fc87900deaabc2b571873f4aa2003bee91aa6836ddfa44cbdf8c7bfd"
- [*] MD5: "b7b8cf0f47d331d3999297600f35b3ea"
- [*] SHA1: "749c2f696a568aba236d82aeb4927cf95f034ff0"
- [*] SHA512: "6b9baa61ba0838cdc1ec2c96506965e3e21281f8ff95bc2e592122685936883ab924b0bb9460bc18650131c19ef7a4fcb280d88093cd6d25952f843b46aee794"
- [*] CRC32: "A70AD189"
- [*] SSDEEP: "12288:6XYmAIaS1XYJ9iP3JK0ybbEEmO12mc6FiaznABLjrnYn0t6RxsUCFm0xsBGVO+a7:6olM4ixac9jflgW4CjuZO/bHSdFez8j"
- [*] Process Execution: [
- "Exes_b7b8cf0f47d331d3999297600f35b3ea.exe",
- "Exes_b7b8cf0f47d331d3999297600f35b3ea.exe",
- "services.exe",
- "svchost.exe",
- "WmiPrvSE.exe",
- "dllhost.exe",
- "WmiPrvSE.exe",
- "svchost.exe",
- "lsass.exe",
- "svchost.exe",
- "winlogon.exe",
- "taskeng.exe",
- "msoia.exe",
- "taskeng.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "A process attempted to delay the analysis task.",
- "Details": [
- {
- "Process": "Exes_b7b8cf0f47d331d3999297600f35b3ea.exe tried to sleep 1267 seconds, actually delayed analysis time by 0 seconds"
- },
- {
- "Process": "WmiPrvSE.exe tried to sleep 600 seconds, actually delayed analysis time by 0 seconds"
- },
- {
- "Process": "svchost.exe tried to sleep 720 seconds, actually delayed analysis time by 0 seconds"
- }
- ]
- },
- {
- "Description": "Loads a driver",
- "Details": [
- {
- "driver service name": "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\srv"
- },
- {
- "driver service name": "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\srv"
- }
- ]
- },
- {
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details": [
- {
- "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
- },
- {
- "suspicious_request": "http://checkip.amazonaws.com/"
- },
- {
- "suspicious_request": "http://www.msftncsi.com/ncsi.txt"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://checkip.amazonaws.com/"
- },
- {
- "url": "http://www.msftncsi.com/ncsi.txt"
- }
- ]
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: .rsrc, entropy: 7.44, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x0003b600, virtual_size: 0x0003b490"
- }
- ]
- },
- {
- "Description": "Executed a process and injected code into it, probably while unpacking",
- "Details": [
- {
- "Injection": "Exes_b7b8cf0f47d331d3999297600f35b3ea.exe(2480) -> Exes_b7b8cf0f47d331d3999297600f35b3ea.exe(2012)"
- }
- ]
- },
- {
- "Description": "Attempts to restart the guest VM",
- "Details": []
- },
- {
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details": [
- {
- "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 8965973 times"
- }
- ]
- },
- {
- "Description": "Steals private information from local Internet browsers",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
- }
- ]
- },
- {
- "Description": "Retrieves Windows ProductID, probably to fingerprint the sandbox",
- "Details": []
- },
- {
- "Description": "File has been identified by 48 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Gen:Variant.Ulise.37510"
- },
- {
- "FireEye": "Generic.mg.b7b8cf0f47d331d3"
- },
- {
- "ALYac": "Gen:Variant.Ulise.37510"
- },
- {
- "Malwarebytes": "Trojan.MalPack.DLF"
- },
- {
- "Alibaba": "TrojanPSW:Win32/Injector.df02ea75"
- },
- {
- "K7GW": "Riskware ( 0040eff71 )"
- },
- {
- "Arcabit": "Trojan.Ulise.D9286"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "Symantec": "Trojan.Gen.MBT"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Paloalto": "generic.ml"
- },
- {
- "ClamAV": "Win.Malware.Tspy-6986850-0"
- },
- {
- "Kaspersky": "HEUR:Trojan-PSW.Win32.Azorult.gen"
- },
- {
- "BitDefender": "Gen:Variant.Ulise.37510"
- },
- {
- "NANO-Antivirus": "Trojan.Win32.Azorult.fqxutb"
- },
- {
- "AegisLab": "Trojan.Win32.Azorult.4!c"
- },
- {
- "Avast": "Win32:Malware-gen"
- },
- {
- "Rising": "Trojan.Injector!1.AFE3 (CLOUD)"
- },
- {
- "Ad-Aware": "Gen:Variant.Ulise.37510"
- },
- {
- "Emsisoft": "Gen:Variant.Ulise.37510 (B)"
- },
- {
- "F-Secure": "Trojan.TR/Injector.eipuf"
- },
- {
- "DrWeb": "Trojan.PWS.Stealer.26285"
- },
- {
- "TrendMicro": "TSPY_HPFAREIT.SMROX"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Fareit.cc"
- },
- {
- "Trapmine": "malicious.high.ml.score"
- },
- {
- "Sophos": "Mal/Fareit-V"
- },
- {
- "Ikarus": "Trojan.Inject"
- },
- {
- "Cyren": "W32/Trojan.KFWG-0383"
- },
- {
- "Avira": "TR/Injector.eipuf"
- },
- {
- "Antiy-AVL": "Trojan[PSW]/Win32.Azorult"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "Microsoft": "Trojan:Win32/LokiBot.DC!MTB"
- },
- {
- "ZoneAlarm": "HEUR:Trojan-PSW.Win32.Azorult.gen"
- },
- {
- "GData": "Gen:Variant.Ulise.37510"
- },
- {
- "AhnLab-V3": "Win-Trojan/Delphiless.Exp"
- },
- {
- "Acronis": "suspicious"
- },
- {
- "McAfee": "Packed-FTT!B7B8CF0F47D3"
- },
- {
- "VBA32": "TScope.Trojan.Delf"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "Zoner": "Trojan.Win32.78470"
- },
- {
- "ESET-NOD32": "a variant of Win32/Injector.EFTY"
- },
- {
- "TrendMicro-HouseCall": "TSPY_HPFAREIT.SMROX"
- },
- {
- "Fortinet": "W32/Injector.EFTR!tr"
- },
- {
- "AVG": "Win32:Malware-gen"
- },
- {
- "Cybereason": "malicious.96a568"
- },
- {
- "Panda": "Trj/Genetic.gen"
- },
- {
- "CrowdStrike": "win/malicious_confidence_100% (W)"
- },
- {
- "Qihoo-360": "Win32/Trojan.PSW.ae6"
- }
- ]
- },
- {
- "Description": "Checks the version of Bios, possibly for anti-virtualization",
- "Details": []
- },
- {
- "Description": "Harvests credentials from local FTP client softwares",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini"
- },
- {
- "file": "C:\\cftp\\Ftplist.txt"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites"
- }
- ]
- },
- {
- "Description": "Harvests information related to installed mail clients",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Thunderbird\\profiles.ini"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\SMTP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\HTTP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\HTTP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\POP3 Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\SMTP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\IMAP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\IMAP Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\POP3 Password"
- },
- {
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
- }
- ]
- },
- {
- "Description": "Collects information to fingerprint the system",
- "Details": []
- },
- {
- "Description": "Anomalous binary characteristics",
- "Details": [
- {
- "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
- }
- ]
- }
- ]
- [*] Started Service: [
- "VaultSvc",
- "Winmgmt",
- "Browser"
- ]
- [*] Executed Commands: [
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_b7b8cf0f47d331d3999297600f35b3ea.exe\"",
- "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding",
- "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}",
- "C:\\Windows\\system32\\lsass.exe",
- "C:\\Windows\\system32\\svchost.exe -k netsvcs",
- "\"C:\\Program Files\\Microsoft Office\\Office15\\msoia.exe\" scan upload"
- ]
- [*] Mutexes: [
- "Global\\CLR_PerfMon_WrapMutex",
- "Global\\CLR_CASOFF_MUTEX",
- "Local\\_!MSFTHISTORY!_",
- "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
- "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
- "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
- "Global\\.net clr networking"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
- "\\??\\WMIDataDevice",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\3f413991-258b-40ff-be74-3c9499451fa3",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\2a054f9d-c779-4bd0-bdf7-d8868913a0f1",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\4f2b6518-ccb4-4f6d-83e5-272eed5bb177",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\595fa110-bfbc-4316-beef-152a879692a6",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\bc622d9e-265e-4f6b-9e7b-dd6182e86b13",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\ceab635e-ed38-477e-a846-b3f4adbbe25b",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\ffd832b1-f003-40cc-b7d1-ffce54027378",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\2ce1541b-c7b1-4ba0-8974-722d18a3c54d",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
- "\\??\\PIPE\\samr",
- "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
- "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
- "\\??\\PIPE\\wkssvc",
- "\\??\\PIPE\\srvsvc",
- "\\??\\PHYSICALDRIVE0",
- "\\??\\CDROM0",
- "\\??\\PIPE\\lsarpc"
- ]
- [*] Deleted Files: []
- [*] Modified Registry Keys: [
- "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\Exes_b7b8cf0f47d331d3999297600f35b3ea_RASAPI32",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b7b8cf0f47d331d3999297600f35b3ea_RASAPI32\\EnableFileTracing",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b7b8cf0f47d331d3999297600f35b3ea_RASAPI32\\EnableConsoleTracing",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b7b8cf0f47d331d3999297600f35b3ea_RASAPI32\\FileTracingMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b7b8cf0f47d331d3999297600f35b3ea_RASAPI32\\ConsoleTracingMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b7b8cf0f47d331d3999297600f35b3ea_RASAPI32\\MaxFileSize",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_b7b8cf0f47d331d3999297600f35b3ea_RASAPI32\\FileDirectory",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Type",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\ThemeManager\\ThemeActive",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\ThemeManager\\LoadedBefore",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\ThemeManager\\LastUserLangID",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\ThemeManager\\LastLoadedDPI",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\ThemeManager\\DllName",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\ThemeManager\\ColorName",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\ThemeManager\\SizeName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\Handshake\\{9CB40BFC-1AD4-4939-B518-302BA4D127D8}\\data",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\Handshake\\{53D44673-9B88-4364-8E91-CDFF83E0EF8B}\\data",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ProcessID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ThrottleDrege",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Parameters\\ServiceDllUnloadOnStop",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStopMissed",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces"
- ]
- [*] Deleted Registry Keys: [
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\IDE\\CdRomVBOX_CD-ROM_____________________________1.0_____\\5&2117b2e5&0&1.0.0\\CustomPropertyHwIdKey",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\PCIIDE\\IDEChannel\\4&2617aeae&0&1\\CustomPropertyHwIdKey",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\IDE\\DISKVBOX_HARDDISK___________________________1.0_____\\5&33D1638A&0&0.0.0\\CustomPropertyHwIdKey",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\PCIIDE\\IDEChannel\\4&2617AEAE&0&0\\CustomPropertyHwIdKey"
- ]
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "checkip.amazonaws.com",
- "answers": [
- {
- "data": "52.206.161.133",
- "type": "A"
- },
- {
- "data": "52.200.125.74",
- "type": "A"
- },
- {
- "data": "checkip.check-ip.aws.a2z.com",
- "type": "CNAME"
- },
- {
- "data": "52.6.79.229",
- "type": "A"
- },
- {
- "data": "checkip.us-east-1.prod.check-ip.aws.a2z.com",
- "type": "CNAME"
- },
- {
- "data": "34.233.102.38",
- "type": "A"
- },
- {
- "data": "52.202.139.131",
- "type": "A"
- },
- {
- "data": "18.211.215.84",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "18.211.215.84",
- "domain": "checkip.amazonaws.com"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://checkip.amazonaws.com/",
- "user-agent": "",
- "method": "GET",
- "host": "checkip.amazonaws.com",
- "version": "1.1",
- "path": "/",
- "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\nConnection: Keep-Alive\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.msftncsi.com/ncsi.txt",
- "user-agent": "Microsoft NCSI",
- "method": "GET",
- "host": "www.msftncsi.com",
- "version": "1.1",
- "path": "/ncsi.txt",
- "data": "GET /ncsi.txt HTTP/1.1\r\nConnection: Close\r\nUser-Agent: Microsoft NCSI\r\nHost: www.msftncsi.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DeleteCriticalSection",
- "address": "0x491154"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x491158"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x49115c"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x491160"
- },
- {
- "name": "VirtualFree",
- "address": "0x491164"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x491168"
- },
- {
- "name": "LocalFree",
- "address": "0x49116c"
- },
- {
- "name": "LocalAlloc",
- "address": "0x491170"
- },
- {
- "name": "GetVersion",
- "address": "0x491174"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x491178"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x49117c"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x491180"
- },
- {
- "name": "VirtualQuery",
- "address": "0x491184"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x491188"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x49118c"
- },
- {
- "name": "lstrlenA",
- "address": "0x491190"
- },
- {
- "name": "lstrcpynA",
- "address": "0x491194"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x491198"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x49119c"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x4911a0"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4911a4"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x4911a8"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x4911ac"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x4911b0"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x4911b4"
- },
- {
- "name": "FreeLibrary",
- "address": "0x4911b8"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x4911bc"
- },
- {
- "name": "FindClose",
- "address": "0x4911c0"
- },
- {
- "name": "ExitProcess",
- "address": "0x4911c4"
- },
- {
- "name": "WriteFile",
- "address": "0x4911c8"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x4911cc"
- },
- {
- "name": "RtlUnwind",
- "address": "0x4911d0"
- },
- {
- "name": "RaiseException",
- "address": "0x4911d4"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4911d8"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "GetKeyboardType",
- "address": "0x4911e0"
- },
- {
- "name": "LoadStringA",
- "address": "0x4911e4"
- },
- {
- "name": "MessageBoxA",
- "address": "0x4911e8"
- },
- {
- "name": "CharNextA",
- "address": "0x4911ec"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x4911f4"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x4911f8"
- },
- {
- "name": "RegCloseKey",
- "address": "0x4911fc"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "SysFreeString",
- "address": "0x491204"
- },
- {
- "name": "SysReAllocStringLen",
- "address": "0x491208"
- },
- {
- "name": "SysAllocStringLen",
- "address": "0x49120c"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "TlsSetValue",
- "address": "0x491214"
- },
- {
- "name": "TlsGetValue",
- "address": "0x491218"
- },
- {
- "name": "LocalAlloc",
- "address": "0x49121c"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x491220"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x491228"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x49122c"
- },
- {
- "name": "RegCloseKey",
- "address": "0x491230"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "lstrcpyA",
- "address": "0x491238"
- },
- {
- "name": "WriteFile",
- "address": "0x49123c"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x491240"
- },
- {
- "name": "VirtualQuery",
- "address": "0x491244"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x491248"
- },
- {
- "name": "Sleep",
- "address": "0x49124c"
- },
- {
- "name": "SizeofResource",
- "address": "0x491250"
- },
- {
- "name": "SetThreadLocale",
- "address": "0x491254"
- },
- {
- "name": "SetFilePointer",
- "address": "0x491258"
- },
- {
- "name": "SetEvent",
- "address": "0x49125c"
- },
- {
- "name": "SetErrorMode",
- "address": "0x491260"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x491264"
- },
- {
- "name": "ResetEvent",
- "address": "0x491268"
- },
- {
- "name": "ReadFile",
- "address": "0x49126c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x491270"
- },
- {
- "name": "MulDiv",
- "address": "0x491274"
- },
- {
- "name": "LockResource",
- "address": "0x491278"
- },
- {
- "name": "LoadResource",
- "address": "0x49127c"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x491280"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x491284"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x491288"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x49128c"
- },
- {
- "name": "GlobalReAlloc",
- "address": "0x491290"
- },
- {
- "name": "GlobalHandle",
- "address": "0x491294"
- },
- {
- "name": "GlobalLock",
- "address": "0x491298"
- },
- {
- "name": "GlobalFree",
- "address": "0x49129c"
- },
- {
- "name": "GlobalFindAtomA",
- "address": "0x4912a0"
- },
- {
- "name": "GlobalDeleteAtom",
- "address": "0x4912a4"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x4912a8"
- },
- {
- "name": "GlobalAddAtomA",
- "address": "0x4912ac"
- },
- {
- "name": "GetVersionExA",
- "address": "0x4912b0"
- },
- {
- "name": "GetVersion",
- "address": "0x4912b4"
- },
- {
- "name": "GetTickCount",
- "address": "0x4912b8"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x4912bc"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x4912c0"
- },
- {
- "name": "GetStringTypeExA",
- "address": "0x4912c4"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4912c8"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4912cc"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x4912d0"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x4912d4"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x4912d8"
- },
- {
- "name": "GetLocalTime",
- "address": "0x4912dc"
- },
- {
- "name": "GetLastError",
- "address": "0x4912e0"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x4912e4"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x4912e8"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x4912ec"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x4912f0"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4912f4"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4912f8"
- },
- {
- "name": "GetCPInfo",
- "address": "0x4912fc"
- },
- {
- "name": "GetACP",
- "address": "0x491300"
- },
- {
- "name": "FreeResource",
- "address": "0x491304"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x491308"
- },
- {
- "name": "FreeLibrary",
- "address": "0x49130c"
- },
- {
- "name": "FormatMessageA",
- "address": "0x491310"
- },
- {
- "name": "FindResourceA",
- "address": "0x491314"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x491318"
- },
- {
- "name": "FindClose",
- "address": "0x49131c"
- },
- {
- "name": "FileTimeToLocalFileTime",
- "address": "0x491320"
- },
- {
- "name": "FileTimeToDosDateTime",
- "address": "0x491324"
- },
- {
- "name": "EnumCalendarInfoA",
- "address": "0x491328"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x49132c"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x491330"
- },
- {
- "name": "CreateThread",
- "address": "0x491334"
- },
- {
- "name": "CreateFileA",
- "address": "0x491338"
- },
- {
- "name": "CreateEventA",
- "address": "0x49133c"
- },
- {
- "name": "CompareStringA",
- "address": "0x491340"
- },
- {
- "name": "CloseHandle",
- "address": "0x491344"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "VerQueryValueA",
- "address": "0x49134c"
- },
- {
- "name": "GetFileVersionInfoSizeA",
- "address": "0x491350"
- },
- {
- "name": "GetFileVersionInfoA",
- "address": "0x491354"
- }
- ],
- "dll": "version.dll"
- },
- {
- "imports": [
- {
- "name": "UnrealizeObject",
- "address": "0x49135c"
- },
- {
- "name": "StretchBlt",
- "address": "0x491360"
- },
- {
- "name": "SetWindowOrgEx",
- "address": "0x491364"
- },
- {
- "name": "SetWinMetaFileBits",
- "address": "0x491368"
- },
- {
- "name": "SetViewportOrgEx",
- "address": "0x49136c"
- },
- {
- "name": "SetTextCharacterExtra",
- "address": "0x491370"
- },
- {
- "name": "SetTextColor",
- "address": "0x491374"
- },
- {
- "name": "SetStretchBltMode",
- "address": "0x491378"
- },
- {
- "name": "SetROP2",
- "address": "0x49137c"
- },
- {
- "name": "SetPixel",
- "address": "0x491380"
- },
- {
- "name": "SetEnhMetaFileBits",
- "address": "0x491384"
- },
- {
- "name": "SetDIBColorTable",
- "address": "0x491388"
- },
- {
- "name": "SetBrushOrgEx",
- "address": "0x49138c"
- },
- {
- "name": "SetBkMode",
- "address": "0x491390"
- },
- {
- "name": "SetBkColor",
- "address": "0x491394"
- },
- {
- "name": "SelectPalette",
- "address": "0x491398"
- },
- {
- "name": "SelectObject",
- "address": "0x49139c"
- },
- {
- "name": "SelectClipRgn",
- "address": "0x4913a0"
- },
- {
- "name": "ScaleWindowExtEx",
- "address": "0x4913a4"
- },
- {
- "name": "SaveDC",
- "address": "0x4913a8"
- },
- {
- "name": "RestoreDC",
- "address": "0x4913ac"
- },
- {
- "name": "Rectangle",
- "address": "0x4913b0"
- },
- {
- "name": "RectVisible",
- "address": "0x4913b4"
- },
- {
- "name": "RealizePalette",
- "address": "0x4913b8"
- },
- {
- "name": "Polyline",
- "address": "0x4913bc"
- },
- {
- "name": "PlayEnhMetaFile",
- "address": "0x4913c0"
- },
- {
- "name": "PatBlt",
- "address": "0x4913c4"
- },
- {
- "name": "MoveToEx",
- "address": "0x4913c8"
- },
- {
- "name": "MaskBlt",
- "address": "0x4913cc"
- },
- {
- "name": "LineTo",
- "address": "0x4913d0"
- },
- {
- "name": "IntersectClipRect",
- "address": "0x4913d4"
- },
- {
- "name": "GetWindowOrgEx",
- "address": "0x4913d8"
- },
- {
- "name": "GetWinMetaFileBits",
- "address": "0x4913dc"
- },
- {
- "name": "GetTextMetricsA",
- "address": "0x4913e0"
- },
- {
- "name": "GetTextExtentPointA",
- "address": "0x4913e4"
- },
- {
- "name": "GetTextExtentPoint32A",
- "address": "0x4913e8"
- },
- {
- "name": "GetSystemPaletteEntries",
- "address": "0x4913ec"
- },
- {
- "name": "GetStockObject",
- "address": "0x4913f0"
- },
- {
- "name": "GetPixel",
- "address": "0x4913f4"
- },
- {
- "name": "GetPaletteEntries",
- "address": "0x4913f8"
- },
- {
- "name": "GetObjectA",
- "address": "0x4913fc"
- },
- {
- "name": "GetEnhMetaFilePaletteEntries",
- "address": "0x491400"
- },
- {
- "name": "GetEnhMetaFileHeader",
- "address": "0x491404"
- },
- {
- "name": "GetEnhMetaFileBits",
- "address": "0x491408"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x49140c"
- },
- {
- "name": "GetDIBits",
- "address": "0x491410"
- },
- {
- "name": "GetDIBColorTable",
- "address": "0x491414"
- },
- {
- "name": "GetDCOrgEx",
- "address": "0x491418"
- },
- {
- "name": "GetCurrentPositionEx",
- "address": "0x49141c"
- },
- {
- "name": "GetClipRgn",
- "address": "0x491420"
- },
- {
- "name": "GetClipBox",
- "address": "0x491424"
- },
- {
- "name": "GetBrushOrgEx",
- "address": "0x491428"
- },
- {
- "name": "GetBitmapBits",
- "address": "0x49142c"
- },
- {
- "name": "ExcludeClipRect",
- "address": "0x491430"
- },
- {
- "name": "DeleteObject",
- "address": "0x491434"
- },
- {
- "name": "DeleteEnhMetaFile",
- "address": "0x491438"
- },
- {
- "name": "DeleteDC",
- "address": "0x49143c"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x491440"
- },
- {
- "name": "CreateRectRgn",
- "address": "0x491444"
- },
- {
- "name": "CreatePenIndirect",
- "address": "0x491448"
- },
- {
- "name": "CreatePalette",
- "address": "0x49144c"
- },
- {
- "name": "CreateHalftonePalette",
- "address": "0x491450"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x491454"
- },
- {
- "name": "CreateDIBitmap",
- "address": "0x491458"
- },
- {
- "name": "CreateDIBSection",
- "address": "0x49145c"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x491460"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x491464"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x491468"
- },
- {
- "name": "CreateBitmap",
- "address": "0x49146c"
- },
- {
- "name": "CopyEnhMetaFileA",
- "address": "0x491470"
- },
- {
- "name": "BitBlt",
- "address": "0x491474"
- }
- ],
- "dll": "gdi32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateWindowExA",
- "address": "0x49147c"
- },
- {
- "name": "WindowFromPoint",
- "address": "0x491480"
- },
- {
- "name": "WinHelpA",
- "address": "0x491484"
- },
- {
- "name": "WaitMessage",
- "address": "0x491488"
- },
- {
- "name": "UpdateWindow",
- "address": "0x49148c"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x491490"
- },
- {
- "name": "UnhookWindowsHookEx",
- "address": "0x491494"
- },
- {
- "name": "TranslateMessage",
- "address": "0x491498"
- },
- {
- "name": "TranslateMDISysAccel",
- "address": "0x49149c"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x4914a0"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x4914a4"
- },
- {
- "name": "ShowWindow",
- "address": "0x4914a8"
- },
- {
- "name": "ShowScrollBar",
- "address": "0x4914ac"
- },
- {
- "name": "ShowOwnedPopups",
- "address": "0x4914b0"
- },
- {
- "name": "ShowCursor",
- "address": "0x4914b4"
- },
- {
- "name": "SetWindowsHookExA",
- "address": "0x4914b8"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x4914bc"
- },
- {
- "name": "SetWindowPos",
- "address": "0x4914c0"
- },
- {
- "name": "SetWindowPlacement",
- "address": "0x4914c4"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x4914c8"
- },
- {
- "name": "SetTimer",
- "address": "0x4914cc"
- },
- {
- "name": "SetScrollRange",
- "address": "0x4914d0"
- },
- {
- "name": "SetScrollPos",
- "address": "0x4914d4"
- },
- {
- "name": "SetScrollInfo",
- "address": "0x4914d8"
- },
- {
- "name": "SetRect",
- "address": "0x4914dc"
- },
- {
- "name": "SetPropA",
- "address": "0x4914e0"
- },
- {
- "name": "SetParent",
- "address": "0x4914e4"
- },
- {
- "name": "SetMenuItemInfoA",
- "address": "0x4914e8"
- },
- {
- "name": "SetMenu",
- "address": "0x4914ec"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x4914f0"
- },
- {
- "name": "SetFocus",
- "address": "0x4914f4"
- },
- {
- "name": "SetCursor",
- "address": "0x4914f8"
- },
- {
- "name": "SetClipboardData",
- "address": "0x4914fc"
- },
- {
- "name": "SetClassLongA",
- "address": "0x491500"
- },
- {
- "name": "SetCapture",
- "address": "0x491504"
- },
- {
- "name": "SetActiveWindow",
- "address": "0x491508"
- },
- {
- "name": "SendMessageA",
- "address": "0x49150c"
- },
- {
- "name": "ScrollWindow",
- "address": "0x491510"
- },
- {
- "name": "ScreenToClient",
- "address": "0x491514"
- },
- {
- "name": "RemovePropA",
- "address": "0x491518"
- },
- {
- "name": "RemoveMenu",
- "address": "0x49151c"
- },
- {
- "name": "ReleaseDC",
- "address": "0x491520"
- },
- {
- "name": "ReleaseCapture",
- "address": "0x491524"
- },
- {
- "name": "RegisterWindowMessageA",
- "address": "0x491528"
- },
- {
- "name": "RegisterClipboardFormatA",
- "address": "0x49152c"
- },
- {
- "name": "RegisterClassA",
- "address": "0x491530"
- },
- {
- "name": "RedrawWindow",
- "address": "0x491534"
- },
- {
- "name": "PtInRect",
- "address": "0x491538"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x49153c"
- },
- {
- "name": "PostMessageA",
- "address": "0x491540"
- },
- {
- "name": "PeekMessageA",
- "address": "0x491544"
- },
- {
- "name": "OpenClipboard",
- "address": "0x491548"
- },
- {
- "name": "OffsetRect",
- "address": "0x49154c"
- },
- {
- "name": "OemToCharA",
- "address": "0x491550"
- },
- {
- "name": "MessageBoxA",
- "address": "0x491554"
- },
- {
- "name": "MessageBeep",
- "address": "0x491558"
- },
- {
- "name": "MapWindowPoints",
- "address": "0x49155c"
- },
- {
- "name": "MapVirtualKeyA",
- "address": "0x491560"
- },
- {
- "name": "LoadStringA",
- "address": "0x491564"
- },
- {
- "name": "LoadKeyboardLayoutA",
- "address": "0x491568"
- },
- {
- "name": "LoadIconA",
- "address": "0x49156c"
- },
- {
- "name": "LoadCursorA",
- "address": "0x491570"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x491574"
- },
- {
- "name": "KillTimer",
- "address": "0x491578"
- },
- {
- "name": "IsZoomed",
- "address": "0x49157c"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x491580"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x491584"
- },
- {
- "name": "IsWindow",
- "address": "0x491588"
- },
- {
- "name": "IsRectEmpty",
- "address": "0x49158c"
- },
- {
- "name": "IsIconic",
- "address": "0x491590"
- },
- {
- "name": "IsDialogMessageA",
- "address": "0x491594"
- },
- {
- "name": "IsChild",
- "address": "0x491598"
- },
- {
- "name": "InvalidateRect",
- "address": "0x49159c"
- },
- {
- "name": "IntersectRect",
- "address": "0x4915a0"
- },
- {
- "name": "InsertMenuItemA",
- "address": "0x4915a4"
- },
- {
- "name": "InsertMenuA",
- "address": "0x4915a8"
- },
- {
- "name": "InflateRect",
- "address": "0x4915ac"
- },
- {
- "name": "GetWindowThreadProcessId",
- "address": "0x4915b0"
- },
- {
- "name": "GetWindowTextA",
- "address": "0x4915b4"
- },
- {
- "name": "GetWindowRect",
- "address": "0x4915b8"
- },
- {
- "name": "GetWindowPlacement",
- "address": "0x4915bc"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x4915c0"
- },
- {
- "name": "GetWindowDC",
- "address": "0x4915c4"
- },
- {
- "name": "GetTopWindow",
- "address": "0x4915c8"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x4915cc"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x4915d0"
- },
- {
- "name": "GetSysColorBrush",
- "address": "0x4915d4"
- },
- {
- "name": "GetSysColor",
- "address": "0x4915d8"
- },
- {
- "name": "GetSubMenu",
- "address": "0x4915dc"
- },
- {
- "name": "GetScrollRange",
- "address": "0x4915e0"
- },
- {
- "name": "GetScrollPos",
- "address": "0x4915e4"
- },
- {
- "name": "GetScrollInfo",
- "address": "0x4915e8"
- },
- {
- "name": "GetPropA",
- "address": "0x4915ec"
- },
- {
- "name": "GetParent",
- "address": "0x4915f0"
- },
- {
- "name": "GetWindow",
- "address": "0x4915f4"
- },
- {
- "name": "GetMenuStringA",
- "address": "0x4915f8"
- },
- {
- "name": "GetMenuState",
- "address": "0x4915fc"
- },
- {
- "name": "GetMenuItemInfoA",
- "address": "0x491600"
- },
- {
- "name": "GetMenuItemID",
- "address": "0x491604"
- },
- {
- "name": "GetMenuItemCount",
- "address": "0x491608"
- },
- {
- "name": "GetMenu",
- "address": "0x49160c"
- },
- {
- "name": "GetLastActivePopup",
- "address": "0x491610"
- },
- {
- "name": "GetKeyboardState",
- "address": "0x491614"
- },
- {
- "name": "GetKeyboardLayoutList",
- "address": "0x491618"
- },
- {
- "name": "GetKeyboardLayout",
- "address": "0x49161c"
- },
- {
- "name": "GetKeyState",
- "address": "0x491620"
- },
- {
- "name": "GetKeyNameTextA",
- "address": "0x491624"
- },
- {
- "name": "GetIconInfo",
- "address": "0x491628"
- },
- {
- "name": "GetForegroundWindow",
- "address": "0x49162c"
- },
- {
- "name": "GetFocus",
- "address": "0x491630"
- },
- {
- "name": "GetDlgItem",
- "address": "0x491634"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x491638"
- },
- {
- "name": "GetDCEx",
- "address": "0x49163c"
- },
- {
- "name": "GetDC",
- "address": "0x491640"
- },
- {
- "name": "GetCursorPos",
- "address": "0x491644"
- },
- {
- "name": "GetCursor",
- "address": "0x491648"
- },
- {
- "name": "GetClipboardData",
- "address": "0x49164c"
- },
- {
- "name": "GetClientRect",
- "address": "0x491650"
- },
- {
- "name": "GetClassNameA",
- "address": "0x491654"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x491658"
- },
- {
- "name": "GetCapture",
- "address": "0x49165c"
- },
- {
- "name": "GetActiveWindow",
- "address": "0x491660"
- },
- {
- "name": "FrameRect",
- "address": "0x491664"
- },
- {
- "name": "FindWindowA",
- "address": "0x491668"
- },
- {
- "name": "FillRect",
- "address": "0x49166c"
- },
- {
- "name": "EqualRect",
- "address": "0x491670"
- },
- {
- "name": "EnumWindows",
- "address": "0x491674"
- },
- {
- "name": "EnumThreadWindows",
- "address": "0x491678"
- },
- {
- "name": "EndPaint",
- "address": "0x49167c"
- },
- {
- "name": "EnableWindow",
- "address": "0x491680"
- },
- {
- "name": "EnableScrollBar",
- "address": "0x491684"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x491688"
- },
- {
- "name": "EmptyClipboard",
- "address": "0x49168c"
- },
- {
- "name": "DrawTextA",
- "address": "0x491690"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x491694"
- },
- {
- "name": "DrawIconEx",
- "address": "0x491698"
- },
- {
- "name": "DrawIcon",
- "address": "0x49169c"
- },
- {
- "name": "DrawFrameControl",
- "address": "0x4916a0"
- },
- {
- "name": "DrawFocusRect",
- "address": "0x4916a4"
- },
- {
- "name": "DrawEdge",
- "address": "0x4916a8"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4916ac"
- },
- {
- "name": "DestroyWindow",
- "address": "0x4916b0"
- },
- {
- "name": "DestroyMenu",
- "address": "0x4916b4"
- },
- {
- "name": "DestroyIcon",
- "address": "0x4916b8"
- },
- {
- "name": "DestroyCursor",
- "address": "0x4916bc"
- },
- {
- "name": "DeleteMenu",
- "address": "0x4916c0"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x4916c4"
- },
- {
- "name": "DefMDIChildProcA",
- "address": "0x4916c8"
- },
- {
- "name": "DefFrameProcA",
- "address": "0x4916cc"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x4916d0"
- },
- {
- "name": "CreateMenu",
- "address": "0x4916d4"
- },
- {
- "name": "CreateIcon",
- "address": "0x4916d8"
- },
- {
- "name": "CloseClipboard",
- "address": "0x4916dc"
- },
- {
- "name": "ClientToScreen",
- "address": "0x4916e0"
- },
- {
- "name": "CheckMenuItem",
- "address": "0x4916e4"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x4916e8"
- },
- {
- "name": "CallNextHookEx",
- "address": "0x4916ec"
- },
- {
- "name": "BeginPaint",
- "address": "0x4916f0"
- },
- {
- "name": "CharNextA",
- "address": "0x4916f4"
- },
- {
- "name": "CharLowerBuffA",
- "address": "0x4916f8"
- },
- {
- "name": "CharLowerA",
- "address": "0x4916fc"
- },
- {
- "name": "CharUpperBuffA",
- "address": "0x491700"
- },
- {
- "name": "CharToOemA",
- "address": "0x491704"
- },
- {
- "name": "AdjustWindowRectEx",
- "address": "0x491708"
- },
- {
- "name": "ActivateKeyboardLayout",
- "address": "0x49170c"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "Sleep",
- "address": "0x491714"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "SafeArrayPtrOfIndex",
- "address": "0x49171c"
- },
- {
- "name": "SafeArrayPutElement",
- "address": "0x491720"
- },
- {
- "name": "SafeArrayGetElement",
- "address": "0x491724"
- },
- {
- "name": "SafeArrayUnaccessData",
- "address": "0x491728"
- },
- {
- "name": "SafeArrayAccessData",
- "address": "0x49172c"
- },
- {
- "name": "SafeArrayGetUBound",
- "address": "0x491730"
- },
- {
- "name": "SafeArrayGetLBound",
- "address": "0x491734"
- },
- {
- "name": "SafeArrayCreate",
- "address": "0x491738"
- },
- {
- "name": "VariantChangeType",
- "address": "0x49173c"
- },
- {
- "name": "VariantCopyInd",
- "address": "0x491740"
- },
- {
- "name": "VariantCopy",
- "address": "0x491744"
- },
- {
- "name": "VariantClear",
- "address": "0x491748"
- },
- {
- "name": "VariantInit",
- "address": "0x49174c"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "CoUninitialize",
- "address": "0x491754"
- },
- {
- "name": "CoInitialize",
- "address": "0x491758"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "GetErrorInfo",
- "address": "0x491760"
- },
- {
- "name": "SysFreeString",
- "address": "0x491764"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_SetIconSize",
- "address": "0x49176c"
- },
- {
- "name": "ImageList_GetIconSize",
- "address": "0x491770"
- },
- {
- "name": "ImageList_Write",
- "address": "0x491774"
- },
- {
- "name": "ImageList_Read",
- "address": "0x491778"
- },
- {
- "name": "ImageList_GetDragImage",
- "address": "0x49177c"
- },
- {
- "name": "ImageList_DragShowNolock",
- "address": "0x491780"
- },
- {
- "name": "ImageList_SetDragCursorImage",
- "address": "0x491784"
- },
- {
- "name": "ImageList_DragMove",
- "address": "0x491788"
- },
- {
- "name": "ImageList_DragLeave",
- "address": "0x49178c"
- },
- {
- "name": "ImageList_DragEnter",
- "address": "0x491790"
- },
- {
- "name": "ImageList_EndDrag",
- "address": "0x491794"
- },
- {
- "name": "ImageList_BeginDrag",
- "address": "0x491798"
- },
- {
- "name": "ImageList_Remove",
- "address": "0x49179c"
- },
- {
- "name": "ImageList_DrawEx",
- "address": "0x4917a0"
- },
- {
- "name": "ImageList_Replace",
- "address": "0x4917a4"
- },
- {
- "name": "ImageList_Draw",
- "address": "0x4917a8"
- },
- {
- "name": "ImageList_GetBkColor",
- "address": "0x4917ac"
- },
- {
- "name": "ImageList_SetBkColor",
- "address": "0x4917b0"
- },
- {
- "name": "ImageList_ReplaceIcon",
- "address": "0x4917b4"
- },
- {
- "name": "ImageList_Add",
- "address": "0x4917b8"
- },
- {
- "name": "ImageList_GetImageCount",
- "address": "0x4917bc"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x4917c0"
- },
- {
- "name": "ImageList_Create",
- "address": "0x4917c4"
- }
- ],
- "dll": "comctl32.dll"
- },
- {
- "imports": [
- {
- "name": "GetOpenFileNameA",
- "address": "0x4917cc"
- }
- ],
- "dll": "comdlg32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000dcd48",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00485b04",
- "timestamp": "1992-03-24 09:15:18",
- "osversion": "4.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00084c00",
- "entropy": "6.54",
- "raw_address": "0x00000400",
- "virtual_size": "0x00084b4c",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00086000",
- "size_of_data": "0x00009a00",
- "entropy": "5.00",
- "raw_address": "0x00085000",
- "virtual_size": "0x00009880",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "BSS",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00090000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x0008ea00",
- "virtual_size": "0x00000d9d",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00091000",
- "size_of_data": "0x00002400",
- "entropy": "5.02",
- "raw_address": "0x0008ea00",
- "virtual_size": "0x000023ae",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".tls",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00094000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00090e00",
- "virtual_size": "0x00000010",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00095000",
- "size_of_data": "0x00000200",
- "entropy": "0.21",
- "raw_address": "0x00090e00",
- "virtual_size": "0x00000018",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00096000",
- "size_of_data": "0x0000a800",
- "entropy": "6.62",
- "raw_address": "0x00091000",
- "virtual_size": "0x0000a6ec",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x000a1000",
- "size_of_data": "0x0003b600",
- "entropy": "7.44",
- "raw_address": "0x0009b800",
- "virtual_size": "0x0003b490",
- "characteristics_raw": "0x50000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00091000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000023ae"
- },
- {
- "virtual_address": "0x000a1000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x0003b490"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00096000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000a6ec"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00095000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "feed914a34d3306147b6c89615ebb824",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 16,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.GetDiskFreeSpaceExA",
- "oleaut32.dll.VariantChangeTypeEx",
- "oleaut32.dll.VarNeg",
- "oleaut32.dll.VarNot",
- "oleaut32.dll.VarAdd",
- "oleaut32.dll.VarSub",
- "oleaut32.dll.VarMul",
- "oleaut32.dll.VarDiv",
- "oleaut32.dll.VarIdiv",
- "oleaut32.dll.VarMod",
- "oleaut32.dll.VarAnd",
- "oleaut32.dll.VarOr",
- "oleaut32.dll.VarXor",
- "oleaut32.dll.VarCmp",
- "oleaut32.dll.VarI4FromStr",
- "oleaut32.dll.VarR4FromStr",
- "oleaut32.dll.VarR8FromStr",
- "oleaut32.dll.VarDateFromStr",
- "oleaut32.dll.VarCyFromStr",
- "oleaut32.dll.VarBoolFromStr",
- "oleaut32.dll.VarBstrFromCy",
- "oleaut32.dll.VarBstrFromDate",
- "oleaut32.dll.VarBstrFromBool",
- "user32.dll.GetMonitorInfoA",
- "user32.dll.GetSystemMetrics",
- "user32.dll.EnumDisplayMonitors",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "gdi32.dll.GetTextFaceAliasW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "advapi32.dll.RegEnumKeyExW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "user32.dll.AnimateWindow",
- "comctl32.dll.InitializeFlatSB",
- "comctl32.dll.UninitializeFlatSB",
- "comctl32.dll.FlatSB_GetScrollProp",
- "comctl32.dll.FlatSB_SetScrollProp",
- "comctl32.dll.FlatSB_EnableScrollBar",
- "comctl32.dll.FlatSB_ShowScrollBar",
- "comctl32.dll.FlatSB_GetScrollRange",
- "comctl32.dll.FlatSB_GetScrollInfo",
- "comctl32.dll.FlatSB_GetScrollPos",
- "comctl32.dll.FlatSB_SetScrollPos",
- "comctl32.dll.FlatSB_SetScrollInfo",
- "comctl32.dll.FlatSB_SetScrollRange",
- "user32.dll.SetLayeredWindowAttributes",
- "ole32.dll.CoCreateInstanceEx",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoAddRefServerProcess",
- "ole32.dll.CoReleaseServerProcess",
- "ole32.dll.CoResumeClassObjects",
- "ole32.dll.CoSuspendClassObjects",
- "kernel32.dll.GetModuleHandleW",
- "kernel32.dll.VirtualFree",
- "kernel32.dll.LoadLibraryW",
- "kernel32.dll.SizeofResource",
- "kernel32.dll.GetModuleFileNameW",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.MultiByteToWideChar",
- "kernel32.dll.FlushInstructionCache",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.VirtualAlloc",
- "kernel32.dll.LoadLibraryA",
- "kernel32.dll.GetModuleFileNameA",
- "kernel32.dll.GetModuleHandleA",
- "kernel32.dll.VirtualProtect",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.LoadResource",
- "kernel32.dll.FindResourceW",
- "kernel32.dll.GetProcAddress",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.LCMapStringW",
- "kernel32.dll.LCMapStringA",
- "kernel32.dll.GetStringTypeW",
- "kernel32.dll.GetStringTypeA",
- "kernel32.dll.HeapAlloc",
- "kernel32.dll.GetStartupInfoW",
- "kernel32.dll.DeleteCriticalSection",
- "kernel32.dll.LeaveCriticalSection",
- "kernel32.dll.EnterCriticalSection",
- "kernel32.dll.HeapFree",
- "kernel32.dll.HeapReAlloc",
- "kernel32.dll.HeapCreate",
- "kernel32.dll.Sleep",
- "kernel32.dll.ExitProcess",
- "kernel32.dll.WriteFile",
- "kernel32.dll.GetStdHandle",
- "kernel32.dll.SetUnhandledExceptionFilter",
- "kernel32.dll.FreeEnvironmentStringsW",
- "kernel32.dll.GetEnvironmentStringsW",
- "kernel32.dll.GetCommandLineW",
- "kernel32.dll.SetHandleCount",
- "kernel32.dll.GetFileType",
- "kernel32.dll.GetStartupInfoA",
- "kernel32.dll.TlsGetValue",
- "kernel32.dll.TlsAlloc",
- "kernel32.dll.TlsSetValue",
- "kernel32.dll.TlsFree",
- "kernel32.dll.InterlockedIncrement",
- "kernel32.dll.SetLastError",
- "kernel32.dll.GetCurrentThreadId",
- "kernel32.dll.GetLastError",
- "kernel32.dll.InterlockedDecrement",
- "kernel32.dll.QueryPerformanceCounter",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.GetCurrentProcessId",
- "kernel32.dll.GetSystemTimeAsFileTime",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "kernel32.dll.TerminateProcess",
- "kernel32.dll.UnhandledExceptionFilter",
- "kernel32.dll.IsDebuggerPresent",
- "kernel32.dll.RtlUnwind",
- "kernel32.dll.GetCPInfo",
- "kernel32.dll.GetACP",
- "kernel32.dll.GetOEMCP",
- "kernel32.dll.IsValidCodePage",
- "kernel32.dll.HeapSize",
- "kernel32.dll.GetLocaleInfoA",
- "kernel32.dll.WideCharToMultiByte",
- "psapi.dll.GetModuleInformation",
- "psapi.dll.GetModuleBaseNameW",
- "psapi.dll.EnumProcessModules",
- "shlwapi.dll.StrStrIW",
- "shlwapi.dll.PathFileExistsW",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsFree",
- "mscoree.dll._CorExeMain",
- "kernel32.dll.IsProcessorFeaturePresent",
- "msvcrt.dll._set_error_mode",
- "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
- "kernel32.dll.FindActCtxSectionStringW",
- "kernel32.dll.GetSystemWindowsDirectoryW",
- "mscoree.dll.GetProcessExecutableHeap",
- "kernelbase.dll.InitializeCriticalSectionAndSpinCount",
- "kernel32.dll.ProcessIdToSessionId",
- "imm32.dll.ImmCreateContext",
- "imm32.dll.ImmDestroyContext",
- "imm32.dll.ImmNotifyIME",
- "imm32.dll.ImmAssociateContext",
- "imm32.dll.ImmReleaseContext",
- "imm32.dll.ImmGetContext",
- "imm32.dll.ImmGetCompositionStringA",
- "imm32.dll.ImmSetCompositionStringA",
- "imm32.dll.ImmGetCompositionStringW",
- "imm32.dll.ImmSetCompositionStringW",
- "imm32.dll.ImmSetCandidateWindow",
- "mscorwks.dll.GetCLRFunction",
- "mscoree.dll.IEE",
- "kernel32.dll.QueryActCtxW",
- "shlwapi.dll.UrlIsW",
- "mscorwks.dll.IEE",
- "ntdll.dll.ZwCreateSection",
- "kernel32.dll.MapViewOfFile",
- "kernel32.dll.LoadLibraryExW",
- "mscorwks.dll._CorExeMain",
- "advapi32.dll.RegisterTraceGuidsW",
- "advapi32.dll.UnregisterTraceGuids",
- "advapi32.dll.GetTraceLoggerHandle",
- "advapi32.dll.GetTraceEnableLevel",
- "advapi32.dll.GetTraceEnableFlags",
- "advapi32.dll.TraceEvent",
- "mscoree.dll.GetStartupFlags",
- "mscoree.dll.GetHostConfigurationFile",
- "mscoree.dll.GetCORSystemDirectory",
- "ntdll.dll.RtlUnwind",
- "kernel32.dll.IsWow64Process",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.GetTokenInformation",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.AddAccessAllowedAce",
- "advapi32.dll.FreeSid",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.AddVectoredContinueHandler",
- "kernel32.dll.RemoveVectoredContinueHandler",
- "advapi32.dll.ConvertSidToStringSidW",
- "shell32.dll.SHGetFolderPathW",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.GetWriteWatch",
- "kernel32.dll.ResetWriteWatch",
- "kernel32.dll.CreateMemoryResourceNotification",
- "kernel32.dll.QueryMemoryResourceNotification",
- "mscoree.dll._CorImageUnloading",
- "mscoree.dll._CorValidateImage",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "ole32.dll.CoGetContextToken",
- "kernel32.dll.GetVersionExW",
- "kernel32.dll.GetFullPathNameW",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptReleaseContext",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptImportKey",
- "advapi32.dll.CryptExportKey",
- "advapi32.dll.CryptGenKey",
- "advapi32.dll.CryptGetKeyParam",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptVerifySignatureA",
- "advapi32.dll.CryptSignHashA",
- "advapi32.dll.CryptGetProvParam",
- "advapi32.dll.CryptGetUserKey",
- "advapi32.dll.CryptEnumProvidersA",
- "mscoree.dll.GetMetaDataInternalInterface",
- "mscorwks.dll.GetMetaDataInternalInterface",
- "cryptsp.dll.CryptAcquireContextA",
- "cryptsp.dll.CryptImportKey",
- "cryptsp.dll.CryptCreateHash",
- "cryptsp.dll.CryptHashData",
- "cryptsp.dll.CryptVerifySignatureA",
- "cryptsp.dll.CryptDestroyHash",
- "cryptsp.dll.CryptDestroyKey",
- "mscorjit.dll.getJit",
- "kernel32.dll.GetEnvironmentVariableW",
- "kernel32.dll.SwitchToThread",
- "kernel32.dll.lstrlen",
- "kernel32.dll.lstrlenW",
- "kernel32.dll.GetUserDefaultUILanguage",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.GetFileAttributesExW",
- "bcrypt.dll.BCryptGetFipsAlgorithmMode",
- "cryptsp.dll.CryptAcquireContextW",
- "ole32.dll.CreateBindCtx",
- "ole32.dll.CoGetObjectContext",
- "sechost.dll.LookupAccountNameLocalW",
- "advapi32.dll.LookupAccountSidW",
- "sechost.dll.LookupAccountSidLocalW",
- "cryptsp.dll.CryptGenRandom",
- "ole32.dll.NdrOleInitializeExtension",
- "ole32.dll.CoGetClassObject",
- "ole32.dll.CoGetMarshalSizeMax",
- "ole32.dll.CoMarshalInterface",
- "ole32.dll.CoUnmarshalInterface",
- "ole32.dll.StringFromIID",
- "ole32.dll.CoGetPSClsid",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoTaskMemFree",
- "ole32.dll.CoCreateInstance",
- "ole32.dll.CoReleaseMarshalData",
- "ole32.dll.DcomChannelSetHResult",
- "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
- "ole32.dll.MkParseDisplayName",
- "oleaut32.dll.#2",
- "oleaut32.dll.#6",
- "kernel32.dll.GetThreadPreferredUILanguages",
- "kernel32.dll.SetThreadPreferredUILanguages",
- "kernel32.dll.LocaleNameToLCID",
- "kernel32.dll.GetLocaleInfoEx",
- "kernel32.dll.LCIDToLocaleName",
- "kernel32.dll.GetSystemDefaultLocaleName",
- "ole32.dll.BindMoniker",
- "sxs.dll.SxsOleAut32RedirectTypeLibrary",
- "advapi32.dll.RegOpenKeyW",
- "advapi32.dll.RegEnumKeyW",
- "advapi32.dll.RegQueryValueW",
- "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid",
- "sxs.dll.SxsLookupClrGuid",
- "kernel32.dll.ReleaseActCtx",
- "oleaut32.dll.#9",
- "oleaut32.dll.#4",
- "oleaut32.dll.#283",
- "oleaut32.dll.#284",
- "mscoree.dll.GetTokenForVTableEntry",
- "mscoree.dll.SetTargetForVTableEntry",
- "mscoree.dll.GetTargetForVTableEntry",
- "kernel32.dll.LocalAlloc",
- "oleaut32.dll.VariantInit",
- "oleaut32.dll.VariantClear",
- "oleaut32.dll.#7",
- "kernel32.dll.CreateEventW",
- "kernel32.dll.SetEvent",
- "ole32.dll.CoWaitForMultipleHandles",
- "ole32.dll.IIDFromString",
- "wminet_utils.dll.ResetSecurity",
- "wminet_utils.dll.SetSecurity",
- "wminet_utils.dll.BlessIWbemServices",
- "wminet_utils.dll.BlessIWbemServicesObject",
- "wminet_utils.dll.GetPropertyHandle",
- "wminet_utils.dll.WritePropertyValue",
- "wminet_utils.dll.Clone",
- "wminet_utils.dll.VerifyClientKey",
- "wminet_utils.dll.GetQualifierSet",
- "wminet_utils.dll.Get",
- "wminet_utils.dll.Put",
- "wminet_utils.dll.Delete",
- "wminet_utils.dll.GetNames",
- "wminet_utils.dll.BeginEnumeration",
- "wminet_utils.dll.Next",
- "wminet_utils.dll.EndEnumeration",
- "wminet_utils.dll.GetPropertyQualifierSet",
- "wminet_utils.dll.GetObjectText",
- "wminet_utils.dll.SpawnDerivedClass",
- "wminet_utils.dll.SpawnInstance",
- "wminet_utils.dll.CompareTo",
- "wminet_utils.dll.GetPropertyOrigin",
- "wminet_utils.dll.InheritsFrom",
- "wminet_utils.dll.GetMethod",
- "wminet_utils.dll.PutMethod",
- "wminet_utils.dll.DeleteMethod",
- "wminet_utils.dll.BeginMethodEnumeration",
- "wminet_utils.dll.NextMethod",
- "wminet_utils.dll.EndMethodEnumeration",
- "wminet_utils.dll.GetMethodQualifierSet",
- "wminet_utils.dll.GetMethodOrigin",
- "wminet_utils.dll.QualifierSet_Get",
- "wminet_utils.dll.QualifierSet_Put",
- "wminet_utils.dll.QualifierSet_Delete",
- "wminet_utils.dll.QualifierSet_GetNames",
- "wminet_utils.dll.QualifierSet_BeginEnumeration",
- "wminet_utils.dll.QualifierSet_Next",
- "wminet_utils.dll.QualifierSet_EndEnumeration",
- "wminet_utils.dll.GetCurrentApartmentType",
- "wminet_utils.dll.GetDemultiplexedStub",
- "wminet_utils.dll.CreateInstanceEnumWmi",
- "wminet_utils.dll.CreateClassEnumWmi",
- "wminet_utils.dll.ExecQueryWmi",
- "wminet_utils.dll.ExecNotificationQueryWmi",
- "wminet_utils.dll.PutInstanceWmi",
- "wminet_utils.dll.PutClassWmi",
- "wminet_utils.dll.CloneEnumWbemClassObject",
- "wminet_utils.dll.ConnectServerWmi",
- "ole32.dll.CoUninitialize",
- "oleaut32.dll.#500",
- "oleaut32.dll.SysStringLen",
- "kernel32.dll.RtlZeroMemory",
- "kernel32.dll.RegOpenKeyExW",
- "advapi32.dll.GetUserNameW",
- "kernel32.dll.GetComputerNameW",
- "user32.dll.DefWindowProcW",
- "gdi32.dll.GetStockObject",
- "user32.dll.RegisterClassW",
- "user32.dll.CreateWindowExW",
- "user32.dll.SetWindowLongW",
- "user32.dll.GetWindowLongW",
- "kernel32.dll.GetCurrentThread",
- "kernel32.dll.DuplicateHandle",
- "user32.dll.CallWindowProcW",
- "user32.dll.RegisterWindowMessageW",
- "advapi32.dll.LookupPrivilegeValueW",
- "advapi32.dll.AdjustTokenPrivileges",
- "ntdll.dll.NtQuerySystemInformation",
- "kernel32.dll.CreateIoCompletionPort",
- "kernel32.dll.PostQueuedCompletionStatus",
- "ntdll.dll.NtQueryInformationThread",
- "ntdll.dll.NtGetCurrentProcessorNumber",
- "shfolder.dll.SHGetFolderPathW",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.FindClose",
- "kernel32.dll.FindNextFileW",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.ReadFile",
- "oleaut32.dll.#204",
- "oleaut32.dll.#203",
- "culture.dll.ConvertLangIdToCultureName",
- "mlang.dll.#112",
- "wininet.dll.FindFirstUrlCacheEntryA",
- "kernel32.dll.SetFileInformationByHandle",
- "urlmon.dll.CreateUri",
- "kernel32.dll.InitializeSRWLock",
- "kernel32.dll.AcquireSRWLockExclusive",
- "kernel32.dll.AcquireSRWLockShared",
- "kernel32.dll.ReleaseSRWLockExclusive",
- "kernel32.dll.ReleaseSRWLockShared",
- "wininet.dll.FindNextUrlCacheEntryA",
- "urlmon.dll.CreateIUriBuilder",
- "urlmon.dll.IntlPercentEncodeNormalize",
- "wininet.dll.FindCloseUrlCache",
- "cryptsp.dll.CryptGetHashParam",
- "cryptsp.dll.CryptReleaseContext",
- "vaultcli.dll.VaultEnumerateVaults",
- "user32.dll.GetLastInputInfo",
- "ole32.dll.CLSIDFromProgIDEx",
- "oleaut32.dll.#201",
- "user32.dll.GetClientRect",
- "user32.dll.GetWindowRect",
- "user32.dll.GetParent",
- "ole32.dll.OleInitialize",
- "ole32.dll.CoRegisterMessageFilter",
- "user32.dll.PeekMessageW",
- "user32.dll.WaitMessage",
- "mscoree.dll.ND_RI2",
- "rasapi32.dll.RasEnumConnectionsW",
- "rtutils.dll.TraceRegisterExA",
- "rtutils.dll.TracePrintfExA",
- "sechost.dll.OpenSCManagerW",
- "sechost.dll.OpenServiceW",
- "sechost.dll.QueryServiceStatus",
- "sechost.dll.CloseServiceHandle",
- "ws2_32.dll.WSAStartup",
- "ws2_32.dll.WSASocketW",
- "ws2_32.dll.setsockopt",
- "ws2_32.dll.WSAEventSelect",
- "ws2_32.dll.ioctlsocket",
- "ws2_32.dll.closesocket",
- "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
- "kernel32.dll.LocalFree",
- "kernel32.dll.CreateFileMappingW",
- "kernel32.dll.VirtualQuery",
- "kernel32.dll.ReleaseMutex",
- "advapi32.dll.CreateWellKnownSid",
- "kernel32.dll.CreateMutexW",
- "kernel32.dll.WaitForSingleObject",
- "kernel32.dll.OpenMutexW",
- "kernel32.dll.OpenProcess",
- "kernel32.dll.GetProcessTimes",
- "ws2_32.dll.WSAIoctl",
- "kernel32.dll.FormatMessageW",
- "rasapi32.dll.RasConnectionNotificationW",
- "advapi32.dll.RegOpenCurrentUser",
- "advapi32.dll.RegNotifyChangeKeyValue",
- "sechost.dll.NotifyServiceStatusChangeA",
- "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
- "kernel32.dll.ResetEvent",
- "iphlpapi.dll.GetNetworkParams",
- "dnsapi.dll.DnsQueryConfig",
- "iphlpapi.dll.GetAdaptersAddresses",
- "iphlpapi.dll.GetIpInterfaceEntry",
- "iphlpapi.dll.GetBestInterfaceEx",
- "ws2_32.dll.inet_addr",
- "ws2_32.dll.getaddrinfo",
- "ws2_32.dll.freeaddrinfo",
- "ws2_32.dll.WSAConnect",
- "ws2_32.dll.send",
- "ws2_32.dll.recv",
- "user32.dll.IsWindowUnicode",
- "user32.dll.GetMessageW",
- "user32.dll.TranslateMessage",
- "user32.dll.DispatchMessageW",
- "ws2_32.dll.shutdown",
- "wbemcore.dll.Reinitialize",
- "oleaut32.dll.#12",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "ntmarta.dll.GetMartaExtensionInterface",
- "fastprox.dll.DllGetClassObject",
- "fastprox.dll.DllCanUnloadNow",
- "kernel32.dll.RegQueryValueExW",
- "kernel32.dll.RegCloseKey",
- "oleaut32.dll.#289",
- "oleaut32.dll.#287",
- "oleaut32.dll.#288",
- "oleaut32.dll.#290",
- "oleaut32.dll.#285",
- "wmi.dll.WmiQueryAllDataW",
- "wmi.dll.WmiQuerySingleInstanceW",
- "wmi.dll.WmiSetSingleItemW",
- "wmi.dll.WmiSetSingleInstanceW",
- "wmi.dll.WmiExecuteMethodW",
- "wmi.dll.WmiNotificationRegistrationW",
- "wmi.dll.WmiMofEnumerateResourcesW",
- "wmi.dll.WmiFileHandleToInstanceNameW",
- "wmi.dll.WmiDevInstToInstanceNameW",
- "wmi.dll.WmiQueryGuidInformation",
- "wmi.dll.WmiOpenBlock",
- "wmi.dll.WmiCloseBlock",
- "wmi.dll.WmiFreeBuffer",
- "wmi.dll.WmiEnumerateGuids",
- "oleaut32.dll.#286",
- "advapi32.dll.InitiateSystemShutdownExW",
- "ole32.dll.CLSIDFromOle1Class",
- "clbcatq.dll.GetCatalogObject",
- "clbcatq.dll.GetCatalogObject2",
- "thumbcache.dll.DllGetClassObject",
- "thumbcache.dll.DllCanUnloadNow",
- "propsys.dll.DllGetClassObject",
- "propsys.dll.DllCanUnloadNow",
- "actxprxy.dll.DllGetClassObject",
- "actxprxy.dll.DllCanUnloadNow",
- "kernel32.dll.WerRegisterMemoryBlock",
- "advapi32.dll.CryptAcquireContextW",
- "advapi32.dll.RegCreateKeyExW",
- "shlwapi.dll.PathIsDirectoryW",
- "sspicli.dll.GetUserNameExW",
- "tschannel.dll.DllGetClassObject",
- "tschannel.dll.DllCanUnloadNow",
- "advapi32.dll.RegSetValueExW",
- "shlwapi.dll.PathIsPrefixW",
- "xmllite.dll.CreateXmlReader",
- "advapi32.dll.EventWrite",
- "advapi32.dll.EventRegister",
- "advapi32.dll.EventUnregister",
- "ole32.dll.CoInitializeSecurity",
- "wmisvc.dll.ServiceMain",
- "sechost.dll.RegisterServiceCtrlHandlerExW",
- "sechost.dll.SetServiceStatus",
- "vssapi.dll.CreateWriter",
- "advapi32.dll.LookupAccountNameW",
- "samcli.dll.NetLocalGroupGetMembers",
- "samlib.dll.SamConnect",
- "rpcrt4.dll.NdrClientCall3",
- "rpcrt4.dll.RpcStringBindingComposeW",
- "rpcrt4.dll.RpcBindingFromStringBindingW",
- "rpcrt4.dll.RpcStringFreeW",
- "rpcrt4.dll.RpcBindingFree",
- "samlib.dll.SamOpenDomain",
- "samlib.dll.SamLookupNamesInDomain",
- "samlib.dll.SamOpenAlias",
- "samlib.dll.SamFreeMemory",
- "samlib.dll.SamCloseHandle",
- "samlib.dll.SamGetMembersInAlias",
- "netutils.dll.NetApiBufferFree",
- "ole32.dll.CoCreateGuid",
- "advapi32.dll.RegisterEventSourceW",
- "advapi32.dll.ReportEventW",
- "advapi32.dll.DeregisterEventSource",
- "advapi32.dll.WmiOpenBlock",
- "ole32.dll.StringFromCLSID",
- "propsys.dll.VariantToPropVariant",
- "wbemsvc.dll.DllGetClassObject",
- "wbemsvc.dll.DllCanUnloadNow",
- "authz.dll.AuthzInitializeContextFromToken",
- "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
- "authz.dll.AuthzAccessCheck",
- "authz.dll.AuthzFreeAuditEvent",
- "authz.dll.AuthzFreeContext",
- "authz.dll.AuthzInitializeResourceManager",
- "authz.dll.AuthzFreeResourceManager",
- "rpcrt4.dll.RpcBindingCreateW",
- "rpcrt4.dll.RpcBindingBind",
- "rpcrt4.dll.I_RpcMapWin32Status",
- "kernel32.dll.RegSetValueExW",
- "wmisvc.dll.IsImproperShutdownDetected",
- "wevtapi.dll.EvtRender",
- "wevtapi.dll.EvtNext",
- "wevtapi.dll.EvtClose",
- "wevtapi.dll.EvtQuery",
- "wevtapi.dll.EvtCreateRenderContext",
- "rpcrt4.dll.RpcBindingSetAuthInfoExW",
- "rpcrt4.dll.RpcBindingSetOption",
- "ole32.dll.CoCreateFreeThreadedMarshaler",
- "ole32.dll.CreateStreamOnHGlobal",
- "kernelbase.dll.InitializeAcl",
- "kernelbase.dll.AddAce",
- "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
- "kernel32.dll.IsThreadAFiber",
- "kernel32.dll.OpenProcessToken",
- "kernelbase.dll.GetTokenInformation",
- "kernelbase.dll.DuplicateTokenEx",
- "kernelbase.dll.AdjustTokenPrivileges",
- "kernelbase.dll.AllocateAndInitializeSid",
- "kernelbase.dll.CheckTokenMembership",
- "kernel32.dll.SetThreadToken",
- "ole32.dll.CLSIDFromString",
- "oleaut32.dll.#17",
- "oleaut32.dll.#20",
- "oleaut32.dll.#19",
- "oleaut32.dll.#25",
- "authz.dll.AuthzInitializeContextFromSid",
- "ole32.dll.CoGetCallContext",
- "ole32.dll.CoImpersonateClient",
- "advapi32.dll.OpenThreadToken",
- "ole32.dll.CoRevertToSelf",
- "oleaut32.dll.#8",
- "ole32.dll.CoSwitchCallContext",
- "advapi32.dll.LogonUserExExW",
- "sspicli.dll.LogonUserExExW",
- "winbrand.dll.BrandingLoadString",
- "security.dll.InitSecurityInterfaceW",
- "cryptsp.dll.SystemFunction035",
- "schannel.dll.SpUserModeInitialize",
- "ntdll.dll.RtlInitUnicodeString",
- "ntdll.dll.RtlFreeUnicodeString",
- "ntdll.dll.NtSetSystemEnvironmentValue",
- "ntdll.dll.NtQuerySystemEnvironmentValue",
- "ntdll.dll.NtCreateFile",
- "ntdll.dll.NtQueryDirectoryObject",
- "ntdll.dll.NtQueryObject",
- "ntdll.dll.NtOpenDirectoryObject",
- "ntdll.dll.NtQueryInformationProcess",
- "ntdll.dll.NtQueryInformationToken",
- "ntdll.dll.NtOpenFile",
- "ntdll.dll.NtClose",
- "ntdll.dll.NtFsControlFile",
- "ntdll.dll.NtQueryVolumeInformationFile",
- "netapi32.dll.NetGroupEnum",
- "netapi32.dll.NetGroupGetInfo",
- "netapi32.dll.NetGroupSetInfo",
- "netapi32.dll.NetLocalGroupGetInfo",
- "netapi32.dll.NetLocalGroupSetInfo",
- "netapi32.dll.NetGroupGetUsers",
- "netapi32.dll.NetLocalGroupGetMembers",
- "netapi32.dll.NetLocalGroupEnum",
- "netapi32.dll.NetShareEnum",
- "netapi32.dll.NetShareGetInfo",
- "netapi32.dll.NetShareAdd",
- "netapi32.dll.NetShareEnumSticky",
- "netapi32.dll.NetShareSetInfo",
- "netapi32.dll.NetShareDel",
- "netapi32.dll.NetShareDelSticky",
- "netapi32.dll.NetShareCheck",
- "netapi32.dll.NetUserEnum",
- "netapi32.dll.NetUserGetInfo",
- "netapi32.dll.NetUserSetInfo",
- "netapi32.dll.NetApiBufferFree",
- "netapi32.dll.NetQueryDisplayInformation",
- "netapi32.dll.NetServerSetInfo",
- "netapi32.dll.NetServerGetInfo",
- "netapi32.dll.NetGetDCName",
- "netapi32.dll.NetWkstaGetInfo",
- "netapi32.dll.NetGetAnyDCName",
- "netapi32.dll.NetServerEnum",
- "netapi32.dll.NetUserModalsGet",
- "netapi32.dll.NetScheduleJobAdd",
- "netapi32.dll.NetScheduleJobDel",
- "netapi32.dll.NetScheduleJobEnum",
- "netapi32.dll.NetScheduleJobGetInfo",
- "netapi32.dll.NetUseGetInfo",
- "netapi32.dll.NetEnumerateTrustedDomains",
- "netapi32.dll.DsGetDcNameW",
- "netapi32.dll.DsRoleGetPrimaryDomainInformation",
- "netapi32.dll.DsRoleFreeMemory",
- "netapi32.dll.NetRenameMachineInDomain",
- "netapi32.dll.NetJoinDomain",
- "netapi32.dll.NetUnjoinDomain",
- "wkscli.dll.NetWkstaGetInfo",
- "cscapi.dll.CscNetApiGetInterface",
- "kernel32.dll.GetDiskFreeSpaceExW",
- "kernel32.dll.GetVolumePathNameW",
- "kernel32.dll.CreateToolhelp32Snapshot",
- "kernel32.dll.Thread32First",
- "kernel32.dll.Thread32Next",
- "kernel32.dll.Process32First",
- "kernel32.dll.Process32Next",
- "kernel32.dll.Module32First",
- "kernel32.dll.Module32Next",
- "kernel32.dll.Heap32ListFirst",
- "kernel32.dll.GlobalMemoryStatusEx",
- "kernel32.dll.GetSystemDefaultUILanguage",
- "oleaut32.dll.#15",
- "oleaut32.dll.#26",
- "oleaut32.dll.#150",
- "wtsapi32.dll.WTSEnumerateSessionsW",
- "winsta.dll.WinStationEnumerateW",
- "rpcrt4.dll.I_RpcExceptionFilter",
- "winsta.dll.WinStationFreeMemory",
- "wtsapi32.dll.WTSQuerySessionInformationW",
- "winsta.dll.WinStationQueryInformationW",
- "wtsapi32.dll.WTSFreeMemory",
- "devobj.dll.DevObjCreateDeviceInfoList",
- "devobj.dll.DevObjGetClassDevs",
- "devobj.dll.DevObjEnumDeviceInfo",
- "devobj.dll.DevObjDestroyDeviceInfoList",
- "powrprof.dll.PowerDeterminePlatformRole",
- "oleaut32.dll.#23",
- "oleaut32.dll.#24",
- "oleaut32.dll.#16",
- "ntdll.dll.EtwUnregisterTraceGuids"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DeleteCriticalSection",
- "address": "0x491154"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x491158"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x49115c"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x491160"
- },
- {
- "name": "VirtualFree",
- "address": "0x491164"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x491168"
- },
- {
- "name": "LocalFree",
- "address": "0x49116c"
- },
- {
- "name": "LocalAlloc",
- "address": "0x491170"
- },
- {
- "name": "GetVersion",
- "address": "0x491174"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x491178"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x49117c"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x491180"
- },
- {
- "name": "VirtualQuery",
- "address": "0x491184"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x491188"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x49118c"
- },
- {
- "name": "lstrlenA",
- "address": "0x491190"
- },
- {
- "name": "lstrcpynA",
- "address": "0x491194"
- },
- {
- "name": "LoadLibraryExA",
- "address": "0x491198"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x49119c"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x4911a0"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4911a4"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x4911a8"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x4911ac"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x4911b0"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x4911b4"
- },
- {
- "name": "FreeLibrary",
- "address": "0x4911b8"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x4911bc"
- },
- {
- "name": "FindClose",
- "address": "0x4911c0"
- },
- {
- "name": "ExitProcess",
- "address": "0x4911c4"
- },
- {
- "name": "WriteFile",
- "address": "0x4911c8"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x4911cc"
- },
- {
- "name": "RtlUnwind",
- "address": "0x4911d0"
- },
- {
- "name": "RaiseException",
- "address": "0x4911d4"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4911d8"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "GetKeyboardType",
- "address": "0x4911e0"
- },
- {
- "name": "LoadStringA",
- "address": "0x4911e4"
- },
- {
- "name": "MessageBoxA",
- "address": "0x4911e8"
- },
- {
- "name": "CharNextA",
- "address": "0x4911ec"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x4911f4"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x4911f8"
- },
- {
- "name": "RegCloseKey",
- "address": "0x4911fc"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "SysFreeString",
- "address": "0x491204"
- },
- {
- "name": "SysReAllocStringLen",
- "address": "0x491208"
- },
- {
- "name": "SysAllocStringLen",
- "address": "0x49120c"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "TlsSetValue",
- "address": "0x491214"
- },
- {
- "name": "TlsGetValue",
- "address": "0x491218"
- },
- {
- "name": "LocalAlloc",
- "address": "0x49121c"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x491220"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "RegQueryValueExA",
- "address": "0x491228"
- },
- {
- "name": "RegOpenKeyExA",
- "address": "0x49122c"
- },
- {
- "name": "RegCloseKey",
- "address": "0x491230"
- }
- ],
- "dll": "advapi32.dll"
- },
- {
- "imports": [
- {
- "name": "lstrcpyA",
- "address": "0x491238"
- },
- {
- "name": "WriteFile",
- "address": "0x49123c"
- },
- {
- "name": "WaitForSingleObject",
- "address": "0x491240"
- },
- {
- "name": "VirtualQuery",
- "address": "0x491244"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x491248"
- },
- {
- "name": "Sleep",
- "address": "0x49124c"
- },
- {
- "name": "SizeofResource",
- "address": "0x491250"
- },
- {
- "name": "SetThreadLocale",
- "address": "0x491254"
- },
- {
- "name": "SetFilePointer",
- "address": "0x491258"
- },
- {
- "name": "SetEvent",
- "address": "0x49125c"
- },
- {
- "name": "SetErrorMode",
- "address": "0x491260"
- },
- {
- "name": "SetEndOfFile",
- "address": "0x491264"
- },
- {
- "name": "ResetEvent",
- "address": "0x491268"
- },
- {
- "name": "ReadFile",
- "address": "0x49126c"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x491270"
- },
- {
- "name": "MulDiv",
- "address": "0x491274"
- },
- {
- "name": "LockResource",
- "address": "0x491278"
- },
- {
- "name": "LoadResource",
- "address": "0x49127c"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x491280"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x491284"
- },
- {
- "name": "InitializeCriticalSection",
- "address": "0x491288"
- },
- {
- "name": "GlobalUnlock",
- "address": "0x49128c"
- },
- {
- "name": "GlobalReAlloc",
- "address": "0x491290"
- },
- {
- "name": "GlobalHandle",
- "address": "0x491294"
- },
- {
- "name": "GlobalLock",
- "address": "0x491298"
- },
- {
- "name": "GlobalFree",
- "address": "0x49129c"
- },
- {
- "name": "GlobalFindAtomA",
- "address": "0x4912a0"
- },
- {
- "name": "GlobalDeleteAtom",
- "address": "0x4912a4"
- },
- {
- "name": "GlobalAlloc",
- "address": "0x4912a8"
- },
- {
- "name": "GlobalAddAtomA",
- "address": "0x4912ac"
- },
- {
- "name": "GetVersionExA",
- "address": "0x4912b0"
- },
- {
- "name": "GetVersion",
- "address": "0x4912b4"
- },
- {
- "name": "GetTickCount",
- "address": "0x4912b8"
- },
- {
- "name": "GetThreadLocale",
- "address": "0x4912bc"
- },
- {
- "name": "GetSystemInfo",
- "address": "0x4912c0"
- },
- {
- "name": "GetStringTypeExA",
- "address": "0x4912c4"
- },
- {
- "name": "GetStdHandle",
- "address": "0x4912c8"
- },
- {
- "name": "GetProcAddress",
- "address": "0x4912cc"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x4912d0"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x4912d4"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x4912d8"
- },
- {
- "name": "GetLocalTime",
- "address": "0x4912dc"
- },
- {
- "name": "GetLastError",
- "address": "0x4912e0"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x4912e4"
- },
- {
- "name": "GetFileAttributesA",
- "address": "0x4912e8"
- },
- {
- "name": "GetDiskFreeSpaceA",
- "address": "0x4912ec"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x4912f0"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x4912f4"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x4912f8"
- },
- {
- "name": "GetCPInfo",
- "address": "0x4912fc"
- },
- {
- "name": "GetACP",
- "address": "0x491300"
- },
- {
- "name": "FreeResource",
- "address": "0x491304"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x491308"
- },
- {
- "name": "FreeLibrary",
- "address": "0x49130c"
- },
- {
- "name": "FormatMessageA",
- "address": "0x491310"
- },
- {
- "name": "FindResourceA",
- "address": "0x491314"
- },
- {
- "name": "FindFirstFileA",
- "address": "0x491318"
- },
- {
- "name": "FindClose",
- "address": "0x49131c"
- },
- {
- "name": "FileTimeToLocalFileTime",
- "address": "0x491320"
- },
- {
- "name": "FileTimeToDosDateTime",
- "address": "0x491324"
- },
- {
- "name": "EnumCalendarInfoA",
- "address": "0x491328"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x49132c"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x491330"
- },
- {
- "name": "CreateThread",
- "address": "0x491334"
- },
- {
- "name": "CreateFileA",
- "address": "0x491338"
- },
- {
- "name": "CreateEventA",
- "address": "0x49133c"
- },
- {
- "name": "CompareStringA",
- "address": "0x491340"
- },
- {
- "name": "CloseHandle",
- "address": "0x491344"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "VerQueryValueA",
- "address": "0x49134c"
- },
- {
- "name": "GetFileVersionInfoSizeA",
- "address": "0x491350"
- },
- {
- "name": "GetFileVersionInfoA",
- "address": "0x491354"
- }
- ],
- "dll": "version.dll"
- },
- {
- "imports": [
- {
- "name": "UnrealizeObject",
- "address": "0x49135c"
- },
- {
- "name": "StretchBlt",
- "address": "0x491360"
- },
- {
- "name": "SetWindowOrgEx",
- "address": "0x491364"
- },
- {
- "name": "SetWinMetaFileBits",
- "address": "0x491368"
- },
- {
- "name": "SetViewportOrgEx",
- "address": "0x49136c"
- },
- {
- "name": "SetTextCharacterExtra",
- "address": "0x491370"
- },
- {
- "name": "SetTextColor",
- "address": "0x491374"
- },
- {
- "name": "SetStretchBltMode",
- "address": "0x491378"
- },
- {
- "name": "SetROP2",
- "address": "0x49137c"
- },
- {
- "name": "SetPixel",
- "address": "0x491380"
- },
- {
- "name": "SetEnhMetaFileBits",
- "address": "0x491384"
- },
- {
- "name": "SetDIBColorTable",
- "address": "0x491388"
- },
- {
- "name": "SetBrushOrgEx",
- "address": "0x49138c"
- },
- {
- "name": "SetBkMode",
- "address": "0x491390"
- },
- {
- "name": "SetBkColor",
- "address": "0x491394"
- },
- {
- "name": "SelectPalette",
- "address": "0x491398"
- },
- {
- "name": "SelectObject",
- "address": "0x49139c"
- },
- {
- "name": "SelectClipRgn",
- "address": "0x4913a0"
- },
- {
- "name": "ScaleWindowExtEx",
- "address": "0x4913a4"
- },
- {
- "name": "SaveDC",
- "address": "0x4913a8"
- },
- {
- "name": "RestoreDC",
- "address": "0x4913ac"
- },
- {
- "name": "Rectangle",
- "address": "0x4913b0"
- },
- {
- "name": "RectVisible",
- "address": "0x4913b4"
- },
- {
- "name": "RealizePalette",
- "address": "0x4913b8"
- },
- {
- "name": "Polyline",
- "address": "0x4913bc"
- },
- {
- "name": "PlayEnhMetaFile",
- "address": "0x4913c0"
- },
- {
- "name": "PatBlt",
- "address": "0x4913c4"
- },
- {
- "name": "MoveToEx",
- "address": "0x4913c8"
- },
- {
- "name": "MaskBlt",
- "address": "0x4913cc"
- },
- {
- "name": "LineTo",
- "address": "0x4913d0"
- },
- {
- "name": "IntersectClipRect",
- "address": "0x4913d4"
- },
- {
- "name": "GetWindowOrgEx",
- "address": "0x4913d8"
- },
- {
- "name": "GetWinMetaFileBits",
- "address": "0x4913dc"
- },
- {
- "name": "GetTextMetricsA",
- "address": "0x4913e0"
- },
- {
- "name": "GetTextExtentPointA",
- "address": "0x4913e4"
- },
- {
- "name": "GetTextExtentPoint32A",
- "address": "0x4913e8"
- },
- {
- "name": "GetSystemPaletteEntries",
- "address": "0x4913ec"
- },
- {
- "name": "GetStockObject",
- "address": "0x4913f0"
- },
- {
- "name": "GetPixel",
- "address": "0x4913f4"
- },
- {
- "name": "GetPaletteEntries",
- "address": "0x4913f8"
- },
- {
- "name": "GetObjectA",
- "address": "0x4913fc"
- },
- {
- "name": "GetEnhMetaFilePaletteEntries",
- "address": "0x491400"
- },
- {
- "name": "GetEnhMetaFileHeader",
- "address": "0x491404"
- },
- {
- "name": "GetEnhMetaFileBits",
- "address": "0x491408"
- },
- {
- "name": "GetDeviceCaps",
- "address": "0x49140c"
- },
- {
- "name": "GetDIBits",
- "address": "0x491410"
- },
- {
- "name": "GetDIBColorTable",
- "address": "0x491414"
- },
- {
- "name": "GetDCOrgEx",
- "address": "0x491418"
- },
- {
- "name": "GetCurrentPositionEx",
- "address": "0x49141c"
- },
- {
- "name": "GetClipRgn",
- "address": "0x491420"
- },
- {
- "name": "GetClipBox",
- "address": "0x491424"
- },
- {
- "name": "GetBrushOrgEx",
- "address": "0x491428"
- },
- {
- "name": "GetBitmapBits",
- "address": "0x49142c"
- },
- {
- "name": "ExcludeClipRect",
- "address": "0x491430"
- },
- {
- "name": "DeleteObject",
- "address": "0x491434"
- },
- {
- "name": "DeleteEnhMetaFile",
- "address": "0x491438"
- },
- {
- "name": "DeleteDC",
- "address": "0x49143c"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x491440"
- },
- {
- "name": "CreateRectRgn",
- "address": "0x491444"
- },
- {
- "name": "CreatePenIndirect",
- "address": "0x491448"
- },
- {
- "name": "CreatePalette",
- "address": "0x49144c"
- },
- {
- "name": "CreateHalftonePalette",
- "address": "0x491450"
- },
- {
- "name": "CreateFontIndirectA",
- "address": "0x491454"
- },
- {
- "name": "CreateDIBitmap",
- "address": "0x491458"
- },
- {
- "name": "CreateDIBSection",
- "address": "0x49145c"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x491460"
- },
- {
- "name": "CreateCompatibleBitmap",
- "address": "0x491464"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x491468"
- },
- {
- "name": "CreateBitmap",
- "address": "0x49146c"
- },
- {
- "name": "CopyEnhMetaFileA",
- "address": "0x491470"
- },
- {
- "name": "BitBlt",
- "address": "0x491474"
- }
- ],
- "dll": "gdi32.dll"
- },
- {
- "imports": [
- {
- "name": "CreateWindowExA",
- "address": "0x49147c"
- },
- {
- "name": "WindowFromPoint",
- "address": "0x491480"
- },
- {
- "name": "WinHelpA",
- "address": "0x491484"
- },
- {
- "name": "WaitMessage",
- "address": "0x491488"
- },
- {
- "name": "UpdateWindow",
- "address": "0x49148c"
- },
- {
- "name": "UnregisterClassA",
- "address": "0x491490"
- },
- {
- "name": "UnhookWindowsHookEx",
- "address": "0x491494"
- },
- {
- "name": "TranslateMessage",
- "address": "0x491498"
- },
- {
- "name": "TranslateMDISysAccel",
- "address": "0x49149c"
- },
- {
- "name": "TrackPopupMenu",
- "address": "0x4914a0"
- },
- {
- "name": "SystemParametersInfoA",
- "address": "0x4914a4"
- },
- {
- "name": "ShowWindow",
- "address": "0x4914a8"
- },
- {
- "name": "ShowScrollBar",
- "address": "0x4914ac"
- },
- {
- "name": "ShowOwnedPopups",
- "address": "0x4914b0"
- },
- {
- "name": "ShowCursor",
- "address": "0x4914b4"
- },
- {
- "name": "SetWindowsHookExA",
- "address": "0x4914b8"
- },
- {
- "name": "SetWindowTextA",
- "address": "0x4914bc"
- },
- {
- "name": "SetWindowPos",
- "address": "0x4914c0"
- },
- {
- "name": "SetWindowPlacement",
- "address": "0x4914c4"
- },
- {
- "name": "SetWindowLongA",
- "address": "0x4914c8"
- },
- {
- "name": "SetTimer",
- "address": "0x4914cc"
- },
- {
- "name": "SetScrollRange",
- "address": "0x4914d0"
- },
- {
- "name": "SetScrollPos",
- "address": "0x4914d4"
- },
- {
- "name": "SetScrollInfo",
- "address": "0x4914d8"
- },
- {
- "name": "SetRect",
- "address": "0x4914dc"
- },
- {
- "name": "SetPropA",
- "address": "0x4914e0"
- },
- {
- "name": "SetParent",
- "address": "0x4914e4"
- },
- {
- "name": "SetMenuItemInfoA",
- "address": "0x4914e8"
- },
- {
- "name": "SetMenu",
- "address": "0x4914ec"
- },
- {
- "name": "SetForegroundWindow",
- "address": "0x4914f0"
- },
- {
- "name": "SetFocus",
- "address": "0x4914f4"
- },
- {
- "name": "SetCursor",
- "address": "0x4914f8"
- },
- {
- "name": "SetClipboardData",
- "address": "0x4914fc"
- },
- {
- "name": "SetClassLongA",
- "address": "0x491500"
- },
- {
- "name": "SetCapture",
- "address": "0x491504"
- },
- {
- "name": "SetActiveWindow",
- "address": "0x491508"
- },
- {
- "name": "SendMessageA",
- "address": "0x49150c"
- },
- {
- "name": "ScrollWindow",
- "address": "0x491510"
- },
- {
- "name": "ScreenToClient",
- "address": "0x491514"
- },
- {
- "name": "RemovePropA",
- "address": "0x491518"
- },
- {
- "name": "RemoveMenu",
- "address": "0x49151c"
- },
- {
- "name": "ReleaseDC",
- "address": "0x491520"
- },
- {
- "name": "ReleaseCapture",
- "address": "0x491524"
- },
- {
- "name": "RegisterWindowMessageA",
- "address": "0x491528"
- },
- {
- "name": "RegisterClipboardFormatA",
- "address": "0x49152c"
- },
- {
- "name": "RegisterClassA",
- "address": "0x491530"
- },
- {
- "name": "RedrawWindow",
- "address": "0x491534"
- },
- {
- "name": "PtInRect",
- "address": "0x491538"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x49153c"
- },
- {
- "name": "PostMessageA",
- "address": "0x491540"
- },
- {
- "name": "PeekMessageA",
- "address": "0x491544"
- },
- {
- "name": "OpenClipboard",
- "address": "0x491548"
- },
- {
- "name": "OffsetRect",
- "address": "0x49154c"
- },
- {
- "name": "OemToCharA",
- "address": "0x491550"
- },
- {
- "name": "MessageBoxA",
- "address": "0x491554"
- },
- {
- "name": "MessageBeep",
- "address": "0x491558"
- },
- {
- "name": "MapWindowPoints",
- "address": "0x49155c"
- },
- {
- "name": "MapVirtualKeyA",
- "address": "0x491560"
- },
- {
- "name": "LoadStringA",
- "address": "0x491564"
- },
- {
- "name": "LoadKeyboardLayoutA",
- "address": "0x491568"
- },
- {
- "name": "LoadIconA",
- "address": "0x49156c"
- },
- {
- "name": "LoadCursorA",
- "address": "0x491570"
- },
- {
- "name": "LoadBitmapA",
- "address": "0x491574"
- },
- {
- "name": "KillTimer",
- "address": "0x491578"
- },
- {
- "name": "IsZoomed",
- "address": "0x49157c"
- },
- {
- "name": "IsWindowVisible",
- "address": "0x491580"
- },
- {
- "name": "IsWindowEnabled",
- "address": "0x491584"
- },
- {
- "name": "IsWindow",
- "address": "0x491588"
- },
- {
- "name": "IsRectEmpty",
- "address": "0x49158c"
- },
- {
- "name": "IsIconic",
- "address": "0x491590"
- },
- {
- "name": "IsDialogMessageA",
- "address": "0x491594"
- },
- {
- "name": "IsChild",
- "address": "0x491598"
- },
- {
- "name": "InvalidateRect",
- "address": "0x49159c"
- },
- {
- "name": "IntersectRect",
- "address": "0x4915a0"
- },
- {
- "name": "InsertMenuItemA",
- "address": "0x4915a4"
- },
- {
- "name": "InsertMenuA",
- "address": "0x4915a8"
- },
- {
- "name": "InflateRect",
- "address": "0x4915ac"
- },
- {
- "name": "GetWindowThreadProcessId",
- "address": "0x4915b0"
- },
- {
- "name": "GetWindowTextA",
- "address": "0x4915b4"
- },
- {
- "name": "GetWindowRect",
- "address": "0x4915b8"
- },
- {
- "name": "GetWindowPlacement",
- "address": "0x4915bc"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x4915c0"
- },
- {
- "name": "GetWindowDC",
- "address": "0x4915c4"
- },
- {
- "name": "GetTopWindow",
- "address": "0x4915c8"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x4915cc"
- },
- {
- "name": "GetSystemMenu",
- "address": "0x4915d0"
- },
- {
- "name": "GetSysColorBrush",
- "address": "0x4915d4"
- },
- {
- "name": "GetSysColor",
- "address": "0x4915d8"
- },
- {
- "name": "GetSubMenu",
- "address": "0x4915dc"
- },
- {
- "name": "GetScrollRange",
- "address": "0x4915e0"
- },
- {
- "name": "GetScrollPos",
- "address": "0x4915e4"
- },
- {
- "name": "GetScrollInfo",
- "address": "0x4915e8"
- },
- {
- "name": "GetPropA",
- "address": "0x4915ec"
- },
- {
- "name": "GetParent",
- "address": "0x4915f0"
- },
- {
- "name": "GetWindow",
- "address": "0x4915f4"
- },
- {
- "name": "GetMenuStringA",
- "address": "0x4915f8"
- },
- {
- "name": "GetMenuState",
- "address": "0x4915fc"
- },
- {
- "name": "GetMenuItemInfoA",
- "address": "0x491600"
- },
- {
- "name": "GetMenuItemID",
- "address": "0x491604"
- },
- {
- "name": "GetMenuItemCount",
- "address": "0x491608"
- },
- {
- "name": "GetMenu",
- "address": "0x49160c"
- },
- {
- "name": "GetLastActivePopup",
- "address": "0x491610"
- },
- {
- "name": "GetKeyboardState",
- "address": "0x491614"
- },
- {
- "name": "GetKeyboardLayoutList",
- "address": "0x491618"
- },
- {
- "name": "GetKeyboardLayout",
- "address": "0x49161c"
- },
- {
- "name": "GetKeyState",
- "address": "0x491620"
- },
- {
- "name": "GetKeyNameTextA",
- "address": "0x491624"
- },
- {
- "name": "GetIconInfo",
- "address": "0x491628"
- },
- {
- "name": "GetForegroundWindow",
- "address": "0x49162c"
- },
- {
- "name": "GetFocus",
- "address": "0x491630"
- },
- {
- "name": "GetDlgItem",
- "address": "0x491634"
- },
- {
- "name": "GetDesktopWindow",
- "address": "0x491638"
- },
- {
- "name": "GetDCEx",
- "address": "0x49163c"
- },
- {
- "name": "GetDC",
- "address": "0x491640"
- },
- {
- "name": "GetCursorPos",
- "address": "0x491644"
- },
- {
- "name": "GetCursor",
- "address": "0x491648"
- },
- {
- "name": "GetClipboardData",
- "address": "0x49164c"
- },
- {
- "name": "GetClientRect",
- "address": "0x491650"
- },
- {
- "name": "GetClassNameA",
- "address": "0x491654"
- },
- {
- "name": "GetClassInfoA",
- "address": "0x491658"
- },
- {
- "name": "GetCapture",
- "address": "0x49165c"
- },
- {
- "name": "GetActiveWindow",
- "address": "0x491660"
- },
- {
- "name": "FrameRect",
- "address": "0x491664"
- },
- {
- "name": "FindWindowA",
- "address": "0x491668"
- },
- {
- "name": "FillRect",
- "address": "0x49166c"
- },
- {
- "name": "EqualRect",
- "address": "0x491670"
- },
- {
- "name": "EnumWindows",
- "address": "0x491674"
- },
- {
- "name": "EnumThreadWindows",
- "address": "0x491678"
- },
- {
- "name": "EndPaint",
- "address": "0x49167c"
- },
- {
- "name": "EnableWindow",
- "address": "0x491680"
- },
- {
- "name": "EnableScrollBar",
- "address": "0x491684"
- },
- {
- "name": "EnableMenuItem",
- "address": "0x491688"
- },
- {
- "name": "EmptyClipboard",
- "address": "0x49168c"
- },
- {
- "name": "DrawTextA",
- "address": "0x491690"
- },
- {
- "name": "DrawMenuBar",
- "address": "0x491694"
- },
- {
- "name": "DrawIconEx",
- "address": "0x491698"
- },
- {
- "name": "DrawIcon",
- "address": "0x49169c"
- },
- {
- "name": "DrawFrameControl",
- "address": "0x4916a0"
- },
- {
- "name": "DrawFocusRect",
- "address": "0x4916a4"
- },
- {
- "name": "DrawEdge",
- "address": "0x4916a8"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4916ac"
- },
- {
- "name": "DestroyWindow",
- "address": "0x4916b0"
- },
- {
- "name": "DestroyMenu",
- "address": "0x4916b4"
- },
- {
- "name": "DestroyIcon",
- "address": "0x4916b8"
- },
- {
- "name": "DestroyCursor",
- "address": "0x4916bc"
- },
- {
- "name": "DeleteMenu",
- "address": "0x4916c0"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x4916c4"
- },
- {
- "name": "DefMDIChildProcA",
- "address": "0x4916c8"
- },
- {
- "name": "DefFrameProcA",
- "address": "0x4916cc"
- },
- {
- "name": "CreatePopupMenu",
- "address": "0x4916d0"
- },
- {
- "name": "CreateMenu",
- "address": "0x4916d4"
- },
- {
- "name": "CreateIcon",
- "address": "0x4916d8"
- },
- {
- "name": "CloseClipboard",
- "address": "0x4916dc"
- },
- {
- "name": "ClientToScreen",
- "address": "0x4916e0"
- },
- {
- "name": "CheckMenuItem",
- "address": "0x4916e4"
- },
- {
- "name": "CallWindowProcA",
- "address": "0x4916e8"
- },
- {
- "name": "CallNextHookEx",
- "address": "0x4916ec"
- },
- {
- "name": "BeginPaint",
- "address": "0x4916f0"
- },
- {
- "name": "CharNextA",
- "address": "0x4916f4"
- },
- {
- "name": "CharLowerBuffA",
- "address": "0x4916f8"
- },
- {
- "name": "CharLowerA",
- "address": "0x4916fc"
- },
- {
- "name": "CharUpperBuffA",
- "address": "0x491700"
- },
- {
- "name": "CharToOemA",
- "address": "0x491704"
- },
- {
- "name": "AdjustWindowRectEx",
- "address": "0x491708"
- },
- {
- "name": "ActivateKeyboardLayout",
- "address": "0x49170c"
- }
- ],
- "dll": "user32.dll"
- },
- {
- "imports": [
- {
- "name": "Sleep",
- "address": "0x491714"
- }
- ],
- "dll": "kernel32.dll"
- },
- {
- "imports": [
- {
- "name": "SafeArrayPtrOfIndex",
- "address": "0x49171c"
- },
- {
- "name": "SafeArrayPutElement",
- "address": "0x491720"
- },
- {
- "name": "SafeArrayGetElement",
- "address": "0x491724"
- },
- {
- "name": "SafeArrayUnaccessData",
- "address": "0x491728"
- },
- {
- "name": "SafeArrayAccessData",
- "address": "0x49172c"
- },
- {
- "name": "SafeArrayGetUBound",
- "address": "0x491730"
- },
- {
- "name": "SafeArrayGetLBound",
- "address": "0x491734"
- },
- {
- "name": "SafeArrayCreate",
- "address": "0x491738"
- },
- {
- "name": "VariantChangeType",
- "address": "0x49173c"
- },
- {
- "name": "VariantCopyInd",
- "address": "0x491740"
- },
- {
- "name": "VariantCopy",
- "address": "0x491744"
- },
- {
- "name": "VariantClear",
- "address": "0x491748"
- },
- {
- "name": "VariantInit",
- "address": "0x49174c"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "CoUninitialize",
- "address": "0x491754"
- },
- {
- "name": "CoInitialize",
- "address": "0x491758"
- }
- ],
- "dll": "ole32.dll"
- },
- {
- "imports": [
- {
- "name": "GetErrorInfo",
- "address": "0x491760"
- },
- {
- "name": "SysFreeString",
- "address": "0x491764"
- }
- ],
- "dll": "oleaut32.dll"
- },
- {
- "imports": [
- {
- "name": "ImageList_SetIconSize",
- "address": "0x49176c"
- },
- {
- "name": "ImageList_GetIconSize",
- "address": "0x491770"
- },
- {
- "name": "ImageList_Write",
- "address": "0x491774"
- },
- {
- "name": "ImageList_Read",
- "address": "0x491778"
- },
- {
- "name": "ImageList_GetDragImage",
- "address": "0x49177c"
- },
- {
- "name": "ImageList_DragShowNolock",
- "address": "0x491780"
- },
- {
- "name": "ImageList_SetDragCursorImage",
- "address": "0x491784"
- },
- {
- "name": "ImageList_DragMove",
- "address": "0x491788"
- },
- {
- "name": "ImageList_DragLeave",
- "address": "0x49178c"
- },
- {
- "name": "ImageList_DragEnter",
- "address": "0x491790"
- },
- {
- "name": "ImageList_EndDrag",
- "address": "0x491794"
- },
- {
- "name": "ImageList_BeginDrag",
- "address": "0x491798"
- },
- {
- "name": "ImageList_Remove",
- "address": "0x49179c"
- },
- {
- "name": "ImageList_DrawEx",
- "address": "0x4917a0"
- },
- {
- "name": "ImageList_Replace",
- "address": "0x4917a4"
- },
- {
- "name": "ImageList_Draw",
- "address": "0x4917a8"
- },
- {
- "name": "ImageList_GetBkColor",
- "address": "0x4917ac"
- },
- {
- "name": "ImageList_SetBkColor",
- "address": "0x4917b0"
- },
- {
- "name": "ImageList_ReplaceIcon",
- "address": "0x4917b4"
- },
- {
- "name": "ImageList_Add",
- "address": "0x4917b8"
- },
- {
- "name": "ImageList_GetImageCount",
- "address": "0x4917bc"
- },
- {
- "name": "ImageList_Destroy",
- "address": "0x4917c0"
- },
- {
- "name": "ImageList_Create",
- "address": "0x4917c4"
- }
- ],
- "dll": "comctl32.dll"
- },
- {
- "imports": [
- {
- "name": "GetOpenFileNameA",
- "address": "0x4917cc"
- }
- ],
- "dll": "comdlg32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000dcd48",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x00000000",
- "icon_hash": null,
- "entrypoint": "0x00485b04",
- "timestamp": "1992-03-24 09:15:18",
- "osversion": "4.0",
- "sections": [
- {
- "name": "CODE",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00084c00",
- "entropy": "6.54",
- "raw_address": "0x00000400",
- "virtual_size": "0x00084b4c",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": "DATA",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00086000",
- "size_of_data": "0x00009a00",
- "entropy": "5.00",
- "raw_address": "0x00085000",
- "virtual_size": "0x00009880",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": "BSS",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00090000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x0008ea00",
- "virtual_size": "0x00000d9d",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".idata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00091000",
- "size_of_data": "0x00002400",
- "entropy": "5.02",
- "raw_address": "0x0008ea00",
- "virtual_size": "0x000023ae",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".tls",
- "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00094000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00090e00",
- "virtual_size": "0x00000010",
- "characteristics_raw": "0xc0000000"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00095000",
- "size_of_data": "0x00000200",
- "entropy": "0.21",
- "raw_address": "0x00090e00",
- "virtual_size": "0x00000018",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".reloc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00096000",
- "size_of_data": "0x0000a800",
- "entropy": "6.62",
- "raw_address": "0x00091000",
- "virtual_size": "0x0000a6ec",
- "characteristics_raw": "0x50000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x000a1000",
- "size_of_data": "0x0003b600",
- "entropy": "7.44",
- "raw_address": "0x0009b800",
- "virtual_size": "0x0003b490",
- "characteristics_raw": "0x50000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00091000",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x000023ae"
- },
- {
- "virtual_address": "0x000a1000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x0003b490"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00096000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x0000a6ec"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00095000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000018"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "feed914a34d3306147b6c89615ebb824",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 16,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment