Exes_d2ace31e89059d60ea1ee0b49942d270_exe.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_d2ace31e89059d60ea1ee0b49942d270.exe"
7. [*] File Size: 680960
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "8c441c624a201b3bc653d4eb83802223f35e33ccd7c76e9c62fa288e60092dae"
10. [*] MD5: "d2ace31e89059d60ea1ee0b49942d270"
11. [*] SHA1: "bd7793aa52b00456c9d1ca2d168ad874fddbbb23"
12. [*] SHA512: "374397c7f0bf053429bc29017ffa84303be8b26016f2bf8c59dcdcfbf0eac9c142079b399789059a57967c335953cdc4f60dc66ea866c3f9fbe32d45201504a6"
13. [*] CRC32: "BB248382"
14. [*] SSDEEP: "12288:tf2d5HKavsCGkOLlrLC8g0tUpnBhi6jID+zhzynXhxb4NDeC7NTx6+:8DBk5lrhgXTi4heXLaCsN96+"
15.  
16. [*] Process Execution: [
17. "Exes_d2ace31e89059d60ea1ee0b49942d270.exe",
18. "Exes_d2ace31e89059d60ea1ee0b49942d270.exe",
19. "services.exe",
20. "svchost.exe",
21. "WmiPrvSE.exe",
22. "svchost.exe",
23. "WMIADAP.exe",
24. "lsass.exe",
25. "taskhost.exe",
26. "taskhost.exe",
27. "svchost.exe",
28. "WerFault.exe",
29. "wermgr.exe"
30. ]
31.  
32. [*] Signatures Detected: [
33. {
34. "Description": "At least one process apparently crashed during execution",
35. "Details": []
36. },
37. {
38. "Description": "Creates RWX memory",
39. "Details": []
40. },
41. {
42. "Description": "A process attempted to delay the analysis task.",
43. "Details": [
44. {
45. "Process": "Exes_d2ace31e89059d60ea1ee0b49942d270.exe tried to sleep 1273 seconds, actually delayed analysis time by 0 seconds"
46. }
47. ]
48. },
49. {
50. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
51. "Details": [
52. {
53. "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
54. },
55. {
56. "suspicious_request": "http://checkip.amazonaws.com/"
57. }
58. ]
59. },
60. {
61. "Description": "Performs some HTTP requests",
62. "Details": [
63. {
64. "url": "http://checkip.amazonaws.com/"
65. }
66. ]
67. },
68. {
69. "Description": "The binary likely contains encrypted or compressed data.",
70. "Details": [
71. {
72. "section": "name: .rsrc, entropy: 7.58, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ, raw_size: 0x00039c00, virtual_size: 0x00039a98"
73. }
74. ]
75. },
76. {
77. "Description": "Executed a process and injected code into it, probably while unpacking",
78. "Details": [
79. {
80. "Injection": "Exes_d2ace31e89059d60ea1ee0b49942d270.exe(2876) -> Exes_d2ace31e89059d60ea1ee0b49942d270.exe(968)"
81. }
82. ]
83. },
84. {
85. "Description": "Attempts to restart the guest VM",
86. "Details": []
87. },
88. {
89. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
90. "Details": [
91. {
92. "Spam": "services.exe (504) called API GetSystemTimeAsFileTime 15819638 times"
93. }
94. ]
95. },
96. {
97. "Description": "Steals private information from local Internet browsers",
98. "Details": [
99. {
100. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
101. }
102. ]
103. },
104. {
105. "Description": "Retrieves Windows ProductID, probably to fingerprint the sandbox",
106. "Details": []
107. },
108. {
109. "Description": "File has been identified by 53 Antiviruses on VirusTotal as malicious",
110. "Details": [
111. {
112. "MicroWorld-eScan": "Gen:Variant.Ulise.38407"
113. },
114. {
115. "FireEye": "Generic.mg.d2ace31e89059d60"
116. },
117. {
118. "CAT-QuickHeal": "Trojan.Scar"
119. },
120. {
121. "McAfee": "RDN/Generic.grp"
122. },
123. {
124. "Zillya": "Trojan.Injector.Win32.645425"
125. },
126. {
127. "BitDefender": "Gen:Variant.Ulise.38407"
128. },
129. {
130. "K7GW": "Trojan ( 0054f89f1 )"
131. },
132. {
133. "K7AntiVirus": "Trojan ( 0054f89f1 )"
134. },
135. {
136. "TrendMicro": "TrojanSpy.Win32.LOKI.SMDD.hp"
137. },
138. {
139. "NANO-Antivirus": "Trojan.Win32.Scarsi.frcccp"
140. },
141. {
142. "F-Prot": "W32/Injector.HYT"
143. },
144. {
145. "Symantec": "Trojan.Gen.MBT"
146. },
147. {
148. "APEX": "Malicious"
149. },
150. {
151. "Paloalto": "generic.ml"
152. },
153. {
154. "Kaspersky": "HEUR:Trojan.Win32.Scarsi.gen"
155. },
156. {
157. "Alibaba": "Trojan:Win32/Injector.d168a71f"
158. },
159. {
160. "ViRobot": "Trojan.Win32.Z.Pws.680960"
161. },
162. {
163. "AegisLab": "Trojan.Win32.Scarsi.4!c"
164. },
165. {
166. "Rising": "Trojan.Injector!1.AFE3 (CLASSIC)"
167. },
168. {
169. "Endgame": "malicious (high confidence)"
170. },
171. {
172. "Emsisoft": "Gen:Variant.Ulise.38407 (B)"
173. },
174. {
175. "F-Secure": "Trojan.TR/Injector.zfjry"
176. },
177. {
178. "DrWeb": "Trojan.PWS.Stealer.19347"
179. },
180. {
181. "VIPRE": "Trojan.Win32.Generic!BT"
182. },
183. {
184. "Invincea": "heuristic"
185. },
186. {
187. "McAfee-GW-Edition": "BehavesLike.Win32.Fareit.jc"
188. },
189. {
190. "Trapmine": "malicious.high.ml.score"
191. },
192. {
193. "Sophos": "Mal/Fareit-V"
194. },
195. {
196. "SentinelOne": "DFI - Suspicious PE"
197. },
198. {
199. "Cyren": "W32/Trojan.QVRF-0653"
200. },
201. {
202. "Jiangmin": "Trojan.Scarsi.bxy"
203. },
204. {
205. "Avira": "TR/Injector.zfjry"
206. },
207. {
208. "Fortinet": "W32/Scarsi.EFWQ!tr"
209. },
210. {
211. "Antiy-AVL": "Trojan/Win32.Scarsi"
212. },
213. {
214. "Arcabit": "Trojan.Ulise.D9607"
215. },
216. {
217. "ZoneAlarm": "HEUR:Trojan.Win32.Scarsi.gen"
218. },
219. {
220. "Microsoft": "Trojan:Win32/Tiggre!plock"
221. },
222. {
223. "AhnLab-V3": "Win-Trojan/Delphiless.Exp"
224. },
225. {
226. "Acronis": "suspicious"
227. },
228. {
229. "VBA32": "TScope.Trojan.Delf"
230. },
231. {
232. "ALYac": "Gen:Variant.Ulise.38407"
233. },
234. {
235. "Ad-Aware": "Gen:Variant.Ulise.38407"
236. },
237. {
238. "Cylance": "Unsafe"
239. },
240. {
241. "Panda": "Trj/Genetic.gen"
242. },
243. {
244. "ESET-NOD32": "a variant of Win32/Injector.EFWQ"
245. },
246. {
247. "TrendMicro-HouseCall": "TrojanSpy.Win32.LOKI.SMDD.hp"
248. },
249. {
250. "Yandex": "Trojan.Scarsi!nyxrJ69Uegk"
251. },
252. {
253. "Ikarus": "Trojan.Inject"
254. },
255. {
256. "GData": "Gen:Variant.Ulise.38407"
257. },
258. {
259. "AVG": "Win32:Malware-gen"
260. },
261. {
262. "Cybereason": "malicious.e89059"
263. },
264. {
265. "Avast": "Win32:Malware-gen"
266. },
267. {
268. "Qihoo-360": "Win32/Trojan.469"
269. }
270. ]
271. },
272. {
273. "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
274. "Details": []
275. },
276. {
277. "Description": "Checks the system manufacturer, likely for anti-virtualization",
278. "Details": []
279. },
280. {
281. "Description": "Harvests credentials from local FTP client softwares",
282. "Details": [
283. {
284. "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
285. },
286. {
287. "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\"
288. },
289. {
290. "file": "C:\\Users\\user\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml"
291. },
292. {
293. "file": "C:\\Users\\user\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini"
294. },
295. {
296. "file": "C:\\cftp\\Ftplist.txt"
297. },
298. {
299. "key": "HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites"
300. }
301. ]
302. },
303. {
304. "Description": "Harvests information related to installed mail clients",
305. "Details": [
306. {
307. "file": "C:\\Users\\user\\AppData\\Roaming\\Thunderbird\\profiles.ini"
308. },
309. {
310. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676"
311. },
312. {
313. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
314. },
315. {
316. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\SMTP Password"
317. },
318. {
319. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
320. },
321. {
322. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\HTTP Password"
323. },
324. {
325. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
326. },
327. {
328. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\HTTP Password"
329. },
330. {
331. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
332. },
333. {
334. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\POP3 Password"
335. },
336. {
337. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
338. },
339. {
340. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\SMTP Password"
341. },
342. {
343. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\IMAP Password"
344. },
345. {
346. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
347. },
348. {
349. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\IMAP Password"
350. },
351. {
352. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\POP3 Password"
353. },
354. {
355. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
356. }
357. ]
358. },
359. {
360. "Description": "Collects information to fingerprint the system",
361. "Details": []
362. },
363. {
364. "Description": "Anomalous binary characteristics",
365. "Details": [
366. {
367. "anomaly": "Timestamp on binary predates the release date of the OS version it requires by at least a year"
368. }
369. ]
370. }
371. ]
372.  
373. [*] Started Service: [
374. "VaultSvc",
375. "WerSvc"
376. ]
377.  
378. [*] Executed Commands: [
379. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_d2ace31e89059d60ea1ee0b49942d270.exe\"",
380. "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding",
381. "C:\\Windows\\system32\\lsass.exe",
382. "taskhost.exe $(Arg0)",
383. "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup",
384. "C:\\Windows\\system32\\WerFault.exe -u -p 2244 -s 288",
385. "\"C:\\Windows\\system32\\wermgr.exe\" \"-queuereporting_svc\" \"C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_8aabe0b3348bc782cf69fc38868d65b42bf1f6_cab_0a1a8262\""
386. ]
387.  
388. [*] Mutexes: [
389. "Global\\CLR_CASOFF_MUTEX",
390. "Local\\_!MSFTHISTORY!_",
391. "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
392. "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
393. "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
394. "Global\\.net clr networking",
395. "Local\\WERReportingForProcess2244",
396. "Global\\\\xe5\\x88\\x90\\xc2\\x8b",
397. "Global\\ADAP_WMI_ENTRY",
398. "Global\\\\xed\\x95\\xb0A",
399. "WERUI_BEX64-8aabe0b3348bc782cf69fc38868d65b42bf1f6"
400. ]
401.  
402. [*] Modified Files: [
403. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
404. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
405. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
406. "\\??\\PIPE\\samr",
407. "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
408. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
409. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
410. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
411. "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
412. "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
413. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
414. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
415. "\\??\\WMIDataDevice",
416. "C:\\Windows\\sysnative\\LogFiles\\Scm\\5869f1c1-01d7-41f7-84b7-715672259fa8",
417. "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
418. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER1C44.tmp.appcompat.txt",
419. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER541E.tmp.WERInternalMetadata.xml",
420. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER543E.tmp.hdmp",
421. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER5B44.tmp.mdmp",
422. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_8aabe0b3348bc782cf69fc38868d65b42bf1f6_cab_0a1a8262\\WER1C44.tmp.appcompat.txt",
423. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_8aabe0b3348bc782cf69fc38868d65b42bf1f6_cab_0a1a8262\\WER541E.tmp.WERInternalMetadata.xml",
424. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_8aabe0b3348bc782cf69fc38868d65b42bf1f6_cab_0a1a8262\\WER543E.tmp.hdmp",
425. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_8aabe0b3348bc782cf69fc38868d65b42bf1f6_cab_0a1a8262\\WER5B44.tmp.mdmp",
426. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_8aabe0b3348bc782cf69fc38868d65b42bf1f6_cab_0a1a8262\\Report.wer",
427. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_8aabe0b3348bc782cf69fc38868d65b42bf1f6_cab_0a1a8262\\Report.wer.tmp"
428. ]
429.  
430. [*] Deleted Files: [
431. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER1C44.tmp",
432. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER1C44.tmp.appcompat.txt",
433. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER541E.tmp",
434. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER541E.tmp.WERInternalMetadata.xml",
435. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER543E.tmp",
436. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER543E.tmp.hdmp",
437. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER5B44.tmp",
438. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WER5B44.tmp.mdmp",
439. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_8aabe0b3348bc782cf69fc38868d65b42bf1f6_cab_0a1a8262\\Report.wer.tmp"
440. ]
441.  
442. [*] Modified Registry Keys: [
443. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\Exes_d2ace31e89059d60ea1ee0b49942d270_RASAPI32",
444. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_d2ace31e89059d60ea1ee0b49942d270_RASAPI32\\EnableFileTracing",
445. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_d2ace31e89059d60ea1ee0b49942d270_RASAPI32\\EnableConsoleTracing",
446. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_d2ace31e89059d60ea1ee0b49942d270_RASAPI32\\FileTracingMask",
447. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_d2ace31e89059d60ea1ee0b49942d270_RASAPI32\\ConsoleTracingMask",
448. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_d2ace31e89059d60ea1ee0b49942d270_RASAPI32\\MaxFileSize",
449. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\Exes_d2ace31e89059d60ea1ee0b49942d270_RASAPI32\\FileDirectory",
450. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
451. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
452. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
453. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
454. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
455. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
456. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
457. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider",
458. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
459. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent",
460. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent\\DefaultConsent"
461. ]
462.  
463. [*] Deleted Registry Keys: []
464.  
465. [*] DNS Communications: [
466. {
467. "type": "A",
468. "request": "checkip.amazonaws.com",
469. "answers": [
470. {
471. "data": "52.206.161.133",
472. "type": "A"
473. },
474. {
475. "data": "52.200.125.74",
476. "type": "A"
477. },
478. {
479. "data": "checkip.check-ip.aws.a2z.com",
480. "type": "CNAME"
481. },
482. {
483. "data": "52.6.79.229",
484. "type": "A"
485. },
486. {
487. "data": "checkip.us-east-1.prod.check-ip.aws.a2z.com",
488. "type": "CNAME"
489. },
490. {
491. "data": "34.233.102.38",
492. "type": "A"
493. },
494. {
495. "data": "52.202.139.131",
496. "type": "A"
497. },
498. {
499. "data": "18.211.215.84",
500. "type": "A"
501. }
502. ]
503. }
504. ]
505.  
506. [*] Domains: [
507. {
508. "ip": "34.233.102.38",
509. "domain": "checkip.amazonaws.com"
510. }
511. ]
512.  
513. [*] Network Communication - ICMP: []
514.  
515. [*] Network Communication - HTTP: [
516. {
517. "count": 2,
518. "body": "",
519. "uri": "http://checkip.amazonaws.com/",
520. "user-agent": "",
521. "method": "GET",
522. "host": "checkip.amazonaws.com",
523. "version": "1.1",
524. "path": "/",
525. "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\nConnection: Keep-Alive\r\n\r\n",
526. "port": 80
527. },
528. {
529. "count": 1,
530. "body": "",
531. "uri": "http://checkip.amazonaws.com/",
532. "user-agent": "",
533. "method": "GET",
534. "host": "checkip.amazonaws.com",
535. "version": "1.1",
536. "path": "/",
537. "data": "GET / HTTP/1.1\r\nHost: checkip.amazonaws.com\r\n\r\n",
538. "port": 80
539. }
540. ]
541.  
542. [*] Network Communication - SMTP: []
543.  
544. [*] Network Communication - Hosts: []
545.  
546. [*] Network Communication - IRC: []
547.  
548. [*] Static Analysis: {
549. "pe": {
550. "peid_signatures": null,
551. "imports": [
552. {
553. "imports": [
554. {
555. "name": "DeleteCriticalSection",
556. "address": "0x46712c"
557. },
558. {
559. "name": "LeaveCriticalSection",
560. "address": "0x467130"
561. },
562. {
563. "name": "EnterCriticalSection",
564. "address": "0x467134"
565. },
566. {
567. "name": "InitializeCriticalSection",
568. "address": "0x467138"
569. },
570. {
571. "name": "VirtualFree",
572. "address": "0x46713c"
573. },
574. {
575. "name": "VirtualAlloc",
576. "address": "0x467140"
577. },
578. {
579. "name": "LocalFree",
580. "address": "0x467144"
581. },
582. {
583. "name": "LocalAlloc",
584. "address": "0x467148"
585. },
586. {
587. "name": "GetVersion",
588. "address": "0x46714c"
589. },
590. {
591. "name": "GetCurrentThreadId",
592. "address": "0x467150"
593. },
594. {
595. "name": "InterlockedDecrement",
596. "address": "0x467154"
597. },
598. {
599. "name": "InterlockedIncrement",
600. "address": "0x467158"
601. },
602. {
603. "name": "VirtualQuery",
604. "address": "0x46715c"
605. },
606. {
607. "name": "WideCharToMultiByte",
608. "address": "0x467160"
609. },
610. {
611. "name": "MultiByteToWideChar",
612. "address": "0x467164"
613. },
614. {
615. "name": "lstrlenA",
616. "address": "0x467168"
617. },
618. {
619. "name": "lstrcpynA",
620. "address": "0x46716c"
621. },
622. {
623. "name": "LoadLibraryExA",
624. "address": "0x467170"
625. },
626. {
627. "name": "GetThreadLocale",
628. "address": "0x467174"
629. },
630. {
631. "name": "GetStartupInfoA",
632. "address": "0x467178"
633. },
634. {
635. "name": "GetProcAddress",
636. "address": "0x46717c"
637. },
638. {
639. "name": "GetModuleHandleA",
640. "address": "0x467180"
641. },
642. {
643. "name": "GetModuleFileNameA",
644. "address": "0x467184"
645. },
646. {
647. "name": "GetLocaleInfoA",
648. "address": "0x467188"
649. },
650. {
651. "name": "GetCommandLineA",
652. "address": "0x46718c"
653. },
654. {
655. "name": "FreeLibrary",
656. "address": "0x467190"
657. },
658. {
659. "name": "FindFirstFileA",
660. "address": "0x467194"
661. },
662. {
663. "name": "FindClose",
664. "address": "0x467198"
665. },
666. {
667. "name": "ExitProcess",
668. "address": "0x46719c"
669. },
670. {
671. "name": "WriteFile",
672. "address": "0x4671a0"
673. },
674. {
675. "name": "UnhandledExceptionFilter",
676. "address": "0x4671a4"
677. },
678. {
679. "name": "RtlUnwind",
680. "address": "0x4671a8"
681. },
682. {
683. "name": "RaiseException",
684. "address": "0x4671ac"
685. },
686. {
687. "name": "GetStdHandle",
688. "address": "0x4671b0"
689. }
690. ],
691. "dll": "kernel32.dll"
692. },
693. {
694. "imports": [
695. {
696. "name": "GetKeyboardType",
697. "address": "0x4671b8"
698. },
699. {
700. "name": "LoadStringA",
701. "address": "0x4671bc"
702. },
703. {
704. "name": "MessageBoxA",
705. "address": "0x4671c0"
706. },
707. {
708. "name": "CharNextA",
709. "address": "0x4671c4"
710. }
711. ],
712. "dll": "user32.dll"
713. },
714. {
715. "imports": [
716. {
717. "name": "RegQueryValueExA",
718. "address": "0x4671cc"
719. },
720. {
721. "name": "RegOpenKeyExA",
722. "address": "0x4671d0"
723. },
724. {
725. "name": "RegCloseKey",
726. "address": "0x4671d4"
727. }
728. ],
729. "dll": "advapi32.dll"
730. },
731. {
732. "imports": [
733. {
734. "name": "SysFreeString",
735. "address": "0x4671dc"
736. },
737. {
738. "name": "SysReAllocStringLen",
739. "address": "0x4671e0"
740. },
741. {
742. "name": "SysAllocStringLen",
743. "address": "0x4671e4"
744. }
745. ],
746. "dll": "oleaut32.dll"
747. },
748. {
749. "imports": [
750. {
751. "name": "TlsSetValue",
752. "address": "0x4671ec"
753. },
754. {
755. "name": "TlsGetValue",
756. "address": "0x4671f0"
757. },
758. {
759. "name": "LocalAlloc",
760. "address": "0x4671f4"
761. },
762. {
763. "name": "GetModuleHandleA",
764. "address": "0x4671f8"
765. }
766. ],
767. "dll": "kernel32.dll"
768. },
769. {
770. "imports": [
771. {
772. "name": "RegQueryValueExA",
773. "address": "0x467200"
774. },
775. {
776. "name": "RegOpenKeyExA",
777. "address": "0x467204"
778. },
779. {
780. "name": "RegCloseKey",
781. "address": "0x467208"
782. }
783. ],
784. "dll": "advapi32.dll"
785. },
786. {
787. "imports": [
788. {
789. "name": "lstrcpyA",
790. "address": "0x467210"
791. },
792. {
793. "name": "WriteFile",
794. "address": "0x467214"
795. },
796. {
797. "name": "WaitForSingleObject",
798. "address": "0x467218"
799. },
800. {
801. "name": "VirtualQuery",
802. "address": "0x46721c"
803. },
804. {
805. "name": "VirtualAlloc",
806. "address": "0x467220"
807. },
808. {
809. "name": "Sleep",
810. "address": "0x467224"
811. },
812. {
813. "name": "SizeofResource",
814. "address": "0x467228"
815. },
816. {
817. "name": "SetThreadLocale",
818. "address": "0x46722c"
819. },
820. {
821. "name": "SetFilePointer",
822. "address": "0x467230"
823. },
824. {
825. "name": "SetEvent",
826. "address": "0x467234"
827. },
828. {
829. "name": "SetErrorMode",
830. "address": "0x467238"
831. },
832. {
833. "name": "SetEndOfFile",
834. "address": "0x46723c"
835. },
836. {
837. "name": "ResetEvent",
838. "address": "0x467240"
839. },
840. {
841. "name": "ReadFile",
842. "address": "0x467244"
843. },
844. {
845. "name": "MulDiv",
846. "address": "0x467248"
847. },
848. {
849. "name": "LockResource",
850. "address": "0x46724c"
851. },
852. {
853. "name": "LoadResource",
854. "address": "0x467250"
855. },
856. {
857. "name": "LoadLibraryA",
858. "address": "0x467254"
859. },
860. {
861. "name": "LeaveCriticalSection",
862. "address": "0x467258"
863. },
864. {
865. "name": "InitializeCriticalSection",
866. "address": "0x46725c"
867. },
868. {
869. "name": "GlobalUnlock",
870. "address": "0x467260"
871. },
872. {
873. "name": "GlobalReAlloc",
874. "address": "0x467264"
875. },
876. {
877. "name": "GlobalHandle",
878. "address": "0x467268"
879. },
880. {
881. "name": "GlobalLock",
882. "address": "0x46726c"
883. },
884. {
885. "name": "GlobalFree",
886. "address": "0x467270"
887. },
888. {
889. "name": "GlobalFindAtomA",
890. "address": "0x467274"
891. },
892. {
893. "name": "GlobalDeleteAtom",
894. "address": "0x467278"
895. },
896. {
897. "name": "GlobalAlloc",
898. "address": "0x46727c"
899. },
900. {
901. "name": "GlobalAddAtomA",
902. "address": "0x467280"
903. },
904. {
905. "name": "GetVersionExA",
906. "address": "0x467284"
907. },
908. {
909. "name": "GetVersion",
910. "address": "0x467288"
911. },
912. {
913. "name": "GetTickCount",
914. "address": "0x46728c"
915. },
916. {
917. "name": "GetThreadLocale",
918. "address": "0x467290"
919. },
920. {
921. "name": "GetSystemInfo",
922. "address": "0x467294"
923. },
924. {
925. "name": "GetStringTypeExA",
926. "address": "0x467298"
927. },
928. {
929. "name": "GetStdHandle",
930. "address": "0x46729c"
931. },
932. {
933. "name": "GetProcAddress",
934. "address": "0x4672a0"
935. },
936. {
937. "name": "GetModuleHandleA",
938. "address": "0x4672a4"
939. },
940. {
941. "name": "GetModuleFileNameA",
942. "address": "0x4672a8"
943. },
944. {
945. "name": "GetLocaleInfoA",
946. "address": "0x4672ac"
947. },
948. {
949. "name": "GetLocalTime",
950. "address": "0x4672b0"
951. },
952. {
953. "name": "GetLastError",
954. "address": "0x4672b4"
955. },
956. {
957. "name": "GetFullPathNameA",
958. "address": "0x4672b8"
959. },
960. {
961. "name": "GetFileAttributesA",
962. "address": "0x4672bc"
963. },
964. {
965. "name": "GetDiskFreeSpaceA",
966. "address": "0x4672c0"
967. },
968. {
969. "name": "GetDateFormatA",
970. "address": "0x4672c4"
971. },
972. {
973. "name": "GetCurrentThreadId",
974. "address": "0x4672c8"
975. },
976. {
977. "name": "GetCurrentProcessId",
978. "address": "0x4672cc"
979. },
980. {
981. "name": "GetCPInfo",
982. "address": "0x4672d0"
983. },
984. {
985. "name": "GetACP",
986. "address": "0x4672d4"
987. },
988. {
989. "name": "FreeResource",
990. "address": "0x4672d8"
991. },
992. {
993. "name": "InterlockedExchange",
994. "address": "0x4672dc"
995. },
996. {
997. "name": "FreeLibrary",
998. "address": "0x4672e0"
999. },
1000. {
1001. "name": "FormatMessageA",
1002. "address": "0x4672e4"
1003. },
1004. {
1005. "name": "FindResourceA",
1006. "address": "0x4672e8"
1007. },
1008. {
1009. "name": "FindFirstFileA",
1010. "address": "0x4672ec"
1011. },
1012. {
1013. "name": "FindClose",
1014. "address": "0x4672f0"
1015. },
1016. {
1017. "name": "FileTimeToLocalFileTime",
1018. "address": "0x4672f4"
1019. },
1020. {
1021. "name": "FileTimeToDosDateTime",
1022. "address": "0x4672f8"
1023. },
1024. {
1025. "name": "EnumCalendarInfoA",
1026. "address": "0x4672fc"
1027. },
1028. {
1029. "name": "EnterCriticalSection",
1030. "address": "0x467300"
1031. },
1032. {
1033. "name": "DeleteCriticalSection",
1034. "address": "0x467304"
1035. },
1036. {
1037. "name": "CreateThread",
1038. "address": "0x467308"
1039. },
1040. {
1041. "name": "CreateFileA",
1042. "address": "0x46730c"
1043. },
1044. {
1045. "name": "CreateEventA",
1046. "address": "0x467310"
1047. },
1048. {
1049. "name": "CompareStringA",
1050. "address": "0x467314"
1051. },
1052. {
1053. "name": "CloseHandle",
1054. "address": "0x467318"
1055. }
1056. ],
1057. "dll": "kernel32.dll"
1058. },
1059. {
1060. "imports": [
1061. {
1062. "name": "VerQueryValueA",
1063. "address": "0x467320"
1064. },
1065. {
1066. "name": "GetFileVersionInfoSizeA",
1067. "address": "0x467324"
1068. },
1069. {
1070. "name": "GetFileVersionInfoA",
1071. "address": "0x467328"
1072. }
1073. ],
1074. "dll": "version.dll"
1075. },
1076. {
1077. "imports": [
1078. {
1079. "name": "UnrealizeObject",
1080. "address": "0x467330"
1081. },
1082. {
1083. "name": "StretchBlt",
1084. "address": "0x467334"
1085. },
1086. {
1087. "name": "SetWindowOrgEx",
1088. "address": "0x467338"
1089. },
1090. {
1091. "name": "SetWinMetaFileBits",
1092. "address": "0x46733c"
1093. },
1094. {
1095. "name": "SetViewportOrgEx",
1096. "address": "0x467340"
1097. },
1098. {
1099. "name": "SetTextColor",
1100. "address": "0x467344"
1101. },
1102. {
1103. "name": "SetStretchBltMode",
1104. "address": "0x467348"
1105. },
1106. {
1107. "name": "SetROP2",
1108. "address": "0x46734c"
1109. },
1110. {
1111. "name": "SetPixel",
1112. "address": "0x467350"
1113. },
1114. {
1115. "name": "SetICMMode",
1116. "address": "0x467354"
1117. },
1118. {
1119. "name": "SetEnhMetaFileBits",
1120. "address": "0x467358"
1121. },
1122. {
1123. "name": "SetDIBColorTable",
1124. "address": "0x46735c"
1125. },
1126. {
1127. "name": "SetBrushOrgEx",
1128. "address": "0x467360"
1129. },
1130. {
1131. "name": "SetBkMode",
1132. "address": "0x467364"
1133. },
1134. {
1135. "name": "SetBkColor",
1136. "address": "0x467368"
1137. },
1138. {
1139. "name": "SelectPalette",
1140. "address": "0x46736c"
1141. },
1142. {
1143. "name": "SelectObject",
1144. "address": "0x467370"
1145. },
1146. {
1147. "name": "ScaleWindowExtEx",
1148. "address": "0x467374"
1149. },
1150. {
1151. "name": "SaveDC",
1152. "address": "0x467378"
1153. },
1154. {
1155. "name": "RestoreDC",
1156. "address": "0x46737c"
1157. },
1158. {
1159. "name": "Rectangle",
1160. "address": "0x467380"
1161. },
1162. {
1163. "name": "RectVisible",
1164. "address": "0x467384"
1165. },
1166. {
1167. "name": "RealizePalette",
1168. "address": "0x467388"
1169. },
1170. {
1171. "name": "Polyline",
1172. "address": "0x46738c"
1173. },
1174. {
1175. "name": "PlayEnhMetaFile",
1176. "address": "0x467390"
1177. },
1178. {
1179. "name": "PatBlt",
1180. "address": "0x467394"
1181. },
1182. {
1183. "name": "MoveToEx",
1184. "address": "0x467398"
1185. },
1186. {
1187. "name": "MaskBlt",
1188. "address": "0x46739c"
1189. },
1190. {
1191. "name": "LineTo",
1192. "address": "0x4673a0"
1193. },
1194. {
1195. "name": "IntersectClipRect",
1196. "address": "0x4673a4"
1197. },
1198. {
1199. "name": "GetWindowOrgEx",
1200. "address": "0x4673a8"
1201. },
1202. {
1203. "name": "GetWinMetaFileBits",
1204. "address": "0x4673ac"
1205. },
1206. {
1207. "name": "GetTextMetricsA",
1208. "address": "0x4673b0"
1209. },
1210. {
1211. "name": "GetTextExtentPoint32A",
1212. "address": "0x4673b4"
1213. },
1214. {
1215. "name": "GetSystemPaletteEntries",
1216. "address": "0x4673b8"
1217. },
1218. {
1219. "name": "GetStockObject",
1220. "address": "0x4673bc"
1221. },
1222. {
1223. "name": "GetPixel",
1224. "address": "0x4673c0"
1225. },
1226. {
1227. "name": "GetPaletteEntries",
1228. "address": "0x4673c4"
1229. },
1230. {
1231. "name": "GetObjectA",
1232. "address": "0x4673c8"
1233. },
1234. {
1235. "name": "GetEnhMetaFilePaletteEntries",
1236. "address": "0x4673cc"
1237. },
1238. {
1239. "name": "GetEnhMetaFileHeader",
1240. "address": "0x4673d0"
1241. },
1242. {
1243. "name": "GetEnhMetaFileBits",
1244. "address": "0x4673d4"
1245. },
1246. {
1247. "name": "GetDeviceCaps",
1248. "address": "0x4673d8"
1249. },
1250. {
1251. "name": "GetDIBits",
1252. "address": "0x4673dc"
1253. },
1254. {
1255. "name": "GetDIBColorTable",
1256. "address": "0x4673e0"
1257. },
1258. {
1259. "name": "GetDCOrgEx",
1260. "address": "0x4673e4"
1261. },
1262. {
1263. "name": "GetCurrentPositionEx",
1264. "address": "0x4673e8"
1265. },
1266. {
1267. "name": "GetClipBox",
1268. "address": "0x4673ec"
1269. },
1270. {
1271. "name": "GetBrushOrgEx",
1272. "address": "0x4673f0"
1273. },
1274. {
1275. "name": "GetBitmapBits",
1276. "address": "0x4673f4"
1277. },
1278. {
1279. "name": "ExcludeClipRect",
1280. "address": "0x4673f8"
1281. },
1282. {
1283. "name": "DeleteObject",
1284. "address": "0x4673fc"
1285. },
1286. {
1287. "name": "DeleteEnhMetaFile",
1288. "address": "0x467400"
1289. },
1290. {
1291. "name": "DeleteDC",
1292. "address": "0x467404"
1293. },
1294. {
1295. "name": "CreateSolidBrush",
1296. "address": "0x467408"
1297. },
1298. {
1299. "name": "CreatePenIndirect",
1300. "address": "0x46740c"
1301. },
1302. {
1303. "name": "CreatePalette",
1304. "address": "0x467410"
1305. },
1306. {
1307. "name": "CreateHalftonePalette",
1308. "address": "0x467414"
1309. },
1310. {
1311. "name": "CreateFontIndirectA",
1312. "address": "0x467418"
1313. },
1314. {
1315. "name": "CreateDIBitmap",
1316. "address": "0x46741c"
1317. },
1318. {
1319. "name": "CreateDIBSection",
1320. "address": "0x467420"
1321. },
1322. {
1323. "name": "CreateCompatibleDC",
1324. "address": "0x467424"
1325. },
1326. {
1327. "name": "CreateCompatibleBitmap",
1328. "address": "0x467428"
1329. },
1330. {
1331. "name": "CreateBrushIndirect",
1332. "address": "0x46742c"
1333. },
1334. {
1335. "name": "CreateBitmap",
1336. "address": "0x467430"
1337. },
1338. {
1339. "name": "CopyEnhMetaFileA",
1340. "address": "0x467434"
1341. },
1342. {
1343. "name": "BitBlt",
1344. "address": "0x467438"
1345. }
1346. ],
1347. "dll": "gdi32.dll"
1348. },
1349. {
1350. "imports": [
1351. {
1352. "name": "CreateWindowExA",
1353. "address": "0x467440"
1354. },
1355. {
1356. "name": "WindowFromPoint",
1357. "address": "0x467444"
1358. },
1359. {
1360. "name": "WinHelpA",
1361. "address": "0x467448"
1362. },
1363. {
1364. "name": "WaitMessage",
1365. "address": "0x46744c"
1366. },
1367. {
1368. "name": "UpdateWindow",
1369. "address": "0x467450"
1370. },
1371. {
1372. "name": "UnregisterClassA",
1373. "address": "0x467454"
1374. },
1375. {
1376. "name": "UnhookWindowsHookEx",
1377. "address": "0x467458"
1378. },
1379. {
1380. "name": "TranslateMessage",
1381. "address": "0x46745c"
1382. },
1383. {
1384. "name": "TranslateMDISysAccel",
1385. "address": "0x467460"
1386. },
1387. {
1388. "name": "TrackPopupMenu",
1389. "address": "0x467464"
1390. },
1391. {
1392. "name": "SystemParametersInfoA",
1393. "address": "0x467468"
1394. },
1395. {
1396. "name": "ShowWindow",
1397. "address": "0x46746c"
1398. },
1399. {
1400. "name": "ShowScrollBar",
1401. "address": "0x467470"
1402. },
1403. {
1404. "name": "ShowOwnedPopups",
1405. "address": "0x467474"
1406. },
1407. {
1408. "name": "ShowCursor",
1409. "address": "0x467478"
1410. },
1411. {
1412. "name": "SetWindowsHookExA",
1413. "address": "0x46747c"
1414. },
1415. {
1416. "name": "SetWindowTextA",
1417. "address": "0x467480"
1418. },
1419. {
1420. "name": "SetWindowPos",
1421. "address": "0x467484"
1422. },
1423. {
1424. "name": "SetWindowPlacement",
1425. "address": "0x467488"
1426. },
1427. {
1428. "name": "SetWindowLongA",
1429. "address": "0x46748c"
1430. },
1431. {
1432. "name": "SetTimer",
1433. "address": "0x467490"
1434. },
1435. {
1436. "name": "SetScrollRange",
1437. "address": "0x467494"
1438. },
1439. {
1440. "name": "SetScrollPos",
1441. "address": "0x467498"
1442. },
1443. {
1444. "name": "SetScrollInfo",
1445. "address": "0x46749c"
1446. },
1447. {
1448. "name": "SetRect",
1449. "address": "0x4674a0"
1450. },
1451. {
1452. "name": "SetPropA",
1453. "address": "0x4674a4"
1454. },
1455. {
1456. "name": "SetParent",
1457. "address": "0x4674a8"
1458. },
1459. {
1460. "name": "SetMenuItemInfoA",
1461. "address": "0x4674ac"
1462. },
1463. {
1464. "name": "SetMenu",
1465. "address": "0x4674b0"
1466. },
1467. {
1468. "name": "SetForegroundWindow",
1469. "address": "0x4674b4"
1470. },
1471. {
1472. "name": "SetFocus",
1473. "address": "0x4674b8"
1474. },
1475. {
1476. "name": "SetCursor",
1477. "address": "0x4674bc"
1478. },
1479. {
1480. "name": "SetClassLongA",
1481. "address": "0x4674c0"
1482. },
1483. {
1484. "name": "SetCapture",
1485. "address": "0x4674c4"
1486. },
1487. {
1488. "name": "SetActiveWindow",
1489. "address": "0x4674c8"
1490. },
1491. {
1492. "name": "SendMessageA",
1493. "address": "0x4674cc"
1494. },
1495. {
1496. "name": "ScrollWindow",
1497. "address": "0x4674d0"
1498. },
1499. {
1500. "name": "ScreenToClient",
1501. "address": "0x4674d4"
1502. },
1503. {
1504. "name": "RemovePropA",
1505. "address": "0x4674d8"
1506. },
1507. {
1508. "name": "RemoveMenu",
1509. "address": "0x4674dc"
1510. },
1511. {
1512. "name": "ReleaseDC",
1513. "address": "0x4674e0"
1514. },
1515. {
1516. "name": "ReleaseCapture",
1517. "address": "0x4674e4"
1518. },
1519. {
1520. "name": "RegisterWindowMessageA",
1521. "address": "0x4674e8"
1522. },
1523. {
1524. "name": "RegisterClipboardFormatA",
1525. "address": "0x4674ec"
1526. },
1527. {
1528. "name": "RegisterClassA",
1529. "address": "0x4674f0"
1530. },
1531. {
1532. "name": "RedrawWindow",
1533. "address": "0x4674f4"
1534. },
1535. {
1536. "name": "PtInRect",
1537. "address": "0x4674f8"
1538. },
1539. {
1540. "name": "PostQuitMessage",
1541. "address": "0x4674fc"
1542. },
1543. {
1544. "name": "PostMessageA",
1545. "address": "0x467500"
1546. },
1547. {
1548. "name": "PeekMessageA",
1549. "address": "0x467504"
1550. },
1551. {
1552. "name": "OffsetRect",
1553. "address": "0x467508"
1554. },
1555. {
1556. "name": "OemToCharA",
1557. "address": "0x46750c"
1558. },
1559. {
1560. "name": "MessageBoxA",
1561. "address": "0x467510"
1562. },
1563. {
1564. "name": "MessageBeep",
1565. "address": "0x467514"
1566. },
1567. {
1568. "name": "MapWindowPoints",
1569. "address": "0x467518"
1570. },
1571. {
1572. "name": "MapVirtualKeyA",
1573. "address": "0x46751c"
1574. },
1575. {
1576. "name": "LoadStringA",
1577. "address": "0x467520"
1578. },
1579. {
1580. "name": "LoadKeyboardLayoutA",
1581. "address": "0x467524"
1582. },
1583. {
1584. "name": "LoadIconA",
1585. "address": "0x467528"
1586. },
1587. {
1588. "name": "LoadCursorA",
1589. "address": "0x46752c"
1590. },
1591. {
1592. "name": "LoadBitmapA",
1593. "address": "0x467530"
1594. },
1595. {
1596. "name": "KillTimer",
1597. "address": "0x467534"
1598. },
1599. {
1600. "name": "IsZoomed",
1601. "address": "0x467538"
1602. },
1603. {
1604. "name": "IsWindowVisible",
1605. "address": "0x46753c"
1606. },
1607. {
1608. "name": "IsWindowEnabled",
1609. "address": "0x467540"
1610. },
1611. {
1612. "name": "IsWindow",
1613. "address": "0x467544"
1614. },
1615. {
1616. "name": "IsRectEmpty",
1617. "address": "0x467548"
1618. },
1619. {
1620. "name": "IsIconic",
1621. "address": "0x46754c"
1622. },
1623. {
1624. "name": "IsDialogMessageA",
1625. "address": "0x467550"
1626. },
1627. {
1628. "name": "IsChild",
1629. "address": "0x467554"
1630. },
1631. {
1632. "name": "InvalidateRect",
1633. "address": "0x467558"
1634. },
1635. {
1636. "name": "IntersectRect",
1637. "address": "0x46755c"
1638. },
1639. {
1640. "name": "InsertMenuItemA",
1641. "address": "0x467560"
1642. },
1643. {
1644. "name": "InsertMenuA",
1645. "address": "0x467564"
1646. },
1647. {
1648. "name": "InflateRect",
1649. "address": "0x467568"
1650. },
1651. {
1652. "name": "GetWindowThreadProcessId",
1653. "address": "0x46756c"
1654. },
1655. {
1656. "name": "GetWindowTextA",
1657. "address": "0x467570"
1658. },
1659. {
1660. "name": "GetWindowRect",
1661. "address": "0x467574"
1662. },
1663. {
1664. "name": "GetWindowPlacement",
1665. "address": "0x467578"
1666. },
1667. {
1668. "name": "GetWindowLongA",
1669. "address": "0x46757c"
1670. },
1671. {
1672. "name": "GetWindowDC",
1673. "address": "0x467580"
1674. },
1675. {
1676. "name": "GetTopWindow",
1677. "address": "0x467584"
1678. },
1679. {
1680. "name": "GetSystemMetrics",
1681. "address": "0x467588"
1682. },
1683. {
1684. "name": "GetSystemMenu",
1685. "address": "0x46758c"
1686. },
1687. {
1688. "name": "GetSysColorBrush",
1689. "address": "0x467590"
1690. },
1691. {
1692. "name": "GetSysColor",
1693. "address": "0x467594"
1694. },
1695. {
1696. "name": "GetSubMenu",
1697. "address": "0x467598"
1698. },
1699. {
1700. "name": "GetScrollRange",
1701. "address": "0x46759c"
1702. },
1703. {
1704. "name": "GetScrollPos",
1705. "address": "0x4675a0"
1706. },
1707. {
1708. "name": "GetScrollInfo",
1709. "address": "0x4675a4"
1710. },
1711. {
1712. "name": "GetPropA",
1713. "address": "0x4675a8"
1714. },
1715. {
1716. "name": "GetParent",
1717. "address": "0x4675ac"
1718. },
1719. {
1720. "name": "GetWindow",
1721. "address": "0x4675b0"
1722. },
1723. {
1724. "name": "GetMenuStringA",
1725. "address": "0x4675b4"
1726. },
1727. {
1728. "name": "GetMenuState",
1729. "address": "0x4675b8"
1730. },
1731. {
1732. "name": "GetMenuItemInfoA",
1733. "address": "0x4675bc"
1734. },
1735. {
1736. "name": "GetMenuItemID",
1737. "address": "0x4675c0"
1738. },
1739. {
1740. "name": "GetMenuItemCount",
1741. "address": "0x4675c4"
1742. },
1743. {
1744. "name": "GetMenu",
1745. "address": "0x4675c8"
1746. },
1747. {
1748. "name": "GetLastActivePopup",
1749. "address": "0x4675cc"
1750. },
1751. {
1752. "name": "GetKeyboardState",
1753. "address": "0x4675d0"
1754. },
1755. {
1756. "name": "GetKeyboardLayoutList",
1757. "address": "0x4675d4"
1758. },
1759. {
1760. "name": "GetKeyboardLayout",
1761. "address": "0x4675d8"
1762. },
1763. {
1764. "name": "GetKeyState",
1765. "address": "0x4675dc"
1766. },
1767. {
1768. "name": "GetKeyNameTextA",
1769. "address": "0x4675e0"
1770. },
1771. {
1772. "name": "GetIconInfo",
1773. "address": "0x4675e4"
1774. },
1775. {
1776. "name": "GetForegroundWindow",
1777. "address": "0x4675e8"
1778. },
1779. {
1780. "name": "GetFocus",
1781. "address": "0x4675ec"
1782. },
1783. {
1784. "name": "GetDlgItem",
1785. "address": "0x4675f0"
1786. },
1787. {
1788. "name": "GetDesktopWindow",
1789. "address": "0x4675f4"
1790. },
1791. {
1792. "name": "GetDCEx",
1793. "address": "0x4675f8"
1794. },
1795. {
1796. "name": "GetDC",
1797. "address": "0x4675fc"
1798. },
1799. {
1800. "name": "GetCursorPos",
1801. "address": "0x467600"
1802. },
1803. {
1804. "name": "GetCursor",
1805. "address": "0x467604"
1806. },
1807. {
1808. "name": "GetClipboardData",
1809. "address": "0x467608"
1810. },
1811. {
1812. "name": "GetClientRect",
1813. "address": "0x46760c"
1814. },
1815. {
1816. "name": "GetClassNameA",
1817. "address": "0x467610"
1818. },
1819. {
1820. "name": "GetClassInfoA",
1821. "address": "0x467614"
1822. },
1823. {
1824. "name": "GetCapture",
1825. "address": "0x467618"
1826. },
1827. {
1828. "name": "GetActiveWindow",
1829. "address": "0x46761c"
1830. },
1831. {
1832. "name": "FrameRect",
1833. "address": "0x467620"
1834. },
1835. {
1836. "name": "FindWindowA",
1837. "address": "0x467624"
1838. },
1839. {
1840. "name": "FillRect",
1841. "address": "0x467628"
1842. },
1843. {
1844. "name": "EqualRect",
1845. "address": "0x46762c"
1846. },
1847. {
1848. "name": "EnumWindows",
1849. "address": "0x467630"
1850. },
1851. {
1852. "name": "EnumThreadWindows",
1853. "address": "0x467634"
1854. },
1855. {
1856. "name": "EndPaint",
1857. "address": "0x467638"
1858. },
1859. {
1860. "name": "EnableWindow",
1861. "address": "0x46763c"
1862. },
1863. {
1864. "name": "EnableScrollBar",
1865. "address": "0x467640"
1866. },
1867. {
1868. "name": "EnableMenuItem",
1869. "address": "0x467644"
1870. },
1871. {
1872. "name": "DrawTextA",
1873. "address": "0x467648"
1874. },
1875. {
1876. "name": "DrawMenuBar",
1877. "address": "0x46764c"
1878. },
1879. {
1880. "name": "DrawIconEx",
1881. "address": "0x467650"
1882. },
1883. {
1884. "name": "DrawIcon",
1885. "address": "0x467654"
1886. },
1887. {
1888. "name": "DrawFrameControl",
1889. "address": "0x467658"
1890. },
1891. {
1892. "name": "DrawFocusRect",
1893. "address": "0x46765c"
1894. },
1895. {
1896. "name": "DrawEdge",
1897. "address": "0x467660"
1898. },
1899. {
1900. "name": "DispatchMessageA",
1901. "address": "0x467664"
1902. },
1903. {
1904. "name": "DestroyWindow",
1905. "address": "0x467668"
1906. },
1907. {
1908. "name": "DestroyMenu",
1909. "address": "0x46766c"
1910. },
1911. {
1912. "name": "DestroyIcon",
1913. "address": "0x467670"
1914. },
1915. {
1916. "name": "DestroyCursor",
1917. "address": "0x467674"
1918. },
1919. {
1920. "name": "DeleteMenu",
1921. "address": "0x467678"
1922. },
1923. {
1924. "name": "DefWindowProcA",
1925. "address": "0x46767c"
1926. },
1927. {
1928. "name": "DefMDIChildProcA",
1929. "address": "0x467680"
1930. },
1931. {
1932. "name": "DefFrameProcA",
1933. "address": "0x467684"
1934. },
1935. {
1936. "name": "CreatePopupMenu",
1937. "address": "0x467688"
1938. },
1939. {
1940. "name": "CreateMenu",
1941. "address": "0x46768c"
1942. },
1943. {
1944. "name": "CreateIcon",
1945. "address": "0x467690"
1946. },
1947. {
1948. "name": "ClientToScreen",
1949. "address": "0x467694"
1950. },
1951. {
1952. "name": "CheckMenuItem",
1953. "address": "0x467698"
1954. },
1955. {
1956. "name": "CallWindowProcA",
1957. "address": "0x46769c"
1958. },
1959. {
1960. "name": "CallNextHookEx",
1961. "address": "0x4676a0"
1962. },
1963. {
1964. "name": "BeginPaint",
1965. "address": "0x4676a4"
1966. },
1967. {
1968. "name": "CharNextA",
1969. "address": "0x4676a8"
1970. },
1971. {
1972. "name": "CharLowerBuffA",
1973. "address": "0x4676ac"
1974. },
1975. {
1976. "name": "CharLowerA",
1977. "address": "0x4676b0"
1978. },
1979. {
1980. "name": "CharToOemA",
1981. "address": "0x4676b4"
1982. },
1983. {
1984. "name": "AdjustWindowRectEx",
1985. "address": "0x4676b8"
1986. },
1987. {
1988. "name": "ActivateKeyboardLayout",
1989. "address": "0x4676bc"
1990. }
1991. ],
1992. "dll": "user32.dll"
1993. },
1994. {
1995. "imports": [
1996. {
1997. "name": "Sleep",
1998. "address": "0x4676c4"
1999. }
2000. ],
2001. "dll": "kernel32.dll"
2002. },
2003. {
2004. "imports": [
2005. {
2006. "name": "SafeArrayPtrOfIndex",
2007. "address": "0x4676cc"
2008. },
2009. {
2010. "name": "SafeArrayGetUBound",
2011. "address": "0x4676d0"
2012. },
2013. {
2014. "name": "SafeArrayGetLBound",
2015. "address": "0x4676d4"
2016. },
2017. {
2018. "name": "SafeArrayCreate",
2019. "address": "0x4676d8"
2020. },
2021. {
2022. "name": "VariantChangeType",
2023. "address": "0x4676dc"
2024. },
2025. {
2026. "name": "VariantCopy",
2027. "address": "0x4676e0"
2028. },
2029. {
2030. "name": "VariantClear",
2031. "address": "0x4676e4"
2032. },
2033. {
2034. "name": "VariantInit",
2035. "address": "0x4676e8"
2036. }
2037. ],
2038. "dll": "oleaut32.dll"
2039. },
2040. {
2041. "imports": [
2042. {
2043. "name": "ImageList_SetIconSize",
2044. "address": "0x4676f0"
2045. },
2046. {
2047. "name": "ImageList_GetIconSize",
2048. "address": "0x4676f4"
2049. },
2050. {
2051. "name": "ImageList_Write",
2052. "address": "0x4676f8"
2053. },
2054. {
2055. "name": "ImageList_Read",
2056. "address": "0x4676fc"
2057. },
2058. {
2059. "name": "ImageList_GetDragImage",
2060. "address": "0x467700"
2061. },
2062. {
2063. "name": "ImageList_DragShowNolock",
2064. "address": "0x467704"
2065. },
2066. {
2067. "name": "ImageList_SetDragCursorImage",
2068. "address": "0x467708"
2069. },
2070. {
2071. "name": "ImageList_DragMove",
2072. "address": "0x46770c"
2073. },
2074. {
2075. "name": "ImageList_DragLeave",
2076. "address": "0x467710"
2077. },
2078. {
2079. "name": "ImageList_DragEnter",
2080. "address": "0x467714"
2081. },
2082. {
2083. "name": "ImageList_EndDrag",
2084. "address": "0x467718"
2085. },
2086. {
2087. "name": "ImageList_BeginDrag",
2088. "address": "0x46771c"
2089. },
2090. {
2091. "name": "ImageList_Remove",
2092. "address": "0x467720"
2093. },
2094. {
2095. "name": "ImageList_DrawEx",
2096. "address": "0x467724"
2097. },
2098. {
2099. "name": "ImageList_Replace",
2100. "address": "0x467728"
2101. },
2102. {
2103. "name": "ImageList_Draw",
2104. "address": "0x46772c"
2105. },
2106. {
2107. "name": "ImageList_GetBkColor",
2108. "address": "0x467730"
2109. },
2110. {
2111. "name": "ImageList_SetBkColor",
2112. "address": "0x467734"
2113. },
2114. {
2115. "name": "ImageList_ReplaceIcon",
2116. "address": "0x467738"
2117. },
2118. {
2119. "name": "ImageList_Add",
2120. "address": "0x46773c"
2121. },
2122. {
2123. "name": "ImageList_GetImageCount",
2124. "address": "0x467740"
2125. },
2126. {
2127. "name": "ImageList_Destroy",
2128. "address": "0x467744"
2129. },
2130. {
2131. "name": "ImageList_Create",
2132. "address": "0x467748"
2133. }
2134. ],
2135. "dll": "comctl32.dll"
2136. },
2137. {
2138. "imports": [
2139. {
2140. "name": "GetOpenFileNameA",
2141. "address": "0x467750"
2142. }
2143. ],
2144. "dll": "comdlg32.dll"
2145. }
2146. ],
2147. "digital_signers": null,
2148. "exported_dll_name": null,
2149. "actual_checksum": "0x000a68c3",
2150. "overlay": null,
2151. "imagebase": "0x00400000",
2152. "reported_checksum": "0x00000000",
2153. "icon_hash": null,
2154. "entrypoint": "0x0045b0c0",
2155. "timestamp": "1992-03-03 04:38:51",
2156. "osversion": "4.0",
2157. "sections": [
2158. {
2159. "name": "CODE",
2160. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2161. "virtual_address": "0x00001000",
2162. "size_of_data": "0x0005a200",
2163. "entropy": "6.51",
2164. "raw_address": "0x00000400",
2165. "virtual_size": "0x0005a108",
2166. "characteristics_raw": "0x60000020"
2167. },
2168. {
2169. "name": "DATA",
2170. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2171. "virtual_address": "0x0005c000",
2172. "size_of_data": "0x00009400",
2173. "entropy": "5.00",
2174. "raw_address": "0x0005a600",
2175. "virtual_size": "0x00009320",
2176. "characteristics_raw": "0xc0000040"
2177. },
2178. {
2179. "name": "BSS",
2180. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2181. "virtual_address": "0x00066000",
2182. "size_of_data": "0x00000000",
2183. "entropy": "0.00",
2184. "raw_address": "0x00063a00",
2185. "virtual_size": "0x00000d01",
2186. "characteristics_raw": "0xc0000000"
2187. },
2188. {
2189. "name": ".idata",
2190. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2191. "virtual_address": "0x00067000",
2192. "size_of_data": "0x00002200",
2193. "entropy": "4.99",
2194. "raw_address": "0x00063a00",
2195. "virtual_size": "0x000021ae",
2196. "characteristics_raw": "0xc0000040"
2197. },
2198. {
2199. "name": ".tls",
2200. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2201. "virtual_address": "0x0006a000",
2202. "size_of_data": "0x00000000",
2203. "entropy": "0.00",
2204. "raw_address": "0x00065c00",
2205. "virtual_size": "0x00000010",
2206. "characteristics_raw": "0xc0000000"
2207. },
2208. {
2209. "name": ".rdata",
2210. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2211. "virtual_address": "0x0006b000",
2212. "size_of_data": "0x00000200",
2213. "entropy": "0.21",
2214. "raw_address": "0x00065c00",
2215. "virtual_size": "0x00000018",
2216. "characteristics_raw": "0x50000040"
2217. },
2218. {
2219. "name": ".reloc",
2220. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2221. "virtual_address": "0x0006c000",
2222. "size_of_data": "0x00006a00",
2223. "entropy": "6.66",
2224. "raw_address": "0x00065e00",
2225. "virtual_size": "0x0000695c",
2226. "characteristics_raw": "0x50000040"
2227. },
2228. {
2229. "name": ".rsrc",
2230. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
2231. "virtual_address": "0x00073000",
2232. "size_of_data": "0x00039c00",
2233. "entropy": "7.58",
2234. "raw_address": "0x0006c800",
2235. "virtual_size": "0x00039a98",
2236. "characteristics_raw": "0x50000040"
2237. }
2238. ],
2239. "resources": [],
2240. "dirents": [
2241. {
2242. "virtual_address": "0x00000000",
2243. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2244. "size": "0x00000000"
2245. },
2246. {
2247. "virtual_address": "0x00067000",
2248. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2249. "size": "0x000021ae"
2250. },
2251. {
2252. "virtual_address": "0x00073000",
2253. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2254. "size": "0x00039a98"
2255. },
2256. {
2257. "virtual_address": "0x00000000",
2258. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2259. "size": "0x00000000"
2260. },
2261. {
2262. "virtual_address": "0x00000000",
2263. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2264. "size": "0x00000000"
2265. },
2266. {
2267. "virtual_address": "0x0006c000",
2268. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2269. "size": "0x0000695c"
2270. },
2271. {
2272. "virtual_address": "0x00000000",
2273. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2274. "size": "0x00000000"
2275. },
2276. {
2277. "virtual_address": "0x00000000",
2278. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2279. "size": "0x00000000"
2280. },
2281. {
2282. "virtual_address": "0x00000000",
2283. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2284. "size": "0x00000000"
2285. },
2286. {
2287. "virtual_address": "0x0006b000",
2288. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2289. "size": "0x00000018"
2290. },
2291. {
2292. "virtual_address": "0x00000000",
2293. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2294. "size": "0x00000000"
2295. },
2296. {
2297. "virtual_address": "0x00000000",
2298. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2299. "size": "0x00000000"
2300. },
2301. {
2302. "virtual_address": "0x00000000",
2303. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2304. "size": "0x00000000"
2305. },
2306. {
2307. "virtual_address": "0x00000000",
2308. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2309. "size": "0x00000000"
2310. },
2311. {
2312. "virtual_address": "0x00000000",
2313. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2314. "size": "0x00000000"
2315. },
2316. {
2317. "virtual_address": "0x00000000",
2318. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2319. "size": "0x00000000"
2320. }
2321. ],
2322. "exports": [],
2323. "guest_signers": {},
2324. "imphash": "eebad2a9366314ce42c920093988f509",
2325. "icon_fuzzy": null,
2326. "icon": null,
2327. "pdbpath": null,
2328. "imported_dll_count": 14,
2329. "versioninfo": []
2330. }
2331. }
2332.  
2333. [*] Resolved APIs: [
2334. "kernel32.dll.GetDiskFreeSpaceExA",
2335. "oleaut32.dll.VariantChangeTypeEx",
2336. "oleaut32.dll.VarNeg",
2337. "oleaut32.dll.VarNot",
2338. "oleaut32.dll.VarAdd",
2339. "oleaut32.dll.VarSub",
2340. "oleaut32.dll.VarMul",
2341. "oleaut32.dll.VarDiv",
2342. "oleaut32.dll.VarIdiv",
2343. "oleaut32.dll.VarMod",
2344. "oleaut32.dll.VarAnd",
2345. "oleaut32.dll.VarOr",
2346. "oleaut32.dll.VarXor",
2347. "oleaut32.dll.VarCmp",
2348. "oleaut32.dll.VarI4FromStr",
2349. "oleaut32.dll.VarR4FromStr",
2350. "oleaut32.dll.VarR8FromStr",
2351. "oleaut32.dll.VarDateFromStr",
2352. "oleaut32.dll.VarCyFromStr",
2353. "oleaut32.dll.VarBoolFromStr",
2354. "oleaut32.dll.VarBstrFromCy",
2355. "oleaut32.dll.VarBstrFromDate",
2356. "oleaut32.dll.VarBstrFromBool",
2357. "user32.dll.GetMonitorInfoA",
2358. "user32.dll.GetSystemMetrics",
2359. "user32.dll.EnumDisplayMonitors",
2360. "dwmapi.dll.DwmIsCompositionEnabled",
2361. "gdi32.dll.GetLayout",
2362. "gdi32.dll.GdiRealizationInfo",
2363. "gdi32.dll.FontIsLinked",
2364. "advapi32.dll.RegOpenKeyExW",
2365. "advapi32.dll.RegQueryInfoKeyW",
2366. "gdi32.dll.GetTextFaceAliasW",
2367. "advapi32.dll.RegEnumValueW",
2368. "advapi32.dll.RegCloseKey",
2369. "advapi32.dll.RegQueryValueExW",
2370. "gdi32.dll.GetFontAssocStatus",
2371. "advapi32.dll.RegQueryValueExA",
2372. "advapi32.dll.RegEnumKeyExW",
2373. "gdi32.dll.GdiIsMetaPrintDC",
2374. "user32.dll.AnimateWindow",
2375. "comctl32.dll.InitializeFlatSB",
2376. "comctl32.dll.UninitializeFlatSB",
2377. "comctl32.dll.FlatSB_GetScrollProp",
2378. "comctl32.dll.FlatSB_SetScrollProp",
2379. "comctl32.dll.FlatSB_EnableScrollBar",
2380. "comctl32.dll.FlatSB_ShowScrollBar",
2381. "comctl32.dll.FlatSB_GetScrollRange",
2382. "comctl32.dll.FlatSB_GetScrollInfo",
2383. "comctl32.dll.FlatSB_GetScrollPos",
2384. "comctl32.dll.FlatSB_SetScrollPos",
2385. "comctl32.dll.FlatSB_SetScrollInfo",
2386. "comctl32.dll.FlatSB_SetScrollRange",
2387. "user32.dll.SetLayeredWindowAttributes",
2388. "kernel32.dll.GetModuleHandleW",
2389. "kernel32.dll.VirtualFree",
2390. "kernel32.dll.LoadLibraryW",
2391. "kernel32.dll.SizeofResource",
2392. "kernel32.dll.GetModuleFileNameW",
2393. "kernel32.dll.CreateFileW",
2394. "kernel32.dll.MultiByteToWideChar",
2395. "kernel32.dll.FlushInstructionCache",
2396. "kernel32.dll.GetCurrentProcess",
2397. "kernel32.dll.VirtualAlloc",
2398. "kernel32.dll.LoadLibraryA",
2399. "kernel32.dll.GetModuleFileNameA",
2400. "kernel32.dll.GetModuleHandleA",
2401. "kernel32.dll.VirtualProtect",
2402. "kernel32.dll.CloseHandle",
2403. "kernel32.dll.LoadResource",
2404. "kernel32.dll.FindResourceW",
2405. "kernel32.dll.GetProcAddress",
2406. "kernel32.dll.GetFileSize",
2407. "kernel32.dll.LCMapStringW",
2408. "kernel32.dll.LCMapStringA",
2409. "kernel32.dll.GetStringTypeW",
2410. "kernel32.dll.GetStringTypeA",
2411. "kernel32.dll.HeapAlloc",
2412. "kernel32.dll.GetStartupInfoW",
2413. "kernel32.dll.DeleteCriticalSection",
2414. "kernel32.dll.LeaveCriticalSection",
2415. "kernel32.dll.EnterCriticalSection",
2416. "kernel32.dll.HeapFree",
2417. "kernel32.dll.HeapReAlloc",
2418. "kernel32.dll.HeapCreate",
2419. "kernel32.dll.Sleep",
2420. "kernel32.dll.ExitProcess",
2421. "kernel32.dll.WriteFile",
2422. "kernel32.dll.GetStdHandle",
2423. "kernel32.dll.SetUnhandledExceptionFilter",
2424. "kernel32.dll.FreeEnvironmentStringsW",
2425. "kernel32.dll.GetEnvironmentStringsW",
2426. "kernel32.dll.GetCommandLineW",
2427. "kernel32.dll.SetHandleCount",
2428. "kernel32.dll.GetFileType",
2429. "kernel32.dll.GetStartupInfoA",
2430. "kernel32.dll.TlsGetValue",
2431. "kernel32.dll.TlsAlloc",
2432. "kernel32.dll.TlsSetValue",
2433. "kernel32.dll.TlsFree",
2434. "kernel32.dll.InterlockedIncrement",
2435. "kernel32.dll.SetLastError",
2436. "kernel32.dll.GetCurrentThreadId",
2437. "kernel32.dll.GetLastError",
2438. "kernel32.dll.InterlockedDecrement",
2439. "kernel32.dll.QueryPerformanceCounter",
2440. "kernel32.dll.GetTickCount",
2441. "kernel32.dll.GetCurrentProcessId",
2442. "kernel32.dll.GetSystemTimeAsFileTime",
2443. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
2444. "kernel32.dll.TerminateProcess",
2445. "kernel32.dll.UnhandledExceptionFilter",
2446. "kernel32.dll.IsDebuggerPresent",
2447. "kernel32.dll.RtlUnwind",
2448. "kernel32.dll.GetCPInfo",
2449. "kernel32.dll.GetACP",
2450. "kernel32.dll.GetOEMCP",
2451. "kernel32.dll.IsValidCodePage",
2452. "kernel32.dll.HeapSize",
2453. "kernel32.dll.GetLocaleInfoA",
2454. "kernel32.dll.WideCharToMultiByte",
2455. "psapi.dll.GetModuleInformation",
2456. "psapi.dll.GetModuleBaseNameW",
2457. "psapi.dll.EnumProcessModules",
2458. "shlwapi.dll.StrStrIW",
2459. "shlwapi.dll.PathFileExistsW",
2460. "kernel32.dll.FlsAlloc",
2461. "kernel32.dll.FlsGetValue",
2462. "kernel32.dll.FlsSetValue",
2463. "kernel32.dll.FlsFree",
2464. "mscoree.dll._CorExeMain",
2465. "kernel32.dll.IsProcessorFeaturePresent",
2466. "msvcrt.dll._set_error_mode",
2467. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
2468. "kernel32.dll.FindActCtxSectionStringW",
2469. "kernel32.dll.GetSystemWindowsDirectoryW",
2470. "mscoree.dll.GetProcessExecutableHeap",
2471. "kernelbase.dll.InitializeCriticalSectionAndSpinCount",
2472. "kernel32.dll.ProcessIdToSessionId",
2473. "imm32.dll.ImmCreateContext",
2474. "imm32.dll.ImmDestroyContext",
2475. "imm32.dll.ImmNotifyIME",
2476. "imm32.dll.ImmAssociateContext",
2477. "imm32.dll.ImmReleaseContext",
2478. "imm32.dll.ImmGetContext",
2479. "imm32.dll.ImmGetCompositionStringA",
2480. "imm32.dll.ImmSetCompositionStringA",
2481. "imm32.dll.ImmGetCompositionStringW",
2482. "imm32.dll.ImmSetCompositionStringW",
2483. "imm32.dll.ImmSetCandidateWindow",
2484. "mscorwks.dll.GetCLRFunction",
2485. "mscoree.dll.IEE",
2486. "kernel32.dll.QueryActCtxW",
2487. "shlwapi.dll.UrlIsW",
2488. "mscorwks.dll.IEE",
2489. "ntdll.dll.ZwCreateSection",
2490. "kernel32.dll.MapViewOfFile",
2491. "kernel32.dll.LoadLibraryExW",
2492. "mscorwks.dll._CorExeMain",
2493. "advapi32.dll.RegisterTraceGuidsW",
2494. "advapi32.dll.UnregisterTraceGuids",
2495. "advapi32.dll.GetTraceLoggerHandle",
2496. "advapi32.dll.GetTraceEnableLevel",
2497. "advapi32.dll.GetTraceEnableFlags",
2498. "advapi32.dll.TraceEvent",
2499. "mscoree.dll.GetStartupFlags",
2500. "mscoree.dll.GetHostConfigurationFile",
2501. "mscoree.dll.GetCORSystemDirectory",
2502. "ntdll.dll.RtlUnwind",
2503. "kernel32.dll.IsWow64Process",
2504. "advapi32.dll.AllocateAndInitializeSid",
2505. "advapi32.dll.OpenProcessToken",
2506. "advapi32.dll.GetTokenInformation",
2507. "advapi32.dll.InitializeAcl",
2508. "advapi32.dll.AddAccessAllowedAce",
2509. "advapi32.dll.FreeSid",
2510. "kernel32.dll.SetThreadStackGuarantee",
2511. "kernel32.dll.AddVectoredContinueHandler",
2512. "kernel32.dll.RemoveVectoredContinueHandler",
2513. "advapi32.dll.ConvertSidToStringSidW",
2514. "shell32.dll.SHGetFolderPathW",
2515. "kernel32.dll.FlushProcessWriteBuffers",
2516. "kernel32.dll.GetWriteWatch",
2517. "kernel32.dll.ResetWriteWatch",
2518. "kernel32.dll.CreateMemoryResourceNotification",
2519. "kernel32.dll.QueryMemoryResourceNotification",
2520. "mscoree.dll._CorImageUnloading",
2521. "mscoree.dll._CorValidateImage",
2522. "ole32.dll.CoInitializeEx",
2523. "cryptbase.dll.SystemFunction036",
2524. "uxtheme.dll.ThemeInitApiHook",
2525. "user32.dll.IsProcessDPIAware",
2526. "ole32.dll.CoGetContextToken",
2527. "kernel32.dll.GetVersionExW",
2528. "kernel32.dll.GetFullPathNameW",
2529. "advapi32.dll.CryptAcquireContextA",
2530. "advapi32.dll.CryptReleaseContext",
2531. "advapi32.dll.CryptCreateHash",
2532. "advapi32.dll.CryptDestroyHash",
2533. "advapi32.dll.CryptHashData",
2534. "advapi32.dll.CryptGetHashParam",
2535. "advapi32.dll.CryptImportKey",
2536. "advapi32.dll.CryptExportKey",
2537. "advapi32.dll.CryptGenKey",
2538. "advapi32.dll.CryptGetKeyParam",
2539. "advapi32.dll.CryptDestroyKey",
2540. "advapi32.dll.CryptVerifySignatureA",
2541. "advapi32.dll.CryptSignHashA",
2542. "advapi32.dll.CryptGetProvParam",
2543. "advapi32.dll.CryptGetUserKey",
2544. "advapi32.dll.CryptEnumProvidersA",
2545. "mscoree.dll.GetMetaDataInternalInterface",
2546. "mscorwks.dll.GetMetaDataInternalInterface",
2547. "cryptsp.dll.CryptAcquireContextA",
2548. "cryptsp.dll.CryptImportKey",
2549. "cryptsp.dll.CryptCreateHash",
2550. "cryptsp.dll.CryptHashData",
2551. "cryptsp.dll.CryptVerifySignatureA",
2552. "cryptsp.dll.CryptDestroyHash",
2553. "cryptsp.dll.CryptDestroyKey",
2554. "mscorjit.dll.getJit",
2555. "kernel32.dll.GetEnvironmentVariableW",
2556. "kernel32.dll.SwitchToThread",
2557. "kernel32.dll.lstrlen",
2558. "kernel32.dll.lstrlenW",
2559. "kernel32.dll.GetUserDefaultUILanguage",
2560. "kernel32.dll.SetErrorMode",
2561. "kernel32.dll.GetFileAttributesExW",
2562. "bcrypt.dll.BCryptGetFipsAlgorithmMode",
2563. "cryptsp.dll.CryptAcquireContextW",
2564. "ole32.dll.CreateBindCtx",
2565. "ole32.dll.CoGetObjectContext",
2566. "sechost.dll.LookupAccountNameLocalW",
2567. "advapi32.dll.LookupAccountSidW",
2568. "sechost.dll.LookupAccountSidLocalW",
2569. "cryptsp.dll.CryptGenRandom",
2570. "ole32.dll.NdrOleInitializeExtension",
2571. "ole32.dll.CoGetClassObject",
2572. "ole32.dll.CoGetMarshalSizeMax",
2573. "ole32.dll.CoMarshalInterface",
2574. "ole32.dll.CoUnmarshalInterface",
2575. "ole32.dll.StringFromIID",
2576. "ole32.dll.CoGetPSClsid",
2577. "ole32.dll.CoTaskMemAlloc",
2578. "ole32.dll.CoTaskMemFree",
2579. "ole32.dll.CoCreateInstance",
2580. "ole32.dll.CoReleaseMarshalData",
2581. "ole32.dll.DcomChannelSetHResult",
2582. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
2583. "ole32.dll.MkParseDisplayName",
2584. "oleaut32.dll.#2",
2585. "oleaut32.dll.#6",
2586. "kernel32.dll.GetThreadPreferredUILanguages",
2587. "kernel32.dll.SetThreadPreferredUILanguages",
2588. "kernel32.dll.LocaleNameToLCID",
2589. "kernel32.dll.GetLocaleInfoEx",
2590. "kernel32.dll.LCIDToLocaleName",
2591. "kernel32.dll.GetSystemDefaultLocaleName",
2592. "ole32.dll.BindMoniker",
2593. "sxs.dll.SxsOleAut32RedirectTypeLibrary",
2594. "advapi32.dll.RegOpenKeyW",
2595. "advapi32.dll.RegEnumKeyW",
2596. "advapi32.dll.RegQueryValueW",
2597. "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid",
2598. "sxs.dll.SxsLookupClrGuid",
2599. "kernel32.dll.ReleaseActCtx",
2600. "oleaut32.dll.#9",
2601. "oleaut32.dll.#4",
2602. "oleaut32.dll.#283",
2603. "oleaut32.dll.#284",
2604. "mscoree.dll.GetTokenForVTableEntry",
2605. "mscoree.dll.SetTargetForVTableEntry",
2606. "mscoree.dll.GetTargetForVTableEntry",
2607. "kernel32.dll.LocalAlloc",
2608. "oleaut32.dll.VariantInit",
2609. "oleaut32.dll.VariantClear",
2610. "oleaut32.dll.#7",
2611. "kernel32.dll.CreateEventW",
2612. "kernel32.dll.SetEvent",
2613. "ole32.dll.CoWaitForMultipleHandles",
2614. "ole32.dll.IIDFromString",
2615. "wminet_utils.dll.ResetSecurity",
2616. "wminet_utils.dll.SetSecurity",
2617. "wminet_utils.dll.BlessIWbemServices",
2618. "wminet_utils.dll.BlessIWbemServicesObject",
2619. "wminet_utils.dll.GetPropertyHandle",
2620. "wminet_utils.dll.WritePropertyValue",
2621. "wminet_utils.dll.Clone",
2622. "wminet_utils.dll.VerifyClientKey",
2623. "wminet_utils.dll.GetQualifierSet",
2624. "wminet_utils.dll.Get",
2625. "wminet_utils.dll.Put",
2626. "wminet_utils.dll.Delete",
2627. "wminet_utils.dll.GetNames",
2628. "wminet_utils.dll.BeginEnumeration",
2629. "wminet_utils.dll.Next",
2630. "wminet_utils.dll.EndEnumeration",
2631. "wminet_utils.dll.GetPropertyQualifierSet",
2632. "wminet_utils.dll.GetObjectText",
2633. "wminet_utils.dll.SpawnDerivedClass",
2634. "wminet_utils.dll.SpawnInstance",
2635. "wminet_utils.dll.CompareTo",
2636. "wminet_utils.dll.GetPropertyOrigin",
2637. "wminet_utils.dll.InheritsFrom",
2638. "wminet_utils.dll.GetMethod",
2639. "wminet_utils.dll.PutMethod",
2640. "wminet_utils.dll.DeleteMethod",
2641. "wminet_utils.dll.BeginMethodEnumeration",
2642. "wminet_utils.dll.NextMethod",
2643. "wminet_utils.dll.EndMethodEnumeration",
2644. "wminet_utils.dll.GetMethodQualifierSet",
2645. "wminet_utils.dll.GetMethodOrigin",
2646. "wminet_utils.dll.QualifierSet_Get",
2647. "wminet_utils.dll.QualifierSet_Put",
2648. "wminet_utils.dll.QualifierSet_Delete",
2649. "wminet_utils.dll.QualifierSet_GetNames",
2650. "wminet_utils.dll.QualifierSet_BeginEnumeration",
2651. "wminet_utils.dll.QualifierSet_Next",
2652. "wminet_utils.dll.QualifierSet_EndEnumeration",
2653. "wminet_utils.dll.GetCurrentApartmentType",
2654. "wminet_utils.dll.GetDemultiplexedStub",
2655. "wminet_utils.dll.CreateInstanceEnumWmi",
2656. "wminet_utils.dll.CreateClassEnumWmi",
2657. "wminet_utils.dll.ExecQueryWmi",
2658. "wminet_utils.dll.ExecNotificationQueryWmi",
2659. "wminet_utils.dll.PutInstanceWmi",
2660. "wminet_utils.dll.PutClassWmi",
2661. "wminet_utils.dll.CloneEnumWbemClassObject",
2662. "wminet_utils.dll.ConnectServerWmi",
2663. "ole32.dll.CoUninitialize",
2664. "oleaut32.dll.#500",
2665. "oleaut32.dll.SysStringLen",
2666. "kernel32.dll.RtlZeroMemory",
2667. "kernel32.dll.RegOpenKeyExW",
2668. "advapi32.dll.GetUserNameW",
2669. "kernel32.dll.GetComputerNameW",
2670. "user32.dll.DefWindowProcW",
2671. "gdi32.dll.GetStockObject",
2672. "user32.dll.RegisterClassW",
2673. "user32.dll.CreateWindowExW",
2674. "user32.dll.SetWindowLongW",
2675. "user32.dll.GetWindowLongW",
2676. "kernel32.dll.GetCurrentThread",
2677. "kernel32.dll.DuplicateHandle",
2678. "user32.dll.CallWindowProcW",
2679. "user32.dll.RegisterWindowMessageW",
2680. "advapi32.dll.LookupPrivilegeValueW",
2681. "advapi32.dll.AdjustTokenPrivileges",
2682. "ntdll.dll.NtQuerySystemInformation",
2683. "kernel32.dll.CreateIoCompletionPort",
2684. "kernel32.dll.PostQueuedCompletionStatus",
2685. "ntdll.dll.NtQueryInformationThread",
2686. "ntdll.dll.NtGetCurrentProcessorNumber",
2687. "shfolder.dll.SHGetFolderPathW",
2688. "kernel32.dll.FindFirstFileW",
2689. "kernel32.dll.FindClose",
2690. "kernel32.dll.FindNextFileW",
2691. "kernel32.dll.UnmapViewOfFile",
2692. "kernel32.dll.ReadFile",
2693. "oleaut32.dll.#204",
2694. "oleaut32.dll.#203",
2695. "culture.dll.ConvertLangIdToCultureName",
2696. "mlang.dll.#112",
2697. "wininet.dll.FindFirstUrlCacheEntryA",
2698. "kernel32.dll.SetFileInformationByHandle",
2699. "urlmon.dll.CreateUri",
2700. "kernel32.dll.InitializeSRWLock",
2701. "kernel32.dll.AcquireSRWLockExclusive",
2702. "kernel32.dll.AcquireSRWLockShared",
2703. "kernel32.dll.ReleaseSRWLockExclusive",
2704. "kernel32.dll.ReleaseSRWLockShared",
2705. "wininet.dll.FindNextUrlCacheEntryA",
2706. "urlmon.dll.CreateIUriBuilder",
2707. "urlmon.dll.IntlPercentEncodeNormalize",
2708. "wininet.dll.FindCloseUrlCache",
2709. "cryptsp.dll.CryptGetHashParam",
2710. "cryptsp.dll.CryptReleaseContext",
2711. "vaultcli.dll.VaultEnumerateVaults",
2712. "user32.dll.GetLastInputInfo",
2713. "ole32.dll.CLSIDFromProgIDEx",
2714. "oleaut32.dll.#201",
2715. "user32.dll.GetClientRect",
2716. "user32.dll.GetWindowRect",
2717. "user32.dll.GetParent",
2718. "ole32.dll.OleInitialize",
2719. "ole32.dll.CoRegisterMessageFilter",
2720. "user32.dll.PeekMessageW",
2721. "user32.dll.WaitMessage",
2722. "mscoree.dll.ND_RI2",
2723. "rasapi32.dll.RasEnumConnectionsW",
2724. "rtutils.dll.TraceRegisterExA",
2725. "rtutils.dll.TracePrintfExA",
2726. "sechost.dll.OpenSCManagerW",
2727. "sechost.dll.OpenServiceW",
2728. "sechost.dll.QueryServiceStatus",
2729. "sechost.dll.CloseServiceHandle",
2730. "ws2_32.dll.WSAStartup",
2731. "ws2_32.dll.WSASocketW",
2732. "ws2_32.dll.setsockopt",
2733. "ws2_32.dll.WSAEventSelect",
2734. "ws2_32.dll.ioctlsocket",
2735. "ws2_32.dll.closesocket",
2736. "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2737. "kernel32.dll.LocalFree",
2738. "kernel32.dll.CreateFileMappingW",
2739. "kernel32.dll.VirtualQuery",
2740. "kernel32.dll.ReleaseMutex",
2741. "advapi32.dll.CreateWellKnownSid",
2742. "kernel32.dll.CreateMutexW",
2743. "kernel32.dll.WaitForSingleObject",
2744. "kernel32.dll.OpenMutexW",
2745. "kernel32.dll.OpenProcess",
2746. "kernel32.dll.GetProcessTimes",
2747. "ws2_32.dll.WSAIoctl",
2748. "kernel32.dll.FormatMessageW",
2749. "rasapi32.dll.RasConnectionNotificationW",
2750. "advapi32.dll.RegOpenCurrentUser",
2751. "advapi32.dll.RegNotifyChangeKeyValue",
2752. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
2753. "sechost.dll.NotifyServiceStatusChangeA",
2754. "iphlpapi.dll.GetNetworkParams",
2755. "dnsapi.dll.DnsQueryConfig",
2756. "iphlpapi.dll.GetAdaptersAddresses",
2757. "kernel32.dll.ResetEvent",
2758. "iphlpapi.dll.GetIpInterfaceEntry",
2759. "iphlpapi.dll.GetBestInterfaceEx",
2760. "ws2_32.dll.inet_addr",
2761. "ws2_32.dll.getaddrinfo",
2762. "ws2_32.dll.freeaddrinfo",
2763. "ws2_32.dll.WSAConnect",
2764. "ws2_32.dll.send",
2765. "ws2_32.dll.recv",
2766. "ws2_32.dll.select",
2767. "ws2_32.dll.shutdown",
2768. "vssapi.dll.CreateWriter",
2769. "advapi32.dll.LookupAccountNameW",
2770. "samcli.dll.NetLocalGroupGetMembers",
2771. "samlib.dll.SamConnect",
2772. "rpcrt4.dll.NdrClientCall3",
2773. "rpcrt4.dll.RpcStringBindingComposeW",
2774. "rpcrt4.dll.RpcBindingFromStringBindingW",
2775. "rpcrt4.dll.RpcStringFreeW",
2776. "rpcrt4.dll.RpcBindingFree",
2777. "samlib.dll.SamOpenDomain",
2778. "samlib.dll.SamLookupNamesInDomain",
2779. "samlib.dll.SamOpenAlias",
2780. "samlib.dll.SamFreeMemory",
2781. "samlib.dll.SamCloseHandle",
2782. "samlib.dll.SamGetMembersInAlias",
2783. "netutils.dll.NetApiBufferFree",
2784. "ole32.dll.CoCreateGuid",
2785. "ole32.dll.StringFromCLSID",
2786. "propsys.dll.VariantToPropVariant",
2787. "wbemcore.dll.Reinitialize",
2788. "wbemsvc.dll.DllGetClassObject",
2789. "wbemsvc.dll.DllCanUnloadNow",
2790. "authz.dll.AuthzInitializeContextFromToken",
2791. "authz.dll.AuthzInitializeObjectAccessAuditEvent2",
2792. "authz.dll.AuthzAccessCheck",
2793. "authz.dll.AuthzFreeAuditEvent",
2794. "authz.dll.AuthzFreeContext",
2795. "authz.dll.AuthzInitializeResourceManager",
2796. "authz.dll.AuthzFreeResourceManager",
2797. "rpcrt4.dll.RpcBindingCreateW",
2798. "rpcrt4.dll.RpcBindingBind",
2799. "rpcrt4.dll.I_RpcMapWin32Status",
2800. "advapi32.dll.EventRegister",
2801. "advapi32.dll.EventUnregister",
2802. "advapi32.dll.EventWrite",
2803. "kernel32.dll.RegCloseKey",
2804. "kernel32.dll.RegSetValueExW",
2805. "kernel32.dll.RegQueryValueExW",
2806. "wmisvc.dll.IsImproperShutdownDetected",
2807. "wevtapi.dll.EvtRender",
2808. "wevtapi.dll.EvtNext",
2809. "wevtapi.dll.EvtClose",
2810. "wevtapi.dll.EvtQuery",
2811. "wevtapi.dll.EvtCreateRenderContext",
2812. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
2813. "rpcrt4.dll.RpcBindingSetOption",
2814. "ole32.dll.CoCreateFreeThreadedMarshaler",
2815. "ole32.dll.CreateStreamOnHGlobal",
2816. "advapi32.dll.RegCreateKeyExW",
2817. "advapi32.dll.RegSetValueExW",
2818. "kernelbase.dll.InitializeAcl",
2819. "kernelbase.dll.AddAce",
2820. "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2821. "kernel32.dll.IsThreadAFiber",
2822. "kernel32.dll.OpenProcessToken",
2823. "kernelbase.dll.GetTokenInformation",
2824. "kernelbase.dll.DuplicateTokenEx",
2825. "kernelbase.dll.AdjustTokenPrivileges",
2826. "kernelbase.dll.AllocateAndInitializeSid",
2827. "kernelbase.dll.CheckTokenMembership",
2828. "kernel32.dll.SetThreadToken",
2829. "ole32.dll.CLSIDFromString",
2830. "oleaut32.dll.#285",
2831. "oleaut32.dll.#12",
2832. "oleaut32.dll.#286",
2833. "oleaut32.dll.#17",
2834. "oleaut32.dll.#20",
2835. "oleaut32.dll.#19",
2836. "oleaut32.dll.#25",
2837. "authz.dll.AuthzInitializeContextFromSid",
2838. "ole32.dll.CoGetCallContext",
2839. "ole32.dll.CoRevertToSelf",
2840. "advapi32.dll.LogonUserExExW",
2841. "sspicli.dll.LogonUserExExW",
2842. "ole32.dll.CoImpersonateClient",
2843. "advapi32.dll.OpenThreadToken",
2844. "oleaut32.dll.#8",
2845. "ole32.dll.CoSwitchCallContext",
2846. "oleaut32.dll.#287",
2847. "oleaut32.dll.#288",
2848. "oleaut32.dll.#289",
2849. "advapi32.dll.WmiMofEnumerateResourcesW",
2850. "advapi32.dll.WmiFreeBuffer",
2851. "kernel32.dll.SortGetHandle",
2852. "kernel32.dll.SortCloseHandle",
2853. "ntmarta.dll.GetMartaExtensionInterface",
2854. "fastprox.dll.DllGetClassObject",
2855. "fastprox.dll.DllCanUnloadNow",
2856. "oleaut32.dll.#290",
2857. "wmi.dll.WmiQueryAllDataW",
2858. "wmi.dll.WmiQuerySingleInstanceW",
2859. "wmi.dll.WmiSetSingleItemW",
2860. "wmi.dll.WmiSetSingleInstanceW",
2861. "wmi.dll.WmiExecuteMethodW",
2862. "wmi.dll.WmiNotificationRegistrationW",
2863. "wmi.dll.WmiMofEnumerateResourcesW",
2864. "wmi.dll.WmiFileHandleToInstanceNameW",
2865. "wmi.dll.WmiDevInstToInstanceNameW",
2866. "wmi.dll.WmiQueryGuidInformation",
2867. "wmi.dll.WmiOpenBlock",
2868. "wmi.dll.WmiCloseBlock",
2869. "wmi.dll.WmiFreeBuffer",
2870. "wmi.dll.WmiEnumerateGuids",
2871. "advapi32.dll.InitiateSystemShutdownExW",
2872. "rpcrt4.dll.UuidFromStringW",
2873. "radarrs.dll.WdiDiagnosticModuleMain",
2874. "radarrs.dll.WdiHandleInstance",
2875. "radarrs.dll.WdiGetDiagnosticModuleInterfaceVersion",
2876. "version.dll.GetFileVersionInfoSizeW",
2877. "version.dll.GetFileVersionInfoW",
2878. "version.dll.VerQueryValueW",
2879. "advapi32.dll.RegGetValueW",
2880. "advapi32.dll.DuplicateToken",
2881. "advapi32.dll.CheckTokenMembership",
2882. "wersvc.dll.ServiceMain",
2883. "wersvc.dll.SvchostPushServiceGlobals",
2884. "faultrep.dll.WerpInitiateCrashReporting",
2885. "wer.dll.WerpCreateMachineStore",
2886. "shell32.dll.SHGetFolderPathEx",
2887. "ole32.dll.StringFromGUID2",
2888. "profapi.dll.#104",
2889. "userenv.dll.CreateEnvironmentBlock",
2890. "sechost.dll.ConvertSidToStringSidW",
2891. "sspicli.dll.GetUserNameExW",
2892. "userenv.dll.DestroyEnvironmentBlock",
2893. "wer.dll.WerpSvcReportFromMachineQueue",
2894. "wtsapi32.dll.WTSQueryUserToken",
2895. "winsta.dll.WinStationQueryInformationW",
2896. "advapi32.dll.ImpersonateLoggedOnUser",
2897. "advapi32.dll.CreateProcessAsUserW",
2898. "advapi32.dll.RevertToSelf",
2899. "imm32.dll.ImmDisableIME",
2900. "psapi.dll.GetModuleFileNameExW",
2901. "wer.dll.WerpCreateIntegratorReportId",
2902. "wer.dll.WerReportCreate",
2903. "wer.dll.WerpSetIntegratorReportId",
2904. "wer.dll.WerReportSetParameter",
2905. "dbgeng.dll.DebugCreate",
2906. "ntdll.dll.CsrGetProcessId",
2907. "ntdll.dll.DbgBreakPoint",
2908. "ntdll.dll.DbgPrint",
2909. "ntdll.dll.DbgPrompt",
2910. "ntdll.dll.DbgUiConvertStateChangeStructure",
2911. "ntdll.dll.DbgUiGetThreadDebugObject",
2912. "ntdll.dll.DbgUiIssueRemoteBreakin",
2913. "ntdll.dll.DbgUiSetThreadDebugObject",
2914. "ntdll.dll.NtAllocateVirtualMemory",
2915. "ntdll.dll.NtClose",
2916. "ntdll.dll.NtCreateDebugObject",
2917. "ntdll.dll.NtCreateFile",
2918. "ntdll.dll.NtDebugActiveProcess",
2919. "ntdll.dll.NtDebugContinue",
2920. "ntdll.dll.NtFreeVirtualMemory",
2921. "ntdll.dll.NtOpenProcess",
2922. "ntdll.dll.NtOpenThread",
2923. "ntdll.dll.NtQueryInformationProcess",
2924. "ntdll.dll.NtQueryMutant",
2925. "ntdll.dll.NtQueryObject",
2926. "ntdll.dll.NtRemoveProcessDebug",
2927. "ntdll.dll.NtResumeThread",
2928. "ntdll.dll.NtSetInformationDebugObject",
2929. "ntdll.dll.NtSetInformationProcess",
2930. "ntdll.dll.NtSystemDebugControl",
2931. "ntdll.dll.NtWaitForDebugEvent",
2932. "ntdll.dll.RtlAnsiStringToUnicodeString",
2933. "ntdll.dll.RtlCreateProcessParameters",
2934. "ntdll.dll.RtlCreateUserProcess",
2935. "ntdll.dll.RtlDestroyProcessParameters",
2936. "ntdll.dll.RtlDosPathNameToNtPathName_U",
2937. "ntdll.dll.RtlFindMessage",
2938. "ntdll.dll.RtlFreeHeap",
2939. "ntdll.dll.RtlFreeUnicodeString",
2940. "ntdll.dll.RtlGetFunctionTableListHead",
2941. "ntdll.dll.RtlGetUnloadEventTrace",
2942. "ntdll.dll.RtlGetUnloadEventTraceEx",
2943. "ntdll.dll.RtlInitAnsiString",
2944. "ntdll.dll.RtlInitUnicodeString",
2945. "ntdll.dll.RtlTryEnterCriticalSection",
2946. "ntdll.dll.RtlUnicodeStringToAnsiString",
2947. "ntdll.dll.NtOpenProcessToken",
2948. "ntdll.dll.NtOpenThreadToken",
2949. "ntdll.dll.NtQueryInformationToken",
2950. "kernel32.dll.CloseProfileUserMapping",
2951. "kernel32.dll.CreateToolhelp32Snapshot",
2952. "kernel32.dll.DebugActiveProcessStop",
2953. "kernel32.dll.DebugBreak",
2954. "kernel32.dll.DebugBreakProcess",
2955. "kernel32.dll.DebugSetProcessKillOnExit",
2956. "kernel32.dll.Module32First",
2957. "kernel32.dll.Module32FirstW",
2958. "kernel32.dll.Module32Next",
2959. "kernel32.dll.Module32NextW",
2960. "kernel32.dll.OpenThread",
2961. "kernel32.dll.Process32First",
2962. "kernel32.dll.Process32FirstW",
2963. "kernel32.dll.Process32Next",
2964. "kernel32.dll.Process32NextW",
2965. "kernel32.dll.SetProcessShutdownParameters",
2966. "kernel32.dll.Thread32First",
2967. "kernel32.dll.Thread32Next",
2968. "kernel32.dll.GetTimeZoneInformation",
2969. "kernel32.dll.Wow64GetThreadSelectorEntry",
2970. "advapi32.dll.CloseServiceHandle",
2971. "advapi32.dll.ControlService",
2972. "advapi32.dll.CreateServiceA",
2973. "advapi32.dll.CreateServiceW",
2974. "advapi32.dll.DeleteService",
2975. "advapi32.dll.EnumServicesStatusExA",
2976. "advapi32.dll.EnumServicesStatusExW",
2977. "advapi32.dll.GetEventLogInformation",
2978. "advapi32.dll.OpenSCManagerA",
2979. "advapi32.dll.OpenSCManagerW",
2980. "advapi32.dll.OpenServiceA",
2981. "advapi32.dll.OpenServiceW",
2982. "advapi32.dll.StartServiceA",
2983. "advapi32.dll.StartServiceW",
2984. "advapi32.dll.GetSidSubAuthority",
2985. "advapi32.dll.GetSidSubAuthorityCount",
2986. "version.dll.GetFileVersionInfoSizeExW",
2987. "version.dll.GetFileVersionInfoExW",
2988. "dbghelp.dll.WinDbgExtensionDllInit",
2989. "dbghelp.dll.ExtensionApiVersion",
2990. "wer.dll.WerpSetDynamicParameter",
2991. "wer.dll.WerReportAddDump",
2992. "wer.dll.WerpSetCallBack",
2993. "wer.dll.WerReportSetUIOption",
2994. "wer.dll.WerpAddRegisteredDataToReport",
2995. "wer.dll.WerReportSubmit",
2996. "user32.dll.LoadStringW",
2997. "sensapi.dll.IsNetworkAlive",
2998. "user32.dll.CharUpperW",
2999. "wer.dll.WerpAddAppCompatData",
3000. "apphelp.dll.SdbGetFileAttributes",
3001. "apphelp.dll.SdbFormatAttribute",
3002. "apphelp.dll.SdbFreeFileAttributes",
3003. "dbghelp.dll.MiniDumpWriteDump",
3004. "kernel32.dll.GetLongPathNameA",
3005. "kernel32.dll.GetLongPathNameW",
3006. "advapi32.dll.RegOpenKeyExA",
3007. "powrprof.dll.CallNtPowerInformation",
3008. "version.dll.GetFileVersionInfoSizeA",
3009. "version.dll.GetFileVersionInfoA",
3010. "version.dll.VerQueryValueA",
3011. "verifier.dll.VerifierEnumerateResource",
3012. "ntdll.dll.NtSuspendProcess",
3013. "ntdll.dll.NtResumeProcess",
3014. "advapi32.dll.QueryTraceW",
3015. "advapi32.dll.IsValidSid",
3016. "advapi32.dll.GetLengthSid",
3017. "advapi32.dll.CopySid",
3018. "advapi32.dll.AddAccessAllowedAceEx",
3019. "advapi32.dll.InitializeSecurityDescriptor",
3020. "advapi32.dll.SetSecurityDescriptorDacl",
3021. "advapi32.dll.RegisterEventSourceW",
3022. "advapi32.dll.ReportEventW",
3023. "advapi32.dll.DeregisterEventSource",
3024. "wer.dll.WerpGetStoreLocation",
3025. "wer.dll.WerpGetStoreType",
3026. "wer.dll.WerReportCloseHandle",
3027. "user32.dll.MsgWaitForMultipleObjects",
3028. "wer.dll.WerpFreeString",
3029. "user32.dll.GetProcessWindowStation",
3030. "user32.dll.GetThreadDesktop",
3031. "user32.dll.GetUserObjectInformationW",
3032. "werui.dll.WerUICreate",
3033. "werui.dll.WerUIStart",
3034. "werui.dll.WerUITerminate",
3035. "werui.dll.WerUIDelete"
3036. ]
3037.  
3038. [*] Static Analysis: {
3039. "pe": {
3040. "peid_signatures": null,
3041. "imports": [
3042. {
3043. "imports": [
3044. {
3045. "name": "DeleteCriticalSection",
3046. "address": "0x46712c"
3047. },
3048. {
3049. "name": "LeaveCriticalSection",
3050. "address": "0x467130"
3051. },
3052. {
3053. "name": "EnterCriticalSection",
3054. "address": "0x467134"
3055. },
3056. {
3057. "name": "InitializeCriticalSection",
3058. "address": "0x467138"
3059. },
3060. {
3061. "name": "VirtualFree",
3062. "address": "0x46713c"
3063. },
3064. {
3065. "name": "VirtualAlloc",
3066. "address": "0x467140"
3067. },
3068. {
3069. "name": "LocalFree",
3070. "address": "0x467144"
3071. },
3072. {
3073. "name": "LocalAlloc",
3074. "address": "0x467148"
3075. },
3076. {
3077. "name": "GetVersion",
3078. "address": "0x46714c"
3079. },
3080. {
3081. "name": "GetCurrentThreadId",
3082. "address": "0x467150"
3083. },
3084. {
3085. "name": "InterlockedDecrement",
3086. "address": "0x467154"
3087. },
3088. {
3089. "name": "InterlockedIncrement",
3090. "address": "0x467158"
3091. },
3092. {
3093. "name": "VirtualQuery",
3094. "address": "0x46715c"
3095. },
3096. {
3097. "name": "WideCharToMultiByte",
3098. "address": "0x467160"
3099. },
3100. {
3101. "name": "MultiByteToWideChar",
3102. "address": "0x467164"
3103. },
3104. {
3105. "name": "lstrlenA",
3106. "address": "0x467168"
3107. },
3108. {
3109. "name": "lstrcpynA",
3110. "address": "0x46716c"
3111. },
3112. {
3113. "name": "LoadLibraryExA",
3114. "address": "0x467170"
3115. },
3116. {
3117. "name": "GetThreadLocale",
3118. "address": "0x467174"
3119. },
3120. {
3121. "name": "GetStartupInfoA",
3122. "address": "0x467178"
3123. },
3124. {
3125. "name": "GetProcAddress",
3126. "address": "0x46717c"
3127. },
3128. {
3129. "name": "GetModuleHandleA",
3130. "address": "0x467180"
3131. },
3132. {
3133. "name": "GetModuleFileNameA",
3134. "address": "0x467184"
3135. },
3136. {
3137. "name": "GetLocaleInfoA",
3138. "address": "0x467188"
3139. },
3140. {
3141. "name": "GetCommandLineA",
3142. "address": "0x46718c"
3143. },
3144. {
3145. "name": "FreeLibrary",
3146. "address": "0x467190"
3147. },
3148. {
3149. "name": "FindFirstFileA",
3150. "address": "0x467194"
3151. },
3152. {
3153. "name": "FindClose",
3154. "address": "0x467198"
3155. },
3156. {
3157. "name": "ExitProcess",
3158. "address": "0x46719c"
3159. },
3160. {
3161. "name": "WriteFile",
3162. "address": "0x4671a0"
3163. },
3164. {
3165. "name": "UnhandledExceptionFilter",
3166. "address": "0x4671a4"
3167. },
3168. {
3169. "name": "RtlUnwind",
3170. "address": "0x4671a8"
3171. },
3172. {
3173. "name": "RaiseException",
3174. "address": "0x4671ac"
3175. },
3176. {
3177. "name": "GetStdHandle",
3178. "address": "0x4671b0"
3179. }
3180. ],
3181. "dll": "kernel32.dll"
3182. },
3183. {
3184. "imports": [
3185. {
3186. "name": "GetKeyboardType",
3187. "address": "0x4671b8"
3188. },
3189. {
3190. "name": "LoadStringA",
3191. "address": "0x4671bc"
3192. },
3193. {
3194. "name": "MessageBoxA",
3195. "address": "0x4671c0"
3196. },
3197. {
3198. "name": "CharNextA",
3199. "address": "0x4671c4"
3200. }
3201. ],
3202. "dll": "user32.dll"
3203. },
3204. {
3205. "imports": [
3206. {
3207. "name": "RegQueryValueExA",
3208. "address": "0x4671cc"
3209. },
3210. {
3211. "name": "RegOpenKeyExA",
3212. "address": "0x4671d0"
3213. },
3214. {
3215. "name": "RegCloseKey",
3216. "address": "0x4671d4"
3217. }
3218. ],
3219. "dll": "advapi32.dll"
3220. },
3221. {
3222. "imports": [
3223. {
3224. "name": "SysFreeString",
3225. "address": "0x4671dc"
3226. },
3227. {
3228. "name": "SysReAllocStringLen",
3229. "address": "0x4671e0"
3230. },
3231. {
3232. "name": "SysAllocStringLen",
3233. "address": "0x4671e4"
3234. }
3235. ],
3236. "dll": "oleaut32.dll"
3237. },
3238. {
3239. "imports": [
3240. {
3241. "name": "TlsSetValue",
3242. "address": "0x4671ec"
3243. },
3244. {
3245. "name": "TlsGetValue",
3246. "address": "0x4671f0"
3247. },
3248. {
3249. "name": "LocalAlloc",
3250. "address": "0x4671f4"
3251. },
3252. {
3253. "name": "GetModuleHandleA",
3254. "address": "0x4671f8"
3255. }
3256. ],
3257. "dll": "kernel32.dll"
3258. },
3259. {
3260. "imports": [
3261. {
3262. "name": "RegQueryValueExA",
3263. "address": "0x467200"
3264. },
3265. {
3266. "name": "RegOpenKeyExA",
3267. "address": "0x467204"
3268. },
3269. {
3270. "name": "RegCloseKey",
3271. "address": "0x467208"
3272. }
3273. ],
3274. "dll": "advapi32.dll"
3275. },
3276. {
3277. "imports": [
3278. {
3279. "name": "lstrcpyA",
3280. "address": "0x467210"
3281. },
3282. {
3283. "name": "WriteFile",
3284. "address": "0x467214"
3285. },
3286. {
3287. "name": "WaitForSingleObject",
3288. "address": "0x467218"
3289. },
3290. {
3291. "name": "VirtualQuery",
3292. "address": "0x46721c"
3293. },
3294. {
3295. "name": "VirtualAlloc",
3296. "address": "0x467220"
3297. },
3298. {
3299. "name": "Sleep",
3300. "address": "0x467224"
3301. },
3302. {
3303. "name": "SizeofResource",
3304. "address": "0x467228"
3305. },
3306. {
3307. "name": "SetThreadLocale",
3308. "address": "0x46722c"
3309. },
3310. {
3311. "name": "SetFilePointer",
3312. "address": "0x467230"
3313. },
3314. {
3315. "name": "SetEvent",
3316. "address": "0x467234"
3317. },
3318. {
3319. "name": "SetErrorMode",
3320. "address": "0x467238"
3321. },
3322. {
3323. "name": "SetEndOfFile",
3324. "address": "0x46723c"
3325. },
3326. {
3327. "name": "ResetEvent",
3328. "address": "0x467240"
3329. },
3330. {
3331. "name": "ReadFile",
3332. "address": "0x467244"
3333. },
3334. {
3335. "name": "MulDiv",
3336. "address": "0x467248"
3337. },
3338. {
3339. "name": "LockResource",
3340. "address": "0x46724c"
3341. },
3342. {
3343. "name": "LoadResource",
3344. "address": "0x467250"
3345. },
3346. {
3347. "name": "LoadLibraryA",
3348. "address": "0x467254"
3349. },
3350. {
3351. "name": "LeaveCriticalSection",
3352. "address": "0x467258"
3353. },
3354. {
3355. "name": "InitializeCriticalSection",
3356. "address": "0x46725c"
3357. },
3358. {
3359. "name": "GlobalUnlock",
3360. "address": "0x467260"
3361. },
3362. {
3363. "name": "GlobalReAlloc",
3364. "address": "0x467264"
3365. },
3366. {
3367. "name": "GlobalHandle",
3368. "address": "0x467268"
3369. },
3370. {
3371. "name": "GlobalLock",
3372. "address": "0x46726c"
3373. },
3374. {
3375. "name": "GlobalFree",
3376. "address": "0x467270"
3377. },
3378. {
3379. "name": "GlobalFindAtomA",
3380. "address": "0x467274"
3381. },
3382. {
3383. "name": "GlobalDeleteAtom",
3384. "address": "0x467278"
3385. },
3386. {
3387. "name": "GlobalAlloc",
3388. "address": "0x46727c"
3389. },
3390. {
3391. "name": "GlobalAddAtomA",
3392. "address": "0x467280"
3393. },
3394. {
3395. "name": "GetVersionExA",
3396. "address": "0x467284"
3397. },
3398. {
3399. "name": "GetVersion",
3400. "address": "0x467288"
3401. },
3402. {
3403. "name": "GetTickCount",
3404. "address": "0x46728c"
3405. },
3406. {
3407. "name": "GetThreadLocale",
3408. "address": "0x467290"
3409. },
3410. {
3411. "name": "GetSystemInfo",
3412. "address": "0x467294"
3413. },
3414. {
3415. "name": "GetStringTypeExA",
3416. "address": "0x467298"
3417. },
3418. {
3419. "name": "GetStdHandle",
3420. "address": "0x46729c"
3421. },
3422. {
3423. "name": "GetProcAddress",
3424. "address": "0x4672a0"
3425. },
3426. {
3427. "name": "GetModuleHandleA",
3428. "address": "0x4672a4"
3429. },
3430. {
3431. "name": "GetModuleFileNameA",
3432. "address": "0x4672a8"
3433. },
3434. {
3435. "name": "GetLocaleInfoA",
3436. "address": "0x4672ac"
3437. },
3438. {
3439. "name": "GetLocalTime",
3440. "address": "0x4672b0"
3441. },
3442. {
3443. "name": "GetLastError",
3444. "address": "0x4672b4"
3445. },
3446. {
3447. "name": "GetFullPathNameA",
3448. "address": "0x4672b8"
3449. },
3450. {
3451. "name": "GetFileAttributesA",
3452. "address": "0x4672bc"
3453. },
3454. {
3455. "name": "GetDiskFreeSpaceA",
3456. "address": "0x4672c0"
3457. },
3458. {
3459. "name": "GetDateFormatA",
3460. "address": "0x4672c4"
3461. },
3462. {
3463. "name": "GetCurrentThreadId",
3464. "address": "0x4672c8"
3465. },
3466. {
3467. "name": "GetCurrentProcessId",
3468. "address": "0x4672cc"
3469. },
3470. {
3471. "name": "GetCPInfo",
3472. "address": "0x4672d0"
3473. },
3474. {
3475. "name": "GetACP",
3476. "address": "0x4672d4"
3477. },
3478. {
3479. "name": "FreeResource",
3480. "address": "0x4672d8"
3481. },
3482. {
3483. "name": "InterlockedExchange",
3484. "address": "0x4672dc"
3485. },
3486. {
3487. "name": "FreeLibrary",
3488. "address": "0x4672e0"
3489. },
3490. {
3491. "name": "FormatMessageA",
3492. "address": "0x4672e4"
3493. },
3494. {
3495. "name": "FindResourceA",
3496. "address": "0x4672e8"
3497. },
3498. {
3499. "name": "FindFirstFileA",
3500. "address": "0x4672ec"
3501. },
3502. {
3503. "name": "FindClose",
3504. "address": "0x4672f0"
3505. },
3506. {
3507. "name": "FileTimeToLocalFileTime",
3508. "address": "0x4672f4"
3509. },
3510. {
3511. "name": "FileTimeToDosDateTime",
3512. "address": "0x4672f8"
3513. },
3514. {
3515. "name": "EnumCalendarInfoA",
3516. "address": "0x4672fc"
3517. },
3518. {
3519. "name": "EnterCriticalSection",
3520. "address": "0x467300"
3521. },
3522. {
3523. "name": "DeleteCriticalSection",
3524. "address": "0x467304"
3525. },
3526. {
3527. "name": "CreateThread",
3528. "address": "0x467308"
3529. },
3530. {
3531. "name": "CreateFileA",
3532. "address": "0x46730c"
3533. },
3534. {
3535. "name": "CreateEventA",
3536. "address": "0x467310"
3537. },
3538. {
3539. "name": "CompareStringA",
3540. "address": "0x467314"
3541. },
3542. {
3543. "name": "CloseHandle",
3544. "address": "0x467318"
3545. }
3546. ],
3547. "dll": "kernel32.dll"
3548. },
3549. {
3550. "imports": [
3551. {
3552. "name": "VerQueryValueA",
3553. "address": "0x467320"
3554. },
3555. {
3556. "name": "GetFileVersionInfoSizeA",
3557. "address": "0x467324"
3558. },
3559. {
3560. "name": "GetFileVersionInfoA",
3561. "address": "0x467328"
3562. }
3563. ],
3564. "dll": "version.dll"
3565. },
3566. {
3567. "imports": [
3568. {
3569. "name": "UnrealizeObject",
3570. "address": "0x467330"
3571. },
3572. {
3573. "name": "StretchBlt",
3574. "address": "0x467334"
3575. },
3576. {
3577. "name": "SetWindowOrgEx",
3578. "address": "0x467338"
3579. },
3580. {
3581. "name": "SetWinMetaFileBits",
3582. "address": "0x46733c"
3583. },
3584. {
3585. "name": "SetViewportOrgEx",
3586. "address": "0x467340"
3587. },
3588. {
3589. "name": "SetTextColor",
3590. "address": "0x467344"
3591. },
3592. {
3593. "name": "SetStretchBltMode",
3594. "address": "0x467348"
3595. },
3596. {
3597. "name": "SetROP2",
3598. "address": "0x46734c"
3599. },
3600. {
3601. "name": "SetPixel",
3602. "address": "0x467350"
3603. },
3604. {
3605. "name": "SetICMMode",
3606. "address": "0x467354"
3607. },
3608. {
3609. "name": "SetEnhMetaFileBits",
3610. "address": "0x467358"
3611. },
3612. {
3613. "name": "SetDIBColorTable",
3614. "address": "0x46735c"
3615. },
3616. {
3617. "name": "SetBrushOrgEx",
3618. "address": "0x467360"
3619. },
3620. {
3621. "name": "SetBkMode",
3622. "address": "0x467364"
3623. },
3624. {
3625. "name": "SetBkColor",
3626. "address": "0x467368"
3627. },
3628. {
3629. "name": "SelectPalette",
3630. "address": "0x46736c"
3631. },
3632. {
3633. "name": "SelectObject",
3634. "address": "0x467370"
3635. },
3636. {
3637. "name": "ScaleWindowExtEx",
3638. "address": "0x467374"
3639. },
3640. {
3641. "name": "SaveDC",
3642. "address": "0x467378"
3643. },
3644. {
3645. "name": "RestoreDC",
3646. "address": "0x46737c"
3647. },
3648. {
3649. "name": "Rectangle",
3650. "address": "0x467380"
3651. },
3652. {
3653. "name": "RectVisible",
3654. "address": "0x467384"
3655. },
3656. {
3657. "name": "RealizePalette",
3658. "address": "0x467388"
3659. },
3660. {
3661. "name": "Polyline",
3662. "address": "0x46738c"
3663. },
3664. {
3665. "name": "PlayEnhMetaFile",
3666. "address": "0x467390"
3667. },
3668. {
3669. "name": "PatBlt",
3670. "address": "0x467394"
3671. },
3672. {
3673. "name": "MoveToEx",
3674. "address": "0x467398"
3675. },
3676. {
3677. "name": "MaskBlt",
3678. "address": "0x46739c"
3679. },
3680. {
3681. "name": "LineTo",
3682. "address": "0x4673a0"
3683. },
3684. {
3685. "name": "IntersectClipRect",
3686. "address": "0x4673a4"
3687. },
3688. {
3689. "name": "GetWindowOrgEx",
3690. "address": "0x4673a8"
3691. },
3692. {
3693. "name": "GetWinMetaFileBits",
3694. "address": "0x4673ac"
3695. },
3696. {
3697. "name": "GetTextMetricsA",
3698. "address": "0x4673b0"
3699. },
3700. {
3701. "name": "GetTextExtentPoint32A",
3702. "address": "0x4673b4"
3703. },
3704. {
3705. "name": "GetSystemPaletteEntries",
3706. "address": "0x4673b8"
3707. },
3708. {
3709. "name": "GetStockObject",
3710. "address": "0x4673bc"
3711. },
3712. {
3713. "name": "GetPixel",
3714. "address": "0x4673c0"
3715. },
3716. {
3717. "name": "GetPaletteEntries",
3718. "address": "0x4673c4"
3719. },
3720. {
3721. "name": "GetObjectA",
3722. "address": "0x4673c8"
3723. },
3724. {
3725. "name": "GetEnhMetaFilePaletteEntries",
3726. "address": "0x4673cc"
3727. },
3728. {
3729. "name": "GetEnhMetaFileHeader",
3730. "address": "0x4673d0"
3731. },
3732. {
3733. "name": "GetEnhMetaFileBits",
3734. "address": "0x4673d4"
3735. },
3736. {
3737. "name": "GetDeviceCaps",
3738. "address": "0x4673d8"
3739. },
3740. {
3741. "name": "GetDIBits",
3742. "address": "0x4673dc"
3743. },
3744. {
3745. "name": "GetDIBColorTable",
3746. "address": "0x4673e0"
3747. },
3748. {
3749. "name": "GetDCOrgEx",
3750. "address": "0x4673e4"
3751. },
3752. {
3753. "name": "GetCurrentPositionEx",
3754. "address": "0x4673e8"
3755. },
3756. {
3757. "name": "GetClipBox",
3758. "address": "0x4673ec"
3759. },
3760. {
3761. "name": "GetBrushOrgEx",
3762. "address": "0x4673f0"
3763. },
3764. {
3765. "name": "GetBitmapBits",
3766. "address": "0x4673f4"
3767. },
3768. {
3769. "name": "ExcludeClipRect",
3770. "address": "0x4673f8"
3771. },
3772. {
3773. "name": "DeleteObject",
3774. "address": "0x4673fc"
3775. },
3776. {
3777. "name": "DeleteEnhMetaFile",
3778. "address": "0x467400"
3779. },
3780. {
3781. "name": "DeleteDC",
3782. "address": "0x467404"
3783. },
3784. {
3785. "name": "CreateSolidBrush",
3786. "address": "0x467408"
3787. },
3788. {
3789. "name": "CreatePenIndirect",
3790. "address": "0x46740c"
3791. },
3792. {
3793. "name": "CreatePalette",
3794. "address": "0x467410"
3795. },
3796. {
3797. "name": "CreateHalftonePalette",
3798. "address": "0x467414"
3799. },
3800. {
3801. "name": "CreateFontIndirectA",
3802. "address": "0x467418"
3803. },
3804. {
3805. "name": "CreateDIBitmap",
3806. "address": "0x46741c"
3807. },
3808. {
3809. "name": "CreateDIBSection",
3810. "address": "0x467420"
3811. },
3812. {
3813. "name": "CreateCompatibleDC",
3814. "address": "0x467424"
3815. },
3816. {
3817. "name": "CreateCompatibleBitmap",
3818. "address": "0x467428"
3819. },
3820. {
3821. "name": "CreateBrushIndirect",
3822. "address": "0x46742c"
3823. },
3824. {
3825. "name": "CreateBitmap",
3826. "address": "0x467430"
3827. },
3828. {
3829. "name": "CopyEnhMetaFileA",
3830. "address": "0x467434"
3831. },
3832. {
3833. "name": "BitBlt",
3834. "address": "0x467438"
3835. }
3836. ],
3837. "dll": "gdi32.dll"
3838. },
3839. {
3840. "imports": [
3841. {
3842. "name": "CreateWindowExA",
3843. "address": "0x467440"
3844. },
3845. {
3846. "name": "WindowFromPoint",
3847. "address": "0x467444"
3848. },
3849. {
3850. "name": "WinHelpA",
3851. "address": "0x467448"
3852. },
3853. {
3854. "name": "WaitMessage",
3855. "address": "0x46744c"
3856. },
3857. {
3858. "name": "UpdateWindow",
3859. "address": "0x467450"
3860. },
3861. {
3862. "name": "UnregisterClassA",
3863. "address": "0x467454"
3864. },
3865. {
3866. "name": "UnhookWindowsHookEx",
3867. "address": "0x467458"
3868. },
3869. {
3870. "name": "TranslateMessage",
3871. "address": "0x46745c"
3872. },
3873. {
3874. "name": "TranslateMDISysAccel",
3875. "address": "0x467460"
3876. },
3877. {
3878. "name": "TrackPopupMenu",
3879. "address": "0x467464"
3880. },
3881. {
3882. "name": "SystemParametersInfoA",
3883. "address": "0x467468"
3884. },
3885. {
3886. "name": "ShowWindow",
3887. "address": "0x46746c"
3888. },
3889. {
3890. "name": "ShowScrollBar",
3891. "address": "0x467470"
3892. },
3893. {
3894. "name": "ShowOwnedPopups",
3895. "address": "0x467474"
3896. },
3897. {
3898. "name": "ShowCursor",
3899. "address": "0x467478"
3900. },
3901. {
3902. "name": "SetWindowsHookExA",
3903. "address": "0x46747c"
3904. },
3905. {
3906. "name": "SetWindowTextA",
3907. "address": "0x467480"
3908. },
3909. {
3910. "name": "SetWindowPos",
3911. "address": "0x467484"
3912. },
3913. {
3914. "name": "SetWindowPlacement",
3915. "address": "0x467488"
3916. },
3917. {
3918. "name": "SetWindowLongA",
3919. "address": "0x46748c"
3920. },
3921. {
3922. "name": "SetTimer",
3923. "address": "0x467490"
3924. },
3925. {
3926. "name": "SetScrollRange",
3927. "address": "0x467494"
3928. },
3929. {
3930. "name": "SetScrollPos",
3931. "address": "0x467498"
3932. },
3933. {
3934. "name": "SetScrollInfo",
3935. "address": "0x46749c"
3936. },
3937. {
3938. "name": "SetRect",
3939. "address": "0x4674a0"
3940. },
3941. {
3942. "name": "SetPropA",
3943. "address": "0x4674a4"
3944. },
3945. {
3946. "name": "SetParent",
3947. "address": "0x4674a8"
3948. },
3949. {
3950. "name": "SetMenuItemInfoA",
3951. "address": "0x4674ac"
3952. },
3953. {
3954. "name": "SetMenu",
3955. "address": "0x4674b0"
3956. },
3957. {
3958. "name": "SetForegroundWindow",
3959. "address": "0x4674b4"
3960. },
3961. {
3962. "name": "SetFocus",
3963. "address": "0x4674b8"
3964. },
3965. {
3966. "name": "SetCursor",
3967. "address": "0x4674bc"
3968. },
3969. {
3970. "name": "SetClassLongA",
3971. "address": "0x4674c0"
3972. },
3973. {
3974. "name": "SetCapture",
3975. "address": "0x4674c4"
3976. },
3977. {
3978. "name": "SetActiveWindow",
3979. "address": "0x4674c8"
3980. },
3981. {
3982. "name": "SendMessageA",
3983. "address": "0x4674cc"
3984. },
3985. {
3986. "name": "ScrollWindow",
3987. "address": "0x4674d0"
3988. },
3989. {
3990. "name": "ScreenToClient",
3991. "address": "0x4674d4"
3992. },
3993. {
3994. "name": "RemovePropA",
3995. "address": "0x4674d8"
3996. },
3997. {
3998. "name": "RemoveMenu",
3999. "address": "0x4674dc"
4000. },
4001. {
4002. "name": "ReleaseDC",
4003. "address": "0x4674e0"
4004. },
4005. {
4006. "name": "ReleaseCapture",
4007. "address": "0x4674e4"
4008. },
4009. {
4010. "name": "RegisterWindowMessageA",
4011. "address": "0x4674e8"
4012. },
4013. {
4014. "name": "RegisterClipboardFormatA",
4015. "address": "0x4674ec"
4016. },
4017. {
4018. "name": "RegisterClassA",
4019. "address": "0x4674f0"
4020. },
4021. {
4022. "name": "RedrawWindow",
4023. "address": "0x4674f4"
4024. },
4025. {
4026. "name": "PtInRect",
4027. "address": "0x4674f8"
4028. },
4029. {
4030. "name": "PostQuitMessage",
4031. "address": "0x4674fc"
4032. },
4033. {
4034. "name": "PostMessageA",
4035. "address": "0x467500"
4036. },
4037. {
4038. "name": "PeekMessageA",
4039. "address": "0x467504"
4040. },
4041. {
4042. "name": "OffsetRect",
4043. "address": "0x467508"
4044. },
4045. {
4046. "name": "OemToCharA",
4047. "address": "0x46750c"
4048. },
4049. {
4050. "name": "MessageBoxA",
4051. "address": "0x467510"
4052. },
4053. {
4054. "name": "MessageBeep",
4055. "address": "0x467514"
4056. },
4057. {
4058. "name": "MapWindowPoints",
4059. "address": "0x467518"
4060. },
4061. {
4062. "name": "MapVirtualKeyA",
4063. "address": "0x46751c"
4064. },
4065. {
4066. "name": "LoadStringA",
4067. "address": "0x467520"
4068. },
4069. {
4070. "name": "LoadKeyboardLayoutA",
4071. "address": "0x467524"
4072. },
4073. {
4074. "name": "LoadIconA",
4075. "address": "0x467528"
4076. },
4077. {
4078. "name": "LoadCursorA",
4079. "address": "0x46752c"
4080. },
4081. {
4082. "name": "LoadBitmapA",
4083. "address": "0x467530"
4084. },
4085. {
4086. "name": "KillTimer",
4087. "address": "0x467534"
4088. },
4089. {
4090. "name": "IsZoomed",
4091. "address": "0x467538"
4092. },
4093. {
4094. "name": "IsWindowVisible",
4095. "address": "0x46753c"
4096. },
4097. {
4098. "name": "IsWindowEnabled",
4099. "address": "0x467540"
4100. },
4101. {
4102. "name": "IsWindow",
4103. "address": "0x467544"
4104. },
4105. {
4106. "name": "IsRectEmpty",
4107. "address": "0x467548"
4108. },
4109. {
4110. "name": "IsIconic",
4111. "address": "0x46754c"
4112. },
4113. {
4114. "name": "IsDialogMessageA",
4115. "address": "0x467550"
4116. },
4117. {
4118. "name": "IsChild",
4119. "address": "0x467554"
4120. },
4121. {
4122. "name": "InvalidateRect",
4123. "address": "0x467558"
4124. },
4125. {
4126. "name": "IntersectRect",
4127. "address": "0x46755c"
4128. },
4129. {
4130. "name": "InsertMenuItemA",
4131. "address": "0x467560"
4132. },
4133. {
4134. "name": "InsertMenuA",
4135. "address": "0x467564"
4136. },
4137. {
4138. "name": "InflateRect",
4139. "address": "0x467568"
4140. },
4141. {
4142. "name": "GetWindowThreadProcessId",
4143. "address": "0x46756c"
4144. },
4145. {
4146. "name": "GetWindowTextA",
4147. "address": "0x467570"
4148. },
4149. {
4150. "name": "GetWindowRect",
4151. "address": "0x467574"
4152. },
4153. {
4154. "name": "GetWindowPlacement",
4155. "address": "0x467578"
4156. },
4157. {
4158. "name": "GetWindowLongA",
4159. "address": "0x46757c"
4160. },
4161. {
4162. "name": "GetWindowDC",
4163. "address": "0x467580"
4164. },
4165. {
4166. "name": "GetTopWindow",
4167. "address": "0x467584"
4168. },
4169. {
4170. "name": "GetSystemMetrics",
4171. "address": "0x467588"
4172. },
4173. {
4174. "name": "GetSystemMenu",
4175. "address": "0x46758c"
4176. },
4177. {
4178. "name": "GetSysColorBrush",
4179. "address": "0x467590"
4180. },
4181. {
4182. "name": "GetSysColor",
4183. "address": "0x467594"
4184. },
4185. {
4186. "name": "GetSubMenu",
4187. "address": "0x467598"
4188. },
4189. {
4190. "name": "GetScrollRange",
4191. "address": "0x46759c"
4192. },
4193. {
4194. "name": "GetScrollPos",
4195. "address": "0x4675a0"
4196. },
4197. {
4198. "name": "GetScrollInfo",
4199. "address": "0x4675a4"
4200. },
4201. {
4202. "name": "GetPropA",
4203. "address": "0x4675a8"
4204. },
4205. {
4206. "name": "GetParent",
4207. "address": "0x4675ac"
4208. },
4209. {
4210. "name": "GetWindow",
4211. "address": "0x4675b0"
4212. },
4213. {
4214. "name": "GetMenuStringA",
4215. "address": "0x4675b4"
4216. },
4217. {
4218. "name": "GetMenuState",
4219. "address": "0x4675b8"
4220. },
4221. {
4222. "name": "GetMenuItemInfoA",
4223. "address": "0x4675bc"
4224. },
4225. {
4226. "name": "GetMenuItemID",
4227. "address": "0x4675c0"
4228. },
4229. {
4230. "name": "GetMenuItemCount",
4231. "address": "0x4675c4"
4232. },
4233. {
4234. "name": "GetMenu",
4235. "address": "0x4675c8"
4236. },
4237. {
4238. "name": "GetLastActivePopup",
4239. "address": "0x4675cc"
4240. },
4241. {
4242. "name": "GetKeyboardState",
4243. "address": "0x4675d0"
4244. },
4245. {
4246. "name": "GetKeyboardLayoutList",
4247. "address": "0x4675d4"
4248. },
4249. {
4250. "name": "GetKeyboardLayout",
4251. "address": "0x4675d8"
4252. },
4253. {
4254. "name": "GetKeyState",
4255. "address": "0x4675dc"
4256. },
4257. {
4258. "name": "GetKeyNameTextA",
4259. "address": "0x4675e0"
4260. },
4261. {
4262. "name": "GetIconInfo",
4263. "address": "0x4675e4"
4264. },
4265. {
4266. "name": "GetForegroundWindow",
4267. "address": "0x4675e8"
4268. },
4269. {
4270. "name": "GetFocus",
4271. "address": "0x4675ec"
4272. },
4273. {
4274. "name": "GetDlgItem",
4275. "address": "0x4675f0"
4276. },
4277. {
4278. "name": "GetDesktopWindow",
4279. "address": "0x4675f4"
4280. },
4281. {
4282. "name": "GetDCEx",
4283. "address": "0x4675f8"
4284. },
4285. {
4286. "name": "GetDC",
4287. "address": "0x4675fc"
4288. },
4289. {
4290. "name": "GetCursorPos",
4291. "address": "0x467600"
4292. },
4293. {
4294. "name": "GetCursor",
4295. "address": "0x467604"
4296. },
4297. {
4298. "name": "GetClipboardData",
4299. "address": "0x467608"
4300. },
4301. {
4302. "name": "GetClientRect",
4303. "address": "0x46760c"
4304. },
4305. {
4306. "name": "GetClassNameA",
4307. "address": "0x467610"
4308. },
4309. {
4310. "name": "GetClassInfoA",
4311. "address": "0x467614"
4312. },
4313. {
4314. "name": "GetCapture",
4315. "address": "0x467618"
4316. },
4317. {
4318. "name": "GetActiveWindow",
4319. "address": "0x46761c"
4320. },
4321. {
4322. "name": "FrameRect",
4323. "address": "0x467620"
4324. },
4325. {
4326. "name": "FindWindowA",
4327. "address": "0x467624"
4328. },
4329. {
4330. "name": "FillRect",
4331. "address": "0x467628"
4332. },
4333. {
4334. "name": "EqualRect",
4335. "address": "0x46762c"
4336. },
4337. {
4338. "name": "EnumWindows",
4339. "address": "0x467630"
4340. },
4341. {
4342. "name": "EnumThreadWindows",
4343. "address": "0x467634"
4344. },
4345. {
4346. "name": "EndPaint",
4347. "address": "0x467638"
4348. },
4349. {
4350. "name": "EnableWindow",
4351. "address": "0x46763c"
4352. },
4353. {
4354. "name": "EnableScrollBar",
4355. "address": "0x467640"
4356. },
4357. {
4358. "name": "EnableMenuItem",
4359. "address": "0x467644"
4360. },
4361. {
4362. "name": "DrawTextA",
4363. "address": "0x467648"
4364. },
4365. {
4366. "name": "DrawMenuBar",
4367. "address": "0x46764c"
4368. },
4369. {
4370. "name": "DrawIconEx",
4371. "address": "0x467650"
4372. },
4373. {
4374. "name": "DrawIcon",
4375. "address": "0x467654"
4376. },
4377. {
4378. "name": "DrawFrameControl",
4379. "address": "0x467658"
4380. },
4381. {
4382. "name": "DrawFocusRect",
4383. "address": "0x46765c"
4384. },
4385. {
4386. "name": "DrawEdge",
4387. "address": "0x467660"
4388. },
4389. {
4390. "name": "DispatchMessageA",
4391. "address": "0x467664"
4392. },
4393. {
4394. "name": "DestroyWindow",
4395. "address": "0x467668"
4396. },
4397. {
4398. "name": "DestroyMenu",
4399. "address": "0x46766c"
4400. },
4401. {
4402. "name": "DestroyIcon",
4403. "address": "0x467670"
4404. },
4405. {
4406. "name": "DestroyCursor",
4407. "address": "0x467674"
4408. },
4409. {
4410. "name": "DeleteMenu",
4411. "address": "0x467678"
4412. },
4413. {
4414. "name": "DefWindowProcA",
4415. "address": "0x46767c"
4416. },
4417. {
4418. "name": "DefMDIChildProcA",
4419. "address": "0x467680"
4420. },
4421. {
4422. "name": "DefFrameProcA",
4423. "address": "0x467684"
4424. },
4425. {
4426. "name": "CreatePopupMenu",
4427. "address": "0x467688"
4428. },
4429. {
4430. "name": "CreateMenu",
4431. "address": "0x46768c"
4432. },
4433. {
4434. "name": "CreateIcon",
4435. "address": "0x467690"
4436. },
4437. {
4438. "name": "ClientToScreen",
4439. "address": "0x467694"
4440. },
4441. {
4442. "name": "CheckMenuItem",
4443. "address": "0x467698"
4444. },
4445. {
4446. "name": "CallWindowProcA",
4447. "address": "0x46769c"
4448. },
4449. {
4450. "name": "CallNextHookEx",
4451. "address": "0x4676a0"
4452. },
4453. {
4454. "name": "BeginPaint",
4455. "address": "0x4676a4"
4456. },
4457. {
4458. "name": "CharNextA",
4459. "address": "0x4676a8"
4460. },
4461. {
4462. "name": "CharLowerBuffA",
4463. "address": "0x4676ac"
4464. },
4465. {
4466. "name": "CharLowerA",
4467. "address": "0x4676b0"
4468. },
4469. {
4470. "name": "CharToOemA",
4471. "address": "0x4676b4"
4472. },
4473. {
4474. "name": "AdjustWindowRectEx",
4475. "address": "0x4676b8"
4476. },
4477. {
4478. "name": "ActivateKeyboardLayout",
4479. "address": "0x4676bc"
4480. }
4481. ],
4482. "dll": "user32.dll"
4483. },
4484. {
4485. "imports": [
4486. {
4487. "name": "Sleep",
4488. "address": "0x4676c4"
4489. }
4490. ],
4491. "dll": "kernel32.dll"
4492. },
4493. {
4494. "imports": [
4495. {
4496. "name": "SafeArrayPtrOfIndex",
4497. "address": "0x4676cc"
4498. },
4499. {
4500. "name": "SafeArrayGetUBound",
4501. "address": "0x4676d0"
4502. },
4503. {
4504. "name": "SafeArrayGetLBound",
4505. "address": "0x4676d4"
4506. },
4507. {
4508. "name": "SafeArrayCreate",
4509. "address": "0x4676d8"
4510. },
4511. {
4512. "name": "VariantChangeType",
4513. "address": "0x4676dc"
4514. },
4515. {
4516. "name": "VariantCopy",
4517. "address": "0x4676e0"
4518. },
4519. {
4520. "name": "VariantClear",
4521. "address": "0x4676e4"
4522. },
4523. {
4524. "name": "VariantInit",
4525. "address": "0x4676e8"
4526. }
4527. ],
4528. "dll": "oleaut32.dll"
4529. },
4530. {
4531. "imports": [
4532. {
4533. "name": "ImageList_SetIconSize",
4534. "address": "0x4676f0"
4535. },
4536. {
4537. "name": "ImageList_GetIconSize",
4538. "address": "0x4676f4"
4539. },
4540. {
4541. "name": "ImageList_Write",
4542. "address": "0x4676f8"
4543. },
4544. {
4545. "name": "ImageList_Read",
4546. "address": "0x4676fc"
4547. },
4548. {
4549. "name": "ImageList_GetDragImage",
4550. "address": "0x467700"
4551. },
4552. {
4553. "name": "ImageList_DragShowNolock",
4554. "address": "0x467704"
4555. },
4556. {
4557. "name": "ImageList_SetDragCursorImage",
4558. "address": "0x467708"
4559. },
4560. {
4561. "name": "ImageList_DragMove",
4562. "address": "0x46770c"
4563. },
4564. {
4565. "name": "ImageList_DragLeave",
4566. "address": "0x467710"
4567. },
4568. {
4569. "name": "ImageList_DragEnter",
4570. "address": "0x467714"
4571. },
4572. {
4573. "name": "ImageList_EndDrag",
4574. "address": "0x467718"
4575. },
4576. {
4577. "name": "ImageList_BeginDrag",
4578. "address": "0x46771c"
4579. },
4580. {
4581. "name": "ImageList_Remove",
4582. "address": "0x467720"
4583. },
4584. {
4585. "name": "ImageList_DrawEx",
4586. "address": "0x467724"
4587. },
4588. {
4589. "name": "ImageList_Replace",
4590. "address": "0x467728"
4591. },
4592. {
4593. "name": "ImageList_Draw",
4594. "address": "0x46772c"
4595. },
4596. {
4597. "name": "ImageList_GetBkColor",
4598. "address": "0x467730"
4599. },
4600. {
4601. "name": "ImageList_SetBkColor",
4602. "address": "0x467734"
4603. },
4604. {
4605. "name": "ImageList_ReplaceIcon",
4606. "address": "0x467738"
4607. },
4608. {
4609. "name": "ImageList_Add",
4610. "address": "0x46773c"
4611. },
4612. {
4613. "name": "ImageList_GetImageCount",
4614. "address": "0x467740"
4615. },
4616. {
4617. "name": "ImageList_Destroy",
4618. "address": "0x467744"
4619. },
4620. {
4621. "name": "ImageList_Create",
4622. "address": "0x467748"
4623. }
4624. ],
4625. "dll": "comctl32.dll"
4626. },
4627. {
4628. "imports": [
4629. {
4630. "name": "GetOpenFileNameA",
4631. "address": "0x467750"
4632. }
4633. ],
4634. "dll": "comdlg32.dll"
4635. }
4636. ],
4637. "digital_signers": null,
4638. "exported_dll_name": null,
4639. "actual_checksum": "0x000a68c3",
4640. "overlay": null,
4641. "imagebase": "0x00400000",
4642. "reported_checksum": "0x00000000",
4643. "icon_hash": null,
4644. "entrypoint": "0x0045b0c0",
4645. "timestamp": "1992-03-03 04:38:51",
4646. "osversion": "4.0",
4647. "sections": [
4648. {
4649. "name": "CODE",
4650. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4651. "virtual_address": "0x00001000",
4652. "size_of_data": "0x0005a200",
4653. "entropy": "6.51",
4654. "raw_address": "0x00000400",
4655. "virtual_size": "0x0005a108",
4656. "characteristics_raw": "0x60000020"
4657. },
4658. {
4659. "name": "DATA",
4660. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4661. "virtual_address": "0x0005c000",
4662. "size_of_data": "0x00009400",
4663. "entropy": "5.00",
4664. "raw_address": "0x0005a600",
4665. "virtual_size": "0x00009320",
4666. "characteristics_raw": "0xc0000040"
4667. },
4668. {
4669. "name": "BSS",
4670. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4671. "virtual_address": "0x00066000",
4672. "size_of_data": "0x00000000",
4673. "entropy": "0.00",
4674. "raw_address": "0x00063a00",
4675. "virtual_size": "0x00000d01",
4676. "characteristics_raw": "0xc0000000"
4677. },
4678. {
4679. "name": ".idata",
4680. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4681. "virtual_address": "0x00067000",
4682. "size_of_data": "0x00002200",
4683. "entropy": "4.99",
4684. "raw_address": "0x00063a00",
4685. "virtual_size": "0x000021ae",
4686. "characteristics_raw": "0xc0000040"
4687. },
4688. {
4689. "name": ".tls",
4690. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4691. "virtual_address": "0x0006a000",
4692. "size_of_data": "0x00000000",
4693. "entropy": "0.00",
4694. "raw_address": "0x00065c00",
4695. "virtual_size": "0x00000010",
4696. "characteristics_raw": "0xc0000000"
4697. },
4698. {
4699. "name": ".rdata",
4700. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4701. "virtual_address": "0x0006b000",
4702. "size_of_data": "0x00000200",
4703. "entropy": "0.21",
4704. "raw_address": "0x00065c00",
4705. "virtual_size": "0x00000018",
4706. "characteristics_raw": "0x50000040"
4707. },
4708. {
4709. "name": ".reloc",
4710. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4711. "virtual_address": "0x0006c000",
4712. "size_of_data": "0x00006a00",
4713. "entropy": "6.66",
4714. "raw_address": "0x00065e00",
4715. "virtual_size": "0x0000695c",
4716. "characteristics_raw": "0x50000040"
4717. },
4718. {
4719. "name": ".rsrc",
4720. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
4721. "virtual_address": "0x00073000",
4722. "size_of_data": "0x00039c00",
4723. "entropy": "7.58",
4724. "raw_address": "0x0006c800",
4725. "virtual_size": "0x00039a98",
4726. "characteristics_raw": "0x50000040"
4727. }
4728. ],
4729. "resources": [],
4730. "dirents": [
4731. {
4732. "virtual_address": "0x00000000",
4733. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
4734. "size": "0x00000000"
4735. },
4736. {
4737. "virtual_address": "0x00067000",
4738. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
4739. "size": "0x000021ae"
4740. },
4741. {
4742. "virtual_address": "0x00073000",
4743. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
4744. "size": "0x00039a98"
4745. },
4746. {
4747. "virtual_address": "0x00000000",
4748. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
4749. "size": "0x00000000"
4750. },
4751. {
4752. "virtual_address": "0x00000000",
4753. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
4754. "size": "0x00000000"
4755. },
4756. {
4757. "virtual_address": "0x0006c000",
4758. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
4759. "size": "0x0000695c"
4760. },
4761. {
4762. "virtual_address": "0x00000000",
4763. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
4764. "size": "0x00000000"
4765. },
4766. {
4767. "virtual_address": "0x00000000",
4768. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
4769. "size": "0x00000000"
4770. },
4771. {
4772. "virtual_address": "0x00000000",
4773. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
4774. "size": "0x00000000"
4775. },
4776. {
4777. "virtual_address": "0x0006b000",
4778. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
4779. "size": "0x00000018"
4780. },
4781. {
4782. "virtual_address": "0x00000000",
4783. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
4784. "size": "0x00000000"
4785. },
4786. {
4787. "virtual_address": "0x00000000",
4788. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
4789. "size": "0x00000000"
4790. },
4791. {
4792. "virtual_address": "0x00000000",
4793. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
4794. "size": "0x00000000"
4795. },
4796. {
4797. "virtual_address": "0x00000000",
4798. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
4799. "size": "0x00000000"
4800. },
4801. {
4802. "virtual_address": "0x00000000",
4803. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
4804. "size": "0x00000000"
4805. },
4806. {
4807. "virtual_address": "0x00000000",
4808. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
4809. "size": "0x00000000"
4810. }
4811. ],
4812. "exports": [],
4813. "guest_signers": {},
4814. "imphash": "eebad2a9366314ce42c920093988f509",
4815. "icon_fuzzy": null,
4816. "icon": null,
4817. "pdbpath": null,
4818. "imported_dll_count": 14,
4819. "versioninfo": []
4820. }
4821. }