API tools faq
paste
Advertisement
paladin316

ADExplorer_exe.json

paladin316
Jun 17th, 2019
1,401
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 105.34 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 0.0
  5.  
  6. [*] File Name: "ADExplorer.exe"
  7. [*] File Size: 479832
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  9. [*] SHA256: "bb45d8ffe245c361c04cca44d0df6e6bd7596cabd70070ffe0d9f519e3b620ea"
  10. [*] MD5: "5d70cf91907165a1425e4ecb4ffa03aa"
  11. [*] SHA1: "bc1d7c9968ee92431f8ad9b4f8063b5b56f32ad5"
  12. [*] SHA512: "fa92e37a6cf5b5eb1f107dc3153fca20f2f041160a61033bac5b6edde68f759ef97967dfdba734e11f20a429df53f9cd1e0a24aa5541f69749f403387aa70c7f"
  13. [*] CRC32: "AFDD017F"
  14. [*] SSDEEP: "12288:QJB9/HQLmTMga6JzQdrAVzDtpzO9LZvYC:QCLmwgza2VzSLZvB"
  15.  
  16. [*] Process Execution: [
  17. "ADExplorer.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: []
  21.  
  22. [*] Started Service: []
  23.  
  24. [*] Executed Commands: []
  25.  
  26. [*] Mutexes: [
  27. "CicLoadWinStaWinSta0",
  28. "Local\\MSCTF.CtfMonitorInstMutexDefault1"
  29. ]
  30.  
  31. [*] Modified Files: [
  32. "\\??\\UNC\\Host*\\MAILSLOT\\NET\\NETLOGON"
  33. ]
  34.  
  35. [*] Deleted Files: []
  36.  
  37. [*] Modified Registry Keys: [
  38. "HKEY_CURRENT_USER\\Software\\MSDART\\Active Directory Explorer",
  39. "HKEY_CURRENT_USER\\Software\\Sysinternals\\Active Directory Explorer",
  40. "HKEY_CURRENT_USER\\Software\\Sysinternals\\Active Directory Explorer\\EulaAccepted"
  41. ]
  42.  
  43. [*] Deleted Registry Keys: []
  44.  
  45. [*] DNS Communications: []
  46.  
  47. [*] Domains: []
  48.  
  49. [*] Network Communication - ICMP: []
  50.  
  51. [*] Network Communication - HTTP: []
  52.  
  53. [*] Network Communication - SMTP: []
  54.  
  55. [*] Network Communication - Hosts: []
  56.  
  57. [*] Network Communication - IRC: []
  58.  
  59. [*] Static Analysis: {
  60. "pe": {
  61. "peid_signatures": null,
  62. "imports": [
  63. {
  64. "imports": [
  65. {
  66. "name": "NetUserGetGroups",
  67. "address": "0x4502e0"
  68. },
  69. {
  70. "name": "NetUserGetLocalGroups",
  71. "address": "0x4502e4"
  72. }
  73. ],
  74. "dll": "NETAPI32.dll"
  75. },
  76. {
  77. "imports": [
  78. {
  79. "name": "UuidFromStringW",
  80. "address": "0x450328"
  81. }
  82. ],
  83. "dll": "RPCRT4.dll"
  84. },
  85. {
  86. "imports": [
  87. {
  88. "name": "GetFileVersionInfoSizeW",
  89. "address": "0x4504d0"
  90. },
  91. {
  92. "name": "GetFileVersionInfoW",
  93. "address": "0x4504d4"
  94. },
  95. {
  96. "name": "VerQueryValueW",
  97. "address": "0x4504d8"
  98. }
  99. ],
  100. "dll": "VERSION.dll"
  101. },
  102. {
  103. "imports": [
  104. {
  105. "name": "LCMapStringA",
  106. "address": "0x450118"
  107. },
  108. {
  109. "name": "GetConsoleMode",
  110. "address": "0x45011c"
  111. },
  112. {
  113. "name": "GetConsoleCP",
  114. "address": "0x450120"
  115. },
  116. {
  117. "name": "GetModuleHandleA",
  118. "address": "0x450124"
  119. },
  120. {
  121. "name": "DebugBreak",
  122. "address": "0x450128"
  123. },
  124. {
  125. "name": "GetCurrentProcessId",
  126. "address": "0x45012c"
  127. },
  128. {
  129. "name": "QueryPerformanceCounter",
  130. "address": "0x450130"
  131. },
  132. {
  133. "name": "GetEnvironmentStringsW",
  134. "address": "0x450134"
  135. },
  136. {
  137. "name": "FreeEnvironmentStringsW",
  138. "address": "0x450138"
  139. },
  140. {
  141. "name": "GetEnvironmentStrings",
  142. "address": "0x45013c"
  143. },
  144. {
  145. "name": "FreeEnvironmentStringsA",
  146. "address": "0x450140"
  147. },
  148. {
  149. "name": "GetFileType",
  150. "address": "0x450144"
  151. },
  152. {
  153. "name": "SetHandleCount",
  154. "address": "0x450148"
  155. },
  156. {
  157. "name": "LCMapStringW",
  158. "address": "0x45014c"
  159. },
  160. {
  161. "name": "GetModuleFileNameA",
  162. "address": "0x450150"
  163. },
  164. {
  165. "name": "GetStdHandle",
  166. "address": "0x450154"
  167. },
  168. {
  169. "name": "ExitProcess",
  170. "address": "0x450158"
  171. },
  172. {
  173. "name": "VirtualAlloc",
  174. "address": "0x45015c"
  175. },
  176. {
  177. "name": "VirtualFree",
  178. "address": "0x450160"
  179. },
  180. {
  181. "name": "HeapCreate",
  182. "address": "0x450164"
  183. },
  184. {
  185. "name": "GetStringTypeA",
  186. "address": "0x450168"
  187. },
  188. {
  189. "name": "GetCurrentThreadId",
  190. "address": "0x45016c"
  191. },
  192. {
  193. "name": "SetLastError",
  194. "address": "0x450170"
  195. },
  196. {
  197. "name": "TlsFree",
  198. "address": "0x450174"
  199. },
  200. {
  201. "name": "IsValidCodePage",
  202. "address": "0x450178"
  203. },
  204. {
  205. "name": "GetOEMCP",
  206. "address": "0x45017c"
  207. },
  208. {
  209. "name": "GetACP",
  210. "address": "0x450180"
  211. },
  212. {
  213. "name": "GetCPInfo",
  214. "address": "0x450184"
  215. },
  216. {
  217. "name": "RaiseException",
  218. "address": "0x450188"
  219. },
  220. {
  221. "name": "RtlUnwind",
  222. "address": "0x45018c"
  223. },
  224. {
  225. "name": "GetStartupInfoA",
  226. "address": "0x450190"
  227. },
  228. {
  229. "name": "GetCommandLineA",
  230. "address": "0x450194"
  231. },
  232. {
  233. "name": "HeapReAlloc",
  234. "address": "0x450198"
  235. },
  236. {
  237. "name": "IsDebuggerPresent",
  238. "address": "0x45019c"
  239. },
  240. {
  241. "name": "SetUnhandledExceptionFilter",
  242. "address": "0x4501a0"
  243. },
  244. {
  245. "name": "UnhandledExceptionFilter",
  246. "address": "0x4501a4"
  247. },
  248. {
  249. "name": "TerminateProcess",
  250. "address": "0x4501a8"
  251. },
  252. {
  253. "name": "CreateThread",
  254. "address": "0x4501ac"
  255. },
  256. {
  257. "name": "ResumeThread",
  258. "address": "0x4501b0"
  259. },
  260. {
  261. "name": "ExitThread",
  262. "address": "0x4501b4"
  263. },
  264. {
  265. "name": "HeapSize",
  266. "address": "0x4501b8"
  267. },
  268. {
  269. "name": "HeapAlloc",
  270. "address": "0x4501bc"
  271. },
  272. {
  273. "name": "GetStringTypeW",
  274. "address": "0x4501c0"
  275. },
  276. {
  277. "name": "GetLocaleInfoA",
  278. "address": "0x4501c4"
  279. },
  280. {
  281. "name": "InitializeCriticalSectionAndSpinCount",
  282. "address": "0x4501c8"
  283. },
  284. {
  285. "name": "LoadLibraryA",
  286. "address": "0x4501cc"
  287. },
  288. {
  289. "name": "ExpandEnvironmentStringsA",
  290. "address": "0x4501d0"
  291. },
  292. {
  293. "name": "GetProcessHeap",
  294. "address": "0x4501d4"
  295. },
  296. {
  297. "name": "HeapFree",
  298. "address": "0x4501d8"
  299. },
  300. {
  301. "name": "WideCharToMultiByte",
  302. "address": "0x4501dc"
  303. },
  304. {
  305. "name": "lstrlenA",
  306. "address": "0x4501e0"
  307. },
  308. {
  309. "name": "WriteFile",
  310. "address": "0x4501e4"
  311. },
  312. {
  313. "name": "FileTimeToLocalFileTime",
  314. "address": "0x4501e8"
  315. },
  316. {
  317. "name": "GetCurrentProcess",
  318. "address": "0x4501ec"
  319. },
  320. {
  321. "name": "FreeLibrary",
  322. "address": "0x4501f0"
  323. },
  324. {
  325. "name": "GetSystemInfo",
  326. "address": "0x4501f4"
  327. },
  328. {
  329. "name": "GetLastError",
  330. "address": "0x4501f8"
  331. },
  332. {
  333. "name": "Sleep",
  334. "address": "0x4501fc"
  335. },
  336. {
  337. "name": "GetSystemTimeAsFileTime",
  338. "address": "0x450200"
  339. },
  340. {
  341. "name": "MultiByteToWideChar",
  342. "address": "0x450204"
  343. },
  344. {
  345. "name": "CreateFileW",
  346. "address": "0x450208"
  347. },
  348. {
  349. "name": "ReadFile",
  350. "address": "0x45020c"
  351. },
  352. {
  353. "name": "GetSystemDirectoryW",
  354. "address": "0x450210"
  355. },
  356. {
  357. "name": "OutputDebugStringW",
  358. "address": "0x450214"
  359. },
  360. {
  361. "name": "GetFileSize",
  362. "address": "0x450218"
  363. },
  364. {
  365. "name": "TlsAlloc",
  366. "address": "0x45021c"
  367. },
  368. {
  369. "name": "FormatMessageW",
  370. "address": "0x450220"
  371. },
  372. {
  373. "name": "TlsSetValue",
  374. "address": "0x450224"
  375. },
  376. {
  377. "name": "GetUserDefaultLangID",
  378. "address": "0x450228"
  379. },
  380. {
  381. "name": "TlsGetValue",
  382. "address": "0x45022c"
  383. },
  384. {
  385. "name": "GetSystemDefaultLangID",
  386. "address": "0x450230"
  387. },
  388. {
  389. "name": "LocalAlloc",
  390. "address": "0x450234"
  391. },
  392. {
  393. "name": "LocalFree",
  394. "address": "0x450238"
  395. },
  396. {
  397. "name": "GetTimeZoneInformation",
  398. "address": "0x45023c"
  399. },
  400. {
  401. "name": "FileTimeToSystemTime",
  402. "address": "0x450240"
  403. },
  404. {
  405. "name": "GetTimeFormatW",
  406. "address": "0x450244"
  407. },
  408. {
  409. "name": "CompareFileTime",
  410. "address": "0x450248"
  411. },
  412. {
  413. "name": "SystemTimeToFileTime",
  414. "address": "0x45024c"
  415. },
  416. {
  417. "name": "SystemTimeToTzSpecificLocalTime",
  418. "address": "0x450250"
  419. },
  420. {
  421. "name": "GetDateFormatW",
  422. "address": "0x450254"
  423. },
  424. {
  425. "name": "DeleteFileW",
  426. "address": "0x450258"
  427. },
  428. {
  429. "name": "CloseHandle",
  430. "address": "0x45025c"
  431. },
  432. {
  433. "name": "DeleteCriticalSection",
  434. "address": "0x450260"
  435. },
  436. {
  437. "name": "CreateFileMappingW",
  438. "address": "0x450264"
  439. },
  440. {
  441. "name": "GlobalFree",
  442. "address": "0x450268"
  443. },
  444. {
  445. "name": "EnterCriticalSection",
  446. "address": "0x45026c"
  447. },
  448. {
  449. "name": "GetProcAddress",
  450. "address": "0x450270"
  451. },
  452. {
  453. "name": "GlobalUnlock",
  454. "address": "0x450274"
  455. },
  456. {
  457. "name": "CompareStringW",
  458. "address": "0x450278"
  459. },
  460. {
  461. "name": "GetModuleFileNameW",
  462. "address": "0x45027c"
  463. },
  464. {
  465. "name": "GetFileAttributesW",
  466. "address": "0x450280"
  467. },
  468. {
  469. "name": "LeaveCriticalSection",
  470. "address": "0x450284"
  471. },
  472. {
  473. "name": "GetVersionExW",
  474. "address": "0x450288"
  475. },
  476. {
  477. "name": "LoadLibraryW",
  478. "address": "0x45028c"
  479. },
  480. {
  481. "name": "GlobalAlloc",
  482. "address": "0x450290"
  483. },
  484. {
  485. "name": "InitializeCriticalSection",
  486. "address": "0x450294"
  487. },
  488. {
  489. "name": "GetTickCount",
  490. "address": "0x450298"
  491. },
  492. {
  493. "name": "GetModuleHandleW",
  494. "address": "0x45029c"
  495. },
  496. {
  497. "name": "GlobalLock",
  498. "address": "0x4502a0"
  499. },
  500. {
  501. "name": "InterlockedDecrement",
  502. "address": "0x4502a4"
  503. },
  504. {
  505. "name": "InterlockedIncrement",
  506. "address": "0x4502a8"
  507. },
  508. {
  509. "name": "SetEndOfFile",
  510. "address": "0x4502ac"
  511. },
  512. {
  513. "name": "UnmapViewOfFile",
  514. "address": "0x4502b0"
  515. },
  516. {
  517. "name": "MapViewOfFile",
  518. "address": "0x4502b4"
  519. },
  520. {
  521. "name": "SetFilePointer",
  522. "address": "0x4502b8"
  523. },
  524. {
  525. "name": "GetCommandLineW",
  526. "address": "0x4502bc"
  527. },
  528. {
  529. "name": "SetStdHandle",
  530. "address": "0x4502c0"
  531. },
  532. {
  533. "name": "FlushFileBuffers",
  534. "address": "0x4502c4"
  535. },
  536. {
  537. "name": "VirtualQuery",
  538. "address": "0x4502c8"
  539. },
  540. {
  541. "name": "WriteConsoleA",
  542. "address": "0x4502cc"
  543. },
  544. {
  545. "name": "GetConsoleOutputCP",
  546. "address": "0x4502d0"
  547. },
  548. {
  549. "name": "WriteConsoleW",
  550. "address": "0x4502d4"
  551. },
  552. {
  553. "name": "CreateFileA",
  554. "address": "0x4502d8"
  555. }
  556. ],
  557. "dll": "KERNEL32.dll"
  558. },
  559. {
  560. "imports": [
  561. {
  562. "name": "DispatchMessageW",
  563. "address": "0x45033c"
  564. },
  565. {
  566. "name": "MoveWindow",
  567. "address": "0x450340"
  568. },
  569. {
  570. "name": "CheckMenuItem",
  571. "address": "0x450344"
  572. },
  573. {
  574. "name": "MsgWaitForMultipleObjects",
  575. "address": "0x450348"
  576. },
  577. {
  578. "name": "DrawTextW",
  579. "address": "0x45034c"
  580. },
  581. {
  582. "name": "PostMessageW",
  583. "address": "0x450350"
  584. },
  585. {
  586. "name": "SetCapture",
  587. "address": "0x450354"
  588. },
  589. {
  590. "name": "LoadImageW",
  591. "address": "0x450358"
  592. },
  593. {
  594. "name": "TrackPopupMenu",
  595. "address": "0x45035c"
  596. },
  597. {
  598. "name": "PostQuitMessage",
  599. "address": "0x450360"
  600. },
  601. {
  602. "name": "GetMessageW",
  603. "address": "0x450364"
  604. },
  605. {
  606. "name": "GetWindowRect",
  607. "address": "0x450368"
  608. },
  609. {
  610. "name": "ScreenToClient",
  611. "address": "0x45036c"
  612. },
  613. {
  614. "name": "GetDlgItemInt",
  615. "address": "0x450370"
  616. },
  617. {
  618. "name": "TranslateAcceleratorW",
  619. "address": "0x450374"
  620. },
  621. {
  622. "name": "CloseClipboard",
  623. "address": "0x450378"
  624. },
  625. {
  626. "name": "GetWindowTextLengthW",
  627. "address": "0x45037c"
  628. },
  629. {
  630. "name": "SetCursor",
  631. "address": "0x450380"
  632. },
  633. {
  634. "name": "SetWindowPlacement",
  635. "address": "0x450384"
  636. },
  637. {
  638. "name": "DestroyWindow",
  639. "address": "0x450388"
  640. },
  641. {
  642. "name": "ClientToScreen",
  643. "address": "0x45038c"
  644. },
  645. {
  646. "name": "EndPaint",
  647. "address": "0x450390"
  648. },
  649. {
  650. "name": "DialogBoxIndirectParamW",
  651. "address": "0x450394"
  652. },
  653. {
  654. "name": "CopyIcon",
  655. "address": "0x450398"
  656. },
  657. {
  658. "name": "IsZoomed",
  659. "address": "0x45039c"
  660. },
  661. {
  662. "name": "GetSubMenu",
  663. "address": "0x4503a0"
  664. },
  665. {
  666. "name": "DeleteMenu",
  667. "address": "0x4503a4"
  668. },
  669. {
  670. "name": "GetFocus",
  671. "address": "0x4503a8"
  672. },
  673. {
  674. "name": "DialogBoxParamW",
  675. "address": "0x4503ac"
  676. },
  677. {
  678. "name": "GetParent",
  679. "address": "0x4503b0"
  680. },
  681. {
  682. "name": "LoadCursorW",
  683. "address": "0x4503b4"
  684. },
  685. {
  686. "name": "MessageBeep",
  687. "address": "0x4503b8"
  688. },
  689. {
  690. "name": "MenuItemFromPoint",
  691. "address": "0x4503bc"
  692. },
  693. {
  694. "name": "GetClientRect",
  695. "address": "0x4503c0"
  696. },
  697. {
  698. "name": "SetFocus",
  699. "address": "0x4503c4"
  700. },
  701. {
  702. "name": "GetMenuItemInfoW",
  703. "address": "0x4503c8"
  704. },
  705. {
  706. "name": "BeginPaint",
  707. "address": "0x4503cc"
  708. },
  709. {
  710. "name": "PtInRect",
  711. "address": "0x4503d0"
  712. },
  713. {
  714. "name": "SetPropW",
  715. "address": "0x4503d4"
  716. },
  717. {
  718. "name": "InsertMenuItemW",
  719. "address": "0x4503d8"
  720. },
  721. {
  722. "name": "TranslateMessage",
  723. "address": "0x4503dc"
  724. },
  725. {
  726. "name": "LoadAcceleratorsW",
  727. "address": "0x4503e0"
  728. },
  729. {
  730. "name": "InflateRect",
  731. "address": "0x4503e4"
  732. },
  733. {
  734. "name": "ChildWindowFromPoint",
  735. "address": "0x4503e8"
  736. },
  737. {
  738. "name": "SetDlgItemInt",
  739. "address": "0x4503ec"
  740. },
  741. {
  742. "name": "GetMenu",
  743. "address": "0x4503f0"
  744. },
  745. {
  746. "name": "IsDialogMessageW",
  747. "address": "0x4503f4"
  748. },
  749. {
  750. "name": "DefWindowProcW",
  751. "address": "0x4503f8"
  752. },
  753. {
  754. "name": "CallWindowProcW",
  755. "address": "0x4503fc"
  756. },
  757. {
  758. "name": "GetPropW",
  759. "address": "0x450400"
  760. },
  761. {
  762. "name": "DrawFrameControl",
  763. "address": "0x450404"
  764. },
  765. {
  766. "name": "EndDeferWindowPos",
  767. "address": "0x450408"
  768. },
  769. {
  770. "name": "DestroyIcon",
  771. "address": "0x45040c"
  772. },
  773. {
  774. "name": "SetWindowTextW",
  775. "address": "0x450410"
  776. },
  777. {
  778. "name": "DestroyMenu",
  779. "address": "0x450414"
  780. },
  781. {
  782. "name": "SetClipboardData",
  783. "address": "0x450418"
  784. },
  785. {
  786. "name": "RegisterClassExW",
  787. "address": "0x45041c"
  788. },
  789. {
  790. "name": "LoadIconW",
  791. "address": "0x450420"
  792. },
  793. {
  794. "name": "GetWindowPlacement",
  795. "address": "0x450424"
  796. },
  797. {
  798. "name": "OffsetRect",
  799. "address": "0x450428"
  800. },
  801. {
  802. "name": "InvalidateRect",
  803. "address": "0x45042c"
  804. },
  805. {
  806. "name": "LoadMenuW",
  807. "address": "0x450430"
  808. },
  809. {
  810. "name": "GetWindowLongW",
  811. "address": "0x450434"
  812. },
  813. {
  814. "name": "AppendMenuW",
  815. "address": "0x450438"
  816. },
  817. {
  818. "name": "GetWindowTextW",
  819. "address": "0x45043c"
  820. },
  821. {
  822. "name": "PeekMessageW",
  823. "address": "0x450440"
  824. },
  825. {
  826. "name": "GetClassNameW",
  827. "address": "0x450444"
  828. },
  829. {
  830. "name": "EnableMenuItem",
  831. "address": "0x450448"
  832. },
  833. {
  834. "name": "EmptyClipboard",
  835. "address": "0x45044c"
  836. },
  837. {
  838. "name": "GetDlgItem",
  839. "address": "0x450450"
  840. },
  841. {
  842. "name": "SetWindowLongW",
  843. "address": "0x450454"
  844. },
  845. {
  846. "name": "EndDialog",
  847. "address": "0x450458"
  848. },
  849. {
  850. "name": "SendDlgItemMessageW",
  851. "address": "0x45045c"
  852. },
  853. {
  854. "name": "GetSysColor",
  855. "address": "0x450460"
  856. },
  857. {
  858. "name": "SetWindowPos",
  859. "address": "0x450464"
  860. },
  861. {
  862. "name": "CheckDlgButton",
  863. "address": "0x450468"
  864. },
  865. {
  866. "name": "EnumChildWindows",
  867. "address": "0x45046c"
  868. },
  869. {
  870. "name": "ShowWindow",
  871. "address": "0x450470"
  872. },
  873. {
  874. "name": "CreatePopupMenu",
  875. "address": "0x450474"
  876. },
  877. {
  878. "name": "GetSysColorBrush",
  879. "address": "0x450478"
  880. },
  881. {
  882. "name": "IsDlgButtonChecked",
  883. "address": "0x45047c"
  884. },
  885. {
  886. "name": "CreateDialogParamW",
  887. "address": "0x450480"
  888. },
  889. {
  890. "name": "DrawMenuBar",
  891. "address": "0x450484"
  892. },
  893. {
  894. "name": "GetActiveWindow",
  895. "address": "0x450488"
  896. },
  897. {
  898. "name": "GetMenuItemCount",
  899. "address": "0x45048c"
  900. },
  901. {
  902. "name": "CreateWindowExW",
  903. "address": "0x450490"
  904. },
  905. {
  906. "name": "SetMenuDefaultItem",
  907. "address": "0x450494"
  908. },
  909. {
  910. "name": "OpenClipboard",
  911. "address": "0x450498"
  912. },
  913. {
  914. "name": "DeferWindowPos",
  915. "address": "0x45049c"
  916. },
  917. {
  918. "name": "MessageBoxW",
  919. "address": "0x4504a0"
  920. },
  921. {
  922. "name": "ReleaseCapture",
  923. "address": "0x4504a4"
  924. },
  925. {
  926. "name": "BeginDeferWindowPos",
  927. "address": "0x4504a8"
  928. },
  929. {
  930. "name": "GetSystemMetrics",
  931. "address": "0x4504ac"
  932. },
  933. {
  934. "name": "IsWindowVisible",
  935. "address": "0x4504b0"
  936. },
  937. {
  938. "name": "GetDlgItemTextW",
  939. "address": "0x4504b4"
  940. },
  941. {
  942. "name": "SetDlgItemTextW",
  943. "address": "0x4504b8"
  944. },
  945. {
  946. "name": "SendMessageW",
  947. "address": "0x4504bc"
  948. },
  949. {
  950. "name": "MapWindowPoints",
  951. "address": "0x4504c0"
  952. },
  953. {
  954. "name": "UpdateWindow",
  955. "address": "0x4504c4"
  956. },
  957. {
  958. "name": "EnableWindow",
  959. "address": "0x4504c8"
  960. }
  961. ],
  962. "dll": "USER32.dll"
  963. },
  964. {
  965. "imports": [
  966. {
  967. "name": "SetBkColor",
  968. "address": "0x4500dc"
  969. },
  970. {
  971. "name": "ExtTextOutW",
  972. "address": "0x4500e0"
  973. },
  974. {
  975. "name": "EndPage",
  976. "address": "0x4500e4"
  977. },
  978. {
  979. "name": "StartPage",
  980. "address": "0x4500e8"
  981. },
  982. {
  983. "name": "GetDeviceCaps",
  984. "address": "0x4500ec"
  985. },
  986. {
  987. "name": "SetMapMode",
  988. "address": "0x4500f0"
  989. },
  990. {
  991. "name": "SetTextColor",
  992. "address": "0x4500f4"
  993. },
  994. {
  995. "name": "CreateFontIndirectW",
  996. "address": "0x4500f8"
  997. },
  998. {
  999. "name": "SetBkMode",
  1000. "address": "0x4500fc"
  1001. },
  1002. {
  1003. "name": "SelectObject",
  1004. "address": "0x450100"
  1005. },
  1006. {
  1007. "name": "GetObjectW",
  1008. "address": "0x450104"
  1009. },
  1010. {
  1011. "name": "EndDoc",
  1012. "address": "0x450108"
  1013. },
  1014. {
  1015. "name": "GetStockObject",
  1016. "address": "0x45010c"
  1017. },
  1018. {
  1019. "name": "StartDocW",
  1020. "address": "0x450110"
  1021. }
  1022. ],
  1023. "dll": "GDI32.dll"
  1024. },
  1025. {
  1026. "imports": [
  1027. {
  1028. "name": "GetSaveFileNameW",
  1029. "address": "0x4500cc"
  1030. },
  1031. {
  1032. "name": "GetOpenFileNameW",
  1033. "address": "0x4500d0"
  1034. },
  1035. {
  1036. "name": "PrintDlgW",
  1037. "address": "0x4500d4"
  1038. }
  1039. ],
  1040. "dll": "COMDLG32.dll"
  1041. },
  1042. {
  1043. "imports": [
  1044. {
  1045. "name": "GetSecurityDescriptorLength",
  1046. "address": "0x45001c"
  1047. },
  1048. {
  1049. "name": "RegDeleteValueW",
  1050. "address": "0x450020"
  1051. },
  1052. {
  1053. "name": "RegCreateKeyW",
  1054. "address": "0x450024"
  1055. },
  1056. {
  1057. "name": "RegEnumValueW",
  1058. "address": "0x450028"
  1059. },
  1060. {
  1061. "name": "RegSetValueExW",
  1062. "address": "0x45002c"
  1063. },
  1064. {
  1065. "name": "ConvertStringSidToSidW",
  1066. "address": "0x450030"
  1067. },
  1068. {
  1069. "name": "ConvertStringSecurityDescriptorToSecurityDescriptorW",
  1070. "address": "0x450034"
  1071. },
  1072. {
  1073. "name": "GetLengthSid",
  1074. "address": "0x450038"
  1075. },
  1076. {
  1077. "name": "ConvertSidToStringSidW",
  1078. "address": "0x45003c"
  1079. },
  1080. {
  1081. "name": "ConvertSecurityDescriptorToStringSecurityDescriptorW",
  1082. "address": "0x450040"
  1083. },
  1084. {
  1085. "name": "RegQueryValueExW",
  1086. "address": "0x450044"
  1087. },
  1088. {
  1089. "name": "RegOpenKeyExA",
  1090. "address": "0x450048"
  1091. },
  1092. {
  1093. "name": "RegQueryValueExA",
  1094. "address": "0x45004c"
  1095. },
  1096. {
  1097. "name": "AdjustTokenPrivileges",
  1098. "address": "0x450050"
  1099. },
  1100. {
  1101. "name": "LookupPrivilegeValueW",
  1102. "address": "0x450054"
  1103. },
  1104. {
  1105. "name": "OpenProcessToken",
  1106. "address": "0x450058"
  1107. },
  1108. {
  1109. "name": "GetSecurityDescriptorDacl",
  1110. "address": "0x45005c"
  1111. },
  1112. {
  1113. "name": "GetSecurityDescriptorGroup",
  1114. "address": "0x450060"
  1115. },
  1116. {
  1117. "name": "IsValidSid",
  1118. "address": "0x450064"
  1119. },
  1120. {
  1121. "name": "GetSecurityDescriptorOwner",
  1122. "address": "0x450068"
  1123. },
  1124. {
  1125. "name": "GetSidIdentifierAuthority",
  1126. "address": "0x45006c"
  1127. },
  1128. {
  1129. "name": "GetSidSubAuthority",
  1130. "address": "0x450070"
  1131. },
  1132. {
  1133. "name": "MapGenericMask",
  1134. "address": "0x450074"
  1135. },
  1136. {
  1137. "name": "GetSidSubAuthorityCount",
  1138. "address": "0x450078"
  1139. },
  1140. {
  1141. "name": "EqualSid",
  1142. "address": "0x45007c"
  1143. },
  1144. {
  1145. "name": "GetAce",
  1146. "address": "0x450080"
  1147. },
  1148. {
  1149. "name": "LookupAccountSidW",
  1150. "address": "0x450084"
  1151. },
  1152. {
  1153. "name": "AllocateAndInitializeSid",
  1154. "address": "0x450088"
  1155. },
  1156. {
  1157. "name": "RegCloseKey",
  1158. "address": "0x45008c"
  1159. }
  1160. ],
  1161. "dll": "ADVAPI32.dll"
  1162. },
  1163. {
  1164. "imports": [
  1165. {
  1166. "name": "CommandLineToArgvW",
  1167. "address": "0x450330"
  1168. },
  1169. {
  1170. "name": "ShellExecuteW",
  1171. "address": "0x450334"
  1172. }
  1173. ],
  1174. "dll": "SHELL32.dll"
  1175. },
  1176. {
  1177. "imports": [
  1178. {
  1179. "name": "CoInitialize",
  1180. "address": "0x450504"
  1181. },
  1182. {
  1183. "name": "CreateBindCtx",
  1184. "address": "0x450508"
  1185. },
  1186. {
  1187. "name": "CoUninitialize",
  1188. "address": "0x45050c"
  1189. },
  1190. {
  1191. "name": "CoCreateInstance",
  1192. "address": "0x450510"
  1193. },
  1194. {
  1195. "name": "IIDFromString",
  1196. "address": "0x450514"
  1197. },
  1198. {
  1199. "name": "StringFromGUID2",
  1200. "address": "0x450518"
  1201. }
  1202. ],
  1203. "dll": "ole32.dll"
  1204. },
  1205. {
  1206. "imports": [
  1207. {
  1208. "name": "SafeArrayAccessData",
  1209. "address": "0x4502ec"
  1210. },
  1211. {
  1212. "name": "SystemTimeToVariantTime",
  1213. "address": "0x4502f0"
  1214. },
  1215. {
  1216. "name": "VariantTimeToSystemTime",
  1217. "address": "0x4502f4"
  1218. },
  1219. {
  1220. "name": "SafeArrayGetUBound",
  1221. "address": "0x4502f8"
  1222. },
  1223. {
  1224. "name": "SysFreeString",
  1225. "address": "0x4502fc"
  1226. },
  1227. {
  1228. "name": "SafeArrayGetElement",
  1229. "address": "0x450300"
  1230. },
  1231. {
  1232. "name": "VarDateFromStr",
  1233. "address": "0x450304"
  1234. },
  1235. {
  1236. "name": "VariantChangeType",
  1237. "address": "0x450308"
  1238. },
  1239. {
  1240. "name": "VariantInit",
  1241. "address": "0x45030c"
  1242. },
  1243. {
  1244. "name": "SysAllocStringByteLen",
  1245. "address": "0x450310"
  1246. },
  1247. {
  1248. "name": "VariantClear",
  1249. "address": "0x450314"
  1250. },
  1251. {
  1252. "name": "SafeArrayGetLBound",
  1253. "address": "0x450318"
  1254. },
  1255. {
  1256. "name": "SysStringLen",
  1257. "address": "0x45031c"
  1258. },
  1259. {
  1260. "name": "SysAllocString",
  1261. "address": "0x450320"
  1262. }
  1263. ],
  1264. "dll": "OLEAUT32.dll"
  1265. },
  1266. {
  1267. "imports": [
  1268. {
  1269. "name": "ImageList_Draw",
  1270. "address": "0x450094"
  1271. },
  1272. {
  1273. "name": "CreateToolbarEx",
  1274. "address": "0x450098"
  1275. },
  1276. {
  1277. "name": "CreatePropertySheetPageW",
  1278. "address": "0x45009c"
  1279. },
  1280. {
  1281. "name": "ImageList_Create",
  1282. "address": "0x4500a0"
  1283. },
  1284. {
  1285. "name": "ImageList_ReplaceIcon",
  1286. "address": "0x4500a4"
  1287. },
  1288. {
  1289. "name": "ImageList_EndDrag",
  1290. "address": "0x4500a8"
  1291. },
  1292. {
  1293. "name": "ImageList_DragMove",
  1294. "address": "0x4500ac"
  1295. },
  1296. {
  1297. "name": "ImageList_BeginDrag",
  1298. "address": "0x4500b0"
  1299. },
  1300. {
  1301. "name": "ImageList_DragLeave",
  1302. "address": "0x4500b4"
  1303. },
  1304. {
  1305. "name": "ImageList_DragEnter",
  1306. "address": "0x4500b8"
  1307. },
  1308. {
  1309. "name": null,
  1310. "address": "0x4500bc"
  1311. },
  1312. {
  1313. "name": "CreateStatusWindowW",
  1314. "address": "0x4500c0"
  1315. },
  1316. {
  1317. "name": "PropertySheetW",
  1318. "address": "0x4500c4"
  1319. }
  1320. ],
  1321. "dll": "COMCTL32.dll"
  1322. },
  1323. {
  1324. "imports": [
  1325. {
  1326. "name": null,
  1327. "address": "0x450000"
  1328. },
  1329. {
  1330. "name": null,
  1331. "address": "0x450004"
  1332. },
  1333. {
  1334. "name": null,
  1335. "address": "0x450008"
  1336. },
  1337. {
  1338. "name": null,
  1339. "address": "0x45000c"
  1340. },
  1341. {
  1342. "name": null,
  1343. "address": "0x450010"
  1344. },
  1345. {
  1346. "name": null,
  1347. "address": "0x450014"
  1348. }
  1349. ],
  1350. "dll": "ACTIVEDS.dll"
  1351. },
  1352. {
  1353. "imports": [
  1354. {
  1355. "name": null,
  1356. "address": "0x4504e0"
  1357. },
  1358. {
  1359. "name": null,
  1360. "address": "0x4504e4"
  1361. },
  1362. {
  1363. "name": null,
  1364. "address": "0x4504e8"
  1365. },
  1366. {
  1367. "name": null,
  1368. "address": "0x4504ec"
  1369. },
  1370. {
  1371. "name": null,
  1372. "address": "0x4504f0"
  1373. },
  1374. {
  1375. "name": null,
  1376. "address": "0x4504f4"
  1377. },
  1378. {
  1379. "name": null,
  1380. "address": "0x4504f8"
  1381. },
  1382. {
  1383. "name": null,
  1384. "address": "0x4504fc"
  1385. }
  1386. ],
  1387. "dll": "WLDAP32.dll"
  1388. }
  1389. ],
  1390. "digital_signers": null,
  1391. "exported_dll_name": null,
  1392. "actual_checksum": "0x00081405",
  1393. "overlay": {
  1394. "size": "0x00001a58",
  1395. "offset": "0x00073800"
  1396. },
  1397. "imagebase": "0x00400000",
  1398. "reported_checksum": "0x00081405",
  1399. "icon_hash": null,
  1400. "entrypoint": "0x004149ec",
  1401. "timestamp": "2012-06-30 09:47:15",
  1402. "osversion": "5.0",
  1403. "sections": [
  1404. {
  1405. "name": ".text",
  1406. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1407. "virtual_address": "0x00001000",
  1408. "size_of_data": "0x0004f000",
  1409. "entropy": "6.28",
  1410. "raw_address": "0x00000400",
  1411. "virtual_size": "0x0004eecc",
  1412. "characteristics_raw": "0x60000020"
  1413. },
  1414. {
  1415. "name": ".rdata",
  1416. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1417. "virtual_address": "0x00050000",
  1418. "size_of_data": "0x0000fc00",
  1419. "entropy": "4.68",
  1420. "raw_address": "0x0004f400",
  1421. "virtual_size": "0x0000fc00",
  1422. "characteristics_raw": "0x40000040"
  1423. },
  1424. {
  1425. "name": ".data",
  1426. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1427. "virtual_address": "0x00060000",
  1428. "size_of_data": "0x0000a400",
  1429. "entropy": "2.63",
  1430. "raw_address": "0x0005f000",
  1431. "virtual_size": "0x0000c5c0",
  1432. "characteristics_raw": "0xc0000040"
  1433. },
  1434. {
  1435. "name": ".rsrc",
  1436. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1437. "virtual_address": "0x0006d000",
  1438. "size_of_data": "0x0000a400",
  1439. "entropy": "4.30",
  1440. "raw_address": "0x00069400",
  1441. "virtual_size": "0x0000a318",
  1442. "characteristics_raw": "0x40000040"
  1443. }
  1444. ],
  1445. "resources": [],
  1446. "dirents": [
  1447. {
  1448. "virtual_address": "0x00000000",
  1449. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1450. "size": "0x00000000"
  1451. },
  1452. {
  1453. "virtual_address": "0x0005e090",
  1454. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1455. "size": "0x0000012c"
  1456. },
  1457. {
  1458. "virtual_address": "0x0006d000",
  1459. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1460. "size": "0x0000a318"
  1461. },
  1462. {
  1463. "virtual_address": "0x00000000",
  1464. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1465. "size": "0x00000000"
  1466. },
  1467. {
  1468. "virtual_address": "0x00073800",
  1469. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1470. "size": "0x00001a58"
  1471. },
  1472. {
  1473. "virtual_address": "0x00000000",
  1474. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1475. "size": "0x00000000"
  1476. },
  1477. {
  1478. "virtual_address": "0x00050570",
  1479. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1480. "size": "0x0000001c"
  1481. },
  1482. {
  1483. "virtual_address": "0x00000000",
  1484. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1485. "size": "0x00000000"
  1486. },
  1487. {
  1488. "virtual_address": "0x00000000",
  1489. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1490. "size": "0x00000000"
  1491. },
  1492. {
  1493. "virtual_address": "0x00000000",
  1494. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1495. "size": "0x00000000"
  1496. },
  1497. {
  1498. "virtual_address": "0x0005af98",
  1499. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1500. "size": "0x00000040"
  1501. },
  1502. {
  1503. "virtual_address": "0x00000000",
  1504. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1505. "size": "0x00000000"
  1506. },
  1507. {
  1508. "virtual_address": "0x00050000",
  1509. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1510. "size": "0x00000520"
  1511. },
  1512. {
  1513. "virtual_address": "0x00000000",
  1514. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1515. "size": "0x00000000"
  1516. },
  1517. {
  1518. "virtual_address": "0x00000000",
  1519. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1520. "size": "0x00000000"
  1521. },
  1522. {
  1523. "virtual_address": "0x00000000",
  1524. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1525. "size": "0x00000000"
  1526. }
  1527. ],
  1528. "exports": [],
  1529. "guest_signers": {},
  1530. "imphash": "fc22a526c18358f987f144e2ac31d338",
  1531. "icon_fuzzy": null,
  1532. "icon": null,
  1533. "pdbpath": "c:\\src\\ADExplorer\\Release\\ADExplorer.pdb",
  1534. "imported_dll_count": 14,
  1535. "versioninfo": []
  1536. }
  1537. }
  1538.  
  1539. [*] Resolved APIs: [
  1540. "kernel32.dll.FlsAlloc",
  1541. "kernel32.dll.FlsGetValue",
  1542. "kernel32.dll.FlsSetValue",
  1543. "kernel32.dll.FlsFree",
  1544. "kernel32.dll.IsProcessorFeaturePresent",
  1545. "cryptbase.dll.SystemFunction036",
  1546. "uxtheme.dll.ThemeInitApiHook",
  1547. "user32.dll.IsProcessDPIAware",
  1548. "dwmapi.dll.DwmIsCompositionEnabled",
  1549. "comctl32.dll.RegisterClassNameW",
  1550. "uxtheme.dll.EnableThemeDialogTexture",
  1551. "uxtheme.dll.OpenThemeData",
  1552. "uxtheme.dll.GetThemeBool",
  1553. "comctl32.dll.HIMAGELIST_QueryInterface",
  1554. "comctl32.dll.DrawShadowText",
  1555. "comctl32.dll.DrawSizeBox",
  1556. "comctl32.dll.DrawScrollBar",
  1557. "comctl32.dll.SizeBoxHwnd",
  1558. "comctl32.dll.ScrollBar_MouseMove",
  1559. "comctl32.dll.ScrollBar_Menu",
  1560. "comctl32.dll.HandleScrollCmd",
  1561. "comctl32.dll.DetachScrollBars",
  1562. "comctl32.dll.AttachScrollBars",
  1563. "comctl32.dll.CCSetScrollInfo",
  1564. "comctl32.dll.CCGetScrollInfo",
  1565. "comctl32.dll.CCEnableScrollBar",
  1566. "comctl32.dll.QuerySystemGestureStatus",
  1567. "uxtheme.dll.#49",
  1568. "uxtheme.dll.CloseThemeData",
  1569. "gdi32.dll.GetLayout",
  1570. "gdi32.dll.GdiRealizationInfo",
  1571. "gdi32.dll.FontIsLinked",
  1572. "advapi32.dll.RegOpenKeyExW",
  1573. "advapi32.dll.RegQueryInfoKeyW",
  1574. "gdi32.dll.GetTextFaceAliasW",
  1575. "advapi32.dll.RegEnumValueW",
  1576. "advapi32.dll.RegCloseKey",
  1577. "advapi32.dll.RegQueryValueExW",
  1578. "gdi32.dll.GetFontAssocStatus",
  1579. "advapi32.dll.RegQueryValueExA",
  1580. "advapi32.dll.RegEnumKeyExW",
  1581. "gdi32.dll.GdiIsMetaPrintDC",
  1582. "ole32.dll.CoInitializeEx",
  1583. "ole32.dll.CoUninitialize",
  1584. "ole32.dll.CoRegisterInitializeSpy",
  1585. "ole32.dll.CoRevokeInitializeSpy",
  1586. "uxtheme.dll.BufferedPaintInit",
  1587. "uxtheme.dll.BufferedPaintRenderAnimation",
  1588. "uxtheme.dll.GetThemeTransitionDuration",
  1589. "uxtheme.dll.BeginBufferedAnimation",
  1590. "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
  1591. "uxtheme.dll.DrawThemeParentBackground",
  1592. "uxtheme.dll.DrawThemeBackground",
  1593. "uxtheme.dll.GetThemeBackgroundContentRect",
  1594. "uxtheme.dll.DrawThemeText",
  1595. "uxtheme.dll.EndBufferedAnimation",
  1596. "uxtheme.dll.GetThemePartSize",
  1597. "uxtheme.dll.BufferedPaintStopAllAnimations",
  1598. "uxtheme.dll.BufferedPaintUnInit",
  1599. "uxtheme.dll.GetThemeColor",
  1600. "uxtheme.dll.IsThemePartDefined",
  1601. "uxtheme.dll.GetThemeFont",
  1602. "uxtheme.dll.GetThemeMargins",
  1603. "imm32.dll.ImmIsIME",
  1604. "uxtheme.dll.GetThemeTextExtent",
  1605. "imm32.dll.ImmGetContext",
  1606. "imm32.dll.ImmReleaseContext",
  1607. "imm32.dll.ImmAssociateContext",
  1608. "uxtheme.dll.GetThemeTextMetrics",
  1609. "uxtheme.dll.GetThemeBackgroundExtent",
  1610. "uxtheme.dll.GetThemeInt",
  1611. "uxtheme.dll.DrawThemeTextEx",
  1612. "uxtheme.dll.DrawThemeParentBackgroundEx",
  1613. "uxtheme.dll.BeginBufferedPaint",
  1614. "uxtheme.dll.EndBufferedPaint",
  1615. "ole32.dll.CLSIDFromProgID",
  1616. "ole32.dll.CoCreateInstance",
  1617. "secur32.dll.LsaConnectUntrusted",
  1618. "secur32.dll.LsaCallAuthenticationPackage",
  1619. "secur32.dll.LsaFreeReturnBuffer",
  1620. "advapi32.dll.CreateWellKnownSid",
  1621. "advapi32.dll.LookupAccountSidW",
  1622. "sechost.dll.LookupAccountSidLocalW",
  1623. "advapi32.dll.OpenThreadToken",
  1624. "advapi32.dll.OpenProcessToken",
  1625. "advapi32.dll.GetTokenInformation",
  1626. "advapi32.dll.GetSidSubAuthority",
  1627. "netapi32.dll.DsGetDcNameW",
  1628. "advapi32.dll.LsaOpenPolicy",
  1629. "advapi32.dll.LsaQueryInformationPolicy",
  1630. "netutils.dll.NetApiBufferAllocate",
  1631. "advapi32.dll.LsaFreeMemory",
  1632. "advapi32.dll.LsaClose",
  1633. "ws2_32.dll.#115",
  1634. "dnsapi.dll.DnsValidateName_W",
  1635. "netutils.dll.NetpIsDomainNameValid",
  1636. "wldap32.dll.#119",
  1637. "netutils.dll.NetApiBufferFree",
  1638. "ws2_32.dll.#116",
  1639. "oleaut32.dll.#9",
  1640. "oleaut32.dll.#6",
  1641. "oleaut32.dll.#201",
  1642. "oleaut32.dll.#202"
  1643. ]
  1644.  
  1645. [*] Static Analysis: {
  1646. "pe": {
  1647. "peid_signatures": null,
  1648. "imports": [
  1649. {
  1650. "imports": [
  1651. {
  1652. "name": "NetUserGetGroups",
  1653. "address": "0x4502e0"
  1654. },
  1655. {
  1656. "name": "NetUserGetLocalGroups",
  1657. "address": "0x4502e4"
  1658. }
  1659. ],
  1660. "dll": "NETAPI32.dll"
  1661. },
  1662. {
  1663. "imports": [
  1664. {
  1665. "name": "UuidFromStringW",
  1666. "address": "0x450328"
  1667. }
  1668. ],
  1669. "dll": "RPCRT4.dll"
  1670. },
  1671. {
  1672. "imports": [
  1673. {
  1674. "name": "GetFileVersionInfoSizeW",
  1675. "address": "0x4504d0"
  1676. },
  1677. {
  1678. "name": "GetFileVersionInfoW",
  1679. "address": "0x4504d4"
  1680. },
  1681. {
  1682. "name": "VerQueryValueW",
  1683. "address": "0x4504d8"
  1684. }
  1685. ],
  1686. "dll": "VERSION.dll"
  1687. },
  1688. {
  1689. "imports": [
  1690. {
  1691. "name": "LCMapStringA",
  1692. "address": "0x450118"
  1693. },
  1694. {
  1695. "name": "GetConsoleMode",
  1696. "address": "0x45011c"
  1697. },
  1698. {
  1699. "name": "GetConsoleCP",
  1700. "address": "0x450120"
  1701. },
  1702. {
  1703. "name": "GetModuleHandleA",
  1704. "address": "0x450124"
  1705. },
  1706. {
  1707. "name": "DebugBreak",
  1708. "address": "0x450128"
  1709. },
  1710. {
  1711. "name": "GetCurrentProcessId",
  1712. "address": "0x45012c"
  1713. },
  1714. {
  1715. "name": "QueryPerformanceCounter",
  1716. "address": "0x450130"
  1717. },
  1718. {
  1719. "name": "GetEnvironmentStringsW",
  1720. "address": "0x450134"
  1721. },
  1722. {
  1723. "name": "FreeEnvironmentStringsW",
  1724. "address": "0x450138"
  1725. },
  1726. {
  1727. "name": "GetEnvironmentStrings",
  1728. "address": "0x45013c"
  1729. },
  1730. {
  1731. "name": "FreeEnvironmentStringsA",
  1732. "address": "0x450140"
  1733. },
  1734. {
  1735. "name": "GetFileType",
  1736. "address": "0x450144"
  1737. },
  1738. {
  1739. "name": "SetHandleCount",
  1740. "address": "0x450148"
  1741. },
  1742. {
  1743. "name": "LCMapStringW",
  1744. "address": "0x45014c"
  1745. },
  1746. {
  1747. "name": "GetModuleFileNameA",
  1748. "address": "0x450150"
  1749. },
  1750. {
  1751. "name": "GetStdHandle",
  1752. "address": "0x450154"
  1753. },
  1754. {
  1755. "name": "ExitProcess",
  1756. "address": "0x450158"
  1757. },
  1758. {
  1759. "name": "VirtualAlloc",
  1760. "address": "0x45015c"
  1761. },
  1762. {
  1763. "name": "VirtualFree",
  1764. "address": "0x450160"
  1765. },
  1766. {
  1767. "name": "HeapCreate",
  1768. "address": "0x450164"
  1769. },
  1770. {
  1771. "name": "GetStringTypeA",
  1772. "address": "0x450168"
  1773. },
  1774. {
  1775. "name": "GetCurrentThreadId",
  1776. "address": "0x45016c"
  1777. },
  1778. {
  1779. "name": "SetLastError",
  1780. "address": "0x450170"
  1781. },
  1782. {
  1783. "name": "TlsFree",
  1784. "address": "0x450174"
  1785. },
  1786. {
  1787. "name": "IsValidCodePage",
  1788. "address": "0x450178"
  1789. },
  1790. {
  1791. "name": "GetOEMCP",
  1792. "address": "0x45017c"
  1793. },
  1794. {
  1795. "name": "GetACP",
  1796. "address": "0x450180"
  1797. },
  1798. {
  1799. "name": "GetCPInfo",
  1800. "address": "0x450184"
  1801. },
  1802. {
  1803. "name": "RaiseException",
  1804. "address": "0x450188"
  1805. },
  1806. {
  1807. "name": "RtlUnwind",
  1808. "address": "0x45018c"
  1809. },
  1810. {
  1811. "name": "GetStartupInfoA",
  1812. "address": "0x450190"
  1813. },
  1814. {
  1815. "name": "GetCommandLineA",
  1816. "address": "0x450194"
  1817. },
  1818. {
  1819. "name": "HeapReAlloc",
  1820. "address": "0x450198"
  1821. },
  1822. {
  1823. "name": "IsDebuggerPresent",
  1824. "address": "0x45019c"
  1825. },
  1826. {
  1827. "name": "SetUnhandledExceptionFilter",
  1828. "address": "0x4501a0"
  1829. },
  1830. {
  1831. "name": "UnhandledExceptionFilter",
  1832. "address": "0x4501a4"
  1833. },
  1834. {
  1835. "name": "TerminateProcess",
  1836. "address": "0x4501a8"
  1837. },
  1838. {
  1839. "name": "CreateThread",
  1840. "address": "0x4501ac"
  1841. },
  1842. {
  1843. "name": "ResumeThread",
  1844. "address": "0x4501b0"
  1845. },
  1846. {
  1847. "name": "ExitThread",
  1848. "address": "0x4501b4"
  1849. },
  1850. {
  1851. "name": "HeapSize",
  1852. "address": "0x4501b8"
  1853. },
  1854. {
  1855. "name": "HeapAlloc",
  1856. "address": "0x4501bc"
  1857. },
  1858. {
  1859. "name": "GetStringTypeW",
  1860. "address": "0x4501c0"
  1861. },
  1862. {
  1863. "name": "GetLocaleInfoA",
  1864. "address": "0x4501c4"
  1865. },
  1866. {
  1867. "name": "InitializeCriticalSectionAndSpinCount",
  1868. "address": "0x4501c8"
  1869. },
  1870. {
  1871. "name": "LoadLibraryA",
  1872. "address": "0x4501cc"
  1873. },
  1874. {
  1875. "name": "ExpandEnvironmentStringsA",
  1876. "address": "0x4501d0"
  1877. },
  1878. {
  1879. "name": "GetProcessHeap",
  1880. "address": "0x4501d4"
  1881. },
  1882. {
  1883. "name": "HeapFree",
  1884. "address": "0x4501d8"
  1885. },
  1886. {
  1887. "name": "WideCharToMultiByte",
  1888. "address": "0x4501dc"
  1889. },
  1890. {
  1891. "name": "lstrlenA",
  1892. "address": "0x4501e0"
  1893. },
  1894. {
  1895. "name": "WriteFile",
  1896. "address": "0x4501e4"
  1897. },
  1898. {
  1899. "name": "FileTimeToLocalFileTime",
  1900. "address": "0x4501e8"
  1901. },
  1902. {
  1903. "name": "GetCurrentProcess",
  1904. "address": "0x4501ec"
  1905. },
  1906. {
  1907. "name": "FreeLibrary",
  1908. "address": "0x4501f0"
  1909. },
  1910. {
  1911. "name": "GetSystemInfo",
  1912. "address": "0x4501f4"
  1913. },
  1914. {
  1915. "name": "GetLastError",
  1916. "address": "0x4501f8"
  1917. },
  1918. {
  1919. "name": "Sleep",
  1920. "address": "0x4501fc"
  1921. },
  1922. {
  1923. "name": "GetSystemTimeAsFileTime",
  1924. "address": "0x450200"
  1925. },
  1926. {
  1927. "name": "MultiByteToWideChar",
  1928. "address": "0x450204"
  1929. },
  1930. {
  1931. "name": "CreateFileW",
  1932. "address": "0x450208"
  1933. },
  1934. {
  1935. "name": "ReadFile",
  1936. "address": "0x45020c"
  1937. },
  1938. {
  1939. "name": "GetSystemDirectoryW",
  1940. "address": "0x450210"
  1941. },
  1942. {
  1943. "name": "OutputDebugStringW",
  1944. "address": "0x450214"
  1945. },
  1946. {
  1947. "name": "GetFileSize",
  1948. "address": "0x450218"
  1949. },
  1950. {
  1951. "name": "TlsAlloc",
  1952. "address": "0x45021c"
  1953. },
  1954. {
  1955. "name": "FormatMessageW",
  1956. "address": "0x450220"
  1957. },
  1958. {
  1959. "name": "TlsSetValue",
  1960. "address": "0x450224"
  1961. },
  1962. {
  1963. "name": "GetUserDefaultLangID",
  1964. "address": "0x450228"
  1965. },
  1966. {
  1967. "name": "TlsGetValue",
  1968. "address": "0x45022c"
  1969. },
  1970. {
  1971. "name": "GetSystemDefaultLangID",
  1972. "address": "0x450230"
  1973. },
  1974. {
  1975. "name": "LocalAlloc",
  1976. "address": "0x450234"
  1977. },
  1978. {
  1979. "name": "LocalFree",
  1980. "address": "0x450238"
  1981. },
  1982. {
  1983. "name": "GetTimeZoneInformation",
  1984. "address": "0x45023c"
  1985. },
  1986. {
  1987. "name": "FileTimeToSystemTime",
  1988. "address": "0x450240"
  1989. },
  1990. {
  1991. "name": "GetTimeFormatW",
  1992. "address": "0x450244"
  1993. },
  1994. {
  1995. "name": "CompareFileTime",
  1996. "address": "0x450248"
  1997. },
  1998. {
  1999. "name": "SystemTimeToFileTime",
  2000. "address": "0x45024c"
  2001. },
  2002. {
  2003. "name": "SystemTimeToTzSpecificLocalTime",
  2004. "address": "0x450250"
  2005. },
  2006. {
  2007. "name": "GetDateFormatW",
  2008. "address": "0x450254"
  2009. },
  2010. {
  2011. "name": "DeleteFileW",
  2012. "address": "0x450258"
  2013. },
  2014. {
  2015. "name": "CloseHandle",
  2016. "address": "0x45025c"
  2017. },
  2018. {
  2019. "name": "DeleteCriticalSection",
  2020. "address": "0x450260"
  2021. },
  2022. {
  2023. "name": "CreateFileMappingW",
  2024. "address": "0x450264"
  2025. },
  2026. {
  2027. "name": "GlobalFree",
  2028. "address": "0x450268"
  2029. },
  2030. {
  2031. "name": "EnterCriticalSection",
  2032. "address": "0x45026c"
  2033. },
  2034. {
  2035. "name": "GetProcAddress",
  2036. "address": "0x450270"
  2037. },
  2038. {
  2039. "name": "GlobalUnlock",
  2040. "address": "0x450274"
  2041. },
  2042. {
  2043. "name": "CompareStringW",
  2044. "address": "0x450278"
  2045. },
  2046. {
  2047. "name": "GetModuleFileNameW",
  2048. "address": "0x45027c"
  2049. },
  2050. {
  2051. "name": "GetFileAttributesW",
  2052. "address": "0x450280"
  2053. },
  2054. {
  2055. "name": "LeaveCriticalSection",
  2056. "address": "0x450284"
  2057. },
  2058. {
  2059. "name": "GetVersionExW",
  2060. "address": "0x450288"
  2061. },
  2062. {
  2063. "name": "LoadLibraryW",
  2064. "address": "0x45028c"
  2065. },
  2066. {
  2067. "name": "GlobalAlloc",
  2068. "address": "0x450290"
  2069. },
  2070. {
  2071. "name": "InitializeCriticalSection",
  2072. "address": "0x450294"
  2073. },
  2074. {
  2075. "name": "GetTickCount",
  2076. "address": "0x450298"
  2077. },
  2078. {
  2079. "name": "GetModuleHandleW",
  2080. "address": "0x45029c"
  2081. },
  2082. {
  2083. "name": "GlobalLock",
  2084. "address": "0x4502a0"
  2085. },
  2086. {
  2087. "name": "InterlockedDecrement",
  2088. "address": "0x4502a4"
  2089. },
  2090. {
  2091. "name": "InterlockedIncrement",
  2092. "address": "0x4502a8"
  2093. },
  2094. {
  2095. "name": "SetEndOfFile",
  2096. "address": "0x4502ac"
  2097. },
  2098. {
  2099. "name": "UnmapViewOfFile",
  2100. "address": "0x4502b0"
  2101. },
  2102. {
  2103. "name": "MapViewOfFile",
  2104. "address": "0x4502b4"
  2105. },
  2106. {
  2107. "name": "SetFilePointer",
  2108. "address": "0x4502b8"
  2109. },
  2110. {
  2111. "name": "GetCommandLineW",
  2112. "address": "0x4502bc"
  2113. },
  2114. {
  2115. "name": "SetStdHandle",
  2116. "address": "0x4502c0"
  2117. },
  2118. {
  2119. "name": "FlushFileBuffers",
  2120. "address": "0x4502c4"
  2121. },
  2122. {
  2123. "name": "VirtualQuery",
  2124. "address": "0x4502c8"
  2125. },
  2126. {
  2127. "name": "WriteConsoleA",
  2128. "address": "0x4502cc"
  2129. },
  2130. {
  2131. "name": "GetConsoleOutputCP",
  2132. "address": "0x4502d0"
  2133. },
  2134. {
  2135. "name": "WriteConsoleW",
  2136. "address": "0x4502d4"
  2137. },
  2138. {
  2139. "name": "CreateFileA",
  2140. "address": "0x4502d8"
  2141. }
  2142. ],
  2143. "dll": "KERNEL32.dll"
  2144. },
  2145. {
  2146. "imports": [
  2147. {
  2148. "name": "DispatchMessageW",
  2149. "address": "0x45033c"
  2150. },
  2151. {
  2152. "name": "MoveWindow",
  2153. "address": "0x450340"
  2154. },
  2155. {
  2156. "name": "CheckMenuItem",
  2157. "address": "0x450344"
  2158. },
  2159. {
  2160. "name": "MsgWaitForMultipleObjects",
  2161. "address": "0x450348"
  2162. },
  2163. {
  2164. "name": "DrawTextW",
  2165. "address": "0x45034c"
  2166. },
  2167. {
  2168. "name": "PostMessageW",
  2169. "address": "0x450350"
  2170. },
  2171. {
  2172. "name": "SetCapture",
  2173. "address": "0x450354"
  2174. },
  2175. {
  2176. "name": "LoadImageW",
  2177. "address": "0x450358"
  2178. },
  2179. {
  2180. "name": "TrackPopupMenu",
  2181. "address": "0x45035c"
  2182. },
  2183. {
  2184. "name": "PostQuitMessage",
  2185. "address": "0x450360"
  2186. },
  2187. {
  2188. "name": "GetMessageW",
  2189. "address": "0x450364"
  2190. },
  2191. {
  2192. "name": "GetWindowRect",
  2193. "address": "0x450368"
  2194. },
  2195. {
  2196. "name": "ScreenToClient",
  2197. "address": "0x45036c"
  2198. },
  2199. {
  2200. "name": "GetDlgItemInt",
  2201. "address": "0x450370"
  2202. },
  2203. {
  2204. "name": "TranslateAcceleratorW",
  2205. "address": "0x450374"
  2206. },
  2207. {
  2208. "name": "CloseClipboard",
  2209. "address": "0x450378"
  2210. },
  2211. {
  2212. "name": "GetWindowTextLengthW",
  2213. "address": "0x45037c"
  2214. },
  2215. {
  2216. "name": "SetCursor",
  2217. "address": "0x450380"
  2218. },
  2219. {
  2220. "name": "SetWindowPlacement",
  2221. "address": "0x450384"
  2222. },
  2223. {
  2224. "name": "DestroyWindow",
  2225. "address": "0x450388"
  2226. },
  2227. {
  2228. "name": "ClientToScreen",
  2229. "address": "0x45038c"
  2230. },
  2231. {
  2232. "name": "EndPaint",
  2233. "address": "0x450390"
  2234. },
  2235. {
  2236. "name": "DialogBoxIndirectParamW",
  2237. "address": "0x450394"
  2238. },
  2239. {
  2240. "name": "CopyIcon",
  2241. "address": "0x450398"
  2242. },
  2243. {
  2244. "name": "IsZoomed",
  2245. "address": "0x45039c"
  2246. },
  2247. {
  2248. "name": "GetSubMenu",
  2249. "address": "0x4503a0"
  2250. },
  2251. {
  2252. "name": "DeleteMenu",
  2253. "address": "0x4503a4"
  2254. },
  2255. {
  2256. "name": "GetFocus",
  2257. "address": "0x4503a8"
  2258. },
  2259. {
  2260. "name": "DialogBoxParamW",
  2261. "address": "0x4503ac"
  2262. },
  2263. {
  2264. "name": "GetParent",
  2265. "address": "0x4503b0"
  2266. },
  2267. {
  2268. "name": "LoadCursorW",
  2269. "address": "0x4503b4"
  2270. },
  2271. {
  2272. "name": "MessageBeep",
  2273. "address": "0x4503b8"
  2274. },
  2275. {
  2276. "name": "MenuItemFromPoint",
  2277. "address": "0x4503bc"
  2278. },
  2279. {
  2280. "name": "GetClientRect",
  2281. "address": "0x4503c0"
  2282. },
  2283. {
  2284. "name": "SetFocus",
  2285. "address": "0x4503c4"
  2286. },
  2287. {
  2288. "name": "GetMenuItemInfoW",
  2289. "address": "0x4503c8"
  2290. },
  2291. {
  2292. "name": "BeginPaint",
  2293. "address": "0x4503cc"
  2294. },
  2295. {
  2296. "name": "PtInRect",
  2297. "address": "0x4503d0"
  2298. },
  2299. {
  2300. "name": "SetPropW",
  2301. "address": "0x4503d4"
  2302. },
  2303. {
  2304. "name": "InsertMenuItemW",
  2305. "address": "0x4503d8"
  2306. },
  2307. {
  2308. "name": "TranslateMessage",
  2309. "address": "0x4503dc"
  2310. },
  2311. {
  2312. "name": "LoadAcceleratorsW",
  2313. "address": "0x4503e0"
  2314. },
  2315. {
  2316. "name": "InflateRect",
  2317. "address": "0x4503e4"
  2318. },
  2319. {
  2320. "name": "ChildWindowFromPoint",
  2321. "address": "0x4503e8"
  2322. },
  2323. {
  2324. "name": "SetDlgItemInt",
  2325. "address": "0x4503ec"
  2326. },
  2327. {
  2328. "name": "GetMenu",
  2329. "address": "0x4503f0"
  2330. },
  2331. {
  2332. "name": "IsDialogMessageW",
  2333. "address": "0x4503f4"
  2334. },
  2335. {
  2336. "name": "DefWindowProcW",
  2337. "address": "0x4503f8"
  2338. },
  2339. {
  2340. "name": "CallWindowProcW",
  2341. "address": "0x4503fc"
  2342. },
  2343. {
  2344. "name": "GetPropW",
  2345. "address": "0x450400"
  2346. },
  2347. {
  2348. "name": "DrawFrameControl",
  2349. "address": "0x450404"
  2350. },
  2351. {
  2352. "name": "EndDeferWindowPos",
  2353. "address": "0x450408"
  2354. },
  2355. {
  2356. "name": "DestroyIcon",
  2357. "address": "0x45040c"
  2358. },
  2359. {
  2360. "name": "SetWindowTextW",
  2361. "address": "0x450410"
  2362. },
  2363. {
  2364. "name": "DestroyMenu",
  2365. "address": "0x450414"
  2366. },
  2367. {
  2368. "name": "SetClipboardData",
  2369. "address": "0x450418"
  2370. },
  2371. {
  2372. "name": "RegisterClassExW",
  2373. "address": "0x45041c"
  2374. },
  2375. {
  2376. "name": "LoadIconW",
  2377. "address": "0x450420"
  2378. },
  2379. {
  2380. "name": "GetWindowPlacement",
  2381. "address": "0x450424"
  2382. },
  2383. {
  2384. "name": "OffsetRect",
  2385. "address": "0x450428"
  2386. },
  2387. {
  2388. "name": "InvalidateRect",
  2389. "address": "0x45042c"
  2390. },
  2391. {
  2392. "name": "LoadMenuW",
  2393. "address": "0x450430"
  2394. },
  2395. {
  2396. "name": "GetWindowLongW",
  2397. "address": "0x450434"
  2398. },
  2399. {
  2400. "name": "AppendMenuW",
  2401. "address": "0x450438"
  2402. },
  2403. {
  2404. "name": "GetWindowTextW",
  2405. "address": "0x45043c"
  2406. },
  2407. {
  2408. "name": "PeekMessageW",
  2409. "address": "0x450440"
  2410. },
  2411. {
  2412. "name": "GetClassNameW",
  2413. "address": "0x450444"
  2414. },
  2415. {
  2416. "name": "EnableMenuItem",
  2417. "address": "0x450448"
  2418. },
  2419. {
  2420. "name": "EmptyClipboard",
  2421. "address": "0x45044c"
  2422. },
  2423. {
  2424. "name": "GetDlgItem",
  2425. "address": "0x450450"
  2426. },
  2427. {
  2428. "name": "SetWindowLongW",
  2429. "address": "0x450454"
  2430. },
  2431. {
  2432. "name": "EndDialog",
  2433. "address": "0x450458"
  2434. },
  2435. {
  2436. "name": "SendDlgItemMessageW",
  2437. "address": "0x45045c"
  2438. },
  2439. {
  2440. "name": "GetSysColor",
  2441. "address": "0x450460"
  2442. },
  2443. {
  2444. "name": "SetWindowPos",
  2445. "address": "0x450464"
  2446. },
  2447. {
  2448. "name": "CheckDlgButton",
  2449. "address": "0x450468"
  2450. },
  2451. {
  2452. "name": "EnumChildWindows",
  2453. "address": "0x45046c"
  2454. },
  2455. {
  2456. "name": "ShowWindow",
  2457. "address": "0x450470"
  2458. },
  2459. {
  2460. "name": "CreatePopupMenu",
  2461. "address": "0x450474"
  2462. },
  2463. {
  2464. "name": "GetSysColorBrush",
  2465. "address": "0x450478"
  2466. },
  2467. {
  2468. "name": "IsDlgButtonChecked",
  2469. "address": "0x45047c"
  2470. },
  2471. {
  2472. "name": "CreateDialogParamW",
  2473. "address": "0x450480"
  2474. },
  2475. {
  2476. "name": "DrawMenuBar",
  2477. "address": "0x450484"
  2478. },
  2479. {
  2480. "name": "GetActiveWindow",
  2481. "address": "0x450488"
  2482. },
  2483. {
  2484. "name": "GetMenuItemCount",
  2485. "address": "0x45048c"
  2486. },
  2487. {
  2488. "name": "CreateWindowExW",
  2489. "address": "0x450490"
  2490. },
  2491. {
  2492. "name": "SetMenuDefaultItem",
  2493. "address": "0x450494"
  2494. },
  2495. {
  2496. "name": "OpenClipboard",
  2497. "address": "0x450498"
  2498. },
  2499. {
  2500. "name": "DeferWindowPos",
  2501. "address": "0x45049c"
  2502. },
  2503. {
  2504. "name": "MessageBoxW",
  2505. "address": "0x4504a0"
  2506. },
  2507. {
  2508. "name": "ReleaseCapture",
  2509. "address": "0x4504a4"
  2510. },
  2511. {
  2512. "name": "BeginDeferWindowPos",
  2513. "address": "0x4504a8"
  2514. },
  2515. {
  2516. "name": "GetSystemMetrics",
  2517. "address": "0x4504ac"
  2518. },
  2519. {
  2520. "name": "IsWindowVisible",
  2521. "address": "0x4504b0"
  2522. },
  2523. {
  2524. "name": "GetDlgItemTextW",
  2525. "address": "0x4504b4"
  2526. },
  2527. {
  2528. "name": "SetDlgItemTextW",
  2529. "address": "0x4504b8"
  2530. },
  2531. {
  2532. "name": "SendMessageW",
  2533. "address": "0x4504bc"
  2534. },
  2535. {
  2536. "name": "MapWindowPoints",
  2537. "address": "0x4504c0"
  2538. },
  2539. {
  2540. "name": "UpdateWindow",
  2541. "address": "0x4504c4"
  2542. },
  2543. {
  2544. "name": "EnableWindow",
  2545. "address": "0x4504c8"
  2546. }
  2547. ],
  2548. "dll": "USER32.dll"
  2549. },
  2550. {
  2551. "imports": [
  2552. {
  2553. "name": "SetBkColor",
  2554. "address": "0x4500dc"
  2555. },
  2556. {
  2557. "name": "ExtTextOutW",
  2558. "address": "0x4500e0"
  2559. },
  2560. {
  2561. "name": "EndPage",
  2562. "address": "0x4500e4"
  2563. },
  2564. {
  2565. "name": "StartPage",
  2566. "address": "0x4500e8"
  2567. },
  2568. {
  2569. "name": "GetDeviceCaps",
  2570. "address": "0x4500ec"
  2571. },
  2572. {
  2573. "name": "SetMapMode",
  2574. "address": "0x4500f0"
  2575. },
  2576. {
  2577. "name": "SetTextColor",
  2578. "address": "0x4500f4"
  2579. },
  2580. {
  2581. "name": "CreateFontIndirectW",
  2582. "address": "0x4500f8"
  2583. },
  2584. {
  2585. "name": "SetBkMode",
  2586. "address": "0x4500fc"
  2587. },
  2588. {
  2589. "name": "SelectObject",
  2590. "address": "0x450100"
  2591. },
  2592. {
  2593. "name": "GetObjectW",
  2594. "address": "0x450104"
  2595. },
  2596. {
  2597. "name": "EndDoc",
  2598. "address": "0x450108"
  2599. },
  2600. {
  2601. "name": "GetStockObject",
  2602. "address": "0x45010c"
  2603. },
  2604. {
  2605. "name": "StartDocW",
  2606. "address": "0x450110"
  2607. }
  2608. ],
  2609. "dll": "GDI32.dll"
  2610. },
  2611. {
  2612. "imports": [
  2613. {
  2614. "name": "GetSaveFileNameW",
  2615. "address": "0x4500cc"
  2616. },
  2617. {
  2618. "name": "GetOpenFileNameW",
  2619. "address": "0x4500d0"
  2620. },
  2621. {
  2622. "name": "PrintDlgW",
  2623. "address": "0x4500d4"
  2624. }
  2625. ],
  2626. "dll": "COMDLG32.dll"
  2627. },
  2628. {
  2629. "imports": [
  2630. {
  2631. "name": "GetSecurityDescriptorLength",
  2632. "address": "0x45001c"
  2633. },
  2634. {
  2635. "name": "RegDeleteValueW",
  2636. "address": "0x450020"
  2637. },
  2638. {
  2639. "name": "RegCreateKeyW",
  2640. "address": "0x450024"
  2641. },
  2642. {
  2643. "name": "RegEnumValueW",
  2644. "address": "0x450028"
  2645. },
  2646. {
  2647. "name": "RegSetValueExW",
  2648. "address": "0x45002c"
  2649. },
  2650. {
  2651. "name": "ConvertStringSidToSidW",
  2652. "address": "0x450030"
  2653. },
  2654. {
  2655. "name": "ConvertStringSecurityDescriptorToSecurityDescriptorW",
  2656. "address": "0x450034"
  2657. },
  2658. {
  2659. "name": "GetLengthSid",
  2660. "address": "0x450038"
  2661. },
  2662. {
  2663. "name": "ConvertSidToStringSidW",
  2664. "address": "0x45003c"
  2665. },
  2666. {
  2667. "name": "ConvertSecurityDescriptorToStringSecurityDescriptorW",
  2668. "address": "0x450040"
  2669. },
  2670. {
  2671. "name": "RegQueryValueExW",
  2672. "address": "0x450044"
  2673. },
  2674. {
  2675. "name": "RegOpenKeyExA",
  2676. "address": "0x450048"
  2677. },
  2678. {
  2679. "name": "RegQueryValueExA",
  2680. "address": "0x45004c"
  2681. },
  2682. {
  2683. "name": "AdjustTokenPrivileges",
  2684. "address": "0x450050"
  2685. },
  2686. {
  2687. "name": "LookupPrivilegeValueW",
  2688. "address": "0x450054"
  2689. },
  2690. {
  2691. "name": "OpenProcessToken",
  2692. "address": "0x450058"
  2693. },
  2694. {
  2695. "name": "GetSecurityDescriptorDacl",
  2696. "address": "0x45005c"
  2697. },
  2698. {
  2699. "name": "GetSecurityDescriptorGroup",
  2700. "address": "0x450060"
  2701. },
  2702. {
  2703. "name": "IsValidSid",
  2704. "address": "0x450064"
  2705. },
  2706. {
  2707. "name": "GetSecurityDescriptorOwner",
  2708. "address": "0x450068"
  2709. },
  2710. {
  2711. "name": "GetSidIdentifierAuthority",
  2712. "address": "0x45006c"
  2713. },
  2714. {
  2715. "name": "GetSidSubAuthority",
  2716. "address": "0x450070"
  2717. },
  2718. {
  2719. "name": "MapGenericMask",
  2720. "address": "0x450074"
  2721. },
  2722. {
  2723. "name": "GetSidSubAuthorityCount",
  2724. "address": "0x450078"
  2725. },
  2726. {
  2727. "name": "EqualSid",
  2728. "address": "0x45007c"
  2729. },
  2730. {
  2731. "name": "GetAce",
  2732. "address": "0x450080"
  2733. },
  2734. {
  2735. "name": "LookupAccountSidW",
  2736. "address": "0x450084"
  2737. },
  2738. {
  2739. "name": "AllocateAndInitializeSid",
  2740. "address": "0x450088"
  2741. },
  2742. {
  2743. "name": "RegCloseKey",
  2744. "address": "0x45008c"
  2745. }
  2746. ],
  2747. "dll": "ADVAPI32.dll"
  2748. },
  2749. {
  2750. "imports": [
  2751. {
  2752. "name": "CommandLineToArgvW",
  2753. "address": "0x450330"
  2754. },
  2755. {
  2756. "name": "ShellExecuteW",
  2757. "address": "0x450334"
  2758. }
  2759. ],
  2760. "dll": "SHELL32.dll"
  2761. },
  2762. {
  2763. "imports": [
  2764. {
  2765. "name": "CoInitialize",
  2766. "address": "0x450504"
  2767. },
  2768. {
  2769. "name": "CreateBindCtx",
  2770. "address": "0x450508"
  2771. },
  2772. {
  2773. "name": "CoUninitialize",
  2774. "address": "0x45050c"
  2775. },
  2776. {
  2777. "name": "CoCreateInstance",
  2778. "address": "0x450510"
  2779. },
  2780. {
  2781. "name": "IIDFromString",
  2782. "address": "0x450514"
  2783. },
  2784. {
  2785. "name": "StringFromGUID2",
  2786. "address": "0x450518"
  2787. }
  2788. ],
  2789. "dll": "ole32.dll"
  2790. },
  2791. {
  2792. "imports": [
  2793. {
  2794. "name": "SafeArrayAccessData",
  2795. "address": "0x4502ec"
  2796. },
  2797. {
  2798. "name": "SystemTimeToVariantTime",
  2799. "address": "0x4502f0"
  2800. },
  2801. {
  2802. "name": "VariantTimeToSystemTime",
  2803. "address": "0x4502f4"
  2804. },
  2805. {
  2806. "name": "SafeArrayGetUBound",
  2807. "address": "0x4502f8"
  2808. },
  2809. {
  2810. "name": "SysFreeString",
  2811. "address": "0x4502fc"
  2812. },
  2813. {
  2814. "name": "SafeArrayGetElement",
  2815. "address": "0x450300"
  2816. },
  2817. {
  2818. "name": "VarDateFromStr",
  2819. "address": "0x450304"
  2820. },
  2821. {
  2822. "name": "VariantChangeType",
  2823. "address": "0x450308"
  2824. },
  2825. {
  2826. "name": "VariantInit",
  2827. "address": "0x45030c"
  2828. },
  2829. {
  2830. "name": "SysAllocStringByteLen",
  2831. "address": "0x450310"
  2832. },
  2833. {
  2834. "name": "VariantClear",
  2835. "address": "0x450314"
  2836. },
  2837. {
  2838. "name": "SafeArrayGetLBound",
  2839. "address": "0x450318"
  2840. },
  2841. {
  2842. "name": "SysStringLen",
  2843. "address": "0x45031c"
  2844. },
  2845. {
  2846. "name": "SysAllocString",
  2847. "address": "0x450320"
  2848. }
  2849. ],
  2850. "dll": "OLEAUT32.dll"
  2851. },
  2852. {
  2853. "imports": [
  2854. {
  2855. "name": "ImageList_Draw",
  2856. "address": "0x450094"
  2857. },
  2858. {
  2859. "name": "CreateToolbarEx",
  2860. "address": "0x450098"
  2861. },
  2862. {
  2863. "name": "CreatePropertySheetPageW",
  2864. "address": "0x45009c"
  2865. },
  2866. {
  2867. "name": "ImageList_Create",
  2868. "address": "0x4500a0"
  2869. },
  2870. {
  2871. "name": "ImageList_ReplaceIcon",
  2872. "address": "0x4500a4"
  2873. },
  2874. {
  2875. "name": "ImageList_EndDrag",
  2876. "address": "0x4500a8"
  2877. },
  2878. {
  2879. "name": "ImageList_DragMove",
  2880. "address": "0x4500ac"
  2881. },
  2882. {
  2883. "name": "ImageList_BeginDrag",
  2884. "address": "0x4500b0"
  2885. },
  2886. {
  2887. "name": "ImageList_DragLeave",
  2888. "address": "0x4500b4"
  2889. },
  2890. {
  2891. "name": "ImageList_DragEnter",
  2892. "address": "0x4500b8"
  2893. },
  2894. {
  2895. "name": null,
  2896. "address": "0x4500bc"
  2897. },
  2898. {
  2899. "name": "CreateStatusWindowW",
  2900. "address": "0x4500c0"
  2901. },
  2902. {
  2903. "name": "PropertySheetW",
  2904. "address": "0x4500c4"
  2905. }
  2906. ],
  2907. "dll": "COMCTL32.dll"
  2908. },
  2909. {
  2910. "imports": [
  2911. {
  2912. "name": null,
  2913. "address": "0x450000"
  2914. },
  2915. {
  2916. "name": null,
  2917. "address": "0x450004"
  2918. },
  2919. {
  2920. "name": null,
  2921. "address": "0x450008"
  2922. },
  2923. {
  2924. "name": null,
  2925. "address": "0x45000c"
  2926. },
  2927. {
  2928. "name": null,
  2929. "address": "0x450010"
  2930. },
  2931. {
  2932. "name": null,
  2933. "address": "0x450014"
  2934. }
  2935. ],
  2936. "dll": "ACTIVEDS.dll"
  2937. },
  2938. {
  2939. "imports": [
  2940. {
  2941. "name": null,
  2942. "address": "0x4504e0"
  2943. },
  2944. {
  2945. "name": null,
  2946. "address": "0x4504e4"
  2947. },
  2948. {
  2949. "name": null,
  2950. "address": "0x4504e8"
  2951. },
  2952. {
  2953. "name": null,
  2954. "address": "0x4504ec"
  2955. },
  2956. {
  2957. "name": null,
  2958. "address": "0x4504f0"
  2959. },
  2960. {
  2961. "name": null,
  2962. "address": "0x4504f4"
  2963. },
  2964. {
  2965. "name": null,
  2966. "address": "0x4504f8"
  2967. },
  2968. {
  2969. "name": null,
  2970. "address": "0x4504fc"
  2971. }
  2972. ],
  2973. "dll": "WLDAP32.dll"
  2974. }
  2975. ],
  2976. "digital_signers": null,
  2977. "exported_dll_name": null,
  2978. "actual_checksum": "0x00081405",
  2979. "overlay": {
  2980. "size": "0x00001a58",
  2981. "offset": "0x00073800"
  2982. },
  2983. "imagebase": "0x00400000",
  2984. "reported_checksum": "0x00081405",
  2985. "icon_hash": null,
  2986. "entrypoint": "0x004149ec",
  2987. "timestamp": "2012-06-30 09:47:15",
  2988. "osversion": "5.0",
  2989. "sections": [
  2990. {
  2991. "name": ".text",
  2992. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  2993. "virtual_address": "0x00001000",
  2994. "size_of_data": "0x0004f000",
  2995. "entropy": "6.28",
  2996. "raw_address": "0x00000400",
  2997. "virtual_size": "0x0004eecc",
  2998. "characteristics_raw": "0x60000020"
  2999. },
  3000. {
  3001. "name": ".rdata",
  3002. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  3003. "virtual_address": "0x00050000",
  3004. "size_of_data": "0x0000fc00",
  3005. "entropy": "4.68",
  3006. "raw_address": "0x0004f400",
  3007. "virtual_size": "0x0000fc00",
  3008. "characteristics_raw": "0x40000040"
  3009. },
  3010. {
  3011. "name": ".data",
  3012. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  3013. "virtual_address": "0x00060000",
  3014. "size_of_data": "0x0000a400",
  3015. "entropy": "2.63",
  3016. "raw_address": "0x0005f000",
  3017. "virtual_size": "0x0000c5c0",
  3018. "characteristics_raw": "0xc0000040"
  3019. },
  3020. {
  3021. "name": ".rsrc",
  3022. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  3023. "virtual_address": "0x0006d000",
  3024. "size_of_data": "0x0000a400",
  3025. "entropy": "4.30",
  3026. "raw_address": "0x00069400",
  3027. "virtual_size": "0x0000a318",
  3028. "characteristics_raw": "0x40000040"
  3029. }
  3030. ],
  3031. "resources": [],
  3032. "dirents": [
  3033. {
  3034. "virtual_address": "0x00000000",
  3035. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  3036. "size": "0x00000000"
  3037. },
  3038. {
  3039. "virtual_address": "0x0005e090",
  3040. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  3041. "size": "0x0000012c"
  3042. },
  3043. {
  3044. "virtual_address": "0x0006d000",
  3045. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  3046. "size": "0x0000a318"
  3047. },
  3048. {
  3049. "virtual_address": "0x00000000",
  3050. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  3051. "size": "0x00000000"
  3052. },
  3053. {
  3054. "virtual_address": "0x00073800",
  3055. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  3056. "size": "0x00001a58"
  3057. },
  3058. {
  3059. "virtual_address": "0x00000000",
  3060. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  3061. "size": "0x00000000"
  3062. },
  3063. {
  3064. "virtual_address": "0x00050570",
  3065. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  3066. "size": "0x0000001c"
  3067. },
  3068. {
  3069. "virtual_address": "0x00000000",
  3070. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  3071. "size": "0x00000000"
  3072. },
  3073. {
  3074. "virtual_address": "0x00000000",
  3075. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  3076. "size": "0x00000000"
  3077. },
  3078. {
  3079. "virtual_address": "0x00000000",
  3080. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  3081. "size": "0x00000000"
  3082. },
  3083. {
  3084. "virtual_address": "0x0005af98",
  3085. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  3086. "size": "0x00000040"
  3087. },
  3088. {
  3089. "virtual_address": "0x00000000",
  3090. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  3091. "size": "0x00000000"
  3092. },
  3093. {
  3094. "virtual_address": "0x00050000",
  3095. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  3096. "size": "0x00000520"
  3097. },
  3098. {
  3099. "virtual_address": "0x00000000",
  3100. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  3101. "size": "0x00000000"
  3102. },
  3103. {
  3104. "virtual_address": "0x00000000",
  3105. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  3106. "size": "0x00000000"
  3107. },
  3108. {
  3109. "virtual_address": "0x00000000",
  3110. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  3111. "size": "0x00000000"
  3112. }
  3113. ],
  3114. "exports": [],
  3115. "guest_signers": {},
  3116. "imphash": "fc22a526c18358f987f144e2ac31d338",
  3117. "icon_fuzzy": null,
  3118. "icon": null,
  3119. "pdbpath": "c:\\src\\ADExplorer\\Release\\ADExplorer.pdb",
  3120. "imported_dll_count": 14,
  3121. "versioninfo": []
  3122. }
  3123. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!