689e7ab93d898e3ce0bdfea61b546df1ec03f2f613be9c0a3172a23b5e7f6a49

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Feb-12 16:06:13
Detected languages English - United States

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to security software:
  • rshell.exe
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Unusual section name found: .C4D0
Unusual section name found: .C4D1
Section .C4D1 is both writable and executable.
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryW
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
 Code injection capabilities (process hollowing):
  • SetThreadContext
  • ResumeThread
  • WriteProcessMemory
 Can access the registry:
  • RegEnumKeyExA
  • RegDeleteValueA
  • RegDeleteKeyA
  • RegCreateKeyExA
  • RegSetValueExA
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegCloseKey
 Possibly launches other programs:
  • WinExec
  • CreateProcessW
  • ShellExecuteA
 Can create temporary files:
  • CreateFileW
  • GetTempPathA
  • CreateFileA
 Uses functions commonly found in keyloggers:
  • GetAsyncKeyState
  • GetForegroundWindow
  • MapVirtualKeyA
  • CallNextHookEx
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Leverages the raw socket API to access the Internet:
  • WSAIoctl
  • inet_ntop
  • WSAStartup
  • closesocket
  • htons
  • socket
 Interacts with services:
  • QueryServiceConfigW
  • OpenServiceW
  • EnumServicesStatusExW
  • OpenSCManagerW
 Enumerates local disk drives:
  • GetVolumeInformationA
 Manipulates other processes:
  • WriteProcessMemory
 Can take screenshots:
  • GetDC
  • CreateCompatibleDC
  • BitBlt
Malicious VirusTotal score: 36/71 (Scanned on 2026-04-02 15:53:12) AVG: Win64:MalwareX-gen [Trj]
Antiy-AVL: Trojan/Win32.Agent
Arcabit: Trojan.Generic.D4C1DF54
Avast: Win64:MalwareX-gen [Trj]
BitDefender: Trojan.GenericKD.79814484
Bkav: W64.AIDetectMalware
CAT-QuickHeal: Trojan.Agent
CTX: dll.trojan.generic
CrowdStrike: win/malicious_confidence_60% (D)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Emsisoft: Trojan.GenericKD.79814484 (B)
Fortinet: W32/PossibleThreat
GData: Trojan.GenericKD.79814484
Google: Detected
Gridinsoft: Trojan.Heur!.03216022
K7AntiVirus: Trojan ( 7000001d1 )
K7GW: Trojan ( 7000001d1 )
Lionic: Trojan.Win32.Generic.4!c
Malwarebytes: Malware.AI.4258957132
MaxSecure: Trojan.Malware.589679953.susgen
McAfeeD: ti!689E7AB93D89
MicroWorld-eScan: Trojan.GenericKD.79814484
Paloalto: generic.ml
Sangfor: Trojan.Win32.Agent.Vfpd
SentinelOne: Static AI - Suspicious PE
Skyhigh: BehavesLike.Win64.Dropper.rc
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
Trapmine: malicious.moderate.ml.score
TrellixENS: Artemis!F575E779A093
TrendMicro-HouseCall: TROJ_GEN.R002H09CV26
VIPRE: Trojan.GenericKD.79814484
Varist: W64/ABTrojan.DKQX-5814

Hashes

MD5 f575e779a0930180028c5e46a4d3abc8
SHA1 bdbe4eb3eb87c067de0d3dc844ea53084e2283e4
SHA256 689e7ab93d898e3ce0bdfea61b546df1ec03f2f613be9c0a3172a23b5e7f6a49
SHA3 5cc1e8e6269ce8bfaf3839f5f42b2115fc4f3e313c6a49c54d564b46eadc5dce
SSDeep 196608:C5yFejtxdPM3vkOerCoxCPFfk1F5P546J45KXBIZoofG8:Qt/PM3vcjCFfkThe6wsIHG
Imports Hash d147fdd0f0f04852a1ad1036d3bd6096

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x148

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 10
TimeDateStamp 2026-Feb-12 16:06:13
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x1d0400
SizeOfInitializedData 0x4b8000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000950991 (Section: .C4D1)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x10e7000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1d0294
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 35b75ec9ff4751212549c2e114c9be8a
SHA1 73198f4a2dc0d6047d0bee0e740c509227e11209
SHA256 e3486e08dcb9ef34cc3fbad30c7fc9048ba26fa7a63eec1bbf3dd09b0230dba9
SHA3 8de205f853e4c2c245a86ef8b5a56b0fe8f82254a21b40fcd0d08b0a22345864
VirtualSize 0x8ad14
VirtualAddress 0x1d2000
SizeOfRawData 0x8ae00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.2109

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1666c
VirtualAddress 0x25d000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x15984
VirtualAddress 0x274000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xf4
VirtualAddress 0x28a000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x100
VirtualAddress 0x28b000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.C4D0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x6c2a69
VirtualAddress 0x28c000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.C4D1

MD5 3dffa6b3aec5f03a95a1cf1742f28ff3
SHA1 ec51eb4812be728135bd02cb1e636275217788f4
SHA256 a7b4fd90254078e847e6704ba426aec3c8953429f0d36856ac5e4514861ce508
SHA3 e9c859e9960068b9a9e1f90d74b679e074fcc513689479ea86a9b72ebe33d558
VirtualSize 0x7878c8
VirtualAddress 0x94f000
SizeOfRawData 0x787a00
PointerToRawData 0x8b200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.98919

.reloc

MD5 df011e96d03af773e06e8e83eafb13f1
SHA1 946495e51301b6e8dc0b9bf0cbf72d54589a100c
SHA256 a16012e324d567a7025595d0bce56e97afd813a4a17ab8d749279049573a79b1
SHA3 5e34e0b7caff1d9096a1707895dbede8e289195772ee56663b19c411f39c9ad3
VirtualSize 0xdd34
VirtualAddress 0x10d7000
SizeOfRawData 0xde00
PointerToRawData 0x812c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.44404

.rsrc

MD5 062e5f19e56b38440d19872b677be67f
SHA1 42f0617c83738ebaf5b514ecc9aa7320daf536c4
SHA256 5346dadbc7d058dd796704c852146914a6e07b900c6da0ff62ae0f52dc4e7d9f
SHA3 24048c764253f8263abe28cdd17392346d14464824e0ab5e660a6f8088b4aea7
VirtualSize 0x1262
VirtualAddress 0x10e5000
SizeOfRawData 0x1400
PointerToRawData 0x820a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.2795

Imports

KERNEL32.dll SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
SearchPathA
WriteConsoleW
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileAttributesExW
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
ExitProcess
GetFileType
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
HeapQueryInformation
InterlockedFlushSList
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx
GetOverlappedResult
ReleaseMutex
OpenMutexA
CreateMutexA
IsBadWritePtr
GetStringTypeW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
QueryPerformanceFrequency
OutputDebugStringW
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetProfileIntA
GetTickCount
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetTempFileNameA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetVersionExA
GlobalFindAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
EncodePointer
lstrcmpiA
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
GlobalAddAtomA
SetThreadPriority
CreateEventA
WaitForSingleObject
GlobalFlags
CompareStringA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FileTimeToSystemTime
GlobalGetAtomNameA
lstrcmpA
CopyFileA
MulDiv
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
lstrcatA
FindResourceA
WinExec
GetModuleFileNameW
GetModuleFileNameA
DisableThreadLibraryCalls
GetSystemDirectoryW
GetSystemDirectoryA
GetSystemTime
CreateProcessW
CreateThread
DeleteCriticalSection
HeapSize
DecodePointer
OutputDebugStringA
ReadFile
GetFileSize
GetFileAttributesA
DeleteFileW
DeleteFileA
CreateFileA
GetCurrentDirectoryA
GetCommandLineW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetModuleHandleW
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
GetCurrentProcessId
Sleep
HeapReAlloc
HeapCreate
CloseHandle
VirtualQuery
GetSystemInfo
IsBadReadPtr
RaiseException
lstrlenA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetNativeSystemInfo
FlushInstructionCache
GetCurrentProcess
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetACP
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
FindResourceW
SizeofResource
LockResource
LoadResource
InitializeCriticalSectionEx
GetLastError
USER32.dll IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
LoadImageW
TrackMouseEvent
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
OffsetRect
SetRectEmpty
CopyImage
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
IntersectRect
InflateRect
PostQuitMessage
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
GetTopWindow
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
EqualRect
CopyRect
MapWindowPoints
LoadImageA
GetClientRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
CopyIcon
FrameRect
DrawIcon
UnionRect
wsprintfA
GetMenuStringA
GetMenuState
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
UpdateLayeredWindow
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
MapVirtualKeyA
GetKeyNameTextA
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
SetClassLongPtrA
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
LoadCursorW
SetCursorPos
NotifyWinEvent
CreatePopupMenu
AdjustWindowRectEx
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
UnhookWindowsHookEx
GetWindowTextA
GetWindowTextLengthA
SendMessageA
EnableWindow
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorA
SetFocus
SetScrollPos
GetScrollPos
GetWindow
IsWindow
ShowWindow
MoveWindow
SetWindowPos
GetDlgItem
CheckDlgButton
SendDlgItemMessageA
GetDlgCtrlID
GetFocus
SetWindowTextA
SetWindowLongA
IsDialogMessageA
GetWindowRect
ClientToScreen
IsZoomed
PtInRect
GetDesktopWindow
GetClassNameA
RealChildWindowFromPoint
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
DestroyIcon
CharUpperA
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetWindowDC
BeginPaint
EndPaint
ScreenToClient
FillRect
RegisterWindowMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
MonitorFromPoint
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
LoadMenuW
RegisterClassA
GetClassInfoA
GetSystemMenu
BringWindowToTop
GetMenuDefaultItem
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageA
WaitMessage
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
CopyAcceleratorTableA
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
SetWindowPlacement
GetClassInfoExA
CreateWindowExA
GDI32.dll GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectA
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectA
CreateRectRgnIndirect
PatBlt
GetClipBox
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
DeleteObject
GetDeviceCaps
CreateDCA
CopyMetaFileA
DeleteDC
SetRectRgn
MSIMG32.dll TransparentBlt
AlphaBlend
WINSPOOL.DRV OpenPrinterA
ClosePrinter
DocumentPropertiesA
ADVAPI32.dll InitializeSecurityDescriptor
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
SHELL32.dll SHAppBarMessage
SHBrowseForFolderA
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHGetFileInfoA
CommandLineToArgvW
SHLWAPI.dll StrFormatKBSizeA
PathRemoveFileSpecW
PathStripToRootA
PathIsUNCA
SHSetValueA
PathFindFileNameA
PathFindExtensionA
UxTheme.dll IsThemeBackgroundPartiallyTransparent
DrawThemeText
OpenThemeData
GetThemePartSize
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
DrawThemeParentBackground
GetThemeSysColor
ole32.dll IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoDisconnectObject
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
OLEAUT32.dll VariantChangeType
VariantCopy
VariantClear
VarBstrFromDate
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLib
SysAllocString
VariantInit
WS2_32.dll WSAIoctl
inet_ntop
WSAStartup
closesocket
htons
socket
imagehlp.dll MakeSureDirectoryPathExists
HID.DLL HidD_GetAttributes
HidD_GetHidGuid
HidD_FlushQueue
SETUPAPI.dll SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
gdiplus.dll GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
OLEACC.dll AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
IMM32.dll ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
WINMM.dll PlaySoundA
WinSCard.dll SCardDisconnect
SCardConnectA
g_rgSCardT1Pci
SCardListReadersA
SCardEstablishContext
SCardReconnect
SCardTransmit
SCardReleaseContext
WTSAPI32.dll WTSSendMessageW
KERNEL32.dll (#2) SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
SearchPathA
WriteConsoleW
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileAttributesExW
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
ExitProcess
GetFileType
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
HeapQueryInformation
InterlockedFlushSList
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx
GetOverlappedResult
ReleaseMutex
OpenMutexA
CreateMutexA
IsBadWritePtr
GetStringTypeW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
QueryPerformanceFrequency
OutputDebugStringW
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetProfileIntA
GetTickCount
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetTempFileNameA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetVersionExA
GlobalFindAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
EncodePointer
lstrcmpiA
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
GlobalAddAtomA
SetThreadPriority
CreateEventA
WaitForSingleObject
GlobalFlags
CompareStringA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FileTimeToSystemTime
GlobalGetAtomNameA
lstrcmpA
CopyFileA
MulDiv
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
lstrcatA
FindResourceA
WinExec
GetModuleFileNameW
GetModuleFileNameA
DisableThreadLibraryCalls
GetSystemDirectoryW
GetSystemDirectoryA
GetSystemTime
CreateProcessW
CreateThread
DeleteCriticalSection
HeapSize
DecodePointer
OutputDebugStringA
ReadFile
GetFileSize
GetFileAttributesA
DeleteFileW
DeleteFileA
CreateFileA
GetCurrentDirectoryA
GetCommandLineW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetModuleHandleW
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
GetCurrentProcessId
Sleep
HeapReAlloc
HeapCreate
CloseHandle
VirtualQuery
GetSystemInfo
IsBadReadPtr
RaiseException
lstrlenA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetNativeSystemInfo
FlushInstructionCache
GetCurrentProcess
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetACP
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
FindResourceW
SizeofResource
LockResource
LoadResource
InitializeCriticalSectionEx
GetLastError
USER32.dll (#2) IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
LoadImageW
TrackMouseEvent
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
OffsetRect
SetRectEmpty
CopyImage
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
IntersectRect
InflateRect
PostQuitMessage
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
GetTopWindow
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
EqualRect
CopyRect
MapWindowPoints
LoadImageA
GetClientRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
CopyIcon
FrameRect
DrawIcon
UnionRect
wsprintfA
GetMenuStringA
GetMenuState
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
UpdateLayeredWindow
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
MapVirtualKeyA
GetKeyNameTextA
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
SetClassLongPtrA
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
LoadCursorW
SetCursorPos
NotifyWinEvent
CreatePopupMenu
AdjustWindowRectEx
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
UnhookWindowsHookEx
GetWindowTextA
GetWindowTextLengthA
SendMessageA
EnableWindow
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorA
SetFocus
SetScrollPos
GetScrollPos
GetWindow
IsWindow
ShowWindow
MoveWindow
SetWindowPos
GetDlgItem
CheckDlgButton
SendDlgItemMessageA
GetDlgCtrlID
GetFocus
SetWindowTextA
SetWindowLongA
IsDialogMessageA
GetWindowRect
ClientToScreen
IsZoomed
PtInRect
GetDesktopWindow
GetClassNameA
RealChildWindowFromPoint
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
DestroyIcon
CharUpperA
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetWindowDC
BeginPaint
EndPaint
ScreenToClient
FillRect
RegisterWindowMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
MonitorFromPoint
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
LoadMenuW
RegisterClassA
GetClassInfoA
GetSystemMenu
BringWindowToTop
GetMenuDefaultItem
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageA
WaitMessage
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
CopyAcceleratorTableA
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
SetWindowPlacement
GetClassInfoExA
CreateWindowExA
ADVAPI32.dll (#2) InitializeSecurityDescriptor
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
KERNEL32.dll (#3) SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
SearchPathA
WriteConsoleW
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileAttributesExW
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
ExitProcess
GetFileType
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
HeapQueryInformation
InterlockedFlushSList
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx
GetOverlappedResult
ReleaseMutex
OpenMutexA
CreateMutexA
IsBadWritePtr
GetStringTypeW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
QueryPerformanceFrequency
OutputDebugStringW
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetProfileIntA
GetTickCount
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetTempFileNameA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetVersionExA
GlobalFindAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
EncodePointer
lstrcmpiA
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
GlobalAddAtomA
SetThreadPriority
CreateEventA
WaitForSingleObject
GlobalFlags
CompareStringA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FileTimeToSystemTime
GlobalGetAtomNameA
lstrcmpA
CopyFileA
MulDiv
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
lstrcatA
FindResourceA
WinExec
GetModuleFileNameW
GetModuleFileNameA
DisableThreadLibraryCalls
GetSystemDirectoryW
GetSystemDirectoryA
GetSystemTime
CreateProcessW
CreateThread
DeleteCriticalSection
HeapSize
DecodePointer
OutputDebugStringA
ReadFile
GetFileSize
GetFileAttributesA
DeleteFileW
DeleteFileA
CreateFileA
GetCurrentDirectoryA
GetCommandLineW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetModuleHandleW
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
GetCurrentProcessId
Sleep
HeapReAlloc
HeapCreate
CloseHandle
VirtualQuery
GetSystemInfo
IsBadReadPtr
RaiseException
lstrlenA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetNativeSystemInfo
FlushInstructionCache
GetCurrentProcess
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetACP
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
FindResourceW
SizeofResource
LockResource
LoadResource
InitializeCriticalSectionEx
GetLastError
ADVAPI32.dll (#3) InitializeSecurityDescriptor
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
PYG64.dll LHOOK

Delayed Imports

InitErrors

Ordinal 17
Address 0x1cc90

PostError

Ordinal 18
Address 0x1cc96

InitSSAutoEnterThread

Ordinal 19
Address 0x1cc9c

UpdateError

Ordinal 20
Address 0x1cca2

CloseCtrs

Ordinal 21
Address 0x1cca8

LoadStringRC

Ordinal 22
Address 0x1ccae

ReOpenMetaDataWithMemory

Ordinal 23
Address 0x1ccb4

Ordinal 24
Address 0x1ccba

CollectCtrs

Ordinal 25
Address 0x1ccc0

CorDllMainWorker

Ordinal 26
Address 0x1ccc6

EEDllGetClassObjectFromClass

Ordinal 27
Address 0x1cccc

GetPrivateContextsPerfCounters

Ordinal 28
Address 0x1ccd2

GetProcessExecutableHeap

Ordinal 29
Address 0x1ccd8

GetStartupFlags

Ordinal 30
Address 0x1ccde

GetTargetForVTableEntry

Ordinal 31
Address 0x1cce4

GetTokenForVTableEntry

Ordinal 32
Address 0x1ccea

LogHelp_LogAssert

Ordinal 33
Address 0x1ccf0

LogHelp_NoGuiOnAssert

Ordinal 34
Address 0x1ccf6

LogHelp_TerminateOnAssert

Ordinal 35
Address 0x1ccfc

OpenCtrs

Ordinal 36
Address 0x1cd02

SetTargetForVTableEntry

Ordinal 37
Address 0x1cd08

CLRCreateInstance

Ordinal 38
Address 0x1cd0e

CallFunctionShim

Ordinal 39
Address 0x1cd14

ClrCreateManagedInstance

Ordinal 40
Address 0x1cd1a

CoEEShutDownCOM

Ordinal 41
Address 0x1cd20

CoInitializeCor

Ordinal 42
Address 0x1cd26

CoInitializeEE

Ordinal 43
Address 0x1cd2c

CoUninitializeCor

Ordinal 44
Address 0x1cd32

CoUninitializeEE

Ordinal 45
Address 0x1cd38

CorBindToCurrentRuntime

Ordinal 46
Address 0x1cd3e

CorBindToRuntime

Ordinal 47
Address 0x1cd44

CorBindToRuntimeByCfg

Ordinal 48
Address 0x1cd4a

CorBindToRuntimeByPath

Ordinal 49
Address 0x1cd50

CorBindToRuntimeByPathEx

Ordinal 50
Address 0x1cd56

CorBindToRuntimeEx

Ordinal 51
Address 0x1cd5c

CorBindToRuntimeHost

Ordinal 52
Address 0x1cd62

CorExitProcess

Ordinal 53
Address 0x1cd68

CorGetSvc

Ordinal 54
Address 0x1cd6e

CorIsLatestSvc

Ordinal 55
Address 0x1cd74

CorMarkThreadInThreadPool

Ordinal 56
Address 0x1cd7a

CorTickleSvc

Ordinal 57
Address 0x1cd80

CreateConfigStream

Ordinal 58
Address 0x1cd86

CreateDebuggingInterfaceFromVersion

Ordinal 59
Address 0x1cd8c

CreateInterface

Ordinal 60
Address 0x1cd92

DllCanUnloadNow

Ordinal 61
Address 0x1cd98

DllGetClassObject

Ordinal 62
Address 0x1cd9e

DllRegisterServer

Ordinal 63
Address 0x1cda4

DllUnregisterServer

Ordinal 64
Address 0x1cdaa

EEDllRegisterServer

Ordinal 65
Address 0x1cdb0

EEDllUnregisterServer

Ordinal 66
Address 0x1cdb6

GetAssemblyMDImport

Ordinal 67
Address 0x1cdbc

GetCLRMetaHost

Ordinal 68
Address 0x1cdc2

GetCORRequiredVersion

Ordinal 69
Address 0x1cdc8

GetCORRootDirectory

Ordinal 70
Address 0x1cdce

GetCORSystemDirectory

Ordinal 71
Address 0x1cdd4

GetCORVersion

Ordinal 72
Address 0x1cdda

GetCompileInfo

Ordinal 73
Address 0x1cde0

GetFileVersion

Ordinal 74
Address 0x1cde6

GetHashFromAssemblyFile

Ordinal 75
Address 0x1cdec

GetHashFromAssemblyFileW

Ordinal 76
Address 0x1cdf2

GetHashFromBlob

Ordinal 77
Address 0x1cdf8

GetHashFromFile

Ordinal 78
Address 0x1cdfe

GetHashFromFileW

Ordinal 79
Address 0x1ce04

GetHashFromHandle

Ordinal 80
Address 0x1ce0a

GetHostConfigurationFile

Ordinal 81
Address 0x1ce10

GetMetaDataInternalInterface

Ordinal 82
Address 0x1ce16

GetMetaDataInternalInterfaceFromPublic

Ordinal 83
Address 0x1ce1c

GetMetaDataPublicInterfaceFromInternal

Ordinal 84
Address 0x1ce22

GetPermissionRequests

Ordinal 85
Address 0x1ce28

GetRealProcAddress

Ordinal 86
Address 0x1ce2e

GetRequestedRuntimeInfo

Ordinal 87
Address 0x1ce34

GetRequestedRuntimeVersion

Ordinal 88
Address 0x1ce3a

GetRequestedRuntimeVersionForCLSID

Ordinal 89
Address 0x1ce40

GetVersionFromProcess

Ordinal 90
Address 0x1ce46

GetXMLElement

Ordinal 91
Address 0x1ce4c

GetXMLElementAttribute

Ordinal 92
Address 0x1ce52

GetXMLObject

Ordinal 93
Address 0x1ce58

IEE

Ordinal 94
Address 0x1ce5e

LoadLibraryShim

Ordinal 95
Address 0x1ce64

LoadLibraryWithPolicyShim

Ordinal 96
Address 0x1ce6a

LoadStringRCEx

Ordinal 97
Address 0x1ce70

LockClrVersion

Ordinal 98
Address 0x1ce76

MetaDataGetDispenser

Ordinal 99
Address 0x1ce7c

ND_CopyObjDst

Ordinal 100
Address 0x1ce82

ND_CopyObjSrc

Ordinal 101
Address 0x1ce88

ND_RI2

Ordinal 102
Address 0x1ce8e

ND_RI4

Ordinal 103
Address 0x1ce94

ND_RI8

Ordinal 104
Address 0x1ce9a

ND_RU1

Ordinal 105
Address 0x1cea0

ND_WI2

Ordinal 106
Address 0x1cea6

ND_WI4

Ordinal 107
Address 0x1ceac

ND_WI8

Ordinal 108
Address 0x1ceb2

ND_WU1

Ordinal 109
Address 0x1ceb8

ReOpenMetaDataWithMemoryEx

Ordinal 110
Address 0x1cebe

RunDll32ShimW

Ordinal 111
Address 0x1cec4

RuntimeOSHandle

Ordinal 112
Address 0x1ceca

RuntimeOpenImage

Ordinal 113
Address 0x1ced0

RuntimeReleaseHandle

Ordinal 114
Address 0x1ced6

StrongNameCompareAssemblies

Ordinal 115
Address 0x1cedc

StrongNameErrorInfo

Ordinal 116
Address 0x1cee2

StrongNameFreeBuffer

Ordinal 117
Address 0x1cee8

StrongNameGetBlob

Ordinal 118
Address 0x1ceee

StrongNameGetBlobFromImage

Ordinal 119
Address 0x1cef4

StrongNameGetPublicKey

Ordinal 120
Address 0x1cefa

StrongNameHashSize

Ordinal 121
Address 0x1cf00

StrongNameKeyDelete

Ordinal 122
Address 0x1cf06

StrongNameKeyGen

Ordinal 123
Address 0x1cf0c

StrongNameKeyGenEx

Ordinal 124
Address 0x1cf12

StrongNameKeyInstall

Ordinal 125
Address 0x1cf18

StrongNameSignatureGeneration

Ordinal 126
Address 0x1cf1e

StrongNameSignatureGenerationEx

Ordinal 127
Address 0x1cf24

StrongNameSignatureSize

Ordinal 128
Address 0x1cf2a

StrongNameSignatureVerification

Ordinal 129
Address 0x1cf30

StrongNameSignatureVerificationEx

Ordinal 130
Address 0x1cf36

StrongNameSignatureVerificationFromImage

Ordinal 131
Address 0x1cf3c

StrongNameTokenFromAssembly

Ordinal 132
Address 0x1cf42

StrongNameTokenFromAssemblyEx

Ordinal 133
Address 0x1cf48

StrongNameTokenFromPublicKey

Ordinal 134
Address 0x1cf4e

TranslateSecurityAttributes

Ordinal 135
Address 0x1cf54

_CorDllMain

Ordinal 136
Address 0x1cf5a

_CorExeMain

Ordinal 137
Address 0x1cf60

_CorExeMain2

Ordinal 138
Address 0x1cf66

_CorImageUnloading

Ordinal 139
Address 0x1cf6c

_CorValidateImage

Ordinal 140
Address 0x1cf72

Rockey

Ordinal 141
Address 0x153d0

(#2)

Ordinal 142
Address 0x1cf78

GetFileVersionInfoA

Ordinal 1001
Address 0x1cf80

GetFileVersionInfoByHandle

Ordinal 1002
Address 0x1cf86

GetFileVersionInfoExA

Ordinal 1003
Address 0x1cf8c

GetFileVersionInfoExW

Ordinal 1004
Address 0x1cf92

GetFileVersionInfoSizeA

Ordinal 1005
Address 0x1cf98

GetFileVersionInfoSizeExA

Ordinal 1006
Address 0x1cf9e

GetFileVersionInfoSizeExW

Ordinal 1007
Address 0x1cfa4

GetFileVersionInfoSizeW

Ordinal 1008
Address 0x1cfaa

GetFileVersionInfoW

Ordinal 1009
Address 0x1cfb0

VerFindFileA

Ordinal 1010
Address 0x1cfb6

VerFindFileW

Ordinal 1011
Address 0x1cfbc

VerInstallFileA

Ordinal 1012
Address 0x1cfc2

VerInstallFileW

Ordinal 1013
Address 0x1cfc8

VerLanguageNameA

Ordinal 1014
Address 0x1cfce

VerLanguageNameW

Ordinal 1015
Address 0x1cfd4

VerQueryValueA

Ordinal 1016
Address 0x1cfda

VerQueryValueW

Ordinal 1017
Address 0x1cfe0

DevObjBuildClassInfoList

Ordinal 2001
Address 0x1cb50

DevObjChangeState

Ordinal 2002
Address 0x1cb56

DevObjClassGuidsFromName

Ordinal 2003
Address 0x1cb5c

DevObjClassNameFromGuid

Ordinal 2004
Address 0x1cb62

DevObjCreateClassDeviceInfoList

Ordinal 2005
Address 0x1cb68

DevObjCreateDevRegKey

Ordinal 2006
Address 0x1cb6e

DevObjCreateDeviceInfo

Ordinal 2007
Address 0x1cb74

DevObjCreateDeviceInfoList

Ordinal 2008
Address 0x1cb7a

DevObjCreateDeviceInterface

Ordinal 2009
Address 0x1cb80

DevObjCreateDeviceInterfaceRegKey

Ordinal 2010
Address 0x1cb86

DevObjDeleteAllInterfacesForDevice

Ordinal 2011
Address 0x1cb8c

DevObjDeleteDevRegKey

Ordinal 2012
Address 0x1cb92

DevObjDeleteDevice

Ordinal 2013
Address 0x1cb98

DevObjDeleteDeviceInfo

Ordinal 2014
Address 0x1cb9e

DevObjDeleteDeviceInterfaceData

Ordinal 2015
Address 0x1cba4

DevObjDeleteDeviceInterfaceRegKey

Ordinal 2016
Address 0x1cbaa

DevObjDestroyDeviceInfoList

Ordinal 2017
Address 0x1cbb0

DevObjEnumDeviceInfo

Ordinal 2018
Address 0x1cbb6

DevObjEnumDeviceInterfaces

Ordinal 2019
Address 0x1cbbc

DevObjGetClassDescription

Ordinal 2020
Address 0x1cbc2

DevObjGetClassDevs

Ordinal 2021
Address 0x1cbc8

DevObjGetClassProperty

Ordinal 2022
Address 0x1cbce

DevObjGetClassPropertyKeys

Ordinal 2023
Address 0x1cbd4

DevObjGetClassRegistryProperty

Ordinal 2024
Address 0x1cbda

DevObjGetDeviceInfoDetail

Ordinal 2025
Address 0x1cbe0

DevObjGetDeviceInfoListClass

Ordinal 2026
Address 0x1cbe6

DevObjGetDeviceInfoListDetail

Ordinal 2027
Address 0x1cbec

DevObjGetDeviceInstanceId

Ordinal 2028
Address 0x1cbf2

DevObjGetDeviceInterfaceAlias

Ordinal 2029
Address 0x1cbf8

DevObjGetDeviceInterfaceDetail

Ordinal 2030
Address 0x1cbfe

DevObjGetDeviceInterfaceProperty

Ordinal 2031
Address 0x1cc04

DevObjGetDeviceInterfacePropertyKeys

Ordinal 2032
Address 0x1cc0a

DevObjGetDeviceProperty

Ordinal 2033
Address 0x1cc10

DevObjGetDevicePropertyKeys

Ordinal 2034
Address 0x1cc16

DevObjGetDeviceRegistryProperty

Ordinal 2035
Address 0x1cc1c

DevObjLocateDevice

Ordinal 2036
Address 0x1cc22

DevObjOpenClassRegKey

Ordinal 2037
Address 0x1cc28

DevObjOpenDevRegKey

Ordinal 2038
Address 0x1cc2e

DevObjOpenDeviceInfo

Ordinal 2039
Address 0x1cc34

DevObjOpenDeviceInterface

Ordinal 2040
Address 0x1cc3a

DevObjOpenDeviceInterfaceRegKey

Ordinal 2041
Address 0x1cc40

DevObjRegisterDeviceInfo

Ordinal 2042
Address 0x1cc46

DevObjRemoveDeviceInterface

Ordinal 2043
Address 0x1cc4c

DevObjRestartDevices

Ordinal 2044
Address 0x1cc52

DevObjSetClassProperty

Ordinal 2045
Address 0x1cc58

DevObjSetClassRegistryProperty

Ordinal 2046
Address 0x1cc5e

DevObjSetDeviceInfoDetail

Ordinal 2047
Address 0x1cc64

DevObjSetDeviceInterfaceDefault

Ordinal 2048
Address 0x1cc6a

DevObjSetDeviceInterfaceProperty

Ordinal 2049
Address 0x1cc70

DevObjSetDeviceProperty

Ordinal 2050
Address 0x1cc76

DevObjSetDeviceRegistryProperty

Ordinal 2051
Address 0x1cc7c

DevObjUninstallDevice

Ordinal 2052
Address 0x1cc82

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x14e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.06245
MD5 d9e965bcd37c0e287fa7482b17d6cdf9
SHA1 ca99987586776ab4645a5f9b90bf7de322d56508
SHA256 950323fa57f6393cbbc433ab8a005ef2a3b0c604b32aadd25b3cc5d241ff6a5f
SHA3 b3beae08086456fc8a40c955963932ea767384487ea2fd173085b5d21ae75276

Version Info

TLS Callbacks

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x18025f488

RICH Header

XOR Key 0x95acdfce
Unmarked objects 0
ASM objects (33140) 19
Unmarked objects (#2) 1
Imports (2207) 4
C objects (VS2012 build 50727 / VS2005 build 50727) 7
Imports (VS2008 SP1 build 30729) 2
C objects (33140) 41
C++ objects (33140) 232
C objects (CVTCIL) (33140) 1
Imports (33140) 39
Total imports 887
C objects (30034) 17
ASM objects (30034) 11
C++ objects (30034) 386
C++ objects (30157) 10
ASM objects (30157) 3
Exports (30157) 1
Resource objects (30157) 1
151 1
Linker (30157) 1

Errors

[!] Error: Could not reach the TLS callback table. [*] Warning: Section .text has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .pdata has a size of 0! [*] Warning: Section _RDATA has a size of 0! [*] Warning: Section .fptable has a size of 0! [*] Warning: Section .C4D0 has a size of 0! [*] Warning: 1841 invalid export(s) not shown.
Leave a comment

No comments yet.