File identification
Static PE information
Analysis
Layers & regions
VirusTotal scans
Summary
Visibility Public
Main file's SHA256 ecae6a2f3690f1b7ce565c2b2ac19ad37ade638cc75f04b275595d86d5d9e679
Complexity Type IV
Packer identification (signature based) Upack_v0_39_final_Dwing, Upack_V0_37_Dwing
Number of processes 1
Number of layers 3
Packer analysis graph

File identification

General information
SHA256 ecae6a2f3690f1b7ce565c2b2ac19ad37ade638cc75f04b275595d86d5d9e679
SHA1 b1b784356e5681ebda9b4379f5b30520c35a4447
MD5 a5ac6e69ce2e16841e8ca044fbf7ca5a
ssdeep 3072:J0tum+/BgjLA8Hc8OyAFGO4hwZUFcqJY2ZL4jy12+j9/ouG/o4YXOauj:SLFPAOc8Tc7Uu4Cs2+u/Fzj
sdhash sdbf:03:0::185776:sha1:256:5:7ff:160:19:116:gJCgj1GRSAAGUuFgogAAAGYsKQlBIiQAcGXPPgASAGwj7aSauSKQkQAAcdIbitkzSShoBMGJiaRbCCMDESxQIIgsXgsEmcABSAGmACCCgykCBAjKAZdwQAeAOaSwhh0Q4ICgEJ1BOALpwmDoFQAnEsjhDYBMoCpYseQQkEgUowxBAofAsJMEJCRSIAISYhGQhQBhhDDGJCCJhCNZQNkUESAixaBKGgaKAqG0YcwkKERELg61aAGQIBRCCDBcKCFOqULUBAsMAaABZHsF4DxM0JTYAhNJWFkvWzIii3IACGEbJQCO8DE6q8AIrAZcsBUjJCAn0HfDEA4CHEICYMfD6AyRQxQGt0IAAhIO+cCPBTeg5/oA6xAY+I0CwI1AwWhgUBACAbIFMBAlCgAAnqACyIIAIQpoEy6KLQITiEYLzgoIAAiAAXQQAUZAEA00EkVicFHAEMiwmsdC0MiAEcoilJLaSpU4YBIyqSAGEMCQlKAhoA2MiCASIyUKktIAk1AICsgGqxpAFAI4wgxynikGaJjDEAwIqQTAxiCCWuAAOEAeBCkB1iiASJChUgRMhxRaAWaDAUbymIgzOAEBZIUgTcoY1AI0BTKcZGEbaUIhiWUdaimMwsJA4AkhQAWNqISGKEahNghsHsYWWgTkkSIwShGSQECGBCgkpyWhRykhAhAtSSCQukCHJAiSHhvcTwqWFhKIkS4kgEQgCj6qpIADLCWR5CqlvRAExiChOdosQhtiJMkwQ5lVQBEUQQOCyAMJhKqSaIJAAgQ5YQI49ZgkemjQcRrhTAADNGAUVFUgKgCRwMvEYQyAzGRAQaEGKAgQY4FJxUjyAMyAOkQWhhvEmEq1BBTAAAABKmEeWCAnFLAZUgiMEgKmQFMgAQdngAACGHigL4DmjQIYDgAhFImCAkGhAZmGGIKJKVVEIyA2s8QAFGLZIgWUrEmSe5HHAYEKSmjAEoKBYhNE6QRDJCmQIQohzoETEFQNEEwC0SSWIKo0MEQgqViAlVBYsNQUIZIAClEEAY6KgFITmGopGUpEgYCqkhAYRBDBgibOoQy4GCjOEAjmBUiOAIyMCZgYoUwIDBlGEIK0g2Uh4sgBII09oA1MJMQAgAHBhAwAwHZwqhBECgRIPKIYiCsABCAANJIgyJgBpAQCIz0Q8BieoEARpoQsQ6EKEVFFB0IYJoGFWsnkR7TQDQONCZMPwEvrEPQNAygSIkiVlFCB1RpgInSfkCCijYaAQCKxEEMkEYCgiNhQJUhSE1FSRA2MHMDhhIcgEIOEjBCCBAQQjA7QAii8WCFEEYAPR2M9EBkZLJjAKUEXIFFFpAFEDBYBGTRSADMUAaAZGRVlNrQAIhNEYgMEhI7QRAVRAICvoHwyDQnAwyDkOwBiFTJahQClaFGgKhWBgAMAWkr14FgwIFXs0IAJGNIMWgEAGAFERbAA2QVViGkm6BAElAOBmMRSUwqZFIsgAUOYECgSIJzAKAlJCAgUVCYCsAIMEARTGc9QhEEH0SPrIEEqr1MTSuSn0KP0uigAGW8ICGATlIECoREBIIyRYQkQBJDANU0JGUMIGfAIEyhfVkCIGQYNQKAjpIQHEBZPGGFAFMNAAYFIc6IMFCNBESL5GQQgAxKAGrGRUqFgRiwAupCHhuGGAjgANYAUAMSQkRKEgvMgNhFTBQ2DJbII0gYkMbBGRGnQwASE2Agku8A3ZApwFAv4AcsADI61EcAMTNSyEKANx6yYtQiBJyqAQyD6CsYMBhsAAaHAAIDCoZAMAAQMCBCvPglwE5yGMlHLEmEjthwI2Q4EBSgAUOViD4whkAHMABNR0KBKAJUCCI4uIICKAxoIkyIBDGUi0BoAcjkoA3EAUikSRGO0HZAsDhSwDwFICD5GEABhmBwWIAGM8tGCZcCzhOQAACAEEJIYQSKrSCmOkocwgFRkUCEACZ4EoRCRIeJQ3jgJQAoE9NBupoIyWBTMAo6uBgiMAYYISBGGw0maAJB8XAOEkTGSMLgu4EbEAWIJoGQCcDgUAAEOIJbCQbAgCgpcg9KRDcAAAYCSAVAwECBARw1ACuxmqf8AAG2FOYQmAIVAkikQjDVgIGcoiwAAJRArCHRWGAyMpyxBYi5woIiUUBp8aeQB8tyJAIxXUMJgSERkAIKQ4CTAQgAAlWluQQBgWJEOBRxkiAeCAdJZYgDTEp0gCMBoNIYBATFODkQPOBQQQHskQlhATBoBXmJcxlFAioC9GAAdQjATBCBjkQEjFRP2VFTAHaVDAOGC0AC6dk7c2mCAkICYPQiBA0BAAh0QJQlE4FrrBBXFIgCBGglAJGE2FCBNXICyMoDgWRCTAcTLirUGIoNLAz6SgS4SB6DSApHYBnxCEmIREpAFAiQpmC2QzkURYFMDjgCSujPCARcAI+VAwThuO1lqZsNBEGMScTAF8AICuIYpJJhhgAX5ZmBsaIAhkIgBY1QgQSlAlMAKOZAg4lhhCACSBAZAAEV4a8EQYUQAFSRBVAKgdGdKQtcAFwAACq6bCDA4BIwI5AJodW2EaBRGARCSyQGKwkxIiFSJEUCR6JaA2XGDVKEM6cAMAAIJxcIywYCAowqoRAwAUnADtOsZEMBWAgAACsPI0CBQQAX1m8BuAEIABGgE1CQxuAmBUDQAZKQQZqhAQIB8HQnGIMChQKAhAOCeFEVcJYpUTRlAlKu1t4gAaQDSaFnPIAwesSGCVlhFwA5AATrAZY1KsXgJCTGdyFBJAEACDEQST0ZcgSFIJLBJCh2cpCqAKPDDquLVRgLKowESEYmCqVUEIQkpSAz7QSYkFq0MKGWkgWQZEMgIABkGQUOTsA21RAUACkV8KRCA1wQlrYINoismcIDsKAjaCmxsHC9XZBAkKJcIGiaEPyImkoBlGEEADpWEKT3hwSIphgkKiAOYAjIJECAAREDGckSCSWC4YhPHOHJxORUIAIkUeCgJIBZ9AYEDgABhBIIkRQBkGkANDgBUsGARJolGAok0ABjC80mNHBAfuKkAwIIaUmzBQKyCdooDDLJYcFxIyiZIDBMBwyoYAEYVOIUwIEjRgAgBiUAQAiAF0Gqc7ApvjIwEgwZIJgaVAzKg3YQVAUEwCKWAjBHRIgI36A9CiHEHLERQIDaUEA0whRpAQEhsCALLKCBI1DLNTmQEjwTQg8LSkAchhIEytSGAdFYAMGAFCovABEaoMIQydILFggAEQlBAyJiFAQyAGKEC4lUQAxvsbKBCzB0gCAAEIVXQAdEIQQpy4YJJaQw+BUKjAIXTSHSpKHBTwUBCEgUAQw+g4lABE4AMgFZgYSgwh6QBbFLDeDHSoAiaIgRSFAAImUIdIIGaQmF5KBilBKAYaABgApJZOKAxElJugQsD0BTRBEQHDmIRAIhoqcBgSDgUJZQAQIQM+JToc1GAQcRmx4MIwANNlgCQAIAkAIpOCiTE2AICOWYoSiobFiGHGUkKOEQUBQIAYUQFKGXp0nD9AQIMVGsBSFiSkABAYAQMWAAAU1gKncAC7YVAQMxY5TDeFBASqCEEqkgyBBiwP1YAjujDgQZgAJIQ5EijqERwPxYACKaiS8gghCMBECbESyMjBvjFD0AHRCSMBiKhSEBMlUlBIIhIIpCO2CgoCJAwijLNBkAnmICgjA2ATIhgRIAz2GgAdpBMBCFSHKBAYDFAlPaGIA6wiIgLNgAMhZDpIVDwkYMEZ8yPgKUlApgBBJSihHNSGgjdMxC8CEAzVcgAEgoIzcClFEJi9JYtapAAFSwpAruSlBAIQkMsAjgM+URwIcA1oiFRkoSAVCuHah2plcQDEtOJoECAqmCiKIiqDQ5AB+08ACFUooIKAVUksIGFWEAvALgLCEi1RRAET4uEBDAOQBO/zB5wJGQjzMiQBQHwRCBAA0sUGEx4RuJHPUKCPWMDDBPIUCDABbBSAaMsLQAlRAzcwkQNqoBIl8AZiaFACs0IABjIgAKoXjFAIJRCwlsAEdRpwgIgAHgEEWRT8UaCgCQJYpURJRTYDwADSCdABAoI3M50EDlAlNBgQBGseQgAYyGA0KAgEBsGioACQAQnAwCgRNDUQ8EoYoPVa0YYDQZaPj6RBKDNtREqUHMgBlFAVr5sQhAwkWhQBMZDCSAYAS2BqKFhJhkjIgogDIJqIoRAoSJKIvRbIAqElEgnI5QUiAq8DCAFlobAC1AEBQgwK2SixyYEgIZiuLogQTAYWAYa1DPIUp3wgKaAJKO8rhwwAGEAwIgh0CGM0LgCSAAIjNTFgRbgJggizSlCgxAljIFsCWYXKy0QkpArC0EAAGSFE5VUA2wlgzIcAIMQQcgBIhINxALlYQ4QRwBkuEoEUFgSRhMjiCLjQxkiiqAILlEUVEIEpCxIOJeAwiQEo4R0ilQALaRCITAwR4BHIJIDtBtGp4BG8IB5RAMEedLIpzipgFkwQABghHROGFkal4MIQByBUZViYYAwhJAE0AAAJJAQEcABwQSpYj8sJQgQgTorCkGDtsyhtEA41lVhDJSnIJDKrYEcVxIq2ARcFDozBiOQACuBC+gkiYyFVQsIOCwIAw4QHeAehAoBoRBlAIACwEIQhj8YeYkBiAwBzhRgSnPYADoAzOFuY0BBWoUAGLDiEsHWQCDCQWDCSJ6AFzSMIeYCYIQdL1hMCXWqtjG4gF0AQW6IKgyAY0KgDkAAwwCKlU4RA4CQAUCCNiA6mkUBZEQZhrAQScgUhBgAQJcYYAUIMIKVlAQDgCgISmAmIF5IF2FSAQCIZBKhoSgigSBkEAAtiiAAGiG+gIG1QEGICIMhuA2AjCNVRyAOwaYC0hCyGCFBAkNJKSiBRSOeAARicASVCySlbAhMgCG+yagQoADAKkCADi3dWCo0gYoggkCAAMN/RACJBJVBYUyBCmREWwpiP+gM4MuACBj5HJA8MBCQYJVEHukitgyoAbmIRlLCiRiSULBEYcgBBmsRoREIKNK4qCCCAIWEAgE0gGGQZKBEM1woIQRUhiALOIxoF4uEIC4HKIUQDJBRSWEYAAROUpSSjGmMgBcAMkR6kAo6IoSS+BgM6BASFwRIYQcTpgZgKlSwAlKQEsASFGZMiCAVZFEPBBCkLQIBQaego6qBYQ8UDBWCQRBg0lIAABDgJQAQiUBABMQCiVeGcAKCAIEtAZAqInZMcBLT4CrEBoAQmAYhLAAgBQwo4gAKQMQXEGkJCDyCCWgeMymAqKhG8ABDJBgDYD6GTfYAAJpBGgqxCzgBgeDVg2MoBBCmoMYA3CEC2EBGaUkSEmUWjQcSFQQGKRGQSCe6MoCGqYuXwGwMzIfE9O0HkpIFHwgxEANXspwOBQABRIJUGUgG5EMwEjDI2HDAUZJDsZIRQAFzgx5aDIAEqLEzTyMFgMAARzH6xsUIEESKC5EEEVSE4O5S0gEfJwEbhIpwiiITUIwDBRQYGG4hQhATwGsepErEFgDA5CRCAhMQMSYBEnWAAGYBECAqKE0paUJVAhARjRNkQMABQmByApgjJBCECQQuGNRgBsOylQqBBYDrEsGXcaDrgC5HhgJQVDGiFiCGGBiIEEhpAgAIgBIUYYhhBVEEZin8iEqRCIQskJEJooIRiCCxC0AaBBUhAD2MvQAT0cmMsGEAA9SNIF+BQQBIC1CJigDgKBANP8gWjpIHKg2BDQO2EQDIQeIq0RgfyHgRBMkAChSrFINVu6IlmmoDhZDGPgKSsjEEkONHAwSIzhiBwhZsYoQVMiYBEE2LCDwIYKEXMpOEAUIRAABA4AIQIGZKjAAtBQIOYEqEFUCABEbYFKoiMANApnC4qCwFbEbqSNhAu4Q5EouWPRRMLILBOF0QE1gkSVBqloP1AmAtETyaCCIClgZwCioa6rKxySEAsgAkUJwIGwgKTCjqIQ61MBMwwQAAhNlApLIZMTVAKIBIUBjmALDCgASaAm8MSZmGZaCgR2dJVXusUCQASAAJCgkQYSIABIOBQ0cawQAEAADSkCAAAEFRSBBJAJWbpAzRVlRxECRQEKMAQBAiASeOKBjttrLSEEk2whUoAhIIA+JCAwQYoB4EMuTNMgQgbiIRdUhAIAsK4mGlSIjQwJkVhAIEZATBbEppYfAmgQFKClBhtCOOgoo0NBYCCgAIkoJWAU7FIk6IE4EBAEgirAeHBCSHKhAAGYAACEggUMEgEAggkLMhYAWAAALIxgkVIEE4wgYgkhIJMAKAJgACgIHwQElJEMUQAFzAAgwAI0IEAwh7KNiDAAGAgAARYEScAgACxAhKECBCAItUhIjKcQE4OKNgIgAwWCAJYkQgwAORJkAZAAQARA8AwkQiJEggBAHCYAUSxxAxB5DAAAwEGgFgCBpEFKAFwaCeKphApUASBACBAgABJREIBSOBARIFLkWABCAwYgABQRKqGABABRMKDAABTSRUwECIAR4zQRBCTSAJGZUAFAcQQhYYCBiAQIAMRgQUkAgFUkFFjIDAjiKC0DCEgsEqmlCADXQAKRoQUAAoGA==
imphash -
authentihash -
File type MS-DOS executable, MZ for MS-DOS
MIME type application/x-dosexec
First seen 2016-06-27 09:18:35
Size 185776
Known names a5ac6e69ce2e16841e8ca044fbf7ca5a
TrID - File Identifier
Percentage Type
100.0% (.EXE) DOS Executable Generic

Auxiliary files

Behavioural packer analysis report

Packer analysis
Complexity type Type IV
Granularity Not applicable
Execution time 302s
Number of processes 1
Number of layers 3
Number of regions 22
Number of upward transitions 462116
Number of downward transitions 462114
Number of multiframe layers 2
Number of processes with interprocess communication 0
Number of regions that call special APIs 7
Last executed region
Process 0
Layer number 2
Region number 3
Address 0x40d73e
Size 7478
Memory type Module
Number of API functions called 7709
Number of different APIs called 268
Calls APIs of GetVersion* family? No
Calls APIs of GetCommandLine* family? No
Calls APIs of GetModuleHandle* family? Yes
Modified by external process? No
Writes an executed region? Yes
Potential regions with original code
Process Layer number Region number Address Size Memory type Number of API functions called Different APIs called Calls APIs of GetVersion* family? Calls APIs of GetCommandLine* family? Calls APIs of GetModuleHandle* family? Modified by external process? Writes an executed region?
0 2 18 0x46b000 1318 Module 363 50 No No No No No
Remote memory writes
Type Source address Dest. address Source process Dest. process Size
Memory unmap|deallocate - 0xfd0000 0 0 4096
Memory unmap|deallocate - 0xfe0000 0 0 4096
Memory unmap|deallocate - 0x1070000 0 0 4096
Memory unmap|deallocate - 0x1080000 0 0 4096
Loaded modules
By PID Start address Size Name
724 0x400000 671744 a5ac6e69ce2e16841e8ca044fbf7ca5a
724 0x77da0000 704512 advapi32.dll
724 0x58c30000 630784 comctl32.dll
724 0x76360000 303104 comdlg32.dll
724 0x77ef0000 299008 gdi32.dll
724 0x7c800000 1060864 kernel32.dll
724 0x746b0000 311296 msctf.dll
724 0x77be0000 360448 msvcrt.dll
724 0x7c910000 741376 ntdll.dll
724 0x774b0000 1298432 ole32.dll
724 0x770f0000 569344 oleaut32.dll
724 0x7e1e0000 139264 oledlg.dll
724 0x74dc0000 446464 riched20.dll
724 0x73260000 20480 riched32.dll
724 0x77e50000 598016 rpcrt4.dll
724 0x77fc0000 69632 secur32.dll
724 0x7e6a0000 8523776 shell32.dll
724 0x77f40000 483328 shlwapi.dll
724 0x7e390000 593920 user32.dll
724 0x5b150000 229376 uxtheme.dll
724 0x76b00000 188416 winmm.dll
724 0x72f80000 155648 winspool.drv

Layers and regions

Summary
Layer Size Number of regions Number of frames Lowest address Highest address
0 609 KB 2 0 0x401018 0x49b220
1 143 KB 1 1 0x49b3a9 0x49b3a9
2 94340 KB 19 19 0x402516 0x46b000
API calls
Layer Number of API calls
  0 0
  Region number Address space Number of API calls
  0 0x401018-0x4010f0 0
DLL Function/s
  We couldn't retrieve the functions. -
  1 0x49b220-0x49b3a9 0
DLL Function/s
  We couldn't retrieve the functions. -
1 21224
  Region number Address space Number of API calls
0 0x49b3a9-0x49b438 21224
DLL Function/s
KERNEL32.DLL
  1. ActivateActCtx
  2. CloseHandle
  3. CompareStringW
  4. CreateActCtxW
  5. CreateEventW
  6. CreateFileMappingW
  7. CreateFileW
  8. CreateSemaphoreA
  9. CreateSemaphoreW
  10. DeactivateActCtx
  11. DeviceIoControl
  12. DisableThreadLibraryCalls
  13. FindResourceExW
  14. FreeEnvironmentStringsW
  15. GetACP
  16. GetCommandLineA
  17. GetCommandLineW
  18. GetCPInfo
  19. GetCurrentDirectoryW
  20. GetCurrentProcess
  21. GetCurrentProcessId
  22. GetCurrentThreadId
  23. GetEnvironmentStringsW
  24. GetEnvironmentVariableA
  25. GetFileType
  26. GetModuleFileNameA
  27. GetModuleFileNameW
  28. GetModuleHandleA
  29. GetModuleHandleW
  30. GetProcAddress
  31. GetProcessHeap
  32. GetProcessVersion
  33. GetStartupInfoA
  34. GetStdHandle
  35. GetStringTypeW
  36. GetSystemDirectoryA
  37. GetSystemDirectoryW
  38. GetSystemInfo
  39. GetSystemTimeAsFileTime
  40. GetSystemWindowsDirectoryW
  41. GetThreadLocale
  42. GetTickCount
  43. GetUserDefaultUILanguage
  44. GetVersion
  45. GetVersionExA
  46. GetVersionExW
  47. GlobalAddAtomW
  48. HeapCreate
  49. InitializeCriticalSection
  50. InitializeCriticalSectionAndSpinCount
  51. InterlockedCompareExchange
  52. InterlockedDecrement
  53. InterlockedIncrement
  54. IsBadWritePtr
  55. IsDBCSLeadByte
  56. IsProcessorFeaturePresent
  57. LCMapStringW
  58. LoadLibraryA
  59. LoadLibraryExA
  60. LoadLibraryExW
  61. LoadLibraryW
  62. LoadResource
  63. LocalAlloc
  64. LocalFree
  65. lstrcmpiW
  66. lstrcpynW
  67. lstrcpyW
  68. lstrlenW
  69. MapViewOfFileEx
  70. MultiByteToWideChar
  71. OpenEventA
  72. OpenEventW
  73. ProcessIdToSessionId
  74. RegisterWaitForInputIdle
  75. SearchPathW
  76. SetHandleCount
  77. SetUnhandledExceptionFilter
  78. TlsAlloc
  79. TlsGetValue
  80. TlsSetValue
  81. UnmapViewOfFile
  82. VerifyConsoleIoHandle
  83. VirtualQuery
  84. VirtualQueryEx
  85. WideCharToMultiByte
ADVAPI32.dll
  1. AddAccessAllowedAce
  2. AllocateAndInitializeSid
  3. CheckTokenMembership
  4. CreateWellKnownSid
  5. FreeSid
  6. GetLengthSid
  7. GetSidLengthRequired
  8. InitializeAcl
  9. InitializeSecurityDescriptor
  10. MD4Final
  11. MD4Init
  12. MD4Update
  13. OpenProcessToken
  14. RegCloseKey
  15. RegEnumValueW
  16. RegNotifyChangeKeyValue
  17. RegOpenCurrentUser
  18. RegOpenKeyExA
  19. RegOpenKeyExW
  20. RegOpenKeyW
  21. RegQueryValueExA
  22. RegQueryValueExW
  23. SetSecurityDescriptorDacl
  24. SystemFunction036
ntdll.dll
  1. _aulldvrm
  2. _snwprintf
  3. _stricmp
  4. _strnicmp
  5. _wcsicmp
  6. bsearch
  7. CsrAllocateCaptureBuffer
  8. CsrAllocateMessagePointer
  9. CsrCaptureMessageMultiUnicodeStringsInPlace
  10. CsrCaptureMessageString
  11. CsrClientCallServer
  12. CsrClientConnectToServer
  13. CsrFreeCaptureBuffer
  14. DbgPrintEx
  15. KiFastSystemCall
  16. KiFastSystemCallRet
  17. KiUserCallbackDispatcher
  18. LdrAccessOutOfProcessResource
  19. LdrAccessResource
  20. LdrAlternateResourcesEnabled
  21. LdrCreateOutOfProcessImage
  22. LdrDestroyOutOfProcessImage
  23. LdrDisableThreadCalloutsForDll
  24. LdrEnumerateLoadedModules
  25. LdrFindCreateProcessManifest
  26. LdrFindResource_U
  27. LdrFindResourceDirectory_U
  28. LdrGetDllHandle
  29. LdrGetDllHandleEx
  30. LdrGetProcedureAddress
  31. LdrLoadAlternateResourceModule
  32. LdrLoadDll
  33. LdrLockLoaderLock
  34. LdrQueryImageFileExecutionOptions
  35. LdrUnlockLoaderLock
  36. memmove
  37. RtlAcquirePebLock
  38. RtlAcquireResourceExclusive
  39. RtlActivateActivationContext
  40. RtlActivateActivationContextEx
  41. RtlActivateActivationContextUnsafeFast
  42. RtlAddAccessAllowedAce
  43. RtlAddRefActivationContext
  44. RtlAddressInSectionTable
  45. RtlAllocateAndInitializeSid
  46. RtlAllocateHeap
  47. RtlAnsiCharToUnicodeChar
  48. RtlAnsiStringToUnicodeString
  49. RtlAppendUnicodeStringToString
  50. RtlAppendUnicodeToString
  51. RtlCompareUnicodeString
  52. RtlConvertSidToUnicodeString
  53. RtlCopySid
  54. RtlCopyUnicodeString
  55. RtlCreateAcl
  56. RtlCreateActivationContext
  57. RtlCreateHeap
  58. RtlCreateSecurityDescriptor
  59. RtlCreateUnicodeStringFromAsciiz
  60. RtlDeactivateActivationContext
  61. RtlDeactivateActivationContextUnsafeFast
  62. RtlDecodePointer
  63. RtlDetermineDosPathNameType_U
  64. RtlDoesFileExists_U
  65. RtlDosApplyFileIsolationRedirection_Ustr
  66. RtlDosPathNameToNtPathName_U
  67. RtlDosSearchPath_U
  68. RtlDosSearchPath_Ustr
  69. RtlEncodePointer
  70. RtlEnterCriticalSection
  71. RtlEqualSid
  72. RtlEqualUnicodeString
  73. RtlExpandEnvironmentStrings_U
  74. RtlFindActivationContextSectionString
  75. RtlFindCharInUnicodeString
  76. RtlFindClearBits
  77. RtlFindClearBitsAndSet
  78. RtlFirstFreeAce
  79. RtlFormatCurrentUserKeyPath
  80. RtlFreeHeap
  81. RtlFreeSid
  82. RtlFreeUnicodeString
  83. RtlGetActiveActivationContext
  84. RtlGetCurrentDirectory_U
  85. RtlGetFullPathName_U
  86. RtlGetLastWin32Error
  87. RtlGetLengthWithoutLastFullDosOrNtPathElement
  88. RtlGetNtGlobalFlags
  89. RtlGetNtProductType
  90. RtlGetNtVersionNumbers
  91. RtlGetVersion
  92. RtlHashUnicodeString
  93. RtlImageDirectoryEntryToData
  94. RtlImageNtHeader
  95. RtlImageRvaToSection
  96. RtlInitAnsiString
  97. RtlInitializeCriticalSection
  98. RtlInitializeCriticalSectionAndSpinCount
  99. RtlInitializeGenericTable
  100. RtlInitializeHandleTable
  101. RtlInitializeResource
  102. RtlInitializeSid
  103. RtlInitString
  104. RtlInitUnicodeString
  105. RtlInitUnicodeStringEx
  106. RtlIsDosDeviceName_U
  107. RtlLeaveCriticalSection
  108. RtlLengthRequiredSid
  109. RtlLengthSid
  110. RtlLogStackBackTrace
  111. RtlMultiAppendUnicodeStringBuffer
  112. RtlMultiByteToUnicodeN
  113. RtlNtStatusToDosError
  114. RtlNtStatusToDosErrorNoTeb
  115. RtlOpenCurrentUser
  116. RtlpApplyLengthFunction
  117. RtlPrefixUnicodeString
  118. RtlQueryEnvironmentVariable_U
  119. RtlReAllocateHeap
  120. RtlReleaseActivationContext
  121. RtlReleasePebLock
  122. RtlReleaseResource
  123. RtlSetBits
  124. RtlSetDaclSecurityDescriptor
  125. RtlSetGroupSecurityDescriptor
  126. RtlSetLastWin32Error
  127. RtlSetOwnerSecurityDescriptor
  128. RtlSizeHeap
  129. RtlSubAuthoritySid
  130. RtlUnicodeStringToAnsiString
  131. RtlUnicodeToMultiByteN
  132. RtlUnicodeToMultiByteSize
  133. RtlUpcaseUnicodeChar
  134. RtlValidAcl
  135. RtlValidateUnicodeString
  136. RtlValidSid
  137. strchr
  138. strncmp
  139. vDbgPrintExWithPrefix
  140. wcschr
  141. wcscpy
  142. wcslen
  143. wcsncat
  144. wcsncmp
  145. wcsncpy
  146. wcsrchr
  147. ZwAccessCheck
  148. ZwAddAtom
  149. ZwAllocateVirtualMemory
  150. ZwCallbackReturn
  151. ZwClose
  152. ZwCreateEvent
  153. ZwCreateFile
  154. ZwCreateSection
  155. ZwCreateSemaphore
  156. ZwDeviceIoControlFile
  157. ZwEnumerateValueKey
  158. ZwFlushInstructionCache
  159. ZwMapViewOfSection
  160. ZwNotifyChangeMultipleKeys
  161. ZwOpenDirectoryObject
  162. ZwOpenEvent
  163. ZwOpenFile
  164. ZwOpenKey
  165. ZwOpenProcess
  166. ZwOpenProcessToken
  167. ZwOpenProcessTokenEx
  168. ZwOpenSection
  169. ZwOpenThreadTokenEx
  170. ZwProtectVirtualMemory
  171. ZwQueryAttributesFile
  172. ZwQueryDebugFilterState
  173. ZwQueryDefaultLocale
  174. ZwQueryDefaultUILanguage
  175. ZwQueryInformationFile
  176. ZwQueryInformationProcess
  177. ZwQueryInformationToken
  178. ZwQueryInstallUILanguage
  179. ZwQueryKey
  180. ZwQuerySection
  181. ZwQuerySystemInformation
  182. ZwQueryTimerResolution
  183. ZwQueryValueKey
  184. ZwQueryVirtualMemory
  185. ZwRequestWaitReplyPort
  186. ZwSetInformationObject
  187. ZwUnmapViewOfSection
USER32.DLL
  1. ClientThreadSetup
  2. GetAppCompatFlags2
  3. GetDC
  4. GetSysColor
  5. GetSysColorBrush
  6. GetSystemMetrics
  7. LoadBitmapW
  8. LoadCursorW
  9. RegisterClassExW
  10. RegisterClassW
  11. RegisterWindowMessageA
  12. RegisterWindowMessageW
  13. ReleaseDC
  14. SystemParametersInfoW
  15. UserClientDllInitialize
  16. wsprintfA
  17. wvsprintfA
2 19374
  Region number Address space Number of API calls
  0 0x402516-0x4029af 0
DLL Function/s
  We couldn't retrieve the functions. -
1 0x40575c-0x4089e8 150
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. LdrAccessResource
  4. LdrAlternateResourcesEnabled
  5. LdrFindResource_U
  6. LdrLoadAlternateResourceModule
  7. LdrLockLoaderLock
  8. LdrUnlockLoaderLock
  9. memmove
  10. RtlAllocateHeap
  11. RtlEnterCriticalSection
  12. RtlFreeHeap
  13. RtlGetNtGlobalFlags
  14. RtlImageDirectoryEntryToData
  15. RtlImageNtHeader
  16. RtlInitUnicodeString
  17. RtlLeaveCriticalSection
  18. ZwQueryDefaultLocale
KERNEL32.DLL
  1. FindResourceExW
  2. GetModuleFileNameW
  3. GetModuleHandleA
  4. LoadResource
USER32.DLL
  1. GetDC
  2. LoadCursorA
  3. LoadCursorW
  4. LoadIconA
  5. LoadIconW
  6. LookupIconIdFromDirectoryEx
  7. ReleaseDC
  2 0x40af48-0x40b1e6 0
DLL Function/s
  We couldn't retrieve the functions. -
3 0x40d73e-0x40f474 7709
DLL Function/s
KERNEL32.DLL
  1. CloseHandle
  2. CompareStringA
  3. CompareStringW
  4. CreateFileMappingA
  5. CreateFileMappingW
  6. CreateMutexA
  7. CreateMutexW
  8. FindResourceA
  9. FindResourceExW
  10. FlushViewOfFile
  11. GetCurrentThreadId
  12. GetLocaleInfoW
  13. GetModuleFileNameW
  14. GetModuleHandleA
  15. GetModuleHandleW
  16. GetProcAddress
  17. GetStringTypeW
  18. GetSystemDefaultUILanguage
  19. GetSystemDirectoryA
  20. GetThreadLocale
  21. GetTickCount
  22. GetUserDefaultLCID
  23. GetUserDefaultUILanguage
  24. InterlockedCompareExchange
  25. InterlockedDecrement
  26. InterlockedExchange
  27. InterlockedIncrement
  28. IsBadReadPtr
  29. IsBadStringPtrW
  30. IsBadWritePtr
  31. LoadResource
  32. LocalAlloc
  33. LocalFree
  34. LocalReAlloc
  35. lstrcmpA
  36. lstrcmpiW
  37. lstrcpynA
  38. lstrlenA
  39. lstrlenW
  40. MapViewOfFile
  41. MapViewOfFileEx
  42. MulDiv
  43. OpenEventA
  44. OpenEventW
  45. OpenFileMappingA
  46. OpenFileMappingW
  47. ReleaseMutex
  48. SetEvent
  49. SetHandleCount
  50. TlsGetValue
  51. UnmapViewOfFile
  52. WaitForSingleObject
  53. WaitForSingleObjectEx
  54. WideCharToMultiByte
ADVAPI32.dll
  1. AllocateAndInitializeSid
  2. CheckTokenMembership
  3. DuplicateToken
  4. DuplicateTokenEx
  5. FreeSid
  6. RegCloseKey
  7. RegOpenKeyExA
  8. RegQueryValueExA
ntdll.dll
  1. bsearch
  2. CsrClientCallServer
  3. KiFastSystemCall
  4. KiFastSystemCallRet
  5. KiUserCallbackDispatcher
  6. LdrAccessResource
  7. LdrAlternateResourcesEnabled
  8. LdrFindResource_U
  9. LdrGetDllHandle
  10. LdrGetDllHandleEx
  11. LdrGetProcedureAddress
  12. LdrLoadAlternateResourceModule
  13. LdrLockLoaderLock
  14. LdrUnlockLoaderLock
  15. memmove
  16. RtlAcquirePebLock
  17. RtlActivateActivationContextUnsafeFast
  18. RtlAddAccessAllowedAce
  19. RtlAddRefActivationContext
  20. RtlAllocateAndInitializeSid
  21. RtlAllocateHeap
  22. RtlAnsiStringToUnicodeString
  23. RtlCopySid
  24. RtlCreateAcl
  25. RtlCreateSecurityDescriptor
  26. RtlCreateUnicodeStringFromAsciiz
  27. RtlDeactivateActivationContextUnsafeFast
  28. RtlDetermineDosPathNameType_U
  29. RtlDllShutdownInProgress
  30. RtlDosApplyFileIsolationRedirection_Ustr
  31. RtlDosSearchPath_U
  32. RtlEnterCriticalSection
  33. RtlEqualUnicodeString
  34. RtlFindActivationContextSectionString
  35. RtlFindCharInUnicodeString
  36. RtlFirstFreeAce
  37. RtlFreeHeap
  38. RtlFreeSid
  39. RtlFreeUnicodeString
  40. RtlGetFullPathName_U
  41. RtlGetNtGlobalFlags
  42. RtlHashUnicodeString
  43. RtlImageDirectoryEntryToData
  44. RtlImageNtHeader
  45. RtlInitAnsiString
  46. RtlInitializeCriticalSection
  47. RtlInitializeCriticalSectionAndSpinCount
  48. RtlInitString
  49. RtlInitUnicodeString
  50. RtlInitUnicodeStringEx
  51. RtlLeaveCriticalSection
  52. RtlLengthSid
  53. RtlLockHeap
  54. RtlLogStackBackTrace
  55. RtlMultiByteToUnicodeN
  56. RtlNtStatusToDosError
  57. RtlNtStatusToDosErrorNoTeb
  58. RtlQueryEnvironmentVariable_U
  59. RtlQueryInformationActivationContext
  60. RtlQueryInformationActiveActivationContext
  61. RtlReAllocateHeap
  62. RtlReleasePebLock
  63. RtlSetDaclSecurityDescriptor
  64. RtlSetGroupSecurityDescriptor
  65. RtlSetLastWin32Error
  66. RtlSetOwnerSecurityDescriptor
  67. RtlUnicodeStringToAnsiString
  68. RtlUnicodeToMultiByteN
  69. RtlUnicodeToMultiByteSize
  70. RtlUnlockHeap
  71. RtlUpcaseUnicodeChar
  72. RtlValidAcl
  73. RtlValidateUnicodeString
  74. RtlValidSid
  75. wcschr
  76. wcslen
  77. wcsncmp
  78. wcsncpy
  79. wcsrchr
  80. ZwAccessCheck
  81. ZwAllocateVirtualMemory
  82. ZwClose
  83. ZwCreateMutant
  84. ZwCreateSection
  85. ZwDuplicateToken
  86. ZwFlushVirtualMemory
  87. ZwMapViewOfSection
  88. ZwOpenEvent
  89. ZwOpenKey
  90. ZwOpenProcessToken
  91. ZwOpenSection
  92. ZwOpenThreadToken
  93. ZwQueryAttributesFile
  94. ZwQueryDefaultLocale
  95. ZwQueryDefaultUILanguage
  96. ZwQueryInstallUILanguage
  97. ZwQueryValueKey
  98. ZwReleaseMutant
  99. ZwRequestWaitReplyPort
  100. ZwSetEvent
  101. ZwUnmapViewOfSection
  102. ZwWaitForSingleObject
USER32.DLL
  1. BeginPaint
  2. CalcMenuBar
  3. CallMsgFilterW
  4. CallNextHookEx
  5. CharNextW
  6. CopyIcon
  7. CreateIconIndirect
  8. CreateWindowExA
  9. DefDlgProcW
  10. DefWindowProcA
  11. DefWindowProcW
  12. DestroyIcon
  13. DispatchMessageW
  14. DrawEdge
  15. DrawFocusRect
  16. DrawFrame
  17. DrawIconEx
  18. DrawStateW
  19. DrawTextA
  20. DrawTextExA
  21. DrawTextExW
  22. EndPaint
  23. EnumChildWindows
  24. FillRect
  25. FindWindowA
  26. GetActiveWindow
  27. GetAncestor
  28. GetAppCompatFlags2
  29. GetCapture
  30. GetClassLongA
  31. GetClassLongW
  32. GetClassNameA
  33. GetClassNameW
  34. GetCursorFrameInfo
  35. GetDC
  36. GetDCEx
  37. GetDesktopWindow
  38. GetDlgItem
  39. GetFocus
  40. GetForegroundWindow
  41. GetIconInfo
  42. GetKeyboardLayout
  43. GetKeyboardLayoutList
  44. GetParent
  45. GetPropW
  46. GetSysColor
  47. GetSystemMetrics
  48. GetThreadDesktop
  49. GetTitleBarInfo
  50. GetUserObjectInformationW
  51. GetWindow
  52. GetWindowDC
  53. GetWindowInfo
  54. GetWindowLongW
  55. GetWindowRect
  56. GetWindowRgnBox
  57. GetWindowThreadProcessId
  58. InflateRect
  59. InternalGetWindowText
  60. IsDialogMessageW
  61. IsIconic
  62. IsRectEmpty
  63. IsServerSideWindow
  64. IsWindow
  65. IsWindowInDestroy
  66. IsWindowVisible
  67. IsZoomed
  68. LoadCursorW
  69. LoadIconW
  70. LoadImageA
  71. LoadImageW
  72. LookupIconIdFromDirectoryEx
  73. MapWindowPoints
  74. MBToWCSEx
  75. MessageBoxA
  76. MessageBoxExA
  77. MessageBoxTimeoutA
  78. MessageBoxTimeoutW
  79. NotifyWinEvent
  80. OffsetRect
  81. PeekMessageW
  82. PostThreadMessageA
  83. PtInRect
  84. ReleaseDC
  85. RemovePropW
  86. SendMessageTimeoutW
  87. SendMessageW
  88. SetCursor
  89. SetFocus
  90. SetPropW
  91. SetRect
  92. SetRectEmpty
  93. SetWindowLongW
  94. SetWindowPos
  95. SetWindowRgn
  96. ShowWindow
  97. SoftModalMessageBox
  98. SystemParametersInfoA
  99. TranslateMessage
  100. TranslateMessageEx
  101. UpdateWindow
  102. UserLpkPSMTextOut
  103. WaitMessage
  104. WCSToMBEx
4 0x410bf1-0x411e3f 1
DLL Function/s
KERNEL32.DLL
  1. lstrcpynA
5 0x41bb18-0x41d016 4287
DLL Function/s
KERNEL32.DLL
  1. CloseHandle
  2. CompareStringA
  3. CompareStringW
  4. CreateFileMappingA
  5. CreateFileMappingW
  6. CreateMutexA
  7. CreateMutexW
  8. DeviceIoControl
  9. DisableThreadLibraryCalls
  10. FindResourceA
  11. GetACP
  12. GetCurrentProcess
  13. GetCurrentProcessId
  14. GetCurrentThreadId
  15. GetFullPathNameA
  16. GetLocaleInfoA
  17. GetLocaleInfoW
  18. GetModuleFileNameA
  19. GetModuleFileNameW
  20. GetModuleHandleA
  21. GetModuleHandleExW
  22. GetModuleHandleW
  23. GetProcAddress
  24. GetSystemDefaultLCID
  25. GetSystemDirectoryA
  26. GetSystemTimeAsFileTime
  27. GetSystemWindowsDirectoryW
  28. GetThreadLocale
  29. GetTickCount
  30. GetUserDefaultUILanguage
  31. GetVersionExA
  32. GetVersionExW
  33. GlobalAddAtomW
  34. InitializeCriticalSection
  35. InitializeCriticalSectionAndSpinCount
  36. InterlockedCompareExchange
  37. InterlockedDecrement
  38. InterlockedIncrement
  39. IsValidCodePage
  40. LoadLibraryA
  41. LoadLibraryExA
  42. LoadLibraryExW
  43. LoadResource
  44. LocalAlloc
  45. LocalFree
  46. lstrcatW
  47. lstrcmpA
  48. lstrcmpiW
  49. lstrcpynA
  50. lstrlenA
  51. MapViewOfFile
  52. MapViewOfFileEx
  53. OpenFileMappingA
  54. OpenFileMappingW
  55. QueryPerformanceCounter
  56. ReleaseMutex
  57. SetHandleCount
  58. SizeofResource
  59. TlsAlloc
  60. TlsGetValue
  61. TlsSetValue
  62. WaitForSingleObject
  63. WaitForSingleObjectEx
  64. WideCharToMultiByte
ADVAPI32.dll
  1. ConvertSidToStringSidA
  2. ConvertSidToStringSidW
  3. GetTokenInformation
  4. MD4Final
  5. MD4Init
  6. MD4Update
  7. OpenProcessToken
  8. RegCloseKey
  9. RegOpenKeyExA
  10. RegQueryValueExA
  11. SystemFunction036
ntdll.dll
  1. _stricmp
  2. _strnicmp
  3. bsearch
  4. CsrClientCallServer
  5. KiFastSystemCall
  6. KiFastSystemCallRet
  7. KiUserCallbackDispatcher
  8. LdrAccessResource
  9. LdrAlternateResourcesEnabled
  10. LdrDisableThreadCalloutsForDll
  11. LdrFindResource_U
  12. LdrFindResourceDirectory_U
  13. LdrGetDllHandle
  14. LdrGetDllHandleEx
  15. LdrGetProcedureAddress
  16. LdrLoadAlternateResourceModule
  17. LdrLoadDll
  18. LdrLockLoaderLock
  19. LdrQueryImageFileExecutionOptions
  20. LdrUnlockLoaderLock
  21. memmove
  22. RtlAcquirePebLock
  23. RtlActivateActivationContextUnsafeFast
  24. RtlAddRefActivationContext
  25. RtlAllocateHeap
  26. RtlAnsiStringToUnicodeString
  27. RtlAppendUnicodeStringToString
  28. RtlAppendUnicodeToString
  29. RtlConvertSidToUnicodeString
  30. RtlCopyUnicodeString
  31. RtlCreateUnicodeString
  32. RtlCreateUnicodeStringFromAsciiz
  33. RtlDeactivateActivationContextUnsafeFast
  34. RtlDetermineDosPathNameType_U
  35. RtlDosApplyFileIsolationRedirection_Ustr
  36. RtlDosPathNameToNtPathName_U
  37. RtlDosSearchPath_U
  38. RtlEnterCriticalSection
  39. RtlEqualUnicodeString
  40. RtlFindActivationContextSectionString
  41. RtlFindCharInUnicodeString
  42. RtlFindClearBits
  43. RtlFindClearBitsAndSet
  44. RtlFormatCurrentUserKeyPath
  45. RtlFreeHeap
  46. RtlFreeUnicodeString
  47. RtlGetActiveActivationContext
  48. RtlGetFullPathName_U
  49. RtlGetLastWin32Error
  50. RtlGetNtGlobalFlags
  51. RtlGetNtProductType
  52. RtlGetVersion
  53. RtlHashUnicodeString
  54. RtlImageDirectoryEntryToData
  55. RtlImageNtHeader
  56. RtlInitAnsiString
  57. RtlInitializeCriticalSection
  58. RtlInitializeCriticalSectionAndSpinCount
  59. RtlInitString
  60. RtlInitUnicodeString
  61. RtlInitUnicodeStringEx
  62. RtlLeaveCriticalSection
  63. RtlLogStackBackTrace
  64. RtlMultiAppendUnicodeStringBuffer
  65. RtlMultiByteToUnicodeN
  66. RtlNtStatusToDosError
  67. RtlNtStatusToDosErrorNoTeb
  68. RtlOpenCurrentUser
  69. RtlpEnsureBufferSize
  70. RtlQueryEnvironmentVariable_U
  71. RtlQueryInformationActivationContext
  72. RtlQueryInformationActiveActivationContext
  73. RtlReleasePebLock
  74. RtlSetBits
  75. RtlSetLastWin32Error
  76. RtlTryEnterCriticalSection
  77. RtlUnicodeStringToAnsiString
  78. RtlUnicodeToMultiByteN
  79. RtlUnicodeToMultiByteSize
  80. RtlUpcaseUnicodeChar
  81. RtlValidateUnicodeString
  82. RtlValidSid
  83. strchr
  84. strncmp
  85. wcscat
  86. wcschr
  87. wcscpy
  88. wcslen
  89. wcsncmp
  90. wcsncpy
  91. wcsrchr
  92. ZwAddAtom
  93. ZwAllocateVirtualMemory
  94. ZwClose
  95. ZwCreateMutant
  96. ZwCreateSection
  97. ZwDeviceIoControlFile
  98. ZwFlushInstructionCache
  99. ZwMapViewOfSection
  100. ZwOpenFile
  101. ZwOpenKey
  102. ZwOpenProcessToken
  103. ZwOpenProcessTokenEx
  104. ZwOpenSection
  105. ZwOpenThreadTokenEx
  106. ZwProtectVirtualMemory
  107. ZwQueryAttributesFile
  108. ZwQueryDefaultLocale
  109. ZwQueryDefaultUILanguage
  110. ZwQueryInformationProcess
  111. ZwQueryInformationToken
  112. ZwQueryPerformanceCounter
  113. ZwQuerySection
  114. ZwQuerySystemInformation
  115. ZwQueryValueKey
  116. ZwReleaseMutant
  117. ZwRequestWaitReplyPort
  118. ZwSetInformationObject
  119. ZwUnmapViewOfSection
  120. ZwWaitForSingleObject
USER32.DLL
  1. CallNextHookEx
  2. CreateWindowExW
  3. DefWindowProcW
  4. GetClassLongW
  5. GetKeyboardLayout
  6. GetPropW
  7. GetSystemMetrics
  8. GetThreadDesktop
  9. GetUserObjectInformationA
  10. GetUserObjectInformationW
  11. GetWindowLongW
  12. GetWindowThreadProcessId
  13. IsWindow
  14. LoadCursorA
  15. LoadCursorW
  16. RegisterClassA
  17. RegisterClassExA
  18. RegisterClassW
  19. RegisterWindowMessageA
  20. RegisterWindowMessageW
  21. SetPropW
  22. SetWindowsHookExA
  23. WCSToMBEx
6 0x4223a0-0x42541c 83
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. memmove
  4. RtlAllocateHeap
  5. RtlEnterCriticalSection
  6. RtlExtendedMagicDivide
  7. RtlFreeHeap
  8. RtlGetNtGlobalFlags
  9. RtlLeaveCriticalSection
  10. RtlTimeToTimeFields
  11. ZwAllocateVirtualMemory
  12. ZwQuerySystemInformation
KERNEL32.DLL
  1. GetLocalTime
  2. GetSystemTime
  3. GetTimeZoneInformation
7 0x426ff0-0x42a2ea 456
DLL Function/s
ntdll.dll
  1. bsearch
  2. KiFastSystemCall
  3. KiFastSystemCallRet
  4. LdrGetDllHandle
  5. LdrGetDllHandleEx
  6. LdrGetProcedureAddress
  7. LdrLockLoaderLock
  8. LdrUnlockLoaderLock
  9. memmove
  10. RtlAcquirePebLock
  11. RtlAllocateHeap
  12. RtlAnsiStringToUnicodeString
  13. RtlCreateHeap
  14. RtlDosApplyFileIsolationRedirection_Ustr
  15. RtlEnterCriticalSection
  16. RtlEqualUnicodeString
  17. RtlFindActivationContextSectionString
  18. RtlFindCharInUnicodeString
  19. RtlFindClearBits
  20. RtlFindClearBitsAndSet
  21. RtlFreeUnicodeString
  22. RtlGetLastWin32Error
  23. RtlGetNtGlobalFlags
  24. RtlHashUnicodeString
  25. RtlImageDirectoryEntryToData
  26. RtlInitAnsiString
  27. RtlInitializeCriticalSection
  28. RtlInitializeCriticalSectionAndSpinCount
  29. RtlInitString
  30. RtlInitUnicodeString
  31. RtlLeaveCriticalSection
  32. RtlLogStackBackTrace
  33. RtlMultiAppendUnicodeStringBuffer
  34. RtlMultiByteToUnicodeN
  35. RtlNtStatusToDosError
  36. RtlNtStatusToDosErrorNoTeb
  37. RtlReleasePebLock
  38. RtlSetBits
  39. RtlSetLastWin32Error
  40. RtlUpcaseUnicodeChar
  41. RtlValidateUnicodeString
  42. ZwAllocateVirtualMemory
  43. ZwQuerySystemInformation
KERNEL32.DLL
  1. GetACP
  2. GetCommandLineA
  3. GetCPInfo
  4. GetCurrentThreadId
  5. GetFileType
  6. GetModuleHandleA
  7. GetModuleHandleW
  8. GetProcAddress
  9. GetStartupInfoA
  10. GetStdHandle
  11. GetVersion
  12. HeapCreate
  13. InitializeCriticalSection
  14. IsProcessorFeaturePresent
  15. SetHandleCount
  16. TlsAlloc
  17. TlsGetValue
  18. TlsSetValue
  19. VerifyConsoleIoHandle
  20. VirtualAlloc
  21. VirtualAllocEx
  8 0x42bd20-0x42bd39 0
DLL Function/s
  We couldn't retrieve the functions. -
9 0x42dbf0-0x42de3b 6
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. memmove
  4. ZwQuerySystemInformation
KERNEL32.DLL
  1. GetTimeZoneInformation
10 0x4302e0-0x431611 52
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. LdrLockLoaderLock
  4. LdrUnlockLoaderLock
  5. memmove
  6. RtlAllocateHeap
  7. RtlDecodePointer
  8. RtlEncodePointer
  9. RtlEnterCriticalSection
  10. RtlFreeHeap
  11. RtlFreeUnicodeString
  12. RtlGetNtGlobalFlags
  13. RtlLeaveCriticalSection
  14. RtlUnicodeStringToAnsiString
  15. RtlUnicodeToMultiByteN
  16. ZwQueryInformationProcess
  17. ZwQueryVirtualMemory
KERNEL32.DLL
  1. FreeEnvironmentStringsW
  2. GetEnvironmentStringsW
  3. GetModuleFileNameA
  4. GetModuleFileNameW
  5. SetUnhandledExceptionFilter
  6. VirtualQuery
  7. VirtualQueryEx
  8. WideCharToMultiByte
11 0x4341d0-0x4344fc 4
DLL Function/s
KERNEL32.DLL
  1. InterlockedDecrement
  2. InterlockedIncrement
12 0x435590-0x438be6 174
DLL Function/s
ntdll.dll
  1. bsearch
  2. KiFastSystemCall
  3. KiFastSystemCallRet
  4. RtlAllocateHeap
  5. RtlEnterCriticalSection
  6. RtlFindActivationContextSectionString
  7. RtlFreeHeap
  8. RtlGetNtGlobalFlags
  9. RtlImageNtHeader
  10. RtlInitUnicodeString
  11. RtlLeaveCriticalSection
  12. RtlMultiByteToUnicodeN
  13. ZwClose
  14. ZwOpenProcessToken
  15. ZwQueryInformationToken
KERNEL32.DLL
  1. CompareStringA
  2. CompareStringW
  3. GetUserDefaultLCID
  4. lstrcatA
USER32.DLL
  1. GetClassInfoA
  2. RegisterClassA
  3. RegisterWindowMessageA
  4. wsprintfA
  5. wvsprintfA
13 0x43a66a-0x43c1f8 11
DLL Function/s
KERNEL32.DLL
  1. InterlockedDecrement
  2. InterlockedIncrement
  3. lstrlenA
14 0x43d880-0x43d91c 5770
DLL Function/s
KERNEL32.DLL
  1. FreeLibrary
  2. GetCurrentProcessId
  3. GetCurrentThreadId
  4. GetModuleFileNameW
  5. GetStringTypeW
  6. InitializeCriticalSectionAndSpinCount
  7. InterlockedDecrement
  8. InterlockedExchange
  9. InterlockedIncrement
  10. IsBadReadPtr
  11. IsBadStringPtrW
  12. IsBadWritePtr
  13. IsDebuggerPresent
  14. LoadLibraryExW
  15. LoadLibraryW
  16. lstrlenW
  17. MapViewOfFile
  18. MapViewOfFileEx
  19. MulDiv
  20. TlsAlloc
ADVAPI32.dll
  1. RegCloseKey
  2. RegOpenCurrentUser
  3. RegOpenKeyExW
  4. RegQueryValueExW
ntdll.dll
  1. _stricmp
  2. _strnicmp
  3. bsearch
  4. KiFastSystemCall
  5. KiFastSystemCallRet
  6. KiUserCallbackDispatcher
  7. LdrFindResourceDirectory_U
  8. LdrLoadDll
  9. LdrLockLoaderLock
  10. LdrQueryImageFileExecutionOptions
  11. LdrUnloadDll
  12. LdrUnlockLoaderLock
  13. memmove
  14. RtlAcquirePebLock
  15. RtlActivateActivationContextUnsafeFast
  16. RtlAllocateHeap
  17. RtlAnsiStringToUnicodeString
  18. RtlAppendUnicodeStringToString
  19. RtlAppendUnicodeToString
  20. RtlConvertSidToUnicodeString
  21. RtlCopyUnicodeString
  22. RtlDeactivateActivationContextUnsafeFast
  23. RtlDetermineDosPathNameType_U
  24. RtlDosApplyFileIsolationRedirection_Ustr
  25. RtlDosPathNameToNtPathName_U
  26. RtlDosSearchPath_U
  27. RtlEnterCriticalSection
  28. RtlEqualUnicodeString
  29. RtlFindActivationContextSectionString
  30. RtlFindCharInUnicodeString
  31. RtlFindClearBits
  32. RtlFindClearBitsAndSet
  33. RtlFormatCurrentUserKeyPath
  34. RtlFreeHeap
  35. RtlFreeUnicodeString
  36. RtlGetActiveActivationContext
  37. RtlGetFullPathName_U
  38. RtlGetNtGlobalFlags
  39. RtlHashUnicodeString
  40. RtlImageDirectoryEntryToData
  41. RtlImageNtHeader
  42. RtlInitAnsiString
  43. RtlInitializeCriticalSectionAndSpinCount
  44. RtlInitUnicodeString
  45. RtlInitUnicodeStringEx
  46. RtlLeaveCriticalSection
  47. RtlLogStackBackTrace
  48. RtlMultiByteToUnicodeN
  49. RtlNtStatusToDosError
  50. RtlNtStatusToDosErrorNoTeb
  51. RtlOpenCurrentUser
  52. RtlQueryEnvironmentVariable_U
  53. RtlReAllocateHeap
  54. RtlReleasePebLock
  55. RtlSetBits
  56. RtlSetLastWin32Error
  57. RtlUpcaseUnicodeChar
  58. RtlValidateUnicodeString
  59. RtlValidSid
  60. strchr
  61. strncmp
  62. wcschr
  63. wcscpy
  64. wcslen
  65. wcsncmp
  66. wcsrchr
  67. ZwAllocateVirtualMemory
  68. ZwClose
  69. ZwConnectPort
  70. ZwCreateSection
  71. ZwFlushInstructionCache
  72. ZwMapViewOfSection
  73. ZwOpenFile
  74. ZwOpenKey
  75. ZwOpenProcessTokenEx
  76. ZwOpenThreadTokenEx
  77. ZwProtectVirtualMemory
  78. ZwQueryAttributesFile
  79. ZwQueryInformationToken
  80. ZwQuerySection
  81. ZwQueryValueKey
  82. ZwRequestWaitReplyPort
  83. ZwUnmapViewOfSection
USER32.DLL
  1. CharNextW
  2. GetAppCompatFlags2
  3. GetDC
  4. GetGUIThreadInfo
  5. GetProcessWindowStation
  6. GetSysColor
  7. GetSysColorBrush
  8. GetSystemMetrics
  9. GetUserObjectInformationW
  10. GetWindowDC
  11. ReleaseDC
15 0x44141c-0x441665 7
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. RtlAllocateHeap
  4. RtlFreeHeap
  5. RtlGetNtGlobalFlags
  6. RtlMultiByteToUnicodeN
USER32.DLL
  1. RegisterWindowMessageA
16 0x442bc1-0x442c3e 3
DLL Function/s
KERNEL32.DLL
  1. GetVersion
17 0x444e59-0x4469f5 298
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. RtlAcquirePebLock
  4. RtlAllocateHandle
  5. RtlAllocateHeap
  6. RtlEnterCriticalSection
  7. RtlFindClearBits
  8. RtlFindClearBitsAndSet
  9. RtlFreeHeap
  10. RtlGetNtGlobalFlags
  11. RtlImageNtHeader
  12. RtlInitializeCriticalSection
  13. RtlInitializeCriticalSectionAndSpinCount
  14. RtlInitUnicodeString
  15. RtlIsValidHandle
  16. RtlLeaveCriticalSection
  17. RtlLockHeap
  18. RtlLogStackBackTrace
  19. RtlMultiByteToUnicodeN
  20. RtlReAllocateHeap
  21. RtlReleasePebLock
  22. RtlSetBits
  23. RtlSetUserValueHeap
  24. RtlUnlockHeap
  25. ZwAllocateVirtualMemory
  26. ZwQueryInformationProcess
  27. ZwSetInformationProcess
KERNEL32.DLL
  1. GetCPInfo
  2. GetCurrentThread
  3. GetCurrentThreadId
  4. GetOEMCP
  5. GetProcessVersion
  6. GetVersion
  7. GlobalAlloc
  8. GlobalLock
  9. InitializeCriticalSection
  10. InterlockedDecrement
  11. InterlockedIncrement
  12. LocalAlloc
  13. LocalReAlloc
  14. SetErrorMode
  15. TlsAlloc
  16. TlsGetValue
  17. TlsSetValue
USER32.DLL
  1. GetCursorPos
  2. GetSystemMetrics
  3. LoadCursorA
  4. LoadCursorW
  5. RegisterWindowMessageA
18 0x46b000-0x46b526 363
DLL Function/s
ntdll.dll
  1. _stricmp
  2. bsearch
  3. KiFastSystemCall
  4. KiFastSystemCallRet
  5. LdrLoadDll
  6. LdrLockLoaderLock
  7. LdrUnlockLoaderLock
  8. memmove
  9. RtlAcquirePebLock
  10. RtlActivateActivationContextUnsafeFast
  11. RtlAllocateHeap
  12. RtlAnsiStringToUnicodeString
  13. RtlDeactivateActivationContextUnsafeFast
  14. RtlDetermineDosPathNameType_U
  15. RtlDosApplyFileIsolationRedirection_Ustr
  16. RtlDosPathNameToNtPathName_U
  17. RtlEnterCriticalSection
  18. RtlEqualUnicodeString
  19. RtlFindActivationContextSectionString
  20. RtlFindCharInUnicodeString
  21. RtlFreeHeap
  22. RtlFreeUnicodeString
  23. RtlGetNtGlobalFlags
  24. RtlHashUnicodeString
  25. RtlImageDirectoryEntryToData
  26. RtlInitAnsiString
  27. RtlInitUnicodeString
  28. RtlInitUnicodeStringEx
  29. RtlIsDosDeviceName_U
  30. RtlLeaveCriticalSection
  31. RtlMultiAppendUnicodeStringBuffer
  32. RtlMultiByteToUnicodeN
  33. RtlNtStatusToDosError
  34. RtlNtStatusToDosErrorNoTeb
  35. RtlQueryEnvironmentVariable_U
  36. RtlReleasePebLock
  37. RtlUpcaseUnicodeChar
  38. RtlValidateUnicodeString
  39. wcschr
  40. wcslen
  41. wcsncmp
  42. wcsrchr
  43. ZwCreateFile
KERNEL32.DLL
  1. CreateFileA
  2. CreateFileW
  3. IsDebuggerPresent
  4. LoadLibraryA
  5. LoadLibraryExA
  6. LoadLibraryExW
USER32.DLL
  1. FindWindowA

Static PE information

General information
Overlay size No overlay
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-24 00:39:42
Entry point 0x401018

Imports

Exports

PE resources

Resource #1
Type Size Name
empty 184 RT_RCDATA
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
MD5 d41d8cd98f00b204e9800998ecf8427e
ssdeep 3::
sdhash Not applicable
Resource #2
Type Size Name
GLS_BINARY_LSB_FIRST 1128 RT_ICON
SHA256 a601f901dda1ec5422264b7c08fe8fd0f5654ba358802c2b1da331c8507ac77a
SHA1 dd1b3f4b879b07df52d94646ae5d11a3f6a5ad4c
MD5 b23f741c4627640d11a5477ba464c265
ssdeep 24:tYSm6Zq6KWRx19X0uyCd3UvTmw3hyLbe64tsUHn:OW5KWRx1JBz3VbeGUH
sdhash sdbf:03:0::1128:sha1:256:5:7ff:160:1:17:BAAAACgAAAQAAIgABAAAAAAAAAACBAAAIAgEAAAAAAAAAAQCAAAAAAAAAAAIAAAYYAAAAgAAAUAAAAAAAIgAAAAAAGCAAAAAAEAAAACIACAAAAAIgUAAAgAAAAAEAAAAAAADAAAAIAAAAACAAAAAAAAAAAAAQAAAAAgAAAAgAAAIAAAAAAAAAAAAAgAgAAAAAAAABBACIAAAAAABAAAAAAAQACAAAAgAAAAAAAAAEAAAAACIAAAAAAAAAAAAAAAEAAAASAAEBCABAAAAAAAACgBAAAAAgAAAAAAAAgAAAAAAAIAAEAAABQBEAAAAEAAIABAEACAAgAAAAABABAAAAA==
Resource #3
Type Size Name
MS Windows icon resource - 12 icons, 48x48, 16-colors 174 RT_GROUP_ICON
SHA256 d2d8ccd68849e94ea6b84f6835d0fe98ffa5c11e74a1138529e3c0b8d8edfe60
SHA1 92235b3d49fd27218a58fbfad27ad6a619b54ffb
MD5 9f09cf7bb38a28604b82294714b5aff8
ssdeep 3:wVwgSX/l99wPFszNIPPlk0/klX6mvG3wX5sffaf/vHlXluO1:gFszWPm0/klX6mujCfxH
sdhash Not applicable

PE sections

Section #1: PS???
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
PS??? Data 5.51753 0x6d000 496 0x1000 446464 0x20000000, 0x40, 0x7fffffff, 0x20, 0x40000000
SHA256 2bdd23dc97b6a5cfcc0a99639ec874fd35450f24358a343ab05d2462548c697c
SHA1 d9e2de62ad038ca23540afa885ee0cdf8ee6ea99
MD5 c65987bafc892e9dcb87950e79dee885
ssdeep 6:yc1HkpKSlsgYptpUcVrkoZ3QBlcVa2kjI/Vg0lUlSG2l3ETHlHX2XvslIB:yskk2ct7FJUSwZ3c8SG2l3ETuElIB
sdhash Not applicable
Section #2:
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
Data 7.83474 0x35000 185264 0x6e000 217088 0x20000000, 0x40, 0x7fffffff, 0x20, 0x40000000
SHA256 e8449b4714351ad3d3c009dc4063c1bcf3084c0ee6382f2e9e4047ee6ec1ba09
SHA1 bc8f5d2323e4c6eb637168157af1d8534b799216
MD5 782a70071ad8041c309f9e1d0d3922c7
ssdeep 3072:Ntum+/BgjLA8Hc8OyAFGO4hwZUFcqJY2ZL4jy12+j9/ouG/o4YXOauj:NLFPAOc8Tc7Uu4Cs2+u/Fzj
sdhash sdbf:03:0::185264:sha1:256:5:7ff:160:19:111:gJCiD1G1SAAGUmNgogAAAmYsKQlBIiQAcGXPvgASAGwj7aSSuSKQkQAAcdILitkzSShoBIGIiaRbCCMDEQxAIIgsXgsEmcABSAGmACCCgykCBAjKAYdwQAeAOaSwhh0Q4ICgFJ1BOgLpwmDoFQAnEsjhBYBMoCpYseQQkEgUowxBAofAsIMEJCRSIBKSYBGQhQBhhDDGJCCJhCNZANkUESAiwaBKGgaKAqHwYcwkKEZELg61aAGQIBRCCDBcqCFOKULUBAsMAahBZHsF4D1M0JTYApNJWlkvWzIii3IACGEbJQCO8DE6q8AIrAZcsBUjJCAn0HeBEA4CHEICQMfD6AyRQRQGl0IAAhIM+cCPBTWg5/oA6xCY+I0CQA1AwWhgUBACAbIFMBQlCgABnqACyIIAIQpoEy6KLQITiEYLzgoMIAiAAXQQAUZAEA10EkVicFHAEMiwmsdC0MiAEcoilJLaSpE4YBCyqSAGEMCQlKAhoA2MiDISIyUKksIAk1AICsgGqxpAFAI4wgxiHikGaJjDEAwIqQTAxiCCWuAAOEAeBCkB1iiASJChUgRMh5RYAWaDAUbymIgzOAEhZAUgTcoY1AI0BTKUJGE7aUIgiWUdaikMwsBA4AkhQAWNqISGKEahNghsHsYWWgTkkaIwShGSQECGBCgkpyGhRykhAhAvSSCQukCHJAiSHhvcTwqWFhKIkS4kAEQgCj6qpIADLCWR5CqlvRgAwiChOdosQhtiJMkwQ5lVQBEWQQOCyAMJgKqSbIJAAgQ5YQI4tZgkemzQcRrhTAALNGAUVFUgKgCRgMvEYQyATERASaEGKAgQY4FJxUjgAMyAOkQWhhvMmEq3BBTAAAABCmEeWCInELAZUgiMEgKmQFNkAQdngAACGHigL4DmjQIYDgAhFAkCAkGhAZmGGJKJKVVMAyA2s8QAFGLZIgWUrEmSe5HHAYEKSmjAEgKBYhNE6QRDJCmQIQshzoETEFQNEEwC0SQWIKo0MAQgqViAlVBYsNQUIZIACNEEAY6KgFITmGooGUpEgYCqkhAYRBDBgibOoQy4GCjOEAjkBUiGEIyMCZgYoUwYDBlGEIC0g2Uh4sgBIJ09oA1EJMAAggHBhAwAwHZwqhBACgRIPKIYgCsABCAINJIgyJgBpAQCIz0Q8BieoEARpqQsQ6EKEVFFh0IYJ4GFUsmkZ7TQDQONCZMPwEvpEPQNAygSIkiVFFCBkRpgInyfkCCijYaAQCKxEEMkEYCgiNhQJUhCE1FCRA2MFMDhhIcgEIOEjBCCBAQQjI7QAii8WCFEEYAPR2M9GBkZLJjAKUEWIFFFpAFEDRcBGTRSADMUAaAZGRVlNrQAIhNEagMEhI5QQAVRAMCt4HQyDQnAwyDkOwBiFTJbhQClaFGgKhWBgAMAWkr14FgwIFXs0IAJCNoMWgEAGAFERTAA2QdFiOsm6BAElAOBmMRSUwqZFIsggUOYECgSIJzQqAlJAAgUVCYCsAoMEARTGc9QhGEH0SPLIEkqr1MTSmSn0KL0uigAGUsICGATlIECoREBIIyRYQkQFJDANU0JGUMIOfAAEihfVkCIGQYNRKAjpIQHEBZPGGFAFMNAAYFIc6IMFCNhESL5GQQgA1KAGrWRUqFgRiwAupCHhuGGAjAANYQUAMSQmRKEgvMgNhBTBQ2DJbII0gYkMbBGRGnQwASE2gAlu8A3ZApwFAu4AcsADI61EcAMTNSyEKANx6yYtQiBJyqAQyD6CsYMBhsAAaHAAIDCoZAFAAQMCDCvPglwE7ykMlFLEmEjthwY2Q4EBSgAUOViDwwhkAHMABdRwOBKAJUCDI4uIICKAxoIkyIBDGUi0BoA8jkoA3EAUikSRGO0HZAsDhS0DwFICj7GUADhmBwWIAGM4sGCZcCzhOQAABAEEJIYQSKrSCmOkoMwgFRkUCEACZ4EoRCRIeJQnjgJQAoE1tBupoIyWBTMAo6qBgiMAYYISBGGw0maAJB8XAOGkTGSMLAu4EbEAWIJoGQCcDgUAAEOIJbCQbAgCgpcg9CRTMAAAYCSAVAwECBARw1Ajuxmof8AAG2FOsQmAIVAkikQjDVgIG8oiwAAJRArCHRWGAyMpyxBYi5woIiUUBp8ScQB8tyJAIxXQMJgSERkAIKQ4CTAQgEAlWluQQBgWJEOBRxkiAeCAdJZYgDTEp0gCMBoNAYBATFODkQPOBQQQHskQlhASBoBXmBcRhFAioC9GABdQjATBCBjkAEjFRPmVFTAHaVDAOGC0AC6dk7c2mCAkICYPQiBA0BAAh0QJQlE4VrrBBXFIgCBGglAJGE2FCBNXICyMqDgWRSTAcTLiLUGIoNLAz6SgS4SB+DSQpHYBnxCEmIREpAFCiQpiC2QzgURYFMDjgCSujPCARMAI2FEwXhuO1lqZskBEeMScTAF8AICuJYgJJBhgAX5ZmBsaIAhkIgBY1QgQSlAlMwKPZAg4lhhCACSBAZAAEV4a8EQYUQAFSRAVAKgcGdLQtcAFwAACq6bCDA4BIwIpAJodW2EYBRGARCSyQGKwkxIiFSJEUCR6JaA2XGHVKEM6UAMAAIJhcIywYCAoQqoRAwAUnALtOsZEMBWAgAACsPIkCBQQAX1G8BuAEIABGgE1CQxuAmRUDQAZKQQZqhAQIBcHQnGIMihQKBhAOiaFMVcJYpUTRlAlKu1t8gIaQDSaBnPIAwesSGCVlhFwAZAATrAZY1KsXgJCTG9yFBJAEACDEQSS0ccgSFIJLBBCjycpCqAKHDDquLFRgLKowESEYmCrVUEISkpSAz7QSYkFqkAKGWkgWQZEMgIABkGQUOTsA21RAUACkV8KRCg1wQlrYINoismcIDsKAjaCmxsHC9XZBElKJcIGiaEPyImkoBlGEEAD7WEKT3hwSIpggkKiAOYAjIJECAAREDGckSCSWC4YhPHOHJzORUIAIkUeCgZIBZ9A4EDgABhBIIkRwBkGkANDgBUoGARJolGAok0ABjC80mNHBAXuKkAgIISUmxBQKyCdooDDLJYcFxIwiZIDBMBwyoYAEYVOIUwIEjRgAgBiUAQAiAF0GqezApvjIwEgwZIpgaVAzKg/YQVAUEQCKGAjBHRIgI36A9CiHEHLkRQIDKUEE1whZpAQEhsCALKKKBI1DLNTmQEjwTQg8KSkAchhIEytSGAdFYAEGAFCo/IBEaoMIQydILFggAEAlBAyJiFAAyAHKEC4lUQAxvsbKBCzB0ACAAEIVXQAdEIQQp24YJJaQw+BUKjAIXTSHSpKHBTwUBCEAUAQw+g4lABAoAMgFRgYSgwh6QBbFDDeDHSoAieIgRSFEAImUYdIIGaQmB5KBilBKAYaEBgApJZOKAxElJugAsD0BTRBkQHDmMRAIhoocBgSDgUJZQAQIQM+JToc1GAQcRmxYMIwANNlgCQAAAkAIhOCgTE2AICOWY4SiobFiGHGUkKOEQUBQAAYUQFKGXpknD9AQIMVGsBSFiSkABAYAQMWAAAU1gKjcgC7YVAQMxY5TDeFBASqCkAqkgyBBiwP1YAj+jDgQZgAJIQ5EijqkBQPxYACKaiS8gghCMBECbESycnBvjFD0AHQCSuBiKhSEBMlUlBpIhIIpCO2CgoCJAwijLNBkAnmICgjA2ATIhgRIBz2GgAdpBMBSFSGOBAYDEAlPaCIA6wyIgLNgAMhdDpIVDwkYMEZ8yPgKUlApgBBJSihHFSGgjcMxC8CEAzVcgAEgoIzcClFEJitJY9apAAFSwpAruSlBAIQmMsAjgM+URwIcA1ogFRgoSCVCuHah2pleQDEtOJoECAqmCiKIiqDQ5AB+08ACFUooIKAVUksIGFWEAvBLCLCEi1RRAET4uEBDAOQBO37B5wJGQjzMiQBQBwRCBAA0sUGEx4RuBHPULCPWMDTBPIVCDABbBSAaMsKQAlRCzcwkQNjoBIl+AZiaFACkkIABjIwAKoXjFAIJRCwlsAEdRtwgIgAHgEEWTTsUaCgCRJYpQRJRTYDwADSCdABQoI3I50EDlAlNAgQBGsOQgAYyGA0KAgEBkGioACwAQnAwCgRNT0Q8EoYoPVa0YYDQZaPj6RBKDNpREqUHMgBlFAVr5sQhAwkWhQBMZDCSAYAS2BqKFhJBkjOg4gDIJKIoRAoSJKIvRbIAqElGgnI5UUiAq8DCAFlobAC1AEBQgwK2SixyYEgIZiuLogQTAYWAYa1hPIUp3wiKaAJKO8rhwwAGEA0Igh0CGM0LgCCAAIjNTFgRLgJggizSlCgxAljIFMCWYXKykQkpALC0EAAGSFE5VEAywlgzIcQIMUQcgBIhINxILlYQ4QRwBkOEoEUFgSDhMjiCLjQxkiiqAILlAUVEIEpCxIOJeAwiQEo4x0ilQALaRCITIwR4hHIJIDtBtGp4BC0IB5RAMEedLIp3ipgFkwQABghHROGFkal4MIQhyBUZViYYAwhJAE0AAAJJAQEcADwQSpYC8sJQgQgTorCkGDtsyhtEA41lFBDJSmIJDKrYEcVxIq2ARcFDozRiGQACuBC+gkiYzFVQsIOCwIAQwSHeAexAoBoRBlAIACwEIQhj8YeakBiAwBzhRgSnPYADoAzOFuY0BBWoUAGLDqEsHWQCDCQWBCSJ6AFzSMIeYCYIQdL1hMCXWqsjG4gF0AQWoIKgyAc0KgDkgAwwCKlU4RA4CQAUCCNiA6mkcBYEQZhrAQScgUhBgAQJcYYAUIMIKVlAQBgCgQSmAmIF5IF2FSAYCMZBKhoSgioyAlEAAtiyAAGiG+gIG1QEGICIEhuA2AjCNVRyAOw6YC0hCyGCFBBEdZKSiBRSOeAARCcASVCySlbAhMgCG+yagQoAHAKkCADi3dWCo0gY4ggkCAAMN/RACJBJVBYUyBCmREWwpiP+gM4IuACBj5HJA8MBCQYJVEXukCthyoAbmIRlLCiZiSUbBEYcgBBmsRoREIINK4qCSCAIWEAgE0gGGQZKREM1xoIQQUhiILOIx4F4uEIC4HKIUQDJBRSWEYAAROUpSSjGmMghcAMkR+kAp4IoSS8BgM6BASFwRIYQcTpgZkKlSwAlKQEsASBGZMiCAVZFEPBBCkKQIBSaegg4iBYA8UDBWCQQBA0lIAABDgJQAQiUBABMQCiVeGcACCAIEtAZAqInZIcBLb4CrEBsAQmAYhLAAgBYwo4gAKQMQXIGkJCDyCCWgeMyuAqKhG8ABDJBgDYD6GTfYAAJpBGg6xCzgBgeDVg2MoBBCmoMYI3CEC2EBGbQkSEmUHjQcSFQQHKRGQSCa6MoCGqYuXwGwMzIfE9O0DkpYFHwgxEANXspwKBQABRIJUGUgE7EMwEjDM2HDIUZJDsZIRQAFzgx5aDIAAqLEzTyEFkMAAQzH6hsUIFESKC5EEEVSE4e5S0AEdIwEbhIpwiiITUIwHBRQYGC4hQhATwGsepkLEFgDA5CRCQhMQMSYBEnWAAGYBECAqKE0paUJVAhARjRNkQMABQmByApgjJBCEAQQuGNRgBsOylQqBBYDrEsGXcaDrgA5HhgJQVDGiFiCEGBiIEEhpAgAIgBIUYYhhBVEEZin4iEqRDIQskJEJq4IRiCCxA0AaBBUxADmMvQAT0cmMsGEAAtSNIF+BQQBIC1CJigDgKBANP8gWjpIDKgWBDQO2FQDIQeIq0TgfyHgRBOkAChSrFINVs6IlmmoDhZDGPgKSsjEEkONHAwSKzgiBwhZsYoQRMiIBEE2LCTwIYKEXMpOEAUIRAABA4AIYIGZKqAAtBQIOYEqEFUCCBETYFKoiMANApjC4qCwFbEbqSNhAu4Q5EouWPRRMLILBKFwAE1gkSVBqloP1AGAtETyaCCIClgZwCioa6rKxySEAsgAkUJwIGQgKTCjrAQ6VOBswwQAAhNlApLIZMTVAKIBIUBjmALDCgACaAm8MSZCGZaCgR2YJVXusQCQASAAJCggQZSIABIOBQ0c6wSAEAIDSkCAAAEFRSBBJAJWbpAzRVlRxECBREKMCQBAiASeOKBjNtrLSEEk2whUoEhIIA+JCIwQYoB4EMuTNMgQgbCIZdUhAIAsK4mGlSIjQwJkVhAIEZATBbEppcfAmiQFKClBltCeOioo0MBYCCgAIkoJWAc7FIk6IE4EBAEgirAeHBCQHKhAAGYAACEggUMEgEAggkLMhYAWAAALIxgkVIEEwwgYgkhIJMAKAJgACgIHwQElJEMUQAFzAAggAIkIEAwBzKNiDAAGAgAARYEScAgACxAhKECBCAItUhIjKcQE4OKNgIgAwWCAJYkQgwAORJkAZAAQARA8AwkQiBEgABAFCYAUSxxAxB5DAAAwEGgFgCBpEFKAFwKCeKJhApUASBACBAgABJREIBSOBARIFLkWABAAwYgABQRKqGABABRMKBAABTQRUwECIAR4zQRBCTSAJGZEAFAMQQgYYCBCAQIAMQgAQkAAFUkFFjIDAjiKC0DAEgsEqmlCADXQAKRoQUAAoGA==
Section #3:
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
Data 5.51753 0x1000 496 0xa3000 4096 0x20000000, 0x40, 0x7fffffff, 0x20, 0x40000000
SHA256 2bdd23dc97b6a5cfcc0a99639ec874fd35450f24358a343ab05d2462548c697c
SHA1 d9e2de62ad038ca23540afa885ee0cdf8ee6ea99
MD5 c65987bafc892e9dcb87950e79dee885
ssdeep 6:yc1HkpKSlsgYptpUcVrkoZ3QBlcVa2kjI/Vg0lUlSG2l3ETHlHX2XvslIB:yskk2ct7FJUSwZ3c8SG2l3ETuElIB
sdhash Not applicable

Virus Total scans

File: ecae6a2f3690f1b7ce565c2b2ac19ad37ade638cc75f04b275595d86d5d9e679

Scan date: 2016-04-05 09:08:21
Antivirus Result Update
Ad-Aware Gen:Packer.Generic.lmGeaiJk7xhG 20160405
AegisLab Backdoor.W32.Rbot 20160405
AhnLab-V3 Packed/Upack 20160404
Alibaba Goodware 20160405
ALYac Gen:Packer.Generic.lmGeaiJk7xhG 20160405
Antiy-AVL Trojan/Win32.TSGeneric 20160405
Arcabit Gen:Packer.Generic.lmGeaiJk7xhG 20160405
Avast Win32:Crypt-AIS [Trj] 20160405
AVG Win32/Ngvck.AO 20160405
Avira TR/Bumat.A.1519 20160405
AVware Trojan.Win32.Packer.Upack0.3.9 (ep) 20160405
Baidu Goodware 20160405
Baidu-International Goodware 20160405
BitDefender Gen:Packer.Generic.lmGeaiJk7xhG 20160405
Bkav W32.OnGamesLT180912HKGHAAI.Trojan 20160405
CAT-QuickHeal W32.Seppuku.2764 20160405
ClamAV Goodware 20160404
CMC Trojan-GameThief.Win32.OnLineGames!O 20160404
Comodo Packed.Win32.MUPACK.~KW 20160404
Cyren W32/SuspPack.CY.gen!Eldorado 20160405
DrWeb Goodware 20160405
Emsisoft Gen:Packer.Generic.lmGeaiJk7xhG (B) 20160405
ESET-NOD32 Goodware 20160405
F-Prot W32/SuspPack.CY.gen!Eldorado 20160405
F-Secure Gen:Packer.Generic.lmGeaiJk7xhG 20160405
Fortinet Goodware 20160404
GData Gen:Packer.Generic.lmGeaiJk7xhG 20160405
Ikarus Backdoor.Win32.Rbot 20160405
Jiangmin Trojan/DiskAutorun.bgq 20160405
K7AntiVirus Goodware 20160405
K7GW Goodware 20160404
Kaspersky UDS:DangerousObject.Multi.Generic 20160405
Kingsoft Goodware 20160405
Malwarebytes Goodware 20160405
McAfee Artemis!A5AC6E69CE2E 20160405
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160405
Microsoft Goodware 20160405
MicroWorld-eScan Gen:Packer.Generic.lmGeaiJk7xhG 20160405
NANO-Antivirus Trojan.Win32.AutoRun.omay 20160405
nProtect Trojan/W32.Agent.185776 20160404
Panda Trj/Pupack.A 20160404
Qihoo-360 Win32/Trojan.b4e 20160405
Rising Goodware 20160405
Sophos Mal/Generic-S 20160405
SUPERAntiSpyware Goodware 20160405
Symantec W32.Small.gen 20160331
Tencent Goodware 20160405
TheHacker W32/Behav-Heuristic-060 20160405
TotalDefense Goodware 20160404
TrendMicro Cryp_Xed-12 20160405
TrendMicro-HouseCall Goodware 20160405
VBA32 Goodware 20160404
VIPRE Trojan.Win32.Packer.Upack0.3.9 (ep) 20160405
ViRobot Goodware 20160405
Yandex Packed/Upack 20160316
Zillya Trojan.Genome.Win32.85357 20160404
Zoner Goodware 20160405

Comments