blackmoon | pepsi (5)[.]rar

Resubmissions

04-07-2024 17:22

240704-vxyavazeql 10

04-07-2024 17:19

240704-vv7rhazenr 10

Sharing

Copy URL

Twitter E-mail

General

Target

pepsi (5).rar
Size

71.8MB
MD5

f5f163cbcc1e6c5dc86e9df0daa0f200
SHA1

2dfdfabd15e90a09e64dedce5fdea5f3529cbbfb
SHA256

e2cadb0766cf2fc20a527c917f4475388ef3fbd73b8e0c6d071b695afbb1dba3
SHA512

895048370d6fa90f1b842e1fd087d26f58da81d288ef344a5a412409c394222a3da9f89e19260b83a7634dd7c923ffd0bd339e4cff6da5a8ef4786ace6719e1d
SSDEEP

1572864:4eXLeXak7DEoGipeXAeXUdeXoJAku3eXgb/BJ3/8XZPawDyXt3FYH:4eber7DEodewekdeFku3eQb/H+Zyx3Fu

Score

10^/10

vmprotect upx themida blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon
Detect Blackmoon payload 1 IoCs

Processes:

resource yara_rule

static1/unpack001/[DemonArchives]1fa9dbcc19fb2ae5cd344f559e95b759.exe family_blackmoon
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

static1/unpack001/[DemonArchives]1e0dc068677f96c9da7f43cf4d4acd92.exe themida

resource	yara_rule
static1/unpack001/[DemonArchives]1fa9dbcc19fb2ae5cd344f559e95b759.exe	family_blackmoon

resource	yara_rule
static1/unpack001/[DemonArchives]1e0dc068677f96c9da7f43cf4d4acd92.exe	themida

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/[DemonArchives]0a47e2885329b83d82525cb438e57f7e.exe	upx
static1/unpack001/[DemonArchives]55a0c8c7e6c8b2be4ebd164d43e746c8.exe	upx
static1/unpack001/[DemonArchives]6e4f9763c17ea31c3d1406eabd7db423.exe	upx

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

static1/unpack001/[DemonArchives]05e82b287218043df6c8560cd0e2719c.exe vmprotect

resource	yara_rule
static1/unpack001/[DemonArchives]05e82b287218043df6c8560cd0e2719c.exe	vmprotect

AutoIT Executable 5 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack002/out.upx	autoit_exe
static1/unpack001/[DemonArchives]1fa9dbcc19fb2ae5cd344f559e95b759.exe	autoit_exe
static1/unpack001/[DemonArchives]41637d74a16e50cafe6cb72974a1cf5c.exe	autoit_exe
static1/unpack001/[DemonArchives]4fd60e9aed5ab9ed5326da37806b2502.exe	autoit_exe
static1/unpack001/[DemonArchives]a367e7069b0df249dbcd93f02f05a573.exe	autoit_exe

Unsigned PE 73 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/[DemonArchives]01be7be288126004a6b6013cfa9630f3.exe
unpack001/[DemonArchives]02352cbf001e9c8176a5b7d381ef9b5e.exe
unpack001/[DemonArchives]02fa60c2391dc09e9a0b748a9d89c6a8.exe
unpack001/[DemonArchives]04a8e202d70a574213680cdb7c82fb55.exe
unpack001/[DemonArchives]05e82b287218043df6c8560cd0e2719c.exe
unpack001/[DemonArchives]07fe5f7c673e5faa200611f9cb716aac.exe
unpack001/[DemonArchives]086b605fada00eaa39fca0581712f10f.exe
unpack001/[DemonArchives]09f326448c37d99a61bb064e68ac6b94.exe
unpack001/[DemonArchives]0a47e2885329b83d82525cb438e57f7e.exe
unpack002/out.upx
unpack001/[DemonArchives]0d061414e840b27ea6109e573bd2165a.exe
unpack001/[DemonArchives]1192a915b81f1f7878472391f42cb6c4.exe
unpack001/[DemonArchives]14049d0a3afad0faa21ab1fff2e417f3.exe
unpack001/[DemonArchives]149dd5469233f52aa4287362ce85b88f.exe
unpack001/[DemonArchives]1df7772347bfd34ecb1685a1ba69c285.exe
unpack001/[DemonArchives]1e0dc068677f96c9da7f43cf4d4acd92.exe
unpack001/[DemonArchives]1ee7f65b0c08c4ff7e1047c14851575b.exe
unpack001/[DemonArchives]1fa9dbcc19fb2ae5cd344f559e95b759.exe
unpack001/[DemonArchives]227f3ff19943a0e8c1b26a563246280f.exe
unpack001/[DemonArchives]2353c3f467be78e36e934caf5f3c3b61.exe
unpack001/[DemonArchives]26add802e0e75416385317658b116216.exe
unpack001/[DemonArchives]2bf9e607accd325cfb734cd594b00723.exe
unpack001/[DemonArchives]3825817f6028f26ff0b5cd748559286d.exe
unpack001/[DemonArchives]3e70eabf850c2134ac1acd815a2a90af.exe
unpack001/[DemonArchives]41637d74a16e50cafe6cb72974a1cf5c.exe
unpack001/[DemonArchives]42971155e95ad8ace7b6fc53d70fb952.exe
unpack001/[DemonArchives]47522f57257b441811cf5f87c9118faf.exe
unpack001/[DemonArchives]4782545d269557614be88caef0383cfa.exe
unpack001/[DemonArchives]4bed82d2182d95951a4dd3b090868cf1.exe
unpack001/[DemonArchives]4c1ca9436c971190f7082f5c108a007b.exe
unpack001/[DemonArchives]4fd60e9aed5ab9ed5326da37806b2502.exe
unpack001/[DemonArchives]550ad0e50316dfca7c0bfd14f9060880.exe
unpack001/[DemonArchives]55a0c8c7e6c8b2be4ebd164d43e746c8.exe
unpack003/out.upx
unpack001/[DemonArchives]560184b003e9c461fdfa4ab15cd3b6fb.exe
unpack001/[DemonArchives]58b00f133ec3b7efa68faf94233d594e.exe
unpack004/$PLUGINSDIR/CheckInstall.exe
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/AutoShutdown.exe
unpack004/ClonedFileCleaner.exe
unpack004/FilePulverizer.exe
unpack004/StartupManager.exe
unpack004/SweepHelper.exe
unpack004/SystemInformation.exe
unpack004/uninst.exe
unpack001/[DemonArchives]627ba000cff6d43aa031da4020d15186.exe
unpack001/[DemonArchives]68d0fb679004d3c27c9efa840010881e.exe
unpack001/[DemonArchives]6a1fe8f4fbbc726b6ee093b2688a33a6.exe
unpack001/[DemonArchives]6bc2fcef470b064c9bd339c7e2553ea8.exe
unpack001/[DemonArchives]6bf80d8b5b235df5efb621da1dd61b4b.exe
unpack001/[DemonArchives]6e102d15d6af7c43d43141e9d2a1206b.exe
unpack001/[DemonArchives]6e4f9763c17ea31c3d1406eabd7db423.exe
unpack007/out.upx
unpack001/[DemonArchives]720d7d1deff763aee99bcc266f96b238.exe
unpack001/[DemonArchives]7a8bde6d1942443bdbf09e610eb1b794.exe
unpack001/[DemonArchives]7da028810a703bb926d39a9b4ba50703.exe
unpack001/[DemonArchives]7e020e96f43c40b26aa7f880ad0f8a96.exe
unpack001/[DemonArchives]81759dd56bd4387d02cb20d44422c8f0.exe
unpack001/[DemonArchives]853a559e0dcb25ab9605685ec776224c.exe
unpack001/[DemonArchives]887a4917f4af1126d489a4f4d56b2eb3.exe
unpack001/[DemonArchives]8edcc9bf66c21c55cf482dcac1c18c44.exe
unpack001/[DemonArchives]973465ab358797d8d056e4f04bda2513.exe
unpack001/[DemonArchives]9afac07fd6517652d6e659963db8b87e.exe
unpack001/[DemonArchives]a367e7069b0df249dbcd93f02f05a573.exe

NSIS installer 4 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/[DemonArchives]58b00f133ec3b7efa68faf94233d594e.exe	nsis_installer_1
static1/unpack001/[DemonArchives]58b00f133ec3b7efa68faf94233d594e.exe	nsis_installer_2
static1/unpack004/uninst.exe	nsis_installer_1
static1/unpack004/uninst.exe	nsis_installer_2

Files

pepsi (5).rar
.rar
[DemonArchives]01be7be288126004a6b6013cfa9630f3.exe
.exe windows:1 windows x86 arch:x86

95e6f8741083e0c7d9a63d45e2472360

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

Sections

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.embm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]02352cbf001e9c8176a5b7d381ef9b5e.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]02fa60c2391dc09e9a0b748a9d89c6a8.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]04a8e202d70a574213680cdb7c82fb55.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]05e82b287218043df6c8560cd0e2719c.exe
.exe windows:5 windows x86 arch:x86

a8c436d9a0e5e9875d8e3a40db9db0a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PostQuitMessage

gdi32

DeleteEnhMetaFile

msvcrt

_XcptFilter

comdlg32

PageSetupDlgW

advapi32

RegQueryValueExW

shell32

DragFinish

comctl32

CreateStatusWindowW

Sections

.text
Size: - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata2
Size: - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]07fe5f7c673e5faa200611f9cb716aac.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]086b605fada00eaa39fca0581712f10f.exe
.exe windows:1 windows x86 arch:x86

0b36fc85e0cb5e337c80982db5210969

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

ntdll

LdrUnloadDll

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fldo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]09f326448c37d99a61bb064e68ac6b94.exe
.exe windows:1 windows x86 arch:x86

0b36fc85e0cb5e337c80982db5210969

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

ntdll

LdrUnloadDll

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fldo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]0a47e2885329b83d82525cb438e57f7e.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]0d061414e840b27ea6109e573bd2165a.exe
.exe windows:4 windows x86 arch:x86

8abecba2211e61763c4c9ffcaa13369e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2770
ord356
ord2781
ord4058
ord3181
ord2764
ord1980
ord668
ord926
ord924
ord941
ord4129
ord537
ord540
ord6282
ord825
ord6283
ord5683
ord5710
ord858
ord800
ord535
ord859

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_beginthread
rand
fgetc
fputc
fwrite
rename
fopen
fseek
fread
fclose
_stat
__CxxFrameHandler
_mbscmp

kernel32

GetCurrentThread
GetCurrentProcess
SetPriorityClass
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
WaitForSingleObject
CreateProcessA
Sleep
GetLogicalDrives
GetModuleHandleA
GetStartupInfoA
SetThreadPriority

user32

LoadIconA
MessageBoxA

shell32

ShellExecuteExA
SHChangeNotify

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]1192a915b81f1f7878472391f42cb6c4.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]14049d0a3afad0faa21ab1fff2e417f3.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]149dd5469233f52aa4287362ce85b88f.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]1df7772347bfd34ecb1685a1ba69c285.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]1e0dc068677f96c9da7f43cf4d4acd92.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 155KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]1ee7f65b0c08c4ff7e1047c14851575b.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]1fa9dbcc19fb2ae5cd344f559e95b759.exe
.exe windows:4 windows x86 arch:x86

9d5552b3a103c723c650b0d7a6310980

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapFree
IsBadReadPtr
GetTickCount
CloseHandle
ReadFile
GetFileSize
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
Sleep
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
HeapAlloc
FormatMessageA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
GetCurrentProcessId
TerminateProcess
OpenProcess
ExitProcess
GetModuleHandleA
CreateProcessA
MoveFileA
CreateDirectoryA
GetModuleFileNameA
CreateFileA
GetUserDefaultLCID
lstrcpyn
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
RaiseException
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
GetStartupInfoA
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection

user32

PeekMessageA
GetMessageA
TranslateMessage
MessageBoxA
DispatchMessageA
wsprintfA

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

shlwapi

PathFileExistsA

oleaut32

VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayCreate

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]227f3ff19943a0e8c1b26a563246280f.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]2353c3f467be78e36e934caf5f3c3b61.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]26add802e0e75416385317658b116216.exe
.exe windows:1 windows x86 arch:x86

3235d0a66c0a8ca4d8b84f3bea439dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

rpcrt4

RpcErrorEndEnumeration

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jfbbql
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]2bf9e607accd325cfb734cd594b00723.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]3825817f6028f26ff0b5cd748559286d.exe
.exe windows:5 windows x86 arch:x86

9cc1c069ad89fcb9f40f4af896733a4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\rc_v11_pro_20210525\Build\Release\WPSOffice\office6\KUninstall.pdb

Imports

kernel32

VirtualAlloc
VirtualFree
VerSetConditionMask
VerifyVersionInfoW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetVersionExW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
lstrlenW
GetFileSize
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateDirectoryW
DeleteFileW
SetEndOfFile
SetFilePointer
SetFilePointerEx
WriteFile
GetTickCount
GetSystemDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
MoveFileExW
GetStdHandle
ReadFile
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
GetWindowsDirectoryW
MoveFileW
CompareFileTime
GetSystemInfo
GetModuleHandleW
GetProcAddress
GetCurrentProcess
FreeLibrary
LoadLibraryExW
GetPrivateProfileStringW
QueryPerformanceCounter
QueryPerformanceFrequency
CreateMutexW
OpenMutexW
GetExitCodeProcess
CreateProcessW
LocalFree
GetSystemWow64DirectoryW
LoadLibraryW
ExpandEnvironmentStringsW
GetFileAttributesExW
Sleep
TerminateProcess
OpenProcess
lstrcmpW
SetLastError
GetCurrentThreadId
FreeResource
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
SetCurrentDirectoryW
GetPrivateProfileIntW
WritePrivateProfileStringW
ReleaseMutex
OpenEventW
OpenFileMappingW
GetCurrentThread
GetCurrentProcessId
ReadProcessMemory
GetModuleHandleA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FileTimeToLocalFileTime
GetLongPathNameW
QueryDosDeviceW
ProcessIdToSessionId
GetModuleFileNameW
FileTimeToSystemTime
CreateThread
GetLocalTime
OutputDebugStringW
GetNativeSystemInfo
IsWow64Process
MapViewOfFileEx
lstrcmpiW
GetSystemDefaultLCID
TerminateThread
GetLocaleInfoW
GetUserDefaultUILanguage
ResumeThread
GetModuleHandleExW
SetNamedPipeHandleState
WaitNamedPipeW
VirtualProtect
VirtualQuery
LoadLibraryExA
GetFileSizeEx
GetSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
CreateFileA
DeviceIoControl
LoadLibraryA
SetCommTimeouts
WaitNamedPipeA
SetEnvironmentVariableW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetStringTypeW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
CompareStringW
LCMapStringW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
GetTimeZoneInformation
ExitProcess
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetThreadTimes

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]3e70eabf850c2134ac1acd815a2a90af.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]41637d74a16e50cafe6cb72974a1cf5c.exe
.exe windows:5 windows x86 arch:x86

270ef27c034d928c4437a4fdbd9809c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
setsockopt
ntohs
recvfrom
sendto
htons
select
listen
WSAStartup
bind
closesocket
connect
socket
send
WSACleanup
ioctlsocket
accept
WSAGetLastError
inet_addr
gethostbyname
gethostname
recv

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

mpr

WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetQueryOptionW
InternetQueryDataAvailable

psapi

EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

kernel32

HeapAlloc
Sleep
GetCurrentThreadId
RaiseException
MulDiv
GetVersionExW
GetSystemInfo
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
lstrcmpiW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
OutputDebugStringW
GetLocalTime
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
GetTempPathW
GetTempFileNameW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
DeviceIoControl
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetComputerNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThread
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
LoadLibraryExW
HeapFree
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameW
GetFullPathNameW
ExitProcess
ExitThread
GetSystemTimeAsFileTime
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
ResumeThread
GetStartupInfoW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA
HeapReAlloc
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
EnumResourceNamesW
SetEnvironmentVariableA

user32

SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
ReleaseCapture
SetCapture
WindowFromPoint
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
CopyImage
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
PeekMessageW
SetKeyboardState
GetKeyboardState
GetKeyState
keybd_event
VkKeyScanA
GetKeyboardLayoutNameA
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
GetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
MessageBoxW
DefWindowProcW
MoveWindow
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
GetMenuItemID
TranslateMessage
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
UnregisterHotKey
CharLowerBuffW
MonitorFromRect
GetAsyncKeyState
LoadImageW
GetWindowLongW

gdi32

DeleteObject
GetObjectW
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
BeginPath
Rectangle
GetDeviceCaps
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
SetViewportOrgEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
RegEnumKeyExW
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
InitiateSystemShutdownExW
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
CopySid
LogonUserW
GetTokenInformation
GetAclInformation
GetAce
AddAce
GetSecurityDescriptorDacl

shell32

DragQueryPoint
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
StringFromCLSID
IIDFromString
StringFromIID
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
OleUninitialize

oleaut32

SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
OleLoadPicture
SafeArrayGetVartype
SafeArrayDestroyData
SafeArrayAccessData
VarR8FromDec
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantInit
SafeArrayDestroyDescriptor
LoadRegTypeLi
GetActiveObject
SafeArrayUnaccessData

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]42971155e95ad8ace7b6fc53d70fb952.exe
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]47522f57257b441811cf5f87c9118faf.exe
.exe windows:1 windows x86 arch:x86

95e6f8741083e0c7d9a63d45e2472360

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

Sections

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.embm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]4782545d269557614be88caef0383cfa.exe
.exe windows:1 windows x86 arch:x86

3235d0a66c0a8ca4d8b84f3bea439dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

rpcrt4

RpcErrorEndEnumeration

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jfbbql
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]4bed82d2182d95951a4dd3b090868cf1.exe
.exe windows:4 windows x86 arch:x86

1a611a7df1f3828b0157c4725145a721

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
RaiseException
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
GetCurrentThread
OpenThread
IsDebuggerPresent
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlUnwind
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GetDiskFreeSpaceA
DeleteFileA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
SetFileAttributesW
FindNextFileW
CompareStringW
GetLocaleInfoW
GetDateFormatW
FindFirstFileExW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GlobalDeleteAtom
GetLogicalDrives
DeviceIoControl
FindClose
WinExec
MulDiv
GetLocalTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
PeekNamedPipe
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
CreateToolhelp32Snapshot
Process32First
Process32Next

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
GetClassLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
DefFrameProcW
DefMDIChildProcW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
GetMenuItemRect
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
TranslateMDISysAccel
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
DrawIconEx
FlashWindowEx

advapi32

GetUserNameA
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles

ole32

OleInitialize
OleUninitialize

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
ioctlsocket
getsockopt
recv
select
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 816KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]4c1ca9436c971190f7082f5c108a007b.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]4fd60e9aed5ab9ed5326da37806b2502.exe
.exe windows:5 windows x86 arch:x86

270ef27c034d928c4437a4fdbd9809c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
setsockopt
ntohs
recvfrom
sendto
htons
select
listen
WSAStartup
bind
closesocket
connect
socket
send
WSACleanup
ioctlsocket
accept
WSAGetLastError
inet_addr
gethostbyname
gethostname
recv

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

mpr

WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetQueryOptionW
InternetQueryDataAvailable

psapi

EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

kernel32

HeapAlloc
Sleep
GetCurrentThreadId
RaiseException
MulDiv
GetVersionExW
GetSystemInfo
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
lstrcmpiW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
OutputDebugStringW
GetLocalTime
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
GetTempPathW
GetTempFileNameW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
DeviceIoControl
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetComputerNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThread
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
LoadLibraryExW
HeapFree
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameW
GetFullPathNameW
ExitProcess
ExitThread
GetSystemTimeAsFileTime
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
ResumeThread
GetStartupInfoW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA
HeapReAlloc
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
EnumResourceNamesW
SetEnvironmentVariableA

user32

SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
ReleaseCapture
SetCapture
WindowFromPoint
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
CopyImage
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
PeekMessageW
SetKeyboardState
GetKeyboardState
GetKeyState
keybd_event
VkKeyScanA
GetKeyboardLayoutNameA
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
GetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
MessageBoxW
DefWindowProcW
MoveWindow
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
GetMenuItemID
TranslateMessage
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
UnregisterHotKey
CharLowerBuffW
MonitorFromRect
GetAsyncKeyState
LoadImageW
GetWindowLongW

gdi32

DeleteObject
GetObjectW
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
BeginPath
Rectangle
GetDeviceCaps
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
SetViewportOrgEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
RegEnumKeyExW
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
InitiateSystemShutdownExW
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
CopySid
LogonUserW
GetTokenInformation
GetAclInformation
GetAce
AddAce
GetSecurityDescriptorDacl

shell32

DragQueryPoint
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
StringFromCLSID
IIDFromString
StringFromIID
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
OleUninitialize

oleaut32

SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
OleLoadPicture
SafeArrayGetVartype
SafeArrayDestroyData
SafeArrayAccessData
VarR8FromDec
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantInit
SafeArrayDestroyDescriptor
LoadRegTypeLi
GetActiveObject
SafeArrayUnaccessData

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]550ad0e50316dfca7c0bfd14f9060880.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]55a0c8c7e6c8b2be4ebd164d43e746c8.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]560184b003e9c461fdfa4ab15cd3b6fb.exe
.exe windows:4 windows x86 arch:x86

248461eeaf5ea1b28d70b9495192cb5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

borlndmm

GetAllocMemCount

advapi32

RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW

kernel32

ClearCommError
CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
EscapeCommFunction
ExitProcess
ExitThread
FindClose
FindFirstFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommModemStatus
GetCommandLineW
GetConsoleCP
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetSystemDefaultUILanguage
GetSystemInfo
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVersion
GetVersionExW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
InitializeCriticalSection
IsDebuggerPresent
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
PurgeComm
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetCommState
SetCommTimeouts
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetLastError
SetThreadLocale
SetThreadPriority
SetupComm
SizeofResource
Sleep
SuspendThread
SwitchToThread
TryEnterCriticalSection
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcmpW
lstrlenW
InterlockedCompareExchange
InterlockedExchange
HeapSize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
WaitMessage
WindowFromPoint

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

cc32220mt

@$bdele$qpv
@_CatchCleanup$qv
@_InitTermAndUnexPtrs$qv
@_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1
@__exceptionAcquired
@setExceptionFuncAddr$qpqp17_EXCEPTION_RECORDpp4tpid$pvppqqrp17_EXCEPTION_RECORD$v
@setRaiseListFuncAddr$qpvt1
__ErrorExit
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
___CRTL_VCL_FPU_Hook
___VCL_add_EH
___VCL_clear_EH
___VCL_init_except
___VCL_init_fpu
____ExceptionHandler
___getExceptionObject
__argc
__argv
__argv_default_expand
__exitargv
__handle_exitargv
__handle_setargv
__handle_wexitargv
__handle_wsetargv
__matherr
__matherrl
__setargv
__wargv
__wargv_default_expand
__wexitargv
__wfopen
__wsetargv
__wstartup
_fclose
_memcpy
_memset
_vsnwprintf

Exports

Exports

@@Application@Finalize
@@Application@Initialize
@@Comportselection@Finalize
@@Comportselection@Initialize
@@Logging@Finalize
@@Logging@Initialize
TMethodImplementationIntercept
__GetExceptDLLinfo
___CPPdebugHook
__stkchk
_applicationForm
_comPortSelectionForm
_loggingForm

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 210KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]58b00f133ec3b7efa68faf94233d594e.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CheckInstall.exe
.exe windows:5 windows x86 arch:x86

1e06b1e51c07b4f145d681ea3c56d9b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorFromFileW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TryEnterCriticalSection
SwitchToThread
SuspendThread
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
PeekNamedPipe
IsDebuggerPresent
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreatePipe
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CloseEnhMetaFile
Chord
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
OleRegEnumVerbs
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

wininet

InternetReadFile
InternetOpenW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW

shell32

ShellExecuteW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

dec6b15c0428dbfe68002d314aeabddf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
lstrcmpiA
GetModuleHandleA
GetPrivateProfileStringA
lstrcatA
WritePrivateProfileStringA
lstrcpynA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
SetWindowLongA
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
wsprintfA
CharNextA
MessageBoxA
GetWindowTextA
SetWindowTextA
SendMessageA
DestroyIcon

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
AutoShutdown.exe
.exe windows:5 windows x86 arch:x86

8f6ab9ff71d108d0e3816839ecec811b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
InitiateSystemShutdownW
AdjustTokenPrivileges
AbortSystemShutdownW

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorFromFileW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TryEnterCriticalSection
SwitchToThread
SuspendThread
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
OleRegEnumVerbs
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

Shell_NotifyIconW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ClonedFileCleaner.exe
.exe windows:5 windows x86 arch:x86

68e7fb65f33a2170ff7a847adb260cef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TabbedTextOutW
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorFromFileW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
lstrcmpW
WritePrivateProfileStringW
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
RaiseException
IsDebuggerPresent
OpenMutexW
OpenFileMappingW
OpenEventW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep
GetLongPathNameW

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetGetConnectionW

ole32

CreateStreamOnHGlobal
OleRegEnumVerbs
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteW
Shell_NotifyIconW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FilePulverizer.exe
.exe windows:5 windows x86 arch:x86

534a01922bcaf1cfc0ccede17be13f25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorFromFileW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TryEnterCriticalSection
SwitchToThread
SuspendThread
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetShortPathNameW
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
OleRegEnumVerbs
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID
CLSIDFromString

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

Shell_NotifyIconW

comdlg32

GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StartupManager.exe
.exe windows:5 windows x86 arch:x86

43571c92784d74a1beab6ff2eeb57dbc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorFromFileW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
lstrcmpW
WritePrivateProfileStringW
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
RaiseException
IsDebuggerPresent
OpenMutexW
OpenFileMappingW
OpenEventW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateProcessW
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
OleRegEnumVerbs
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID
CLSIDFromString

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteW
Shell_NotifyIconW

comdlg32

GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SweepHelper.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SystemInformation.exe
.exe windows:5 windows x86 arch:x86

3e1894e298aa282e9eb9e8668bc36691

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
GetUserNameW

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorFromFileW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TryEnterCriticalSection
SwitchToThread
SuspendThread
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

Shell_NotifyIconW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

wsock32

WSACleanup
WSAStartup
gethostname
gethostbyname
inet_ntoa

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SystemSpeedBooster.exe
.exe windows:5 windows x86 arch:x86

4d3e6dc8104daa9dcdba98c9782a5279

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:0a:5e:2c:7c:78:9b:da:17:5f:57:7f:fd:55:49:61
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19-03-2012 00:00

Not After

29-05-2015 23:59

Subject

CN=Tenki Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tenki Technology Co.\, Ltd.,L=Langfang,ST=Hebei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:ba:40:ad:06:6f:34:3d:60:b9:26:a3:b4:e2:b8:c2:9d:c0:68:d0
Signer

Actual PE Digest

c7:ba:40:ad:06:6f:34:3d:60:b9:26:a3:b4:e2:b8:c2:9d:c0:68:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayCreate
SysFreeString
SysAllocString
SafeArrayPtrOfIndex
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RevertToSelf
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenThreadToken
MapGenericMask
ImpersonateSelf
GetFileSecurityW
AccessCheck

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenuEx
TrackPopupMenu
TabbedTextOutW
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetDlgItemTextW
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendDlgItemMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadMenuW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorFromFileW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DrawAnimatedRects
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenA
lstrlenW
lstrcpyW
lstrcmpW
WritePrivateProfileStringW
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
SystemTimeToFileTime
SwitchToThread
SuspendThread
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
RaiseException
IsDebuggerPresent
OpenMutexW
OpenFileMappingW
OpenEventW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetProfileIntW
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreatePipe
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Sleep
GetLongPathNameW

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
OleRegEnumVerbs
IsAccelerator
OleDraw
OleSetMenuDescriptor
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID
CLSIDFromString

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

urlmon

CoInternetCreateZoneManager
CoInternetCreateSecurityManager
URLDownloadToFileW

wininet

SetUrlCacheEntryGroupW
InternetGetConnectedState
GetUrlCacheEntryInfoExW
FindNextUrlCacheEntryExW
FindFirstUrlCacheEntryExW
DeleteUrlCacheGroup
CreateUrlCacheGroup
UnlockUrlCacheEntryStream
SetUrlCacheEntryInfoW
RetrieveUrlCacheEntryStreamW
ReadUrlCacheEntryStream
InternetSetOptionW
InternetReadFile
InternetQueryOptionW
InternetOpenW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
CreateUrlCacheEntryW
CommitUrlCacheEntryW

shell32

SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostname
gethostbyname
inet_ntoa

crypt32

CertOpenSystemStoreW
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCreateCertificateContext
CertCloseStore

shdocvw

DoOrganizeFavDlg

oleacc

LresultFromObject

winmm

sndPlaySoundW

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 773KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
const.dat
data/topic.db
data/utilities.db
lang/English.lan
res/16.png
.png
res/32.png
.png
res/btnpanel.dat
res/icon.ico
res/images/about.png
.png
res/images/background.png
.png
res/info.html
.html
res/trialnotify.mht
.eml
attachment-2
.gif
email-html-1.txt
skins/default.skn
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
[DemonArchives]627ba000cff6d43aa031da4020d15186.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]68d0fb679004d3c27c9efa840010881e.exe
.exe windows:1 windows x86 arch:x86

0b36fc85e0cb5e337c80982db5210969

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

ntdll

LdrUnloadDll

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fldo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]6a1fe8f4fbbc726b6ee093b2688a33a6.exe
.exe windows:4 windows x86 arch:x86

1a611a7df1f3828b0157c4725145a721

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
RaiseException
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
GetCurrentThread
OpenThread
IsDebuggerPresent
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlUnwind
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GetDiskFreeSpaceA
DeleteFileA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
SetFileAttributesW
FindNextFileW
CompareStringW
GetLocaleInfoW
GetDateFormatW
FindFirstFileExW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GlobalDeleteAtom
GetLogicalDrives
DeviceIoControl
FindClose
WinExec
MulDiv
GetLocalTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
PeekNamedPipe
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
CreateToolhelp32Snapshot
Process32First
Process32Next

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
GetClassLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
DefFrameProcW
DefMDIChildProcW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
GetMenuItemRect
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
TranslateMDISysAccel
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
DrawIconEx
FlashWindowEx

advapi32

GetUserNameA
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles

ole32

OleInitialize
OleUninitialize

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
ioctlsocket
getsockopt
recv
select
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 816KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]6bc2fcef470b064c9bd339c7e2553ea8.exe
.exe windows:5 windows x86 arch:x86

34f0650968d4cf389ecba63cd4240d8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
SetFileSecurityW
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
InitializeSecurityDescriptor
InitializeAcl
GetUserNameW
GetLengthSid
GetFileSecurityW
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
lstrcmpW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemDirectoryW
GetStdHandle
GetLongPathNameW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
IsEqualGUID
CoTaskMemFree
StringFromCLSID
CoCreateGuid

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]6bf80d8b5b235df5efb621da1dd61b4b.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 328KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 168KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 40KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 956KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
[DemonArchives]6e102d15d6af7c43d43141e9d2a1206b.exe
.dll windows:5 windows x86 arch:x86

ed1351e76ec05c9dcdf307ed99cbd875

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

hin9h_KT!muR#AYA!El0orpN+3hFZm

Imports

msvcrt

fgets
_time64
memset

ole32

HGLOBAL_UserFree
CoCancelCall

mscms

GetColorProfileElement

shell32

SHAddToRecentDocs
ShellExecuteW

avifil32

AVIFileInit

advapi32

AbortSystemShutdownW
RegCloseKey
FreeEncryptionCertificateHashList
InitializeAcl
ChangeServiceConfigW

user32

DestroyCursor
DrawIconEx
WaitMessage
TileWindows
ChildWindowFromPoint
EnumClipboardFormats
SetWindowRgn
GetClientRect
ShowWindow
DlgDirSelectExA
UpdateWindow
DefWindowProcA
PostQuitMessage
CreateWindowExA
UnpackDDElParam
GetCursorInfo

ws2_32

WSAGetLastError

gdi32

SetICMMode
Pie
OffsetWindowOrgEx
GetCharacterPlacementW
SwapBuffers
GetFontLanguageInfo
PolylineTo

wininet

InternetAutodial

setupapi

SetupDiEnumDeviceInfo

msacm32

acmDriverDetailsW

kernel32

GetVersionExA
GetExitCodeProcess
GetEnvironmentStringsW
SetStdHandle
LeaveCriticalSection
GetSystemTimeAsFileTime
Process32FirstW
WaitForSingleObject
InterlockedPushEntrySList
GetProcessHeap
EnterCriticalSection
GetModuleFileNameW
GetModuleHandleA
OutputDebugStringA
IsProcessorFeaturePresent
DeleteCriticalSection
ResumeThread
GetTickCount
SetLastError

oleaut32

LoadTypeLibEx
GetErrorInfo

winscard

SCardCancel

winmm

mixerGetLineControlsW
timeGetTime
waveInGetDevCapsA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]6e4f9763c17ea31c3d1406eabd7db423.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]720d7d1deff763aee99bcc266f96b238.exe
.exe windows:1 windows x86 arch:x86

0b36fc85e0cb5e337c80982db5210969

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

ntdll

LdrUnloadDll

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fldo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]7a8bde6d1942443bdbf09e610eb1b794.exe
.exe windows:4 windows x86 arch:x86

98f67c550a7da65513e63ffd998f6b2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaStrI2
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
ord661
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
ord669
ord593
__vbaBoolStr
__vbaExitProc
__vbaI4Abs
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord705
__vbaStrFixstr
_CIsin
__vbaErase
ord631
ord709
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaGet4
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord714
ord716
ord609
__vbaFPException
ord717
ord319
__vbaGetOwner3
__vbaUbound
ord535
__vbaFileSeek
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
ord648
ord570
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaVarSetVar
__vbaI4Var
ord689
__vbaLateMemCall
__vbaVarAdd
ord611
__vbaAryLock
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaFpI4
__vbaVarLateMemCallLd
ord616
__vbaVarSetObjAddref
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
ord618
__vbaCastObj
__vbaR8IntI4
ord650
_allmul
__vbaVarLateMemCallSt
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]7da028810a703bb926d39a9b4ba50703.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.;}V7#1h
Size: - Virtual size: 867KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

27gNBG~H
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

~{=-V>(&
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

m57;xyh=
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

yjhjxzk1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

h1aQF$QI
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]7e020e96f43c40b26aa7f880ad0f8a96.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]81759dd56bd4387d02cb20d44422c8f0.exe
.dll windows:6 windows x86 arch:x86

8e64c0c5fe194df2e468a04e1c25abec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
SleepConditionVariableSRW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreA
SignalObjectAndWait
CreateEventA
ReleaseSemaphore
InitializeCriticalSection
CreateThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
SetThreadPriority
WaitForSingleObjectEx
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?setf@ios_base@std@@QAEHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPBDH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Xbad_function_call@std@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
??0task_continuation_context@Concurrency@@AAE@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?setf@ios_base@std@@QAEHHH@Z
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

vcruntime140

__current_exception_context
__current_exception
__std_type_info_destroy_list
_setjmp3
longjmp
_except_handler4_common
_purecall
memset
memmove
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__RTDynamicCast
memcpy

api-ms-win-crt-runtime-l1-1-0

_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
abort
_beginthreadex
_configure_narrow_argv
terminate
_seh_filter_dll
strerror
_errno
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
calloc
_aligned_malloc
_aligned_free
free

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vfprintf
fclose
_write
__stdio_common_vfscanf
feof
fseek
fopen
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
log2
ceil
_libm_sse2_log10_precise
lroundf
_CItanh
floor
_libm_sse2_log_precise
log1p
_libm_sse2_pow_precise
_libm_sse2_exp_precise
rint
round
_libm_sse2_sqrt_precise
roundf
log1pf

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul

api-ms-win-crt-string-l1-1-0

strncpy
strncmp

api-ms-win-crt-utility-l1-1-0

rand
qsort

Exports

Exports

heif_brand_to_fourcc
heif_check_filetype
heif_check_jpeg_filetype
heif_context_add_XMP_metadata
heif_context_add_XMP_metadata2
heif_context_add_exif_metadata
heif_context_add_generic_metadata
heif_context_alloc
heif_context_assign_thumbnail
heif_context_debug_dump_boxes_to_file
heif_context_encode_image
heif_context_encode_thumbnail
heif_context_free
heif_context_get_encoder
heif_context_get_encoder_descriptors
heif_context_get_encoder_for_format
heif_context_get_image_handle
heif_context_get_list_of_top_level_image_IDs
heif_context_get_number_of_top_level_images
heif_context_get_primary_image_ID
heif_context_get_primary_image_handle
heif_context_get_region_item
heif_context_is_top_level_image_ID
heif_context_read_from_file
heif_context_read_from_memory
heif_context_read_from_memory_without_copy
heif_context_read_from_reader
heif_context_set_max_decoding_threads
heif_context_set_maximum_image_size_limit
heif_context_set_primary_image
heif_context_write
heif_context_write_to_file
heif_decode_image
heif_decoder_descriptor_get_id_name
heif_decoder_descriptor_get_name
heif_decoding_options_alloc
heif_decoding_options_free
heif_deinit
heif_depth_representation_info_free
heif_encoder_descriptor_get_compression_format
heif_encoder_descriptor_get_id_name
heif_encoder_descriptor_get_name
heif_encoder_descriptor_supportes_lossless_compression
heif_encoder_descriptor_supportes_lossy_compression
heif_encoder_descriptor_supports_lossless_compression
heif_encoder_descriptor_supports_lossy_compression
heif_encoder_get_name
heif_encoder_get_parameter
heif_encoder_get_parameter_boolean
heif_encoder_get_parameter_integer
heif_encoder_get_parameter_string
heif_encoder_has_default
heif_encoder_list_parameters
heif_encoder_parameter_get_name
heif_encoder_parameter_get_type
heif_encoder_parameter_get_valid_integer_range
heif_encoder_parameter_get_valid_integer_values
heif_encoder_parameter_get_valid_string_values
heif_encoder_parameter_integer_valid_range
heif_encoder_parameter_integer_valid_values
heif_encoder_parameter_string_valid_values
heif_encoder_release
heif_encoder_set_logging_level
heif_encoder_set_lossless
heif_encoder_set_lossy_quality
heif_encoder_set_parameter
heif_encoder_set_parameter_boolean
heif_encoder_set_parameter_integer
heif_encoder_set_parameter_string
heif_encoding_options_alloc
heif_encoding_options_free
heif_error_success
heif_fourcc_to_brand
heif_free_list_of_compatible_brands
heif_free_plugin_directories
heif_get_decoder_descriptors
heif_get_encoder_descriptors
heif_get_file_mime_type
heif_get_plugin_directories
heif_get_version
heif_get_version_number
heif_get_version_number_maintenance
heif_get_version_number_major
heif_get_version_number_minor
heif_has_compatible_brand
heif_have_decoder_for_format
heif_have_encoder_for_format
heif_image_add_decoding_warning
heif_image_add_plane
heif_image_create
heif_image_crop
heif_image_extend_padding_to_size
heif_image_get_bits_per_pixel
heif_image_get_bits_per_pixel_range
heif_image_get_chroma_format
heif_image_get_color_profile_type
heif_image_get_colorspace
heif_image_get_content_light_level
heif_image_get_decoding_warnings
heif_image_get_height
heif_image_get_mastering_display_colour_volume
heif_image_get_nclx_color_profile
heif_image_get_pixel_aspect_ratio
heif_image_get_plane
heif_image_get_plane_readonly
heif_image_get_primary_height
heif_image_get_primary_width
heif_image_get_raw_color_profile
heif_image_get_raw_color_profile_size
heif_image_get_width
heif_image_handle_add_region_item
heif_image_handle_free_auxiliary_types
heif_image_handle_get_auxiliary_image_handle
heif_image_handle_get_auxiliary_type
heif_image_handle_get_chroma_bits_per_pixel
heif_image_handle_get_color_profile_type
heif_image_handle_get_context
heif_image_handle_get_depth_image_handle
heif_image_handle_get_depth_image_representation_info
heif_image_handle_get_height
heif_image_handle_get_ispe_height
heif_image_handle_get_ispe_width
heif_image_handle_get_item_id
heif_image_handle_get_list_of_auxiliary_image_IDs
heif_image_handle_get_list_of_depth_image_IDs
heif_image_handle_get_list_of_metadata_block_IDs
heif_image_handle_get_list_of_region_item_ids
heif_image_handle_get_list_of_thumbnail_IDs
heif_image_handle_get_luma_bits_per_pixel
heif_image_handle_get_metadata
heif_image_handle_get_metadata_content_type
heif_image_handle_get_metadata_item_uri_type
heif_image_handle_get_metadata_size
heif_image_handle_get_metadata_type
heif_image_handle_get_nclx_color_profile
heif_image_handle_get_number_of_auxiliary_images
heif_image_handle_get_number_of_depth_images
heif_image_handle_get_number_of_metadata_blocks
heif_image_handle_get_number_of_region_items
heif_image_handle_get_number_of_thumbnails
heif_image_handle_get_preferred_decoding_colorspace
heif_image_handle_get_raw_color_profile
heif_image_handle_get_raw_color_profile_size
heif_image_handle_get_thumbnail
heif_image_handle_get_width
heif_image_handle_has_alpha_channel
heif_image_handle_has_depth_image
heif_image_handle_is_premultiplied_alpha
heif_image_handle_is_primary_image
heif_image_handle_release
heif_image_handle_release_auxiliary_type
heif_image_has_channel
heif_image_has_content_light_level
heif_image_has_mastering_display_colour_volume
heif_image_is_premultiplied_alpha
heif_image_release
heif_image_scale_image
heif_image_set_content_light_level
heif_image_set_mastering_display_colour_volume
heif_image_set_nclx_color_profile
heif_image_set_pixel_aspect_ratio
heif_image_set_premultiplied_alpha
heif_image_set_raw_color_profile
heif_init
heif_item_add_property_user_description
heif_item_get_properties_of_type
heif_item_get_property_transform_crop_borders
heif_item_get_property_transform_mirror
heif_item_get_property_transform_rotation_ccw
heif_item_get_property_type
heif_item_get_property_user_description
heif_item_get_transformation_properties
heif_list_compatible_brands
heif_load_plugin
heif_load_plugins
heif_main_brand
heif_mastering_display_colour_volume_decode
heif_nclx_color_profile_alloc
heif_nclx_color_profile_free
heif_nclx_color_profile_set_color_primaries
heif_nclx_color_profile_set_matrix_coefficients
heif_nclx_color_profile_set_transfer_characteristics
heif_property_user_description_release
heif_read_main_brand
heif_region_get_ellipse
heif_region_get_ellipse_transformed
heif_region_get_inline_mask_data
heif_region_get_inline_mask_data_len
heif_region_get_mask_image
heif_region_get_point
heif_region_get_point_transformed
heif_region_get_polygon_num_points
heif_region_get_polygon_points
heif_region_get_polygon_points_transformed
heif_region_get_polyline_num_points
heif_region_get_polyline_points
heif_region_get_polyline_points_transformed
heif_region_get_rectangle
heif_region_get_rectangle_transformed
heif_region_get_referenced_mask_ID
heif_region_get_type
heif_region_item_add_region_ellipse
heif_region_item_add_region_inline_mask
heif_region_item_add_region_inline_mask_data
heif_region_item_add_region_point
heif_region_item_add_region_polygon
heif_region_item_add_region_polyline
heif_region_item_add_region_rectangle
heif_region_item_add_region_referenced_mask
heif_region_item_get_id
heif_region_item_get_list_of_regions
heif_region_item_get_number_of_regions
heif_region_item_get_reference_size
heif_region_item_release
heif_region_release
heif_region_release_many
heif_register_decoder
heif_register_decoder_plugin
heif_register_encoder_plugin
heif_unload_plugin

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]853a559e0dcb25ab9605685ec776224c.exe
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]887a4917f4af1126d489a4f4d56b2eb3.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 17KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]8edcc9bf66c21c55cf482dcac1c18c44.exe
.exe windows:86 windows x86 arch:x86

5b36115ff362711943f368adb695e60e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
ReadFile
GetFileSize
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
CloseHandle
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
GetLocalTime
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
CompareStringW
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
HeapReAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetVersion
GetSystemTime
GetTimeZoneInformation
RtlUnwind
TerminateProcess
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
SuspendThread
GetShortPathNameA

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
GetSystemMetrics
SetTimer
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
DestroyWindow
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
PeekMessageA

gdi32

DeleteDC
RealizePalette
SelectPalette
CreateDCA
CreatePalette
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBitmap

Sections

CODE
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 264KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 16KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 1.8MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Earqtput
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.damita
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.deidre
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wong
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.amalee
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.didar
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aurea
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.alvira
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.alf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cesar
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.arn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.guineve
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.gale
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edmund
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.beth
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.gil
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.alethea
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.chokuen
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.chestee
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.darelle
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ediva
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.hedda
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.s
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.darrell
Size: 8KB - Virtual size: 634.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]973465ab358797d8d056e4f04bda2513.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]9a6f31f789128531e4c714e44915f822.exe
.exe windows:5 windows x86 arch:x86

74cc9952e23a9741f32b30126b550126

Code Sign

27:9d:df:11:e4:e4:b6:a9:97:01:af:0b:89:f2:b0:a4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07-03-2013 00:00

Not After

07-03-2015 23:59

Subject

CN=Waves Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Waves Inc,L=Knoxville,ST=Tennessee,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:6d:67:0f:d2:0d:0d:6b:8c:50:e2:4a:53:64:ba:de:7f:81:90:40
Signer

Actual PE Digest

29:6d:67:0f:d2:0d:0d:6b:8c:50:e2:4a:53:64:ba:de:7f:81:90:40

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\p4client\Consumer\MainDev\Products\Release\Win32\MaxxAudioControl.pdb

Imports

shlwapi

PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
SHDeleteKeyA
PathFindFileNameW
PathFindExtensionW
SHDeleteKeyW
PathFileExistsW

kernel32

EnumResourceNamesA
BeginUpdateResourceA
EnumResourceTypesA
UpdateResourceA
FindResourceA
GetThreadUILanguage
DeleteFileA
FindNextFileA
MoveFileA
RemoveDirectoryA
FindFirstFileA
CreateDirectoryA
GetFileAttributesExA
GetFullPathNameA
GetTempPathA
GetTempFileNameA
CopyFileA
GetLongPathNameA
GetFileAttributesA
SetFilePointerEx
FormatMessageA
GetModuleFileNameA
ResetEvent
LoadLibraryA
LoadLibraryExA
CreateEventA
GetModuleHandleA
OutputDebugStringA
SetEnvironmentVariableA
PeekNamedPipe
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
EndUpdateResourceA
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapDestroy
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
HeapReAlloc
CreateThread
ExitThread
RaiseException
RtlUnwind
ExitProcess
DecodePointer
EncodePointer
HeapFree
GetStartupInfoW
HeapSetInformation
GetCommandLineW
QueryPerformanceFrequency
TryEnterCriticalSection
CreateFileA
CreateMutexA
OpenEventA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
FindFirstFileExA
GetDriveTypeA
GetACP
GetDriveTypeW
GetUserDefaultLCID
VirtualProtect
SearchPathW
Sleep
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
GetTempPathW
GetTempFileNameW
SetErrorMode
FileTimeToSystemTime
GlobalGetAtomNameW
lstrlenA
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
lstrcpyW
GetSystemDirectoryW
GetCurrentDirectoryW
GlobalFlags
InitializeCriticalSection
GlobalFindAtomW
GetVersionExW
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetTickCount
CopyFileW
GlobalSize
FormatMessageW
MulDiv
GlobalUnlock
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
FreeResource
GlobalFree
GlobalAddAtomW
GetCurrentProcessId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
LoadLibraryW
DeactivateActCtx
SetLastError
MultiByteToWideChar
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
ReleaseMutex
WideCharToMultiByte
CreateMutexW
GetSystemInfo
LocalFree
LocalAlloc
GetProcAddress
GetLastError
lstrlenW
GetProcessHeap
GetModuleHandleW
GetCurrentProcess
HeapAlloc
DeleteFileW
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
GetFileInformationByHandle

user32

ShowWindow
GetWindowPlacement
FindWindowW
SetForegroundWindow
EnableWindow
SendMessageW
GetSystemMetrics
SetWindowLongW
ReleaseDC
GetWindowLongW
LoadIconW
GetDC
GetClientRect
DrawIcon
IsIconic
GetWindowRect
MapVirtualKeyA
SystemParametersInfoA
CallWindowProcA
GetMessageA
RegisterClassExA
GetPropA
RemovePropA
SetPropA
GetMenuItemInfoA
GetMenuStringA
SetMenuInfo
DispatchMessageA
GetMenuInfo
AdjustWindowRect
SetMenuItemInfoA
DrawTextA
SetWindowPos
SetWindowPlacement
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
SetCursor
ShowOwnedPopups
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
MapDialogRect
SetWindowContextHelpId
GetWindow
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetDesktopWindow
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
GetMonitorInfoA
SendMessageA
PostMessageA
SetWindowLongA
GetWindowLongA
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW
GetDoubleClickTime
CharUpperBuffW
CopyIcon
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
CreateMenu
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadImageW
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
GetSystemMenu
LoadMenuW
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
CopyImage
DestroyMenu
GetMenuItemInfoW
UnregisterClassW
InflateRect
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
CharUpperW
DestroyIcon
KillTimer
SetTimer
InvalidateRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
DeleteMenu
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
MoveWindow
SetWindowTextW
AppendMenuW
GetMenuStringW
RegisterClipboardFormatW
FillRect
TabbedTextOutW
IsDialogMessageW
DrawTextW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
PostMessageW
IsChild
GetCapture
GetClassLongW
GetClassNameW
DrawTextExW
GrayStringW
ScreenToClient
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
GetSysColor
UnhookWindowsHookEx
PtInRect
CopyRect
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
UpdateWindow
RedrawWindow
SetPropW
GetPropW
RemovePropW
SetFocus
ShowScrollBar
GetScrollPos
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
RegisterClassA
SetWindowTextA
GetClassInfoA
DefWindowProcA
CreateWindowExA
UnregisterClassA
MessageBoxA
GetWindowTextA
GetWindowTextLengthA
RegisterClipboardFormatA
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
RegisterWindowMessageW

advapi32

RegQueryValueExW
RegEnumValueA
RegDeleteValueA
RegOpenKeyA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
RegOpenKeyW

ole32

CoCreateInstance
CoTaskMemFree
CoCreateGuid
CLSIDFromProgID
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoInitialize
CoUninitialize
CoGetClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoInitializeEx
CreateStreamOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
DoDragDrop
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
PropVariantClear
StgOpenStorageOnILockBytes
CLSIDFromString

shell32

SHGetPathFromIDListW
SHGetFolderPathA
ShellExecuteA
SHBrowseForFolderW
SHAppBarMessage
SHGetSpecialFolderPathW
SHGetKnownFolderPath
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
DragQueryFileW
SHGetSpecialFolderLocation
DragFinish

oleaut32

VarBstrFromDate
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen

gdi32

GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
GetTextExtentPoint32W
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
GetDIBits
StretchBlt
CreateRectRgnIndirect
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetStockObject
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
CreateCompatibleDC
CreatePatternBrush
CreateFontIndirectW
CreateCompatibleBitmap
CreateDIBitmap
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SetPixel
SelectPalette
DeleteDC
ExtSelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
CreateBitmap
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
SelectClipRgn
DeleteObject
SetLayout
GetLayout
FillRgn
GetViewportExtEx
GetObjectW
CreateRectRgn
SwapBuffers
SetPixelFormat
GetRegionData
RectInRegion
ExtCreateRegion
EqualRgn
GetTextMetricsA
GetRandomRgn
GetTextExtentPoint32A
DescribePixelFormat
GetOutlineTextMetricsA
CreateFontIndirectA
ChoosePixelFormat

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comctl32

ImageList_GetIconSize
InitCommonControlsEx

oledlg

OleUIBusyW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipGetImageGraphicsContext
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

opengl32

glPushMatrix
wglCreateContext
glEnableClientState
wglGetCurrentContext
glGetString
wglMakeCurrent
glBlendFunc
glMatrixMode
glViewport
glEnable
wglGetProcAddress
glFlush
wglDeleteContext
glLoadIdentity
glDrawArrays
glVertexPointer
glDeleteTextures
glVertex2f
glClear
glClearColor
glScaled
glTexCoord2f
glScissor
glColor3ub
glPointSize
glTexEnvf
glTexCoord2d
glEnd
glBindTexture
glVertex3d
glLogicOp
glVertex2d
glLineStipple
glPopAttrib
glDisable
glBegin
glTranslated
glColor4f
glCopyTexSubImage2D
glTexParameteri
glCopyTexImage2D
glPopMatrix
glClearStencil
glGetFloatv
glOrtho
glStencilFunc
glPolygonMode
glPushAttrib
glIsTexture
glLineWidth
glVertex2s
glTranslatef
glStencilOp
glColor4ub
glGenTextures
glColor3f
glTexImage2D

Exports

Exports

??$ReadFromXML_Float@M@wvXML@@YAXQBVCXMLElement@0@AAM@Z
??$ReadFromXML_Float@N@wvXML@@YAXQBVCXMLElement@0@AAN@Z
??$ReadFromXML_Float_Vector@M@wvXML@@YAXQBVCXMLElement@0@AAV?$vector@MV?$allocator@M@std@@@std@@@Z
??$ReadFromXML_Float_Vector@N@wvXML@@YAXQBVCXMLElement@0@AAV?$vector@NV?$allocator@N@std@@@std@@@Z
??$ReadFromXML_Int@F@wvXML@@YAXQBVCXMLElement@0@AAF@Z
??$ReadFromXML_Int@G@wvXML@@YAXQBVCXMLElement@0@AAG@Z
??$ReadFromXML_Int@H@wvXML@@YAXQBVCXMLElement@0@AAH@Z
??$ReadFromXML_Int@I@wvXML@@YAXQBVCXMLElement@0@AAI@Z
??$ReadFromXML_Int@J@wvXML@@YAXQBVCXMLElement@0@AAJ@Z
??$ReadFromXML_Int@K@wvXML@@YAXQBVCXMLElement@0@AAK@Z
??$ReadFromXML_Int_Vector@F@wvXML@@YAXQBVCXMLElement@0@AAV?$vector@FV?$allocator@F@std@@@std@@@Z
??$ReadFromXML_Int_Vector@J@wvXML@@YAXQBVCXMLElement@0@AAV?$vector@JV?$allocator@J@std@@@std@@@Z
??$ReadFromXML_Int_Vector@K@wvXML@@YAXQBVCXMLElement@0@AAV?$vector@KV?$allocator@K@std@@@std@@@Z
??$ReadFromXML_WCPoint@F@wvXML@@YAXQBVCXMLElement@0@AAV?$WCPoint@F@@@Z
??$ReadFromXML_WCPoint@G@wvXML@@YAXQBVCXMLElement@0@AAV?$WCPoint@G@@@Z
??$ReadFromXML_WCPoint@J@wvXML@@YAXQBVCXMLElement@0@AAV?$WCPoint@J@@@Z
??$ReadFromXML_WCPoint@M@wvXML@@YAXQBVCXMLElement@0@AAV?$WCPoint@M@@@Z
??$ReadFromXML_WCPoint@N@wvXML@@YAXQBVCXMLElement@0@AAV?$WCPoint@N@@@Z
??$ReadFromXML_WURect@F@wvXML@@YAXQBVCXMLElement@0@AAV?$WURect@F@@@Z
??$ReadFromXML_WURect@J@wvXML@@YAXQBVCXMLElement@0@AAV?$WURect@J@@@Z
??$ReadFromXML_WURect@N@wvXML@@YAXQBVCXMLElement@0@AAV?$WURect@N@@@Z
??$WriteToXML_Float_Vector@M@wvXML@@YAPAVCXMLElement@0@AAV?$vector@MV?$allocator@M@std@@@std@@PAV10@@Z
??$WriteToXML_Float_Vector@N@wvXML@@YAPAVCXMLElement@0@AAV?$vector@NV?$allocator@N@std@@@std@@PAV10@@Z
??$WriteToXML_Int_Vector@F@wvXML@@YAPAVCXMLElement@0@ABV?$vector@FV?$allocator@F@std@@@std@@PAV10@@Z
??$WriteToXML_Int_Vector@J@wvXML@@YAPAVCXMLElement@0@ABV?$vector@JV?$allocator@J@std@@@std@@PAV10@@Z
??$WriteToXML_Int_Vector@K@wvXML@@YAPAVCXMLElement@0@ABV?$vector@KV?$allocator@K@std@@@std@@PAV10@@Z
??$WriteToXML_WCPoint@F@wvXML@@YAPAVCXMLElement@0@ABV?$WCPoint@F@@PAV10@@Z
??$WriteToXML_WCPoint@G@wvXML@@YAPAVCXMLElement@0@ABV?$WCPoint@G@@PAV10@@Z
??$WriteToXML_WCPoint@J@wvXML@@YAPAVCXMLElement@0@ABV?$WCPoint@J@@PAV10@@Z
??$WriteToXML_WCPoint@M@wvXML@@YAPAVCXMLElement@0@ABV?$WCPoint@M@@PAV10@@Z
??$WriteToXML_WCPoint@N@wvXML@@YAPAVCXMLElement@0@ABV?$WCPoint@N@@PAV10@@Z
??$WriteToXML_WURect@F@wvXML@@YAPAVCXMLElement@0@ABV?$WURect@F@@PAV10@@Z
??$WriteToXML_WURect@J@wvXML@@YAPAVCXMLElement@0@ABV?$WURect@J@@PAV10@@Z
??$WriteToXML_WURect@N@wvXML@@YAPAVCXMLElement@0@ABV?$WURect@N@@PAV10@@Z
??0?$WCFixedString@$0DP@@@QAE@ABV0@@Z
??0?$WCFixedString@$0DP@@@QAE@QBD@Z
??0?$WCFixedString@$0DP@@@QAE@XZ
??0?$WCFixedString@$0HP@@@QAE@ABV0@@Z
??0?$WCFixedString@$0HP@@@QAE@QBD@Z
??0?$WCPoint@F@@QAE@FF@Z
??0?$WCPoint@F@@QAE@XZ
??0?$WCPoint@M@@QAE@MM@Z
??0?$WURect@F@@QAE@ABV0@@Z
??0?$WURect@F@@QAE@FFFF@Z
??0?$WURect@F@@QAE@XZ
??0?$WURect@M@@QAE@XZ
??0?$WURect@N@@QAE@NNNN@Z
??0?$WURect@N@@QAE@XZ
??0CGraphicManagerAbs@@QAE@ABV0@@Z
??0CGraphicManagerAbs@@QAE@QAVWTResContainerType@@@Z
??0CMapNames@wvXML@@QAE@ABV01@@Z
??0CMapNames@wvXML@@QAE@QBVCXMLElement@1@I@Z
??0CNSParamDesc@CProcCodeDesc@@QAE@ABV01@@Z
??0CNSParamDesc@CProcCodeDesc@@QAE@XZ
??0CProcCodeDesc@@QAE@ABV0@@Z
??0CProcCodeDesc@@QAE@XZ
??0CProcessCodeManager@@QAE@ABV0@@Z
??0CProcessCodeManager@@QAE@XZ
??0CWavesInfo@@QAE@ABV0@@Z
??0CWavesInfo@@QAE@XZ
??0CXMLElement@wvXML@@QAE@ABV01@@Z
??0CXMLElement@wvXML@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??0CXMLElement@wvXML@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FP6AAAVios_base@3@AAV43@@Z@Z
??0CXMLElement@wvXML@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GP6AAAVios_base@3@AAV43@@Z@Z
??0CXMLElement@wvXML@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@JP6AAAVios_base@3@AAV43@@Z@Z
??0CXMLElement@wvXML@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@KP6AAAVios_base@3@AAV43@@Z@Z
??0CXMLElement@wvXML@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NP6AAAVios_base@3@AAV43@@Z@Z
??0CXMLElement@wvXML@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
??0CXMLElement@wvXML@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBE@Z
??0CXMLElement@wvXML@@QAE@PBD0@Z
??0CXMLElement@wvXML@@QAE@PBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0CXMLElement@wvXML@@QAE@PBDFP6AAAVios_base@std@@AAV23@@Z@Z
??0CXMLElement@wvXML@@QAE@PBDGP6AAAVios_base@std@@AAV23@@Z@Z
??0CXMLElement@wvXML@@QAE@PBDJP6AAAVios_base@std@@AAV23@@Z@Z
??0CXMLElement@wvXML@@QAE@PBDKP6AAAVios_base@std@@AAV23@@Z@Z
??0CXMLElement@wvXML@@QAE@PBDNP6AAAVios_base@std@@AAV23@@Z@Z
??0CXMLElement@wvXML@@QAE@PBDPBE@Z
??0CXMLElement@wvXML@@QAE@PBD_N@Z
??0CXMLElement@wvXML@@QAE@XZ
??0CXMLTreeBuilder@wvXML@@QAE@AAVCXMLElement@1@@Z
??0CXMLable@@QAE@ABV0@@Z
??0CXMLable@@QAE@XZ
??0EveryThing@wvFM@@QAE@ABV01@@Z
??0EveryThing@wvFM@@QAE@XZ
??0FileFilterFunctor@wvFM@@QAE@ABV01@@Z
??0FileFilterFunctor@wvFM@@QAE@XZ
??0ImageData@@QAE@ABV0@@Z
??0ImageData@@QAE@HHJJ@Z
??0ImageData@@QAE@HHJPAPAEJ@Z
??0OGLImage@@QAE@HHJPAPAE@Z
??0OGLText@@QAE@AAVImageData@@ABV?$WCPoint@F@@@Z
??0OGL_VBO@@QAE@PBV?$WCPoint@M@@K@Z
??0OnlyFiles@wvFM@@QAE@ABV01@@Z
??0OnlyFiles@wvFM@@QAE@XZ
??0PDoubleWithPrecision@@QAE@NH@Z
??0PluginInstance@@QAE@XZ
??0SExternBuffDesc@CProcCodeDesc@@QAE@ABV01@@Z
??0SExternBuffDesc@CProcCodeDesc@@QAE@XZ
??0SProcessorSpec@@QAE@W4EProcessorFamily@@@Z
??0SProcessorSpec@@QAE@W4EProcessorFamily@@W4EProcessorSpecific@@@Z
??0SProcessorSpec@@QAE@XZ
??0TexturedImage@@QAE@AAVOGLImage@@@Z
??0ThreadMutexInited@wvThread@@QAE@XZ
??0UMicroseconds@@QAE@ABV0@@Z
??0UMicroseconds@@QAE@XZ
??0UMicroseconds@@QAE@_J@Z
??0WCControl@@QAE@ABU0@@Z
??0WCControl@@QAE@XZ
??0WCControlCreationOptions@@QAE@ABV0@@Z
??0WCControlCreationOptions@@QAE@XZ
??0WCControlCreationOptionsBase@@QAE@ABV0@@Z
??0WCControlCreationOptionsBase@@QAE@XZ
??0WCDispatcherAbs@@QAE@ABV0@@Z
??0WCDispatcherAbs@@QAE@XZ
??0WCDispatcherWIN@@QAE@ABV0@@Z
??0WCDispatcherWIN@@QAE@XZ
??0WCEventData@@QAE@ABV0@@Z
??0WCEventData@@QAE@XZ
??0WCEventMessage@@QAE@ABV0@@Z
??0WCEventMessage@@QAE@XZ
??0WCFontInfo@@QAE@ABV0@@Z
??0WCFontInfo@@QAE@XZ
??0WCImage@@QAE@ABV0@@Z
??0WCImage@@QAE@HHJ@Z
??0WCLinePattern@@QAE@ABV0@@Z
??0WCLinePattern@@QAE@GH@Z
??0WCLinePattern@@QAE@XZ
??0WCListControlCreationOptions@@QAE@ABV0@@Z
??0WCListControlCreationOptions@@QAE@XZ
??0WCMemObj@@QAE@ABV0@@Z
??0WCMemObj@@QAE@K_N@Z
??0WCMemObj@@QAE@XZ
??0WCNativeProcessFunc@@QAE@ABVWCStPath@wvFM@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0WCNativeProcessFunc@@QAE@XZ
??0WCRegion@@QAE@ABV0@@Z
??0WCRegion@@QAE@ABV?$WURect@F@@@Z
??0WCRegion@@QAE@FFFF@Z
??0WCRegion@@QAE@PBV?$WCPoint@F@@J@Z
??0WCRegion@@QAE@XZ
??0WCStCachePath@wvFM@@QAE@ABV01@@Z
??0WCStCachePath@wvFM@@QAE@ABVWCStPath@1@@Z
??0WCStFile@wvFM@@IAE@ABVWCStPath@1@W4WEPermitions@@@Z
??0WCStFile@wvFM@@IAE@XZ
??0WCStFileCreate@wvFM@@QAE@ABVWCStPath@1@W4WECreateFlags@@W4WEPermitions@@@Z
??0WCStFileRead@wvFM@@QAE@ABVWCStPath@1@@Z
??0WCStFolderIterator@wvFM@@QAE@ABVWCStPath@1@@Z
??0WCStNativeRes@@QAE@PAVWTResContainerType@@VWCFourCC@@F@Z
??0WCStPath@wvFM@@QAE@ABV01@@Z
??0WCStPath@wvFM@@QAE@ABV01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0WCStPath@wvFM@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0WCStPath@wvFM@@QAE@QAVWTPathType@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0WCStPath@wvFM@@QAE@W4WEFoldersDomain@@W4WESystemFolders@@@Z
??0WCStPath@wvFM@@QAE@XZ
??0WCStRes@@QAE@PAVWTResContainerType@@VWCFourCC@@FPBUWSResConvertFuncs@@@Z
??0WCStResContainer@@QAE@ABVWCStPath@wvFM@@J@Z
??0WCStResContainer@@QAE@QAVWTNativeContainerType@@@Z
??0WCWindow@@QAE@ABV0@@Z
??0WCWindow@@QAE@XZ
??0WUValidatable@@QAE@ABV0@@Z
??0WUValidatable@@QAE@J@Z
??0WavesComponentInfo@@QAE@ABU0@@Z
??0WavesComponentInfo@@QAE@XZ
??0expatpp@@QAE@ABV0@@Z
??0expatpp@@QAE@XZ
??0noncopyableobject@wvThread@@IAE@XZ
??1CGraphicManagerAbs@@UAE@XZ
??1CMapNames@wvXML@@QAE@XZ
??1CNSParamDesc@CProcCodeDesc@@UAE@XZ
??1CProcCodeDesc@@UAE@XZ
??1CProcessCodeManager@@UAE@XZ
??1CWavesInfo@@UAE@XZ
??1CXMLElement@wvXML@@UAE@XZ
??1CXMLTreeBuilder@wvXML@@UAE@XZ
??1CXMLable@@UAE@XZ
??1EveryThing@wvFM@@UAE@XZ
??1FileFilterFunctor@wvFM@@UAE@XZ
??1ImageData@@UAE@XZ
??1OGLImage@@UAE@XZ
??1OGLText@@UAE@XZ
??1OGL_VBO@@UAE@XZ
??1OnlyFiles@wvFM@@UAE@XZ
??1PluginInstance@@QAE@XZ
??1SExternBuffDesc@CProcCodeDesc@@UAE@XZ
??1TexturedImage@@UAE@XZ
??1ThreadMutexInited@wvThread@@QAE@XZ
??1WCControl@@QAE@XZ
??1WCControlCreationOptions@@UAE@XZ
??1WCControlCreationOptionsBase@@UAE@XZ
??1WCDispatcherAbs@@UAE@XZ
??1WCDispatcherWIN@@UAE@XZ
??1WCEventData@@UAE@XZ
??1WCEventMessage@@QAE@XZ
??1WCFontInfo@@UAE@XZ
??1WCImage@@UAE@XZ
??1WCLinePattern@@UAE@XZ
??1WCListControlCreationOptions@@UAE@XZ
??1WCNativeProcessFunc@@UAE@XZ
??1WCRegion@@QAE@XZ
??1WCStCachePath@wvFM@@UAE@XZ
??1WCStFile@wvFM@@UAE@XZ
??1WCStFileCreate@wvFM@@UAE@XZ
??1WCStFileRead@wvFM@@UAE@XZ
??1WCStFolderIterator@wvFM@@UAE@XZ
??1WCStNativeRes@@UAE@XZ
??1WCStPath@wvFM@@UAE@XZ
??1WCStRes@@UAE@XZ
??1WCStResContainer@@UAE@XZ
??1WCWindow@@QAE@XZ
??1WUValidatable@@UAE@XZ
??1WavesComponentInfo@@QAE@XZ
??1expatpp@@UAE@XZ
??4?$WCFixedString@$0DP@@@QAEAAV0@ABV0@@Z
??4?$WCFixedString@$0DP@@@QAEAAV0@PBD@Z
??4?$WCFixedString@$0HP@@@QAEAAV0@ABV0@@Z
??4?$WCFixedString@$0HP@@@QAEAAV0@PBD@Z
??4?$WCPoint@F@@QAEAAV0@ABV0@@Z
??4?$WCPoint@G@@QAEAAV0@ABV0@@Z
??4?$WCPoint@J@@QAEAAV0@ABV0@@Z
??4?$WCPoint@M@@QAEAAV0@ABV0@@Z
??4?$WCPoint@N@@QAEAAV0@ABV0@@Z
??4?$WURect@F@@QAEAAV0@ABV0@@Z
??4?$unary_function@ABVWCStPath@wvFM@@_N@std@@QAEAAU01@ABU01@@Z
??4CGeneralSysUtils@@QAEAAV0@ABV0@@Z
??4CGraphicManagerAbs@@QAEAAV0@ABV0@@Z
??4CMapNames@wvXML@@QAEAAV01@ABV01@@Z
??4CNSParamDesc@CProcCodeDesc@@QAEAAV01@ABV01@@Z
??4CProcCodeDesc@@QAEAAV0@ABV0@@Z
??4CProcessCodeManager@@QAEAAV0@ABV0@@Z
??4CWavesInfo@@QAEAAV0@ABV0@@Z
??4CXMLElement@wvXML@@QAEAAV01@ABV01@@Z
??4CXMLable@@QAEAAV0@ABV0@@Z
??4EveryThing@wvFM@@QAEAAV01@ABV01@@Z
??4FileFilterFunctor@wvFM@@QAEAAV01@ABV01@@Z
??4ImageData@@QAEAAV0@ABV0@@Z
??4OnlyFiles@wvFM@@QAEAAV01@ABV01@@Z
??4PCurrentDateAndTime@@QAEAAV0@ABV0@@Z
??4PNGResToOGLImageConvertor@@QAEAAV0@ABV0@@Z
??4SExternBuffDesc@CProcCodeDesc@@QAEAAV01@ABV01@@Z
??4SProcessorSpec@@QAEAAU0@ABU0@@Z
??4UMicroseconds@@QAEAAV0@ABV0@@Z
??4WCControl@@QAEAAU0@ABU0@@Z
??4WCControlCreationOptions@@QAEAAV0@ABV0@@Z
??4WCControlCreationOptionsBase@@QAEAAV0@ABV0@@Z
??4WCDispatcherAbs@@QAEAAV0@ABV0@@Z
??4WCDispatcherWIN@@QAEAAV0@ABV0@@Z
??4WCEventData@@QAEAAV0@ABV0@@Z
??4WCEventMessage@@QAEAAV0@ABV0@@Z
??4WCFontInfo@@QAEAAV0@ABV0@@Z
??4WCImage@@QAEAAV0@ABV0@@Z
??4WCImageDataResUtils@@QAEAAV0@ABV0@@Z
??4WCLinePattern@@QAEAAV0@ABV0@@Z
??4WCListControlCreationOptions@@QAEAAV0@ABV0@@Z
??4WCMemObj@@QAEAAV0@ABV0@@Z
??4WCMemUtils@@QAEAAV0@ABV0@@Z
??4WCRMUtils@@QAEAAV0@ABV0@@Z
??4WCRegion@@QAEAAV0@ABV0@@Z
??4WCRegion@@QAEAAV0@ABV?$WURect@F@@@Z
??4WCStCachePath@wvFM@@QAEAAV01@ABV01@@Z
??4WCStPath@wvFM@@QAEAAV01@ABV01@@Z
??4WCStPath@wvFM@@QAEAAV01@QAVWTPathType@@@Z
??4WUValidatable@@QAEAAV0@ABV0@@Z
??4WavesComponentInfo@@QAEAAU0@ABU0@@Z
??4WavesMidiEvent@wvMIDI@@QAEAAV01@ABV01@@Z
??4expatpp@@QAEAAV0@ABV0@@Z
??6?$WCFixedString@$0DP@@@QAEAAV0@QBD@Z
??6?$WCFixedString@$0HP@@@QAEAAV0@QBD@Z
??8?$WCPoint@F@@QBE_NABV0@@Z
??8@YA_NABVCProcCodeDesc@@0@Z
??8CNSParamDesc@CProcCodeDesc@@QBE_NABV01@@Z
??8SExternBuffDesc@CProcCodeDesc@@QBE_NABV01@@Z
??8WCFontInfo@@QBE_NABV0@@Z
??8WCRegion@@QBE_NABV0@@Z
??8WCRegion@@QBE_NABV?$WURect@F@@@Z
??8WCStPath@wvFM@@QBE_NABV01@@Z
??8WCStPath@wvFM@@QBE_NQAVWTPathType@@@Z
??8WavesComponentInfo@@QBE_NABU0@@Z
??8wvFM@@YA_NQAVWTPathType@@ABVWCStPath@0@@Z
??9?$WCPoint@F@@QBE_NABV0@@Z
??9WCFontInfo@@QBE_NABV0@@Z
??9WCRegion@@QBE_NABV0@@Z
??9WCRegion@@QBE_NABV?$WURect@F@@@Z
??9WCStPath@wvFM@@QBE_NABV01@@Z
??9WCStPath@wvFM@@QBE_NQAVWTPathType@@@Z
??BUMicroseconds@@QAE_KXZ
??BUMicroseconds@@QBENXZ
??Bexpatpp@@QBEPAXXZ
??G?$WCPoint@F@@QBE?AV0@ABV0@@Z
??MWCFontInfo@@QBE_NABV0@@Z
??RFileFilterFunctor@wvFM@@UAE_NABVWCStPath@1@@Z
??ROnlyFiles@wvFM@@UAE_NABVWCStPath@1@@Z
??Y?$WCPoint@F@@QAEAAV0@ABV0@@Z
??YWCRegion@@QAEAAV0@ABV0@@Z
??YWCRegion@@QAEAAV0@ABV?$WURect@F@@@Z
??ZWCRegion@@QAEAAV0@ABV0@@Z
??ZWCRegion@@QAEAAV0@ABV?$WURect@F@@@Z
??_7CGraphicManagerAbs@@6B@
??_7CNSParamDesc@CProcCodeDesc@@6B@
??_7CProcCodeDesc@@6B@
??_7CProcessCodeManager@@6B@
??_7CWavesInfo@@6B@
??_7CXMLElement@wvXML@@6B@
??_7CXMLTreeBuilder@wvXML@@6B@
??_7CXMLable@@6B@
??_7EveryThing@wvFM@@6B@
??_7FileFilterFunctor@wvFM@@6B@
??_7ImageData@@6B@
??_7OGLImage@@6B@
??_7OGLText@@6B@
??_7OGL_VBO@@6B@
??_7OnlyFiles@wvFM@@6B@
??_7SExternBuffDesc@CProcCodeDesc@@6B@
??_7TexturedImage@@6B@
??_7WCControlCreationOptions@@6B@
??_7WCControlCreationOptionsBase@@6B@
??_7WCDispatcherAbs@@6B@
??_7WCDispatcherWIN@@6B@
??_7WCEventData@@6B@
??_7WCFontInfo@@6B@
??_7WCImage@@6B@
??_7WCLinePattern@@6B@
??_7WCListControlCreationOptions@@6B@
??_7WCNativeProcessFunc@@6B@
??_7WCStCachePath@wvFM@@6B@
??_7WCStFile@wvFM@@6B@
??_7WCStFileCreate@wvFM@@6B@
??_7WCStFileRead@wvFM@@6B@
??_7WCStFolderIterator@wvFM@@6B@
??_7WCStNativeRes@@6B@
??_7WCStPath@wvFM@@6B@
??_7WCStRes@@6B@
??_7WCStResContainer@@6B@
??_7WUValidatable@@6B@
??_7expatpp@@6B@
??_FCMapNames@wvXML@@QAEXXZ
??_FWUValidatable@@QAEXXZ
?AddAttrib@CXMLElement@wvXML@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?AddAttrib@CXMLElement@wvXML@@QAEXPBD0@Z
?AddXMLResource@@YAJQAVWTResContainerType@@VWCFourCC@@FPAVCXMLElement@wvXML@@AAPAVWTResourceType@@@Z
?Align16Bytes@@YAJPADJ@Z
?Append@WCStPath@wvFM@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AppendToOpenFile@CXMLTreeBuilder@wvXML@@QAEJQAVWTOpenFileType@@@Z
?Assign@WCMemObj@@QAEJPBD0@Z
?Assign@WCMemObj@@QAEJPBDI@Z
?BuildFromBuffer@CXMLTreeBuilder@wvXML@@QAEJPAXKAA_N@Z
?BuildFromDataFork@CXMLTreeBuilder@wvXML@@QAEJABVWCStPath@wvFM@@@Z
?BuildFromSingleBuffer@CXMLTreeBuilder@wvXML@@QAEJPAXK@Z
?BuildFromSingleBufferWithIdle@CXMLTreeBuilder@wvXML@@QAEJPAXK@Z
?BytesPerPixel@WCImage@@QBEKXZ
?CanRunOnSpecificProcessor@CProcessCodeManager@@QAE_NABUSProcessorSpec@@AAU2@@Z
?Clear@CXMLElement@wvXML@@QAEXXZ
?Clear@WCRegion@@QAEXXZ
?Clear@WCStPath@wvFM@@QAEXXZ
?ClearHatch@CGraphicManagerAbs@@QAEXXZ
?ClearSubElements@CXMLElement@wvXML@@QAEXXZ
?CloseFile@wvFM@@YAJAAPAVWTOpenFileType@@@Z
?CompareKeyModifiers@WCEventData@@QAE_NPA_N@Z
?CompareName@WavesComponentInfo@@SAHABU1@0@Z
?ConvertErrorWIN@@YAJK@Z
?CopyResourceToMemObj@WCStRes@@QAEJAAVWCMemObj@@@Z
?Count@CMapNames@wvXML@@QBEKABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?CreateAFile@wvFM@@YAJQAVWTPathType@@W4WECreateFlags@@W4WEPermitions@@AAPAVWTOpenFileType@@@Z
?CreateFileSystemLink@wvFM@@YAJQAVWTPathType@@W4WECreateFlags@@AAPAV2@@Z
?CreateFolder@wvFM@@YAJABVWCStPath@1@@Z
?CreateFolder@wvFM@@YAJQAVWTPathType@@@Z
?CreatePathRef@wvFM@@YAJQAVWTPathType@@PBDAAPAV2@@Z
?CreatePathRefCopy@WCStPath@wvFM@@QBEPAVWTPathType@@XZ
?CreatePathRefFromString@wvFM@@YAJPBDAAPAVWTPathType@@@Z
?CreatePathRefToCacheFile@wvFM@@YAJQAVWTPathType@@AAPAV2@@Z
?CreateSubImage@OGLImage@@IAEPAEPAPAEAAV?$WURect@F@@@Z
?CreateSystemFolderPathRef@wvFM@@YAJW4WEFoldersDomain@@W4WESystemFolders@@AAPAVWTPathType@@@Z
?CreateTempFile@wvFM@@YAJAAPAVWTOpenFileType@@AAPAVWTPathType@@@Z
?CreateTempFile@wvFM@@YAJQAVWTPathType@@AAPAVWTOpenFileType@@AAPAV2@@Z
?CyclesForSpecificProcessor@CProcCodeDesc@@QAE_NABUSProcessorSpec@@AAU2@AAJ@Z
?CyclesList@CProcCodeDesc@@QAEAAV?$vector@JV?$allocator@J@std@@@std@@XZ
?DSPReqResForSpecificProcessor@CProcCodeDesc@@QAEXABUSProcessorSpec@@AAUSDSPReqRes@@@Z
?DeleteFileSystemObject@wvFM@@YAJABVWCStPath@1@@Z
?DeleteFileSystemObject@wvFM@@YAJQAVWTPathType@@@Z
?DisableBlending@CGraphicManagerAbs@@QBEXXZ
?DisableLineAntialiasing@CGraphicManagerAbs@@QBEXXZ
?DisableLinePattern@CGraphicManagerAbs@@QBEXXZ
?DisablePointAntialiasing@CGraphicManagerAbs@@QBEXXZ
?DisablePolygonAntialiasing@CGraphicManagerAbs@@QBEXXZ
?DisablePolygonMode@CGraphicManagerAbs@@QBEXXZ
?DisableStencil@CGraphicManagerAbs@@QAEXXZ
?DisableXorMode@CGraphicManagerAbs@@QBEXXZ
?DisposeFolderIterator@wvFM@@YAJAAPAX@Z
?DisposePathRef@wvFM@@YAJAAPAVWTPathType@@@Z
?DisposePtr@WCMemObj@@QAEXXZ
?DisposeWTPtr@WCMemUtils@@SAXAAPAX@Z
?DoCommand@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoDeviceChange@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoDoubleClick@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoEnableState@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoKeyDown@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoKeyUp@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoMouseClickOutsideWindow@WCDispatcherWIN@@UAE_NXZ
?DoMouseDown@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoMouseMove@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoMouseUp@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoMouseWheelMoved@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoPreShowMenu@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoUpdate@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoWindowClose@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoWindowDeactivate@WCDispatcherWIN@@IAE_NAAVWCEventMessage@@@Z
?DoesFileExist@wvFM@@YA_NQAVWTPathType@@@Z
?DoesNativeResourceExist@WCStResContainer@@QBE_NVWCFourCC@@F@Z
?Draw@OGLText@@QAEXABV?$WCPoint@F@@@Z
?Draw@OGL_VBO@@QAEXKK@Z
?Draw@TexturedImage@@QAEXABV?$WCPoint@F@@ABV?$WURect@F@@@Z
?Draw@TexturedImage@@QAEXABV?$WURect@F@@0@Z
?Draw@WCDispatcherWIN@@IAE_NXZ
?DrawImage@CGraphicManagerAbs@@QAEXPAXABV?$WCPoint@F@@@Z
?DrawImage@CGraphicManagerAbs@@QAEXPAXABV?$WCPoint@F@@ABV?$WURect@F@@@Z
?DrawImageScaled@CGraphicManagerAbs@@QAEXPAXABV?$WURect@F@@1@Z
?DrawLineStrip@CGraphicManagerAbs@@QAEXPAV?$WCPoint@F@@K@Z
?DrawLineStrip@CGraphicManagerAbs@@QAEXPAV?$WCPoint@M@@K@Z
?DrawOval@CGraphicManagerAbs@@QAEXABV?$WURect@F@@@Z
?DrawOval@CGraphicManagerAbs@@QAEXABV?$WURect@F@@KNN@Z
?DrawPolygon@CGraphicManagerAbs@@QAEXPAV?$WCPoint@M@@K@Z
?DrawRect@CGraphicManagerAbs@@QBEXABV?$WURect@F@@@Z
?DrawRect@CGraphicManagerAbs@@QBEXABV?$WURect@M@@@Z
?DrawRenderedText@CGraphicManagerAbs@@QAEXPAXABV?$WCPoint@F@@@Z
?DrawSolidRect@CGraphicManagerAbs@@QBEXABV?$WURect@F@@@Z
?DrawSolidRect@CGraphicManagerAbs@@QBEXABV?$WURect@M@@@Z
?DrawStraightLine@CGraphicManagerAbs@@QAEXABV?$WCPoint@F@@0@Z
?DrawStraightLine@CGraphicManagerAbs@@QAEXABV?$WCPoint@M@@0@Z
?DrawTextUnOptimized@CGraphicManagerAbs@@QAEXABVWCFontInfo@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVWCRGBAColor@@ABV?$WCPoint@F@@@Z
?DrawTexture@OGLText@@IAEXABV?$WCPoint@F@@@Z
?DrawTexture@TexturedImage@@IAEXIKKABV?$WURect@N@@ABV?$WURect@F@@@Z
?DrawTriangleStrip@CGraphicManagerAbs@@QAEXPAV?$WCPoint@F@@KABV?$WURect@F@@W4EFillDirection@@@Z
?DrawTriangleStrip@CGraphicManagerAbs@@QAEXPAV?$WCPoint@M@@KABV?$WURect@F@@W4EFillDirection@@@Z
?DrawVBO@CGraphicManagerAbs@@QAEXPAXKK@Z
?DrawWaveForm@CGraphicManagerAbs@@QAEXPAV?$WCPoint@F@@FABVWCRGBAColor@@1@Z
?DrawWaveForm@CGraphicManagerAbs@@QAEXPAV?$WCPoint@M@@FABVWCRGBAColor@@1@Z
?DrawWaveForm_TS_Style@CGraphicManagerAbs@@QAEXPAV?$WCPoint@F@@FABVWCRGBAColor@@1@Z
?DrawWireRect@CGraphicManagerAbs@@QBEXABV?$WURect@F@@@Z
?DrawWireRect@CGraphicManagerAbs@@QBEXABV?$WURect@M@@@Z
?DrawXorWireRect@CGraphicManagerAbs@@QBEXABV?$WURect@F@@@Z
?DrawXorWireRect@CGraphicManagerAbs@@QBEXABV?$WURect@F@@ABVWCLinePattern@@@Z
?DrawXorWireRect@CGraphicManagerAbs@@QBEXABV?$WURect@M@@@Z
?DrawXorWireRect@CGraphicManagerAbs@@QBEXABV?$WURect@M@@ABVWCLinePattern@@@Z
?DuplicateFile@wvFM@@YAJABVWCStPath@1@0@Z
?DuplicateFile@wvFM@@YAJQAVWTPathType@@0@Z
?DuplicateResToRes@WCRMUtils@@SAJQAVWTResContainerType@@VWCFourCC@@F01F@Z
?DuplicateWTPtr@WCMemUtils@@SAJPAXKAAPAX@Z
?EditBoxEventHandler@WCDispatcherWIN@@SGJPAUHWND__@@IIJ@Z
?Empty@WCMemObj@@QAE_NXZ
?EnableBlending@CGraphicManagerAbs@@QBEXXZ
?EnableLineAntialiasing@CGraphicManagerAbs@@QBEXXZ
?EnablePointAntialiasing@CGraphicManagerAbs@@QBEXXZ
?EnablePolygonAntialiasing@CGraphicManagerAbs@@QBEXXZ
?EnablePolygonMode@CGraphicManagerAbs@@QBEXXZ
?EnableXorMode@CGraphicManagerAbs@@QBEXXZ
?EndDrawSection@CGraphicManagerAbs@@QBEXXZ
?ErrorName@WUValidatable@@QBEPADXZ
?ExtAccessCount@CProcCodeDesc@@QAEKXZ
?ExternBuffDescs@CProcCodeDesc@@QAEAAV?$vector@VSExternBuffDesc@CProcCodeDesc@@V?$allocator@VSExternBuffDesc@CProcCodeDesc@@@std@@@std@@XZ
?FindElement@CMapNames@wvXML@@QBEPAVCXMLElement@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FindElements@CMapNames@wvXML@@QBEKABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$vector@PAVCXMLElement@wvXML@@V?$allocator@PAVCXMLElement@wvXML@@@std@@@4@@Z
?FindFirstFolderItem@wvFM@@YAJQAVWTPathType@@AAPAXAAPAV2@@Z
?FindNextFolderItem@wvFM@@YAJAAPAXAAPAVWTPathType@@@Z
?FindWeakestProcessor@CProcCodeDesc@@QBE_NAAUSProcessorSpec@@@Z
?FindWeakestProcessor@CProcessCodeManager@@QAE_NAAUSProcessorSpec@@@Z
?FixCodeNum@CProcessCodeManager@@QAEXFJ@Z
?FixIdleCodeNum@CProcessCodeManager@@QAEXFJ@Z
?GMBind2RC@@YAXABVWCWindow@@_N@Z
?GMCreateRC@@YAJAAVWCWindow@@@Z
?GMDisposeRC@@YAXAAVWCWindow@@@Z
?GMGetCurrentRC@@YAPAXXZ
?GMGetFontAscent@@YAFAAVWCFontInfo@@@Z
?GMGetProcAddress@@YAPAXPAD@Z
?GMGetRendererInfo@@YAJAAUWCRendererInfo@@@Z
?GMGetTextWidthInPixels@@YAXABVWCFontInfo@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$WCPoint@F@@@Z
?GMGetTextWidthInPixels@@YAXABVWCFontInfo@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$WCPoint@F@@@Z
?GMRenderText@@YAXABVWCWindow@@ABVWCFontInfo@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVWCRGBAColor@@W4ETextJustification@@ABV?$WURect@F@@AAVImageData@@@Z
?GMRenderText@@YAXABVWCWindow@@ABVWCFontInfo@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABVWCRGBAColor@@W4ETextJustification@@ABV?$WURect@F@@AAVImageData@@@Z
?GMResizeRC@@YAJAAVWCWindow@@ABV?$WURect@F@@@Z
?GMSwapBuffers@@YAXABVWCWindow@@@Z
?GMUnBind2RC@@YAXABVWCWindow@@@Z
?GetAFunc@WCNativeProcessFunc@@QAEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetAllKeyModifiers@WCEventData@@QAEXQA_N@Z
?GetAlpha@TexturedImage@@QAEEABV?$WCPoint@F@@@Z
?GetAttrib@CXMLElement@wvXML@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAJ@Z
?GetAttrib@CXMLElement@wvXML@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?GetAttribVec@CXMLElement@wvXML@@QBEABV?$vector@V?$WCFixedStringPair@$0DP@$0HP@@@V?$allocator@V?$WCFixedStringPair@$0DP@$0HP@@@@std@@@std@@XZ
?GetBase@WCStPath@wvFM@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetBase@wvFM@@YAPADQAVWTPathType@@AAUWTPathString@1@@Z
?GetBitsPerPixel@WCImage@@QBEKXZ
?GetBounds@WCRegion@@QBEXAAV?$WURect@F@@@Z
?GetCommand@WCEventData@@QAEFXZ
?GetControlID@WCEventData@@QAEFXZ
?GetCursor@WCStFile@wvFM@@QBE_KXZ
?GetDSPReqResForSpecificProcessor@CProcessCodeManager@@QAE_NABUSProcessorSpec@@AAUSDSPReqRes@@@Z
?GetDifference@?$WCPoint@F@@QAE?AV1@ABV1@_N@Z
?GetDispatcherCallBack@WCDispatcherAbs@@QAEP6A_NPAXW4WEEventTypes@@PAVWCEventData@@0@ZXZ
?GetElementText@CMapNames@wvXML@@QAEJABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?GetError@WUValidatable@@QBEJXZ
?GetEventData@WavesMidiEvent@wvMIDI@@UAEPAEXZ
?GetEventDataLength@WavesMidiEvent@wvMIDI@@UAEIXZ
?GetExtension@WCStPath@wvFM@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 494KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]9afac07fd6517652d6e659963db8b87e.exe
.exe windows:4 windows x86 arch:x86

8abecba2211e61763c4c9ffcaa13369e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2770
ord356
ord2781
ord4058
ord3181
ord2764
ord1980
ord668
ord926
ord924
ord941
ord4129
ord537
ord540
ord6282
ord825
ord6283
ord5683
ord5710
ord858
ord800
ord535
ord859

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_beginthread
rand
fgetc
fputc
fwrite
rename
fopen
fseek
fread
fclose
_stat
__CxxFrameHandler
_mbscmp

kernel32

GetCurrentThread
GetCurrentProcess
SetPriorityClass
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
WaitForSingleObject
CreateProcessA
Sleep
GetLogicalDrives
GetModuleHandleA
GetStartupInfoA
SetThreadPriority

user32

LoadIconA
MessageBoxA

shell32

ShellExecuteExA
SHChangeNotify

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]a367e7069b0df249dbcd93f02f05a573.exe
.exe windows:5 windows x86 arch:x86

270ef27c034d928c4437a4fdbd9809c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
setsockopt
ntohs
recvfrom
sendto
htons
select
listen
WSAStartup
bind
closesocket
connect
socket
send
WSACleanup
ioctlsocket
accept
WSAGetLastError
inet_addr
gethostbyname
gethostname
recv

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

mpr

WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetQueryOptionW
InternetQueryDataAvailable

psapi

EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

kernel32

HeapAlloc
Sleep
GetCurrentThreadId
RaiseException
MulDiv
GetVersionExW
GetSystemInfo
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
lstrcmpiW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
OutputDebugStringW
GetLocalTime
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
GetTempPathW
GetTempFileNameW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
DeviceIoControl
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetComputerNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThread
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
LoadLibraryExW
HeapFree
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameW
GetFullPathNameW
ExitProcess
ExitThread
GetSystemTimeAsFileTime
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
ResumeThread
GetStartupInfoW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA
HeapReAlloc
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
EnumResourceNamesW
SetEnvironmentVariableA

user32

SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
ReleaseCapture
SetCapture
WindowFromPoint
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
CopyImage
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
PeekMessageW
SetKeyboardState
GetKeyboardState
GetKeyState
keybd_event
VkKeyScanA
GetKeyboardLayoutNameA
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
GetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
MessageBoxW
DefWindowProcW
MoveWindow
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
GetMenuItemID
TranslateMessage
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
UnregisterHotKey
CharLowerBuffW
MonitorFromRect
GetAsyncKeyState
LoadImageW
GetWindowLongW

gdi32

DeleteObject
GetObjectW
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
BeginPath
Rectangle
GetDeviceCaps
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
SetViewportOrgEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
RegEnumKeyExW
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
InitiateSystemShutdownExW
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
CopySid
LogonUserW
GetTokenInformation
GetAclInformation
GetAce
AddAce
GetSecurityDescriptorDacl

shell32

DragQueryPoint
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
StringFromCLSID
IIDFromString
StringFromIID
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
OleUninitialize

oleaut32

SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
OleLoadPicture
SafeArrayGetVartype
SafeArrayDestroyData
SafeArrayAccessData
VarR8FromDec
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantInit
SafeArrayDestroyDescriptor
LoadRegTypeLi
GetActiveObject
SafeArrayUnaccessData

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]a410ac0c141ebeb019661a692020fb94.exe
.exe windows:1 windows x86 arch:x86

95e6f8741083e0c7d9a63d45e2472360

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

Sections

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.embm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]a62aacc19cac89138571eec242bcd4f6.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]a7f2bf63baba5ffe2b5e76ab67d25bb6.exe
.exe windows:4 windows x86 arch:x86

8abecba2211e61763c4c9ffcaa13369e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2770
ord356
ord2781
ord4058
ord3181
ord2764
ord1980
ord668
ord926
ord924
ord941
ord4129
ord537
ord540
ord6282
ord825
ord6283
ord5683
ord5710
ord858
ord800
ord535
ord859

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_beginthread
rand
fgetc
fputc
fwrite
rename
fopen
fseek
fread
fclose
_stat
__CxxFrameHandler
_mbscmp

kernel32

GetCurrentThread
GetCurrentProcess
SetPriorityClass
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
WaitForSingleObject
CreateProcessA
Sleep
GetLogicalDrives
GetModuleHandleA
GetStartupInfoA
SetThreadPriority

user32

LoadIconA
MessageBoxA

shell32

ShellExecuteExA
SHChangeNotify

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]a9ea383aca2b60aece3a27c899e3f784.exe
.exe windows:4 windows x86 arch:x86

670b061ece19946558cf91f72defb2e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
__vbaNextEachAry
__vbaR8ForNextCheck
__vbaI2Sgn
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaRedimPreserveVar
__vbaVarVargNofree
__vbaFpCDblR4
__vbaAryMove
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaLineInputStr
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFpCDblR8
EVENT_SINK_Invoke
ord620
__vbaVarIndexStore
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
__vbaR8Sgn
ord516
ord517
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCVarAryUdt
__vbaI2Abs
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaError
__vbaBoolErrVar
__vbaLsetFixstr
ord660
__vbaStrDate
__vbaRecDestruct
__vbaSetSystemError
ord661
ord662
__vbaHresultCheckObj
ord556
ord665
ord558
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaLateMemSt
ord592
__vbaStrBool
__vbaBoolStr
__vbaVarForInit
__vbaForEachCollObj
ord593
__vbaExitProc
ord300
__vbaObjSet
ord595
__vbaOnError
ord596
_adj_fdiv_m16i
ord303
__vbaVarIndexStoreObj
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord305
ord599
__vbaFpR4
ord306
ord520
__vbaForEachCollVar
__vbaBoolVar
ord521
ord522
ord309
__vbaVargVar
__vbaVarTstLt
__vbaRefVarAry
ord523
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
ord709
__vbaErase
__vbaVargVarMove
__vbaLateMemStAd
ord525
__vbaNextEachCollObj
__vbaVarZero
ord632
__vbaVarCmpGt
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
__vbaVarAbs
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
__vbaPutOwner4
__vbaR4Str
__vbaNextEachCollVar
__vbaI2I4
ord561
__vbaObjVar
DllFunctionCall
ord670
__vbaVarOr
__vbaVarLateMemSt
ord563
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaObjIs
__vbaLateIdCallSt
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaVarMul
ord710
__vbaExceptHandler
ord711
ord313
__vbaStrToUnicode
__vbaInputFile
ord712
__vbaPrintFile
__vbaR4ErrVar
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
__vbaLateIdStAd
__vbaVarDiv
__vbaI2Str
__vbaR8ErrVar
ord715
ord531
__vbaVarCmpLe
ord716
__vbaFPException
__vbaInStrVar
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
ord535
__vbaI2Var
ord644
ord537
ord538
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaVar2Vec
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
__vbaI4Str
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaForEachAry
ord689
__vbaVarCmpEq
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaVerifyVarObj
ord614
__vbaFpI2
__vbaVarTstGe
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
ord616
ord617
__vbaR8IntI2
__vbaRecDestructAnsi
__vbaLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaI2ErrVar
ord618
__vbaForEachVar
__vbaStrVarCopy
__vbaVarNeg
ord650
_allmul
__vbaVarLateMemCallSt
__vbaLateIdSt
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
ord580
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]ad9972de71fbca864e9303a043d203a0.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]adefb3d586e8f74af30155d21ac5fc9e.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]b00c6b1b2a79fc9c57f97d16d58d00f2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]b2d7c4f62aa3abc7e398981d5c280af4.exe
.exe windows:1 windows x86 arch:x86

95e6f8741083e0c7d9a63d45e2472360

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

Sections

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.embm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]c30111080c9e6acc70dd86ff97188ac8.exe
.dll windows:5 windows x86 arch:x86

b6aad74aec7592c0039872b49b30b9bc

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:53:ea:ff:dd:b1:8e:e0:5d:6e:47:e0:cf:69:4a:2b:90:3f:99:38:fd:7a:78:f4:42:eb:ec:08:5e:00:6c:de
Signer

Actual PE Digest

51:53:ea:ff:dd:b1:8e:e0:5d:6e:47:e0:cf:69:4a:2b:90:3f:99:38:fd:7a:78:f4:42:eb:ec:08:5e:00:6c:de

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msedgeupdate_unsigned.pdb

Imports

kernel32

SizeofResource
HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
LockResource
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
ReleaseSemaphore
DeleteTimerQueueTimer
CreateTimerQueueTimer
FreeLibraryAndExitThread
ExitThread
lstrlenW
WriteFile
GetShortPathNameW
GetPrivateProfileIntW
OutputDebugStringA
SetFilePointer
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
Sleep
GetFileInformationByHandle
OutputDebugStringW
CloseHandle
GetLocalTime
GetCurrentProcessId
lstrcmpiW
lstrcmpW
CreateDirectoryW
FindFirstFileW
SetLastError
FindNextFileW
GetCurrentProcess
ExpandEnvironmentStringsW
RemoveDirectoryW
WaitForMultipleObjects
GetEnvironmentVariableW
FindClose
GetFileAttributesW
DuplicateHandle
FormatMessageW
GetCurrentThread
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
GetProcAddress
LocalFree
GetModuleHandleW
FreeLibrary
GetTempFileNameW
OpenMutexW
GetTickCount
LoadLibraryExW
GetExitCodeProcess
ReadFile
CompareFileTime
SetEndOfFile
SetFileAttributesW
MultiByteToWideChar
GetFileAttributesExW
FileTimeToSystemTime
MoveFileExW
GetFileSize
CopyFileW
GetSystemTimeAsFileTime
GetFileTime
FlushFileBuffers
lstrcpynW
ExitProcess
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetStringTypeExW
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
VirtualQuery
GetModuleHandleExW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
CreateEventW
SetEvent
ResetEvent
GetProductInfo
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
GetLongPathNameW
LocalAlloc
OpenProcess
HeapSetInformation
SetPriorityClass
TerminateProcess
K32GetModuleFileNameExW
WaitForMultipleObjectsEx
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
ProcessIdToSessionId
Process32NextW
WaitForSingleObjectEx
Process32FirstW
K32EnumProcesses
ReadProcessMemory
K32EnumProcessModules
SetHandleInformation
DeviceIoControl
CreatePipe
SetErrorMode
GetSystemPowerStatus
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
CreateProcessW
SetProcessWorkingSetSize
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetStdHandle
QueryDosDeviceW
GetLogicalDriveStringsW
InitOnceExecuteOnce
GetComputerNameExW
SetEnvironmentVariableW
OpenEventW
GetPrivateProfileStringW
CreateThread
SetCurrentDirectoryW
GetPriorityClass
OpenThread
QueryPerformanceCounter
GetCommandLineW
CreateHardLinkW
GetThreadLocale
lstrcmpA
QueueUserWorkItem
GetTickCount64
GetStringTypeExA
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
VirtualAlloc
VirtualProtect
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileSizeEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
LoadLibraryExA
GetProcessShutdownParameters
SetProcessShutdownParameters
GetProcessId
Thread32Next
Thread32First
RegisterWaitForSingleObject
UnregisterWaitEx
QueryPerformanceFrequency
GetUserDefaultLangID
GetSystemDefaultLangID
QueryUnbiasedInterruptTime
DeleteTimerQueueEx
CreateTimerQueue
GetNativeSystemInfo
GetModuleFileNameA
GlobalHandle
MulDiv
FreeResource
InterlockedPopEntrySList
FlushInstructionCache
VirtualFree
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SwitchToThread
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW

netapi32

NetApiBufferFree
NetGetJoinInformation

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

Exports

Exports

DllEntry

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]ddc0d08019efa4cc5f2a39de99cc0a85.exe
.dll windows:4 windows x86 arch:x86

5ba06ef679dceed9eed0a5dd66af8eae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\Acro_root_at\pdfl\Common\a3d\build\win\Release\inter\rt3d.pdb

Imports

kernel32

SetFilePointer
CreateFileW
FindClose
FindNextFileW
GetLogicalDrives
FindFirstFileW
GetCPInfo
SetEndOfFile
SetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
GetCurrentProcessId
GetLocaleInfoA
Sleep
ResumeThread
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
QueryPerformanceFrequency
GetUserDefaultLangID
GetCurrentThreadId
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateEventA
InitializeCriticalSection
WaitForSingleObject
PulseEvent
CloseHandle
LeaveCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
FindNextFileA
GlobalReAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetLogicalDriveStringsW
GetDriveTypeW
GetShortPathNameW
GetShortPathNameA
DeleteFileW
DeleteFileA
CreateFileA
FindFirstFileA
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
ReadFile
GetFileSize
FlushFileBuffers
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetDateFormatA
GetTimeFormatA
FormatMessageW
LocalFree
GetFileAttributesA
GetTempFileNameW
GetTempFileNameA
GetTempPathW
GetTempPathA
lstrlenW
GetModuleFileNameA
LoadLibraryExW
LoadLibraryExA
GetSystemInfo
EnterCriticalSection
DeleteCriticalSection
MulDiv
OutputDebugStringA
SetLastError
LoadLibraryW
VirtualQuery
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleA
GetVersionExA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LoadLibraryA
FreeLibrary
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement

user32

DispatchMessageW
GetMessageW
PeekMessageW
GetParent
GetClassNameA
FindWindowA
AttachThreadInput
GetActiveWindow
IsWindowEnabled
EnumWindows
GetWindowThreadProcessId
GetWindow
SetWindowsHookExA
MessageBoxIndirectW
DialogBoxParamW
EndDialog
CallNextHookEx
UnhookWindowsHookEx
SetWindowTextW
PostMessageA
EnableScrollBar
SetScrollRange
ScrollWindow
GetSysColor
DrawIconEx
GetClientRect
BeginPaint
EndPaint
CallWindowProcA
GetScrollPos
GetScrollRange
SetScrollPos
PeekMessageA
GetKeyState
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetDesktopWindow
SystemParametersInfoA
SetWindowLongA
CreateDialogParamW
EnableWindow
GetWindowLongA
InvalidateRect
SendMessageW
SetFocus
SetDlgItemTextW
GetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
KillTimer
GetWindowRect
UpdateWindow
IsWindowVisible
ShowWindow
GetForegroundWindow
RegisterWindowMessageA
SetWindowTextA
GetWindowTextLengthA
GetWindowTextW
DefWindowProcA
SendMessageTimeoutA
SendDlgItemMessageA
TranslateAcceleratorA
SendMessageTimeoutW
PostMessageW
SendDlgItemMessageW
TranslateAcceleratorW
CallWindowProcW
GetWindowLongW
SetWindowLongW
MessageBoxW
SetDlgItemTextA
DestroyIcon
CreateIcon
GetSysColorBrush
GetAsyncKeyState
DrawTextA
DrawTextW
OffsetRect
SetForegroundWindow
SetTimer
GetDlgItem
GetWindowTextA
LoadImageA
SetWindowPos
SendMessageA
EnumDisplayMonitors
GetMonitorInfoA
DestroyWindow
FillRect
SetParent
MoveWindow
GetDC
IsRectEmpty
ReleaseDC
RegisterClassW
CreateWindowExW
SetPropW
GetUpdateRect
GetPropW
DefWindowProcW

gdi32

GetClipBox
DeleteObject
CreateDIBSection
DeleteDC
CreateSolidBrush
GetObjectA
SetDIBitsToDevice
CreateCompatibleBitmap
PatBlt
CreatePen
Ellipse
GetStockObject
SetBkMode
CreateFontIndirectW
GetTextExtentPoint32A
SelectObject
CreateFontIndirectA
GetDeviceCaps
LineTo
MoveToEx
ExtTextOutW
SetBkColor
SetTextColor
GetBkColor
EnumFontFamiliesExA
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

msvcp80

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr80

?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_stricmp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_wcsnicmp
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler3
_CIsqrt
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memmove_s
??0exception@std@@QAE@XZ
_CItan
??_V@YAXPAX@Z
sprintf
_CIlog
_CIatan2
_CIcos
_CIsin
_CIacos
_CIexp
memset
wcsrchr
strncpy
memcpy
_CIatan
_CIasin
fprintf
__iob_func
_CIlog10
_time64
rand
srand
ceil
__RTDynamicCast
??0exception@std@@QAE@ABQBDH@Z
getenv
_CIfmod
floor
_CIpow
_fpreset
_except_handler3
modf
_errno
strtod
memmove
qsort
malloc
realloc
free
_tzset
strchr
fclose
feof
fgetc
fseek
ftell
clearerr
ferror
fwrite
fflush
fread
_beginthreadex
isdigit
_fpclass
toupper
_wfopen
_wchdir
_wgetcwd
_wmkdir
_wrmdir
_wrename
_wremove
towlower
towupper
iswalpha
wcsncpy
memcmp
tolower
fmod
strlen
isalnum
sqrt
strrchr
_vswprintf
_vswprintf_c_l
sscanf
swscanf
fabs
pow
strcmp
log
wcscat
wcscpy
strcpy
wcslen
abs
cos
sin
acos
asin
atan
atan2
wcschr
wcspbrk
wcstol
wcstod
vsprintf
strtol
atol
wcsstr
strcat
_snprintf
wcscmp
wcsncmp
strncmp
tan
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_wcsicmp

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Add
ImageList_Create
ImageList_GetImageInfo
ImageList_DrawEx

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA

Exports

Exports

??0ANGLEAXIS@@QAE@ABUMATRIX3D@@@Z
??0ANGLEAXIS@@QAE@ABUPOINT3D@@@Z
??0ANGLEAXIS@@QAE@ABUQUAT@@@Z
??0CREATESCENESTRUCT@@QAE@XZ
??0DRIVER3D@@QAE@XZ
??0MATRIX3D@@QAE@PBMH@Z
??0MATRIX3D@@QAE@PBNH@Z
??0POINT3D@@QAE@ABUQUAT@@@Z
??0QUAT@@QAE@ABUANGLEAXIS@@@Z
??0QUAT@@QAE@ABUMATRIX3D@@@Z
??0QUAT@@QAE@ABUPOINT3D@@@Z
??0QUAT@@QAE@MAAU0@0H@Z
??0RENDER@@QAE@PBU0@PAVe3_CONTEXT@@@Z
??0TSPRITE@@QAE@PAVTSCENE3D@@@Z
??0e3_COLLECTION@@IAE@HH@Z
??0e3_FILEITERATOR@@QAE@PBGPAGI@Z
??0e3_GAPI@@QAE@XZ
??0e3_GENERIC@@IAE@XZ
??0e3_LAYER@@IAE@XZ
??0e3_LOD@@IAE@PAVe3_SCENE@@@Z
??0e3_MAINRANGE@@QAE@XZ
??0e3_MODIFIER@@QAE@XZ
??0e3_NODE@@IAE@PAVe3_SCENE@@@Z
??0e3_OBJECT@@IAE@XZ
??0e3_PARAM@@AAE@XZ
??0e3_RANGE@@QAE@XZ
??0e3_REFSOURCE@@QAE@XZ
??0e3_RENDERABLE2@@QAE@XZ
??0e3_SORTEDCOLLECTION@@IAE@P6GHQAX0I@ZHH@Z
??0e3_STREAM@@IAE@XZ
??0e3_STRING@@QAE@ABV0@@Z
??0e3_interface@@QAE@XZ
??0matrix3d@@QAE@ABUMATRIX3D@@@Z
??1TSPRITE@@MAE@XZ
??1e3_BASECONTROL@@QAE@XZ
??1e3_COLLECTION@@MAE@XZ
??1e3_FILEITERATOR@@QAE@XZ
??1e3_GAPI@@QAE@XZ
??1e3_GENERIC@@IAE@XZ
??1e3_LAYER@@IAE@XZ
??1e3_LOD@@IAE@XZ
??1e3_MAINRANGE@@QAE@XZ
??1e3_MODIFIER@@IAE@XZ
??1e3_NODE@@IAE@XZ
??1e3_OBJECT@@IAE@XZ
??1e3_RANGE@@QAE@XZ
??1e3_REFSOURCE@@IAE@XZ
??1e3_RENDERABLE2@@IAE@XZ
??1e3_STREAM@@IAE@XZ
??1e3_STRING@@QAE@XZ
??4e3_STRING@@QAGAAV0@ABV0@@Z
??D@YG?AUQUAT@@ABU0@0@Z
??K@YG?AUQUAT@@ABU0@0@Z
??YBOX3D@@QAGAAU0@ABU0@@Z
??YBOX3D@@QAGAAU0@ABUPOINT3D@@@Z
?ABS@POINT3D@@QAGXXZ
?ABS@_point3d@@QAGXXZ
?ActivateRange@e3_BASECONTROL@@UAG_NPAVe3_RANGE@@@Z
?ActivateRange@e3_GENERIC@@UAG_NPAVe3_MAINRANGE@@@Z
?ActivateRange@e3_MODIFIER@@UAG_NPAVe3_MAINRANGE@@@Z
?ActivateRange@e3_NODE@@UAG_NPAVe3_MAINRANGE@@@Z
?Add@BOX3D@@QAGXABU1@@Z
?Add@BOX3D@@QAGXABUPOINT3D@@@Z
?Add@e3_LAYER@@UAG_NPAVe3_NODE@@@Z
?Add@e3_STRING@@QAG_NABV1@@Z
?Add@e3_STRING@@QAG_NG@Z
?Add@e3_STRING@@QAG_NPBD@Z
?Add@e3_STRING@@QAG_NPBG@Z
?AddAnchor@TSPRITE@@UAGPAUE3MARKANCHOR@@XZ
?AddChild@e3_LOD@@UAG_NPAVe3_NODE@@@Z
?AddChild@e3_NODE@@UAG_NPAV1@@Z
?AddController@e3_GENERIC@@UAGPAVe3_BASECONTROL@@W4e3_PROPERTIES@@@Z
?AddController@e3_GENERIC@@UAG_NPAVe3_BASECONTROL@@@Z
?AddKnot@TSPRITE@@UAGPAUE3MARKNOT@@XZ
?AddLine@TSPRITE@@UAGPAUE3MLINE@@XZ
?AddModifier@e3_NODE@@UAG_NPBD@Z
?AddNotifyCALLBACK@e3_GAPI@@UAG_NP6GIIII@Z@Z
?AddRange@e3_BASECONTROL@@UAGPAVe3_RANGE@@PAVe3_MAINRANGE@@@Z
?AddRef@e3_interface@@UAGIXZ
?AddRefTarget@e3_REFSOURCE@@UAG_NPAVe3_REFTARGET@@@Z
?AddSlashA@e3_GAPI@@UAGXPAD@Z
?AddSlashW@e3_GAPI@@UAGXPAG@Z
?AddStep@e3_VIEWPORT@@UAGPAVe3_VIEWPORTSTEP@@H@Z
?AffineCompose@MATRIX3D@@QAGXABUAFFINEPARTS@@@Z
?AffineDecompose@MATRIX3D@@QBGXAAUAFFINEPARTS@@@Z
?Animate@e3_GENERIC@@UAGIMI@Z
?Animate@e3_MODIFIER@@UAGIMI@Z
?Animate@e3_NODE@@UAGIMI@Z
?ApplyToNode@e3_LAYER@@EAG?AW4E3RESULT@@PAVe3_NODE@@@Z
?ApplyToNodes@e3_LAYER@@UAG?AW4E3RESULT@@XZ
?ApplyTransform@TSPRITE@@UAG_NPAVe3_NODE@@ABUE3_TRANSFORMINFO@@@Z
?At@e3_COLLECTION@@UAGPAXH@Z
?AtDelete@e3_COLLECTION@@UAG_NH@Z
?AtFree@e3_COLLECTION@@UAG_NH@Z
?AtInsert@e3_COLLECTION@@UAG_NHPAX@Z
?AtPut@e3_COLLECTION@@UAG_NHPAX@Z
?AtoW@@YGXPBDPAG@Z
?AtoWex@@YGHPBDPAGH@Z
?BaryCoords@e3_GAPI@@UAG?AUPOINT3D@@ABU2@000@Z
?BeginPicturesCache@@YGXXZ
?CanReadChunk@e3_STREAM@@UAG_NXZ
?CastObject@e3_NODE@@UAGPAVe3_OBJECT@@W4e3_TYPE@@@Z
?ChildsDraw@e3_LOD@@MAG?AW4E3RESULT@@PAVe3_VIEWPORT@@PBUMATRIX3D@@PAVe3_CONTEXT@@@Z
?ChildsDraw@e3_NODE@@MAG?AW4E3RESULT@@PAVe3_VIEWPORT@@PBUMATRIX3D@@PAVe3_CONTEXT@@@Z
?ChildsHitTest@e3_LOD@@MAGXPAUe3_HITTEST@@PBUMATRIX3D@@@Z
?ChildsHitTest@e3_NODE@@MAGXPAUe3_HITTEST@@PBUMATRIX3D@@@Z
?ChooseDriver@@YG_NPAPAVDRIVER3D@@PBD@Z
?ChooseLOD@e3_LOD@@UAGPAVe3_NODE@@I@Z
?Clone@e3_GENERIC@@UAGPAV1@I@Z
?Clone@e3_LAYER@@UAGPAVe3_GENERIC@@I@Z
?Clone@e3_NODE@@UAGPAVe3_GENERIC@@I@Z
?Clone@e3_PARAM@@UAGPAV1@I@Z
?CloseChunk@e3_STREAM@@UAG_NXZ
?CmpNameExW@@YGHPBG0@Z
?CmpPatternAndName@@YGHPBG0@Z
?Compare@RENDER@@QAG_NAAU1@_N@Z
?Compare@TSPRITE@@UAG_NPAVe3_GENERIC@@I@Z
?Compare@e3_GENERIC@@UAG_NPAV1@I@Z
?Compare@e3_GUID@@QBG_NABU1@@Z
?Compare@e3_STRING@@QBGHABV1@@Z
?Compare@e3_STRING@@QBGHPBG@Z
?CompareNoCase@e3_STRING@@QBGHABV1@@Z
?ConvertEx@TSPRITE@@UAG?AW4E3RESULT@@PAUe3_CONVERT@@PAVe3_CONTEXT@@@Z
?ConvertEx@e3_OBJECT@@UAG?AW4E3RESULT@@PAUe3_CONVERT@@PAVe3_CONTEXT@@@Z
?ConvertEx@e3_SUBD@@UAG?AW4E3RESULT@@PAUe3_CONVERT@@PAVe3_CONTEXT@@@Z
?CopyTo@e3_STREAM@@UAGHPAV1@HH@Z
?CorrectHitItems@TSPRITE@@IAGXAAGAAH@Z
?Create@TSCENE3D@@SG?AW4E3RESULT@@PAVe3_STREAM@@PAVFILETYPE@@PAPAV1@IPAUCREATESCENESTRUCT@@@Z
?Create@e3_ARRAY2D@@SGPAV1@PAVe3_MEM@@@Z
?Create@e3_ARRAY3D@@SGPAV1@PAVe3_MEM@@@Z
?Create@e3_COLLECTION@@SGPAV1@HH@Z
?Create@e3_INFO_LIST@@SGPAV1@XZ
?Create@e3_LAYER@@SGPAV1@XZ
?Create@e3_LOD@@SGPAV1@PAVe3_SCENE@@@Z
?Create@e3_MEM@@SGPAV1@XZ
?Create@e3_NODE@@SGPAV1@PAVe3_SCENE@@@Z
?Create@e3_PARAM@@SGPAV1@XZ
?Create@e3_SCENE@@SGPAV1@PAX@Z
?Create@e3_SORTEDCOLLECTION@@SGPAV1@P6GHQAX0I@ZHH@Z
?Create@e3_STACK@@SGPAU1@H@Z
?Create@e3_TCB@@SGPAV1@XZ
?Create@e3_VBUFFER@@SGPAV1@XZ
?CreateARRAY2D@e3_GAPI@@UAGPAVe3_ARRAY2D@@XZ
?CreateARRAY3D@e3_GAPI@@UAGPAVe3_ARRAY3D@@XZ
?CreateChild@e3_NODE@@UAGPAV1@IPBD0@Z
?CreateCollection@e3_GAPI@@UAGPAVe3_COLLECTION@@XZ
?CreateExtension@e3_GAPI@@UAGPAVe3_EXTENSION@@PBD@Z
?CreateFromMemory@e3_STREAM@@SGPAV1@PAXI@Z
?CreateMEM@e3_GAPI@@UAGPAVe3_MEM@@H@Z
?CreateParams@e3_GAPI@@UAGPAVe3_PARAM@@XZ
?CreatePicture@e3_GAPI@@UAGPAVe3_PICTURE@@XZ
?CreateSceneA@e3_GAPI@@UAGPAVe3_SCENE@@PBDPAVe3_CONTEXT@@PAUe3_GUID@@I@Z
?CreateSceneEx@e3_GAPI@@UAGPAVe3_SCENE@@PAVe3_STREAM@@PAVe3_CONTEXT@@PAUe3_GUID@@I@Z
?CreateSceneW@e3_GAPI@@UAGPAVe3_SCENE@@PBGPAVe3_CONTEXT@@PAUe3_GUID@@I@Z
?CreateSortedCollection@e3_GAPI@@UAGPAVe3_SORTEDCOLLECTION@@P6GHQAX0I@Z@Z
?CreateStreamA@e3_GAPI@@UAGPAVe3_STREAM@@PAUHINSTANCE__@@PBDI@Z
?CreateStreamW@e3_GAPI@@UAGPAVe3_STREAM@@PAUHINSTANCE__@@PBGI@Z
?CreateW@e3_STREAM@@SGPAV1@PAUHINSTANCE__@@PBGI@Z
?DecodeNormal@POINT3D@@QAGXII@Z
?Decompose@MATRIX3D@@QBG_NPAUPOINT3D@@000PAUPOINT4D@@@Z
?Decompose@MATRIX3D@@QBG_NPAU_point3d@@000PAU_point4d@@@Z
?DelRange@e3_BASECONTROL@@UAG_NPAVe3_RANGE@@@Z
?Delete@e3_LAYER@@UAG_NPAVe3_NODE@@@Z
?DeleteAll@e3_COLLECTION@@UAGXXZ
?DeleteItem@e3_COLLECTION@@UAG_NPAX@Z
?DeleteThis@TSPRITE@@UAGXXZ
?DeleteThis@e3_COLLECTION@@MAGXXZ
?DeleteThis@e3_LAYER@@MAGXXZ
?DeleteThis@e3_LOD@@EAGXXZ
?DeleteThis@e3_MAINRANGE@@EAGXXZ
?DeleteThis@e3_NODE@@EAGXXZ
?DeleteThis@e3_RANGE@@EAGXXZ
?DeleteThis@e3_STACK@@MAGXXZ
?DeleteThis@e3_VIEWPORT@@EAGXXZ
?DestroyGeometryCache@e3_OBJECT@@UAG_NI@Z
?Det@MATRIX3D@@QBGNXZ
?Dialog@e3_OBJECT@@UAG_NPAVe3_IODIALOG@@@Z
?Done@e3_STRING@@QAGXXZ
?DoneRescale@@YG_NPAUPIXWEIGHT@@@Z
?Draw@e3_NODE@@UAG?AW4E3RESULT@@PAVe3_VIEWPORT@@PBUMATRIX3D@@PAVe3_CONTEXT@@@Z
?DrawAxis@e3_NODE@@EAGXPAVe3_VIEWPORT@@PBUMATRIX3D@@I@Z
?DrawSelection@e3_NODE@@EAGXPAVe3_VIEWPORT@@PBUMATRIX3D@@11PAVe3_CONTEXT@@@Z
?DrawSpriteLineMarker@TSPRITE@@IAG_NPAVe3_VIEWPORT@@IPAUPOINT3D@@1ABU3@2@Z
?EnableDuplicates@e3_SORTEDCOLLECTION@@UAG_N_N@Z
?EncodeNormal@POINT3D@@QBGII@Z
?EndPicturesCache@@YGXXZ
?Enum@e3_NODE@@UAG_NIP6GHPAV1@I@ZI@Z
?EnumEx@e3_LOD@@UAG_NIPBUMATRIX3D@@P6GHPAVe3_NODE@@PAU2@2I@ZI@Z
?EnumEx@e3_NODE@@UAG_NIPBUMATRIX3D@@P6GHPAV1@PAU2@2I@ZI@Z
?EnumExtensions@e3_GAPI@@UAGPAVe3_COLLECTION@@H@Z
?Equal@MATRIX3D@@QBG_NABU1@N@Z
?EvaluateMesh@TSPRITE@@UAGPAVe3_RENDERABLE@@IPAVe3_CONTEXT@@@Z
?EvaluateMesh@e3_OBJECT@@UAGPAVe3_RENDERABLE@@IPAVe3_CONTEXT@@@Z
?EvaluateMesh@e3_RENDERABLE2@@UAGPAVe3_RENDERABLE@@IPAVe3_CONTEXT@@@Z
?FaceABCD@e3_GAPI@@UAGXPBUPOINT3D@@00AAM111@Z
?FaceNormal@e3_GAPI@@UAGXPBUPOINT3D@@00AAM11@Z
?FillObjectDialog@TSPRITE@@UAG_NPAVe3_IODIALOG@@@Z
?Flip@MATRIX3D@@QAGXXZ
?Flip@QUAT@@QAGXXZ
?Flip@e3_OBJECT@@UAGII@Z
?FlipBytes@e3_GAPI@@UAG_NPAXHH@Z
?FlushGeometryCache@e3_NODE@@UAG_NI@Z
?FlushGeometryCache@e3_OBJECT@@UAG_NI@Z
?FreeAll@e3_COLLECTION@@UAGXXZ
?FreeItem@e3_COLLECTION@@UAG_NPAX@Z
?FromStr@e3_GUID@@QAG_NPBD@Z
?FromStr@e3_GUID@@QAG_NPBG@Z
?Func2d@FILETYPE@@QAGIIPAVe3_STREAM@@PAVe3_PICTURE@@PAVe3_interface@@@Z
?Func3d@FILETYPE@@QAGIIPAVe3_STREAM@@PAVe3_SCENE@@PAVe3_interface@@@Z
?FuncArc@FILETYPE@@QAGIIII@Z
?FuncV@FILETYPE@@QAGIIPAUe3_VIDEOINFO@@PAVe3_interface@@@Z
?Get@e3_STREAM@@UAGPAVe3_REFSOURCE@@PAVe3_CONTEXT@@@Z
?Get@e3_STRING@@QBGHPADH@Z
?Get@e3_STRING@@QBGHPAGH@Z
?GetAngleByXY@@YGNNN@Z
?GetBillboardMatrix@e3_NODE@@UAG_NPAUMATRIX3D@@@Z
?GetBinaryMode@e3_STREAM@@UAG?AW4E3_STREAM_BINARY_MODE@@XZ
?GetBoundingBox@e3_NODE@@UAG_NPAUBOX3D@@PBUMATRIX3D@@PAVe3_CONTEXT@@I@Z
?GetBoundingBox@e3_OBJECT@@UAG_NPAUBOX3D@@PBUMATRIX3D@@PAVe3_CONTEXT@@@Z
?GetBoundingBox@e3_RENDERABLE2@@UAG_NPAUBOX3D@@PBUMATRIX3D@@PAVe3_CONTEXT@@@Z
?GetBuffer@e3_STRING@@QBGPBGXZ
?GetByNameA@e3_COLLECTION@@UAGPAVe3_GENERIC@@PBD@Z
?GetByNameW@e3_COLLECTION@@UAGPAVe3_GENERIC@@PBG@Z
?GetController@e3_GENERIC@@UAGPAVe3_BASECONTROL@@W4e3_PROPERTIES@@@Z
?GetCount@e3_PARAM@@UAGHXZ
?GetCurrentChunkID@e3_STREAM@@UAGGXZ
?GetCurrentChunkSize@e3_STREAM@@UAGHXZ
?GetDisplayNameA@e3_GENERIC@@UAGHPADH@Z
?GetDisplayNameA@e3_LAYER@@UAGHPADH@Z
?GetDisplayNameA@e3_NODE@@UAGHPADH@Z
?GetDisplayNameA@e3_OBJECT@@UAGHPADH@Z
?GetDisplayNameW@e3_GENERIC@@UAGHPAGH@Z
?GetEulerAngles@MATRIX3D@@QBG?AUPOINT3D@@H@Z
?GetEulerAngles@QUAT@@QAG?AUPOINT3D@@H@Z
?GetExtension@e3_GAPI@@UAGPAUe3_EXT00@@PBD@Z
?GetExtensionInfo@e3_GAPI@@UAGPBGPBDPAI@Z
?GetFileINFO@@YGPAVFILETYPE@@ABUe3_GUID@@I@Z
?GetFileIcon@@YGHAAUe3_GUID@@@Z
?GetFileName@e3_FILEITERATOR@@QAGPBGXZ
?GetFileNameA@e3_STREAM@@UAG_NPADHI@Z
?GetFileNameW@e3_STREAM@@UAG_NPAGHI@Z
?GetFileSize@e3_FILEITERATOR@@QAGJXZ
?GetFileTime@e3_FILEITERATOR@@QAG_NAAU_FILETIME@@@Z
?GetFileTime@e3_STREAM@@UAG?AW4E3RESULT@@AAU_FILETIME@@@Z
?GetFileType@e3_GAPI@@UAG?AUe3_GUID@@PBG@Z
?GetFileTypeByExt@@YGPAVFILETYPE@@PBD0PAUFTINFO@@@Z
?GetFileTypeByExt@@YGPAVFILETYPE@@PBG0PAUFTINFO@@@Z
?GetFileTypeByFullName@e3_GAPI@@UAG?AUe3_GUID@@PBG@Z
?GetFileTypeByIndex@e3_GAPI@@UAG_NHPAUe3_FILETYPE@@@Z
?GetFileTypeEx@e3_GAPI@@UAG?AUe3_GUID@@PBG@Z
?GetFileTypeInfo@e3_GAPI@@UAG_NPBUe3_GUID@@PAUe3_FILETYPE@@@Z
?GetFileTypeName@@YGPBGAAUe3_GUID@@@Z
?GetFont@TSPRITE@@UAG_NPAUtagLOGFONTW@@@Z
?GetFullFileName@e3_FILEITERATOR@@QAGXPAG@Z
?GetHANDLE@e3_STREAM@@UAGPAXXZ
?GetHQRenderSize@@YGXPAVe3_RENDER@@AAH11PAVe3_SCENE@@@Z
?GetHandler@TSPRITE@@UAGHPAD@Z
?GetImageList@e3_GAPI@@UAGIH@Z
?GetInterfaceName@TSPRITE@@UAGPBDXZ
?GetInterfaceName@e3_LAYER@@UAGPBDXZ
?GetInterfaceName@e3_LOD@@UAGPBDXZ
?GetInterfaceName@e3_MAINRANGE@@UAGPBDXZ
?GetInterfaceName@e3_NODE@@UAGPBDXZ
?GetInterfaceName@e3_PARAM@@UAGPBDXZ
?GetInterfaceName@e3_STREAM@@UAGPBDXZ
?GetInterfaceName@e3_VIEWPORT@@UAGPBDXZ
?GetInterfaceVersion@e3_EXTENSION@@UAGHXZ
?GetLANG@e3_GAPI@@UAGIPAUHINSTANCE__@@@Z
?GetLinesBBox@TSPRITE@@UAG_NAAUBOX3D@@@Z
?GetMatrix@e3_NODE@@UAG_NPAUMATRIX3D@@_N@Z
?GetMemoryBase@e3_STREAM@@UAGPAXXZ
?GetNameA@e3_GENERIC@@UAGHPADH@Z
?GetNamePrefix@TSPRITE@@UAGPBDXZ
?GetNamePrefix@e3_OBJECT@@UAGPBDXZ
?GetNameW@e3_GENERIC@@UAGHPAGH@Z
?GetNext@e3_FILEITERATOR@@QAG_NXZ
?GetNumberOfFaces@e3_RENDERABLE2@@UAGIPAVe3_CONTEXT@@@Z
?GetNumberOfObjects@e3_NODE@@UAGHW4e3_TYPE@@@Z
?GetNumberOfPoints@e3_OBJECT@@UAGIPAVe3_CONTEXT@@@Z
?GetNumberOfPoints@e3_RENDERABLE2@@UAGIPAVe3_CONTEXT@@@Z
?GetNumberOfWidgets@e3_MODIFIER@@UAGHXZ
?GetObjectTable@e3_STREAM@@UAGPAVe3_COLLECTION@@XZ
?GetObjectsList@e3_NODE@@UAGHPAVe3_COLLECTION@@W4e3_TYPE@@@Z
?GetParam@e3_EXTENSION@@UAGIHIW4e3_VALUETYPE@@@Z
?GetParam@e3_GENERIC@@UAGIHIW4e3_VALUETYPE@@@Z
?GetParam@e3_NODE@@UAGIHIW4e3_VALUETYPE@@@Z
?GetParam@e3_VIEWPORT@@UAGIHIW4e3_VALUETYPE@@@Z
?GetPathFromFileA@e3_GAPI@@UAG_NPBDPAD@Z
?GetPathFromFileW@e3_GAPI@@UAG_NPBGPAG@Z
?GetPicture@@YGHPAPAVTPicture@@PBGPAUe3_GUID@@PAVe3_CONTEXT@@I@Z
?GetPlugin@e3_GAPI@@UAGPAVe3_PLUGIN@@PAUHINSTANCE__@@@Z
?GetPlugin@e3_GAPI@@UAGPAVe3_PLUGIN@@PBG@Z
?GetPluginInfo@e3_GAPI@@UAGIPAUHINSTANCE__@@H@Z
?GetPoint@e3_OBJECT@@UAG?AUPOINT3D@@I@Z
?GetPropNameA@e3_GAPI@@UAGHW4e3_PROPERTIES@@PADH@Z
?GetPropNameW@e3_GAPI@@UAGHW4e3_PROPERTIES@@PAGH@Z
?GetRange@e3_BASECONTROL@@UAGPAVe3_RANGE@@PAVe3_MAINRANGE@@@Z
?GetRequiredCache@e3_OBJECT@@UAGIW4RENDER_MODE@@I@Z
?GetRightAngle@@YG?AUPOINT3D@@AAUMATRIX3D@@U1@_N@Z
?GetRoll@e3_NODE@@UAGMXZ
?GetRotate@MATRIX3D@@QBGXAAUANGLEAXIS@@@Z
?GetRotate@MATRIX3D@@QBGXAAUPOINT3D@@@Z
?GetRotate@MATRIX3D@@QBGXAAUQUAT@@@Z
?GetRotate@MATRIX3D@@QBGXAAU_point3d@@@Z
?GetScale@MATRIX3D@@QBG?AUPOINT3D@@XZ
?GetSiblingFile@e3_GAPI@@UAG_NPBG0PAG@Z
?GetSize@e3_STACK@@UAGIXZ
?GetStatus@e3_STREAM@@UAGHXZ
?GetSysHeapObject@e3_GAPI@@UAGPAVe3_HEAP@@XZ
?GetType@TSPRITE@@UAG?AW4e3_TYPE@@XZ
?GetType@e3_LAYER@@UAG?AW4e3_TYPE@@XZ
?GetType@e3_LOD@@UAG?AW4e3_TYPE@@XZ
?GetType@e3_MODIFIER@@UAG?AW4e3_TYPE@@XZ
?GetType@e3_NODE@@UAG?AW4e3_TYPE@@XZ
?GetType@e3_RENDERABLE2@@UAG?AW4e3_TYPE@@XZ
?GetTypeByName@@YGPAVFILETYPE@@PBG@Z
?GetUsedMaterialsList@e3_MODIFIER@@UAG_NPAVe3_COLLECTION@@I@Z
?GetVersion@e3_GAPI@@UAGII@Z
?GetVersion@e3_STREAM@@UAGIXZ
?GetWidget@e3_MODIFIER@@UAGPAVe3_NODE@@H@Z
?GetWidgetMatrix@TSPRITE@@UAG_NPAVe3_NODE@@AAUMATRIX3D@@@Z
?GetWorldMatrix@e3_NODE@@UAG_NPAUMATRIX3D@@I@Z
?HitTest@TSPRITE@@UAG_NPAUe3_HITTEST@@PBUMATRIX3D@@@Z
?HitTest@e3_NODE@@UAGXPAUe3_HITTEST@@PBUMATRIX3D@@@Z
?HitTest@e3_OBJECT@@UAG_NPAUe3_HITTEST@@PBUMATRIX3D@@@Z
?HitTest@e3_RENDERABLE2@@UAG_NPAUe3_HITTEST@@PBUMATRIX3D@@@Z
?IdentityMatrix@MATRIX3D@@QAGXXZ
?IndexOf@e3_COLLECTION@@UAGHPAX@Z
?IndexOf@e3_SORTEDCOLLECTION@@UAGHPAX@Z
?Init@RENDER@@QAGXPAVe3_CONTEXT@@@Z
?Init@e3_GENERIC@@QAGXH@Z
?InitLanguage@e3_GAPI@@UAG_NPAUHINSTANCE__@@PBG11@Z
?Insert@e3_COLLECTION@@UAGHPAX@Z
?Insert@e3_SORTEDCOLLECTION@@UAGHPAX@Z
?InvalidateBoundingBox@e3_NODE@@UAG_NXZ
?Invert@MATRIX3D@@QAGXABU1@@Z
?Invert@MATRIX3D@@QAGXXZ
?Invert@QUAT@@QAGXXZ
?Invoke@e3_EXTENSION@@UAG?AW4E3RESULT@@HPAVe3_PARAM@@PAVe3_CONTEXT@@@Z
?IsEOF@e3_STREAM@@UAG_NXZ
?IsEmpty@e3_STACK@@UAG_NXZ
?IsEnabled@FILETYPE@@QAG_NXZ
?IsFileOfThisType@FILETYPE@@QAG_NPBG0@Z
?IsFlipped@MATRIX3D@@QBG_NXZ
?IsFolder@e3_FILEITERATOR@@QAG_NXZ
?IsIdentity@MATRIX3D@@QBG_NN@Z
?IsIndexValid@e3_COLLECTION@@UAG_NH@Z
?IsMaterialUsed@e3_MODIFIER@@UAGIPAVe3_MATERIAL@@I@Z
?IsNull@e3_GUID@@QBG_NXZ
?IsNumeric@e3_STRING@@QBG_NXZ
?IsReadOnly@e3_FILEITERATOR@@QAG_NXZ
?IsTypeOf@TSPRITE@@UAG_NPBD@Z
?IsTypeOf@TSPRITE@@UAG_NW4e3_TYPE@@@Z
?IsTypeOf@e3_EXTENSION@@UAG_NPBD@Z
?IsTypeOf@e3_GENERIC@@UAG_NPBD@Z
?IsTypeOf@e3_GENERIC@@UAG_NW4e3_TYPE@@@Z
?IsTypeOf@e3_LAYER@@UAG_NPBD@Z
?IsTypeOf@e3_LAYER@@UAG_NW4e3_TYPE@@@Z
?IsTypeOf@e3_LOD@@UAG_NPBD@Z
?IsTypeOf@e3_LOD@@UAG_NW4e3_TYPE@@@Z
?IsTypeOf@e3_MAINRANGE@@UAG_NPBD@Z
?IsTypeOf@e3_MODIFIER@@UAG_NPBD@Z
?IsTypeOf@e3_MODIFIER@@UAG_NW4e3_TYPE@@@Z
?IsTypeOf@e3_NODE@@UAG_NPBD@Z
?IsTypeOf@e3_NODE@@UAG_NW4e3_TYPE@@@Z
?IsTypeOf@e3_OBJECT@@UAG_NPBD@Z
?IsTypeOf@e3_REFSOURCE@@UAG_NPBD@Z
?IsTypeOf@e3_REFTARGET@@UAG_NPBD@Z
?IsTypeOf@e3_RENDERABLE2@@UAG_NPBD@Z
?IsTypeOf@e3_RENDERABLE2@@UAG_NW4e3_TYPE@@@Z
?IsTypeOf@e3_RENDERABLE@@UAG_NPBD@Z
?IsTypeOf@e3_SPRITEHELPER@@UAG_NPBD@Z
?IsTypeOf@e3_STREAM@@UAG_NPBD@Z
?IsTypeOf@e3_VIEWPORT@@UAG_NPBD@Z
?LGetString@e3_GAPI@@UAGPBGIH@Z
?LGetStringEx@e3_GAPI@@UAGPBGIHPBG@Z
?Length@POINT2D@@QBGMXZ
?Length@POINT3D@@QBGMXZ
?Length@QUAT@@QAGMXZ
?Length@_point3d@@QBGNXZ
?Length@e3_STRING@@QBGHXZ
?Limit@POINT3D@@QAGXMM@Z
?Limit@_point3d@@QAGXNN@Z
?Load@FILETYPE@@QAG_NXZ
?Load@MATRIX3D@@QAG?AW4E3RESULT@@PAVe3_STREAM@@@Z
?Load@POINT3D@@QAG?AW4E3RESULT@@PAVe3_STREAM@@@Z
?Load@TSPRITE@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_GENERIC@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_GUID@@QAG?AW4E3RESULT@@PAVe3_STREAM@@@Z
?Load@e3_LAYER@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_LOD@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_MAINRANGE@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_MODIFIER@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_NODE@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_OBJECT@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_PARAM@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_REFSOURCE@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_SKIN@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Load@e3_STRING@@QAG?AW4E3RESULT@@PAVe3_STREAM@@@Z
?Load@e3_SUBD@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?LoadCache@e3_GAPI@@UAG_NPBG0@Z
?LoadFiletypeConfig@e3_GAPI@@UAG_NPAVe3_STREAM@@@Z
?LoadPlugin@e3_GAPI@@UAG_NPBG0@Z
?MoveTo@MATRIX3D@@QAGXABUPOINT3D@@@Z
?NewChunk@e3_STREAM@@MAG_NXZ
?NewChunk@e3_STREAM@@UAG_NG@Z
?NoRotate@MATRIX3D@@QAGXXZ
?NoScale@MATRIX3D@@QAGXXZ
?NoTranslate@MATRIX3D@@QAGXXZ
?Normalize@POINT3D@@QAGXXZ
?Normalize@QUAT@@QAGXXZ
?Normalize@_point3d@@QAGXXZ
?Notify@e3_REFSOURCE@@UAGIII@Z
?NotifyChildsAboutTMChange@e3_NODE@@EAGXXZ
?Offset@MATRIX3D@@QAGXABUPOINT3D@@@Z
?OnError@e3_GAPI@@UAG?AW4E3RESULT@@W42@@Z
?OnNotify@e3_LAYER@@UAGIPAVe3_REFSOURCE@@II@Z
?OnNotify@e3_NODE@@UAGIPAVe3_REFSOURCE@@II@Z
?OnNotify@e3_REFTARGET@@UAGIPAVe3_REFSOURCE@@II@Z
?OnNotify@e3_VIEWPORT@@UAGIPAVe3_REFSOURCE@@II@Z
?OpenChunk@e3_STREAM@@UAGGPAH@Z
?Optimize@e3_BASECONTROL@@UAG_NI@Z
?PaintLine@e3_VIEWPORT@@QAGXPAUPOINT3D@@0K@Z
?PointTransform@MATRIX3D@@QBG?AUPOINT3D@@ABU2@@Z
?PointTransform@MATRIX3D@@QBG?AU_point3d@@ABU2@@Z
?Pop@e3_STACK@@UAG_NPAXH@Z
?PostConvert@TSPRITE@@UAG_NPAUe3_CONVERT@@@Z
?PostConvert@e3_OBJECT@@UAG_NPAUe3_CONVERT@@@Z
?PostConvert@e3_SUBD@@UAG_NPAUe3_CONVERT@@@Z
?PostProcess@TSPRITE@@UAG_NPAVe3_NODE@@PAVe3_CONTEXT@@@Z
?PostProcess@e3_MODIFIER@@UAG_NPAVe3_NODE@@PAVe3_CONTEXT@@@Z
?PostProcess@e3_OBJECT@@UAG_NPAVe3_NODE@@PAVe3_CONTEXT@@@Z
?PreRender@e3_OBJECT@@UAG?AW4E3RESULT@@PAVe3_VIEWPORT@@PAVe3_NODE@@PBUMATRIX3D@@AAURENDER_SPEC2@@PAVe3_CONTEXT@@@Z
?PreRender@e3_RENDERABLE2@@UAG?AW4E3RESULT@@PAVe3_VIEWPORT@@PAVe3_NODE@@PBUMATRIX3D@@AAURENDER_SPEC2@@PAVe3_CONTEXT@@@Z
?PreSortFileTypes@@YGPAVe3_SORTEDCOLLECTION@@PAVe3_COLLECTION@@@Z
?PrepareRescale@@YGPAUPIXWEIGHT@@HHAAH@Z
?PrintA@e3_STREAM@@UAAHPBDZZ
?PrintW@e3_STREAM@@UAAHPBGZZ
?Push@e3_STACK@@UAG_NQAXH@Z
?Put@e3_STREAM@@UAG?AW4E3RESULT@@PAVe3_REFSOURCE@@PAVe3_CONTEXT@@G@Z
?QueryAtoWBufSize@@YGHPBD@Z
?QueryFormatInfo@FILETYPE@@QAG?AW4E3RESULT@@AAPAVe3_XMLNODE@@I@Z
?QueryFormatInfo@e3_GAPI@@UAG?AW4E3RESULT@@PAUe3_GUID@@AAPAVe3_XMLNODE@@I@Z
?QueryInfo@e3_EXTENSION@@UAG?AW4E3RESULT@@PAVe3_XMLNODE@@I@Z
?QueryInfo@e3_GENERIC@@UAG?AW4E3RESULT@@PAVe3_XMLNODE@@I@Z
?QueryWtoABufSize@@YGHPBG@Z
?ReadFloat@e3_STREAM@@UAGMXZ
?ReadLn@e3_STREAM@@UAGHPADH@Z
?ReadLnW@e3_STREAM@@UAGHPAGH@Z
?ReadLong@e3_STREAM@@UAGIXZ
?ReadRegistryColors@@YGXPBDPAKPAVe3_CONTEXT@@@Z
?ReadWord@e3_STREAM@@UAGGXZ
?RegisterExtension@e3_GAPI@@EAG_NPAVe3_PLUGIN@@PBDIPBG@Z
?RegisterExtension@e3_GAPI@@UAG_NPAUHINSTANCE__@@PBDIPBG@Z
?RegisterICON@e3_GAPI@@EAGHIIH@Z
?RegisterICON@e3_GAPI@@UAGHPAUHINSTANCE__@@PBGPBUe3_GUID@@@Z
?RegisterTYPE@e3_GAPI@@UAGIPAUe3_FILETYPE@@@Z
?RegisterType@e3_GAPI@@MAGPAVFILETYPE@@PBG0HIAAUe3_GUID@@@Z
?Release@RENDER@@QAGXXZ
?Release@e3_interface@@UAGIXZ
?RemoveChild@e3_LOD@@UAG_NPAVe3_NODE@@@Z
?RemoveChild@e3_NODE@@UAG_NPAV1@@Z
?RemoveController@e3_GENERIC@@UAG_NPAVe3_BASECONTROL@@@Z
?RemoveController@e3_GENERIC@@UAG_NW4e3_PROPERTIES@@@Z
?RemoveDriver@@YG_NAAPAVDRIVER3D@@_N@Z
?RemoveLine@TSPRITE@@UAG_NPAUE3MLINE@@@Z
?RemoveNotifyCALLBACK@e3_GAPI@@UAG_NP6GIIII@Z@Z
?RemovePoint@TSPRITE@@UAG_NPAUE3MPOINT@@@Z
?RemoveRefTarget@e3_REFSOURCE@@UAG_NPAVe3_REFTARGET@@@Z
?RemoveStep@e3_VIEWPORT@@UAG?AW4E3RESULT@@PAVe3_VIEWPORTSTEP@@@Z
?Render@TSPRITE@@UAG?AW4E3RESULT@@PAVe3_VIEWPORT@@PAVe3_NODE@@PAVe3_CONTEXT@@@Z
?Render@e3_OBJECT@@UAG?AW4E3RESULT@@PAVe3_VIEWPORT@@PAVe3_NODE@@PBUMATRIX3D@@AAURENDER_SPEC@@PAVe3_CONTEXT@@@Z
?Render@e3_RENDERABLE2@@UAG?AW4E3RESULT@@PAVe3_VIEWPORT@@PAVe3_NODE@@PBUMATRIX3D@@AAURENDER_SPEC@@PAVe3_CONTEXT@@@Z
?ReplaceMaterials@e3_MODIFIER@@UAGHXZ
?Reset@e3_STREAM@@UAG_NXZ
?Rotate@MATRIX3D@@QAGXABUANGLEAXIS@@@Z
?Rotate@MATRIX3D@@QAGXABUANGLEAXISex@@@Z
?Rotate@MATRIX3D@@QAGXABUPOINT3D@@@Z
?Rotate@MATRIX3D@@QAGXABUQUAT@@@Z
?Rotate@MATRIX3D@@QAGXABU_point3d@@@Z
?RotateX@MATRIX3D@@QAGXN@Z
?RotateY@MATRIX3D@@QAGXN@Z
?RotateZ@MATRIX3D@@QAGXN@Z
?Round@POINT3D@@QAGXM@Z
?Round@_point3d@@QAGXN@Z
?Save@MATRIX3D@@QBG?AW4E3RESULT@@PAVe3_STREAM@@G_N@Z
?Save@POINT3D@@QBG?AW4E3RESULT@@PAVe3_STREAM@@G@Z
?Save@TSPRITE@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_GENERIC@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_GUID@@QBG?AW4E3RESULT@@PAVe3_STREAM@@G@Z
?Save@e3_LAYER@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_LOD@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_MAINRANGE@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_MODIFIER@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_NODE@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_OBJECT@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_PARAM@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_REFSOURCE@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_SKIN@@UAG?AW4E3RESULT@@PAVe3_STREAM@@PAVe3_CONTEXT@@@Z
?Save@e3_STRING@@QBG?AW4E3RESULT@@PAVe3_STREAM@@G@Z

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]e28fe1917c5ffe9a3062ee369087f971.exe

Resubmissions

Sharing

General

Malware Config

Signatures

Files

95e6f8741083e0c7d9a63d45e2472360

Headers

File Characteristics

Imports

ole32

oleaut32

wininet

kernel32

user32

gdi32

advapi32

crtdll

Sections

.rsrc Size: 27KB - Virtual size: 27KB

.bss Size: - Virtual size: 132KB

.data Size: 11KB - Virtual size: 11KB

.idata Size: 3KB - Virtual size: 3KB

.embm Size: 512B - Virtual size: 4KB

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

Imports

wsock32

ole32

oleaut32

wininet

kernel32

user32

gdi32

advapi32

crtdll

Sections

.text Size: 51KB - Virtual size: 51KB

.bss Size: - Virtual size: 122KB

.data Size: 13KB - Virtual size: 13KB

.idata Size: 4KB - Virtual size: 4KB

.flh Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 51KB - Virtual size: 51KB

.bss Size: - Virtual size: 122KB

.data Size: 13KB - Virtual size: 13KB

.idata Size: 4KB - Virtual size: 4KB

.flh Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.data Size: 192KB - Virtual size: 281KB

/4 Size: 512B - Virtual size: 278B

/18 Size: 183KB - Virtual size: 183KB

/30 Size: 148KB - Virtual size: 147KB

/43 Size: 76KB - Virtual size: 76KB

/59 Size: 123KB - Virtual size: 123KB

/75 Size: 512B - Virtual size: 32B

/90 Size: 512B - Virtual size: 34B

/109 Size: 749KB - Virtual size: 748KB

.idata Size: 1024B - Virtual size: 882B

.symtab Size: 317KB - Virtual size: 316KB

.rsrc Size: 95KB - Virtual size: 94KB

a8c436d9a0e5e9875d8e3a40db9db0a8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

comdlg32

advapi32

shell32

.rsrc
Size: 27KB - Virtual size: 27KB

.bss
Size: - Virtual size: 132KB

.data
Size: 11KB - Virtual size: 11KB

.idata
Size: 3KB - Virtual size: 3KB

.embm
Size: 512B - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 51KB

.bss
Size: - Virtual size: 122KB

.data
Size: 13KB - Virtual size: 13KB

.idata
Size: 4KB - Virtual size: 4KB

.flh
Size: 512B - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 51KB

.bss
Size: - Virtual size: 122KB

.data
Size: 13KB - Virtual size: 13KB

.idata
Size: 4KB - Virtual size: 4KB

.flh
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 192KB - Virtual size: 281KB

/4
Size: 512B - Virtual size: 278B

/18
Size: 183KB - Virtual size: 183KB

/30
Size: 148KB - Virtual size: 147KB

/43
Size: 76KB - Virtual size: 76KB

/59
Size: 123KB - Virtual size: 123KB

/75
Size: 512B - Virtual size: 32B

/90
Size: 512B - Virtual size: 34B

/109
Size: 749KB - Virtual size: 748KB

.idata
Size: 1024B - Virtual size: 882B

.symtab
Size: 317KB - Virtual size: 316KB

.rsrc
Size: 95KB - Virtual size: 94KB

.text
Size: - Virtual size: 206KB

.rdata2
Size: - Virtual size: 100B

.rdata
Size: - Virtual size: 772B

.data
Size: - Virtual size: 5KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 1024B - Virtual size: 576B

.text
Size: 32KB - Virtual size: 32KB

.bss
Size: - Virtual size: 132KB

.reloc
Size: 12KB - Virtual size: 12KB

.idata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 4KB

.l1
Size: 4KB - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 31KB

.bss
Size: - Virtual size: 132KB

.data
Size: 12KB - Virtual size: 12KB

.idata
Size: 3KB - Virtual size: 3KB

.fldo
Size: 512B - Virtual size: 4KB

.l1
Size: 4KB - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 31KB

.bss
Size: - Virtual size: 132KB

.data
Size: 12KB - Virtual size: 12KB

.idata
Size: 3KB - Virtual size: 3KB