| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202f.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 658f7c8255cfab9fd088b2adeee25ca9 SHA-1 : b81cf3718e8faf01844d58771010bb201f2d2621 SHA-256 : bed35f184bda13bb08275261ecb5fecfc6cb88dd3fc9b1a866a464ca2fc69603 SHA-512 : 0dbe33d57476d4af2282370eeb789a2b34949a739d2b3c8b6451ee49a96739173e929cca3dc2f2f6a25e4a92a6585acf9f4299b9a56aa461725a1060338d98df Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202l.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 626452015e41113db5faf3518151b640 SHA-1 : ca7d6dcf22eb1cccaf9f99d52000b1d050e79639 SHA-256 : cbd503c77af6f71c61a58c71c7ca8fa5b3163478a4d2f1a0cb01cdae01d55c06 SHA-512 : eb172ec37daca13f0a3484d38035059cb335062a348954f1a9ea04777a818f020642c8d12aa2b1f56c812ba89f07b087d4de9ad1302af638405802425238f91d Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202r.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : ce78747df085f674ac29868fc2189cab SHA-1 : b1faf9c520341ba83170105d4912a721c5ede737 SHA-256 : 92ae089a0cb9c83d39e9a23bdda2832225df12a7152565d47230d1719b5b3b65 SHA-512 : d17acc226da72e121a8cebae857c091ac139a16f2a623571ec874266efec3388306030193485be5bed4b0fa70b0cab37fc485c872317db15b94d5f429eb3d4e8 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202o.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 7df3310beaf605ce9f9247ff3a5ddc63 SHA-1 : 454d9d2a47f8ff22a3a78e2b94719f884711a913 SHA-256 : 4acec04d76ef685cc0abcd010e454777fea24d7576ecda3d81d232b8ee6112fd SHA-512 : 94ab9a0d3da813d5497ce364b34a812a339e2cee0c4641d9e8fff155069814386929bddb24e61a7efd8ccd466bc3560c2763735e6446e4fb56297834b4dc0cdf Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 55baeba3081884e3b93216c6b63841c5 SHA-1 : 7a787036dce4588ff415824c23b79e4fe8d1cb65 SHA-256 : 30d55419d3b77fd6747fa0ea2d7e9fa2e56113b31bce2a6baa72b9ddb702be51 SHA-512 : 9c2116c39cca8ddf9bc97bfc9bdd59806e7c11e20c56edbb3d145d137779666fd8916de907df6285dc0321d6d8f7e747a64022282fc0d71b29993b79b0df5aca Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202v.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : fc60fdccf9cc77c0f30697de7f2dc553 SHA-1 : 88862d15a46d9c360751c626681c2d7860b8fbfa SHA-256 : 10a18ad3d6fac96b664698b081214cea9b3b367ff78b86027f0b3ccc8c3cdf65 SHA-512 : 9cb5032cfb58051aaf0847000ee84b799ac620bd1c4a277c1a1c6a3123eaad95d217103007f13ca97925c00a93dbb34c2e94ee3635b1330c80ef0dbeae78fa59 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202n.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 462aa31560634f5b0d60afab1d3c2685 SHA-1 : efcdb99625e380535907add13f5da8e053302952 SHA-256 : 9b91fc7db7981f0579a58d726604aa4198e45961f5c280be51cfb39acc8d033c SHA-512 : 2739b79ab483ed0c2bcc227753bed15892c61852dc510523f0bbda332ecbb082039306cfc0b56458d342a224fd85dd88dfd4cfd10cc0c408ed9e5600737d4ad9 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202s.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 59ef0fcc1e13deff49c3945dc8fec01b SHA-1 : 335ed1f0ac6a6a5ab810738623a8f9ea4c433dcc SHA-256 : 025bf86554ee81a73650a4ca56dd09fbfd739873b638eb12e11027478b9162da SHA-512 : 803600a3a40f8447a0dbae885f7d85fad272b3ecdfc70cc3e57b6d555837625eaad59fb5c2fffd84bf1b7c79a447851e2b01cbd3f20c9675db2998a500ac36e0 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202c.exe C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202d.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 329a5b2b6cc2965c9501d2c3dc739c44 SHA-1 : c3c32335f6dbd408c559680dc9cef7702c44d5f3 SHA-256 : 7f73f11c106bb3696710da6af971e66337e290b05cc28e86989f8a36fe07a321 SHA-512 : d9ce6e30961ab2c8496c4cf5086461bb935363f95c04c234a8f64e8fda9f6af0c8a345f89e32d4ac1522f0877083a64fa13b55de9b46658178ef145c863fbcf5 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202t.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 8dbf99621f08d2a21d43a17fdabfe617 SHA-1 : 645f5c170c05d0c206f0959ea29f0fe16550ed6f SHA-256 : 3e0da97d50f123b1d3f82ef42671fcf6f4a36a648d1a658e5853f317323e61b7 SHA-512 : 0e49b19d38ed834abcdcc72afa5a2f737431f291152780186c20ab1c09fd11cdb7de840a99caecd3a023e2fca5d2baf5b8d0ea18a8a7e0f98f570431fe740055 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202x.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : c4d43aeaa46fab21da06c2a217cbe33f SHA-1 : 37bea8317a0d03121096e0f00932dc621b425a73 SHA-256 : 0537263834f3b9a8b58c9fc249082a3c783df9a27233f0f58d5ded113c7064ec SHA-512 : b5595692a9600a106b8ec5b429a8d131d595cbd155faafab792698a81b9ad77efb13a1a76357e6c371dd7aa600a0e47693e814668faae3020141c4f8b9de6fb1 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202u.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 7041027172521332e1008da38ecd601f SHA-1 : 87995e64a4e66e8f964f4a15f86b498cdd9a65d5 SHA-256 : 46c95a2d1f0872ecb3ec6f21263224afe761c040fe37adc5d9d18e6196e23497 SHA-512 : da88be463ed568734aa676b1fb649c6f0a310d5da9f7d1180b680649cba378f5fca1389aa9379ce8accd39288d78d6dde770a0b7962d95086202049b3df594a2 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202i.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : f6b69b7592f3d6dba70701814a6d258f SHA-1 : 30a886dbbe547a8f6d657bac096c766229eeab94 SHA-256 : dd586b369899e01ef6c69d42c23d53c825ef075fa6140d8acbfac4f19cdf0b85 SHA-512 : 8531d941ade37fa7167aae953f9f36e85f5823017b49ca0e9ff6c967aef6b9df1ddb12afb9066db2dbeb223d29f1e3d72611dda12bfe1feec2e062b4c003df5c Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202q.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 2cc5e8c7efd6d791d20eef32d0277cb7 SHA-1 : 1feed78f384fa498b77f99d8cfc16dafd2d1bf6b SHA-256 : 60198e4ab75d4b1c7a033813e77d053907c2d48518354e2a8a0f868260485543 SHA-512 : e4297a36dc05fde2b7fc8e96bf44ea13dd226c790ea4702b2e7f1d10a33e59580e10bf850a8146d681c40e3326dec85003eec14c393cba6709b6c8371778d5f7 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202g.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : f32fb7cf8309c786bf0aceec27eb4ad1 SHA-1 : 55029e02546076c851331ba9f3416f8f5e004269 SHA-256 : 691609956779e83b0d69181bcb2ccb7effb968f7b9bcb1d1aab3ee7759406fa3 SHA-512 : 260c49fbf191ad06985efc190e8d6dd4d5ab17b317cc8c066af6c9e9a074c26694595e2f92971d7229f6f217dd0296f9b7f827d58da51df406ad594baeb12bbd Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202y.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 6c4dfc8246428fbde6e775e281dc032e SHA-1 : 3aa98ff2d89169a1cb68516391cd17ec6c37c575 SHA-256 : b34555b05497d285eb3659639590077ecdc03762a6d531cf79abe0b96a67a775 SHA-512 : 604a67629202a97822512c498fe159f45dd9a3d660642846b7c8758d43edead74ba9d3c1d46e0e4a729e9d0bfccc08b01f9a25bd0fe0cd1efd16b4a5181752f4 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202k.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 6f1278c08fac5abc7e5c62be722741e5 SHA-1 : 755021d09398d4de1e49eac9ad6879d68019050c SHA-256 : b96e6eb1efbf87b5032b1df42cb7a4b66dfaeaac538282ccaa5952fd98eec7c8 SHA-512 : 34b966d679d9ef2ebad29d2ff1eca6295df6d06adbfb2f6f8a66a29f35ff180c052ebcab490c567d34b0a772a021e8e6bea3556cab1d271d1118f67865e1d99a Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202h.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : a0fb978d257e16d38552424518d4e5d6 SHA-1 : 9e6781603b9a0c1fd2c11767051d6c2888a4e3d1 SHA-256 : de78f246ecf73b24a82e454f40c4b42376190060abaf4c833d5ba36dfe76c073 SHA-512 : 2ed4a0a0a768932121981bc43d1295b066b753a79e43b396a07363642c189a0c75f2b2e7374dbf1e18d5a5290ce083cbf7a42b57400bfa36ff478e5496318fad Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202b.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 3d2c6d9d57a6ed402c5d1d046fd19e7a SHA-1 : 2efcd1509975c7341776c025bf073a53b171c6de SHA-256 : 2916503709c3d84f47ef9046a38b99395ce62e8c6093ed290419c7e3a1060917 SHA-512 : 6af70067b45cd7c018c6f93ba6f63f0cfd5b36017e4e9fc52a6ccaab7f381ca36939755577f9a10c17e58e4387a38f6283f4ca8faeb933357dbe7b9edefcdfa4 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202a.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : ca97b2ee463d44cac70f7dc3f1dca8c3 SHA-1 : f4d68ff4d121db1c92504a4f579014c0b324b8e4 SHA-256 : 27cfee4a7d11b60355333d3429cc3eadaef220d0dee4df2a9afabd734a43c7ed SHA-512 : 066e594424ad3887dacc011b58e8de012430c6d09821ace99bb07d68d484e161d5f1722f0c635a9a0e61c2dfd9975f832ab6f94ec960f2cd9a3edb015cd56ad6 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202w.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 4874c9224fc4453a904879da7ed10a48 SHA-1 : ac2a824048e6ae60d2764d0b5f4234aaa4cad94f SHA-256 : 42b3a12f3dfafef6369f17f8a0ee0d833f9afa03eca5839903855737fe0860b9 SHA-512 : 98c1b743d5186d9294728c3bc175b6ea8fef6d19e94e0b2ccc8ff3896c5ed4f7b1c15b752b05b8e53f05271c9280530dd6685334bb220fab83c6770fd55008a1 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202e.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 68ceeb8f918738bc7d8ecfb93899cbdb SHA-1 : 1c3038f828b326252e7be61ea1696e9dfe7ad410 SHA-256 : b8da4a8f0138838c7c0d8e9e6b005de86577bde3dfc154ca177680d432f824c0 SHA-512 : 6063b953fa95a3f82c768b7351498625e44c9e782bbe2750a8649f3be1dd40fda1957cc959c8e61217a82ceb5bf69c8f7825648bd3588bcb31e27d99a226a3a3 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202p.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : af48115ad4ceefc28d49de0e414da9f9 SHA-1 : 16599e030e1f03429d0f7114044e5acf93fc45ae SHA-256 : 83a45b6fde74229de3d8ab71c8073092c3c45c9c7bb957c5b6d14d039e5c3661 SHA-512 : 7373c054afc2e8c9600d6c7c421a76bd0951df51ae3adc2d017300ed2d03783038c2c6aca8390f6bffb00d4b912980d436cc3b99406ab6abd9790172748c9832 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202m.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 260e3985e5e20426728a318174eab44a SHA-1 : 03865e1a5cb69f737519ae8753af2c3dcc402a14 SHA-256 : d513cf45162d5d07451dda7cad8a8f137d833dc7a9e13c2e29680e2a762ce428 SHA-512 : b0e1a277d432d13705662b73b4cd524624f4fda49409fd59cebc7055f84b8799a44b3e66e9f7a27c9939d8e823e6f900b342f2fb57603ab3f7d504bf79fb3ef5 Size : 273.156 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\0537f9741eaeb183d6e0e96719fb8f86912615f7_3202j.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed MD5 : 3e0481d69c1875671ed4518e580b5b43 SHA-1 : 6de753b07b4896c8b714d8acd86a322470f6af57 SHA-256 : 869b095d12a96b1e330ef7c47d65369704e7fc4adf1c01158e7f72a6ba8dda29 SHA-512 : 2fc9a9c2a447d6c531296a9767461278b2cded5a4db6c579bca39b9aeefb65031b720a79f9b9486781f35fa7f5a70adeb7492738dbc76b7ef9a9aebd1aff0b1c Size : 273.156 Kilobytes. |
| Match Rules |
|---|
| File Name: | 69c72aaa506368b23c93b30347c56a00f135645deeab5046c695579586eb7fcb.ex |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| SHA1: | 0537f9741eaeb183d6e0e96719fb8f86912615f7 |
| MD5: | cd2543a1e63bc31315f59893f4607abf |
| First Seen Date: | 2023-07-07 11:50:41.336260 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2023-07-07 11:50:41.336260 ( ) |
| Human Expert Analysis Date: | 2023-07-07 23:16:40.521102 ( ) |
| Human Expert Analysis Result: | PUA |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 4 |
| trid | [[27.1, u'Win32 Executable MS Visual C++ (generic)'], [23.5, u'UPX compressed Win32 Executable'], [23.0, u"Win32 EXE Yoda's Crypter"], [11.3, u'Windows screen saver'], [5.7, u'Win32 Dynamic Link Library (generic)']] |
| compilation time stamp | 0x3CC4C509 [Tue Apr 23 02:20:57 2002 UTC] |
| ProductVersion | 5.1.0.0 |
| FileVersion | 5.1.0.0 |
| OriginalFilename | divxenc.exe |
| FileDescription | |
| Translation | 0x0409 0x04e4 |
| entry point | 0x41be59 (UPX0) |
| machine type | Intel 386 or later - 32Bit |
| file size | 273156 |
| ssdeep | 6144:jh8Z5hMWNFM8LAurlEzAX7oAwfSZ4sX9zQI:VEXM5qrllX7Xw2EI |
| sha256 | 69c72aaa506368b23c93b30347c56a00f135645deeab5046c695579586eb7fcb |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/0/5/3/7/0537f9741eaeb183d6e0e96719fb8f86912615f7', u'EXE:OriginalFileName': u'divxenc.exe', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:07 11:50:15+00:00', u'EXE:InitializedDataSize': 4096, u'File:FileModifyDate': u'2023:07:07 11:49:01+00:00', u'EXE:FileVersionNumber': u'5.1.0.0', u'EXE:FileVersion': u' 5.1.0.0', u'File:FileSize': u'267 kB', u'EXE:CharacterSet': u'Windows, Latin1', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'5.1.0.0', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 139264, u'File:FileName': u'0537f9741eaeb183d6e0e96719fb8f86912615f7', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2002:04:23 02:20:57+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LinkerVersion': 6.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/0/5/3/7', u'EXE:FileDescription': u'', u'EXE:EntryPoint': u'0x1be59', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 20480, u'File:FileInodeChangeDate': u'2023:07:07 11:49:01+00:00', u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'5.1.0.0'}] |
| mime type | application/x-dosexec |
| imphash | 08bca23b44274b89c6980b3fd0bc0ab9 |
| File Path on Client | Seen Count |
|---|---|
| 0537f9741eaeb183d6e0e96719fb8f86912615f7 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x22000 | 0x22000 | 6.4613655026 | 6e585c2a2ea059302e83376c71db43a3 |
| UPX1 | 0x23000 | 0x16000 | 0x15a00 | 4.00855873885 | c3ec8c2070c3ac813709cef23f5b1796 |
| .rsrc | 0x39000 | 0x1000 | 0x600 | 2.76130880003 | ee69ceaa897f3c8ede10c6ddf5c6dc8c |
| .htext | 0x3a000 | 0x5000 | 0x5000 | 3.52040728913 | a6c697b6c8f888a1ab486401a44a789a |
-
KERNEL32.DLL
- GetTempPathA
- GetModuleFileNameA
- FindNextFileA
- InitializeCriticalSection
- DeleteCriticalSection
- EnterCriticalSection
- LeaveCriticalSection
- FindFirstFileA
- ExpandEnvironmentStringsA
- RemoveDirectoryA
- GetFileAttributesA
- DeleteFileA
- CreateDirectoryA
- GetFileSize
- SetFileAttributesA
- GetShortPathNameA
- ReadFile
- GlobalMemoryStatus
- CreateProcessA
- GetVersionExA
- SetEvent
- OpenEventA
- WaitForSingleObject
- MoveFileExA
- GetDiskFreeSpaceA
- GetProcAddress
- LoadLibraryA
- FreeLibrary
- LocalFree
- GetCurrentThread
- CreateMutexA
- OpenMutexA
- InterlockedIncrement
- InterlockedDecrement
- GlobalFree
- GlobalAlloc
- GetModuleHandleA
- OutputDebugStringA
- GetLocalTime
- CreateEventA
- GetTempFileNameA
- FindClose
- GlobalUnlock
- GlobalLock
- ResetEvent
- CreateThread
- lstrcmpiA
- SetEnvironmentVariableA
- CompareStringW
- CompareStringA
- ReleaseSemaphore
- IsBadCodePtr
- IsBadReadPtr
- SetUnhandledExceptionFilter
- GetStringTypeW
- GetStringTypeA
- IsBadWritePtr
- VirtualAlloc
- SetEndOfFile
- SetStdHandle
- FlushFileBuffers
- GetOEMCP
- GetACP
- GetCPInfo
- VirtualFree
- HeapCreate
- HeapDestroy
- GetStdHandle
- SetHandleCount
- GetEnvironmentStringsW
- GetEnvironmentStrings
- FreeEnvironmentStringsW
- FreeEnvironmentStringsA
- UnhandledExceptionFilter
- LCMapStringW
- LCMapStringA
- MultiByteToWideChar
- GetPrivateProfileStringA
- CopyFileA
- WriteFile
- CreateFileA
- SetFilePointer
- GetTickCount
- CloseHandle
- WritePrivateProfileStringA
- GetExitCodeProcess
- GetLastError
- SetLastError
- Sleep
- lstrcatA
- GetWindowsDirectoryA
- GetVolumeInformationA
- lstrlenA
- lstrcpynA
- lstrcpyA
- SearchPathA
- FormatMessageA
- GetSystemDirectoryA
- HeapAlloc
- GetCurrentThreadId
- UnmapViewOfFile
- MapViewOfFile
- WideCharToMultiByte
- HeapSize
- HeapReAlloc
- GetCurrentProcess
- TerminateProcess
- TlsGetValue
- TlsAlloc
- TlsSetValue
- OpenSemaphoreA
- CreateFileMappingA
- HeapFree
- GetFileType
- ExitProcess
- GetVersion
- GetCommandLineA
- GetStartupInfoA
- GetSystemTime
- GetTimeZoneInformation
- RtlUnwind
-
ADVAPI32.dll
- RegQueryValueExA
- RegOpenKeyExA
- RevertToSelf
- ImpersonateSelf
- AreAllAccessesGranted
- GetAclInformation
- GetAce
- AllocateAndInitializeSid
- GetLengthSid
- InitializeAcl
- FreeSid
- InitializeSecurityDescriptor
- SetSecurityDescriptorDacl
- RegEnumKeyExA
- RegQueryInfoKeyA
- RegEnumValueA
- RegEnumKeyA
- RegDeleteKeyA
- RegDeleteValueA
- RegCreateKeyExA
- RegSetValueExA
- AccessCheck
- OpenThreadToken
- RegCloseKey
- AddAccessAllowedAce
-
LZ32.dll
- LZOpenFileA
- LZClose
- LZSeek
- LZRead
-
ole32.dll
- CoCreateGuid
-
USER32.dll
- GetClassInfoExA
- WaitForInputIdle
- DestroyWindow
- wsprintfA
- DispatchMessageA
- TranslateMessage
- GetMessageA
- UpdateWindow
- SetWindowPos
- ShowWindow
- IsWindow
- CreateWindowExA
- SetRect
- GetSystemMetrics
- SystemParametersInfoA
- RegisterClassExA
- LoadCursorA
- LoadIconA
- DefWindowProcA
- SetPropA
- GetPropA
- KillTimer
- SetTimer
- PostMessageA
- EnumWindows
- GetClassNameA
- GetDesktopWindow
- MessageBoxA
- PostQuitMessage
- SetForegroundWindow
- PeekMessageA
- GetCursorPos
- GetWindowTextA
- FindWindowA
- IsWindowVisible
-
VERSION.dll
- GetFileVersionInfoSizeA
- VerQueryValueA
- GetFileVersionInfoA
-
WSOCK32.dll
- recv
- WSACleanup
- WSAStartup
- WSACancelAsyncRequest
- inet_addr
- WSAAsyncGetHostByName
- getsockopt
- __WSAFDIsSet
- select
- connect
- htons
- ioctlsocket
- bind
- inet_ntoa
- socket
- closesocket
- send
- WSAGetLastError
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 233564, u'sha256': u'28a6e2db31f076c3e585edc7ec17119889c16f258abbb674d8a99e8fad9d9234', u'type': u'data', u'size': 432}