6e4cc242...41c9 | Files
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Backdoor, Trojan, Dropper, Spyware, Downloader

6e4cc242e9b433dc2856862df6ea36e1e70bf597121dc5ece179a29b674a41c9 (SHA256)

1.exe

Windows Exe (x86-32)

Created at 2018-09-17 14:41:00

Notifications (1/1)

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Remarks

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1.exe Sample File Binary
Suspicious
»
Mime Type application/x-dosexec
File Size 568.00 KB
MD5 71236fead29f0d691880c806b96f8749 Copy to Clipboard
SHA1 135bb3f6571e62d5863ee7604d5b3f8cf954fadb Copy to Clipboard
SHA256 6e4cc242e9b433dc2856862df6ea36e1e70bf597121dc5ece179a29b674a41c9 Copy to Clipboard
SSDeep 6144:2NSzcBc6G76rTbUfeReNA3vXHxFL/xa0U5VOtp7YPoB/VjBzG7PPSme1MbR2yr:2s2TbUfeYA3vHg02c82mSm+Mp Copy to Clipboard
ImpHash fec85e79dbf7900b1a983630285b1e41 Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2018-09-14 14:34 (UTC+2)
Last Seen 2018-09-16 21:17 (UTC+2)
Names Win32.Trojan.Kryptik
Families Kryptik
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x4193bd
Size Of Code 0x2e600
Size Of Initialized Data 0x5f600
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-09-13 07:28:45+00:00
Version Information (12)
»
LegalCopyright Copyright 2015
InternalName Trigger Citizens
FileVersion 8.8.1.5
CompanyName Twitter Inc.
FileDescription Make Invent Displaylast Mars
LegalTrademarks Copyright 2015
Comments Make Invent Displaylast Mars
ProductName Trigger Citizens
Languages English
ProductVersion 8.8.1.5
PrivateBuild 8.8.1.5
OriginalFilename Trigger Citizens.exe
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2e4c5 0x2e600 0x400 cnt_code, mem_execute, mem_read 6.61
.rdata 0x430000 0xd950 0xda00 0x2ea00 cnt_initialized_data, mem_read 5.8
.data 0x43e000 0x5fbc 0x2600 0x3c400 cnt_initialized_data, mem_read, mem_write 3.97
.rsrc 0x444000 0x4f4d0 0x4f600 0x3ea00 cnt_initialized_data, mem_read 4.63
Imports (20)
»
KERNEL32.dll (109)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetACP 0x0 0x430124 0x3bdb4 0x3a7b4 0x152
IsValidCodePage 0x0 0x430128 0x3bdb8 0x3a7b8 0x2db
GetStdHandle 0x0 0x43012c 0x3bdbc 0x3a7bc 0x23b
FreeEnvironmentStringsA 0x0 0x430130 0x3bdc0 0x3a7c0 0x14a
GetEnvironmentStrings 0x0 0x430134 0x3bdc4 0x3a7c4 0x1bf
FreeEnvironmentStringsW 0x0 0x430138 0x3bdc8 0x3a7c8 0x14b
GetEnvironmentStringsW 0x0 0x43013c 0x3bdcc 0x3a7cc 0x1c1
SetHandleCount 0x0 0x430140 0x3bdd0 0x3a7d0 0x3e8
GetFileType 0x0 0x430144 0x3bdd4 0x3a7d4 0x1d7
HeapCreate 0x0 0x430148 0x3bdd8 0x3a7d8 0x29f
VirtualFree 0x0 0x43014c 0x3bddc 0x3a7dc 0x457
QueryPerformanceCounter 0x0 0x430150 0x3bde0 0x3a7e0 0x354
GetTickCount 0x0 0x430154 0x3bde4 0x3a7e4 0x266
InitializeCriticalSectionAndSpinCount 0x0 0x430158 0x3bde8 0x3a7e8 0x2b5
ExitProcess 0x0 0x43015c 0x3bdec 0x3a7ec 0x104
GetConsoleCP 0x0 0x430160 0x3bdf0 0x3a7f0 0x183
GetConsoleMode 0x0 0x430164 0x3bdf4 0x3a7f4 0x195
LCMapStringA 0x0 0x430168 0x3bdf8 0x3a7f8 0x2e1
LCMapStringW 0x0 0x43016c 0x3bdfc 0x3a7fc 0x2e3
GetStringTypeA 0x0 0x430170 0x3be00 0x3a800 0x23d
GetStringTypeW 0x0 0x430174 0x3be04 0x3a804 0x240
SetStdHandle 0x0 0x430178 0x3be08 0x3a808 0x3fc
WriteConsoleA 0x0 0x43017c 0x3be0c 0x3a80c 0x482
GetConsoleOutputCP 0x0 0x430180 0x3be10 0x3a810 0x199
WriteConsoleW 0x0 0x430184 0x3be14 0x3a814 0x48c
Sleep 0x0 0x430188 0x3be18 0x3a818 0x421
HeapReAlloc 0x0 0x43018c 0x3be1c 0x3a81c 0x2a4
HeapFree 0x0 0x430190 0x3be20 0x3a820 0x2a1
FindResourceA 0x0 0x430194 0x3be24 0x3a824 0x136
HeapAlloc 0x0 0x430198 0x3be28 0x3a828 0x29d
GetStartupInfoA 0x0 0x43019c 0x3be2c 0x3a82c 0x239
GetCommandLineA 0x0 0x4301a0 0x3be30 0x3a830 0x16f
GetSystemTimeAsFileTime 0x0 0x4301a4 0x3be34 0x3a834 0x24f
IsDebuggerPresent 0x0 0x4301a8 0x3be38 0x3a838 0x2d1
SetUnhandledExceptionFilter 0x0 0x4301ac 0x3be3c 0x3a83c 0x415
UnhandledExceptionFilter 0x0 0x4301b0 0x3be40 0x3a840 0x43e
TerminateProcess 0x0 0x4301b4 0x3be44 0x3a844 0x42d
SetErrorMode 0x0 0x4301b8 0x3be48 0x3a848 0x3d2
GetModuleHandleW 0x0 0x4301bc 0x3be4c 0x3a84c 0x1f9
CreateFileA 0x0 0x4301c0 0x3be50 0x3a850 0x78
GetCurrentProcess 0x0 0x4301c4 0x3be54 0x3a854 0x1a9
FlushFileBuffers 0x0 0x4301c8 0x3be58 0x3a858 0x141
SetFilePointer 0x0 0x4301cc 0x3be5c 0x3a85c 0x3df
WriteFile 0x0 0x4301d0 0x3be60 0x3a860 0x48d
ReadFile 0x0 0x4301d4 0x3be64 0x3a864 0x368
HeapSize 0x0 0x4301d8 0x3be68 0x3a868 0x2a6
RtlUnwind 0x0 0x4301dc 0x3be6c 0x3a86c 0x392
WritePrivateProfileStringA 0x0 0x4301e0 0x3be70 0x3a870 0x492
GetOEMCP 0x0 0x4301e4 0x3be74 0x3a874 0x213
GetCPInfo 0x0 0x4301e8 0x3be78 0x3a878 0x15b
InterlockedIncrement 0x0 0x4301ec 0x3be7c 0x3a87c 0x2c0
TlsFree 0x0 0x4301f0 0x3be80 0x3a880 0x433
LocalReAlloc 0x0 0x4301f4 0x3be84 0x3a884 0x300
TlsSetValue 0x0 0x4301f8 0x3be88 0x3a888 0x435
TlsAlloc 0x0 0x4301fc 0x3be8c 0x3a88c 0x432
GlobalHandle 0x0 0x430200 0x3be90 0x3a890 0x28f
GlobalReAlloc 0x0 0x430204 0x3be94 0x3a894 0x293
TlsGetValue 0x0 0x430208 0x3be98 0x3a898 0x434
GlobalFlags 0x0 0x43020c 0x3be9c 0x3a89c 0x28b
EnterCriticalSection 0x0 0x430210 0x3bea0 0x3a8a0 0xd9
LeaveCriticalSection 0x0 0x430214 0x3bea4 0x3a8a4 0x2ef
DeleteCriticalSection 0x0 0x430218 0x3bea8 0x3a8a8 0xbe
InitializeCriticalSection 0x0 0x43021c 0x3beac 0x3a8ac 0x2b4
GlobalFree 0x0 0x430220 0x3beb0 0x3a8b0 0x28c
GetCurrentThread 0x0 0x430224 0x3beb4 0x3a8b4 0x1ac
ConvertDefaultLocale 0x0 0x430228 0x3beb8 0x3a8b8 0x5a
EnumResourceLanguagesA 0x0 0x43022c 0x3bebc 0x3a8bc 0xe6
InterlockedExchange 0x0 0x430230 0x3bec0 0x3a8c0 0x2bd
lstrcmpA 0x0 0x430234 0x3bec4 0x3a8c4 0x4a9
InterlockedDecrement 0x0 0x430238 0x3bec8 0x3a8c8 0x2bc
GetModuleFileNameW 0x0 0x43023c 0x3becc 0x3a8cc 0x1f5
GlobalLock 0x0 0x430240 0x3bed0 0x3a8d0 0x290
GlobalUnlock 0x0 0x430244 0x3bed4 0x3a8d4 0x297
MulDiv 0x0 0x430248 0x3bed8 0x3a8d8 0x319
GetModuleFileNameA 0x0 0x43024c 0x3bedc 0x3a8dc 0x1f4
FreeResource 0x0 0x430250 0x3bee0 0x3a8e0 0x14f
GetCurrentThreadId 0x0 0x430254 0x3bee4 0x3a8e4 0x1ad
GlobalGetAtomNameA 0x0 0x430258 0x3bee8 0x3a8e8 0x28d
GlobalAddAtomA 0x0 0x43025c 0x3beec 0x3a8ec 0x283
GlobalFindAtomA 0x0 0x430260 0x3bef0 0x3a8f0 0x288
GlobalDeleteAtom 0x0 0x430264 0x3bef4 0x3a8f4 0x287
CompareStringA 0x0 0x430268 0x3bef8 0x3a8f8 0x52
SetLastError 0x0 0x43026c 0x3befc 0x3a8fc 0x3ec
MultiByteToWideChar 0x0 0x430270 0x3bf00 0x3a900 0x31a
lstrcmpW 0x0 0x430274 0x3bf04 0x3a904 0x4aa
GetVersionExA 0x0 0x430278 0x3bf08 0x3a908 0x275
lstrlenA 0x0 0x43027c 0x3bf0c 0x3a90c 0x4b5
LocalFree 0x0 0x430280 0x3bf10 0x3a910 0x2fd
GetCurrentProcessId 0x0 0x430284 0x3bf14 0x3a914 0x1aa
CloseHandle 0x0 0x430288 0x3bf18 0x3a918 0x43
GetModuleHandleA 0x0 0x43028c 0x3bf1c 0x3a91c 0x1f6
LocalAlloc 0x0 0x430290 0x3bf20 0x3a920 0x2f9
VirtualAlloc 0x0 0x430294 0x3bf24 0x3a924 0x454
GetLastError 0x0 0x430298 0x3bf28 0x3a928 0x1e6
CreateEventA 0x0 0x43029c 0x3bf2c 0x3a92c 0x72
GlobalAlloc 0x0 0x4302a0 0x3bf30 0x3a930 0x285
OpenProcess 0x0 0x4302a4 0x3bf34 0x3a934 0x333
GetSystemDefaultLCID 0x0 0x4302a8 0x3bf38 0x3a938 0x241
WaitForSingleObject 0x0 0x4302ac 0x3bf3c 0x3a93c 0x464
GetLocaleInfoA 0x0 0x4302b0 0x3bf40 0x3a940 0x1e8
GetComputerNameA 0x0 0x4302b4 0x3bf44 0x3a944 0x175
LockResource 0x0 0x4302b8 0x3bf48 0x3a948 0x307
LoadLibraryA 0x0 0x4302bc 0x3bf4c 0x3a94c 0x2f1
GetProcAddress 0x0 0x4302c0 0x3bf50 0x3a950 0x220
RaiseException 0x0 0x4302c4 0x3bf54 0x3a954 0x35a
SizeofResource 0x0 0x4302c8 0x3bf58 0x3a958 0x420
WideCharToMultiByte 0x0 0x4302cc 0x3bf5c 0x3a95c 0x47a
LoadResource 0x0 0x4302d0 0x3bf60 0x3a960 0x2f6
FreeLibrary 0x0 0x4302d4 0x3bf64 0x3a964 0x14c
USER32.dll (125)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSysColorBrush 0x0 0x430350 0x3bfe0 0x3a9e0 0x16d
DestroyMenu 0x0 0x430354 0x3bfe4 0x3a9e4 0x9e
GetDesktopWindow 0x0 0x430358 0x3bfe8 0x3a9e8 0x11c
CreateDialogIndirectParamA 0x0 0x43035c 0x3bfec 0x3a9ec 0x59
GetNextDlgTabItem 0x0 0x430360 0x3bff0 0x3a9f0 0x153
EndDialog 0x0 0x430364 0x3bff4 0x3a9f4 0xd3
GetMessageA 0x0 0x430368 0x3bff8 0x3a9f8 0x14a
TranslateMessage 0x0 0x43036c 0x3bffc 0x3a9fc 0x2d5
GetActiveWindow 0x0 0x430370 0x3c000 0x3aa00 0xf9
ValidateRect 0x0 0x430374 0x3c004 0x3aa04 0x2f2
SetCursor 0x0 0x430378 0x3c008 0x3aa08 0x270
ShowWindow 0x0 0x43037c 0x3c00c 0x3aa0c 0x2b8
SetWindowTextA 0x0 0x430380 0x3c010 0x3aa10 0x2ab
IsDialogMessageA 0x0 0x430384 0x3c014 0x3aa14 0x1b8
ClientToScreen 0x0 0x430388 0x3c018 0x3aa18 0x45
GrayStringA 0x0 0x43038c 0x3c01c 0x3aa1c 0x193
DrawTextExA 0x0 0x430390 0x3c020 0x3aa20 0xc6
DrawTextA 0x0 0x430394 0x3c024 0x3aa24 0xc5
TabbedTextOutA 0x0 0x430398 0x3c028 0x3aa28 0x2c6
IsWindowEnabled 0x0 0x43039c 0x3c02c 0x3aa2c 0x1c6
RegisterWindowMessageA 0x0 0x4303a0 0x3c030 0x3aa30 0x249
WinHelpA 0x0 0x4303a4 0x3c034 0x3aa34 0x2ff
GetCapture 0x0 0x4303a8 0x3c038 0x3aa38 0x101
SetWindowsHookExA 0x0 0x4303ac 0x3c03c 0x3aa3c 0x2af
CallNextHookEx 0x0 0x4303b0 0x3c040 0x3aa40 0x1b
GetClassLongA 0x0 0x4303b4 0x3c044 0x3aa44 0x108
GetClassNameA 0x0 0x4303b8 0x3c048 0x3aa48 0x10a
SetPropA 0x0 0x4303bc 0x3c04c 0x3aa4c 0x28f
GetPropA 0x0 0x4303c0 0x3c050 0x3aa50 0x15b
RemovePropA 0x0 0x4303c4 0x3c054 0x3aa54 0x24f
GetWindowTextLengthA 0x0 0x4303c8 0x3c058 0x3aa58 0x18d
GetWindowTextA 0x0 0x4303cc 0x3c05c 0x3aa5c 0x18c
GetForegroundWindow 0x0 0x4303d0 0x3c060 0x3aa60 0x125
GetLastActivePopup 0x0 0x4303d4 0x3c064 0x3aa64 0x138
SetActiveWindow 0x0 0x4303d8 0x3c068 0x3aa68 0x266
DispatchMessageA 0x0 0x4303dc 0x3c06c 0x3aa6c 0xa8
GetTopWindow 0x0 0x4303e0 0x3c070 0x3aa70 0x175
GetMessageTime 0x0 0x4303e4 0x3c074 0x3aa74 0x14d
PeekMessageA 0x0 0x4303e8 0x3c078 0x3aa78 0x21b
MapWindowPoints 0x0 0x4303ec 0x3c07c 0x3aa7c 0x1f3
GetKeyState 0x0 0x4303f0 0x3c080 0x3aa80 0x131
SetForegroundWindow 0x0 0x4303f4 0x3c084 0x3aa84 0x27a
IsWindowVisible 0x0 0x4303f8 0x3c088 0x3aa88 0x1ca
UpdateWindow 0x0 0x4303fc 0x3c08c 0x3aa8c 0x2e9
GetSubMenu 0x0 0x430400 0x3c090 0x3aa90 0x16b
GetMenuItemID 0x0 0x430404 0x3c094 0x3aa94 0x143
GetMenuItemCount 0x0 0x430408 0x3c098 0x3aa98 0x142
GetClassInfoExA 0x0 0x43040c 0x3c09c 0x3aa9c 0x105
RegisterClassA 0x0 0x430410 0x3c0a0 0x3aaa0 0x233
AdjustWindowRectEx 0x0 0x430414 0x3c0a4 0x3aaa4 0x3
CopyRect 0x0 0x430418 0x3c0a8 0x3aaa8 0x4f
GetDlgCtrlID 0x0 0x43041c 0x3c0ac 0x3aaac 0x11e
CallWindowProcA 0x0 0x430420 0x3c0b0 0x3aab0 0x1c
PtInRect 0x0 0x430424 0x3c0b4 0x3aab4 0x229
SetWindowLongA 0x0 0x430428 0x3c0b8 0x3aab8 0x2a4
SystemParametersInfoA 0x0 0x43042c 0x3c0bc 0x3aabc 0x2c4
GetWindowPlacement 0x0 0x430430 0x3c0c0 0x3aac0 0x187
SetMenuItemBitmaps 0x0 0x430434 0x3c0c4 0x3aac4 0x283
GetMenuCheckMarkDimensions 0x0 0x430438 0x3c0c8 0x3aac8 0x13e
GetFocus 0x0 0x43043c 0x3c0cc 0x3aacc 0x124
ModifyMenuA 0x0 0x430440 0x3c0d0 0x3aad0 0x200
GetMenuState 0x0 0x430444 0x3c0d4 0x3aad4 0x147
EndPaint 0x0 0x430448 0x3c0d8 0x3aad8 0xd5
DestroyWindow 0x0 0x43044c 0x3c0dc 0x3aadc 0xa0
InsertMenuItemA 0x0 0x430450 0x3c0e0 0x3aae0 0x1a4
PostQuitMessage 0x0 0x430454 0x3c0e4 0x3aae4 0x220
SendDlgItemMessageA 0x0 0x430458 0x3c0e8 0x3aae8 0x259
KillTimer 0x0 0x43045c 0x3c0ec 0x3aaec 0x1cd
IsClipboardFormatAvailable 0x0 0x430460 0x3c0f0 0x3aaf0 0x1b6
CreateMenu 0x0 0x430464 0x3c0f4 0x3aaf4 0x64
BeginPaint 0x0 0x430468 0x3c0f8 0x3aaf8 0xe
GetDC 0x0 0x43046c 0x3c0fc 0x3aafc 0x11a
InflateRect 0x0 0x430470 0x3c100 0x3ab00 0x1a1
UnregisterClassA 0x0 0x430474 0x3c104 0x3ab04 0x2de
GetMenu 0x0 0x430478 0x3c108 0x3ab08 0x13c
TrackPopupMenuEx 0x0 0x43047c 0x3c10c 0x3ab0c 0x2d0
UnhookWindowsHookEx 0x0 0x430480 0x3c110 0x3ab10 0x2d9
MessageBoxA 0x0 0x430484 0x3c114 0x3ab14 0x1f8
GetWindowLongA 0x0 0x430488 0x3c118 0x3ab18 0x181
CreateWindowExA 0x0 0x43048c 0x3c11c 0x3ab1c 0x67
ReleaseDC 0x0 0x430490 0x3c120 0x3ab20 0x24c
GetMessagePos 0x0 0x430494 0x3c124 0x3ab24 0x14c
EnableMenuItem 0x0 0x430498 0x3c128 0x3ab28 0xcf
GetDlgItem 0x0 0x43049c 0x3c12c 0x3ab2c 0x11f
SetWindowPos 0x0 0x4304a0 0x3c130 0x3ab30 0x2a7
GetCursorPos 0x0 0x4304a4 0x3c134 0x3ab34 0x119
GetMenuItemInfoA 0x0 0x4304a8 0x3c138 0x3ab38 0x144
SetMenu 0x0 0x4304ac 0x3c13c 0x3ab3c 0x27f
CreatePopupMenu 0x0 0x4304b0 0x3c140 0x3ab40 0x65
DrawMenuBar 0x0 0x4304b4 0x3c144 0x3ab44 0xc1
PostMessageA 0x0 0x4304b8 0x3c148 0x3ab48 0x21e
MessageBoxW 0x0 0x4304bc 0x3c14c 0x3ab4c 0x1ff
DialogBoxIndirectParamA 0x0 0x4304c0 0x3c150 0x3ab50 0xa2
SetMenuItemInfoA 0x0 0x4304c4 0x3c154 0x3ab54 0x284
DialogBoxParamA 0x0 0x4304c8 0x3c158 0x3ab58 0xa5
SetDlgItemTextA 0x0 0x4304cc 0x3c15c 0x3ab5c 0x276
GetDialogBaseUnits 0x0 0x4304d0 0x3c160 0x3ab60 0x11d
CheckMenuItem 0x0 0x4304d4 0x3c164 0x3ab64 0x3d
GetWindowThreadProcessId 0x0 0x4304d8 0x3c168 0x3ab68 0x190
GetWindow 0x0 0x4304dc 0x3c16c 0x3ab6c 0x17d
GetSystemMenu 0x0 0x4304e0 0x3c170 0x3ab70 0x16e
IsIconic 0x0 0x4304e4 0x3c174 0x3ab74 0x1bd
LoadBitmapA 0x0 0x4304e8 0x3c178 0x3ab78 0x1d0
LoadIconA 0x0 0x4304ec 0x3c17c 0x3ab7c 0x1d6
SendMessageA 0x0 0x4304f0 0x3c180 0x3ab80 0x25e
GetSysColor 0x0 0x4304f4 0x3c184 0x3ab84 0x16c
AppendMenuA 0x0 0x4304f8 0x3c188 0x3ab88 0x9
GetSystemMetrics 0x0 0x4304fc 0x3c18c 0x3ab8c 0x16f
ScreenToClient 0x0 0x430500 0x3c190 0x3ab90 0x254
GetWindowRect 0x0 0x430504 0x3c194 0x3ab94 0x188
GetParent 0x0 0x430508 0x3c198 0x3ab98 0x155
DrawIcon 0x0 0x43050c 0x3c19c 0x3ab9c 0xbf
GetClientRect 0x0 0x430510 0x3c1a0 0x3aba0 0x10d
GetIconInfo 0x0 0x430514 0x3c1a4 0x3aba4 0x128
OffsetRect 0x0 0x430518 0x3c1a8 0x3aba8 0x20e
InvalidateRect 0x0 0x43051c 0x3c1ac 0x3abac 0x1aa
DefWindowProcA 0x0 0x430520 0x3c1b0 0x3abb0 0x95
EnumChildWindows 0x0 0x430524 0x3c1b4 0x3abb4 0xd8
GetClassInfoA 0x0 0x430528 0x3c1b8 0x3abb8 0x104
IsWindow 0x0 0x43052c 0x3c1bc 0x3abbc 0x1c5
EqualRect 0x0 0x430530 0x3c1c0 0x3abc0 0xec
EnableWindow 0x0 0x430534 0x3c1c4 0x3abc4 0xd1
LoadCursorA 0x0 0x430538 0x3c1c8 0x3abc8 0x1d2
MoveWindow 0x0 0x43053c 0x3c1cc 0x3abcc 0x205
SetFocus 0x0 0x430540 0x3c1d0 0x3abd0 0x279
GDI32.dll (48)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ScaleWindowExtEx 0x0 0x430050 0x3bce0 0x3a6e0 0x259
ScaleViewportExtEx 0x0 0x430054 0x3bce4 0x3a6e4 0x258
DPtoLP 0x0 0x430058 0x3bce8 0x3a6e8 0x92
SetWindowExtEx 0x0 0x43005c 0x3bcec 0x3a6ec 0x293
MoveToEx 0x0 0x430060 0x3bcf0 0x3a6f0 0x221
LineTo 0x0 0x430064 0x3bcf4 0x3a6f4 0x21d
SetViewportExtEx 0x0 0x430068 0x3bcf8 0x3a6f8 0x28f
OffsetViewportOrgEx 0x0 0x43006c 0x3bcfc 0x3a6fc 0x225
SetViewportOrgEx 0x0 0x430070 0x3bd00 0x3a700 0x290
Escape 0x0 0x430074 0x3bd04 0x3a704 0x119
TextOutA 0x0 0x430078 0x3bd08 0x3a708 0x29f
RectVisible 0x0 0x43007c 0x3bd0c 0x3a70c 0x245
PtVisible 0x0 0x430080 0x3bd10 0x3a710 0x241
GetObjectA 0x0 0x430084 0x3bd14 0x3a714 0x1e2
SetMapMode 0x0 0x430088 0x3bd18 0x3a718 0x27b
RestoreDC 0x0 0x43008c 0x3bd1c 0x3a71c 0x250
SaveDC 0x0 0x430090 0x3bd20 0x3a720 0x257
GetClipBox 0x0 0x430094 0x3bd24 0x3a724 0x1aa
CreateBitmap 0x0 0x430098 0x3bd28 0x3a728 0x28
CreateEllipticRgn 0x0 0x43009c 0x3bd2c 0x3a72c 0x36
SetTextColor 0x0 0x4300a0 0x3bd30 0x3a730 0x28d
DeleteDC 0x0 0x4300a4 0x3bd34 0x3a734 0xcd
SetBkColor 0x0 0x4300a8 0x3bd38 0x3a738 0x265
GetRgnBox 0x0 0x4300ac 0x3bd3c 0x3a73c 0x1f3
GetDCOrgEx 0x0 0x4300b0 0x3bd40 0x3a740 0x1b1
SetBkMode 0x0 0x4300b4 0x3bd44 0x3a744 0x266
SelectObject 0x0 0x4300b8 0x3bd48 0x3a748 0x25e
CombineRgn 0x0 0x4300bc 0x3bd4c 0x3a74c 0x21
GdiSetBatchLimit 0x0 0x4300c0 0x3bd50 0x3a750 0x185
CreateBrushIndirect 0x0 0x4300c4 0x3bd54 0x3a754 0x2a
FillRgn 0x0 0x4300c8 0x3bd58 0x3a758 0x12d
GetTextExtentExPointA 0x0 0x4300cc 0x3bd5c 0x3a75c 0x200
CreateRectRgn 0x0 0x4300d0 0x3bd60 0x3a760 0x4d
GetPixel 0x0 0x4300d4 0x3bd64 0x3a764 0x1eb
GetStockObject 0x0 0x4300d8 0x3bd68 0x3a768 0x1f4
ExtTextOutA 0x0 0x4300dc 0x3bd6c 0x3a76c 0x122
GetRandomRgn 0x0 0x4300e0 0x3bd70 0x3a770 0x1ef
CreateSolidBrush 0x0 0x4300e4 0x3bd74 0x3a774 0x52
BitBlt 0x0 0x4300e8 0x3bd78 0x3a778 0x12
GetDeviceCaps 0x0 0x4300ec 0x3bd7c 0x3a77c 0x1b5
CreateFontIndirectA 0x0 0x4300f0 0x3bd80 0x3a780 0x3b
DeleteObject 0x0 0x4300f4 0x3bd84 0x3a784 0xd0
CreateCompatibleDC 0x0 0x4300f8 0x3bd88 0x3a788 0x2e
CreateCompatibleBitmap 0x0 0x4300fc 0x3bd8c 0x3a78c 0x2d
Rectangle 0x0 0x430100 0x3bd90 0x3a790 0x246
GetCharWidthA 0x0 0x430104 0x3bd94 0x3a794 0x1a2
CreatePatternBrush 0x0 0x430108 0x3bd98 0x3a798 0x48
CreatePen 0x0 0x43010c 0x3bd9c 0x3a79c 0x49
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetOpenFileNameA 0x0 0x430044 0x3bcd4 0x3a6d4 0xb
ChooseColorA 0x0 0x430048 0x3bcd8 0x3a6d8 0x0
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenPrinterA 0x0 0x43055c 0x3c1ec 0x3abec 0x8e
DocumentPropertiesA 0x0 0x430560 0x3c1f0 0x3abf0 0x4d
ClosePrinter 0x0 0x430564 0x3c1f4 0x3abf4 0x1d
ADVAPI32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegEnumKeyA 0x0 0x430000 0x3bc90 0x3a690 0x247
RegSetValueExA 0x0 0x430004 0x3bc94 0x3a694 0x277
RegCreateKeyExA 0x0 0x430008 0x3bc98 0x3a698 0x232
RegQueryValueA 0x0 0x43000c 0x3bc9c 0x3a69c 0x266
RegOpenKeyA 0x0 0x430010 0x3bca0 0x3a6a0 0x259
OpenProcessToken 0x0 0x430014 0x3bca4 0x3a6a4 0x1f1
RegDeleteKeyA 0x0 0x430018 0x3bca8 0x3a6a8 0x237
RegOpenKeyExA 0x0 0x43001c 0x3bcac 0x3a6ac 0x25a
RegQueryValueExA 0x0 0x430020 0x3bcb0 0x3a6b0 0x267
RegCloseKey 0x0 0x430024 0x3bcb4 0x3a6b4 0x22a
ConvertSidToStringSidW 0x0 0x430028 0x3bcb8 0x3a6b8 0x68
GetUserNameA 0x0 0x43002c 0x3bcbc 0x3a6bc 0x15e
GetTokenInformation 0x0 0x430030 0x3bcc0 0x3a6c0 0x154
GetUserNameW 0x0 0x430034 0x3bcc4 0x3a6c4 0x15f
SHELL32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHQueryRecycleBinA 0x0 0x430314 0x3bfa4 0x3a9a4 0xf5
SHGetSpecialFolderLocation 0x0 0x430318 0x3bfa8 0x3a9a8 0xd8
SHEmptyRecycleBinA 0x0 0x43031c 0x3bfac 0x3a9ac 0xa1
Shell_NotifyIconA 0x0 0x430320 0x3bfb0 0x3a9b0 0x122
SHParseDisplayName 0x0 0x430324 0x3bfb4 0x3a9b4 0xef
SHLWAPI.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathMatchSpecA 0x0 0x43032c 0x3bfbc 0x3a9bc 0x78
PathAppendA 0x0 0x430330 0x3bfc0 0x3a9c0 0x33
PathFindFileNameA 0x0 0x430334 0x3bfc4 0x3a9c4 0x48
PathFindExtensionA 0x0 0x430338 0x3bfc8 0x3a9c8 0x46
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetHGlobalFromStream 0x0 0x43057c 0x3c20c 0x3ac0c 0x94
CreateStreamOnHGlobal 0x0 0x430580 0x3c210 0x3ac10 0x85
OLEAUT32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleLoadPicture 0x1a2 0x4302e8 0x3bf78 0x3a978 -
OleCreateFontIndirect 0x1a4 0x4302ec 0x3bf7c 0x3a97c -
VariantClear 0x9 0x4302f0 0x3bf80 0x3a980 -
VariantChangeType 0xc 0x4302f4 0x3bf84 0x3a984 -
VariantInit 0x8 0x4302f8 0x3bf88 0x3a988 -
OPENGL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
glOrtho 0x0 0x430300 0x3bf90 0x3a990 0xc4
glViewport 0x0 0x430304 0x3bf94 0x3a994 0x156
glLoadIdentity 0x0 0x430308 0x3bf98 0x3a998 0xa4
glMatrixMode 0x0 0x43030c 0x3bf9c 0x3a99c 0xb5
GLU32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
gluLookAt 0x0 0x430114 0x3bda4 0x3a7a4 0x15
VERSION.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoW 0x0 0x430548 0x3c1d8 0x3abd8 0x5
WININET.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FtpDeleteFileW 0x0 0x430550 0x3c1e0 0x3abe0 0x2a
HttpQueryInfoA 0x0 0x430554 0x3c1e4 0x3abe4 0x58
WS2_32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSAStartup 0x73 0x430574 0x3c204 0x3ac04 -
AVIFIL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AVIStreamWrite 0x0 0x43003c 0x3bccc 0x3a6cc 0x39
WINTRUST.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinVerifyTrust 0x0 0x43056c 0x3c1fc 0x3abfc 0x73
Secur32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AcquireCredentialsHandleA 0x0 0x430340 0x3bfd0 0x3a9d0 0x1
AcceptSecurityContext 0x0 0x430344 0x3bfd4 0x3a9d4 0x0
CompleteAuthToken 0x0 0x430348 0x3bfd8 0x3a9d8 0xc
IMM32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImmEscapeA 0x0 0x43011c 0x3bdac 0x3a7ac 0x29
OLEACC.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LresultFromObject 0x0 0x4302dc 0x3bf6c 0x3a96c 0x14
CreateStdAccessibleObject 0x0 0x4302e0 0x3bf70 0x3a970 0x4
Icons (1)
»
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-heap-l1-1-0.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 18.80 KB
MD5 93d3da06bf894f4fa21007bee06b5e7d Copy to Clipboard
SHA1 1e47230a7ebcfaf643087a1929a385e0d554ad15 Copy to Clipboard
SHA256 f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d Copy to Clipboard
SSDeep 192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-10-25 19:05 (UTC+2)
Last Seen 2018-09-06 12:22 (UTC+2)
PE Information
»
Image Base 0x10000000
Size Of Code 0x800
Size Of Initialized Data 0x400
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 1987-03-31 17:26:34+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName apisetstub
FileVersion 10.0.16299.15 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.16299.15
FileDescription ApiSet Stub DLL
OriginalFilename apisetstub
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x616 0x800 0x200 cnt_code, mem_execute, mem_read 4.05
.rsrc 0x10002000 0x3f0 0x400 0xa00 cnt_initialized_data, mem_read 3.3
Exports (27)
»
Api name EAT Address Ordinal
_aligned_free 0x1263 0x1
_aligned_malloc 0x128a 0x2
_aligned_msize 0x12b2 0x3
_aligned_offset_malloc 0x12e1 0x4
_aligned_offset_realloc 0x1319 0x5
_aligned_offset_recalloc 0x1353 0x6
_aligned_realloc 0x1386 0x7
_aligned_recalloc 0x13b2 0x8
_callnewh 0x13d7 0x9
_calloc_base 0x13f7 0xa
_expand 0x1415 0xb
_free_base 0x1431 0xc
_get_heap_handle 0x1456 0xd
_heapchk 0x1479 0xe
_heapmin 0x1494 0xf
_heapwalk 0x14b0 0x10
_malloc_base 0x14d0 0x11
_msize 0x14ed 0x12
_query_new_handler 0x1510 0x13
_query_new_mode 0x153c 0x14
_realloc_base 0x1563 0x15
_recalloc 0x1584 0x16
_set_new_mode 0x15a5 0x17
calloc 0x15c3 0x18
free 0x15d8 0x19
malloc 0x15ed 0x1a
realloc 0x1605 0x1b
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2017-08-11 20:11:15+00:00
Valid Until 2018-08-11 20:11:15+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 01 78 25 5A B5 CD 23 C6 5F 95 00 01 00 00 01 78
Thumbprint 49 D5 9D 86 50 5D 82 94 2A 07 63 88 69 3F 4F B7 B2 12 54 EE
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/vcruntime140.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 81.82 KB
MD5 7587bf9cb4147022cd5681b015183046 Copy to Clipboard
SHA1 f2106306a8f6f0da5afb7fc765cfa0757ad5a628 Copy to Clipboard
SHA256 c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d Copy to Clipboard
SSDeep 1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF Copy to Clipboard
ImpHash fa315c9bc46ab41d4bc4e3f94023067f Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-06-02 19:06 (UTC+2)
Last Seen 2018-09-14 01:13 (UTC+2)
PE Information
»
Image Base 0x10000000
Entry Point 0x1000ae00
Size Of Code 0xea00
Size Of Initialized Data 0x2000
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2017-05-25 20:01:16+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName vcruntime140.dll
FileVersion 14.11.25325.0 built by: VCTOOLSREL
CompanyName Microsoft Corporation
ProductName Microsoft® Visual Studio® 2017
ProductVersion 14.11.25325.0
FileDescription Microsoft® C Runtime Library
OriginalFilename vcruntime140.dll
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0xe9c4 0xea00 0x400 cnt_code, mem_execute, mem_read 6.62
.data 0x10010000 0x644 0x200 0xee00 cnt_initialized_data, mem_read, mem_write 3.71
.idata 0x10011000 0x5b8 0x600 0xf000 cnt_initialized_data, mem_read 5.04
.rsrc 0x10012000 0x408 0x600 0xf600 cnt_initialized_data, mem_read 2.46
.reloc 0x10013000 0xa94 0xc00 0xfc00 cnt_initialized_data, mem_discardable, mem_read 6.21
Imports (6)
»
api-ms-win-crt-runtime-l1-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
abort 0x0 0x1001109c 0x111e8 0xf1e8 0x57
terminate 0x0 0x100110a0 0x111ec 0xf1ec 0x6a
api-ms-win-crt-string-l1-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
strcpy_s 0x0 0x100110b0 0x111fc 0xf1fc 0x89
wcsncmp 0x0 0x100110b4 0x11200 0xf200 0xa6
api-ms-win-crt-heap-l1-1-0.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
malloc 0x0 0x10011084 0x111d0 0xf1d0 0x19
_free_base 0x0 0x10011088 0x111d4 0xf1d4 0xb
free 0x0 0x1001108c 0x111d8 0xf1d8 0x18
_malloc_base 0x0 0x10011090 0x111dc 0xf1dc 0x10
_calloc_base 0x0 0x10011094 0x111e0 0xf1e0 0x9
api-ms-win-crt-stdio-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__stdio_common_vsprintf_s 0x0 0x100110a8 0x111f4 0xf1f4 0xf
api-ms-win-crt-convert-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
atol 0x0 0x1001107c 0x111c8 0xf1c8 0x51
KERNEL32.dll (30)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LeaveCriticalSection 0x0 0x10011000 0x1114c 0xf14c 0x3a0
TerminateProcess 0x0 0x10011004 0x11150 0xf150 0x561
GetCurrentProcess 0x0 0x10011008 0x11154 0xf154 0x207
SetUnhandledExceptionFilter 0x0 0x1001100c 0x11158 0xf158 0x543
UnhandledExceptionFilter 0x0 0x10011010 0x1115c 0xf15c 0x582
GetSystemTimeAsFileTime 0x0 0x10011014 0x11160 0xf160 0x2d4
GetCurrentThreadId 0x0 0x10011018 0x11164 0xf164 0x20c
GetCurrentProcessId 0x0 0x1001101c 0x11168 0xf168 0x208
QueryPerformanceCounter 0x0 0x10011020 0x1116c 0xf16c 0x42b
IsProcessorFeaturePresent 0x0 0x10011024 0x11170 0xf170 0x36b
GetModuleHandleW 0x0 0x10011028 0x11174 0xf174 0x265
GetModuleFileNameW 0x0 0x1001102c 0x11178 0xf178 0x261
LoadLibraryExW 0x0 0x10011030 0x1117c 0xf17c 0x3a5
TlsFree 0x0 0x10011034 0x11180 0xf180 0x574
TlsGetValue 0x0 0x10011038 0x11184 0xf184 0x575
FreeLibrary 0x0 0x1001103c 0x11188 0xf188 0x19c
RtlUnwind 0x0 0x10011040 0x1118c 0xf18c 0x4ad
VirtualQuery 0x0 0x10011044 0x11190 0xf190 0x5a3
EncodePointer 0x0 0x10011048 0x11194 0xf194 0x11f
InterlockedFlushSList 0x0 0x1001104c 0x11198 0xf198 0x352
InterlockedPushEntrySList 0x0 0x10011050 0x1119c 0xf19c 0x355
RaiseException 0x0 0x10011054 0x111a0 0xf1a0 0x43f
EnterCriticalSection 0x0 0x10011058 0x111a4 0xf1a4 0x123
DeleteCriticalSection 0x0 0x1001105c 0x111a8 0xf1a8 0x103
SetLastError 0x0 0x10011060 0x111ac 0xf1ac 0x50b
GetLastError 0x0 0x10011064 0x111b0 0xf1b0 0x24e
TlsSetValue 0x0 0x10011068 0x111b4 0xf1b4 0x576
InitializeCriticalSectionAndSpinCount 0x0 0x1001106c 0x111b8 0xf1b8 0x346
TlsAlloc 0x0 0x10011070 0x111bc 0xf1bc 0x573
GetProcAddress 0x0 0x10011074 0x111c0 0xf1c0 0x29b
Exports (81)
»
Api name EAT Address Ordinal
_CreateFrameInfo 0xe540 0x1
_CxxThrowException 0x4690 0x2
_EH_prolog 0xeb50 0x3
_FindAndUnlinkFrame 0xe570 0x4
_IsExceptionObjectToBeDestroyed 0x2ce0 0x5
_NLG_Dispatch2 0xb463 0x6
_NLG_Return 0xd0b7 0x7
_NLG_Return2 0xb46d 0x8
_SetWinRTOutOfMemoryExceptionCallback 0x2c20 0x9
__AdjustPointer 0x2ad0 0xa
__BuildCatchObject 0x3930 0xb
__BuildCatchObjectHelper 0x3800 0xc
__CxxDetectRethrow 0x3cb0 0xd
__CxxExceptionFilter 0x3ab0 0xe
__CxxFrameHandler 0xe660 0xf
__CxxFrameHandler2 0xe660 0x10
__CxxFrameHandler3 0xe660 0x11
__CxxLongjmpUnwind 0xe6a0 0x12
__CxxQueryExceptionSize 0x3e10 0x13
__CxxRegisterExceptionObject 0x3c00 0x14
__CxxUnregisterExceptionObject 0x3d00 0x15
__DestructExceptionObject 0x2c40 0x16
__FrameUnwindFilter 0x2bd0 0x17
__GetPlatformExceptionInfo 0x2b00 0x18
__RTCastToVoid 0x3e60 0x19
__RTDynamicCast 0x3f80 0x1a
__RTtypeid 0x3f00 0x1b
__TypeMatch 0x3420 0x1c
__current_exception 0x2ba0 0x1d
__current_exception_context 0x2bb0 0x1e
__intrinsic_setjmp 0xb260 0x1f
__processing_throw 0x2bc0 0x20
__report_gsfailure 0xeba0 0x21
__std_exception_copy 0x4470 0x22
__std_exception_destroy 0x44e0 0x23
__std_terminate 0x2c30 0x24
__std_type_info_compare 0x4500 0x25
__std_type_info_destroy_list 0x4660 0x26
__std_type_info_hash 0x4540 0x27
__std_type_info_name 0x4570 0x28
__telemetry_main_invoke_trigger 0x2670 0x29
__telemetry_main_return_trigger 0x2670 0x2a
__unDName 0x4d20 0x2b
__unDNameEx 0x4dc0 0x2c
__uncaught_exception 0x2b90 0x2d
__uncaught_exceptions 0x2b50 0x2e
__vcrt_GetModuleFileNameW 0x4bd0 0x2f
__vcrt_GetModuleHandleW 0x4bf0 0x30
__vcrt_InitializeCriticalSectionEx 0x4b80 0x31
__vcrt_LoadLibraryExW 0x4c00 0x32
_chkesp 0xb670 0x33
_except_handler2 0xae28 0x34
_except_handler3 0xaef8 0x35
_except_handler4_common 0xb500 0x36
_get_purecall_handler 0x4c80 0x37
_get_unexpected 0x4700 0x38
_global_unwind2 0xb330 0x39
_is_exception_typeof 0x2d10 0x3a
_local_unwind2 0xb396 0x3b
_local_unwind4 0xb030 0x3c
_longjmpex 0xb320 0x3d
_purecall 0x4c20 0x3e
_seh_longjmp_unwind 0xb004 0x40
_seh_longjmp_unwind4 0xb108 0x3f
_set_purecall_handler 0x4c40 0x41
_set_se_translator 0x4760 0x42
_setjmp3 0xb2a0 0x43
longjmp 0x26d0 0x44
memchr 0xd0e0 0x45
memcmp 0xbb10 0x46
memcpy 0xd190 0x47
memmove 0xd710 0x48
memset 0xdc90 0x49
set_unexpected 0x4720 0x4a
strchr 0xddf0 0x4b
strrchr 0xdf20 0x4c
strstr 0xe060 0x4d
unexpected 0x4740 0x4e
wcschr 0x26f0 0x4f
wcsrchr 0x2790 0x50
wcsstr 0x2840 0x51
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2016-08-18 20:17:17+00:00
Valid Until 2017-11-02 20:17:17+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 01 40 96 A9 EE 70 56 FE CC 07 00 01 00 00 01 40
Thumbprint 98 ED 99 A6 78 86 D0 20 C5 64 92 3B 7D F2 5E 9A C0 19 DF 26
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-synch-l1-1-0.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 19.80 KB
MD5 71af7ed2a72267aaad8564524903cff6 Copy to Clipboard
SHA1 8a8437123de5a22ab843adc24a01ac06f48db0d3 Copy to Clipboard
SHA256 5dd4ccd63e6ed07ca3987ab5634ca4207d69c47c2544dfefc41935617652820f Copy to Clipboard
SSDeep 384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-10-12 01:26 (UTC+2)
Last Seen 2018-09-13 22:33 (UTC+2)
PE Information
»
Image Base 0x10000000
Size Of Code 0xc00
Size Of Initialized Data 0x400
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 1996-08-13 19:03:36+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName apisetstub
FileVersion 10.0.16299.15 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.16299.15
FileDescription ApiSet Stub DLL
OriginalFilename apisetstub
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0xa56 0xc00 0x200 cnt_code, mem_execute, mem_read 4.71
.rsrc 0x10002000 0x3f0 0x400 0xe00 cnt_initialized_data, mem_read 3.3
Exports (41)
»
Api name EAT Address Ordinal
AcquireSRWLockExclusive 0x12fb 0x1
AcquireSRWLockShared 0x1331 0x2
CancelWaitableTimer 0x1363 0x3
CreateEventA 0x138d 0x4
CreateEventExA 0x13b2 0x5
CreateEventExW 0x13d9 0x6
CreateEventW 0x13fe 0x7
CreateMutexA 0x1421 0x8
CreateMutexExA 0x1446 0x9
CreateMutexExW 0x146d 0xa
CreateMutexW 0x1492 0xb
CreateSemaphoreExW 0x14bb 0xc
CreateWaitableTimerExW 0x14ee 0xd
DeleteCriticalSection 0x1524 0xe
EnterCriticalSection 0x1558 0xf
InitializeCriticalSection 0x1590 0x10
InitializeCriticalSectionAndSpinCount 0x15d9 0x11
InitializeCriticalSectionEx 0x1624 0x12
InitializeSRWLock 0x165b 0x13
LeaveCriticalSection 0x168b 0x14
OpenEventA 0x16b4 0x15
OpenEventW 0x16d3 0x16
OpenMutexW 0x16f2 0x17
OpenSemaphoreW 0x1715 0x18
OpenWaitableTimerW 0x1740 0x19
ReleaseMutex 0x1769 0x1a
ReleaseSRWLockExclusive 0x1797 0x1b
ReleaseSRWLockShared 0x17cd 0x1c
ReleaseSemaphore 0x17fc 0x1d
ResetEvent 0x1821 0x1e
SetCriticalSectionSpinCount 0x1851 0x1f
SetEvent 0x187f 0x20
SetWaitableTimer 0x18a2 0x21
SetWaitableTimerEx 0x18cf 0x22
SleepEx 0x18f3 0x23
TryAcquireSRWLockExclusive 0x191f 0x24
TryAcquireSRWLockShared 0x195b 0x25
TryEnterCriticalSection 0x1994 0x26
WaitForMultipleObjectsEx 0x19ce 0x27
WaitForSingleObject 0x1a04 0x28
WaitForSingleObjectEx 0x1a37 0x29
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2017-08-11 20:11:15+00:00
Valid Until 2018-08-11 20:11:15+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 01 78 25 5A B5 CD 23 C6 5F 95 00 01 00 00 01 78
Thumbprint 49 D5 9D 86 50 5D 82 94 2A 07 63 88 69 3F 4F B7 B2 12 54 EE
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-process-l1-1-0.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 18.80 KB
MD5 8d02dd4c29bd490e672d271700511371 Copy to Clipboard
SHA1 f3035a756e2e963764912c6b432e74615ae07011 Copy to Clipboard
SHA256 c03124ba691b187917ba79078c66e12cbf5387a3741203070ba23980aa471e8b Copy to Clipboard
SSDeep 192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-10-25 19:05 (UTC+2)
Last Seen 2018-08-18 07:08 (UTC+2)
PE Information
»
Image Base 0x10000000
Size Of Code 0x800
Size Of Initialized Data 0x400
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2065-11-29 11:56:28+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName apisetstub
FileVersion 10.0.16299.15 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.16299.15
FileDescription ApiSet Stub DLL
OriginalFilename apisetstub
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x688 0x800 0x200 cnt_code, mem_execute, mem_read 4.14
.rsrc 0x10002000 0x3f0 0x400 0xa00 cnt_initialized_data, mem_read 3.3
Exports (36)
»
Api name EAT Address Ordinal
_beep 0x12c8 0x1
_cwait 0x12de 0x2
_execl 0x12f5 0x3
_execle 0x130d 0x4
_execlp 0x1326 0x5
_execlpe 0x1340 0x6
_execv 0x1359 0x7
_execve 0x1371 0x8
_execvp 0x138a 0x9
_execvpe 0x13a4 0xa
_loaddll 0x13bf 0xb
_spawnl 0x13d9 0xc
_spawnle 0x13f3 0xd
_spawnlp 0x140e 0xe
_spawnlpe 0x142a 0xf
_spawnv 0x1445 0x10
_spawnve 0x145f 0x11
_spawnvp 0x147a 0x12
_spawnvpe 0x1496 0x13
_unloaddll 0x14b4 0x14
_wexecl 0x14d0 0x15
_wexecle 0x14ea 0x16
_wexeclp 0x1505 0x17
_wexeclpe 0x1521 0x18
_wexecv 0x153c 0x19
_wexecve 0x1556 0x1a
_wexecvp 0x1571 0x1b
_wexecvpe 0x158d 0x1c
_wspawnl 0x15a9 0x1d
_wspawnle 0x15c5 0x1e
_wspawnlp 0x15e2 0x1f
_wspawnlpe 0x1600 0x20
_wspawnv 0x161d 0x21
_wspawnve 0x1639 0x22
_wspawnvp 0x1656 0x23
_wspawnvpe 0x1674 0x24
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2017-08-11 20:11:15+00:00
Valid Until 2018-08-11 20:11:15+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 01 78 25 5A B5 CD 23 C6 5F 95 00 01 00 00 01 78
Thumbprint 49 D5 9D 86 50 5D 82 94 2A 07 63 88 69 3F 4F B7 B2 12 54 EE
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/nssdbm3.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 90.45 KB
MD5 569a7a65658a46f9412bdfa04f86e2b2 Copy to Clipboard
SHA1 44cc0038e891ae73c43b61a71a46c97f98b1030d Copy to Clipboard
SHA256 541a293c450e609810279f121a5e9dfa4e924d52e8b0c6c543512b5026efe7ec Copy to Clipboard
SSDeep 1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw Copy to Clipboard
ImpHash d13d5fc7f2f1cf397f0d0cfd732db7a2 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2018-04-28 14:11 (UTC+2)
Last Seen 2018-08-26 09:43 (UTC+2)
PE Information
»
Image Base 0x10000000
Entry Point 0x10011f81
Size Of Code 0x11a00
Size Of Initialized Data 0x3000
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-04-27 21:41:18+00:00
Version Information (11)
»
LegalCopyright License: MPL 2
InternalName -
FileVersion 59.0.3
CompanyName Mozilla Foundation
BuildID 20180427210249
LegalTrademarks Mozilla
Comments -
ProductName Firefox
ProductVersion 59.0.3
FileDescription -
OriginalFilename nssdbm3.dll
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x118e4 0x11a00 0x400 cnt_code, mem_execute, mem_read 6.49
.rdata 0x10013000 0x1f34 0x2000 0x11e00 cnt_initialized_data, mem_read 4.98
.data 0x10015000 0x3f8 0x200 0x13e00 cnt_initialized_data, mem_read, mem_write 0.48
.rsrc 0x10016000 0x370 0x400 0x14000 cnt_initialized_data, mem_read 2.87
.reloc 0x10017000 0x6a4 0x800 0x14400 cnt_initialized_data, mem_discardable, mem_read 5.89
Imports (9)
»
nss3.dll (92)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PL_HashTableEnumerateEntries 0x0 0x100130e4 0x141c4 0x12fc4 0x1ca
SECITEM_AllocItem_Util 0x0 0x100130e8 0x141c8 0x12fc8 0x3a6
PR_Now 0x0 0x100130ec 0x141cc 0x12fcc 0x31f
DER_DecodeTimeChoice_Util 0x0 0x100130f0 0x141d0 0x12fd0 0x8e
NSS_Get_SEC_AnyTemplate_Util 0x0 0x100130f4 0x141d4 0x12fd4 0x100
NSS_Get_SEC_BitStringTemplate_Util 0x0 0x100130f8 0x141d8 0x12fd8 0x103
NSS_Get_SEC_ObjectIDTemplate_Util 0x0 0x100130fc 0x141dc 0x12fdc 0x10b
PORT_InitCheapArena 0x0 0x10013100 0x141e0 0x12fe0 0x209
PORT_DestroyCheapArena 0x0 0x10013104 0x141e4 0x12fe4 0x202
PORT_ArenaMark_Util 0x0 0x10013108 0x141e8 0x12fe8 0x1fb
PORT_ArenaRelease_Util 0x0 0x1001310c 0x141ec 0x12fec 0x1fc
PORT_ArenaUnmark_Util 0x0 0x10013110 0x141f0 0x12ff0 0x1ff
PORT_ArenaStrdup_Util 0x0 0x10013114 0x141f4 0x12ff4 0x1fe
SECITEM_CompareItem_Util 0x0 0x10013118 0x141f8 0x12ff8 0x3a8
PR_OpenFile 0x0 0x1001311c 0x141fc 0x12ffc 0x323
PL_HashTableLookup 0x0 0x10013120 0x14200 0x13000 0x1cb
PR_EnterMonitor 0x0 0x10013124 0x14204 0x13004 0x27c
PR_ExitMonitor 0x0 0x10013128 0x14208 0x13008 0x286
NSSUTIL_ArgGetParamValue 0x0 0x1001312c 0x1420c 0x1300c 0xb1
NSSUTIL_ArgHasFlag 0x0 0x10013130 0x14210 0x13010 0xb2
NSSUTIL_ArgReadLong 0x0 0x10013134 0x14214 0x13014 0xb8
NSSUTIL_Quote 0x0 0x10013138 0x14218 0x13018 0xc0
NSSUTIL_ArgParseSlotFlags 0x0 0x1001313c 0x1421c 0x1301c 0xb6
NSSUTIL_ArgParseSlotInfo 0x0 0x10013140 0x14220 0x13020 0xb7
NSSUTIL_MkSlotString 0x0 0x10013144 0x14224 0x13024 0xbf
NSSUTIL_ArgParseModuleSpec 0x0 0x10013148 0x14228 0x13028 0xb5
NSSUTIL_MkModuleSpec 0x0 0x1001314c 0x1422c 0x1302c 0xbd
NSSUTIL_ArgParseCipherFlags 0x0 0x10013150 0x14230 0x13030 0xb4
NSSUTIL_MkNSSString 0x0 0x10013154 0x14234 0x13034 0xbe
PR_GetError 0x0 0x10013158 0x14238 0x13038 0x2ae
NSSBase64_EncodeItem_Util 0x0 0x1001315c 0x1423c 0x1303c 0xab
PL_HashTableRemove 0x0 0x10013160 0x14240 0x13040 0x1d1
PL_HashTableAdd 0x0 0x10013164 0x14244 0x13044 0x1c7
SECOID_Shutdown 0x0 0x10013168 0x14248 0x13048 0x3fd
SECOID_Init 0x0 0x1001316c 0x1424c 0x1304c 0x3fa
SECITEM_HashCompare 0x0 0x10013170 0x14250 0x13050 0x3b0
PL_CompareValues 0x0 0x10013174 0x14254 0x13054 0x1be
PL_HashTableDestroy 0x0 0x10013178 0x14258 0x13058 0x1c8
PL_NewHashTable 0x0 0x1001317c 0x1425c 0x1305c 0x1d3
PR_FindSymbol 0x0 0x10013180 0x14260 0x13060 0x297
PR_LoadLibrary 0x0 0x10013184 0x14264 0x13064 0x2fc
SECITEM_ItemsAreEqual_Util 0x0 0x10013188 0x14268 0x13068 0x3b2
PORT_Realloc_Util 0x0 0x1001318c 0x1426c 0x1306c 0x20c
DER_SetUInteger 0x0 0x10013190 0x14270 0x13070 0x97
PR_htonl 0x0 0x10013194 0x14274 0x13074 0x391
NSS_Get_SEC_OctetStringTemplate_Util 0x0 0x10013198 0x14278 0x13078 0x10d
PR_ntohl 0x0 0x1001319c 0x1427c 0x1307c 0x394
SECOID_GetAlgorithmTag_Util 0x0 0x100131a0 0x14280 0x13080 0x3f9
SECOID_SetAlgorithmID_Util 0x0 0x100131a4 0x14284 0x13084 0x3fc
SECOID_FindOIDByTag_Util 0x0 0x100131a8 0x14288 0x13088 0x3f3
SECOID_FindOIDTag_Util 0x0 0x100131ac 0x1428c 0x1308c 0x3f6
SEC_ASN1EncodeInteger_Util 0x0 0x100131b0 0x14290 0x13090 0x403
SEC_ASN1EncodeItem_Util 0x0 0x100131b4 0x14294 0x13094 0x405
SEC_QuickDERDecodeItem_Util 0x0 0x100131b8 0x14298 0x13098 0x440
PR_Unlock 0x0 0x100131bc 0x1429c 0x1309c 0x380
PR_Lock 0x0 0x100131c0 0x142a0 0x130a0 0x300
PR_DestroyLock 0x0 0x100131c4 0x142a4 0x130a4 0x268
PR_NewLock 0x0 0x100131c8 0x142a8 0x130a8 0x30e
SECITEM_ZfreeItem_Util 0x0 0x100131cc 0x142ac 0x130ac 0x3b5
SECITEM_FreeItem_Util 0x0 0x100131d0 0x142b0 0x130b0 0x3af
SECITEM_DupItem_Util 0x0 0x100131d4 0x142b4 0x130b4 0x3ad
SECITEM_CopyItem_Util 0x0 0x100131d8 0x142b8 0x130b8 0x3aa
PORT_ArenaZAlloc_Util 0x0 0x100131dc 0x142bc 0x130bc 0x201
PORT_ArenaAlloc_Util 0x0 0x100131e0 0x142c0 0x130c0 0x1f9
PORT_FreeArena_Util 0x0 0x100131e4 0x142c4 0x130c4 0x205
PORT_NewArena_Util 0x0 0x100131e8 0x142c8 0x130c8 0x20b
PORT_GetError_Util 0x0 0x100131ec 0x142cc 0x130cc 0x208
PORT_SetError_Util 0x0 0x100131f0 0x142d0 0x130d0 0x20f
PORT_Strdup_Util 0x0 0x100131f4 0x142d4 0x130d4 0x213
NSS_Get_SECOID_AlgorithmIDTemplate_Util 0x0 0x100131f8 0x142d8 0x130d8 0xff
PR_smprintf_free 0x0 0x100131fc 0x142dc 0x130dc 0x398
PR_smprintf 0x0 0x10013200 0x142e0 0x130e0 0x397
PR_MkDir 0x0 0x10013204 0x142e4 0x130e4 0x30b
PR_Access 0x0 0x10013208 0x142e8 0x130e8 0x224
PR_Delete 0x0 0x1001320c 0x142ec 0x130ec 0x262
PR_Write 0x0 0x10013210 0x142f0 0x130f0 0x38b
PR_Read 0x0 0x10013214 0x142f4 0x130f4 0x33d
PR_DestroyMonitor 0x0 0x10013218 0x142f8 0x130f8 0x26a
PR_Close 0x0 0x1001321c 0x142fc 0x130fc 0x248
PORT_ZAlloc_Util 0x0 0x10013220 0x14300 0x13100 0x219
PR_GetDirectorySeparator 0x0 0x10013224 0x14304 0x13104 0x2aa
PR_GetEnvSecure 0x0 0x10013228 0x14308 0x13108 0x2ad
PR_CallOnce 0x0 0x1001322c 0x1430c 0x1310c 0x23d
PR_SetError 0x0 0x10013230 0x14310 0x13110 0x356
PR_Free 0x0 0x10013234 0x14314 0x13114 0x29c
PORT_Free_Util 0x0 0x10013238 0x14318 0x13118 0x206
PORT_Alloc_Util 0x0 0x1001323c 0x1431c 0x1311c 0x1f7
PR_GetLibraryFilePathname 0x0 0x10013240 0x14320 0x13120 0x2bc
PR_FindFunctionSymbol 0x0 0x10013244 0x14324 0x13124 0x291
PR_UnloadLibrary 0x0 0x10013248 0x14328 0x13128 0x37f
PR_NewMonitor 0x0 0x1001324c 0x1432c 0x1312c 0x310
PR_LoadLibraryWithFlags 0x0 0x10013250 0x14330 0x13130 0x2fd
KERNEL32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitializeSListHead 0x0 0x10013000 0x140e0 0x12ee0 0x35a
DisableThreadLibraryCalls 0x0 0x10013004 0x140e4 0x12ee4 0x11b
GetSystemTimeAsFileTime 0x0 0x10013008 0x140e8 0x12ee8 0x2e2
GetCurrentThreadId 0x0 0x1001300c 0x140ec 0x12eec 0x218
GetCurrentProcessId 0x0 0x10013010 0x140f0 0x12ef0 0x214
QueryPerformanceCounter 0x0 0x10013014 0x140f4 0x12ef4 0x440
IsProcessorFeaturePresent 0x0 0x10013018 0x140f8 0x12ef8 0x37d
TerminateProcess 0x0 0x1001301c 0x140fc 0x12efc 0x57c
GetCurrentProcess 0x0 0x10013020 0x14100 0x12f00 0x213
SetUnhandledExceptionFilter 0x0 0x10013024 0x14104 0x12f04 0x55e
UnhandledExceptionFilter 0x0 0x10013028 0x14108 0x12f08 0x59d
FlushFileBuffers 0x0 0x1001302c 0x1410c 0x12f0c 0x19b
IsDebuggerPresent 0x0 0x10013030 0x14110 0x12f10 0x376
VCRUNTIME140.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_except_handler4_common 0x0 0x10013038 0x14118 0x12f18 0x35
memmove 0x0 0x1001303c 0x1411c 0x12f1c 0x47
memcmp 0x0 0x10013040 0x14120 0x12f20 0x45
memset 0x0 0x10013044 0x14124 0x12f24 0x48
strrchr 0x0 0x10013048 0x14128 0x12f28 0x4b
memcpy 0x0 0x1001304c 0x1412c 0x12f2c 0x46
__std_type_info_destroy_list 0x0 0x10013050 0x14130 0x12f30 0x25
api-ms-win-crt-runtime-l1-1-0.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_initialize_onexit_table 0x0 0x1001307c 0x1415c 0x12f5c 0x36
_initialize_narrow_environment 0x0 0x10013080 0x14160 0x12f60 0x35
_configure_narrow_argv 0x0 0x10013084 0x14164 0x12f64 0x19
_seh_filter_dll 0x0 0x10013088 0x14168 0x12f68 0x41
_initterm 0x0 0x1001308c 0x1416c 0x12f6c 0x38
_execute_onexit_table 0x0 0x10013090 0x14170 0x12f70 0x24
_getpid 0x0 0x10013094 0x14174 0x12f74 0x34
_errno 0x0 0x10013098 0x14178 0x12f78 0x23
abort 0x0 0x1001309c 0x1417c 0x12f7c 0x57
_cexit 0x0 0x100130a0 0x14180 0x12f80 0x17
_initterm_e 0x0 0x100130a4 0x14184 0x12f84 0x39
api-ms-win-crt-heap-l1-1-0.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
calloc 0x0 0x1001306c 0x1414c 0x12f4c 0x17
free 0x0 0x10013070 0x14150 0x12f50 0x18
malloc 0x0 0x10013074 0x14154 0x12f54 0x19
api-ms-win-crt-stdio-l1-1-0.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_lseek 0x0 0x100130ac 0x1418c 0x12f8c 0x45
_get_osfhandle 0x0 0x100130b0 0x14190 0x12f90 0x37
__acrt_iob_func 0x0 0x100130b4 0x14194 0x12f94 0x0
fwrite 0x0 0x100130b8 0x14198 0x12f98 0x8a
_write 0x0 0x100130bc 0x1419c 0x12f9c 0x6b
_read 0x0 0x100130c0 0x141a0 0x12fa0 0x52
_close 0x0 0x100130c4 0x141a4 0x12fa4 0x17
_open 0x0 0x100130c8 0x141a8 0x12fa8 0x49
api-ms-win-crt-environment-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
getenv 0x0 0x10013058 0x14138 0x12f38 0x10
api-ms-win-crt-filesystem-l1-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_stat64i32 0x0 0x10013060 0x14140 0x12f40 0x20
_unlink 0x0 0x10013064 0x14144 0x12f44 0x23
api-ms-win-crt-string-l1-1-0.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
tolower 0x0 0x100130d0 0x141b0 0x12fb0 0x97
isdigit 0x0 0x100130d4 0x141b4 0x12fb4 0x68
_strdup 0x0 0x100130d8 0x141b8 0x12fb8 0x29
strncmp 0x0 0x100130dc 0x141bc 0x12fbc 0x8e
Exports (7)
»
Api name EAT Address Ordinal
legacy_AddSecmodDB 0x10d1b 0x1
legacy_DeleteSecmodDB 0x10dd1 0x2
legacy_Open 0xae88 0x3
legacy_ReadSecmodDB 0x10e51 0x4
legacy_ReleaseSecmodDBData 0x10fab 0x5
legacy_SetCryptFunctions 0xb556 0x6
legacy_Shutdown 0xaf93 0x7
Digital Signatures (3)
»
Certificate: Mozilla Corporation
»
Issued by Mozilla Corporation
Parent Certificate DigiCert SHA2 Assured ID Code Signing CA
Country Name US
Valid From 2017-06-23 00:00:00+00:00
Valid Until 2019-06-28 12:00:00+00:00
Algorithm sha256_rsa
Serial Number C5 39 6D CB 29 49 C7 0F AC 48 AB 08 A0 73 38 E
Thumbprint B6 B2 4A EA 9E 98 3E D6 BD A9 58 6A 14 5A 7D DD 7E 22 01 96
Certificate: DigiCert SHA2 Assured ID Code Signing CA
»
Issued by DigiCert SHA2 Assured ID Code Signing CA
Parent Certificate DigiCert Assured ID Root CA
Country Name US
Valid From 2013-10-22 12:00:00+00:00
Valid Until 2028-10-22 12:00:00+00:00
Algorithm sha256_rsa
Serial Number 40 91 81 B5 FD 5B B6 67 55 34 3B 56 F9 55 00 8
Thumbprint 92 C1 58 8E 85 AF 22 01 CE 79 15 E8 53 8B 49 2F 60 5B 80 C6
Certificate: DigiCert Assured ID Root CA
»
Issued by DigiCert Assured ID Root CA
Country Name US
Valid From 2006-11-10 00:00:00+00:00
Valid Until 2031-11-10 00:00:00+00:00
Algorithm sha1_rsa
Serial Number CE 7E 0E 51 7D 84 6F E8 FE 56 0F C1 BF 03 03 9
Thumbprint 05 63 B8 63 0D 62 D7 5A BB C8 AB 1E 4B DF B5 A8 99 B2 4D 43
C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-shm Created File Stream
Whitelisted
»
Mime Type application/octet-stream
File Size 32.00 KB
MD5 b7c14ec6110fa820ca6b65f5aec85911 Copy to Clipboard
SHA1 608eeb7488042453c9ca40f7e1398fc1a270f3f4 Copy to Clipboard
SHA256 fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb Copy to Clipboard
SSDeep 3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2013-05-09 07:05 (UTC+2)
Last Seen 2018-08-08 03:50 (UTC+2)
C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp Created File Stream
Whitelisted
»
Mime Type application/octet-stream
File Size 18.00 KB
MD5 29844404ae855e9df054833f71888eb1 Copy to Clipboard
SHA1 3e86f08def08fc14ddec0227d0643319562666db Copy to Clipboard
SHA256 c381401ea96dfe9b926126dcbbc0dd6ab541dbf549732cc6c66f20096b1f663e Copy to Clipboard
SSDeep 24:LLijhJ0KL7G0TMJHUyyJtmCm0u6lOKQAE9V8FsffDVOzeCmly6UwcTa/HMQW:wz+JH3yJUhJCVE9V8FsXhFlNU1Ts3W Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-08-06 16:42 (UTC+2)
Last Seen 2018-09-13 14:46 (UTC+2)
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-handle-l1-1-0.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 17.80 KB
MD5 6db54065b33861967b491dd1c8fd8595 Copy to Clipboard
SHA1 ed0938bbc0e2a863859aad64606b8fc4c69b810a Copy to Clipboard
SHA256 945cc64ee04b1964c1f9fcdc3124dd83973d332f5cfb696cdf128ca5c4cbd0e5 Copy to Clipboard
SSDeep 384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-10-25 19:05 (UTC+2)
Last Seen 2018-09-10 23:08 (UTC+2)
PE Information
»
Image Base 0x10000000
Size Of Code 0x400
Size Of Initialized Data 0x400
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2008-02-02 03:17:29+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName apisetstub
FileVersion 10.0.16299.15 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.16299.15
FileDescription ApiSet Stub DLL
OriginalFilename apisetstub
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x25f 0x400 0x200 cnt_code, mem_execute, mem_read 3.24
.rsrc 0x10002000 0x3f0 0x400 0x600 cnt_initialized_data, mem_read 3.3
Exports (5)
»
Api name EAT Address Ordinal
CloseHandle 0x1188 0x1
CompareObjectHandles 0x11b2 0x2
DuplicateHandle 0x11e0 0x3
GetHandleInformation 0x120e 0x4
SetHandleInformation 0x1241 0x5
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2017-08-11 20:11:15+00:00
Valid Until 2018-08-11 20:11:15+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 01 78 25 5A B5 CD 23 C6 5F 95 00 01 00 00 01 78
Thumbprint 49 D5 9D 86 50 5D 82 94 2A 07 63 88 69 3F 4F B7 B2 12 54 EE
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-private-l1-1-0.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 71.30 KB
MD5 9910a1bfdc41c5b39f6af37f0a22aacd Copy to Clipboard
SHA1 47fa76778556f34a5e7910c816c78835109e4050 Copy to Clipboard
SHA256 65ded8d2ce159b2f5569f55b2caf0e2c90f3694bd88c89de790a15a49d8386b9 Copy to Clipboard
SSDeep 1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-10-25 19:05 (UTC+2)
Last Seen 2018-09-13 08:25 (UTC+2)
PE Information
»
Image Base 0x10000000
Size Of Code 0xda00
Size Of Initialized Data 0x400
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 1996-03-31 17:57:49+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName apisetstub
FileVersion 10.0.16299.15 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.16299.15
FileDescription ApiSet Stub DLL
OriginalFilename apisetstub
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0xd8ba 0xda00 0x200 cnt_code, mem_execute, mem_read 5.05
.rsrc 0x1000f000 0x3f0 0x400 0xdc00 cnt_initialized_data, mem_read 3.3
Exports (1164)
»
Api name EAT Address Ordinal
_CreateFrameInfo 0x3ee3 0x1
_CxxThrowException 0x3f10 0x2
_EH_prolog 0x3f37 0x3
_FindAndUnlinkFrame 0x3f5f 0x4
_IsExceptionObjectToBeDestroyed 0x3f9c 0x5
_NLG_Dispatch2 0x3fd4 0x6
_NLG_Return 0x3ff8 0x7
_NLG_Return2 0x401a 0x8
_SetWinRTOutOfMemoryExceptionCallback 0x4056 0x9
__AdjustPointer 0x4095 0xa
__BuildCatchObject 0x40c1 0xb
__BuildCatchObjectHelper 0x40f6 0xc
__CxxDetectRethrow 0x412b 0xd
__CxxExceptionFilter 0x415c 0xe
__CxxFrameHandler 0x418c 0xf
__CxxFrameHandler2 0x41ba 0x10
__CxxFrameHandler3 0x41e9 0x11
__CxxLongjmpUnwind 0x4218 0x12
__CxxQueryExceptionSize 0x424c 0x13
__CxxRegisterExceptionObject 0x428a 0x14
__CxxUnregisterExceptionObject 0x42cf 0x15
__DestructExceptionObject 0x4311 0x16
__FrameUnwindFilter 0x4348 0x17
__GetPlatformExceptionInfo 0x4380 0x18
__RTCastToVoid 0x43b3 0x19
__RTDynamicCast 0x43db 0x1a
__RTtypeid 0x43ff 0x1b
__TypeMatch 0x441f 0x1c
__current_exception 0x4448 0x1d
__current_exception_context 0x4481 0x1e
__dcrt_get_wide_environment_from_os 0x44ca 0x1f
__dcrt_initial_narrow_environment 0x4519 0x20
__intrinsic_abnormal_termination 0x4565 0x21
__intrinsic_setjmp 0x45a2 0x22
__processing_throw 0x45d1 0x23
__report_gsfailure 0x4600 0x24
__std_exception_copy 0x4631 0x25
__std_exception_destroy 0x4667 0x26
__std_terminate 0x4698 0x27
__std_type_info_compare 0x46c9 0x28
__std_type_info_destroy_list 0x4707 0x29
__std_type_info_hash 0x4742 0x2a
__std_type_info_name 0x4775 0x2b
__unDName 0x479d 0x2c
__unDNameEx 0x47bc 0x2d
__uncaught_exception 0x47e6 0x2e
__uncaught_exceptions 0x481a 0x2f
_chkesp 0x4841 0x30
_except_handler2 0x4863 0x31
_except_handler3 0x488e 0x32
_except_handler4_common 0x48c0 0x33
_get_purecall_handler 0x48f7 0x34
_get_unexpected 0x4926 0x35
_global_unwind2 0x494f 0x36
_is_exception_typeof 0x497d 0x37
_local_unwind2 0x49aa 0x38
_local_unwind4 0x49d1 0x39
_longjmpex 0x49f4 0x3a
_o__CIacos 0x4a13 0x3b
_o__CIasin 0x4a32 0x3c
_o__CIatan 0x4a51 0x3d
_o__CIatan2 0x4a71 0x3e
_o__CIcos 0x4a90 0x3f
_o__CIcosh 0x4aae 0x40
_o__CIexp 0x4acc 0x41
_o__CIfmod 0x4aea 0x42
_o__CIlog 0x4b08 0x43
_o__CIlog10 0x4b27 0x44
_o__CIpow 0x4b46 0x45
_o__CIsin 0x4b63 0x46
_o__CIsinh 0x4b81 0x47
_o__CIsqrt 0x4ba0 0x48
_o__CItan 0x4bbe 0x49
_o__CItanh 0x4bdc 0x4a
_o__Getdays 0x4bfc 0x4b
_o__Getmonths 0x4c1f 0x4c
_o__Gettnames 0x4c44 0x4d
_o__Strftime 0x4c68 0x4e
_o__W_Getdays 0x4c8c 0x4f
_o__W_Getmonths 0x4cb3 0x50
_o__W_Gettnames 0x4cdc 0x51
_o__Wcsftime 0x4d02 0x52
_o____lc_codepage_func 0x4d2f 0x53
_o____lc_collate_cp_func 0x4d68 0x54
_o____lc_locale_name_func 0x4da4 0x55
_o____mb_cur_max_func 0x4ddd 0x56
_o___acrt_iob_func 0x4e0f 0x57
_o___conio_common_vcprintf 0x4e46 0x58
_o___conio_common_vcprintf_p 0x4e87 0x59
_o___conio_common_vcprintf_s 0x4eca 0x5a
_o___conio_common_vcscanf 0x4f0a 0x5b
_o___conio_common_vcwprintf 0x4f49 0x5c
_o___conio_common_vcwprintf_p 0x4f8c 0x5d
_o___conio_common_vcwprintf_s 0x4fd1 0x5e
_o___conio_common_vcwscanf 0x5013 0x5f
_o___daylight 0x5045 0x60
_o___dstbias 0x5069 0x61
_o___fpe_flt_rounds 0x5093 0x62
_o___libm_sse2_acos 0x50c4 0x63
_o___libm_sse2_acosf 0x50f6 0x64
_o___libm_sse2_asin 0x5128 0x65
_o___libm_sse2_asinf 0x515a 0x66
_o___libm_sse2_atan 0x518c 0x67
_o___libm_sse2_atan2 0x51be 0x68
_o___libm_sse2_atanf 0x51f1 0x69
_o___libm_sse2_cos 0x5222 0x6a
_o___libm_sse2_cosf 0x5252 0x6b
_o___libm_sse2_exp 0x5282 0x6c
_o___libm_sse2_expf 0x52b2 0x6d
_o___libm_sse2_log 0x52e2 0x6e
_o___libm_sse2_log10 0x5313 0x6f
_o___libm_sse2_log10f 0x5347 0x70
_o___libm_sse2_logf 0x537a 0x71
_o___libm_sse2_pow 0x53aa 0x72
_o___libm_sse2_powf 0x53da 0x73
_o___libm_sse2_sin 0x540a 0x74
_o___libm_sse2_sinf 0x543a 0x75
_o___libm_sse2_tan 0x546a 0x76
_o___libm_sse2_tanf 0x549a 0x77
_o___p___argc 0x54c5 0x78
_o___p___argv 0x54ea 0x79
_o___p___wargv 0x5510 0x7a
_o___p__acmdln 0x5537 0x7b
_o___p__commode 0x555f 0x7c
_o___p__environ 0x5588 0x7d
_o___p__fmode 0x55af 0x7e
_o___p__mbcasemap 0x55d8 0x7f
_o___p__mbctype 0x5603 0x80
_o___p__pgmptr 0x562b 0x81
_o___p__wcmdln 0x5652 0x82
_o___p__wenviron 0x567b 0x83
_o___p__wpgmptr 0x56a5 0x84
_o___pctype_func 0x56cf 0x85
_o___pwctype_func 0x56fb 0x86
_o___std_exception_copy 0x572e 0x87
_o___std_exception_destroy 0x576a 0x88
_o___std_type_info_destroy_list 0x57ae 0x89
_o___std_type_info_name 0x57ef 0x8a
_o___stdio_common_vfprintf 0x582b 0x8b
_o___stdio_common_vfprintf_p 0x586c 0x8c
_o___stdio_common_vfprintf_s 0x58af 0x8d
_o___stdio_common_vfscanf 0x58ef 0x8e
_o___stdio_common_vfwprintf 0x592e 0x8f
_o___stdio_common_vfwprintf_p 0x5971 0x90
_o___stdio_common_vfwprintf_s 0x59b6 0x91
_o___stdio_common_vfwscanf 0x59f8 0x92
_o___stdio_common_vsnprintf_s 0x5a3a 0x93
_o___stdio_common_vsnwprintf_s 0x5a80 0x94
_o___stdio_common_vsprintf 0x5ac3 0x95
_o___stdio_common_vsprintf_p 0x5b04 0x96
_o___stdio_common_vsprintf_s 0x5b47 0x97
_o___stdio_common_vsscanf 0x5b87 0x98
_o___stdio_common_vswprintf 0x5bc6 0x99
_o___stdio_common_vswprintf_p 0x5c09 0x9a
_o___stdio_common_vswprintf_s 0x5c4e 0x9b
_o___stdio_common_vswscanf 0x5c90 0x9c
_o___timezone 0x5cc2 0x9d
_o___tzname 0x5ce5 0x9e
_o___wcserror 0x5d08 0x9f
_o__access 0x5d2a 0xa0
_o__access_s 0x5d4b 0xa1
_o__aligned_free 0x5d72 0xa2
_o__aligned_malloc 0x5d9f 0xa3
_o__aligned_msize 0x5dcd 0xa4
_o__aligned_offset_malloc 0x5e02 0xa5
_o__aligned_offset_realloc 0x5e40 0xa6
_o__aligned_offset_recalloc 0x5e80 0xa7
_o__aligned_realloc 0x5eb9 0xa8
_o__aligned_recalloc 0x5eeb 0xa9
_o__atodbl 0x5f14 0xaa
_o__atodbl_l 0x5f35 0xab
_o__atof_l 0x5f56 0xac
_o__atoflt 0x5f75 0xad
_o__atoflt_l 0x5f96 0xae
_o__atoi64 0x5fb7 0xaf
_o__atoi64_l 0x5fd8 0xb0
_o__atoi_l 0x5ff9 0xb1
_o__atol_l 0x6018 0xb2
_o__atoldbl 0x6038 0xb3
_o__atoldbl_l 0x605b 0xb4
_o__atoll_l 0x607e 0xb5
_o__beep 0x609c 0xb6
_o__beginthread 0x60be 0xb7
_o__beginthreadex 0x60e9 0xb8
_o__cabs 0x610d 0xb9
_o__callnewh 0x612c 0xba
_o__calloc_base 0x6152 0xbb
_o__cexit 0x6175 0xbc
_o__cgets 0x6192 0xbd
_o__cgets_s 0x61b1 0xbe
_o__cgetws 0x61d1 0xbf
_o__cgetws_s 0x61f2 0xc0
_o__chdir 0x6212 0xc1
_o__chdrive 0x6231 0xc2
_o__chmod 0x6250 0xc3
_o__chsize 0x626e 0xc4
_o__chsize_s 0x628f 0xc5
_o__close 0x62af 0xc6
_o__commit 0x62cd 0xc7
_o__configthreadlocale 0x62f8 0xc8
_o__configure_narrow_argv 0x6332 0xc9
_o__configure_wide_argv 0x636d 0xca
_o__controlfp_s 0x639e 0xcb
_o__cputs 0x63c1 0xcc
_o__cputws 0x63df 0xcd
_o__creat 0x63fd 0xce
_o__create_locale 0x6422 0xcf
_o__crt_atexit 0x644c 0xd0
_o__ctime32_s 0x6472 0xd1
_o__ctime64_s 0x6497 0xd2
_o__cwait 0x64b8 0xd3
_o__d_int 0x64d5 0xd4
_o__dclass 0x64f3 0xd5
_o__difftime32 0x6516 0xd6
_o__difftime64 0x653d 0xd7
_o__dlog 0x655e 0xd8
_o__dnorm 0x657a 0xd9
_o__dpcomp 0x6598 0xda
_o__dpoly 0x65b6 0xdb
_o__dscale 0x65d4 0xdc
_o__dsign 0x65f2 0xdd
_o__dsin 0x660e 0xde
_o__dtest 0x662a 0xdf
_o__dunscale 0x664a 0xe0
_o__dup 0x6668 0xe1
_o__dup2 0x6682 0xe2
_o__dupenv_s 0x66a1 0xe3
_o__ecvt 0x66c0 0xe4
_o__ecvt_s 0x66dd 0xe5
_o__endthread 0x66ff 0xe6
_o__endthreadex 0x6726 0xe7
_o__eof 0x6747 0xe8
_o__errno 0x6762 0xe9
_o__except1 0x6781 0xea
_o__execute_onexit_table 0x67af 0xeb
_o__execv 0x67db 0xec
_o__execve 0x67f9 0xed
_o__execvp 0x6818 0xee
_o__execvpe 0x6838 0xef
_o__exit 0x6856 0xf0
_o__expand 0x6873 0xf1
_o__fclose_nolock 0x6899 0xf2
_o__fcloseall 0x68c2 0xf3
_o__fcvt 0x68e2 0xf4
_o__fcvt_s 0x68ff 0xf5
_o__fd_int 0x691e 0xf6
_o__fdclass 0x693e 0xf7
_o__fdexp 0x695d 0xf8
_o__fdlog 0x697a 0xf9
_o__fdopen 0x6998 0xfa
_o__fdpcomp 0x69b8 0xfb
_o__fdpoly 0x69d8 0xfc
_o__fdscale 0x69f8 0xfd
_o__fdsign 0x6a18 0xfe
_o__fdsin 0x6a36 0xff
_o__fflush_nolock 0x6a5b 0x100
_o__fgetc_nolock 0x6a87 0x101
_o__fgetchar 0x6aae 0x102
_o__fgetwc_nolock 0x6ad6 0x103
_o__fgetwchar 0x6aff 0x104
_o__filelength 0x6b25 0x105
_o__filelengthi64 0x6b4f 0x106
_o__fileno 0x6b75 0x107
_o__findclose 0x6b97 0x108
_o__findfirst32 0x6bbe 0x109
_o__findfirst32i64 0x6bea 0x10a
_o__findfirst64 0x6c16 0x10b
_o__findfirst64i32 0x6c42 0x10c
_o__findnext32 0x6c6d 0x10d
_o__findnext32i64 0x6c97 0x10e
_o__findnext64 0x6cc1 0x10f
_o__findnext64i32 0x6ceb 0x110
_o__flushall 0x6d13 0x111
_o__fpclass 0x6d35 0x112
_o__fputc_nolock 0x6d5b 0x113
_o__fputchar 0x6d82 0x114
_o__fputwc_nolock 0x6daa 0x115
_o__fputwchar 0x6dd3 0x116
_o__fread_nolock 0x6dfb 0x117
_o__fread_nolock_s 0x6e28 0x118
_o__free_base 0x6e52 0x119
_o__free_locale 0x6e79 0x11a
_o__fseek_nolock 0x6ea3 0x11b
_o__fseeki64 0x6eca 0x11c
_o__fseeki64_nolock 0x6ef4 0x11d
_o__fsopen 0x6f1c 0x11e
_o__fstat32 0x6f3c 0x11f
_o__fstat32i64 0x6f60 0x120
_o__fstat64 0x6f84 0x121
_o__fstat64i32 0x6fa8 0x122
_o__ftell_nolock 0x6fd1 0x123
_o__ftelli64 0x6ff8 0x124
_o__ftelli64_nolock 0x7022 0x125
_o__ftime32 0x704b 0x126
_o__ftime32_s 0x706e 0x127
_o__ftime64 0x7091 0x128
_o__ftime64_s 0x70b4 0x129
_o__fullpath 0x70d8 0x12a
_o__futime32 0x70fb 0x12b
_o__futime64 0x711e 0x12c
_o__fwrite_nolock 0x7146 0x12d
_o__gcvt 0x716a 0x12e
_o__gcvt_s 0x7187 0x12f
_o__get_daylight 0x71ac 0x130
_o__get_doserrno 0x71d7 0x131
_o__get_dstbias 0x7201 0x132
_o__get_errno 0x7228 0x133
_o__get_fmode 0x724d 0x134
_o__get_heap_handle 0x7278 0x135
_o__get_initial_narrow_environment 0x72b8 0x136
_o__get_initial_wide_environment 0x7305 0x137
_o__get_invalid_parameter_handler 0x7351 0x138
_o__get_narrow_winmain_command_line 0x73a0 0x139
_o__get_osfhandle 0x73df 0x13a
_o__get_pgmptr 0x7409 0x13b
_o__get_stream_buffer_pointers 0x7440 0x13c
_o__get_terminate 0x747a 0x13d
_o__get_thread_local_invalid_parameter_handler 0x74c4 0x13e
_o__get_timezone 0x750d 0x13f
_o__get_tzname 0x7536 0x140
_o__get_wide_winmain_command_line 0x7570 0x141
_o__get_wpgmptr 0x75ab 0x142
_o__getc_nolock 0x75d4 0x143
_o__getch 0x75f7 0x144
_o__getch_nolock 0x761b 0x145
_o__getche 0x7640 0x146
_o__getche_nolock 0x7666 0x147
_o__getcwd 0x768c 0x148
_o__getdcwd 0x76ac 0x149
_o__getdiskfree 0x76d1 0x14a
_o__getdllprocaddr 0x76fd 0x14b
_o__getdrive 0x7726 0x14c
_o__getdrives 0x774a 0x14d
_o__getmbcp 0x776d 0x14e
_o__getsystime 0x7791 0x14f
_o__getw 0x77b2 0x150
_o__getwc_nolock 0x77d5 0x151
_o__getwch 0x77fa 0x152
_o__getwch_nolock 0x7820 0x153
_o__getwche 0x7847 0x154
_o__getwche_nolock 0x786f 0x155
_o__getws 0x7895 0x156
_o__getws_s 0x78b4 0x157
_o__gmtime32 0x78d6 0x158
_o__gmtime32_s 0x78fb 0x159
_o__gmtime64 0x7920 0x15a
_o__gmtime64_s 0x7945 0x15b
_o__heapchk 0x7969 0x15c
_o__heapmin 0x798a 0x15d
_o__hypot 0x79a9 0x15e
_o__hypotf 0x79c7 0x15f
_o__i64toa 0x79e6 0x160
_o__i64toa_s 0x7a07 0x161
_o__i64tow 0x7a28 0x162
_o__i64tow_s 0x7a49 0x163
_o__initialize_narrow_environment 0x7a81 0x164
_o__initialize_onexit_table 0x7ac8 0x165
_o__initialize_wide_environment 0x7b0d 0x166
_o__invalid_parameter_noinfo 0x7b53 0x167
_o__invalid_parameter_noinfo_noreturn 0x7b9f 0x168
_o__isatty 0x7bd9 0x169
_o__isctype 0x7bf9 0x16a
_o__isctype_l 0x7c1c 0x16b
_o__isleadbyte_l 0x7c44 0x16c
_o__ismbbalnum 0x7c6d 0x16d
_o__ismbbalnum_l 0x7c96 0x16e
_o__ismbbalpha 0x7cbf 0x16f
_o__ismbbalpha_l 0x7ce8 0x170
_o__ismbbblank 0x7d11 0x171
_o__ismbbblank_l 0x7d3a 0x172
_o__ismbbgraph 0x7d63 0x173
_o__ismbbgraph_l 0x7d8c 0x174
_o__ismbbkalnum 0x7db6 0x175
_o__ismbbkalnum_l 0x7de1 0x176
_o__ismbbkana 0x7e0a 0x177
_o__ismbbkana_l 0x7e31 0x178
_o__ismbbkprint 0x7e5a 0x179
_o__ismbbkprint_l 0x7e85 0x17a
_o__ismbbkpunct 0x7eb0 0x17b
_o__ismbbkpunct_l 0x7edb 0x17c
_o__ismbblead 0x7f04 0x17d
_o__ismbblead_l 0x7f2b 0x17e
_o__ismbbprint 0x7f53 0x17f
_o__ismbbprint_l 0x7f7c 0x180
_o__ismbbpunct 0x7fa5 0x181
_o__ismbbpunct_l 0x7fce 0x182
_o__ismbbtrail 0x7ff7 0x183
_o__ismbbtrail_l 0x8020 0x184
_o__ismbcalnum 0x8049 0x185
_o__ismbcalnum_l 0x8072 0x186
_o__ismbcalpha 0x809b 0x187
_o__ismbcalpha_l 0x80c4 0x188
_o__ismbcblank 0x80ed 0x189
_o__ismbcblank_l 0x8116 0x18a
_o__ismbcdigit 0x813f 0x18b
_o__ismbcdigit_l 0x8168 0x18c
_o__ismbcgraph 0x8191 0x18d
_o__ismbcgraph_l 0x81ba 0x18e
_o__ismbchira 0x81e2 0x18f
_o__ismbchira_l 0x8209 0x190
_o__ismbckata 0x8230 0x191
_o__ismbckata_l 0x8257 0x192
_o__ismbcl0 0x827c 0x193
_o__ismbcl0_l 0x829f 0x194
_o__ismbcl1 0x82c2 0x195
_o__ismbcl1_l 0x82e5 0x196
_o__ismbcl2 0x8308 0x197
_o__ismbcl2_l 0x832b 0x198
_o__ismbclegal 0x8351 0x199
_o__ismbclegal_l 0x837a 0x19a
_o__ismbclower 0x83a3 0x19b
_o__ismbclower_l 0x83cc 0x19c
_o__ismbcprint 0x83f5 0x19d
_o__ismbcprint_l 0x841e 0x19e
_o__ismbcpunct 0x8447 0x19f
_o__ismbcpunct_l 0x8470 0x1a0
_o__ismbcspace 0x8499 0x1a1
_o__ismbcspace_l 0x84c2 0x1a2
_o__ismbcsymbol 0x84ec 0x1a3
_o__ismbcsymbol_l 0x8517 0x1a4
_o__ismbcupper 0x8541 0x1a5
_o__ismbcupper_l 0x856a 0x1a6
_o__ismbslead 0x8592 0x1a7
_o__ismbslead_l 0x85b9 0x1a8
_o__ismbstrail 0x85e1 0x1a9
_o__ismbstrail_l 0x860a 0x1aa
_o__iswctype_l 0x8633 0x1ab
_o__itoa 0x8654 0x1ac
_o__itoa_s 0x8671 0x1ad
_o__itow 0x868e 0x1ae
_o__itow_s 0x86ab 0x1af
_o__j0 0x86c6 0x1b0
_o__j1 0x86dd 0x1b1
_o__jn 0x86f4 0x1b2
_o__kbhit 0x870e 0x1b3
_o__ld_int 0x872c 0x1b4
_o__ldclass 0x874c 0x1b5
_o__ldexp 0x876b 0x1b6
_o__ldlog 0x8788 0x1b7
_o__ldpcomp 0x87a7 0x1b8
_o__ldpoly 0x87c7 0x1b9
_o__ldscale 0x87e7 0x1ba
_o__ldsign 0x8807 0x1bb
_o__ldsin 0x8825 0x1bc
_o__ldtest 0x8843 0x1bd
_o__ldunscale 0x8865 0x1be
_o__lfind 0x8886 0x1bf
_o__lfind_s 0x88a5 0x1c0
_o__libm_sse2_acos_precise 0x88d5 0x1c1
_o__libm_sse2_asin_precise 0x8914 0x1c2
_o__libm_sse2_atan_precise 0x8953 0x1c3
_o__libm_sse2_cos_precise 0x8991 0x1c4
_o__libm_sse2_exp_precise 0x89ce 0x1c5
_o__libm_sse2_log10_precise 0x8a0d 0x1c6
_o__libm_sse2_log_precise 0x8a4c 0x1c7
_o__libm_sse2_pow_precise 0x8a89 0x1c8
_o__libm_sse2_sin_precise 0x8ac6 0x1c9
_o__libm_sse2_sqrt_precise 0x8b04 0x1ca
_o__libm_sse2_tan_precise 0x8b42 0x1cb
_o__loaddll 0x8b71 0x1cc
_o__localtime32 0x8b96 0x1cd
_o__localtime32_s 0x8bc1 0x1ce
_o__localtime64 0x8bec 0x1cf
_o__localtime64_s 0x8c17 0x1d0
_o__lock_file 0x8c40 0x1d1
_o__locking 0x8c63 0x1d2
_o__logb 0x8c81 0x1d3
_o__lsearch 0x8c9f 0x1d4
_o__lsearch_s 0x8cc2 0x1d5
_o__lseek 0x8ce3 0x1d6
_o__lseeki64 0x8d03 0x1d7
_o__ltoa 0x8d22 0x1d8
_o__ltoa_s 0x8d3f 0x1d9
_o__ltow 0x8d5c 0x1da
_o__ltow_s 0x8d79 0x1db
_o__makepath 0x8d9a 0x1dc
_o__makepath_s 0x8dbf 0x1dd
_o__malloc_base 0x8de7 0x1de
_o__mbbtombc 0x8e0d 0x1df
_o__mbbtombc_l 0x8e32 0x1e0
_o__mbbtype 0x8e56 0x1e1
_o__mbbtype_l 0x8e79 0x1e2
_o__mbccpy 0x8e9b 0x1e3
_o__mbccpy_l 0x8ebc 0x1e4
_o__mbccpy_s 0x8edf 0x1e5
_o__mbccpy_s_l 0x8f04 0x1e6
_o__mbcjistojms 0x8f2c 0x1e7
_o__mbcjistojms_l 0x8f57 0x1e8
_o__mbcjmstojis 0x8f82 0x1e9
_o__mbcjmstojis_l 0x8fad 0x1ea
_o__mbclen 0x8fd3 0x1eb
_o__mbclen_l 0x8ff4 0x1ec
_o__mbctohira 0x9018 0x1ed
_o__mbctohira_l 0x903f 0x1ee
_o__mbctokata 0x9066 0x1ef
_o__mbctokata_l 0x908d 0x1f0
_o__mbctolower 0x90b5 0x1f1
_o__mbctolower_l 0x90de 0x1f2
_o__mbctombb 0x9105 0x1f3
_o__mbctombb_l 0x912a 0x1f4
_o__mbctoupper 0x9151 0x1f5
_o__mbctoupper_l 0x917a 0x1f6
_o__mblen_l 0x91a0 0x1f7
_o__mbsbtype 0x91c2 0x1f8
_o__mbsbtype_l 0x91e7 0x1f9
_o__mbscat_s 0x920c 0x1fa
_o__mbscat_s_l 0x9231 0x1fb
_o__mbschr 0x9254 0x1fc
_o__mbschr_l 0x9275 0x1fd
_o__mbscmp 0x9296 0x1fe
_o__mbscmp_l 0x92b7 0x1ff
_o__mbscoll 0x92d9 0x200
_o__mbscoll_l 0x92fc 0x201
_o__mbscpy_s 0x9320 0x202
_o__mbscpy_s_l 0x9345 0x203
_o__mbscspn 0x9369 0x204
_o__mbscspn_l 0x938c 0x205
_o__mbsdec 0x93ae 0x206
_o__mbsdec_l 0x93cf 0x207
_o__mbsicmp 0x93f1 0x208
_o__mbsicmp_l 0x9414 0x209
_o__mbsicoll 0x9438 0x20a
_o__mbsicoll_l 0x945d 0x20b
_o__mbsinc 0x9480 0x20c
_o__mbsinc_l 0x94a1 0x20d
_o__mbslen 0x94c2 0x20e
_o__mbslen_l 0x94e3 0x20f
_o__mbslwr 0x9504 0x210
_o__mbslwr_l 0x9525 0x211
_o__mbslwr_s 0x9548 0x212
_o__mbslwr_s_l 0x956d 0x213
_o__mbsnbcat 0x9592 0x214
_o__mbsnbcat_l 0x95b7 0x215
_o__mbsnbcat_s 0x95de 0x216
_o__mbsnbcat_s_l 0x9607 0x217
_o__mbsnbcmp 0x962e 0x218
_o__mbsnbcmp_l 0x9653 0x219
_o__mbsnbcnt 0x9678 0x21a
_o__mbsnbcnt_l 0x969d 0x21b
_o__mbsnbcoll 0x96c3 0x21c
_o__mbsnbcoll_l 0x96ea 0x21d
_o__mbsnbcpy 0x9710 0x21e
_o__mbsnbcpy_l 0x9735 0x21f
_o__mbsnbcpy_s 0x975c 0x220
_o__mbsnbcpy_s_l 0x9785 0x221
_o__mbsnbicmp 0x97ad 0x222
_o__mbsnbicmp_l 0x97d4 0x223
_o__mbsnbicoll 0x97fc 0x224
_o__mbsnbicoll_l 0x9825 0x225
_o__mbsnbset 0x984c 0x226
_o__mbsnbset_l 0x9871 0x227
_o__mbsnbset_s 0x9898 0x228
_o__mbsnbset_s_l 0x98c1 0x229
_o__mbsncat 0x98e7 0x22a
_o__mbsncat_l 0x990a 0x22b
_o__mbsncat_s 0x992f 0x22c
_o__mbsncat_s_l 0x9956 0x22d
_o__mbsnccnt 0x997c 0x22e
_o__mbsnccnt_l 0x99a1 0x22f
_o__mbsncmp 0x99c5 0x230
_o__mbsncmp_l 0x99e8 0x231
_o__mbsncoll 0x9a0c 0x232
_o__mbsncoll_l 0x9a31 0x233
_o__mbsncpy 0x9a55 0x234
_o__mbsncpy_l 0x9a78 0x235
_o__mbsncpy_s 0x9a9d 0x236
_o__mbsncpy_s_l 0x9ac4 0x237
_o__mbsnextc 0x9aea 0x238
_o__mbsnextc_l 0x9b0f 0x239
_o__mbsnicmp 0x9b34 0x23a
_o__mbsnicmp_l 0x9b59 0x23b
_o__mbsnicoll 0x9b7f 0x23c
_o__mbsnicoll_l 0x9ba6 0x23d
_o__mbsninc 0x9bcb 0x23e
_o__mbsninc_l 0x9bee 0x23f
_o__mbsnlen 0x9c11 0x240
_o__mbsnlen_l 0x9c34 0x241
_o__mbsnset 0x9c57 0x242
_o__mbsnset_l 0x9c7a 0x243
_o__mbsnset_s 0x9c9f 0x244
_o__mbsnset_s_l 0x9cc6 0x245
_o__mbspbrk 0x9ceb 0x246
_o__mbspbrk_l 0x9d0e 0x247
_o__mbsrchr 0x9d31 0x248
_o__mbsrchr_l 0x9d54 0x249
_o__mbsrev 0x9d76 0x24a
_o__mbsrev_l 0x9d97 0x24b
_o__mbsset 0x9db8 0x24c
_o__mbsset_l 0x9dd9 0x24d
_o__mbsset_s 0x9dfc 0x24e
_o__mbsset_s_l 0x9e21 0x24f
_o__mbsspn 0x9e44 0x250
_o__mbsspn_l 0x9e65 0x251
_o__mbsspnp 0x9e87 0x252
_o__mbsspnp_l 0x9eaa 0x253
_o__mbsstr 0x9ecc 0x254
_o__mbsstr_l 0x9eed 0x255
_o__mbstok 0x9f0e 0x256
_o__mbstok_l 0x9f2f 0x257
_o__mbstok_s 0x9f52 0x258
_o__mbstok_s_l 0x9f77 0x259
_o__mbstowcs_l 0x9f9e 0x25a
_o__mbstowcs_s_l 0x9fc7 0x25b
_o__mbstrlen 0x9fee 0x25c
_o__mbstrlen_l 0xa013 0x25d
_o__mbstrnlen 0xa039 0x25e
_o__mbstrnlen_l 0xa060 0x25f
_o__mbsupr 0xa084 0x260
_o__mbsupr_l 0xa0a5 0x261
_o__mbsupr_s 0xa0c8 0x262
_o__mbsupr_s_l 0xa0ed 0x263
_o__mbtowc_l 0xa112 0x264
_o__memicmp 0xa134 0x265
_o__memicmp_l 0xa157 0x266
_o__mkdir 0xa178 0x267
_o__mkgmtime32 0xa19a 0x268
_o__mkgmtime64 0xa1c1 0x269
_o__mktemp 0xa1e4 0x26a
_o__mktemp_s 0xa205 0x26b
_o__mktime32 0xa228 0x26c
_o__mktime64 0xa24b 0x26d
_o__msize 0xa26b 0x26e
_o__nextafter 0xa28c 0x26f
_o__open_osfhandle 0xa2b6 0x270
_o__pclose 0xa2dd 0x271
_o__pipe 0xa2fa 0x272
_o__popen 0xa316 0x273
_o__purecall 0xa336 0x274
_o__putc_nolock 0xa35c 0x275
_o__putch 0xa37f 0x276
_o__putch_nolock 0xa3a3 0x277
_o__putenv 0xa3c8 0x278
_o__putenv_s 0xa3e9 0x279
_o__putw 0xa408 0x27a
_o__putwc_nolock 0xa42b 0x27b
_o__putwch 0xa450 0x27c
_o__putwch_nolock 0xa476 0x27d
_o__putws 0xa49b 0x27e
_o__read 0xa4b7 0x27f
_o__realloc_base 0xa4da 0x280
_o__recalloc 0xa501 0x281
_o__register_onexit_function 0xa534 0x282
_o__resetstkoflw 0xa56b 0x283
_o__rmdir 0xa58f 0x284
_o__rmtmp 0xa5ac 0x285
_o__scalb 0xa5c9 0x286
_o__searchenv 0xa5ea 0x287
_o__searchenv_s 0xa611 0x288
_o__seh_filter_dll 0xa63d 0x289
_o__seh_filter_exe 0xa66c 0x28a
_o__set_abort_behavior 0xa69f 0x28b
_o__set_app_type 0xa6d0 0x28c
_o__set_doserrno 0xa6fb 0x28d
_o__set_errno 0xa723 0x28e
_o__set_fmode 0xa748 0x28f
_o__set_invalid_parameter_handler 0xa781 0x290
_o__set_new_handler 0xa7c0 0x291
_o__set_new_mode 0xa7ee 0x292
_o__set_thread_local_invalid_parameter_handler 0xa837 0x293
_o__seterrormode 0xa880 0x294
_o__setmbcp 0xa8a6 0x295
_o__setmode 0xa8c7 0x296
_o__setsystime 0xa8eb 0x297
_o__sleep 0xa90d 0x298
_o__sopen 0xa92a 0x299
_o__sopen_dispatch 0xa950 0x29a
_o__sopen_s 0xa978 0x29b
_o__spawnv 0xa998 0x29c
_o__spawnve 0xa9b8 0x29d
_o__spawnvp 0xa9d9 0x29e
_o__spawnvpe 0xa9fb 0x29f
_o__splitpath 0xaa1f 0x2a0
_o__splitpath_s 0xaa46 0x2a1
_o__stat32 0xaa6a 0x2a2
_o__stat32i64 0xaa8c 0x2a3
_o__stat64 0xaaae 0x2a4
_o__stat64i32 0xaad0 0x2a5
_o__strcoll_l 0xaaf5 0x2a6
_o__strdate 0xab18 0x2a7
_o__strdate_s 0xab3b 0x2a8
_o__strdup 0xab5d 0x2a9
_o__strerror 0xab7e 0x2aa
_o__strerror_s 0xaba3 0x2ab
_o__strftime_l 0xabca 0x2ac
_o__stricmp 0xabee 0x2ad
_o__stricmp_l 0xac11 0x2ae
_o__stricoll 0xac35 0x2af
_o__stricoll_l 0xac5a 0x2b0
_o__strlwr 0xac7d 0x2b1
_o__strlwr_l 0xac9e 0x2b2
_o__strlwr_s 0xacc1 0x2b3
_o__strlwr_s_l 0xace6 0x2b4
_o__strncoll 0xad0b 0x2b5
_o__strncoll_l 0xad30 0x2b6
_o__strnicmp 0xad55 0x2b7
_o__strnicmp_l 0xad7a 0x2b8
_o__strnicoll 0xada0 0x2b9
_o__strnicoll_l 0xadc7 0x2ba
_o__strnset_s 0xadee 0x2bb
_o__strset_s 0xae12 0x2bc
_o__strtime 0xae34 0x2bd
_o__strtime_s 0xae57 0x2be
_o__strtod_l 0xae7b 0x2bf
_o__strtof_l 0xae9e 0x2c0
_o__strtoi64 0xaec1 0x2c1
_o__strtoi64_l 0xaee6 0x2c2
_o__strtol_l 0xaf0b 0x2c3
_o__strtold_l 0xaf2f 0x2c4
_o__strtoll_l 0xaf54 0x2c5
_o__strtoui64 0xaf79 0x2c6
_o__strtoui64_l 0xafa0 0x2c7
_o__strtoul_l 0xafc7 0x2c8
_o__strtoull_l 0xafed 0x2c9
_o__strupr 0xb010 0x2ca
_o__strupr_l 0xb031 0x2cb
_o__strupr_s 0xb054 0x2cc
_o__strupr_s_l 0xb079 0x2cd
_o__strxfrm_l 0xb09f 0x2ce
_o__swab 0xb0bf 0x2cf
_o__tell 0xb0da 0x2d0
_o__telli64 0xb0f8 0x2d1
_o__timespec32_get 0xb120 0x2d2
_o__timespec64_get 0xb14f 0x2d3
_o__tolower 0xb177 0x2d4
_o__tolower_l 0xb19a 0x2d5
_o__toupper 0xb1bd 0x2d6
_o__toupper_l 0xb1e0 0x2d7
_o__towlower_l 0xb206 0x2d8
_o__towupper_l 0xb22d 0x2d9
_o__tzset 0xb24f 0x2da
_o__ui64toa 0xb26e 0x2db
_o__ui64toa_s 0xb291 0x2dc
_o__ui64tow 0xb2b4 0x2dd
_o__ui64tow_s 0xb2d7 0x2de
_o__ultoa 0xb2f8 0x2df
_o__ultoa_s 0xb317 0x2e0
_o__ultow 0xb336 0x2e1
_o__ultow_s 0xb355 0x2e2
_o__umask 0xb374 0x2e3
_o__umask_s 0xb393 0x2e4
_o__ungetc_nolock 0xb3ba 0x2e5
_o__ungetch 0xb3e1 0x2e6
_o__ungetch_nolock 0xb409 0x2e7
_o__ungetwc_nolock 0xb438 0x2e8
_o__ungetwch 0xb461 0x2e9
_o__ungetwch_nolock 0xb48b 0x2ea
_o__unlink 0xb4b3 0x2eb
_o__unloaddll 0xb4d5 0x2ec
_o__unlock_file 0xb4fc 0x2ed
_o__utime32 0xb521 0x2ee
_o__utime64 0xb542 0x2ef
_o__waccess 0xb563 0x2f0
_o__waccess_s 0xb586 0x2f1
_o__wasctime 0xb5aa 0x2f2
_o__wasctime_s 0xb5cf 0x2f3
_o__wchdir 0xb5f2 0x2f4
_o__wchmod 0xb611 0x2f5
_o__wcreat 0xb630 0x2f6
_o__wcreate_locale 0xb657 0x2f7
_o__wcscoll_l 0xb681 0x2f8
_o__wcsdup 0xb6a3 0x2f9
_o__wcserror 0xb6c4 0x2fa
_o__wcserror_s 0xb6e9 0x2fb
_o__wcsftime_l 0xb710 0x2fc
_o__wcsicmp 0xb734 0x2fd
_o__wcsicmp_l 0xb757 0x2fe
_o__wcsicoll 0xb77b 0x2ff
_o__wcsicoll_l 0xb7a0 0x300
_o__wcslwr 0xb7c3 0x301
_o__wcslwr_l 0xb7e4 0x302
_o__wcslwr_s 0xb807 0x303
_o__wcslwr_s_l 0xb82c 0x304
_o__wcsncoll 0xb851 0x305
_o__wcsncoll_l 0xb876 0x306
_o__wcsnicmp 0xb89b 0x307
_o__wcsnicmp_l 0xb8c0 0x308
_o__wcsnicoll 0xb8e6 0x309
_o__wcsnicoll_l 0xb90d 0x30a
_o__wcsnset 0xb932 0x30b
_o__wcsnset_s 0xb955 0x30c
_o__wcsset 0xb977 0x30d
_o__wcsset_s 0xb998 0x30e
_o__wcstod_l 0xb9bb 0x30f
_o__wcstof_l 0xb9de 0x310
_o__wcstoi64 0xba01 0x311
_o__wcstoi64_l 0xba26 0x312
_o__wcstol_l 0xba4b 0x313
_o__wcstold_l 0xba6f 0x314
_o__wcstoll_l 0xba94 0x315
_o__wcstombs_l 0xbaba 0x316
_o__wcstombs_s_l 0xbae3 0x317
_o__wcstoui64 0xbb0b 0x318
_o__wcstoui64_l 0xbb32 0x319
_o__wcstoul_l 0xbb59 0x31a
_o__wcstoull_l 0xbb7f 0x31b
_o__wcsupr 0xbba2 0x31c
_o__wcsupr_l 0xbbc3 0x31d
_o__wcsupr_s 0xbbe6 0x31e
_o__wcsupr_s_l 0xbc0b 0x31f
_o__wcsxfrm_l 0xbc31 0x320
_o__wctime32 0xbc55 0x321
_o__wctime32_s 0xbc7a 0x322
_o__wctime64 0xbc9f 0x323
_o__wctime64_s 0xbcc4 0x324
_o__wctomb_l 0xbce9 0x325
_o__wctomb_s_l 0xbd0e 0x326
_o__wdupenv_s 0xbd34 0x327
_o__wexecv 0xbd56 0x328
_o__wexecve 0xbd76 0x329
_o__wexecvp 0xbd97 0x32a
_o__wexecvpe 0xbdb9 0x32b
_o__wfdopen 0xbddb 0x32c
_o__wfindfirst32 0xbe01 0x32d
_o__wfindfirst32i64 0xbe2f 0x32e
_o__wfindfirst64 0xbe5d 0x32f
_o__wfindfirst64i32 0xbe8b 0x330
_o__wfindnext32 0xbeb8 0x331
_o__wfindnext32i64 0xbee4 0x332
_o__wfindnext64 0xbf10 0x333
_o__wfindnext64i32 0xbf3c 0x334
_o__wfopen 0xbf63 0x335
_o__wfopen_s 0xbf84 0x336
_o__wfreopen 0xbfa7 0x337
_o__wfreopen_s 0xbfcc 0x338
_o__wfsopen 0xbff0 0x339
_o__wfullpath 0xc013 0x33a
_o__wgetcwd 0xc036 0x33b
_o__wgetdcwd 0xc058 0x33c
_o__wgetenv 0xc07a 0x33d
_o__wgetenv_s 0xc09d 0x33e
_o__wmakepath 0xc0c2 0x33f
_o__wmakepath_s 0xc0e9 0x340
_o__wmkdir 0xc10d 0x341
_o__wmktemp 0xc12d 0x342
_o__wmktemp_s 0xc150 0x343
_o__wperror 0xc173 0x344
_o__wpopen 0xc193 0x345
_o__wputenv 0xc1b3 0x346
_o__wputenv_s 0xc1d6 0x347
_o__wremove 0xc1f9 0x348
_o__wrename 0xc21a 0x349
_o__write 0xc239 0x34a
_o__wrmdir 0xc257 0x34b
_o__wsearchenv 0xc27a 0x34c
_o__wsearchenv_s 0xc2a3 0x34d
_o__wsetlocale 0xc2cc 0x34e
_o__wsopen_dispatch 0xc2f8 0x34f
_o__wsopen_s 0xc322 0x350
_o__wspawnv 0xc344 0x351
_o__wspawnve 0xc366 0x352
_o__wspawnvp 0xc389 0x353
_o__wspawnvpe 0xc3ad 0x354
_o__wsplitpath 0xc3d3 0x355
_o__wsplitpath_s 0xc3fc 0x356
_o__wstat32 0xc422 0x357
_o__wstat32i64 0xc446 0x358
_o__wstat64 0xc46a 0x359
_o__wstat64i32 0xc48e 0x35a
_o__wstrdate 0xc4b3 0x35b
_o__wstrdate_s 0xc4d8 0x35c
_o__wstrtime 0xc4fd 0x35d
_o__wstrtime_s 0xc522 0x35e
_o__wsystem 0xc546 0x35f
_o__wtmpnam_s 0xc569 0x360
_o__wtof 0xc589 0x361
_o__wtof_l 0xc5a6 0x362
_o__wtoi 0xc5c3 0x363
_o__wtoi64 0xc5e0 0x364
_o__wtoi64_l 0xc601 0x365
_o__wtoi_l 0xc622 0x366
_o__wtol 0xc63f 0x367
_o__wtol_l 0xc65c 0x368
_o__wtoll 0xc67a 0x369
_o__wtoll_l 0xc699 0x36a
_o__wunlink 0xc6ba 0x36b
_o__wutime32 0xc6dc 0x36c
_o__wutime64 0xc6ff 0x36d
_o__y0 0xc71c 0x36e
_o__y1 0xc733 0x36f
_o__yn 0xc74a 0x370
_o_abort 0xc763 0x371
_o_acos 0xc77d 0x372
_o_acosh 0xc797 0x373
_o_acoshf 0xc7b3 0x374
_o_acoshl 0xc7d0 0x375
_o_asctime 0xc7ee 0x376
_o_asctime_s 0xc80f 0x377
_o_asin 0xc82d 0x378
_o_asinh 0xc847 0x379
_o_asinhf 0xc863 0x37a
_o_asinhl 0xc880 0x37b
_o_atan 0xc89b 0x37c
_o_atan2 0xc8b5 0x37d
_o_atanh 0xc8d0 0x37e
_o_atanhf 0xc8ec 0x37f
_o_atanhl 0xc909 0x380
_o_atof 0xc924 0x381
_o_atoi 0xc93d 0x382
_o_atol 0xc956 0x383
_o_atoll 0xc970 0x384
_o_bsearch 0xc98d 0x385
_o_bsearch_s 0xc9ae 0x386
_o_btowc 0xc9cd 0x387
_o_calloc 0xc9e9 0x388
_o_cbrt 0xca04 0x389
_o_cbrtf 0xca1e 0x38a
_o_ceil 0xca38 0x38b
_o_clearerr 0xca55 0x38c
_o_clearerr_s 0xca78 0x38d
_o_cos 0xca96 0x38e
_o_cosh 0xcaae 0x38f
_o_erf 0xcac6 0x390
_o_erfc 0xcade 0x391
_o_erfcf 0xcaf8 0x392
_o_erfcl 0xcb13 0x393
_o_erff 0xcb2d 0x394
_o_erfl 0xcb46 0x395
_o_exit 0xcb5f 0x396
_o_exp 0xcb77 0x397
_o_exp2 0xcb8f 0x398
_o_exp2f 0xcba9 0x399
_o_exp2l 0xcbc4 0x39a
_o_fabs 0xcbde 0x39b
_o_fclose 0xcbf9 0x39c
_o_feof 0xcc14 0x39d
_o_ferror 0xcc2f 0x39e
_o_fflush 0xcc4c 0x39f
_o_fgetc 0xcc68 0x3a0
_o_fgetpos 0xcc85 0x3a1
_o_fgets 0xcca2 0x3a2
_o_fgetwc 0xccbe 0x3a3
_o_fgetws 0xccdb 0x3a4
_o_floor 0xccf7 0x3a5
_o_fma 0xcd10 0x3a6
_o_fmaf 0xcd28 0x3a7
_o_fmal 0xcd41 0x3a8
_o_fmod 0xcd5a 0x3a9
_o_fopen 0xcd74 0x3aa
_o_fopen_s 0xcd91 0x3ab
_o_fputc 0xcdae 0x3ac
_o_fputs 0xcdc9 0x3ad
_o_fputwc 0xcde5 0x3ae
_o_fputws 0xce02 0x3af
_o_fread 0xce1e 0x3b0
_o_fread_s 0xce3b 0x3b1
_o_free 0xce57 0x3b2
_o_freopen 0xce73 0x3b3
_o_freopen_s 0xce94 0x3b4
_o_frexp 0xceb3 0x3b5
_o_fseek 0xcece 0x3b6
_o_fsetpos 0xceeb 0x3b7
_o_ftell 0xcf08 0x3b8
_o_fwrite 0xcf24 0x3b9
_o_getc 0xcf3f 0x3ba
_o_getchar 0xcf5b 0x3bb
_o_getenv 0xcf79 0x3bc
_o_getenv_s 0xcf98 0x3bd
_o_gets 0xcfb5 0x3be
_o_gets_s 0xcfd0 0x3bf
_o_getwc 0xcfec 0x3c0
_o_getwchar 0xd00a 0x3c1
_o_hypot 0xd028 0x3c2
_o_is_wctype 0xd047 0x3c3
_o_isalnum 0xd068 0x3c4
_o_isalpha 0xd087 0x3c5
_o_isblank 0xd0a6 0x3c6
_o_iscntrl 0xd0c5 0x3c7
_o_isdigit 0xd0e4 0x3c8
_o_isgraph 0xd103 0x3c9
_o_isleadbyte 0xd125 0x3ca
_o_islower 0xd147 0x3cb
_o_isprint 0xd166 0x3cc
_o_ispunct 0xd185 0x3cd
_o_isspace 0xd1a4 0x3ce
_o_isupper 0xd1c3 0x3cf
_o_iswalnum 0xd1e3 0x3d0
_o_iswalpha 0xd204 0x3d1
_o_iswascii 0xd225 0x3d2
_o_iswblank 0xd246 0x3d3
_o_iswcntrl 0xd267 0x3d4
_o_iswctype 0xd288 0x3d5
_o_iswdigit 0xd2a9 0x3d6
_o_iswgraph 0xd2ca 0x3d7
_o_iswlower 0xd2eb 0x3d8
_o_iswprint 0xd30c 0x3d9
_o_iswpunct 0xd32d 0x3da
_o_iswspace 0xd34e 0x3db
_o_iswupper 0xd36f 0x3dc
_o_iswxdigit 0xd391 0x3dd
_o_isxdigit 0xd3b3 0x3de
_o_ldexp 0xd3d1 0x3df
_o_lgamma 0xd3ed 0x3e0
_o_lgammaf 0xd40b 0x3e1
_o_lgammal 0xd42a 0x3e2
_o_llrint 0xd448 0x3e3
_o_llrintf 0xd466 0x3e4
_o_llrintl 0xd485 0x3e5
_o_llround 0xd4a4 0x3e6
_o_llroundf 0xd4c4 0x3e7
_o_llroundl 0xd4e5 0x3e8
_o_localeconv 0xd508 0x3e9
_o_log 0xd526 0x3ea
_o_log10 0xd53f 0x3eb
_o_log1p 0xd55a 0x3ec
_o_log1pf 0xd576 0x3ed
_o_log1pl 0xd593 0x3ee
_o_log2 0xd5ae 0x3ef
_o_log2f 0xd5c8 0x3f0
_o_log2l 0xd5e3 0x3f1
_o_logb 0xd5fd 0x3f2
_o_logbf 0xd617 0x3f3
_o_logbl 0xd632 0x3f4
_o_lrint 0xd64d 0x3f5
_o_lrintf 0xd669 0x3f6
_o_lrintl 0xd686 0x3f7
_o_lround 0xd6a3 0x3f8
_o_lroundf 0xd6c1 0x3f9
_o_lroundl 0xd6e0 0x3fa
_o_malloc 0xd6fe 0x3fb
_o_mblen 0xd71a 0x3fc
_o_mbrlen 0xd736 0x3fd
_o_mbrtoc16 0xd755 0x3fe
_o_mbrtoc32 0xd776 0x3ff
_o_mbrtowc 0xd796 0x400
_o_mbsrtowcs 0xd7b7 0x401
_o_mbsrtowcs_s 0xd7dc 0x402
_o_mbstowcs 0xd800 0x403
_o_mbstowcs_s 0xd823 0x404
_o_mbtowc 0xd844 0x405
_o_memcpy_s 0xd863 0x406
_o_memset 0xd882 0x407
_o_modf 0xd89d 0x408
_o_nan 0xd8b5 0x409
_o_nanf 0xd8cd 0x40a
_o_nanl 0xd8e6 0x40b
_o_nearbyint 0xd904 0x40c
_o_nearbyintf 0xd928 0x40d
_o_nearbyintl 0xd94d 0x40e
_o_nextafter 0xd971 0x40f
_o_nextafterf 0xd995 0x410
_o_nextafterl 0xd9ba 0x411
_o_nexttoward 0xd9df 0x412
_o_nexttowardf 0xda05 0x413
_o_nexttowardl 0xda2c 0x414
_o_pow 0xda4b 0x415
_o_powf 0xda63 0x416
_o_putc 0xda7c 0x417
_o_putchar 0xda98 0x418
_o_puts 0xdab4 0x419
_o_putwc 0xdace 0x41a
_o_putwchar 0xdaec 0x41b
_o_qsort 0xdb0a 0x41c
_o_qsort_s 0xdb27 0x41d
_o_raise 0xdb44 0x41e
_o_rand 0xdb5e 0x41f
_o_rand_s 0xdb79 0x420
_o_realloc 0xdb97 0x421
_o_remainder 0xdbb8 0x422
_o_remainderf 0xdbdc 0x423
_o_remainderl 0xdc01 0x424
_o_remove 0xdc22 0x425
_o_remquo 0xdc3f 0x426
_o_remquof 0xdc5d 0x427
_o_remquol 0xdc7c 0x428
_o_rename 0xdc9a 0x429
_o_rewind 0xdcb7 0x42a
_o_rint 0xdcd2 0x42b
_o_rintf 0xdcec 0x42c
_o_rintl 0xdd07 0x42d
_o_round 0xdd22 0x42e
_o_roundf 0xdd3e 0x42f
_o_roundl 0xdd5b 0x430
_o_scalbln 0xdd79 0x431
_o_scalblnf 0xdd99 0x432
_o_scalblnl 0xddba 0x433
_o_scalbn 0xddd9 0x434
_o_scalbnf 0xddf7 0x435
_o_scalbnl 0xde16 0x436
_o_set_terminate 0xde3b 0x437
_o_setbuf 0xde5f 0x438
_o_setlocale 0xde7f 0x439
_o_setvbuf 0xdea0 0x43a
_o_sin 0xdebb 0x43b
_o_sinh 0xded3 0x43c
_o_sqrt 0xdeec 0x43d
_o_srand 0xdf06 0x43e
_o_strcat_s 0xdf24 0x43f
_o_strcoll 0xdf44 0x440
_o_strcpy_s 0xdf64 0x441
_o_strerror 0xdf85 0x442
_o_strerror_s 0xdfa8 0x443
_o_strftime 0xdfcb 0x444
_o_strncat_s 0xdfed 0x445
_o_strncpy_s 0xe010 0x446
_o_strtod 0xe030 0x447
_o_strtof 0xe04d 0x448
_o_strtok 0xe06a 0x449
_o_strtok_s 0xe089 0x44a
_o_strtol 0xe0a8 0x44b
_o_strtold 0xe0c6 0x44c
_o_strtoll 0xe0e5 0x44d
_o_strtoul 0xe104 0x44e
_o_strtoull 0xe124 0x44f
_o_system 0xe143 0x450
_o_tan 0xe15d 0x451
_o_tanh 0xe175 0x452
_o_terminate 0xe193 0x453
_o_tgamma 0xe1b3 0x454
_o_tgammaf 0xe1d1 0x455
_o_tgammal 0xe1f0 0x456
_o_tmpfile_s 0xe211 0x457
_o_tmpnam_s 0xe233 0x458
_o_tolower 0xe253 0x459
_o_toupper 0xe272 0x45a
_o_towlower 0xe292 0x45b
_o_towupper 0xe2b3 0x45c
_o_ungetc 0xe2d2 0x45d
_o_ungetwc 0xe2f0 0x45e
_o_wcrtomb 0xe30f 0x45f
_o_wcrtomb_s 0xe330 0x460
_o_wcscat_s 0xe352 0x461
_o_wcscoll 0xe372 0x462
_o_wcscpy 0xe390 0x463
_o_wcscpy_s 0xe3af 0x464
_o_wcsftime 0xe3d0 0x465
_o_wcsncat_s 0xe3f2 0x466
_o_wcsncpy_s 0xe415 0x467
_o_wcsrtombs 0xe438 0x468
_o_wcsrtombs_s 0xe45d 0x469
_o_wcstod 0xe47f 0x46a
_o_wcstof 0xe49c 0x46b
_o_wcstok 0xe4b9 0x46c
_o_wcstok_s 0xe4d8 0x46d
_o_wcstol 0xe4f7 0x46e
_o_wcstold 0xe515 0x46f
_o_wcstoll 0xe534 0x470
_o_wcstombs 0xe554 0x471
_o_wcstombs_s 0xe577 0x472
_o_wcstoul 0xe599 0x473
_o_wcstoull 0xe5b9 0x474
_o_wctob 0xe5d7 0x475
_o_wctomb 0xe5f3 0x476
_o_wctomb_s 0xe612 0x477
_o_wmemcpy_s 0xe634 0x478
_o_wmemmove_s 0xe658 0x479
_purecall 0xe679 0x47a
_seh_longjmp_unwind 0xe6a0 0x47b
_seh_longjmp_unwind4 0xe6d2 0x47c
_set_purecall_handler 0xe706 0x47d
_set_se_translator 0xe738 0x47e
_setjmp3 0xe75d 0x47f
longjmp 0xe777 0x480
memchr 0xe78f 0x481
memcmp 0xe7a6 0x482
memcpy 0xe7bd 0x483
memmove 0xe7d5 0x484
set_unexpected 0xe7f5 0x485
strchr 0xe814 0x486
strrchr 0xe82c 0x487
strstr 0xe844 0x488
unexpected 0xe85f 0x489
wcschr 0xe87a 0x48a
wcsrchr 0xe892 0x48b
wcsstr 0xe8aa 0x48c
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2017-08-11 20:11:15+00:00
Valid Until 2018-08-11 20:11:15+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 01 78 25 5A B5 CD 23 C6 5F 95 00 01 00 00 01 78
Thumbprint 49 D5 9D 86 50 5D 82 94 2A 07 63 88 69 3F 4F B7 B2 12 54 EE
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-localization-l1-2-0.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 20.30 KB
MD5 eff11130bfe0d9c90c0026bf2fb219ae Copy to Clipboard
SHA1 cf4c89a6e46090d3d8feeb9eb697aea8a26e4088 Copy to Clipboard
SHA256 03ad57c24ff2cf895b5f533f0ecbd10266fd8634c6b9053cc9cb33b814ad5d97 Copy to Clipboard
SSDeep 384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-10-12 00:22 (UTC+2)
Last Seen 2018-09-13 21:39 (UTC+2)
PE Information
»
Image Base 0x10000000
Size Of Code 0xe00
Size Of Initialized Data 0x400
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2099-12-20 04:00:19+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName apisetstub
FileVersion 10.0.16299.15 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.16299.15
FileDescription ApiSet Stub DLL
OriginalFilename apisetstub
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0xdc7 0xe00 0x200 cnt_code, mem_execute, mem_read 5.23
.rsrc 0x10002000 0x3f0 0x400 0x1000 cnt_initialized_data, mem_read 3.3
Exports (59)
»
Api name EAT Address Ordinal
ConvertDefaultLocale 0x13b3 0x1
EnumSystemGeoID 0x13e1 0x2
EnumSystemLocalesA 0x140d 0x3
EnumSystemLocalesW 0x143c 0x4
FindNLSString 0x1466 0x5
FindNLSStringEx 0x148d 0x6
FormatMessageA 0x14b5 0x7
FormatMessageW 0x14dc 0x8
GetACP 0x14fb 0x9
GetCPInfo 0x1515 0xa
GetCPInfoExW 0x1535 0xb
GetCalendarInfoEx 0x155d 0xc
GetCalendarInfoW 0x1589 0xd
GetFileMUIInfo 0x15b2 0xe
GetFileMUIPath 0x15d9 0xf
GetGeoInfoW 0x15fd 0x10
GetLocaleInfoA 0x1621 0x11
GetLocaleInfoEx 0x1649 0x12
GetLocaleInfoW 0x1671 0x13
GetNLSVersion 0x1697 0x14
GetNLSVersionEx 0x16be 0x15
GetOEMCP 0x16e0 0x16
GetProcessPreferredUILanguages 0x1711 0x17
GetSystemDefaultLCID 0x174e 0x18
GetSystemDefaultLangID 0x1783 0x19
GetSystemPreferredUILanguages 0x17c1 0x1a
GetThreadLocale 0x17f8 0x1b
GetThreadPreferredUILanguages 0x182f 0x1c
GetThreadUILanguage 0x186a 0x1d
GetUILanguageInfo 0x1899 0x1e
GetUserDefaultLCID 0x18c7 0x1f
GetUserDefaultLangID 0x18f8 0x20
GetUserDefaultLocaleName 0x192f 0x21
GetUserGeoID 0x195e 0x22
GetUserPreferredUILanguages 0x1990 0x23
IdnToAscii 0x19c0 0x24
IdnToUnicode 0x19e1 0x25
IsDBCSLeadByte 0x1a06 0x26
IsDBCSLeadByteEx 0x1a2f 0x27
IsNLSDefinedString 0x1a5c 0x28
IsValidCodePage 0x1a88 0x29
IsValidLanguageGroup 0x1ab6 0x2a
IsValidLocale 0x1ae2 0x2b
IsValidLocaleName 0x1b0b 0x2c
IsValidNLSVersion 0x1b38 0x2d
LCMapStringA 0x1b60 0x2e
LCMapStringEx 0x1b84 0x2f
LCMapStringW 0x1ba8 0x30
LocaleNameToLCID 0x1bcf 0x31
ResolveLocaleName 0x1bfb 0x32
SetCalendarInfoW 0x1c27 0x33
SetLocaleInfoW 0x1c50 0x34
SetProcessPreferredUILanguages 0x1c87 0x35
SetThreadLocale 0x1cbf 0x36
SetThreadPreferredUILanguages 0x1cf6 0x37
SetThreadUILanguage 0x1d31 0x38
SetUserGeoID 0x1d5b 0x39
VerLanguageNameA 0x1d82 0x3a
VerLanguageNameW 0x1dad 0x3b
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2017-08-11 20:11:15+00:00
Valid Until 2018-08-11 20:11:15+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 01 78 25 5A B5 CD 23 C6 5F 95 00 01 00 00 01 78
Thumbprint 49 D5 9D 86 50 5D 82 94 2A 07 63 88 69 3F 4F B7 B2 12 54 EE
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-stdio-l1-1-0.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 23.80 KB
MD5 fefb98394cb9ef4368da798deab00e21 Copy to Clipboard
SHA1 316d86926b558c9f3f6133739c1a8477b9e60740 Copy to Clipboard
SHA256 b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7 Copy to Clipboard
SSDeep 384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-10-25 19:05 (UTC+2)
Last Seen 2018-09-14 01:03 (UTC+2)
PE Information
»
Image Base 0x10000000
Size Of Code 0x1c00
Size Of Initialized Data 0x400
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2089-07-13 01:51:24+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName apisetstub
FileVersion 10.0.16299.15 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.16299.15
FileDescription ApiSet Stub DLL
OriginalFilename apisetstub
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x1b61 0x1c00 0x200 cnt_code, mem_execute, mem_read 4.96
.rsrc 0x10003000 0x3f0 0x400 0x1e00 cnt_initialized_data, mem_read 3.3
Exports (159)
»
Api name EAT Address Ordinal
__acrt_iob_func 0x178e 0x1
__p__commode 0x17b4 0x2
__p__fmode 0x17d5 0x3
__stdio_common_vfprintf 0x1801 0x4
__stdio_common_vfprintf_p 0x183c 0x5
__stdio_common_vfprintf_s 0x1879 0x6
__stdio_common_vfscanf 0x18b3 0x7
__stdio_common_vfwprintf 0x18ec 0x8
__stdio_common_vfwprintf_p 0x1929 0x9
__stdio_common_vfwprintf_s 0x1968 0xa
__stdio_common_vfwscanf 0x19a4 0xb
__stdio_common_vsnprintf_s 0x19e0 0xc
__stdio_common_vsnwprintf_s 0x1a20 0xd
__stdio_common_vsprintf 0x1a5d 0xe
__stdio_common_vsprintf_p 0x1a98 0xf
__stdio_common_vsprintf_s 0x1ad5 0x10
__stdio_common_vsscanf 0x1b0f 0x11
__stdio_common_vswprintf 0x1b48 0x12
__stdio_common_vswprintf_p 0x1b85 0x13
__stdio_common_vswprintf_s 0x1bc4 0x14
__stdio_common_vswscanf 0x1c00 0x15
_chsize 0x1c29 0x16
_chsize_s 0x1c44 0x17
_close 0x1c5e 0x18
_commit 0x1c76 0x19
_creat 0x1c8e 0x1a
_dup 0x1ca3 0x1b
_dup2 0x1cb7 0x1c
_eof 0x1ccb 0x1d
_fclose_nolock 0x1ce8 0x1e
_fcloseall 0x1d0b 0x1f
_fflush_nolock 0x1d2e 0x20
_fgetc_nolock 0x1d54 0x21
_fgetchar 0x1d75 0x22
_fgetwc_nolock 0x1d97 0x23
_fgetwchar 0x1dba 0x24
_filelength 0x1dda 0x25
_filelengthi64 0x1dfe 0x26
_fileno 0x1e1e 0x27
_flushall 0x1e39 0x28
_fputc_nolock 0x1e5a 0x29
_fputchar 0x1e7b 0x2a
_fputwc_nolock 0x1e9d 0x2b
_fputwchar 0x1ec0 0x2c
_fread_nolock 0x1ee2 0x2d
_fread_nolock_s 0x1f09 0x2e
_fseek_nolock 0x1f30 0x2f
_fseeki64 0x1f51 0x30
_fseeki64_nolock 0x1f75 0x31
_fsopen 0x1f97 0x32
_ftell_nolock 0x1fb6 0x33
_ftelli64 0x1fd7 0x34
_ftelli64_nolock 0x1ffb 0x35
_fwrite_nolock 0x2024 0x36
_get_fmode 0x2047 0x37
_get_osfhandle 0x206a 0x38
_get_printf_count_output 0x209b 0x39
_get_stream_buffer_pointers 0x20d9 0x3a
_getc_nolock 0x210b 0x3b
_getcwd 0x2129 0x3c
_getdcwd 0x2143 0x3d
_getmaxstdio 0x2162 0x3e
_getw 0x217e 0x3f
_getwc_nolock 0x219b 0x40
_getws 0x21b9 0x41
_getws_s 0x21d2 0x42
_isatty 0x21ec 0x43
_kbhit 0x2204 0x44
_locking 0x221d 0x45
_lseek 0x2236 0x46
_lseeki64 0x2250 0x47
_mktemp 0x226b 0x48
_mktemp_s 0x2286 0x49
_open 0x229f 0x4a
_open_osfhandle 0x22be 0x4b
_pclose 0x22df 0x4c
_pipe 0x22f6 0x4d
_popen 0x230c 0x4e
_putc_nolock 0x2329 0x4f
_putw 0x2345 0x50
_putwc_nolock 0x2362 0x51
_putws 0x2380 0x52
_read 0x2396 0x53
_rmtmp 0x23ac 0x54
_set_fmode 0x23c7 0x55
_set_printf_count_output 0x23f4 0x56
_setmaxstdio 0x2423 0x57
_setmode 0x2442 0x58
_sopen 0x245b 0x59
_sopen_dispatch 0x247b 0x5a
_sopen_s 0x249d 0x5b
_tell 0x24b5 0x5c
_telli64 0x24cd 0x5d
_tempnam 0x24e8 0x5e
_ungetc_nolock 0x2509 0x5f
_ungetwc_nolock 0x2531 0x60
_wcreat 0x2552 0x61
_wfdopen 0x256c 0x62
_wfopen 0x2586 0x63
_wfopen_s 0x25a1 0x64
_wfreopen 0x25be 0x65
_wfreopen_s 0x25dd 0x66
_wfsopen 0x25fb 0x67
_wmktemp 0x2616 0x68
_wmktemp_s 0x2633 0x69
_wopen 0x264e 0x6a
_wpopen 0x2666 0x6b
_write 0x267e 0x6c
_wsopen 0x2696 0x6d
_wsopen_dispatch 0x26b8 0x6e
_wsopen_s 0x26dc 0x6f
_wtempnam 0x26f9 0x70
_wtmpnam 0x2715 0x71
_wtmpnam_s 0x2732 0x72
clearerr 0x274f 0x73
clearerr_s 0x276c 0x74
fclose 0x2787 0x75
feof 0x279c 0x76
ferror 0x27b1 0x77
fflush 0x27c8 0x78
fgetc 0x27de 0x79
fgetpos 0x27f5 0x7a
fgets 0x280c 0x7b
fgetwc 0x2822 0x7c
fgetws 0x2839 0x7d
fopen 0x284f 0x7e
fopen_s 0x2866 0x7f
fputc 0x287d 0x80
fputs 0x2892 0x81
fputwc 0x28a8 0x82
fputws 0x28bf 0x83
fread 0x28d5 0x84
fread_s 0x28ec 0x85
freopen 0x2905 0x86
freopen_s 0x2920 0x87
fseek 0x2939 0x88
fsetpos 0x2950 0x89
ftell 0x2967 0x8a
fwrite 0x297d 0x8b
getc 0x2992 0x8c
getchar 0x29a8 0x8d
gets 0x29be 0x8e
gets_s 0x29d3 0x8f
getwc 0x29e9 0x90
getwchar 0x2a01 0x91
putc 0x2a18 0x92
putchar 0x2a2e 0x93
puts 0x2a44 0x94
putwc 0x2a58 0x95
putwchar 0x2a70 0x96
rewind 0x2a89 0x97
setbuf 0x2aa0 0x98
setvbuf 0x2ab8 0x99
tmpfile 0x2ad1 0x9a
tmpfile_s 0x2aec 0x9b
tmpnam 0x2b06 0x9c
tmpnam_s 0x2b1f 0x9d
ungetc 0x2b38 0x9e
ungetwc 0x2b50 0x9f
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2017-08-11 20:11:15+00:00
Valid Until 2018-08-11 20:11:15+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 01 78 25 5A B5 CD 23 C6 5F 95 00 01 00 00 01 78
Thumbprint 49 D5 9D 86 50 5D 82 94 2A 07 63 88 69 3F 4F B7 B2 12 54 EE
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-utility-l1-1-0.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 18.30 KB
MD5 b52a0ca52c9c207874639b62b6082242 Copy to Clipboard
SHA1 6fb845d6a82102ff74bd35f42a2844d8c450413b Copy to Clipboard
SHA256 a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0 Copy to Clipboard
SSDeep 192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2017-10-25 19:05 (UTC+2)
Last Seen 2018-08-13 22:14 (UTC+2)
PE Information
»
Image Base 0x10000000
Size Of Code 0x600
Size Of Initialized Data 0x400
File Type dll
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2105-09-06 09:19:26+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName apisetstub
FileVersion 10.0.16299.15 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.16299.15
FileDescription ApiSet Stub DLL
OriginalFilename apisetstub
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x56e 0x600 0x200 cnt_code, mem_execute, mem_read 4.51
.rsrc 0x10002000 0x3f0 0x400 0x800 cnt_initialized_data, mem_read 3.3
Exports (30)
»
Api name EAT Address Ordinal
_abs64 0x128d 0x1
_byteswap_uint64 0x12ae 0x2
_byteswap_ulong 0x12d8 0x3
_byteswap_ushort 0x1302 0x4
_lfind 0x1323 0x5
_lfind_s 0x133c 0x6
_lrotl 0x1355 0x7
_lrotr 0x136c 0x8
_lsearch 0x1385 0x9
_lsearch_s 0x13a2 0xa
_rotl 0x13bc 0xb
_rotl64 0x13d3 0xc
_rotr 0x13ea 0xd
_rotr64 0x1401 0xe
_swab 0x1418 0xf
abs 0x142b 0x10
bsearch 0x1440 0x11
bsearch_s 0x145b 0x12
div 0x1472 0x13
imaxabs 0x1487 0x14
imaxdiv 0x14a0 0x15
labs 0x14b6 0x16
ldiv 0x14c9 0x17
llabs 0x14dd 0x18
lldiv 0x14f2 0x19
qsort 0x1507 0x1a
qsort_s 0x151e 0x1b
rand 0x1534 0x1c
rand_s 0x1549 0x1d
srand 0x155f 0x1e
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2017-08-11 20:11:15+00:00
Valid Until 2018-08-11 20:11:15+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 01 78 25 5A B5 CD 23 C6 5F 95 00 01 00 00 01 78
Thumbprint 49 D5 9D 86 50 5D 82 94 2A 07 63 88 69 3F 4F B7 B2 12 54 EE
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/nss3.dll Created File Binary
Whitelisted
»
Mime Type application/x-dosexec
File Size 1.19 MB
MD5 556ea09421a0f74d31c4c0a89a70dc23 Copy to Clipboard
SHA1 f739ba9b548ee64b13eb434a3130406d23f836e3 Copy to Clipboard
SHA256 f0e6210d4a0d48c7908d8d1c270449c91eb4523e312a61256833bfeaf699abfb Copy to Clipboard
SSDeep 24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn Copy to Clipboard
ImpHash 2f6410b337cbd1ca3a8bf343e95c41ee Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2018-04-28 14:09 (UTC+2)
Last Seen 2018-08-31 05:12 (UTC+2)
PE Information
»
Image Base 0x10000000
Entry Point 0x100ee854
Size Of Code 0xee400
Size Of Initialized Data 0x41c00
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-04-27 22:08:33+00:00
Version Information (11)
»
LegalCopyright License: MPL 2
InternalName -
FileVersion 59.0.3
CompanyName Mozilla Foundation
BuildID 20180427210249
LegalTrademarks Mozilla
Comments -
ProductName Firefox
ProductVersion 59.0.3
FileDescription -
OriginalFilename nss3.dll
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0xee3bf 0xee400 0x400 cnt_code, mem_execute, mem_read 6.67
.rdata 0x100f0000 0x3508e 0x35200 0xee800 cnt_initialized_data, mem_read 5.96
.data 0x10126000 0x4590 0x2000 0x123a00 cnt_initialized_data, mem_read, mem_write 3.91
.rsrc 0x1012b000 0x368 0x400 0x125a00 cnt_initialized_data, mem_read 2.85
.reloc 0x1012c000 0x7e74 0x8000 0x125e00 cnt_initialized_data, mem_discardable, mem_read 6.68
Imports (16)
»
mozglue.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
free 0x0 0x100f03cc 0x124134 0x122934 0x7c
malloc 0x0 0x100f03d0 0x124138 0x122938 0x86
strdup 0x0 0x100f03d4 0x12413c 0x12293c 0x9b
calloc 0x0 0x100f03d8 0x124140 0x122940 0x7b
malloc_usable_size 0x0 0x100f03dc 0x124144 0x122944 0x88
_HeapAlloc@12 0x0 0x100f03e0 0x124148 0x122948 0x71
_HeapReAlloc@16 0x0 0x100f03e4 0x12414c 0x12294c 0x73
realloc 0x0 0x100f03e8 0x124150 0x122950 0x9a
_HeapFree@12 0x0 0x100f03ec 0x124154 0x122954 0x72
KERNEL32.dll (114)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
HeapCreate 0x0 0x100f0034 0x123d9c 0x12259c 0x33f
EnterCriticalSection 0x0 0x100f0038 0x123da0 0x1225a0 0x12e
GetFullPathNameW 0x0 0x100f003c 0x123da4 0x1225a4 0x253
WriteFile 0x0 0x100f0040 0x123da8 0x1225a8 0x605
GetDiskFreeSpaceW 0x0 0x100f0044 0x123dac 0x1225ac 0x225
OutputDebugStringA 0x0 0x100f0048 0x123db0 0x1225b0 0x40b
LockFile 0x0 0x100f004c 0x123db4 0x1225b4 0x3cc
LeaveCriticalSection 0x0 0x100f0050 0x123db8 0x1225b8 0x3b2
InitializeCriticalSection 0x0 0x100f0054 0x123dbc 0x1225bc 0x355
SetFilePointer 0x0 0x100f0058 0x123dc0 0x1225c0 0x513
GetFullPathNameA 0x0 0x100f005c 0x123dc4 0x1225c4 0x250
SetEndOfFile 0x0 0x100f0060 0x123dc8 0x1225c8 0x501
UnlockFileEx 0x0 0x100f0064 0x123dcc 0x1225cc 0x59f
GetTempPathW 0x0 0x100f0068 0x123dd0 0x1225d0 0x2ef
CreateMutexW 0x0 0x100f006c 0x123dd4 0x1225d4 0xd8
WaitForSingleObject 0x0 0x100f0070 0x123dd8 0x1225d8 0x5c7
CreateFileW 0x0 0x100f0074 0x123ddc 0x1225dc 0xc9
GetFileAttributesW 0x0 0x100f0078 0x123de0 0x1225e0 0x23f
GetCurrentThreadId 0x0 0x100f007c 0x123de4 0x1225e4 0x218
UnmapViewOfFile 0x0 0x100f0080 0x123de8 0x1225e8 0x5a0
HeapValidate 0x0 0x100f0084 0x123dec 0x1225ec 0x349
HeapSize 0x0 0x100f0088 0x123df0 0x1225f0 0x346
MultiByteToWideChar 0x0 0x100f008c 0x123df4 0x1225f4 0x3e2
Sleep 0x0 0x100f0090 0x123df8 0x1225f8 0x56d
GetTempPathA 0x0 0x100f0094 0x123dfc 0x1225fc 0x2ee
FormatMessageW 0x0 0x100f0098 0x123e00 0x122600 0x1a3
GetDiskFreeSpaceA 0x0 0x100f009c 0x123e04 0x122604 0x222
GetLastError 0x0 0x100f00a0 0x123e08 0x122608 0x25a
GetFileAttributesA 0x0 0x100f00a4 0x123e0c 0x12260c 0x23a
GetFileAttributesExW 0x0 0x100f00a8 0x123e10 0x122610 0x23c
OutputDebugStringW 0x0 0x100f00ac 0x123e14 0x122614 0x40c
FlushViewOfFile 0x0 0x100f00b0 0x123e18 0x122618 0x19e
CreateFileA 0x0 0x100f00b4 0x123e1c 0x12261c 0xc1
LoadLibraryA 0x0 0x100f00b8 0x123e20 0x122620 0x3b6
WaitForSingleObjectEx 0x0 0x100f00bc 0x123e24 0x122624 0x5c8
DeleteFileA 0x0 0x100f00c0 0x123e28 0x122628 0x10f
DeleteFileW 0x0 0x100f00c4 0x123e2c 0x12262c 0x112
CloseHandle 0x0 0x100f00c8 0x123e30 0x122630 0x85
GetSystemInfo 0x0 0x100f00cc 0x123e34 0x122634 0x2dc
LoadLibraryW 0x0 0x100f00d0 0x123e38 0x122638 0x3b9
HeapCompact 0x0 0x100f00d4 0x123e3c 0x12263c 0x33e
HeapDestroy 0x0 0x100f00d8 0x123e40 0x122640 0x340
UnlockFile 0x0 0x100f00dc 0x123e44 0x122644 0x59e
GetProcAddress 0x0 0x100f00e0 0x123e48 0x122648 0x2a7
CreateFileMappingA 0x0 0x100f00e4 0x123e4c 0x12264c 0xc2
LocalFree 0x0 0x100f00e8 0x123e50 0x122650 0x3c3
LockFileEx 0x0 0x100f00ec 0x123e54 0x122654 0x3cd
GetFileSize 0x0 0x100f00f0 0x123e58 0x122658 0x245
DeleteCriticalSection 0x0 0x100f00f4 0x123e5c 0x12265c 0x10d
GetCurrentProcessId 0x0 0x100f00f8 0x123e60 0x122660 0x214
GetProcessHeap 0x0 0x100f00fc 0x123e64 0x122664 0x2ad
SystemTimeToFileTime 0x0 0x100f0100 0x123e68 0x122668 0x578
ReadFile 0x0 0x100f0104 0x123e6c 0x12266c 0x465
WideCharToMultiByte 0x0 0x100f0108 0x123e70 0x122670 0x5f1
GetSystemTimeAsFileTime 0x0 0x100f010c 0x123e74 0x122674 0x2e2
GetSystemTime 0x0 0x100f0110 0x123e78 0x122678 0x2e0
FormatMessageA 0x0 0x100f0114 0x123e7c 0x12267c 0x1a2
CreateFileMappingW 0x0 0x100f0118 0x123e80 0x122680 0xc6
MapViewOfFile 0x0 0x100f011c 0x123e84 0x122684 0x3d1
QueryPerformanceCounter 0x0 0x100f0120 0x123e88 0x122688 0x440
GetTickCount 0x0 0x100f0124 0x123e8c 0x12268c 0x300
FlushFileBuffers 0x0 0x100f0128 0x123e90 0x122690 0x19b
CreatePipe 0x0 0x100f012c 0x123e94 0x122694 0xdb
GetStdHandle 0x0 0x100f0130 0x123e98 0x122698 0x2cb
DebugBreak 0x0 0x100f0134 0x123e9c 0x12269c 0x103
GetModuleFileNameW 0x0 0x100f0138 0x123ea0 0x1226a0 0x26d
GetModuleHandleA 0x0 0x100f013c 0x123ea4 0x1226a4 0x26e
GetModuleHandleW 0x0 0x100f0140 0x123ea8 0x1226a8 0x271
LoadLibraryExW 0x0 0x100f0144 0x123eac 0x1226ac 0x3b8
GetThreadContext 0x0 0x100f0148 0x123eb0 0x1226b0 0x2f0
TerminateProcess 0x0 0x100f014c 0x123eb4 0x1226b4 0x57c
GetVersionExA 0x0 0x100f0150 0x123eb8 0x1226b8 0x312
GetEnvironmentStrings 0x0 0x100f0154 0x123ebc 0x1226bc 0x22f
CreateProcessA 0x0 0x100f0158 0x123ec0 0x1226c0 0xde
FreeEnvironmentStringsA 0x0 0x100f015c 0x123ec4 0x1226c4 0x1a5
GetExitCodeProcess 0x0 0x100f0160 0x123ec8 0x1226c8 0x236
GetCurrentProcess 0x0 0x100f0164 0x123ecc 0x1226cc 0x213
ReleaseSemaphore 0x0 0x100f0168 0x123ed0 0x1226d0 0x4a6
CreateSemaphoreA 0x0 0x100f016c 0x123ed4 0x1226d4 0xe6
OpenSemaphoreA 0x0 0x100f0170 0x123ed8 0x1226d8 0x403
DuplicateHandle 0x0 0x100f0174 0x123edc 0x1226dc 0x128
OpenFileMappingA 0x0 0x100f0178 0x123ee0 0x1226e0 0x3f7
InitializeCriticalSectionAndSpinCount 0x0 0x100f017c 0x123ee4 0x1226e4 0x356
TlsGetValue 0x0 0x100f0180 0x123ee8 0x1226e8 0x590
MoveFileA 0x0 0x100f0184 0x123eec 0x1226ec 0x3d9
GetFileAttributesExA 0x0 0x100f0188 0x123ef0 0x1226f0 0x23b
SetHandleInformation 0x0 0x100f018c 0x123ef4 0x1226f4 0x51f
FindFirstFileA 0x0 0x100f0190 0x123ef8 0x1226f8 0x175
GetHandleInformation 0x0 0x100f0194 0x123efc 0x1226fc 0x257
FindNextFileA 0x0 0x100f0198 0x123f00 0x122700 0x186
FindClose 0x0 0x100f019c 0x123f04 0x122704 0x171
GetFileInformationByHandle 0x0 0x100f01a0 0x123f08 0x122708 0x241
RemoveDirectoryA 0x0 0x100f01a4 0x123f0c 0x12270c 0x4a8
CreateDirectoryA 0x0 0x100f01a8 0x123f10 0x122710 0xb3
TlsSetValue 0x0 0x100f01ac 0x123f14 0x122714 0x591
SetThreadPriority 0x0 0x100f01b0 0x123f18 0x122718 0x54f
SuspendThread 0x0 0x100f01b4 0x123f1c 0x12271c 0x575
ResumeThread 0x0 0x100f01b8 0x123f20 0x122720 0x4be
GetCurrentThread 0x0 0x100f01bc 0x123f24 0x122724 0x217
TlsAlloc 0x0 0x100f01c0 0x123f28 0x122728 0x58e
RaiseException 0x0 0x100f01c4 0x123f2c 0x12272c 0x455
TlsFree 0x0 0x100f01c8 0x123f30 0x122730 0x58f
IsDebuggerPresent 0x0 0x100f01cc 0x123f34 0x122734 0x376
GlobalMemoryStatusEx 0x0 0x100f01d0 0x123f38 0x122738 0x332
MoveFileW 0x0 0x100f01d4 0x123f3c 0x12273c 0x3de
ReleaseMutex 0x0 0x100f01d8 0x123f40 0x122740 0x4a2
CreateMutexA 0x0 0x100f01dc 0x123f44 0x122744 0xd5
AreFileApisANSI 0x0 0x100f01e0 0x123f48 0x122748 0x23
TryEnterCriticalSection 0x0 0x100f01e4 0x123f4c 0x12274c 0x597
UnhandledExceptionFilter 0x0 0x100f01e8 0x123f50 0x122750 0x59d
SetUnhandledExceptionFilter 0x0 0x100f01ec 0x123f54 0x122754 0x55e
IsProcessorFeaturePresent 0x0 0x100f01f0 0x123f58 0x122758 0x37d
InitializeSListHead 0x0 0x100f01f4 0x123f5c 0x12275c 0x35a
FreeLibrary 0x0 0x100f01f8 0x123f60 0x122760 0x1a7
WINMM.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeGetTime 0x0 0x100f022c 0x123f94 0x122794 0x94
WSOCK32.dll (30)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
shutdown 0x16 0x100f0234 0x123f9c 0x12279c -
closesocket 0x3 0x100f0238 0x123fa0 0x1227a0 -
bind 0x2 0x100f023c 0x123fa4 0x1227a4 -
accept 0x1 0x100f0240 0x123fa8 0x1227a8 -
WSACleanup 0x74 0x100f0244 0x123fac 0x1227ac -
htons 0x9 0x100f0248 0x123fb0 0x1227b0 -
getprotobyname 0x35 0x100f024c 0x123fb4 0x1227b4 -
send 0x13 0x100f0250 0x123fb8 0x1227b8 -
getpeername 0x5 0x100f0254 0x123fbc 0x1227bc -
ntohl 0xe 0x100f0258 0x123fc0 0x1227c0 -
gethostbyname 0x34 0x100f025c 0x123fc4 0x1227c4 -
socket 0x17 0x100f0260 0x123fc8 0x1227c8 -
gethostname 0x39 0x100f0264 0x123fcc 0x1227cc -
ntohs 0xf 0x100f0268 0x123fd0 0x1227d0 -
getsockopt 0x7 0x100f026c 0x123fd4 0x1227d4 -
WSAGetLastError 0x6f 0x100f0270 0x123fd8 0x1227d8 -
htonl 0x8 0x100f0274 0x123fdc 0x1227dc -
listen 0xd 0x100f0278 0x123fe0 0x1227e0 -
getprotobynumber 0x36 0x100f027c 0x123fe4 0x1227e4 -
connect 0x4 0x100f0280 0x123fe8 0x1227e8 -
recvfrom 0x11 0x100f0284 0x123fec 0x1227ec -
recv 0x10 0x100f0288 0x123ff0 0x1227f0 -
sendto 0x14 0x100f028c 0x123ff4 0x1227f4 -
inet_ntoa 0xc 0x100f0290 0x123ff8 0x1227f8 -