Windows
Analysis Report
update_390_391.exe
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- update_390_391.exe (PID: 4044 cmdline:
"C:\Users\ user\Deskt op\update_ 390_391.ex e" MD5: C2C9B0B8B275DEFD42BE10314F13B480)
- update_390_391.exe (PID: 6580 cmdline:
"C:\Users\ user\Deskt op\update_ 390_391.ex e" MD5: C2C9B0B8B275DEFD42BE10314F13B480)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: |
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | Key opened: | ||
Source: | Key opened: |
Source: | Key opened: |
Source: | File read: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Window found: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
5% | Virustotal | Browse |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1468065 |
Start date and time: | 2024-07-05 09:50:44 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | update_390_391.exe |
Detection: | CLEAN |
Classification: | clean0.winEXE@2/2@0/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Users\user\Desktop\update_390_391.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 3.6014829069277465 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7E13A91153CABFE9DFED5FD0B5F0F1CB |
SHA1: | 42FE54AC6C58D67CDF4AF3E727F5D800BA33F6D2 |
SHA-256: | 1FC27D5091274C01DF8AE538DA538F41DC239069E9E830049B6543443CF1136F |
SHA-512: | 482ABD86DC5D7B5C34C627C322F93BF9B956F55092B3E651B0AF187DB2A58984A2940BF90341BB237E9EB233E979C68FF8370A1A69FEA436DAB0E6AA8A35F94E |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.9661758417480995 |
TrID: |
|
File name: | update_390_391.exe |
File size: | 28'808'560 bytes |
MD5: | c2c9b0b8b275defd42be10314f13b480 |
SHA1: | 1a268efea3cc2f56ddb154487e501550f0540696 |
SHA256: | 04ce55570cf7a827499636a577617bcdc80bfb1239f8b71caa7559a90f30b528 |
SHA512: | 828d426fffa04eedc6137e88fce528a0a88d37c6d5ae412bf3ff644362a4b3df14090af55cb63baaac03d35d5b5b06a09cd946841693d0f5be2ab859b8f0ca82 |
SSDEEP: | 786432:z9sg4J3dqRxyp0S0CajM0mSFJOS9h2fuhD:P4JNq78VAnB0ah2GF |
TLSH: | B7573326B860C533C06927749D2AF7B0607AFF447A2551D732E07E0E3FB5E923D26986 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 66ece47474363a58 |
Entrypoint: | 0x401798 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x6662B53C [Fri Jun 7 07:22:36 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 499cf71d4de8210851bd4e2772ff9278 |
Instruction |
---|
jmp 00007F27B4B40622h |
bound di, dword ptr [edx] |
inc ebx |
sub ebp, dword ptr [ebx] |
dec eax |
dec edi |
dec edi |
dec ebx |
nop |
jmp 00007F27B50756ADh |
mov eax, dword ptr [0053508Bh] |
shl eax, 02h |
mov dword ptr [0053508Fh], eax |
push edx |
push 00000000h |
call 00007F27B4C72C5Eh |
mov edx, eax |
call 00007F27B4C66BDBh |
pop edx |
call 00007F27B4C66B39h |
call 00007F27B4C66C10h |
push 00000000h |
call 00007F27B4C6802Dh |
pop ecx |
push 00535034h |
push 00000000h |
call 00007F27B4C72C38h |
mov dword ptr [00535093h], eax |
push 00000000h |
jmp 00007F27B4C6DA74h |
jmp 00007F27B4C6805Bh |
xor eax, eax |
mov al, byte ptr [0053507Dh] |
ret |
mov eax, dword ptr [00535093h] |
ret |
pushad |
mov ebx, BCB05000h |
push ebx |
push 00000BADh |
ret |
mov ecx, 000000B4h |
or ecx, ecx |
je 00007F27B4B4065Fh |
cmp dword ptr [0053508Bh], 00000000h |
jnc 00007F27B4B4061Ch |
mov eax, 000000FEh |
call 00007F27B4B405ECh |
mov ecx, 000000B4h |
push ecx |
push 00000008h |
call 00007F27B4C72BFBh |
push eax |
call 00007F27B4C72C7Fh |
or eax, eax |
jne 00007F27B4B4061Ch |
mov eax, 000000FDh |
call 00007F27B4B405CBh |
push eax |
push eax |
push dword ptr [0053508Bh] |
call 00007F27B4C6DC3Eh |
push dword ptr [0053508Bh] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x169000 | 0x2dfc | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x16c000 | 0x69e20 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1d6000 | 0x13ae0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x168000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x134000 | 0x133800 | 58b04912a5d3624a4a491c6b93776ac6 | False | 0.4938944994918699 | data | 6.548327546590203 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x135000 | 0x32000 | 0x2b200 | fabc95adc67aed38e18ff4e5328ac09e | False | 0.2225373641304348 | data | 4.333810078949944 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x167000 | 0x1000 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x168000 | 0x1000 | 0x200 | 5b2f1aa10339084143d88a737298f3d6 | False | 0.05078125 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.idata | 0x169000 | 0x3000 | 0x2e00 | de9a92dd42df4f2e7c7fe9007d2192d9 | False | 0.32693614130434784 | data | 5.274162404137791 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x16c000 | 0x69e20 | 0x6a000 | 86dbd8981bf1f896d733b455f1232078 | False | 0.17861650574882076 | data | 3.7785925360231953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1d6000 | 0x14000 | 0x13c00 | 171afce45fe774a28f60e1ad67ed81b4 | False | 0.5782486155063291 | data | 6.586797919077141 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x16d070 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | 0.38636363636363635 | ||
RT_CURSOR | 0x16d1a4 | 0x134 | data | 0.4642857142857143 | ||
RT_CURSOR | 0x16d2d8 | 0x134 | data | 0.4805194805194805 | ||
RT_CURSOR | 0x16d40c | 0x134 | data | 0.38311688311688313 | ||
RT_CURSOR | 0x16d540 | 0x134 | data | 0.36038961038961037 | ||
RT_CURSOR | 0x16d674 | 0x134 | data | 0.4090909090909091 | ||
RT_CURSOR | 0x16d7a8 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | 0.4967532467532468 | ||
RT_BITMAP | 0x16d8dc | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128, resolution 2835 x 2835 px/m | 0.33620689655172414 | ||
RT_BITMAP | 0x16d9c4 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
RT_BITMAP | 0x16db94 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | 0.46487603305785125 | ||
RT_BITMAP | 0x16dd78 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
RT_BITMAP | 0x16df48 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39870689655172414 | ||
RT_BITMAP | 0x16e118 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.4245689655172414 | ||
RT_BITMAP | 0x16e2e8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5021551724137931 | ||
RT_BITMAP | 0x16e4b8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5064655172413793 | ||
RT_BITMAP | 0x16e688 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
RT_BITMAP | 0x16e858 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5344827586206896 | ||
RT_BITMAP | 0x16ea28 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
RT_BITMAP | 0x16ebf8 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128, resolution 3780 x 3780 px/m | 0.6551724137931034 | ||
RT_BITMAP | 0x16ece0 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128, resolution 3780 x 3780 px/m | 0.5905172413793104 | ||
RT_BITMAP | 0x16edc8 | 0x88 | Device independent bitmap graphic, 8 x 8 x 4, image size 32, resolution 2835 x 2835 px/m | 0.6985294117647058 | ||
RT_BITMAP | 0x16ee50 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768 | 0.4344059405940594 | ||
RT_BITMAP | 0x16f178 | 0x88 | Device independent bitmap graphic, 8 x 8 x 4, image size 32, resolution 2835 x 2835 px/m | 0.6911764705882353 | ||
RT_BITMAP | 0x16f200 | 0x88 | Device independent bitmap graphic, 8 x 8 x 4, image size 32, resolution 2835 x 2835 px/m | 0.6985294117647058 | ||
RT_BITMAP | 0x16f288 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768 | 0.3353960396039604 | ||
RT_BITMAP | 0x16f5b0 | 0x88 | Device independent bitmap graphic, 8 x 8 x 4, image size 32, resolution 2835 x 2835 px/m | 0.6985294117647058 | ||
RT_BITMAP | 0x16f638 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | 0.4870689655172414 | ||
RT_ICON | 0x16f720 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | Russian | Russia | 0.3185483870967742 |
RT_DIALOG | 0x16fa08 | 0x52 | data | 0.7682926829268293 | ||
RT_STRING | 0x16fa5c | 0x124 | Matlab v4 mat-file (little endian) 7\004K\004:\004 , numeric, rows 0, columns 0 | Russian | Russia | 0.5171232876712328 |
RT_STRING | 0x16fb80 | 0x318 | data | Russian | Russia | 0.3813131313131313 |
RT_STRING | 0x16fe98 | 0x5a4 | data | Russian | Russia | 0.3157894736842105 |
RT_STRING | 0x17043c | 0x8ac | data | Russian | Russia | 0.3346846846846847 |
RT_STRING | 0x170ce8 | 0x6ae | data | Russian | Russia | 0.3280701754385965 |
RT_STRING | 0x171398 | 0x740 | data | Russian | Russia | 0.3232758620689655 |
RT_STRING | 0x171ad8 | 0x5fc | data | Russian | Russia | 0.33159268929503916 |
RT_STRING | 0x1720d4 | 0x5c8 | data | Russian | Russia | 0.3668918918918919 |
RT_STRING | 0x17269c | 0x5bc | Targa image data 1082 x 1072 x 32 +1080 +1090 "8\004A\004E\004>\0044\004=\004K\004E\004 " | Russian | Russia | 0.3971389645776567 |
RT_STRING | 0x172c58 | 0x30e | data | Russian | Russia | 0.3797953964194373 |
RT_STRING | 0x172f68 | 0x5ca | data | Russian | Russia | 0.3616734143049933 |
RT_STRING | 0x173534 | 0x816 | data | Russian | Russia | 0.3169082125603865 |
RT_STRING | 0x173d4c | 0x168 | Targa image data - Color 99 x 107 x 32 +68 +111 "z" | 0.5194444444444445 | ||
RT_STRING | 0x173eb4 | 0x314 | data | 0.4619289340101523 | ||
RT_STRING | 0x1741c8 | 0xd8 | data | 0.5879629629629629 | ||
RT_STRING | 0x1742a0 | 0x178 | data | 0.5186170212765957 | ||
RT_STRING | 0x174418 | 0x238 | data | 0.4753521126760563 | ||
RT_STRING | 0x174650 | 0x3c4 | data | 0.3848547717842324 | ||
RT_STRING | 0x174a14 | 0x3d4 | data | 0.39081632653061227 | ||
RT_STRING | 0x174de8 | 0x1b4 | data | 0.4610091743119266 | ||
RT_STRING | 0x174f9c | 0xec | data | 0.5550847457627118 | ||
RT_STRING | 0x175088 | 0x198 | data | 0.5171568627450981 | ||
RT_STRING | 0x175220 | 0x398 | data | 0.3358695652173913 | ||
RT_STRING | 0x1755b8 | 0x374 | data | 0.417420814479638 | ||
RT_STRING | 0x17592c | 0x2b8 | data | 0.3850574712643678 | ||
RT_STRING | 0x175be4 | 0x42c | data | 0.3838951310861423 | ||
RT_STRING | 0x176010 | 0x39c | data | 0.3538961038961039 | ||
RT_STRING | 0x1763ac | 0x478 | data | 0.38548951048951047 | ||
RT_RCDATA | 0x176824 | 0x31cf4 | Delphi compiled form 'TDMessages' | 0.2022938927556122 | ||
RT_RCDATA | 0x1a8518 | 0x2b6ff | Delphi compiled form 'TDM_Misc' | 0.11476008745552752 | ||
RT_RCDATA | 0x1d3c18 | 0x480 | Delphi compiled form 'TFEditForm' | 0.4522569444444444 | ||
RT_RCDATA | 0x1d4098 | 0x2d4 | Delphi compiled form 'TFLog' | 0.6174033149171271 | ||
RT_RCDATA | 0x1d436c | 0x1b9 | Delphi compiled form 'TFrmStatus' | 0.7120181405895691 | ||
RT_RCDATA | 0x1d4528 | 0xbdc | Delphi compiled form 'TFrm_SelDst' | 0.39492753623188404 | ||
RT_RCDATA | 0x1d5104 | 0x422 | Delphi compiled form 'TViewPrt' | 0.552930056710775 | ||
RT_GROUP_CURSOR | 0x1d5528 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
RT_GROUP_CURSOR | 0x1d553c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
RT_GROUP_CURSOR | 0x1d5550 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1d5564 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1d5578 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1d558c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1d55a0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_ICON | 0x1d55b4 | 0x14 | data | Russian | Russia | 1.2 |
RT_MANIFEST | 0x1d55c8 | 0x855 | XML 1.0 document, ISO-8859 text, with CRLF line terminators | 0.39990623534927333 |
DLL | Import |
---|---|
ADVAPI32.DLL | RegCloseKey, RegOpenKeyA, RegOpenKeyExA, RegQueryValueExA |
KERNEL32.DLL | CloseHandle, CompareStringA, CopyFileA, CreateDirectoryA, CreateEventA, CreateFileA, CreateFileMappingA, CreateMutexA, CreateProcessA, CreateThread, DeleteCriticalSection, DeleteFileA, EnterCriticalSection, EnumCalendarInfoA, ExitProcess, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, FindResourceA, FlushFileBuffers, FormatMessageA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetDiskFreeSpaceExA, GetDriveTypeA, GetEnvironmentStrings, GetFileAttributesA, GetFileSize, GetFileTime, GetFileType, GetLastError, GetLocalTime, GetLocaleInfoA, GetLogicalDrives, GetModuleFileNameA, GetModuleHandleA, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetProfileStringA, GetStartupInfoA, GetStdHandle, GetStringTypeExA, GetStringTypeW, GetSystemInfo, GetSystemTime, GetThreadLocale, GetTickCount, GetUserDefaultUILanguage, GetVersion, GetVersionExA, GetWindowsDirectoryA, GlobalAddAtomA, GlobalAlloc, GlobalDeleteAtom, GlobalFindAtomA, GlobalFree, GlobalHandle, GlobalLock, GlobalReAlloc, GlobalUnlock, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryW, LoadResource, LocalAlloc, LocalFree, LockResource, MapViewOfFile, MoveFileA, MulDiv, MultiByteToWideChar, QueryDosDeviceA, RaiseException, ReadFile, ReleaseMutex, RemoveDirectoryA, ResetEvent, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryA, SetEndOfFile, SetErrorMode, SetEvent, SetFileAttributesA, SetFilePointer, SetHandleCount, SetLastError, SetThreadLocale, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, UnmapViewOfFile, VirtualAlloc, VirtualFree, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpA, lstrcpyA, lstrcpynA, lstrlenA, GetVolumeInformationA |
MPR.DLL | WNetGetConnectionA |
VERSION.DLL | GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA |
WINSPOOL.DRV | ClosePrinter, DocumentPropertiesA, EnumPrintersA, OpenPrinterA |
COMCTL32.DLL | ImageList_Add, ImageList_BeginDrag, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Draw, ImageList_DrawEx, ImageList_EndDrag, ImageList_GetBkColor, ImageList_GetDragImage, ImageList_GetIconSize, ImageList_GetImageCount, ImageList_Read, ImageList_Remove, ImageList_Replace, ImageList_ReplaceIcon, ImageList_SetBkColor, ImageList_SetDragCursorImage, ImageList_SetIconSize, ImageList_Write |
GDI32.DLL | BitBlt, CombineRgn, CopyEnhMetaFileA, CreateBitmap, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, CreateDIBSection, CreateDIBitmap, CreateFontIndirectA, CreateHalftonePalette, CreateICA, CreatePalette, CreatePen, CreatePenIndirect, CreateRectRgn, CreateSolidBrush, DeleteDC, DeleteEnhMetaFile, DeleteObject, Ellipse, EndDoc, EndPage, ExcludeClipRect, ExtCreatePen, ExtTextOutA, GetBitmapBits, GetBrushOrgEx, GetCharABCWidthsA, GetCharWidth32A, GetClipBox, GetCurrentPositionEx, GetDCOrgEx, GetDIBColorTable, GetDIBits, GetDeviceCaps, GetEnhMetaFileBits, GetEnhMetaFileHeader, GetEnhMetaFilePaletteEntries, GetObjectA, GetPaletteEntries, GetPixel, GetRgnBox, GetStockObject, GetSystemPaletteEntries, GetTextExtentPoint32A, GetTextExtentPointA, GetTextMetricsA, GetWinMetaFileBits, GetWindowOrgEx, IntersectClipRect, LineTo, MaskBlt, MoveToEx, PatBlt, PlayEnhMetaFile, PolyBezier, PolyPolyline, Polyline, RealizePalette, RectVisible, Rectangle, RestoreDC, RoundRect, SaveDC, SelectObject, SelectPalette, SetAbortProc, SetBkColor, SetBkMode, SetBrushOrgEx, SetDIBColorTable, SetEnhMetaFileBits, SetMapMode, SetPixel, SetROP2, SetStretchBltMode, SetTextAlign, SetTextColor, SetViewportExtEx, SetViewportOrgEx, SetWinMetaFileBits, SetWindowExtEx, SetWindowOrgEx, StartDocA, StartPage, StretchBlt, TextOutA, UnrealizeObject |
SHELL32.DLL | ExtractIconExA, SHGetSpecialFolderLocation, SHGetPathFromIDListA |
USER32.DLL | ActivateKeyboardLayout, AdjustWindowRectEx, BeginPaint, BringWindowToTop, CallNextHookEx, CallWindowProcA, CharLowerA, CharLowerBuffA, CharNextA, CharUpperBuffA, CheckMenuItem, ChildWindowFromPoint, ClientToScreen, CloseClipboard, CountClipboardFormats, CreateIcon, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawTextA, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndPaint, EnumClipboardFormats, EnumThreadWindows, EnumWindows, EqualRect, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetCaretPos, GetClassInfoA, GetClassNameA, GetClientRect, GetClipboardData, GetCursor, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyNameTextA, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetMenu, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetMessagePos, GetMessageTime, GetParent, GetPropA, GetScrollInfo, GetScrollPos, GetScrollRange, GetSubMenu, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTopWindow, GetUpdateRect, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowThreadProcessId, InflateRect, InsertMenuA, InsertMenuItemA, IntersectRect, InvalidateRect, IsCharAlphaA, IsCharAlphaNumericA, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsIconic, IsRectEmpty, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapA, LoadCursorA, LoadIconA, LoadKeyboardLayoutA, LoadStringA, MapVirtualKeyA, MapWindowPoints, MessageBeep, MessageBoxA, MoveWindow, OemToCharA, OemToCharBuffA, OffsetRect, OpenClipboard, PeekMessageA, PostMessageA, PostQuitMessage, PtInRect, RedrawWindow, RegisterClassA, RegisterClipboardFormatA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, ScreenToClient, ScrollWindow, ScrollWindowEx, SendMessageA, SetActiveWindow, SetCapture, SetClassLongA, SetClipboardData, SetCursor, SetFocus, SetForegroundWindow, SetKeyboardState, SetMenu, SetMenuItemInfoA, SetPropA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowsHookExA, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowWindow, SystemParametersInfoA, TrackPopupMenu, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UnionRect, UnregisterClassA, UpdateWindow, ValidateRect, WaitMessage, WinHelpA, WindowFromPoint, wsprintfA, GetSysColor |
OLE32.DLL | CoCreateInstance, CoInitialize, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize |
OLEAUT32.DLL | GetErrorInfo, SafeArrayCreate, SafeArrayGetElement, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayRedim, SysAllocStringLen, SysFreeString, SysReAllocStringLen, VariantChangeType, VariantClear, VariantCopy, VariantCopyInd, VariantInit |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Russian | Russia |