Edit tour

Windows Analysis Report
glib-2.0.dll

Overview

General Information

Sample name:	glib-2.0.dll
Analysis ID:	1544942
MD5:	34f4b186c725c3948820c0ad65c42c27
SHA1:	a5422d027adc059ef5c78e635af2d43795710925
SHA256:	5cfa104a083d2b1d223f306b86829e5ae40cd0909c8d46828149296388d542a7
Tags:	dlluser-likeastar20
Infos:

Detection

Score:	23
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected suspicious sample

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 6568 cmdline: loaddll32.exe "C:\Users\user\Desktop\glib-2.0.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)

conhost.exe (PID: 6592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6708 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\glib-2.0.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

rundll32.exe (PID: 6784 cmdline: rundll32.exe "C:\Users\user\Desktop\glib-2.0.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 6732 cmdline: rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,_g_debug_flags MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 6972 cmdline: rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,_g_debug_initialized MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7076 cmdline: rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,g_access MD5: 889B99C52A60DD49227C5E485A016679)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 86.0% probability

Source: glib-2.0.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: C:\Windows\System32\loaddll32.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll

Jump to behavior

Source: glib-2.0.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\toolchain\src\glib-2.22.4-3\glib-2.22.4\build\win32\vs8\Release\bin\glib-2.0.pdb source: glib-2.0.dll

Source: glib-2.0.dll	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: glib-2.0.dll	String found in binary or memory: http://freedesktop.org
Source: glib-2.0.dll	String found in binary or memory: http://freedesktop.orgmetadataUnexpected
Source: glib-2.0.dll	String found in binary or memory: http://ocsp.thawte.com0
Source: glib-2.0.dll	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: glib-2.0.dll	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: glib-2.0.dll	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: glib-2.0.dll	String found in binary or memory: http://www.freedesktop.org/standards/desktop-bookmarks
Source: glib-2.0.dll	String found in binary or memory: http://www.freedesktop.org/standards/desktop-bookmarksapplicationUnexpected
Source: glib-2.0.dll	String found in binary or memory: http://www.freedesktop.org/standards/desktop-bookmarksgroupUnexpected
Source: glib-2.0.dll	String found in binary or memory: http://www.freedesktop.org/standards/desktop-bookmarksgrouphttp://www.freedesktop.org/standards/desk
Source: glib-2.0.dll	String found in binary or memory: http://www.freedesktop.org/standards/desktop-bookmarksgroupshttp://www.freedesktop.org/standards/des
Source: glib-2.0.dll	String found in binary or memory: http://www.freedesktop.org/standards/desktop-bookmarksmetadataUnexpected
Source: glib-2.0.dll	String found in binary or memory: http://www.freedesktop.org/standards/shared-mime-info
Source: glib-2.0.dll	String found in binary or memory: http://www.vmware.com/0

Source: glib-2.0.dll

Static PE information: invalid certificate

Source: glib-2.0.dll

Binary or memory string: OriginalFilenamelibglib-2.0-0.dll* vs glib-2.0.dll

Source: glib-2.0.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: classification engine

Classification label: sus23.winDLL@12/0@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6592:120:WilError_03

Source: glib-2.0.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,_g_debug_flags

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\glib-2.0.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\glib-2.0.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,_g_debug_flags
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\glib-2.0.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,_g_debug_initialized
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,g_access
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\glib-2.0.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,_g_debug_flags	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,_g_debug_initialized	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,g_access	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\glib-2.0.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: intl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: glib-2.0.dll

Static PE information: More than 1235 > 100 exports found

Source: glib-2.0.dll

Static file information: File size 1074880 > 1048576

Source: C:\Windows\System32\loaddll32.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll

Jump to behavior

Source: glib-2.0.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: glib-2.0.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: glib-2.0.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: glib-2.0.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: glib-2.0.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: glib-2.0.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: glib-2.0.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: glib-2.0.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: c:\toolchain\src\glib-2.22.4-3\glib-2.22.4\build\win32\vs8\Release\bin\glib-2.0.pdb source: glib-2.0.dll

Source: glib-2.0.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: glib-2.0.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: glib-2.0.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: glib-2.0.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: glib-2.0.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: glib-2.0.dll

Static PE information: real checksum: 0x1108d6 should be: 0x10d0b0

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: glib-2.0.dll	Binary or memory string: VMware, Inc.1>0<
Source: glib-2.0.dll	Binary or memory string: http://www.vmware.com/0
Source: glib-2.0.dll	Binary or memory string: VMware, Inc.0

Source: C:\Windows\System32\loaddll32.exe

Process queried: DebugPort

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\glib-2.0.dll",#1

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	1 Virtualization/Sandbox Evasion	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Rundll32	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
glib-2.0.dll	11%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://crl.thawte.com/ThawteTimestampingCA.crl0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.freedesktop.org/standards/desktop-bookmarks	glib-2.0.dll	false		unknown
http://www.freedesktop.org/standards/desktop-bookmarksgrouphttp://www.freedesktop.org/standards/desk	glib-2.0.dll	false		unknown
http://www.vmware.com/0	glib-2.0.dll	false		unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	glib-2.0.dll	false	URL Reputation: safe	unknown
http://www.freedesktop.org/standards/desktop-bookmarksgroupshttp://www.freedesktop.org/standards/des	glib-2.0.dll	false		unknown
http://www.freedesktop.org/standards/shared-mime-info	glib-2.0.dll	false		unknown
http://freedesktop.org	glib-2.0.dll	false		unknown
http://ocsp.thawte.com0	glib-2.0.dll	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544942
Start date and time:	2024-10-29 21:50:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	glib-2.0.dll
Detection:	SUS
Classification:	sus23.winDLL@12/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .dll Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: glib-2.0.dll

File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.573248721973091
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	glib-2.0.dll
File size:	1'074'880 bytes
MD5:	34f4b186c725c3948820c0ad65c42c27
SHA1:	a5422d027adc059ef5c78e635af2d43795710925
SHA256:	5cfa104a083d2b1d223f306b86829e5ae40cd0909c8d46828149296388d542a7
SHA512:	bf1baf5be92dccdfe446505a8d26269c0d7fd65839b2ac15e84ca834cf36cc06844ad336f0b6c9e302f342aa4320685ed93f88a562cfbf742c801457d269520c
SSDEEP:	24576:NekMj5RU/KFHOTHRMQHa6dcS/KODIj5d0Hl/QrVmPQN:NekMjoKsRMQUS//DIj5d0FSVmYN
TLSH:	2D350712F501F067FB8398BA63A5936A79745B212F5710C37A9CE6D4E71C6E22032F87
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............@.......C.......U.......R.......E.........K....._.......D.......B.......G.....Rich...........................

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x10001481
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x50BCEACF [Mon Dec 3 18:09:19 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	9bc40fa39ece484543c8e07744cdc3ca

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	16/10/2013 20:00:00 15/11/2016 18:59:59
Subject Chain	CN="VMware, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="VMware, Inc.", L=Palo Alto, S=California, C=US
Version:	3
Thumbprint MD5:	31E7FB307B9796C0A2B1963C4441488B
Thumbprint SHA-1:	968970C359F148B1F3670A41C48B4DC47B1478A9
Thumbprint SHA-256:	E0EE6CB3E8F109F9196F74619C60831E68CC516D8B56BD50CB3DE83C994FEFD8
Serial:	4451AD3717CFA22371FFBC07DF13E65D

Entrypoint Preview

Instruction
mov edi, edi
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007F66E0CB8EF7h
call 00007F66E0CB926Ah
push dword ptr [ebp+08h]
mov ecx, dword ptr [ebp+10h]
mov edx, dword ptr [ebp+0Ch]
call 00007F66E0CB8DC1h
pop ecx
pop ebp
retn 000Ch
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [100FE3E0h], eax
mov dword ptr [100FE3DCh], ecx
mov dword ptr [100FE3D8h], edx
mov dword ptr [100FE3D4h], ebx
mov dword ptr [100FE3D0h], esi
mov dword ptr [100FE3CCh], edi
mov word ptr [100FE3F8h], ss
mov word ptr [100FE3ECh], cs
mov word ptr [100FE3C8h], ds
mov word ptr [100FE3C4h], es
mov word ptr [100FE3C0h], fs
mov word ptr [100FE3BCh], gs
pushfd
pop dword ptr [100FE3F0h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [100FE3E4h], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [100FE3E8h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [100FE3F4h], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [100FE330h], 00010001h
mov eax, dword ptr [100FE3E8h]
mov dword ptr [100FE2E4h], eax
mov dword ptr [100FE2D8h], C0000409h
mov dword ptr [100FE2DCh], 00000001h

Rich Headers

Programming Language:

[ASM] VS2008 SP1 build 30729
[ C ] VS2008 SP1 build 30729
[C++] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[EXP] VS2008 SP1 build 30729
[LNK] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xc9930	0x92ac	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc87ac	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xff000	0x698	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x104800	0x1ec0	.reloc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x100000	0x6cde	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x943b0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xc8650	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x94000	0x38c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x92679	0x92800	8a514ce59898df6f254a4b43cb29a4bf	False	0.41519737894624575	data	6.300539378421434	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x94000	0x3ebdc	0x3ec00	354de873ddfec807ec4394b1a3ddc8df	False	0.26878812873505975	data	5.385878719544283	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xd3000	0x2b9b8	0x2b400	c160d8b3022f8e9801d76e07272f9c11	False	0.12650718027456648	data	5.047363038871125	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xff000	0x698	0x800	d0114d8302fd977243570810cfcb8eb5	False	0.396484375	data	4.777209148765724	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x100000	0x72d6	0x7400	9cf6cf85f0b0abcab94d41696c10e28d	False	0.7156519396551724	data	6.636934563660123	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xff0a0	0x39c	data	English	United States	0.47835497835497837
RT_MANIFEST	0xff43c	0x259	ASCII text, with CRLF line terminators	English	United States	0.5158069883527454

Imports

DLL	Import
intl.dll	libintl_gettext, libintl_sprintf, libintl_bindtextdomain, libintl_bind_textdomain_codeset, libintl_fprintf, libintl_textdomain, libintl_dgettext, libintl_dngettext
WS2_32.dll	WSAEnumNetworkEvents, send, WSACloseEvent, WSASetEvent, ioctlsocket, WSAGetLastError, closesocket, WSAEventSelect, recv, WSACreateEvent, getsockopt
KERNEL32.dll	LocalFree, GetVersion, GetShortPathNameW, FormatMessageW, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, InterlockedExchange, GetModuleHandleW, GetLocaleInfoA, ExpandEnvironmentStringsW, GetWindowsDirectoryW, FreeEnvironmentStringsW, GetModuleHandleA, InterlockedCompareExchange, InterlockedExchangeAdd, IsDebuggerPresent, WideCharToMultiByte, GetACP, MultiByteToWideChar, GetLastError, IsDBCSLeadByteEx, GetProcAddress, IsValidCodePage, LoadLibraryA, GetCPInfoExA, GetDateFormatW, GetLocaleInfoW, GetTimeFormatW, GetTimeZoneInformation, GetThreadLocale, GetFileAttributesW, PeekNamedPipe, WaitForSingleObject, SetEvent, WriteFile, InitializeCriticalSection, ReadConsoleInputA, CreateEventA, LeaveCriticalSection, ReadFile, EnterCriticalSection, ResetEvent, PeekConsoleInputA, DeleteCriticalSection, CloseHandle, GetSystemTimeAsFileTime, GetExitCodeProcess, CreateSemaphoreA, ReleaseSemaphore, MapViewOfFile, UnmapViewOfFile, CreateFileMappingA, SleepEx, WaitForMultipleObjectsEx, GetSystemInfo, GetCurrentProcess, GetStdHandle, GetConsoleCursorInfo, DuplicateHandle, MoveFileExW, Sleep, GetComputerNameA, GetEnvironmentVariableW, VirtualQuery, SetEnvironmentVariableW, GetEnvironmentStringsW, GetSystemDirectoryW, GetModuleFileNameW, GetCurrentDirectoryW
USER32.dll	PostMessageA, MessageBoxA, MsgWaitForMultipleObjectsEx, PeekMessageA, IsWindow
ADVAPI32.dll	GetUserNameW
SHELL32.dll	SHGetPathFromIDListW, SHGetSpecialFolderLocation
ole32.dll	CoTaskMemFree
MSVCR90.dll	_adjust_fdiv, __CppXcptFilter, _crt_debugger_hook, _except_handler4_common, __clean_type_info_names_internal, _close, _open, _fdopen, _read, _lseek, _amsg_exit, _initterm_e, _initterm, _encoded_null, _malloc_crt, _decode_pointer, _write, free, _onexit, _lock, _encode_pointer, __dllonexit, _unlock, memcpy, memmove, qsort, memset, abort, _exit, strlen, strchr, atoi, strcmp, atol, _time64, strncmp, strncpy, _stricmp, _strnicmp, _getpid, calloc, strcpy, _errno, strstr, wcslen, setlocale, _localtime64, wcscat, malloc, _wfindfirst64i32, _findclose, _wfindnext64i32, _wfullpath, wcscmp, wcscpy, feof, memcmp, fflush, fread, ferror, fwrite, strrchr, fclose, strcspn, _fstat64i32, _beginthreadex, _get_osfhandle, getenv, _kbhit, strtol, strtoul, realloc, fputs, __iob_func, strcat, exit, strerror, fprintf, vfprintf, _wspawnvp, _pipe, _wspawnve, _wspawnv, _open_osfhandle, _wspawnvpe, _wopen, _wchmod, _wmkdir, _wrmdir, _wfopen, _wstat64i32, _wremove, _wcreat, _wchdir, _waccess, _wunlink, _wutime64, _wfreopen, strtod, localeconv, tolower, isdigit, isupper, toupper, islower, strpbrk, printf, _mktime64, _gmtime64, strcoll, strxfrm, bsearch, wcschr, _wputenv, _chsize, sprintf, ___mb_cur_max_func

Exports

Name	Ordinal	Address
_g_debug_flags	1	0x100fe7c8
_g_debug_initialized	2	0x100fe7c4
g_access	3	0x100252d0
g_allocator_free	4	0x1003b890
g_allocator_new	5	0x1003b8a0
g_array_append_vals	6	0x10075080
g_array_free	7	0x10075f60
g_array_get_element_size	8	0x10074c60
g_array_insert_vals	9	0x10074ee0
g_array_new	10	0x100751f0
g_array_prepend_vals	11	0x10074fb0
g_array_ref	12	0x10076090
g_array_remove_index	13	0x10075e10
g_array_remove_index_fast	14	0x10075cd0
g_array_remove_range	15	0x10075b40
g_array_set_size	16	0x10074df0
g_array_sized_new	17	0x10075110
g_array_sort	18	0x10075ae0
g_array_sort_with_data	19	0x10076400
g_array_unref	20	0x10076020
g_ascii_digit_value	21	0x10021470
g_ascii_dtostr	22	0x100242a0
g_ascii_formatd	23	0x10023f90
g_ascii_strcasecmp	24	0x10021340
g_ascii_strdown	25	0x10023920
g_ascii_strncasecmp	26	0x10023570
g_ascii_strtod	27	0x100242d0
g_ascii_strtoll	28	0x100249b0
g_ascii_strtoull	29	0x10024a60
g_ascii_strup	30	0x10023880
g_ascii_table	31	0x100c8240
g_ascii_tolower	32	0x100214e0
g_ascii_toupper	33	0x100214a0
g_ascii_xdigit_value	34	0x100215d0
g_assert_warning	35	0x1003b5b0
g_assertion_message	36	0x1001d3c0
g_assertion_message_cmpnum	37	0x1001d6c0
g_assertion_message_cmpstr	38	0x1001dd90
g_assertion_message_error	39	0x1001d5e0
g_assertion_message_expr	40	0x1001d7a0
g_async_queue_length	41	0x10073e20
g_async_queue_length_unlocked	42	0x10073da0
g_async_queue_lock	43	0x10073f70
g_async_queue_new	44	0x10073ca0
g_async_queue_new_full	45	0x10073d00
g_async_queue_pop	46	0x10074a40
g_async_queue_pop_unlocked	47	0x100749c0
g_async_queue_push	48	0x10074490
g_async_queue_push_sorted	49	0x10074b90
g_async_queue_push_sorted_unlocked	50	0x10074b00
g_async_queue_push_unlocked	51	0x100743b0
g_async_queue_ref	52	0x10074080
g_async_queue_ref_unlocked	53	0x10074000
g_async_queue_sort	54	0x10074190
g_async_queue_sort_unlocked	55	0x10074100
g_async_queue_timed_pop	56	0x100747c0
g_async_queue_timed_pop_unlocked	57	0x10074740
g_async_queue_try_pop	58	0x10074900
g_async_queue_try_pop_unlocked	59	0x10074880
g_async_queue_unlock	60	0x10073ee0
g_async_queue_unref	61	0x10074570
g_async_queue_unref_and_unlock	62	0x100746b0
g_atexit	63	0x1000ed90
g_atomic_int_add	64	0x10073c40
g_atomic_int_compare_and_exchange	65	0x10073c10
g_atomic_int_exchange_and_add	66	0x10073c60
g_atomic_int_get	67	0x10073bc0
g_atomic_int_set	68	0x10073bb0
g_atomic_pointer_compare_and_exchange	69	0x10073be0
g_atomic_pointer_get	70	0x10073ba0
g_atomic_pointer_set	71	0x10073b90
g_base64_decode	72	0x10091440
g_base64_decode_inplace	73	0x10091350
g_base64_decode_step	74	0x10090ce0
g_base64_encode	75	0x10091550
g_base64_encode_close	76	0x10090ed0
g_base64_encode_step	77	0x10091070
g_basename	78	0x1000ecd0
g_bit_nth_lsf	79	0x1000cce0
g_bit_nth_msf	80	0x1000cca0
g_bit_storage	81	0x1000cc70
g_blow_chunks	82	0x1003b8b0
g_bookmark_file_add_application	83	0x10070960
g_bookmark_file_add_group	84	0x10070c70
g_bookmark_file_error_quark	85	0x1006e9a0
g_bookmark_file_free	86	0x10072bc0
g_bookmark_file_get_added	87	0x1006fd10
g_bookmark_file_get_app_info	88	0x100719c0
g_bookmark_file_get_applications	89	0x1006f450
g_bookmark_file_get_description	90	0x1006ffe0
g_bookmark_file_get_groups	91	0x1006f730
g_bookmark_file_get_icon	92	0x1006f2f0
g_bookmark_file_get_is_private	93	0x1006fde0
g_bookmark_file_get_mime_type	94	0x1006fee0
g_bookmark_file_get_modified	95	0x1006fc40
g_bookmark_file_get_size	96	0x1006f400
g_bookmark_file_get_title	97	0x10070090
g_bookmark_file_get_uris	98	0x10070140
g_bookmark_file_get_visited	99	0x1006fb70
g_bookmark_file_has_application	100	0x1006f630
g_bookmark_file_has_group	101	0x1006fa60
g_bookmark_file_has_item	102	0x10070250
g_bookmark_file_load_from_data	103	0x10073700
g_bookmark_file_load_from_data_dirs	104	0x10073930
g_bookmark_file_load_from_file	105	0x10073820
g_bookmark_file_move_item	106	0x100729f0
g_bookmark_file_new	107	0x1006e810
g_bookmark_file_remove_application	108	0x10070860
g_bookmark_file_remove_group	109	0x1006f8e0
g_bookmark_file_remove_item	110	0x10072170
g_bookmark_file_set_added	111	0x10070f70
g_bookmark_file_set_app_info	112	0x10070560
g_bookmark_file_set_description	113	0x10071280
g_bookmark_file_set_groups	114	0x10070ac0
g_bookmark_file_set_icon	115	0x10070410
g_bookmark_file_set_is_private	116	0x10071050
g_bookmark_file_set_mime_type	117	0x10071150
g_bookmark_file_set_modified	118	0x10070ea0
g_bookmark_file_set_title	119	0x10071360
g_bookmark_file_set_visited	120	0x10070dd0
g_bookmark_file_to_data	121	0x10073460
g_bookmark_file_to_file	122	0x100735f0
g_build_filename	123	0x10057c60
g_build_filenamev	124	0x10057c90
g_build_path	125	0x100580e0
g_build_pathv	126	0x10057cb0
g_byte_array_append	127	0x10075250
g_byte_array_free	128	0x10076260
g_byte_array_new	129	0x10075290
g_byte_array_prepend	130	0x10075230
g_byte_array_ref	131	0x10076240
g_byte_array_remove_index	132	0x10076200
g_byte_array_remove_index_fast	133	0x100761e0
g_byte_array_remove_range	134	0x10076110
g_byte_array_set_size	135	0x10075210
g_byte_array_sized_new	136	0x10075270
g_byte_array_sort	137	0x100760f0
g_byte_array_sort_with_data	138	0x10076470
g_byte_array_unref	139	0x10076220
g_cache_destroy	140	0x1008f2d0
g_cache_insert	141	0x1008f020
g_cache_key_foreach	142	0x1008ee90
g_cache_new	143	0x1008f100
g_cache_remove	144	0x1008ef10
g_cache_value_foreach	145	0x1008ee10
g_chdir	146	0x10024e40
g_checksum_copy	147	0x1006e450
g_checksum_free	148	0x1006dff0
g_checksum_get_digest	149	0x1006e030
g_checksum_get_string	150	0x1006e1f0
g_checksum_new	151	0x1006e5a0
g_checksum_reset	152	0x1006e4d0
g_checksum_type_get_length	153	0x10064d10
g_checksum_update	154	0x1006e310
g_child_watch_add	155	0x10045180
g_child_watch_add_full	156	0x10044a10
g_child_watch_funcs	157	0x100e6be4
g_child_watch_source_new	158	0x10042160
g_chmod	159	0x10025250
g_clear_error	160	0x100595f0
g_completion_add_items	161	0x10064c10
g_completion_clear_items	162	0x10064ae0
g_completion_complete	163	0x100647d0
g_completion_complete_utf8	164	0x10064a50
g_completion_free	165	0x10064cc0
g_completion_new	166	0x10064780
g_completion_remove_items	167	0x10064b60
g_completion_set_compare	168	0x10064600
g_compute_checksum_for_data	169	0x1006e5e0
g_compute_checksum_for_string	170	0x1006e6b0
g_convert	171	0x10063d70
g_convert_error_quark	172	0x10062cb0
g_convert_with_fallback	173	0x100631e0
g_convert_with_iconv	174	0x10063ae0
g_creat	175	0x10025150
g_datalist_clear	176	0x100600e0
g_datalist_foreach	177	0x1005f680
g_datalist_get_flags	178	0x1005f4d0
g_datalist_id_get_data	179	0x1005f8b0
g_datalist_id_remove_no_notify	180	0x1005fb00
g_datalist_id_set_data_full	181	0x1005fcf0
g_datalist_init	182	0x1005f640
g_datalist_set_flags	183	0x1005f5b0
g_datalist_unset_flags	184	0x1005f510
g_dataset_destroy	185	0x10060000
g_dataset_foreach	186	0x1005f730
g_dataset_id_get_data	187	0x1005f9b0
g_dataset_id_remove_no_notify	188	0x1005fbf0
g_dataset_id_set_data_full	189	0x1005fe50
g_date_add_days	190	0x1005c190
g_date_add_months	191	0x1005ae80
g_date_add_years	192	0x1005aac0
g_date_clamp	193	0x1005c820
g_date_clear	194	0x1005a2f0
g_date_compare	195	0x1005bd80
g_date_days_between	196	0x1005cd40
g_date_free	197	0x1005a690
g_date_get_day	198	0x1005b900
g_date_get_day_of_year	199	0x1005b810
g_date_get_days_in_month	200	0x1005a8a0
g_date_get_iso8601_week_of_year	201	0x1005c4f0
g_date_get_julian	202	0x1005c610
g_date_get_monday_week_of_year	203	0x1005cf00
g_date_get_monday_weeks_in_year	204	0x1005cc20
g_date_get_month	205	0x1005ba60
g_date_get_sunday_week_of_year	206	0x1005cde0
g_date_get_sunday_weeks_in_year	207	0x1005cb00
g_date_get_weekday	208	0x1005c6b0
g_date_get_year	209	0x1005b9b0
g_date_is_first_of_month	210	0x1005b160
g_date_is_last_of_month	211	0x1005b070
g_date_is_leap_year	212	0x1005a1b0
g_date_new	213	0x1005a190
g_date_new_dmy	214	0x1005a790
g_date_new_julian	215	0x1005a6d0
g_date_order	216	0x1005c760
g_date_set_day	217	0x1005b450
g_date_set_dmy	218	0x1005b220
g_date_set_julian	219	0x1005a240
g_date_set_month	220	0x1005b570
g_date_set_parse	221	0x1005e5f0
g_date_set_time	222	0x1005c270
g_date_set_time_t	223	0x1005b690
g_date_set_time_val	224	0x1005c250
g_date_set_year	225	0x1005b320
g_date_strftime	226	0x1005e170
g_date_subtract_days	227	0x1005c0a0
g_date_subtract_months	228	0x1005abf0
g_date_subtract_years	229	0x1005a950
g_date_to_struct_tm	230	0x1005c990
g_date_valid	231	0x1005a620
g_date_valid_day	232	0x1005a0f0
g_date_valid_dmy	233	0x1005a5b0
g_date_valid_julian	234	0x1005a0b0
g_date_valid_month	235	0x1005a140
g_date_valid_weekday	236	0x1005a0c0
g_date_valid_year	237	0x1005a120
g_dgettext	238	0x10021d10
g_dir_close	239	0x10059d10
g_dir_open	240	0x1005a040
g_dir_open_utf8	241	0x10059ec0
g_dir_read_name	242	0x10059fc0
g_dir_read_name_utf8	243	0x10059db0
g_dir_rewind	244	0x10059d60
g_direct_equal	245	0x1000c920
g_direct_hash	246	0x1000c940
g_dngettext	247	0x10021cc0
g_double_equal	248	0x1000c860
g_double_hash	249	0x1000c830
g_dpgettext	250	0x10021e20
g_dpgettext2	251	0x10021d40
g_error_copy	252	0x100597a0
g_error_free	253	0x10059590
g_error_matches	254	0x100593b0
g_error_new	255	0x10059820
g_error_new_literal	256	0x100593f0
g_error_new_valist	257	0x100596f0
g_file_error_from_errno	258	0x10057600
g_file_error_quark	259	0x10057ce0
g_file_get_contents	260	0x100590b0
g_file_get_contents_utf8	261	0x10059010
g_file_open_tmp	262	0x10059330
g_file_open_tmp_utf8	263	0x10059110
g_file_read_link	264	0x10057d00
g_file_set_contents	265	0x10058da0
g_file_test	266	0x10058d50
g_file_test_utf8	267	0x10058980
g_filename_display_basename	268	0x10064320
g_filename_display_name	269	0x10064260
g_filename_from_uri	270	0x10064070
g_filename_from_uri_utf8	271	0x100637f0
g_filename_from_utf8	272	0x10063e90
g_filename_from_utf8_utf8	273	0x10063ef0
g_filename_to_uri	274	0x100645a0
g_filename_to_uri_utf8	275	0x10064490
g_filename_to_utf8	276	0x10063f50
g_filename_to_utf8_utf8	277	0x10063fb0
g_find_program_in_path	278	0x1000fcf0
g_find_program_in_path_utf8	279	0x1000fb90
g_fopen	280	0x10024c10
g_format_size_for_display	281	0x10057d30
g_fprintf	282	0x1008ed50
g_free	283	0x1003bcd0
g_freopen	284	0x10024b50
g_get_application_name	285	0x1000ddd0
g_get_charset	286	0x10011900
g_get_codeset	287	0x1000d7f0
g_get_current_dir	288	0x1000df00
g_get_current_dir_utf8	289	0x1000d6c0
g_get_current_time	290	0x100403a0
g_get_filename_charsets	291	0x100602c0
g_get_home_dir	292	0x100101d0
g_get_home_dir_utf8	293	0x100102b0
g_get_host_name	294	0x10010290
g_get_language_names	295	0x1000eea0
g_get_prgname	296	0x1000dc80
g_get_real_name	297	0x100101e0
g_get_real_name_utf8	298	0x100102c0
g_get_system_config_dirs	299	0x1000f0a0
g_get_system_data_dirs	300	0x1000f190
g_get_tmp_dir	301	0x100101c0
g_get_tmp_dir_utf8	302	0x100102a0
g_get_user_cache_dir	303	0x1000fe90
g_get_user_config_dir	304	0x10010200
g_get_user_data_dir	305	0x10010020
g_get_user_name	306	0x100101f0
g_get_user_name_utf8	307	0x100102d0
g_get_user_special_dir	308	0x1000fd80
g_getenv	309	0x1000de70
g_getenv_utf8	310	0x1000d4c0
g_hash_table_destroy	311	0x10057530
g_hash_table_find	312	0x10056c70
g_hash_table_foreach	313	0x10056d40
g_hash_table_foreach_remove	314	0x10056e90
g_hash_table_foreach_steal	315	0x10056e00
g_hash_table_get_keys	316	0x10056b90
g_hash_table_get_values	317	0x10056af0
g_hash_table_insert	318	0x10056ad0
g_hash_table_iter_get_hash_table	319	0x10057320
g_hash_table_iter_init	320	0x100574a0
g_hash_table_iter_next	321	0x10057360
g_hash_table_iter_remove	322	0x100575e0
g_hash_table_iter_steal	323	0x100575c0
g_hash_table_lookup	324	0x100564c0
g_hash_table_lookup_extended	325	0x10057000
g_hash_table_new	326	0x100565e0
g_hash_table_new_full	327	0x10056540
g_hash_table_ref	328	0x10057160
g_hash_table_remove	329	0x10056a90
g_hash_table_remove_all	330	0x10056f90
g_hash_table_replace	331	0x10056ab0
g_hash_table_size	332	0x10056c30
g_hash_table_steal	333	0x10056a70
g_hash_table_steal_all	334	0x10056f20
g_hash_table_unref	335	0x100570a0
g_hook_alloc	336	0x10055220
g_hook_compare_ids	337	0x10054aa0
g_hook_destroy	338	0x10056060
g_hook_destroy_link	339	0x100555b0
g_hook_find	340	0x10055920
g_hook_find_data	341	0x10054ca0
g_hook_find_func	342	0x10054be0
g_hook_find_func_data	343	0x10054b10
g_hook_first_valid	344	0x10055b10
g_hook_free	345	0x100550c0
g_hook_get	346	0x10054d20
g_hook_insert_before	347	0x10054dc0
g_hook_insert_sorted	348	0x10055700
g_hook_list_clear	349	0x10055650
g_hook_list_init	350	0x10055300
g_hook_list_invoke	351	0x10055f60
g_hook_list_invoke_check	352	0x10055e40
g_hook_list_marshal	353	0x10055bc0
g_hook_list_marshal_check	354	0x10055cf0
g_hook_next_valid	355	0x10055a40
g_hook_prepend	356	0x10054fb0
g_hook_ref	357	0x10055000
g_hook_unref	358	0x100553d0
g_hostname_is_ascii_encoded	359	0x10054220
g_hostname_is_ip_address	360	0x100539e0
g_hostname_is_non_ascii	361	0x10053ed0
g_hostname_to_ascii	362	0x10054920
g_hostname_to_unicode	363	0x10054810
g_iconv	364	0x10061a00
g_iconv_close	365	0x100619e0
g_iconv_open	366	0x10062cd0
g_idle_add	367	0x10045160
g_idle_add_full	368	0x10044970
g_idle_funcs	369	0x100e6bfc
g_idle_remove_by_data	370	0x10045140
g_idle_source_new	371	0x10042130
g_int64_equal	372	0x1000c8a0
g_int64_hash	373	0x1000c890
g_int_equal	374	0x1000c900
g_int_hash	375	0x1000c8f0
g_intern_static_string	376	0x1005edb0
g_intern_string	377	0x1005ee60
g_io_add_watch	378	0x100539b0
g_io_add_watch_full	379	0x10053910
g_io_channel_close	380	0x10051440
g_io_channel_error_from_errno	381	0x100500e0
g_io_channel_error_quark	382	0x1004fa40
g_io_channel_flush	383	0x1004fbf0
g_io_channel_get_buffer_condition	384	0x1004f910
g_io_channel_get_buffer_size	385	0x10050040
g_io_channel_get_buffered	386	0x1004faa0
g_io_channel_get_close_on_unref	387	0x1004fd40
g_io_channel_get_encoding	388	0x1004fa60
g_io_channel_get_flags	389	0x1004fde0
g_io_channel_get_line_term	390	0x1004ff10
g_io_channel_init	391	0x1004f990
g_io_channel_new_file	392	0x1004e7a0
g_io_channel_new_file_utf8	393	0x1004e1f0
g_io_channel_read	394	0x100516f0
g_io_channel_read_chars	395	0x10052630
g_io_channel_read_line	396	0x10053590
g_io_channel_read_line_string	397	0x100533b0
g_io_channel_read_to_end	398	0x10052bc0
g_io_channel_read_unichar	399	0x10052390
g_io_channel_ref	400	0x10050330
g_io_channel_seek	401	0x10051510
g_io_channel_seek_position	402	0x10050e20
g_io_channel_set_buffer_size	403	0x10050080
g_io_channel_set_buffered	404	0x1004faf0
g_io_channel_set_close_on_unref	405	0x1004fd90
g_io_channel_set_encoding	406	0x100509f0
g_io_channel_set_flags	407	0x1004fe80
g_io_channel_set_line_term	408	0x1004ff60
g_io_channel_shutdown	409	0x10051280
g_io_channel_unix_get_fd	410	0x1004bd90
g_io_channel_unix_new	411	0x1004dfa0
g_io_channel_unref	412	0x10051820
g_io_channel_win32_get_fd	413	0x1004bb00
g_io_channel_win32_make_pollfd	414	0x1004f6e0
g_io_channel_win32_new_fd	415	0x1004e060
g_io_channel_win32_new_messages	416	0x1004c670
g_io_channel_win32_new_socket	417	0x1004c500
g_io_channel_win32_new_stream_socket	418	0x1004d5f0
g_io_channel_win32_poll	419	0x1004ed50
g_io_channel_win32_set_debug	420	0x1004bae0
g_io_channel_write	421	0x10051620
g_io_channel_write_chars	422	0x10051960
g_io_channel_write_unichar	423	0x10053770
g_io_create_watch	424	0x10050210
g_io_watch_funcs	425	0x100ec9a8
g_key_file_error_quark	426	0x10046b10
g_key_file_free	427	0x1004b2b0
g_key_file_get_boolean	428	0x10049050
g_key_file_get_boolean_list	429	0x1004a6f0
g_key_file_get_comment	430	0x1004aea0
g_key_file_get_double	431	0x10048a20
g_key_file_get_double_list	432	0x1004a390
g_key_file_get_groups	433	0x100478e0
g_key_file_get_integer	434	0x10048d40
g_key_file_get_integer_list	435	0x1004a540
g_key_file_get_keys	436	0x10047ac0
g_key_file_get_locale_string	437	0x1004a8a0
g_key_file_get_locale_string_list	438	0x1004af30
g_key_file_get_start_group	439	0x10047a60
g_key_file_get_string	440	0x10049930
g_key_file_get_string_list	441	0x100495f0
g_key_file_get_value	442	0x10047770
g_key_file_has_group	443	0x10047540
g_key_file_has_key	444	0x10047410
g_key_file_load_from_data	445	0x1004b310
g_key_file_load_from_data_dirs	446	0x1004b980
g_key_file_load_from_dirs	447	0x1004b6c0
g_key_file_load_from_file	448	0x1004b860
g_key_file_new	449	0x1004b690
g_key_file_remove_comment	450	0x1004a0b0
g_key_file_remove_group	451	0x1004add0
g_key_file_remove_key	452	0x10047100
g_key_file_set_boolean	453	0x10048fe0
g_key_file_set_boolean_list	454	0x10048ec0
g_key_file_set_comment	455	0x1004a2b0
g_key_file_set_double	456	0x100489a0
g_key_file_set_double_list	457	0x10048880
g_key_file_set_integer	458	0x10048cd0
g_key_file_set_integer_list	459	0x10048bb0
g_key_file_set_list_separator	460	0x10047e90
g_key_file_set_locale_string	461	0x10049380
g_key_file_set_locale_string_list	462	0x100491d0
g_key_file_set_string	463	0x10049880
g_key_file_set_string_list	464	0x100494c0
g_key_file_set_value	465	0x100475d0
g_key_file_to_data	466	0x10047c60
g_list_alloc	467	0x10045f80
g_list_append	468	0x10045e40
g_list_concat	469	0x10045a10
g_list_copy	470	0x10045da0
g_list_delete_link	471	0x10045bf0
g_list_find	472	0x10045880
g_list_find_custom	473	0x100460d0
g_list_first	474	0x100457a0
g_list_foreach	475	0x10045740
g_list_free	476	0x10045d70
g_list_free_1	477	0x10045d50
g_list_index	478	0x10045800
g_list_insert	479	0x10045eb0
g_list_insert_before	480	0x10046140
g_list_insert_sorted	481	0x100462b0
g_list_insert_sorted_with_data	482	0x10046290
g_list_last	483	0x100457d0
g_list_length	484	0x10045770
g_list_nth	485	0x10045930
g_list_nth_data	486	0x100458b0
g_list_nth_prev	487	0x10045900
g_list_pop_allocator	488	0x10045ac0
g_list_position	489	0x10045840
g_list_prepend	490	0x10045a50
g_list_push_allocator	491	0x10045ad0
g_list_remove	492	0x10045cc0
g_list_remove_all	493	0x10045c30
g_list_remove_link	494	0x10045b90
g_list_reverse	495	0x10045960
g_list_sort	496	0x10045bd0
g_list_sort_with_data	497	0x10045bb0
g_listenv	498	0x1000d380
g_locale_from_utf8	499	0x10064010
g_locale_to_utf8	500	0x10063180
g_log	501	0x1003b160
g_log_default_handler	502	0x1003b660
g_log_remove_handler	503	0x1003b190
g_log_set_always_fatal	504	0x10039f50
g_log_set_default_handler	505	0x10039ef0
g_log_set_fatal_mask	506	0x1003a660
g_log_set_handler	507	0x1003b2d0
g_logv	508	0x1003ad00
g_lstat	509	0x10025440
g_main_context_acquire	510	0x100442a0
g_main_context_add_poll	511	0x100439a0
g_main_context_check	512	0x10042fe0
g_main_context_default	513	0x100434b0
g_main_context_dispatch	514	0x10042f50
g_main_context_find_source_by_funcs_user_data	515	0x10044490
g_main_context_find_source_by_id	516	0x100445c0
g_main_context_find_source_by_user_data	517	0x100443a0
g_main_context_get_poll_func	518	0x100436e0
g_main_context_get_thread_default	519	0x10042c40
g_main_context_is_owner	520	0x10043570
g_main_context_iteration	521	0x10045530
g_main_context_new	522	0x10043310
g_main_context_pending	523	0x100455e0
g_main_context_pop_thread_default	524	0x10044850
g_main_context_prepare	525	0x10043b10
g_main_context_push_thread_default	526	0x10045080
g_main_context_query	527	0x100408b0
g_main_context_ref	528	0x100420a0
g_main_context_release	529	0x10044130
g_main_context_remove_poll	530	0x10043890
g_main_context_set_poll_func	531	0x100437b0
g_main_context_unref	532	0x10042cc0
g_main_context_wait	533	0x10043f00
g_main_context_wakeup	534	0x10043610
g_main_current_source	535	0x10040ad0
g_main_depth	536	0x10040b10
g_main_loop_get_context	537	0x10040d30
g_main_loop_is_running	538	0x10040db0
g_main_loop_new	539	0x10043ab0
g_main_loop_quit	540	0x10040e30
g_main_loop_ref	541	0x10040f60
g_main_loop_run	542	0x10045210
g_main_loop_unref	543	0x10042eb0
g_malloc	544	0x1003bdd0
g_malloc0	545	0x1003bd70
g_mapped_file_free	546	0x10090920
g_mapped_file_get_contents	547	0x10090940
g_mapped_file_get_length	548	0x10090980
g_mapped_file_new	549	0x100909c0
g_mapped_file_ref	550	0x10090890
g_mapped_file_unref	551	0x100907d0
g_markup_collect_attributes	552	0x1003d460
g_markup_error_quark	553	0x1003d0a0
g_markup_escape_text	554	0x1003dbb0
g_markup_parse_context_end_parse	555	0x1003e460
g_markup_parse_context_free	556	0x1003dd80
g_markup_parse_context_get_element	557	0x1003dce0
g_markup_parse_context_get_element_stack	558	0x1003dca0
g_markup_parse_context_get_position	559	0x1003dc40
g_markup_parse_context_get_user_data	560	0x1003cad0
g_markup_parse_context_new	561	0x1003df40
g_markup_parse_context_parse	562	0x1003f200
g_markup_parse_context_pop	563	0x1003d360
g_markup_parse_context_push	564	0x1003d3e0
g_markup_printf_escaped	565	0x1003e430
g_markup_vprintf_escaped	566	0x1003e0b0
g_match_info_expand_references	567	0x100335d0
g_match_info_fetch	568	0x100319b0
g_match_info_fetch_all	569	0x10032d70
g_match_info_fetch_named	570	0x10032ed0
g_match_info_fetch_named_pos	571	0x10032e20
g_match_info_fetch_pos	572	0x100318f0
g_match_info_free	573	0x10031b90
g_match_info_get_match_count	574	0x10031ae0
g_match_info_get_regex	575	0x10031c20
g_match_info_get_string	576	0x10031be0
g_match_info_is_partial_match	577	0x10031a90
g_match_info_matches	578	0x10031b40
g_match_info_next	579	0x10032f70
g_mem_chunk_alloc	580	0x1003c360
g_mem_chunk_alloc0	581	0x1003c310
g_mem_chunk_clean	582	0x1003b8f0
g_mem_chunk_destroy	583	0x1003c3b0
g_mem_chunk_free	584	0x1003c2c0
g_mem_chunk_info	585	0x1003b8c0
g_mem_chunk_new	586	0x1003c410
g_mem_chunk_print	587	0x1003b8d0
g_mem_chunk_reset	588	0x1003b8e0
g_mem_gc_friendly	589	0x100fe78c
g_mem_is_system_malloc	590	0x1003b900
g_mem_profile	591	0x1003c070
g_mem_set_vtable	592	0x1003c5f0
g_memdup	593	0x10021810
g_mkdir	594	0x10024eb0
g_mkdir_with_parents	595	0x10058bc0
g_mkstemp	596	0x10058150
g_mkstemp_full	597	0x100582f0
g_mkstemp_utf8	598	0x100584f0
g_node_child_index	599	0x10038dd0
g_node_child_position	600	0x10038e50
g_node_children_foreach	601	0x10038c10
g_node_copy	602	0x10039bd0
g_node_copy_deep	603	0x10039c40
g_node_depth	604	0x10038ae0
g_node_destroy	605	0x10039910
g_node_find	606	0x10039980
g_node_find_child	607	0x10038f40
g_node_first_sibling	608	0x10038d60
g_node_get_root	609	0x10039500
g_node_insert	610	0x10039ab0
g_node_insert_after	611	0x10039550
g_node_insert_before	612	0x100396c0
g_node_is_ancestor	613	0x10039470
g_node_last_child	614	0x100390e0
g_node_last_sibling	615	0x10038d10
g_node_max_height	616	0x10038a80
g_node_n_children	617	0x10039000
g_node_n_nodes	618	0x10039140
g_node_new	619	0x10038bf0
g_node_nth_child	620	0x10039070
g_node_pop_allocator	621	0x10038b10
g_node_prepend	622	0x10039a60
g_node_push_allocator	623	0x10038b20
g_node_reverse_children	624	0x100393f0
g_node_traverse	625	0x100391d0
g_node_unlink	626	0x10039870
g_nullify_pointer	627	0x1000df40
g_on_error_query	628	0x10073b40
g_on_error_stack_trace	629	0x10073b20
g_once_impl	630	0x1001a5b0
g_once_init_enter	631	0x1001a750
g_once_init_enter_impl	632	0x1001a690
g_once_init_leave	633	0x1001ab00
g_open	634	0x100251d0
g_option_context_add_group	635	0x10035870
g_option_context_add_main_entries	636	0x10036170
g_option_context_free	637	0x10035b60
g_option_context_get_description	638	0x10035230
g_option_context_get_help	639	0x10036790
g_option_context_get_help_enabled	640	0x10035ac0
g_option_context_get_ignore_unknown_options	641	0x10035a20
g_option_context_get_main_group	642	0x100357a0
g_option_context_get_summary	643	0x100352d0
g_option_context_new	644	0x10034ee0
g_option_context_parse	645	0x10037ae0
g_option_context_set_description	646	0x10035270
g_option_context_set_help_enabled	647	0x10035b10
g_option_context_set_ignore_unknown_options	648	0x10035a70
g_option_context_set_main_group	649	0x100357e0
g_option_context_set_summary	650	0x10035310
g_option_context_set_translate_func	651	0x10035370
g_option_context_set_translation_domain	652	0x10035d80
g_option_error_quark	653	0x10034fe0
g_option_group_add_entries	654	0x100354e0
g_option_group_free	655	0x10035620
g_option_group_new	656	0x10034dc0
g_option_group_set_error_hook	657	0x10035450
g_option_group_set_parse_hooks	658	0x10035490
g_option_group_set_translate_func	659	0x100353e0
g_option_group_set_translation_domain	660	0x10035de0
g_parse_debug_string	661	0x1000cd20
g_path_get_basename	662	0x1000d030
g_path_get_dirname	663	0x1000e760
g_path_is_absolute	664	0x1000ec30
g_path_skip_root	665	0x1000ea50
g_pattern_match	666	0x10034830
g_pattern_match_simple	667	0x10034a80
g_pattern_match_string	668	0x10034b30
g_pattern_spec_equal	669	0x10034330
g_pattern_spec_free	670	0x100343f0
g_pattern_spec_new	671	0x10034450
g_poll	672	0x10092f60
g_prefix_error	673	0x10059550
g_print	674	0x1003abd0
g_printerr	675	0x1003aaa0
g_printf	676	0x1008ed90
g_printf_string_upper_bound	677	0x1003a520
g_propagate_error	678	0x10059620
g_propagate_prefixed_error	679	0x100596a0
g_ptr_array_add	680	0x10075420
g_ptr_array_foreach	681	0x10075350
g_ptr_array_free	682	0x10075930
g_ptr_array_new	683	0x10075310
g_ptr_array_new_with_free_func	684	0x10075320
g_ptr_array_ref	685	0x10075a80
g_ptr_array_remove	686	0x10076370
g_ptr_array_remove_fast	687	0x100762e0
g_ptr_array_remove_index	688	0x10075730
g_ptr_array_remove_index_fast	689	0x10075620
g_ptr_array_remove_range	690	0x10075490
g_ptr_array_set_free_func	691	0x10074c10
g_ptr_array_set_size	692	0x10075860
g_ptr_array_sized_new	693	0x100752b0
g_ptr_array_sort	694	0x100753c0
g_ptr_array_sort_with_data	695	0x10076280
g_ptr_array_unref	696	0x10075a10
g_qsort_with_data	697	0x100923e0
g_quark_from_static_string	698	0x1005ec70
g_quark_from_string	699	0x1005ed10
g_quark_to_string	700	0x1005ea20
g_quark_try_string	701	0x1005f390
g_queue_clear	702	0x10090690
g_queue_copy	703	0x10090040
g_queue_delete_link	704	0x10090400
g_queue_find	705	0x1008ff50
g_queue_find_custom	706	0x1008fec0
g_queue_foreach	707	0x1008ffa0
g_queue_free	708	0x10090200
g_queue_get_length	709	0x10090120
g_queue_index	710	0x1008f3f0
g_queue_init	711	0x100901b0
g_queue_insert_after	712	0x10090300
g_queue_insert_before	713	0x1008f350
g_queue_insert_sorted	714	0x10090260
g_queue_is_empty	715	0x10090160
g_queue_link_index	716	0x1008f5b0
g_queue_new	717	0x1008f340
g_queue_peek_head	718	0x1008f4a0
g_queue_peek_head_link	719	0x1008f8d0
g_queue_peek_nth	720	0x100903a0
g_queue_peek_nth_link	721	0x1008f600
g_queue_peek_tail	722	0x1008f440
g_queue_peek_tail_link	723	0x1008f890
g_queue_pop_head	724	0x1008f9b0
g_queue_pop_head_link	725	0x1008f910
g_queue_pop_nth	726	0x10090490
g_queue_pop_nth_link	727	0x1008f6d0
g_queue_pop_tail	728	0x1008f7e0
g_queue_pop_tail_link	729	0x1008f740
g_queue_push_head	730	0x1008fdb0
g_queue_push_head_link	731	0x1008fc10
g_queue_push_nth	732	0x1008fd30
g_queue_push_nth_link	733	0x10090510
g_queue_push_tail	734	0x1008fb80
g_queue_push_tail_link	735	0x1008fa60
g_queue_remove	736	0x10090760
g_queue_remove_all	737	0x100906e0
g_queue_reverse	738	0x100900c0
g_queue_sort	739	0x1008fe20
g_queue_unlink	740	0x1008f500
g_rand_copy	741	0x10091880
g_rand_double	742	0x100919f0
g_rand_double_range	743	0x10091cc0
g_rand_free	744	0x100918f0
g_rand_int	745	0x100916a0
g_rand_int_range	746	0x10091ce0
g_rand_new	747	0x100920c0
g_rand_new_with_seed	748	0x10091bd0
g_rand_new_with_seed_array	749	0x10092090
g_rand_set_seed	750	0x10091a60
g_rand_set_seed_array	751	0x10091ea0
g_random_double	752	0x100921d0
g_random_double_range	753	0x10092110
g_random_int	754	0x10092330
g_random_int_range	755	0x10092280
g_random_set_seed	756	0x10091c10
g_realloc	757	0x1003bd00
g_regex_check_replacement	758	0x100331e0
g_regex_error_quark	759	0x10030d20
g_regex_escape_string	760	0x10030d50
g_regex_get_capture_count	761	0x10030b60
g_regex_get_max_backref	762	0x10030b90
g_regex_get_pattern	763	0x100317c0
g_regex_get_string_number	764	0x10031720
g_regex_match	765	0x10033540
g_regex_match_all	766	0x10032970
g_regex_match_all_full	767	0x100326b0
g_regex_match_full	768	0x100333c0
g_regex_match_simple	769	0x10033570
g_regex_new	770	0x100329a0
g_regex_ref	771	0x100318a0
g_regex_replace	772	0x100339f0
g_regex_replace_eval	773	0x10033710
g_regex_replace_literal	774	0x10033950
g_regex_split	775	0x100340b0
g_regex_split_full	776	0x10033bf0
g_regex_split_simple	777	0x100340e0
g_regex_unref	778	0x10031800
g_relation_count	779	0x100303b0
g_relation_delete	780	0x10030710
g_relation_destroy	781	0x10030a60
g_relation_exists	782	0x100301c0
g_relation_index	783	0x100305a0
g_relation_insert	784	0x10030800
g_relation_new	785	0x10030960
g_relation_print	786	0x100309c0
g_relation_select	787	0x10030460
g_reload_user_special_dirs_cache	788	0x1000dab0
g_remove	789	0x10024d40
g_rename	790	0x10024f20
g_return_if_fail_warning	791	0x1003b620
g_rmdir	792	0x10024cd0
g_scanner_cur_line	793	0x1002d200
g_scanner_cur_position	794	0x1002d1c0
g_scanner_cur_token	795	0x1002d2b0
g_scanner_cur_value	796	0x1002d240
g_scanner_destroy	797	0x1002eae0
g_scanner_eof	798	0x1002d150
g_scanner_error	799	0x1002d810
g_scanner_get_next_token	800	0x1002fe00
g_scanner_input_file	801	0x1002d050
g_scanner_input_text	802	0x1002cf40
g_scanner_lookup_symbol	803	0x1002d420
g_scanner_new	804	0x1002d990
g_scanner_peek_next_token	805	0x1002fed0
g_scanner_scope_add_symbol	806	0x1002d590
g_scanner_scope_foreach_symbol	807	0x1002d2f0
g_scanner_scope_lookup_symbol	808	0x1002d3b0
g_scanner_scope_remove_symbol	809	0x1002d4d0
g_scanner_set_scope	810	0x1002d360
g_scanner_sync_file_offset	811	0x1002cea0
g_scanner_unexp_token	812	0x1002deb0
g_scanner_warn	813	0x1002d750
g_sequence_append	814	0x1002bd70
g_sequence_foreach	815	0x1002bde0
g_sequence_foreach_range	816	0x1002bac0
g_sequence_free	817	0x1002be30
g_sequence_get	818	0x1002b8b0
g_sequence_get_begin_iter	819	0x1002b770
g_sequence_get_end_iter	820	0x1002b7c0
g_sequence_get_iter_at_pos	821	0x1002b710
g_sequence_get_length	822	0x1002ac70
g_sequence_insert_before	823	0x1002c480
g_sequence_insert_sorted	824	0x1002c320
g_sequence_insert_sorted_iter	825	0x1002bf70
g_sequence_iter_compare	826	0x1002c4f0
g_sequence_iter_get_position	827	0x1002b550
g_sequence_iter_get_sequence	828	0x1002b930
g_sequence_iter_is_begin	829	0x1002b5a0
g_sequence_iter_is_end	830	0x1002b5f0
g_sequence_iter_move	831	0x1002b430
g_sequence_iter_next	832	0x1002b500
g_sequence_iter_prev	833	0x1002b4b0
g_sequence_move	834	0x1002b640
g_sequence_move_range	835	0x1002c610
g_sequence_new	836	0x1002b360
g_sequence_prepend	837	0x1002bcf0
g_sequence_range_get_midpoint	838	0x1002b980
g_sequence_remove	839	0x1002c3d0
g_sequence_remove_range	840	0x1002c820
g_sequence_search	841	0x1002c210
g_sequence_search_iter	842	0x1002beb0
g_sequence_set	843	0x1002b800
g_sequence_sort	844	0x1002c9f0
g_sequence_sort_changed	845	0x1002c290
g_sequence_sort_changed_iter	846	0x1002c060
g_sequence_sort_iter	847	0x1002c8a0
g_sequence_swap	848	0x1002bbf0
g_set_application_name	849	0x1000e360
g_set_error	850	0x10059730
g_set_error_literal	851	0x10059490
g_set_prgname	852	0x1000dbe0
g_set_print_handler	853	0x10039d30
g_set_printerr_handler	854	0x10039ce0
g_setenv	855	0x1000ee30
g_setenv_utf8	856	0x1000e570
g_shell_error_quark	857	0x1008df50
g_shell_parse_argv	858	0x1008e8e0
g_shell_quote	859	0x1008e2d0
g_shell_unquote	860	0x1008e730
g_slice_alloc	861	0x1002a430
g_slice_alloc0	862	0x1002a580
g_slice_copy	863	0x1002a540
g_slice_free1	864	0x100299b0
g_slice_free_chain_with_offset	865	0x100297a0
g_slice_get_config	866	0x10028720
g_slice_get_config_state	867	0x1002a5c0
g_slice_set_config	868	0x1002a6f0
g_slist_alloc	869	0x10028020
g_slist_append	870	0x10027ef0
g_slist_concat	871	0x10027b70
g_slist_copy	872	0x10027e70
g_slist_delete_link	873	0x10027d00
g_slist_find	874	0x10027a10
g_slist_find_custom	875	0x10028160
g_slist_foreach	876	0x10027900
g_slist_free	877	0x10027d60
g_slist_free_1	878	0x10027d40
g_slist_index	879	0x10027990
g_slist_insert	880	0x10027f50
g_slist_insert_before	881	0x100281d0
g_slist_insert_sorted	882	0x100282f0
g_slist_insert_sorted_with_data	883	0x100282d0
g_slist_last	884	0x10027960
g_slist_length	885	0x10027930
g_slist_nth	886	0x10027a90
g_slist_nth_data	887	0x10027a40
g_slist_pop_allocator	888	0x10027bd0
g_slist_position	889	0x100279d0
g_slist_prepend	890	0x10027ba0
g_slist_push_allocator	891	0x10027be0
g_slist_remove	892	0x10027e00
g_slist_remove_all	893	0x10027d90
g_slist_remove_link	894	0x10027ca0
g_slist_reverse	895	0x10027ac0
g_slist_sort	896	0x10027ce0
g_slist_sort_with_data	897	0x10027cc0
g_snprintf	898	0x1008eba0
g_source_add_poll	899	0x10041ac0
g_source_attach	900	0x100446c0
g_source_destroy	901	0x10042bd0
g_source_get_can_recurse	902	0x10041450
g_source_get_context	903	0x10041c40
g_source_get_current_time	904	0x10040c40
g_source_get_id	905	0x10041c90
g_source_get_priority	906	0x10041590
g_source_is_destroyed	907	0x10040380
g_source_new	908	0x10041f40
g_source_ref	909	0x10041370
g_source_remove	910	0x10045010
g_source_remove_by_funcs_user_data	911	0x10044f60
g_source_remove_by_user_data	912	0x10044fd0
g_source_remove_poll	913	0x10041950
g_source_set_callback	914	0x10042b50
g_source_set_callback_indirect	915	0x10041810
g_source_set_can_recurse	916	0x100414a0
g_source_set_funcs	917	0x10041730
g_source_set_priority	918	0x100415d0
g_source_unref	919	0x10042b00
g_spaced_primes_closest	920	0x10034140
g_spawn_async	921	0x10026f50
g_spawn_async_utf8	922	0x10026d80
g_spawn_async_with_pipes	923	0x10026df0
g_spawn_async_with_pipes_utf8	924	0x10026c50
g_spawn_close_pid	925	0x10025460
g_spawn_command_line_async	926	0x10027620
g_spawn_command_line_async_utf8	927	0x10026f90
g_spawn_command_line_sync	928	0x100277d0
g_spawn_command_line_sync_utf8	929	0x10027730
g_spawn_error_quark	930	0x10025890
g_spawn_sync	931	0x100276b0
g_spawn_sync_utf8	932	0x10027020
g_sprintf	933	0x1008ed10
g_stat	934	0x10025350
g_static_mutex_free	935	0x1001c310
g_static_mutex_get_mutex_impl	936	0x1001ac10
g_static_mutex_init	937	0x1001c380
g_static_private_free	938	0x1001ae00
g_static_private_get	939	0x1001a8f0
g_static_private_init	940	0x1001a5a0
g_static_private_set	941	0x1001a950
g_static_rec_mutex_free	942	0x1001c470
g_static_rec_mutex_init	943	0x1001c2b0
g_static_rec_mutex_lock	944	0x1001c1a0
g_static_rec_mutex_lock_full	945	0x1001bec0
g_static_rec_mutex_trylock	946	0x1001c070
g_static_rec_mutex_unlock	947	0x1001bfd0
g_static_rec_mutex_unlock_full	948	0x1001be10
g_static_rw_lock_free	949	0x1001c3d0
g_static_rw_lock_init	950	0x1001b730
g_static_rw_lock_reader_lock	951	0x1001b620
g_static_rw_lock_reader_trylock	952	0x1001b520
g_static_rw_lock_reader_unlock	953	0x1001b440
g_static_rw_lock_writer_lock	954	0x1001b330
g_static_rw_lock_writer_trylock	955	0x1001b240
g_static_rw_lock_writer_unlock	956	0x1001b170
g_stpcpy	957	0x10021520
g_str_equal	958	0x1001fa90
g_str_has_prefix	959	0x10022050
g_str_has_suffix	960	0x10022110
g_str_hash	961	0x1001fa30
g_strcanon	962	0x10023190
g_strcasecmp	963	0x10023430
g_strchomp	964	0x10022a00
g_strchug	965	0x10022a90
g_strcmp0	966	0x1001c730
g_strcompress	967	0x10022f60
g_strconcat	968	0x10021690
g_strdelimit	969	0x10023240
g_strdown	970	0x100237f0
g_strdup	971	0x10021850
g_strdup_printf	972	0x10021ad0
g_strdup_vprintf	973	0x10021aa0
g_strdupv	974	0x10021a00
g_strerror	975	0x10021ef0
g_strescape	976	0x10022b30
g_strfreev	977	0x10021640
g_string_append	978	0x10020260
g_string_append_c	979	0x10020b90
g_string_append_len	980	0x100201d0
g_string_append_printf	981	0x10020350
g_string_append_unichar	982	0x10020b40
g_string_append_uri_escaped	983	0x10020be0
g_string_append_vprintf	984	0x100200f0
g_string_ascii_down	985	0x10020610
g_string_ascii_up	986	0x10020590
g_string_assign	987	0x10020e70
g_string_chunk_clear	988	0x10021070
g_string_chunk_free	989	0x10021250
g_string_chunk_insert	990	0x10021020
g_string_chunk_insert_const	991	0x100211a0
g_string_chunk_insert_len	992	0x10020f10
g_string_chunk_new	993	0x1001fb10
g_string_down	994	0x100204f0
g_string_equal	995	0x1001f970
g_string_erase	996	0x1001f710
g_string_free	997	0x100203d0
g_string_hash	998	0x1001f910
g_string_insert	999	0x100208c0
g_string_insert_c	1000	0x1001fcb0
g_string_insert_len	1001	0x1001fdb0
g_string_insert_unichar	1002	0x100206f0
g_string_new	1003	0x100202e0
g_string_new_len	1004	0x10020380
g_string_overwrite	1005	0x10020690
g_string_overwrite_len	1006	0x1001fb70
g_string_prepend	1007	0x10020ac0
g_string_prepend_c	1008	0x100209e0
g_string_prepend_len	1009	0x10020a30
g_string_prepend_unichar	1010	0x10020990
g_string_printf	1011	0x10021130
g_string_set_size	1012	0x10020d70
g_string_sized_new	1013	0x10020020
g_string_truncate	1014	0x10020df0
g_string_up	1015	0x10020450
g_string_vprintf	1016	0x10021170
g_strip_context	1017	0x10021300
g_strjoin	1018	0x100218b0
g_strjoinv	1019	0x10022410
g_strlcat	1020	0x100239c0
g_strlcpy	1021	0x10023ae0
g_strncasecmp	1022	0x100232d0
g_strndup	1023	0x100217c0
g_strnfill	1024	0x10021780
g_strreverse	1025	0x100236c0
g_strrstr	1026	0x100221d0
g_strrstr_len	1027	0x10024870
g_strsignal	1028	0x10021b00
g_strsplit	1029	0x10022800
g_strsplit_set	1030	0x10022560
g_strstr_len	1031	0x100222e0
g_strtod	1032	0x100247a0
g_strup	1033	0x10023760
g_strv_length	1034	0x10021ff0
g_test_add_data_func	1035	0x1001e250
g_test_add_func	1036	0x1001e310
g_test_add_vtable	1037	0x1001dec0
g_test_bug	1038	0x1001dc10
g_test_bug_base	1039	0x1001ca90
g_test_config_vars	1040	0x100bf5f4
g_test_create_case	1041	0x1001da80
g_test_create_suite	1042	0x1001d9a0
g_test_get_root	1043	0x1001dbc0
g_test_init	1044	0x1001f290
g_test_log_buffer_free	1045	0x1001cdd0
g_test_log_buffer_new	1046	0x1001cac0
g_test_log_buffer_pop	1047	0x1001cd40
g_test_log_buffer_push	1048	0x1001cb50
g_test_log_msg_free	1049	0x1001c870
g_test_log_set_fatal_handler	1050	0x10039ea0
g_test_log_type_name	1051	0x1001c780
g_test_maximized_result	1052	0x1001d520
g_test_message	1053	0x1001d4d0
g_test_minimized_result	1054	0x1001d580
g_test_queue_destroy	1055	0x1001d810
g_test_queue_free	1056	0x1001d880
g_test_rand_double	1057	0x1001e3d0
g_test_rand_double_range	1058	0x1001ead0
g_test_rand_int	1059	0x1001e080
g_test_rand_int_range	1060	0x1001eb00
g_test_run	1061	0x1001f6f0
g_test_run_suite	1062	0x1001f500
g_test_suite_add	1063	0x1001d920
g_test_suite_add_suite	1064	0x1001d8a0
g_test_timer_elapsed	1065	0x1001dd20
g_test_timer_last	1066	0x1001c770
g_test_timer_start	1067	0x1001dd60
g_test_trap_assertions	1068	0x1001c6e0
g_test_trap_fork	1069	0x1001d7f0
g_test_trap_has_passed	1070	0x1001c710
g_test_trap_reached_timeout	1071	0x1001c6f0
g_thread_create_full	1072	0x1001bab0
g_thread_error_quark	1073	0x1001aae0
g_thread_exit	1074	0x1001a8c0
g_thread_foreach	1075	0x1001afb0
g_thread_functions_for_glib_use	1076	0x100d5de0
g_thread_get_initialized	1077	0x1001a4e0
g_thread_gettime	1078	0x100d5dbc
g_thread_init_glib	1079	0x1001c4c0
g_thread_join	1080	0x1001b8c0
g_thread_pool_free	1081	0x10019c10
g_thread_pool_get_max_idle_time	1082	0x100193b0
g_thread_pool_get_max_threads	1083	0x10019530
g_thread_pool_get_max_unused_threads	1084	0x100193d0
g_thread_pool_get_num_threads	1085	0x10019480
g_thread_pool_get_num_unused_threads	1086	0x100193c0
g_thread_pool_new	1087	0x1001a280
g_thread_pool_push	1088	0x1001a1b0
g_thread_pool_set_max_idle_time	1089	0x100195e0
g_thread_pool_set_max_threads	1090	0x1001a020
g_thread_pool_set_max_unused_threads	1091	0x10019720
g_thread_pool_set_sort_function	1092	0x10019650
g_thread_pool_stop_unused_threads	1093	0x100198b0
g_thread_pool_unprocessed	1094	0x100193e0
g_thread_self	1095	0x1001a770
g_thread_set_priority	1096	0x1001b780
g_thread_use_default_impl	1097	0x100d5dc0
g_threads_got_initialized	1098	0x100fe8c0
g_time_val_add	1099	0x10018ff0
g_time_val_from_iso8601	1100	0x10018bd0
g_time_val_to_iso8601	1101	0x10018ac0
g_timeout_add	1102	0x100451f0
g_timeout_add_full	1103	0x10044b50
g_timeout_add_seconds	1104	0x100451a0
g_timeout_add_seconds_full	1105	0x10044ab0
g_timeout_funcs	1106	0x100e6bcc
g_timeout_source_new	1107	0x10042220
g_timeout_source_new_seconds	1108	0x100421c0
g_timer_continue	1109	0x100191b0
g_timer_destroy	1110	0x10019370
g_timer_elapsed	1111	0x10019100
g_timer_new	1112	0x10018a80
g_timer_reset	1113	0x10019270
g_timer_start	1114	0x10019320
g_timer_stop	1115	0x100192c0
g_trash_stack_height	1116	0x1000cbc0
g_trash_stack_peek	1117	0x1000cc00
g_trash_stack_pop	1118	0x1000cc20
g_trash_stack_push	1119	0x1000cc50
g_tree_destroy	1120	0x100188b0
g_tree_foreach	1121	0x10017760
g_tree_height	1122	0x10017580
g_tree_insert	1123	0x10018590
g_tree_lookup	1124	0x10017870
g_tree_lookup_extended	1125	0x100177f0
g_tree_new	1126	0x100187e0
g_tree_new_full	1127	0x10018700
g_tree_new_with_data	1128	0x10018790
g_tree_nnodes	1129	0x10017540
g_tree_ref	1130	0x100185e0
g_tree_remove	1131	0x10018080
g_tree_replace	1132	0x10018540
g_tree_search	1133	0x10017630
g_tree_steal	1134	0x10018020
g_tree_traverse	1135	0x10017690
g_tree_unref	1136	0x10018830
g_try_malloc	1137	0x1003bca0
g_try_malloc0	1138	0x1003beb0
g_try_realloc	1139	0x1003bc50
g_tuples_destroy	1140	0x1002ffd0
g_tuples_index	1141	0x10030320
g_ucs4_to_utf16	1142	0x100119e0
g_ucs4_to_utf8	1143	0x10011bc0
g_unichar_break_type	1144	0x10016e30
g_unichar_combining_class	1145	0x10015bb0
g_unichar_digit_value	1146	0x10012ca0
g_unichar_get_mirror_char	1147	0x10012720
g_unichar_get_script	1148	0x100142b0
g_unichar_isalnum	1149	0x100141a0
g_unichar_isalpha	1150	0x10014090
g_unichar_iscntrl	1151	0x10013f80
g_unichar_isdefined	1152	0x10013420
g_unichar_isdigit	1153	0x10013e70
g_unichar_isgraph	1154	0x10013d60
g_unichar_islower	1155	0x10013c50
g_unichar_ismark	1156	0x100137c0
g_unichar_isprint	1157	0x10013b40
g_unichar_ispunct	1158	0x10013a30
g_unichar_isspace	1159	0x100138d0
g_unichar_istitle	1160	0x10013670
g_unichar_isupper	1161	0x100136b0
g_unichar_iswide	1162	0x100144d0
g_unichar_iswide_cjk	1163	0x10014c50
g_unichar_isxdigit	1164	0x10013530
g_unichar_iszerowidth	1165	0x100132d0
g_unichar_to_utf8	1166	0x100109e0
g_unichar_tolower	1167	0x10012e40
g_unichar_totitle	1168	0x10014350
g_unichar_toupper	1169	0x10013070
g_unichar_type	1170	0x100129d0
g_unichar_validate	1171	0x100102e0
g_unichar_xdigit_value	1172	0x10012ad0
g_unicode_canonical_decomposition	1173	0x10016640
g_unicode_canonical_ordering	1174	0x10015730
g_unlink	1175	0x10024dd0
g_unsetenv	1176	0x1000edf0
g_unsetenv_utf8	1177	0x1000e420
g_uri_escape_string	1178	0x1008bed0
g_uri_list_extract_uris	1179	0x10062900
g_uri_parse_scheme	1180	0x1008be00
g_uri_unescape_segment	1181	0x1008bcd0
g_uri_unescape_string	1182	0x1008bde0
g_usleep	1183	0x10018a20
g_utf16_to_ucs4	1184	0x10012040
g_utf16_to_utf8	1185	0x100115f0
g_utf8_casefold	1186	0x10014dc0
g_utf8_collate	1187	0x10016a00
g_utf8_collate_key	1188	0x10016840
g_utf8_collate_key_for_filename	1189	0x10016b90
g_utf8_find_next_char	1190	0x10010dd0
g_utf8_find_prev_char	1191	0x10010e50
g_utf8_get_char	1192	0x10010c40
g_utf8_get_char_validated	1193	0x10010f00
g_utf8_normalize	1194	0x10016750
g_utf8_offset_to_pointer	1195	0x10010bb0
g_utf8_pointer_to_offset	1196	0x10010b40
g_utf8_prev_char	1197	0x10010da0
g_utf8_skip	1198	0x10095b3c
g_utf8_strchr	1199	0x100125e0
g_utf8_strdown	1200	0x10014d20
g_utf8_strlen	1201	0x100124e0
g_utf8_strncpy	1202	0x10010ad0
g_utf8_strrchr	1203	0x10012630
g_utf8_strreverse	1204	0x100110c0
g_utf8_strup	1205	0x10015420
g_utf8_to_ucs4	1206	0x10011d60
g_utf8_to_ucs4_fast	1207	0x100122d0
g_utf8_to_utf16	1208	0x10011330
g_utf8_validate	1209	0x10010e90
g_utime	1210	0x10024ae0
g_vasprintf	1211	0x1008eaa0
g_vfprintf	1212	0x1008ec70
g_vprintf	1213	0x1008ecc0
g_vsnprintf	1214	0x1008eb10
g_vsprintf	1215	0x1008ebe0
g_warn_message	1216	0x1003a550
g_win32_error_message	1217	0x1000c320
g_win32_ftruncate	1218	0x1000bfb0
g_win32_get_package_installation_directory	1219	0x1000c730
g_win32_get_package_installation_directory_of_module	1220	0x1000c240
g_win32_get_package_installation_directory_utf8	1221	0x1000c660
g_win32_get_package_installation_subdirectory	1222	0x1000c7e0
g_win32_get_package_installation_subdirectory_utf8	1223	0x1000c6e0
g_win32_get_system_data_dirs_for_module	1224	0x1000e0f0
g_win32_get_windows_version	1225	0x1000c6c0
g_win32_getlocale	1226	0x1000bfd0
g_win32_locale_filename_from_utf8	1227	0x1000c170
glib_binary_age	1228	0x10095b18
glib_check_version	1229	0x1000cb40
glib_gettext	1230	0x1000da40
glib_interface_age	1231	0x10095b14
glib_major_version	1232	0x10095b08
glib_mem_profiler_table	1233	0x100e4f98
glib_micro_version	1234	0x10095b10
glib_minor_version	1235	0x10095b0c
glib_on_error_halt	1236	0x100fc650

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	16:50:55
Start date:	29/10/2024
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\glib-2.0.dll"
Imagebase:	0xe30000
File size:	126'464 bytes
MD5 hash:	51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	16:50:55
Start date:	29/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	16:50:55
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\glib-2.0.dll",#1
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	16:50:55
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,_g_debug_flags
Imagebase:	0x690000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	16:50:55
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\glib-2.0.dll",#1
Imagebase:	0x690000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	16:50:58
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,_g_debug_initialized
Imagebase:	0x690000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	16:51:01
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\glib-2.0.dll,g_access
Imagebase:	0x690000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report glib-2.0.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exePID: 6568, Parent PID: 2580

General

Chronological Activities

Analysis Process: conhost.exePID: 6592, Parent PID: 6568

General

Chronological Activities

Analysis Process: cmd.exePID: 6708, Parent PID: 6568

Windows Analysis Report
glib-2.0.dll