PESCAN.IO - Analysis Report Valid Code

File Structure:
Analysis Image
Information:
Size: 982,00 KB
SHA-256 Hash: CAD91DB77A9398695FDBF2FCA9B67DC8032DE5BA712B17A029C928B60B13A805
SHA-1 Hash: 8D4EA750B30B75E57AB2859369B9AC6DAB2E8412
MD5 Hash: FE4AF613CC77F1FC3B2120DA1CE21F51
Imphash: 372FDF146F61A3A63C03AB9EE983CCFA
MajorOSVersion: 6
CheckSum: 00100876
EntryPoint (rva): 29980
SizeOfHeaders: 400
SizeOfImage: F9000
ImageBase: 59100000
Architecture: x86
ExportTable: 2CDC
ImportTable: C625C
Characteristics: 2102
TimeDateStamp: 464CB2BD
Date: 17/05/2007 19:53:33
File Type: DLL
Number Of Sections: 4
ASLR: Disabled
Section Names: .text, .data, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI

Sections Info:
Section Name Flags ROffset RSize VOffset VSize
.text 60000020 (Executable) 400 C8400 1000 C82ED
.data C0000040 (Writeable) C8800 22200 CA000 22BA0
.rsrc 40000040 EAA00 600 ED000 5C8
.reloc 42000040 EB000 A800 EE000 A678
Description:
InternalName: MSNCore.dll
OriginalFilename: MSNCore.dll
CompanyName: Microsoft Corporation
LegalCopyright: Copyright (c) Microsoft Corporation. All rights reserved.
ProductName: Microsoft CoreXT
FileVersion: 8.5.1235.0517

Entry Point:
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 28D80
Code -> 837C2408010F8417D40300FF7424048B4C24108B54240CE81FFFFFFF59C20C008BFF558BEC33C04039450C0F8491CC03005D
CMP DWORD PTR [ESP + 8], 1
JE 0X3E422
PUSH DWORD PTR [ESP + 4]
MOV ECX, DWORD PTR [ESP + 0X10]
MOV EDX, DWORD PTR [ESP + 0XC]
CALL 0XF3B
POP ECX
RET 0XC
MOV EDI, EDI
PUSH EBP
MOV EBP, ESP
XOR EAX, EAX
INC EAX
CMP DWORD PTR [EBP + 0XC], EAX
JE 0X3DCC2
POP EBP

Signatures:
CheckSum Integrity Problem:
Header: 1050742
Calculated: 1063079
Rich Signature Analyzer:
Code -> FEF29124BA93FF77BA93FF77BA93FF77799C9F77BB93FF77799CA2779A93FF77BA93FE778B91FF779D558477B993FF772D578177BB93FF779D558277B393FF77799CA077B593FF77799CF077BB93FF779D559277B593FF779D558577BB93FF779D5591774593FF779D558377BB93FF779D558777BB93FF7752696368BA93FF77
Footprint md5 Hash -> D780E141C96AF0DB53AAC6A8AB49076D
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler:
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE: compiler: EP:Microsoft Visual C/C++(2005)[DLL32]
PE: compiler: Microsoft Visual C/C++(2005)[-]
PE: linker: Microsoft Linker(8.0 or 11.0)[DLL32]
Entropy: 6.40024

Suspicious Functions:
Library Function Description
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL CopyFileW Copies an existing file to a new file.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL LoadLibraryW Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
USER32.DLL CallWindowProcA Invokes the window procedure for the specified window and messages.
ET Functions (carving):
??0?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@DirectUI@@QAE@ABV01@@Z
??0?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@DirectUI@@QAE@XZ
??0?$IElementListenerImpl@VElement@DirectUI@@@DirectUI@@QAE@ABV01@@Z
??0?$IElementListenerImpl@VElement@DirectUI@@@DirectUI@@QAE@XZ
??0?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAE@ABV01@@Z
??0?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAE@PAVElement@1@@Z
??0CCustomColor@@QAE@W4EUIType@@@Z
??0CDUI2WindowMsg@@QAE@ABV0@@Z
??0CDUI2WindowMsg@@QAE@XZ
??0CDUIDialog@@QAE@XZ
??0CFramelessHost@@QAE@XZ
??0CMsgFilter@@QAE@ABV0@@Z
??0CMsgFilter@@QAE@XZ
??0CPerfMonitor@@QAE@XZ
??0CRMCompoundStringResource@@QAE@ABV0@@Z
??0CRMCompoundStringResource@@QAE@IKPB_W@Z
??0CRMCompoundStringResource@@QAE@XZ
??0CRMDUIParser@@QAE@XZ
??0CRMDirectStringResource@@QAE@ABV0@@Z
??0CRMDirectStringResource@@QAE@IKPB_W@Z
??0CRMDirectStringResource@@QAE@XZ
??0CRMResource@@QAE@ABV0@@Z
??0CRMResource@@QAE@PB_W0K0PAK@Z
??0CRMResource@@QAE@XZ
??0CRMSystemMetricInteger@@QAE@ABV0@@Z
??0CRMSystemMetricInteger@@QAE@ABVCRMDirectStringResource@@@Z
??0CRMSystemMetricInteger@@QAE@PB_W@Z
??0CRMSystemMetricInteger@@QAE@XZ
??0CRMSystemMetricString@@QAE@ABV0@@Z
??0CRMSystemMetricString@@QAE@ABVCRMDirectStringResource@@@Z
??0CRMSystemMetricString@@QAE@PB_W@Z
??0CRMSystemMetricString@@QAE@XZ
??0CWebBrowserElement@@QAE@XZ
??0CmdButton@@QAE@XZ
??0DialogHWNDHost@DirectUI@@QAE@ABV01@@Z
??0DialogHWNDHost@DirectUI@@QAE@XZ
??0DocObjHWNDHost@DirectUI@@QAE@XZ
??0DuiElementTimerHandler@@QAE@XZ
??0ElementRecycler@@QAE@H@Z
??0ItemRange@@QAE@XZ
??0NativeHWNDHost@DirectUI@@QAE@ABV01@@Z
??0NativeHWNDHost@DirectUI@@QAE@XZ
??0PNGGraphic@@QAE@XZ
??0PopupMenuHWNDHost@DirectUI@@QAE@ABV01@@Z
??0PopupMenuHWNDHost@DirectUI@@QAE@XZ
??0PopupWindow@DirectUI@@QAE@ABV01@@Z
??0PopupWindow@DirectUI@@QAE@XZ
??0TextHostT@@QAE@XZ
??0TimerHandler@@QAE@XZ
??0VirtualListView@@QAE@XZ
??0WLEditT@@QAE@XZ
??1?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAE@XZ
??1CDUIDialog@@UAE@XZ
??1CFramelessHost@@UAE@XZ
??1CMsgFilter@@QAE@XZ
??1CPerfMonitor@@QAE@XZ
??1CRMCompoundStringResource@@UAE@XZ
??1CRMDUIParser@@UAE@XZ
??1CRMDirectStringResource@@UAE@XZ
??1CRMResource@@UAE@XZ
??1CRMSystemMetricInteger@@UAE@XZ
??1CRMSystemMetricString@@UAE@XZ
??1CWebBrowserElement@@UAE@XZ
??1CmdButton@@UAE@XZ
??1DialogHWNDHost@DirectUI@@UAE@XZ
??1DocObjHWNDHost@DirectUI@@UAE@XZ
??1DocObjHost@DirectUI@@UAE@XZ
??1DuiAccessible@DirectUI@@UAE@XZ
??1DuiElementTimerHandler@@UAE@XZ
??1Element@DirectUI@@UAE@XZ
??1ElementRecycler@@QAE@XZ
??1FontCache@DirectUI@@UAE@XZ
??1HWNDContainer@@UAE@XZ
??1HWNDElementAccessible@DirectUI@@UAE@XZ
??1HWNDHostAccessible@DirectUI@@UAE@XZ
??1ItemRange@@UAE@XZ
??1NativeHWNDHost@DirectUI@@UAE@XZ
??1PNGGraphic@@UAE@XZ
??1Parser@DirectUI@@UAE@XZ
??1PopupMenuHWNDHost@DirectUI@@UAE@XZ
??1PopupWindow@DirectUI@@UAE@XZ
??1PropertySheetW@DirectUI@@UAE@XZ
??1SBAlloc@DirectUI@@UAE@XZ
??1SyncTimerHandler@@UAE@XZ
??1TimerHandler@@UAE@XZ
??1VirtualListView@@UAE@XZ
??1WLEditT@@UAE@XZ
??4?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@DirectUI@@QAEAAV01@ABV01@@Z
??4?$IElementListenerImpl@VElement@DirectUI@@@DirectUI@@QAEAAV01@ABV01@@Z
??4?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAEAAV01@ABV01@@Z
??4?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAEPBVElement@1@PAV21@@Z
??4CDUI2WindowMsg@@QAEAAV0@ABV0@@Z
??4CMsgFilter@@QAEAAV0@ABV0@@Z
??4CRMCompoundStringResource@@QAEAAV0@ABV0@@Z
??4CRMDirectStringResource@@QAEAAV0@ABV0@@Z
??4CRMResource@@QAEAAV0@ABV0@@Z
??4CRMSystemMetricInteger@@QAEAAV0@ABV0@@Z
??4CRMSystemMetricString@@QAEAAV0@ABV0@@Z
??4DialogHWNDHost@DirectUI@@QAEAAV01@ABV01@@Z
??4NativeHWNDHost@DirectUI@@QAEAAV01@ABV01@@Z
??4PopupMenuHWNDHost@DirectUI@@QAEAAV01@ABV01@@Z
??4PopupWindow@DirectUI@@QAEAAV01@ABV01@@Z
??B?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QBEPAVElement@1@XZ
??BCCustomColor@@QAEKXZ
??BCRMDUIParser@@QBE_NXZ
??BCRMDirectStringResource@@QBEPB_WXZ
??BCRMSystemMetricInteger@@QAEHXZ
??BCRMSystemMetricString@@QAEPB_WXZ
??C?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QBEPAVElement@1@XZ
??_7?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@DirectUI@@6B@
??_7?$IElementListenerImpl@VElement@DirectUI@@@DirectUI@@6B@
??_7?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@6B@
??_7CDUI2WindowMsg@@6B@
??_7CMsgFilter@@6B@
??_7DialogHWNDHost@DirectUI@@6B?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@1@@
??_7DialogHWNDHost@DirectUI@@6BNativeHWNDHost@1@@
??_7NativeHWNDHost@DirectUI@@6B@
??_7PopupMenuHWNDHost@DirectUI@@6B@
??_7PopupWindow@DirectUI@@6B@
??_F?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAEXXZ
??_FElementRecycler@@QAEXXZ
?AccDefActionProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AccDescProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AccNameProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AccRoleProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AccStateProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AccValueProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AccessibleProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z
?ActiveProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ActualReferencePointProp@RefPointElement@DirectUI@@2PAUPropertyInfo@2@A
?Add@Element@DirectUI@@QAEJPAV12@@Z
?Add@Element@DirectUI@@QAEJPAV12@P6AHPBX1@Z@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?Add@ElementRecycler@@QAEXPAVElement@DirectUI@@@Z
?Add@ScrollViewer@DirectUI@@UAEJPAPAVElement@2@I@Z
?AddControl@Toolbar@DirectUI@@QAEJPAVElement@2@PAVValue@2@PB_W@Z
?AddControl@ToolbarControls@DirectUI@@QAEJPAVElement@2@PAVValue@2@PB_W@Z
?AddElementToSelection@VirtualListView@@2PAEA
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
?AddRef@CPerfMonitor@@UAGKXZ
?AddRef@CWebBrowserHost@@UAGKXZ
?AddRef@DocObjHost@DirectUI@@UAGKXZ
?AddRef@DuiAccessible@DirectUI@@UAGKXZ
?AddRule@PropertySheetW@DirectUI@@QAEJPAUIClassInfo@2@PAUCond@2@PAUDecl@2@@Z
?AddString@Combobox@DirectUI@@QAEHPB_W@Z
?AdjustElementRect@@YGJPAVElement@DirectUI@@PAUtagRECT@@K@Z
?AdjustElementSize@@YGJPAVElement@DirectUI@@PAUtagSIZE@@K@Z
?AdjustInvalidationRect@WLEditT@@UAEXPAUtagRECT@@@Z
?AggressiveUpdateProp@HWNDHost@DirectUI@@2PAUPropertyInfo@2@A
?Alloc@SBAlloc@DirectUI@@QAEPAXXZ
?AllocateClassIndex@Element@DirectUI@@SGIXZ
?AllocatePropertyIndex@Element@DirectUI@@SGIXZ
?AlphaProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?AnimationProp@Animator@DirectUI@@2PAUPropertyInfo@2@A
?AnimationProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ArrowProp@DropDownButton@DirectUI@@2PAUPropertyInfo@2@A
?AsyncSelectionChange@TabControl@DirectUI@@2PAEA
?AsyncSetData@VirtualListView@@2PAEA
?Attach@CRMDUIParser@@QAEJPAVElement@DirectUI@@@Z
?Attach@Layout@DirectUI@@UAEXPAVElement@2@@Z
?AutoUpdatePos@PopupWindow@DirectUI@@IAEJXZ
?AvoidAnchor@PopupWindow@DirectUI@@SG_NHH@Z
?BackgroundIndexProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?BackgroundProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?BeforeNavigate2@CWebBrowserElement@@2PAEA
?BlendModeProp@PNGGraphic@@2PAUPropertyInfo@DirectUI@@A
?BlendValueProp@PNGGraphic@@2PAUPropertyInfo@DirectUI@@A
?BorderColorProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?BorderStyleProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?BorderThicknessProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?BringWindowToTop@NativeHWNDHost@DirectUI@@QAEXXZ
?BrushFromEnumI@DirectUI@@YGPAUHBRUSH__@@H@Z
?BuildButton@ButtonList@DirectUI@@MAEJPAVValue@2@@Z
?BuildCacheInfo@FlowLayout@DirectUI@@IAE?AUtagSIZE@@PAVElement@2@U3@PAVSurface@2@_N@Z
?BuildContent@ButtonList@DirectUI@@MAEJXZ
?BuildScrollViewer@ScrollViewer@DirectUI@@IAEJXZ
?BuildShortcutString@DirectUI@@YGJPAPA_W_W@Z
?BuildString@CRMCompoundStringResource@@UBE_NPA_WI@Z
?ButtonStyleProp@CmdButton@@2PAUPropertyInfo@DirectUI@@A
?CLSIDProp@DocObjHWNDHost@DirectUI@@2PAUPropertyInfo@2@A
?CSAdd@@YGJIPB_W00IK_NW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@00@Z
?CSAddFile@@YGJIPB_W0IK@Z
?CSConfigDownload@@YGJPB_W000IK_NPADIW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@00@Z
?CSConfigGetAttributeValue@@YGJPB_W0AAK@Z
?CSConfigGetAttributeValueAsBSTR@@YGJPB_W0AAVCComBSTR@ATL@@@Z
?CSConfigGetDownloadState@@YG?AW4tagCONFIGSERVERCLIENT_DOWNLOAD_STATE@@PA_N@Z
?CSConfigIsInfoReady@@YG_NXZ
?CSConfigLoadFromFile@@YGJPB_WW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@@Z
?CSConfigLoadFromString@@YGJPB_W@Z
?CSConfigNotify@@YGXJ@Z
?CSConfigReleaseXML@@YGXXZ
?CSConfigReset@@YGXXZ
?CSConfigSelectNode@@YGJPB_WPAPAUIXMLDOMNode@@@Z
?CSGetAttributeValue@@YGJIPB_W0AAVCComBSTR@ATL@@@Z
?CSGetAttributeValue@@YGJPAUIXMLDOMNode@@PB_WAAVCComBSTR@ATL@@@Z
?CSGetDownloadState@@YG?AW4tagCONFIGSERVERCLIENT_DOWNLOAD_STATE@@IPA_N@Z
?CSGetElementInnerText@@YGJIPB_WAAVCComBSTR@ATL@@@Z
?CSGetElementInnerText@@YGJPAUIXMLDOMNode@@PB_WAAVCComBSTR@ATL@@@Z
?CSInitialize@@YGXXZ
?CSIsInfoReady@@YG_NI@Z
?CSLoadFromFile@@YGJIPB_WW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@@Z
?CSLoadFromFile@@YGJPB_WPAPAUIXMLDOMNode@@@Z
?CSLoadFromString@@YGJIPB_WW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@@Z
?CSLoadFromString@@YGJPB_WPAPAUIXMLDOMNode@@@Z
?CSNotify@@YGXIJ@Z
?CSReleaseXML@@YGXI@Z
?CSRemove@@YGJI@Z
?CSReset@@YGXXZ
?CSSelectNode@@YGJIPB_WPAPAUIXMLDOMNode@@@Z
?CSSelectNode@@YGJPAUIXMLDOMNode@@PB_WPAPAU1@@Z
?CSSetUserAgentString@@YGJPBDK@Z
?CSTerminate@@YGXXZ
?CanInPlaceActivate@DocObjHost@DirectUI@@UAGJXZ
?CapturedProp@Button@DirectUI@@2PAUPropertyInfo@2@A
?Change@Edit@DirectUI@@2PAEA
?ChangeTheme@CRMDUIParser@@QAEJPAVElement@DirectUI@@@Z
?CheckClick@DirectUI@@YGHPAVElement@1@PAUInputEvent@1@HPAH2PAUtagClickInfo@1@@Z
?CheckClick@DirectUI@@YGHPAVElement@1@PAUInputEvent@1@PAH2PAUtagClickInfo@1@@Z
?CheckContext@DirectUI@@YGHPAVElement@1@PAUInputEvent@1@PAHPAUtagClickInfo@1@@Z
?CheckContextMenu@DirectUI@@YGXPAVElement@1@PBUPropertyInfo@1@PAUInputEvent@1@@Z
?CheckOutFont@FontCache@DirectUI@@QAEPAUHFONT__@@PB_WHHHH@Z
?CheckedProp@Checkbox@DirectUI@@2PAUPropertyInfo@2@A
?ChildrenProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?Class@Animator@DirectUI@@2PAUIClassInfo@2@A
?Class@BorderSplitter@DirectUI@@2PAUIClassInfo@2@A
?Class@Button@DirectUI@@2PAUIClassInfo@2@A
?Class@ButtonArrow@DirectUI@@2PAUIClassInfo@2@A
?Class@ButtonDropDown@DirectUI@@2PAUIClassInfo@2@A
?Class@ButtonIcon@DirectUI@@2PAUIClassInfo@2@A
?Class@ButtonList@DirectUI@@2PAUIClassInfo@2@A
?Class@ButtonText@DirectUI@@2PAUIClassInfo@2@A
?Class@CExpando@@2PAUIClassInfo@DirectUI@@A
?Class@CExpandoH@@2PAUIClassInfo@DirectUI@@A
?Class@CWebBrowserElement@@2PAUIClassInfo@DirectUI@@A
?Class@Checkbox@DirectUI@@2PAUIClassInfo@2@A
?Class@CheckboxGroup@DirectUI@@2PAUIClassInfo@2@A
?Class@Clipper@@2PAUIClassInfo@DirectUI@@A
?Class@ClipperH@@2PAUIClassInfo@DirectUI@@A
?Class@CmdButton@@2PAUIClassInfo@DirectUI@@A
?Class@Combobox@DirectUI@@2PAUIClassInfo@2@A
?Class@Constrainer@DirectUI@@2PAUIClassInfo@2@A
?Class@Dialog@DirectUI@@2PAUIClassInfo@2@A
?Class@DialogHost@@2PAUIClassInfo@DirectUI@@A
?Class@DocObjHWNDHost@DirectUI@@2PAUIClassInfo@2@A
?Class@DropDownButton@DirectUI@@2PAUIClassInfo@2@A
?Class@Edit@DirectUI@@2PAUIClassInfo@2@A
?Class@Element@DirectUI@@2PAUIClassInfo@2@A
?Class@HTMLHost@DirectUI@@2PAUIClassInfo@2@A
?Class@HWNDContainer@@2PAUIClassInfo@DirectUI@@A
?Class@HWNDElement@DirectUI@@2PAUIClassInfo@2@A
?Class@HWNDHost@DirectUI@@2PAUIClassInfo@2@A
?Class@Hyperlink@DirectUI@@2PAUIClassInfo@2@A
?Class@Label@DirectUI@@2PAUIClassInfo@2@A
?Class@MenuButton@DirectUI@@2PAUIClassInfo@2@A
?Class@MenuItem2@DirectUI@@2PAUIClassInfo@2@A
?Class@MenuItem@DirectUI@@2PAUIClassInfo@2@A
?Class@MenuItemSeparator@DirectUI@@2PAUIClassInfo@2@A
?Class@MenuItemSubMenu@DirectUI@@2PAUIClassInfo@2@A
?Class@MenuItemText@DirectUI@@2PAUIClassInfo@2@A
?Class@PNGGraphic@@2PAUIClassInfo@DirectUI@@A
?Class@PopupMenu2@DirectUI@@2PAUIClassInfo@2@A
?Class@PopupMenu@DirectUI@@2PAUIClassInfo@2@A
?Class@Progress@DirectUI@@2PAUIClassInfo@2@A
?Class@RefPointElement@DirectUI@@2PAUIClassInfo@2@A
?Class@RepeatButton@DirectUI@@2PAUIClassInfo@2@A
?Class@ScrollBar@DirectUI@@2PAUIClassInfo@2@A
?Class@ScrollViewer@DirectUI@@2PAUIClassInfo@2@A
?Class@Selector@DirectUI@@2PAUIClassInfo@2@A
?Class@SimpleScrollBar@DirectUI@@2PAUIClassInfo@2@A
?Class@SplitButton@DirectUI@@2PAUIClassInfo@2@A
?Class@TabButton@DirectUI@@2PAUIClassInfo@2@A
?Class@TabControl@DirectUI@@2PAUIClassInfo@2@A
?Class@TabPage@DirectUI@@2PAUIClassInfo@2@A
?Class@Thumb@DirectUI@@2PAUIClassInfo@2@A
?Class@Toolbar@DirectUI@@2PAUIClassInfo@2@A
?Class@ToolbarButton@DirectUI@@2PAUIClassInfo@2@A
?Class@ToolbarChevron@DirectUI@@2PAUIClassInfo@2@A
?Class@ToolbarControls@DirectUI@@2PAUIClassInfo@2@A
?Class@ToolbarDropDown@DirectUI@@2PAUIClassInfo@2@A
?Class@ToolbarSeparator@DirectUI@@2PAUIClassInfo@2@A
?Class@Viewer@DirectUI@@2PAUIClassInfo@2@A
?Class@VirtualListView@@2PAUIClassInfo@DirectUI@@A
?Class@WLEditT@@2PAUIClassInfo@DirectUI@@A
?ClassProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?Clear@CPerfMonitor@@QAEXXZ
?Clear@ElementRecycler@@QAEXXZ
?Clear@ItemRange@@QAEXXZ
?ClearSelection@VirtualListView@@QAEXXZ
?Click@Button@DirectUI@@2PAEA
?ClickItemAt@VirtualListView@@QAEJJI@Z
?Clicked@MenuItem@DirectUI@@2PAEA
?Clicked@MenuItemSubMenu@DirectUI@@2PAEA
?ClientToHostWindow@CWebBrowserElement@@2PAEA
?ClientToScreen@WLEditT@@UAEJPAUtagPOINT@@@Z
?ClipperIdProp@CExpando@@2PAUPropertyInfo@DirectUI@@A
?Clone@DuiAccessible@DirectUI@@UAGJPAPAUIEnumVARIANT@@@Z
?Close@CPerfMonitor@@QAEXXZ
?Close@PopupMenu@DirectUI@@2PAEA
?ClosePopups@PopupMenu@DirectUI@@QAEJXZ
?CloseSubMenu@MenuItemSubMenu@DirectUI@@UAEJXZ
?CloseSubMenus@PopupMenu@DirectUI@@QAEJPAVElement@2@@Z
?CloseWindowProp@Button@DirectUI@@2PAUPropertyInfo@2@A
?CmdContextProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?CmdGroupProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?CmdIDProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?CmdIdProp@CmdButton@@2PAUPropertyInfo@DirectUI@@A
?CmdValueProp@Button@DirectUI@@2PAUPropertyInfo@2@A
?ColorFromEnumI@DirectUI@@YGKH@Z
?ColorizeBitmap@DirectUI@@YG_NPAUHBITMAP__@@PAPAU2@KG@Z
?ColorizeProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ColorizeRGB@DirectUI@@YGKKKG@Z
?Combine@ItemRange@@QAEXABV1@@Z
?CommandStateChange@CWebBrowserElement@@2PAEA
?ComponentProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ContentAlignProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ContentIndexProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?ContentProp@Element@DirectUI@@2PAUPropertyInfo@2@A
?Context@Button@DirectUI@@2PAEA
?ContextMenuResIDProp@Button@DirectUI@@2PAUPropertyInfo@2@A
?ContextMenuResIDProp@Label@DirectUI@@2PAUPropertyInfo@2@A
?ContextSensitiveHelp@DocObjHost@DirectUI@@UAGJH@Z
?ContextSensitiveHelp@DuiAccessible@DirectUI@@UAGJH@Z
?ConvertElement@Parser@DirectUI@@UAEPAUIClassInfo@2@PB_W@Z
?ConvertEnum@Parser@DirectUI@@UAE_NPB_WPAHPAUPropertyInfo@2@@Z
?ConvertLayout@Parser@DirectUI@@UAEP6GJHPAHPAPAVValue@2@@ZPB_W@Z
?ConvertSystemMetricInteger@CRMSystemMetricInteger@@SGHPB_WIH@Z
?ConvertSystemMetricString@CRMSystemMetricString@@SGIPA_WI@Z
?CopyContext@PopupWindow@DirectUI@@UAEJPAVElement@2@0@Z
?Count@CPerfMonitor@@QAEHH@Z
?Create@Animator@DirectUI@@SGJPAPAVElement@2@@Z
?Create@Binding@DirectUI@@SGJHPAPA_WHPAVValue@2@PAPAV12@@Z
?Create@Binding@DirectUI@@SGJHPAPA_WPAVValue@2@PAPAV12@@Z
?Create@BorderLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z
?Create@BorderLayout@DirectUI@@SGJPAPAVLayout@2@@Z
?Create@BorderSplitter@DirectUI@@SGJPAPAVElement@2@@Z
?Create@Button@DirectUI@@SGJIPAPAVElement@2@@Z
?Create@Button@DirectUI@@SGJPAPAVElement@2@@Z
?Create@ButtonAccessible@DirectUI@@SGJPAVElement@2@PAPAVDuiAccessible@2@@Z
?Create@ButtonArrow@DirectUI@@SGJPAPAVElement@2@@Z
?Create@ButtonDropDown@DirectUI@@SGJPAPAVElement@2@@Z
?Create@ButtonIcon@DirectUI@@SGJPAPAVElement@2@@Z
?Create@ButtonList@DirectUI@@SGJPAPAVElement@2@@Z
?Create@ButtonText@DirectUI@@SGJPAPAVElement@2@@Z
?Create@CExpando@@SGJPAPAVElement@DirectUI@@@Z
?Create@CExpandoH@@SGJPAPAVElement@DirectUI@@@Z
?Create@CWebBrowserElement@@SGJIIPAPAVElement@DirectUI@@@Z
?Create@CWebBrowserElement@@SGJPAPAVElement@DirectUI@@@Z
?Create@CWebBrowserHost@@SGJPAUHWND__@@PAUIWebBrowserEvents2@@PAPAV1@@Z
?Create@Checkbox@DirectUI@@SGJIPAPAVElement@2@@Z
?Create@Checkbox@DirectUI@@SGJPAPAVElement@2@@Z
?Create@CheckboxGroup@DirectUI@@SGJPAPAVElement@2@@Z
?Create@Clipper@@SGJPAPAVElement@DirectUI@@@Z
?Create@ClipperH@@SGJPAPAVElement@DirectUI@@@Z
?Create@CmdButton@@SGJPAPAVElement@DirectUI@@@Z
?Create@Combobox@DirectUI@@SGJIPAPAVElement@2@@Z
?Create@Combobox@DirectUI@@SGJPAPAVElement@2@@Z
?Create@Constrainer@DirectUI@@SGJIPAPAVElement@2@@Z
?Create@Constrainer@DirectUI@@SGJPAPAVElement@2@@Z
?Create@Dialog@DirectUI@@SGJPAPAVElement@2@@Z
?Create@DialogHWNDHost@DirectUI@@SGJPAPAV12@@Z
?Create@DialogHost@@SGJIPAPAVElement@DirectUI@@@Z
?Create@DialogHost@@SGJPAPAVElement@DirectUI@@@Z
?Create@DocObjHWNDHost@DirectUI@@SGJIIPAPAVElement@2@@Z
?Create@DocObjHWNDHost@DirectUI@@SGJPAPAVElement@2@@Z
?Create@DocObjHost@DirectUI@@SGJPA_WPAUHWND__@@PAPAV12@@Z
?Create@DropDownButton@DirectUI@@SGJIPAPAVElement@2@@Z
?Create@DropDownButton@DirectUI@@SGJPAPAVElement@2@@Z
?Create@DuiAccessible@DirectUI@@SGJPAVElement@2@PAPAV12@@Z
?Create@Edit@DirectUI@@SGJIPAPAVElement@2@@Z
?Create@Edit@DirectUI@@SGJPAPAVElement@2@@Z
?Create@Element@DirectUI@@SGJIPAPAV12@@Z
?Create@FillLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z
?Create@FillLayout@DirectUI@@SGJPAPAVLayout@2@@Z
?Create@FlowLayout@DirectUI@@SGJHIIIPAPAVLayout@2@@Z
?Create@FlowLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z
?Create@FontCache@DirectUI@@SGJIPAPAV12@@Z
?Create@GridLayout@DirectUI@@SGJHHPAPAVLayout@2@@Z
?Create@GridLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z
?Create@HTMLHost@DirectUI@@SGJIIPAPAVElement@2@@Z
?Create@HTMLHost@DirectUI@@SGJPAPAVElement@2@@Z
?Create@HWNDContainer@@SGJPAPAVElement@DirectUI@@@Z
?Create@HWNDContainer@@SGJPAVNativeHWNDHost@DirectUI@@PAUIDropTarget@@PAPAVElement@3@@Z
?Create@HWNDElement@DirectUI@@SGJPAPAVElement@2@@Z
?Create@HWNDElement@DirectUI@@SGJPAUHWND__@@_NI1PAPAVElement@2@@Z
?Create@HWNDElementAccessible@DirectUI@@SGJPAVHWNDElement@2@PAPAVDuiAccessible@2@@Z
?Create@HWNDHost@DirectUI@@SGJIIPAPAVElement@2@@Z
?Create@HWNDHost@DirectUI@@SGJPAPAVElement@2@@Z
?Create@HWNDHostAccessible@DirectUI@@SGJPAVHWNDHost@2@PAPAVDuiAccessible@2@@Z
?Create@Hyperlink@DirectUI@@SGJPAPAVElement@2@@Z
?Create@Label@DirectUI@@SGJPAPAVElement@2@@Z
?Create@Layout@DirectUI@@SGJPAPAV12@@Z
?Create@MenuButton@DirectUI@@SGJPAPAVElement@2@@Z
?Create@MenuItem2@DirectUI@@SGJPAPAVElement@2@@Z
?Create@MenuItem@DirectUI@@SGJPAPAVElement@2@@Z
?Create@MenuItemSeparator@DirectUI@@SGJPAPAVElement@2@@Z
?Create@MenuItemSubMenu@DirectUI@@SGJPAPAVElement@2@@Z
?Create@MenuItemSubMenuAccessible@DirectUI@@SGJPAVElement@2@PAPAVDuiAccessible@2@@Z
?Create@MenuItemText@DirectUI@@SGJPAPAVElement@2@@Z
?Create@NineGridLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z
?Create@NineGridLayout@DirectUI@@SGJPAPAVLayout@2@@Z
• EXPORT FUNCTIONS > 400

File Access:
IMM32.dll
gdiplus.dll
UxTheme.dll
OLEACC.dll
MSIMG32.dll
COMCTL32.dll
WININET.dll
urlmon.dll
SHLWAPI.dll
OLEAUT32.dll
ole32.dll
GDI32.dll
ADVAPI32.dll
USER32.dll
KERNEL32.dll
MSVCR80.dll
VERSION.dll
RichEd20.dll
MSNCore.dll
Temp

File Access (UNICODE):
MSNCore.dll

Interest's Words:
lockbit
ToolBar
PassWord
exec
attrib
start
shutdown
perfmon
ping
expand
replace
setx

Interest's Words (UNICODE):
ToolBar
PassWord
start
pause
expand

Strings/Hex Code Found With The File Rules:
Rule Text (Unicode): WinAPI Sockets (bind)
Rule Text (Ascii): WinAPI Sockets (connect)
Rule Text (Ascii): Registry (RegOpenKeyEx)
Rule Text (Ascii): File (GetTempPath)
Rule Text (Ascii): File (CopyFile)
Rule Text (Ascii): File (CreateFile)
Rule Text (Ascii): File (WriteFile)
Rule Text (Ascii): File (ReadFile)
Rule Text (Ascii): Encryption API (CryptAcquireContext)
Rule Text (Ascii): Encryption API (CryptReleaseContext)
Rule Text (Ascii): Anti-Analysis VM (IsDebuggerPresent)
Rule Text (Ascii): Anti-Analysis VM (GetVersion)
Rule Text (Ascii): Stealth (VirtualAlloc)
Rule Text (Ascii): Keyboard Key (Scroll)
Rule Text (Unicode): Keyboard Key (Scroll)
Rule Text (Unicode): Keyboard Key (PageDown)
Rule Text (Unicode): Keyboard Key (PageUp)
Rule Text (Ascii): Software that records user activity (Logger)
Rule Text (Ascii): Unauthorized movement of funds or data (Transfer)
Rule Text (Unicode): Technique used to insert malicious code into legitimate processes (Inject)

Resources:
Path DataRVA Size FileOffset CodeText
\TEXTINCLUDE\1\1033 ED100 16 EAB00 23696E636C756465202277696E7265732E68220D0A00include "winres.h"...
\VERSION\1\1033 ED118 35C EAB18 5C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000500\.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\2\1033 ED474 152 EAE74 3C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
Intelligent String:
• LogInterpolation
• .tlb
• ddraw.dll
• USER32.dll
• ADVAPI32.dll
• msncore.pdb
• symbol.ics
• canella.dwg

Extra 4n4lysis:
Metric Value Percentage
Ascii Code 566576 56,3439%
Null Byte Code 196834 19,5744%
NOP Cave Found 0x9090909090 Block Count: 44 | Total: 0,0109%
© 2025 All rights reserved.