Windows
Analysis Report
vlc-3.0.20-win64.exe
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
- System is w10x64_ra
- vlc-3.0.20-win64.exe (PID: 7044 cmdline:
"C:\Users\ user\Deskt op\vlc-3.0 .20-win64. exe" MD5: 3D63E3A94C39A18F4DA866B896B41E80)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: |
Source: | Static PE information: |
Source: | File read: |
Source: | Key opened: |
Source: | File read: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 DLL Side-Loading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | ReversingLabs | |||
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431704 |
Start date and time: | 2024-04-25 16:57:02 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | vlc-3.0.20-win64.exe |
Detection: | CLEAN |
Classification: | clean1.winEXE@1/2@0/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Users\user\Desktop\vlc-3.0.20-win64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7680 |
Entropy (8bit): | 4.738131570640122 |
Encrypted: | false |
SSDEEP: | |
MD5: | 20850D4D5416FBFD6A02E8A120F360FC |
SHA1: | AC34F3A34AAA4A21EFD6A32BC93102639170E219 |
SHA-256: | 860B409B065B747AAB2A9937F02D08B6FD7309993B50D8E4B53983C8C2B56B61 |
SHA-512: | C8048B9AE0CED72A384C5AB781083A76B96AE08D5C8A5C7797F75A7E54E9CD9192349F185EE88C9CF0514FC8D59E37E01D88B9C8106321C0581659EBE1D1C276 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\vlc-3.0.20-win64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27136 |
Entropy (8bit): | 5.98616973067504 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4F25D99BF1375FE5E61B037B2616695D |
SHA1: | 958FAD0E54DF0736DDAB28FF6CB93E6ED580C862 |
SHA-256: | 803931797D95777248DEE4F2A563AED51FE931D2DD28FAEC507C69ED0F26F647 |
SHA-512: | 96A8446F322CD62377A93D2088C0CE06087DA27EF95A391E02C505FB4EB1D00419143D67D89494C2EF6F57AE2FD7F049C86E00858D1B193EC6DDE4D0FE0E3130 |
Malicious: | false |
Antivirus: |
|
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.999873560676055 |
TrID: |
|
File name: | vlc-3.0.20-win64.exe |
File size: | 44'420'344 bytes |
MD5: | 3d63e3a94c39a18f4da866b896b41e80 |
SHA1: | c9520268936bfa6d060c8603cdee753db214d0ce |
SHA256: | d8055b6643651ca5b9ad58c438692a481483657f3f31624cdfa68b92e8394a57 |
SHA512: | 9dfcdeca8fbfb655d3a4a8d0297fdc7f4c34a46c1b4238436d6e51e8621cbcd866ebfbd2a738a50dccdcf18d162b213b086a5e2a720205751ae07147e800838a |
SSDEEP: | 786432:3ESqSGUR5EpRsHXEiGxu9XjXlQGPmVaiTZiq+gB18wgMu232zhkYwWmA9d:0k1eqX6ucRX+C1xgMu232zhkYjD7 |
TLSH: | 60A7338C8E35B888C904147F60D3426B441CED336C5568A276739A72DEAF2D9375ECBB |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.J_..............."............HF............@.................................._....@... ............................ |
Icon Hash: | 4e1616963371238e |
Entrypoint: | 0x404648 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5F4AAD3C [Sat Aug 29 19:32:12 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 730491907e677638ab304e28646ba09c |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 0E5EA08681034EBE89728706556954B1 |
Thumbprint SHA-1: | BCB40C7D23C9DB41766C780B5388FB70F3D570BF |
Thumbprint SHA-256: | 450F7ADBC34DEFB85C2D170F0AF534DE61D42A143F59D18CF9FA6410197BA4EE |
Serial: | 0407ABB64E9990180789EACB81F5F914 |
Instruction |
---|
push ebp |
mov ebp, esp |
push edi |
push esi |
push ebx |
sub esp, 000002FCh |
mov dword ptr [esp], 00008001h |
call dword ptr [00434480h] |
push esi |
call dword ptr [00434440h] |
and eax, BFFFFFFFh |
mov dword ptr [0042AA40h], eax |
cmp ax, 0006h |
je 00007F5BF469ACEDh |
mov dword ptr [esp], 00000000h |
call 00007F5BF469F6A7h |
push ebx |
test eax, eax |
je 00007F5BF469ACDCh |
mov dword ptr [esp], 00000C00h |
call eax |
push ecx |
mov ebx, 0040C560h |
mov dword ptr [esp], ebx |
call 00007F5BF469F5FBh |
push eax |
mov dword ptr [esp], ebx |
call dword ptr [004344BCh] |
lea ebx, dword ptr [ebx+eax+01h] |
push edx |
cmp byte ptr [ebx], 00000000h |
jne 00007F5BF469ACB6h |
mov dword ptr [esp], 0000000Bh |
call 00007F5BF469F66Bh |
push ebx |
mov dword ptr [esp], 00000009h |
call 00007F5BF469F65Eh |
push esi |
mov dword ptr [0042AA44h], eax |
mov dword ptr [esp], 00000007h |
call 00007F5BF469F64Ch |
push edi |
test eax, eax |
je 00007F5BF469ACEAh |
mov dword ptr [esp], 0000001Eh |
call eax |
push ecx |
test eax, eax |
je 00007F5BF469ACDCh |
or dword ptr [0042AA40h], 40000000h |
call dword ptr [00434394h] |
mov dword ptr [esp], 00000000h |
call dword ptr [004344D4h] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x34000 | 0x13f8 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6a000 | 0x16c80 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x2a57e90 | 0x4e68 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9458 | 0x9600 | e926a136ca67c5fd949bb685219a89bd | False | 0.526328125 | data | 5.9286362394460665 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0xb000 | 0xe0 | 0x200 | f01b4b05b5c4607047634c71f303f4e7 | False | 0.19140625 | data | 1.5041375629518143 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xc000 | 0x764c | 0x7800 | f4837a238aaeda4b73306021103e8e88 | False | 0.6804036458333333 | data | 7.1304183393172496 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
.bss | 0x14000 | 0x1fe20 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x34000 | 0x13f8 | 0x1400 | 350475874cf34da3f737c1b4b196ed1c | False | 0.393359375 | data | 5.348274196082192 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x36000 | 0x34000 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x6a000 | 0x16c80 | 0x16e00 | e7171b533c9a6d7194e4c85596a4a84c | False | 0.6884925717213115 | data | 6.7457105473854115 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_BITMAP | 0x6ab68 | 0x666 | Device independent bitmap graphic, 96 x 16 x 8, image size 1538, resolution 2868 x 2868 px/m, 15 important colors | English | United States | 0.18192918192918192 |
RT_ICON | 0x6b1d0 | 0xd49e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9958478780084512 |
RT_ICON | 0x78670 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.34221991701244814 |
RT_ICON | 0x7ac18 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.37570356472795496 |
RT_ICON | 0x7bcc0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.44133574007220217 |
RT_ICON | 0x7c568 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.30057803468208094 |
RT_ICON | 0x7cad0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.524822695035461 |
RT_DIALOG | 0x7cf38 | 0xb4 | data | English | United States | 0.6166666666666667 |
RT_DIALOG | 0x7cff0 | 0x144 | data | English | United States | 0.5339506172839507 |
RT_DIALOG | 0x7d138 | 0x164 | data | English | United States | 0.5337078651685393 |
RT_DIALOG | 0x7d2a0 | 0x23e | data | English | United States | 0.39198606271777003 |
RT_DIALOG | 0x7d4e0 | 0x104 | data | English | United States | 0.6076923076923076 |
RT_DIALOG | 0x7d5e8 | 0xa0 | data | English | United States | 0.60625 |
RT_DIALOG | 0x7d688 | 0xee | data | English | United States | 0.6176470588235294 |
RT_DIALOG | 0x7d778 | 0xa0 | data | English | United States | 0.6 |
RT_DIALOG | 0x7d818 | 0x130 | data | English | United States | 0.5296052631578947 |
RT_DIALOG | 0x7d948 | 0x150 | data | English | United States | 0.5267857142857143 |
RT_DIALOG | 0x7da98 | 0x22a | data | English | United States | 0.38086642599277976 |
RT_DIALOG | 0x7dcc8 | 0xf0 | data | English | United States | 0.6083333333333333 |
RT_DIALOG | 0x7ddb8 | 0x8c | data | English | United States | 0.5857142857142857 |
RT_DIALOG | 0x7de48 | 0xda | data | English | United States | 0.6284403669724771 |
RT_DIALOG | 0x7df28 | 0xa4 | data | English | United States | 0.6158536585365854 |
RT_DIALOG | 0x7dfd0 | 0x134 | data | English | United States | 0.538961038961039 |
RT_DIALOG | 0x7e108 | 0x154 | data | English | United States | 0.5352941176470588 |
RT_DIALOG | 0x7e260 | 0x22e | data | English | United States | 0.3906810035842294 |
RT_DIALOG | 0x7e490 | 0xf4 | data | English | United States | 0.6270491803278688 |
RT_DIALOG | 0x7e588 | 0x90 | data | English | United States | 0.6041666666666666 |
RT_DIALOG | 0x7e618 | 0xde | data | English | United States | 0.6396396396396397 |
RT_DIALOG | 0x7e6f8 | 0xac | data | English | United States | 0.6337209302325582 |
RT_DIALOG | 0x7e7a8 | 0x13c | data | English | United States | 0.5506329113924051 |
RT_DIALOG | 0x7e8e8 | 0x15c | data | English | United States | 0.5459770114942529 |
RT_DIALOG | 0x7ea48 | 0x236 | data | English | United States | 0.3957597173144876 |
RT_DIALOG | 0x7ec80 | 0xfc | data | English | United States | 0.6388888888888888 |
RT_DIALOG | 0x7ed80 | 0x98 | data | English | United States | 0.625 |
RT_DIALOG | 0x7ee18 | 0xe6 | data | English | United States | 0.6478260869565218 |
RT_DIALOG | 0x7ef00 | 0xa0 | data | English | United States | 0.60625 |
RT_DIALOG | 0x7efa0 | 0x130 | data | English | United States | 0.5328947368421053 |
RT_DIALOG | 0x7f0d0 | 0x150 | data | English | United States | 0.5297619047619048 |
RT_DIALOG | 0x7f220 | 0x22a | data | English | United States | 0.3862815884476534 |
RT_DIALOG | 0x7f450 | 0xf0 | data | English | United States | 0.6208333333333333 |
RT_DIALOG | 0x7f540 | 0x8c | data | English | United States | 0.5928571428571429 |
RT_DIALOG | 0x7f5d0 | 0xda | data | English | United States | 0.6330275229357798 |
RT_DIALOG | 0x7f6b0 | 0xb4 | data | English | United States | 0.6944444444444444 |
RT_DIALOG | 0x7f768 | 0x144 | data | English | United States | 0.5648148148148148 |
RT_DIALOG | 0x7f8b0 | 0x164 | data | English | United States | 0.5702247191011236 |
RT_DIALOG | 0x7fa18 | 0x23e | data | English | United States | 0.41289198606271776 |
RT_DIALOG | 0x7fc58 | 0x104 | data | English | United States | 0.6384615384615384 |
RT_DIALOG | 0x7fd60 | 0xa0 | data | English | United States | 0.68125 |
RT_DIALOG | 0x7fe00 | 0xee | data | English | United States | 0.6428571428571429 |
RT_DIALOG | 0x7fef0 | 0xb4 | data | English | United States | 0.6944444444444444 |
RT_DIALOG | 0x7ffa8 | 0x144 | data | English | United States | 0.5648148148148148 |
RT_DIALOG | 0x800f0 | 0x164 | data | English | United States | 0.5702247191011236 |
RT_DIALOG | 0x80258 | 0x23e | data | English | United States | 0.41289198606271776 |
RT_DIALOG | 0x80498 | 0x104 | data | English | United States | 0.6384615384615384 |
RT_DIALOG | 0x805a0 | 0xa0 | data | English | United States | 0.68125 |
RT_DIALOG | 0x80640 | 0xee | data | English | United States | 0.6428571428571429 |
RT_GROUP_ICON | 0x80730 | 0x5a | data | English | United States | 0.7222222222222222 |
RT_MANIFEST | 0x80790 | 0x4f0 | XML 1.0 document, ASCII text, with very long lines (1264), with no line terminators | English | United States | 0.4865506329113924 |
DLL | Import |
---|---|
ADVAPI32.dll | AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegCloseKey, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyW, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, SetFileSecurityW |
COMCTL32.DLL | ImageList_AddMasked, ImageList_Create, ImageList_Destroy, InitCommonControls |
GDI32.dll | CreateBrushIndirect, CreateFontIndirectW, DeleteObject, GetDeviceCaps, SelectObject, SetBkColor, SetBkMode, SetTextColor |
KERNEL32.dll | CloseHandle, CompareFileTime, CopyFileW, CreateDirectoryW, CreateFileW, CreateProcessW, CreateThread, DeleteFileW, ExitProcess, ExpandEnvironmentStringsW, FindClose, FindFirstFileW, FindNextFileW, FreeLibrary, GetCommandLineW, GetCurrentProcess, GetDiskFreeSpaceW, GetExitCodeProcess, GetFileAttributesW, GetFileSize, GetFullPathNameW, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetPrivateProfileStringW, GetProcAddress, GetShortPathNameW, GetSystemDirectoryW, GetTempFileNameW, GetTempPathW, GetTickCount, GetVersion, GetWindowsDirectoryW, GlobalAlloc, GlobalFree, GlobalLock, GlobalUnlock, LoadLibraryExW, MoveFileExW, MoveFileW, MulDiv, MultiByteToWideChar, ReadFile, RemoveDirectoryW, SearchPathW, SetCurrentDirectoryW, SetEnvironmentVariableW, SetErrorMode, SetFileAttributesW, SetFilePointer, SetFileTime, Sleep, WaitForSingleObject, WideCharToMultiByte, WriteFile, WritePrivateProfileStringW, lstrcatW, lstrcmpW, lstrcmpiA, lstrcmpiW, lstrcpyA, lstrcpynW, lstrlenA, lstrlenW |
ole32.dll | CoCreateInstance, CoTaskMemFree, IIDFromString, OleInitialize, OleUninitialize |
SHELL32.dll | SHBrowseForFolderW, SHFileOperationW, SHGetFileInfoW, SHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteExW |
USER32.dll | AppendMenuW, BeginPaint, CallWindowProcW, CharNextA, CharNextW, CharPrevW, CheckDlgButton, CloseClipboard, CreateDialogParamW, CreatePopupMenu, CreateWindowExW, DefWindowProcW, DestroyWindow, DialogBoxParamW, DispatchMessageW, DrawTextW, EmptyClipboard, EnableMenuItem, EnableWindow, EndDialog, EndPaint, ExitWindowsEx, FillRect, FindWindowExW, GetClassInfoW, GetClientRect, GetDC, GetDlgItem, GetDlgItemTextW, GetMessagePos, GetSysColor, GetSystemMenu, GetSystemMetrics, GetWindowLongW, GetWindowRect, InvalidateRect, IsWindow, IsWindowEnabled, IsWindowVisible, LoadCursorW, LoadImageW, MessageBoxIndirectW, OpenClipboard, PeekMessageW, PostQuitMessage, RegisterClassW, ReleaseDC, ScreenToClient, SendMessageTimeoutW, SendMessageW, SetClassLongW, SetClipboardData, SetCursor, SetDlgItemTextW, SetForegroundWindow, SetTimer, SetWindowLongW, SetWindowPos, SetWindowTextW, ShowWindow, SystemParametersInfoW, TrackPopupMenu, wsprintfA, wsprintfW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |