1352f4b7f825439e7b5b40a52ef4bba9
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2021-Jan-31 06:10:51 |
| Detected languages |
English - United States
Russian - Russia |
| CompanyName | AntGROUP |
| FileBuildTime | 01/31/2021 08:07:59 |
| FileDescription | Ant Download Manager |
| FileVersion | 2.2.0.76444 |
| InternalName | AntDM.exe |
| LegalCopyright | AntGROUP Inc. Copyright © 2014-2021 |
| OriginalFilename | AntDM.exe |
| ProductName | Ant Download Manager |
| ProductVersion | 2.2.0.76444 |
Plugin Output
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Microsoft's Cryptography API |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE's resources present abnormal characteristics. |
Resource 718 is possibly compressed or encrypted.
Resource 839 is possibly compressed or encrypted. Resource 841 is possibly compressed or encrypted. |
| Safe | VirusTotal score: 0/70 (Scanned on 2021-02-18 15:22:09) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x118 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2021-Jan-31 06:10:51 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 12.0 |
| SizeOfCode | 0x1e0200 |
| SizeOfInitializedData | 0x2b9000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0019D1D1 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x1e2000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x49d000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
.reloc
Imports
| id3lib.dll |
??0ID3_Tag@@QAE@PBD@Z
??1ID3_Tag@@UAE@XZ ?Clear@ID3_Tag@@QAEXXZ ?SetUnsync@ID3_Tag@@QAE_N_N@Z ?SetPadding@ID3_Tag@@QAE_N_N@Z ?AddFrame@ID3_Tag@@QAEXABVID3_Frame@@@Z ?Link@ID3_Tag@@QAEIPBDG@Z ?Update@ID3_Tag@@QAEGG@Z ?Strip@ID3_Tag@@QAEGG@Z ?GetFileSize@ID3_Tag@@QBEIXZ ??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z ??1ID3_Frame@@UAE@XZ ?SetID@ID3_Frame@@QAE_NW4ID3_FrameID@@@Z ?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z |
|---|---|
| MSVCP120.dll |
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z ?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z ?_Winerror_map@std@@YAPBDH@Z ?_Syserror_map@std@@YAPBDH@Z ?_Xbad_alloc@std@@YAXXZ ?_Xout_of_range@std@@YAXPBD@Z ?_Xlength_error@std@@YAXPBD@Z ?_BADOFF@std@@3_JB ?uncaught_exception@std@@YA_NXZ ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ ?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z ?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z ?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ ??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ ?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ ?_Orphan_all@_Container_base0@std@@QAEXXZ ?id@?$codecvt@_WDH@std@@2V0locale@2@A ??1_Lockit@std@@QAE@XZ ??0_Lockit@std@@QAE@H@Z ?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z ??_7facet@locale@std@@6B@ ??_7?$codecvt@_WDH@std@@6B@ ??_7codecvt_base@std@@6B@ ??_7_Facet_base@std@@6B@ ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z ?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z ?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@H@2@XZ ?id@?$ctype@_W@std@@2V0locale@2@A ?ws@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@1@AAV21@@Z ?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEGXZ ??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z ??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ ?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z ?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z ?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z ?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ ?id@?$codecvt@DDH@std@@2V0locale@2@A ?toupper@?$ctype@D@std@@QBEDD@Z ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z ?id@?$ctype@D@std@@2V0locale@2@A ?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z ??Bid@locale@std@@QAEIXZ ?_Incref@facet@locale@std@@UAEXXZ ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ ?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z ?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ ?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ ?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z ??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z ?always_noconv@codecvt_base@std@@QBE_NXZ ?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z ?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z ?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z ??0?$codecvt@_WDH@std@@QAE@I@Z ?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z ?getloc@ios_base@std@@QBE?AVlocale@2@XZ ??4?$_Yarn@D@std@@QAEAAV01@PBD@Z ?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z ?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z ?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ |
| SHLWAPI.dll |
PathCombineW
PathRemoveBackslashW |
| SHELL32.dll |
ShellExecuteExW
SHChangeNotify SHGetPathFromIDListW SHGetMalloc SHBrowseForFolderW Shell_NotifyIconW CommandLineToArgvW ExtractIconExW SHGetFileInfoW #727 SHCreateDirectoryExW DragQueryFileW |
| MSVCR120.dll |
memset
_CxxThrowException __CxxFrameHandler3 memcpy ??8type_info@@QBE_NABV0@@Z _CItanh memcmp _except_handler4_common _controlfp_s _invoke_watson __crtSetUnhandledExceptionFilter _vsnprintf_s __crtTerminateProcess __crtUnhandledException _crt_debugger_hook ??1type_info@@UAE@XZ _onexit __dllonexit _calloc_crt _unlock _lock _commode _fmode _wcmdln _initterm _initterm_e __setusermatherr _configthreadlocale _cexit _exit exit __set_app_type __wgetmainargs _amsg_exit __crtGetShowWindowMode _XcptFilter ?terminate@@YAXXZ _recalloc _resetstkoflw malloc calloc _heapchk swscanf_s modf isdigit isalpha _wcsicmp round ??0exception@std@@QAE@XZ _wtof wcsncmp roundf nearbyint fputc strncmp isxdigit toupper _strdup _time64 _i64tow_s srand _itow_s rand _vsnwprintf_s strchr towlower towupper sprintf wcsftime _localtime64_s _mktime64 fclose fwrite memcpy_s fgetwc _lock_file setvbuf fsetpos fgetc fflush _fseeki64 fgetpos ungetc ungetwc _unlock_file fputwc ??0bad_cast@std@@QAE@ABV01@@Z ??0bad_cast@std@@QAE@PBD@Z ??1bad_cast@std@@UAE@XZ wcschr free _wtoi64 memchr _atoi64 wcscpy_s wcscat_s atoi _wtoi ?name@type_info@@QBEPBDPAU__type_info_node@@@Z ??0exception@std@@QAE@ABV01@@Z ??0exception@std@@QAE@ABQBD@Z ??1exception@std@@UAE@XZ ?what@exception@std@@UBEPBDXZ ??2@YAPAXI@Z ??3@YAXPAX@Z _purecall ??_V@YAXPAX@Z memmove _wsetlocale _except1 |
| ADVAPI32.dll |
CryptGetHashParam
CryptAcquireContextW CryptReleaseContext CryptImportKey CryptEncrypt CryptCreateHash CryptDestroyKey CryptDecrypt CryptDestroyHash CryptHashData RegDeleteKeyExW RegCreateKeyW RegCreateKeyExW RegQueryValueExW RegOpenKeyW RegDeleteKeyW RegDeleteValueW RegEnumValueW RegOpenKeyExW RegEnumKeyExW RegCloseKey RegSetValueExW OpenProcessToken LookupPrivilegeValueW AdjustTokenPrivileges |
| mfc120u.dll |
#3218
#6743 #4128 #12430 #5019 #7531 #1449 #1520 #8256 #5487 #11539 #10484 #10567 #10514 #9009 #3829 #2951 #8626 #4179 #3105 #6400 #2308 #9349 #9012 #1176 #2711 #14432 #3831 #2952 #8233 #3147 #6491 #7059 #4280 #6779 #1067 #9258 #14188 #5419 #6458 #12655 #5417 #494 #1139 #2843 #12222 #11837 #500 #9011 #1159 #4180 #3300 #3133 #6473 #3537 #8566 #2161 #8556 #798 #8573 #13673 #7199 #3593 #4424 #5227 #1521 #280 #7536 #7320 #5733 #5755 #5745 #3222 #2167 #1421 #3202 #6719 #10309 #6777 #13795 #13796 #5824 #285 #2967 #1684 #5748 #12933 #3821 #6713 #11780 #5864 #6398 #8039 #5558 #5684 #1369 #9406 #9394 #9871 #9404 #12758 #850 #3324 #9019 #10961 #7303 #4193 #1441 #358 #7060 #7398 #6778 #2163 #2165 #7982 #9246 #13916 #7546 #6735 #3215 #9016 #7699 #2215 #8773 #1518 #2948 #540 #3140 #4841 #1168 #5083 #13205 #14265 #630 #13956 #1233 #7954 #13761 #6922 #13506 #13804 #6189 #13669 #6510 #3889 #2484 #14237 #4184 #8628 #5574 #14187 #5324 #8227 #6492 #13516 #7946 #4182 #1177 #9013 #5887 #9299 #8655 #7330 #2230 #7004 #7375 #6752 #7956 #1459 #6025 #999 #12095 #1471 #7543 #6032 #7020 #6452 #1130 #5719 #13508 #7793 #5753 #10919 #13153 #13845 #13907 #13906 #4606 #887 #1386 #566 #8292 #2823 #839 #2572 #4033 #1363 #6128 #501 #1140 #4050 #6219 #4563 #2341 #2343 #5740 #4434 #13404 #14367 #6762 #997 #3592 #7882 #12800 #10315 #4548 #1470 #12043 #11999 #5327 #14094 #12803 #4928 #9582 #10618 #3790 #9020 #2265 #2214 #12397 #2204 #3361 #3362 #4049 #4442 #10353 #11271 #10896 #8921 #1108 #9091 #2718 #13612 #6121 #12006 #14456 #1110 #3654 #13514 #5716 #6874 #6436 #462 #12048 #9116 #7384 #3122 #12094 #12126 #8099 #12114 #5821 #3809 #6758 #992 #6252 #14527 #6253 #14528 #6251 #14526 #7884 #12402 #14326 #11858 #11857 #1992 #7825 #12818 #4047 #4109 #9279 #14454 #7806 #14448 #12413 #12412 #2444 #5262 #8206 #7881 #4546 #12736 #12799 #10314 #12122 #8268 #1467 #7542 #8352 #10131 #5667 #565 #1190 #898 #1394 #8257 #6870 #3223 #3329 #3330 #3898 #2640 #5838 #13563 #11592 #6774 #14455 #7807 #14449 #3013 #4451 #9574 #5693 #4459 #4909 #4874 #4867 #4905 #4932 #4883 #4916 #4891 #4895 #4899 #4887 #4920 #4879 #1736 #1727 #1731 #1723 #1711 #12132 #12134 #13738 #3224 #9137 #10883 #6875 #8846 #14447 #11811 #3795 #11964 #11601 #11600 #5557 #10169 #10165 #10167 #10168 #10166 #2719 #8092 #10136 #3260 #3263 #13616 #6123 #3911 #6516 #580 #13384 #12061 #4924 #12032 #11985 #1202 #2768 #14102 #9667 #10043 #9476 #9563 #9412 #9858 #12936 #8234 #4772 #2262 #12941 #1105 #8247 #8693 #12957 #12956 #5635 #7650 #10666 #7410 #982 #1987 #1457 #3103 #9007 #9090 #8101 #5314 #7600 #7610 #7609 #5137 #5316 #5160 #5430 #9231 #5664 #5454 #5157 #2173 #296 #286 #1042 #6696 #895 #8658 #4843 #13997 #7704 #8699 #13991 #12899 #362 #1065 #6392 #6469 #4839 #2480 #3914 #3839 #2367 #6389 #6462 #4838 #2478 #450 #12958 #12123 |
| KERNEL32.dll |
LoadResource
GetUserDefaultLangID LockResource MulDiv lstrlenA SetDllDirectoryW InitializeCriticalSection TryEnterCriticalSection SetEvent GlobalLock GlobalUnlock GetCurrentThreadId LocalAlloc GetSystemDefaultUILanguage GlobalAlloc SizeofResource GlobalFree ExitProcess WaitForMultipleObjects CopyFileW lstrcpynW SetThreadExecutionState IsBadReadPtr ResetEvent GetCurrentDirectoryW GetLocalTime GetExitCodeProcess GetStdHandle CreatePipe DuplicateHandle VirtualFree SetThreadPriority VirtualAlloc GetShortPathNameW FindResourceW FreeResource GetTimeZoneInformation CreateThread SuspendThread TerminateThread GetVersionExW ReleaseMutex OpenEventW CreateEventW OpenMutexW WaitForSingleObject CreateMutexW MultiByteToWideChar WideCharToMultiByte GetTickCount lstrcmpiA GetCurrentProcessId CreateToolhelp32Snapshot lstrcmpiW Process32NextW Process32FirstW TerminateProcess OpenProcess CreateProcessW GetProcAddress LoadLibraryW FreeLibrary lstrcatW GetLocaleInfoW GetModuleFileNameW DeleteCriticalSection DecodePointer EnterCriticalSection InitializeCriticalSectionEx LeaveCriticalSection OutputDebugStringW LoadLibraryA GetStringTypeExW LCMapStringW GetUserDefaultLCID ExpandEnvironmentStringsW lstrcpyW SetFileAttributesW DeleteFileW GetFileTime GetExitCodeThread SetCurrentDirectoryW GetProcessId ResumeThread EncodePointer IsDebuggerPresent IsProcessorFeaturePresent QueryPerformanceCounter GetSystemTimeAsFileTime FindFirstFileW GetTempFileNameW GetEnvironmentVariableW GetCommandLineW LocalFree FormatMessageW GetModuleHandleW CloseHandle SetLastError GetLastError CreateFileW ReadFile SetFilePointerEx GetFileSize lstrlenW FindNextFileW RemoveDirectoryW FindClose GetDiskFreeSpaceW MoveFileW GetTempPathW FlushFileBuffers lstrcmpW SetEndOfFile GetCurrentProcess SetFileTime WriteFile Sleep GetFileAttributesW |
| USER32.dll |
LoadBitmapW
CloseClipboard GetWindowRect GetWindowDC SetForegroundWindow GetParent GetClientRect GetIconInfo GetDC InflateRect GetForegroundWindow GetAsyncKeyState GetWindowLongW GetClipboardData GetClassNameW SetWindowPos SetLayeredWindowAttributes ShowWindow IsWindow OpenClipboard GetSystemMetrics IsWindowVisible AllowSetForegroundWindow GetWindowThreadProcessId GetWindow DestroyWindow GetMessageW TranslateMessage SetWindowLongW CreateWindowExW RegisterClassW DispatchMessageW FindWindowW SendMessageW GetKeyState UnregisterClassW InvalidateRect LoadIconW LoadCursorW CopyRect PostMessageW ScreenToClient DrawEdge ShowOwnedPopups IsClipboardFormatAvailable UpdateWindow FlashWindow EnableWindow SetCursorPos KillTimer ClientToScreen SetCursor EqualRect ShowScrollBar LoadImageW DefWindowProcW CallNextHookEx PostQuitMessage GetSysColor EnumChildWindows GetWindowInfo SetParent IsRectEmpty DrawIconEx GetLayeredWindowAttributes FrameRect UnionRect SetRectEmpty RegisterClipboardFormatW GetActiveWindow BringWindowToTop ReleaseCapture SetCapture RedrawWindow SetClipboardData EmptyClipboard EnumWindows ExitWindowsEx SetActiveWindow MoveWindow GetScrollPos SetRect DrawFocusRect InsertMenuW PtInRect CreatePopupMenu ReleaseDC AppendMenuW GetMessagePos DestroyIcon SetClipboardViewer CallWindowProcW DestroyMenu GetMenuItemCount WindowFromDC GetMenuState ModifyMenuW GetMenuStringW GetSubMenu DrawTextW GetMenuItemID FillRect SetTimer TrackPopupMenu UnhookWindowsHookEx SetWindowsHookExW GetCursorPos GetFocus LoadStringW ChangeClipboardChain |
| GDI32.dll |
GetBkColor
CreateRectRgn GetTextColor GetPixel SetTextCharacterExtra SetDIBColorTable CreateDIBSection MoveToEx LineTo SetTextColor SetBkMode Rectangle GetTextExtentPointW CreatePen TextOutW StretchBlt GetDIBits SetDIBits GetBitmapBits SetBitmapBits BitBlt GetTextExtentPoint32W CreateFontIndirectW SetBkColor SetPixel DeleteDC GetDeviceCaps CreateSolidBrush GetStockObject GetObjectW Ellipse ExtTextOutW CreateCompatibleBitmap CreateCompatibleDC SelectObject DeleteObject |
| MSIMG32.dll |
TransparentBlt
AlphaBlend |
| COMCTL32.dll |
ImageList_GetImageInfo
ImageList_Draw FlatSB_EnableScrollBar InitializeFlatSB ImageList_AddMasked InitCommonControlsEx |
| WindowsCodecs.dll |
WICConvertBitmapSource
|
| ole32.dll |
CoUninitialize
CreateStreamOnHGlobal CoInitialize CLSIDFromProgID CoCreateInstance IIDFromString CoCreateGuid StringFromGUID2 |
| OLEAUT32.dll |
#6
#8 #9 #2 |
| gdiplus.dll |
GdipCreateFromHDC
GdiplusStartup GdipGetImageWidth GdipCloneImage GdipGetImagePaletteSize GdipCreateBitmapFromFile GdipDisposeImage GdipAlloc GdipDrawImageI GdipBitmapUnlockBits GdipGetImageGraphicsContext GdipDeleteGraphics GdipCreateBitmapFromScan0 GdipGetImagePixelFormat GdipGetImagePalette GdipGetImageHeight GdipFree GdiplusShutdown GdipDrawImageRectI GdipBitmapLockBits GdipLoadImageFromStream |
| VERSION.dll |
GetFileVersionInfoSizeW
VerQueryValueW GetFileVersionInfoW |
| WS2_32.dll |
#11
|
| dwmapi.dll |
DwmIsCompositionEnabled
|
| WINMM.dll |
sndPlaySoundW
|
Delayed Imports
334
335
336
348
351
352
353
354
355
356
357
358
360
361
366
367
368
369
370
371
372
374
387
388
389
405
406
407
417
419
421
430
431
435
436
437
450
463
464
465
466
467
470
471
477
478
479
480
481
482
483
485
487
488
490
491
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
520
521
523
525
527
528
529
530
549
556
559
560
561
562
567
568
572
578
579
583
587
588
590
591
592
593
594
595
598
602
605
606
607
608
609
610
616
617
618
619
620
621
624
627
628
634
635
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
662
669
680
681
682
683
684
685
686
687
688
689
690
693
694
695
696
697
698
699
700
701
702
708
709
710
732
733
734
735
737
739
740
741
742
743
747
749
750
751
752
753
754
755
756
757
758
759
765
766
767
768
769
781
782
783
784
787
788
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
811
812
813
814
815
817
824
825
830
831
835
836
837
838
844
845
139
140
141
148
149
150
151
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
214
215
216
217
218
219
220
273
289
290
291
292
293
294
297
318
455
456
457
486
514
543
544
545
546
547
548
550
569
597
611
612
613
614
622
623
629
630
631
632
636
637
704
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
762
763
772
773
774
775
777
778
779
780
785
786
818
819
822
823
828
829
832
839
840
841
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
9 (#2)
102
103
104
105
138
234
240
243
246
249
259
260
263
265
281
295
296
319
376
377
385
390
484
492
509
510
511
512
553
555
557
563
577
580
582
584
585
586
599
600
603
615
625
705
706
707
748
776
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1156
1157
1158
1159
1160
128
269
270
271
834
1 (#2)
1 (#3)
9 (#3)
104 (#2)
281 (#2)
512 (#2)
557 (#2)
563 (#2)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 2.2.0.10908 |
| ProductVersion | 2.2.0.10908 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | AntGROUP |
| FileBuildTime | 01/31/2021 08:07:59 |
| FileDescription | Ant Download Manager |
| FileVersion (#2) | 2.2.0.76444 |
| InternalName | AntDM.exe |
| LegalCopyright | AntGROUP Inc. Copyright © 2014-2021 |
| OriginalFilename | AntDM.exe |
| ProductName | Ant Download Manager |
| ProductVersion (#2) | 2.2.0.76444 |
| Resource LangID | Russian - Russia |
|---|
TLS Callbacks
Load Configuration
| Size | 0x48 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x65a018 |
| SEHandlerTable | 0x62b080 |
| SEHandlerCount | 1631 |
RICH Header
| XOR Key | 0x7f484d0a |
|---|---|
| Unmarked objects | 0 |
| 208 (65501) | 1 |
| C++ objects (VS2013 UPD5 build 40629) | 6 |
| 199 (41118) | 1 |
| ASM objects (20806) | 13 |
| C objects (20806) | 21 |
| Imports (65501) | 32 |
| 221 (20806) | 6 |
| C++ objects (20806) | 17 |
| C objects (65501) | 6 |
| Linker (VC++ 6.0 SP5 imp/exp build 8447) | 3 |
| Total imports | 1151 |
| 229 (VS2013 build 21005) | 298 |
| Resource objects (VS2013 build 21005) | 1 |
| 151 | 1 |
| Linker (VS2013 build 21005) | 1 |