Manalyze report for e8da6f5d8a7578dd65f2623691a1c659

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Nov-20 12:08:31

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: SHRegGetValueW SHRegGetValueA SHDeleteKeyA`
Suspicious	VirusTotal score: 1/65 (Scanned on 2022-01-31 08:09:18)	`CrowdStrike: win/malicious_confidence_60% (W)`

Hashes

MD5	`e8da6f5d8a7578dd65f2623691a1c659`
SHA1	`cd37d080f4c8aa46ec68ef739206cc05a6220713`
SHA256	`d5170423bc9729918bcaa3b9156557d511831d3b8359ca25c810eb341081571c`
SHA3	`08dc11a417e302c8ffefec4645dc349403831d019241a53ebd4991d9459d1f9a`
SSDeep	`768:b1D2wqKh+FOJppRSyDUbZXf3QAbgWHE7yxkuB7g4zk5snA:bl2wqKhbpJA93xkuBcz`
Imports Hash	`547e49066346c7ec210e8fed11d8dde6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2010-Nov-20 12:08:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.1`
SizeOfCode	`0xb7600`
SizeOfInitializedData	`0x3b400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001865 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xce000`
ImageBase	`0x75e20000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`6.1`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0xf5000`
SizeOfHeaders	`0x400`
Checksum	`0xf9d85`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`99320fb8e12091eb25851f44dc9775cf`
SHA1	`a8206a14e19f36dc05bc89fc6122712e48639d86`
SHA256	`bb3518b2949ce1695ddde7655586db3bda2fb781e974f5db34853ea6586dad20`
SHA3	`c789ca07614343a21a331db551e81072ce17f741c6554ffec59eebb377d795d5`
VirtualSize	`0xb75b8`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb7600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.371426`

.data

MD5	`951a8c3f02d9c4f58aaed814dd93d1d6`
SHA1	`79026155705ef69ea8edfd8fc0656e1ec62f9666`
SHA256	`c6a2ce4d43255ef0d336c68a531b9911772c13c971792a0eeea56c6ce52ac07b`
SHA3	`4da6f086e971135d4d3ce16cf00821390796eb56b6d92723ca1d1d1c78f3111d`
VirtualSize	`0x6a24`
VirtualAddress	`0xb9000`
SizeOfRawData	`0x3600`
PointerToRawData	`0xb7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.69155`

.rsrc

MD5	`20bb92ca6b61cc166b412fdd5d3422b2`
SHA1	`dbf74497e7a8d85b10ef2578bbb881fd91dfe19f`
SHA256	`33ccb7cf7758e46ab52cdb2cbafd9bb833679b38234c54f8279a89266eb39e41`
SHA3	`657c5a83d0f42e1456f6713736a57c080d1f4c77501571a58304e31911480a3a`
VirtualSize	`0x2d8e0`
VirtualAddress	`0xc0000`
SizeOfRawData	`0x2da00`
PointerToRawData	`0xbb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0876529`

.reloc

MD5	`cf26b39e7e03767333e01134b2429010`
SHA1	`66512bc3fdca6f85f9b9d05bfdef8665aaddbae3`
SHA256	`13789f635319f79895d1c3e35b754d414ef09921ae32a88c701528e3ae1b351c`
SHA3	`a4574268c31b5a59b0aab04df642a2f920a6e0abd150275704edf3895ade05ba`
VirtualSize	`0x6dc8`
VirtualAddress	`0xee000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0xe8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

msvcrt.dll	`_wcsicmp` `isupper` `wcsstr` `_purecall` `_mbstok` `iscntrl` `ispunct` `strcpy_s` `_strtoui64` `time` `iswdigit` `isalpha` `atol` `_wtoi` `isspace` `strpbrk` `isdigit` `isxdigit` `memchr` `_vsnprintf` `_wcsnicmp` `wcstok` `iswlower` `qsort` `_vsnprintf_s` `_XcptFilter` `_initterm` `_amsg_exit` `_except_handler4_common` `_unlock` `__dllonexit` `_lock` `_onexit` `memcpy` `memset` `_vsnwprintf` `malloc` `free` `realloc` `atoi` `strrchr` `strtok_s` `wcsrchr` `iswspace` `wcstok_s` `memmove` `strtol` `__isascii` `islower` `sprintf_s` `swprintf_s` `wcstol` `iswxdigit` `iswascii` `_strnicmp` `wcscat_s` `??_U@YAPAXI@Z` `??_V@YAXPAX@Z` `qsort_s` `bsearch` `wcsncmp` `isalnum`
ntdll.dll	`RtlConvertSidToUnicodeString` `RtlMoveMemory`
SHLWAPI.dll	`SHRegGetValueW` `#158` `SHRegGetValueA` `PathAddBackslashW` `PathFindFileNameW` `StrRChrW` `PathRemoveBackslashA` `PathRemoveFileSpecA` `#155` `PathRemoveBlanksA` `PathAddBackslashA` `PathAppendA` `#215` `PathUnExpandEnvStringsA` `#157` `PathRenameExtensionA` `SHDeleteKeyA` `SHDeleteValueW` `StrCmpNIW` `StrCmpNIA` `StrStrIA` `StrStrA` `#151` `StrChrW` `StrChrA` `#154` `#217` `UrlCombineW` `UrlCanonicalizeW` `#153` `PathCreateFromUr` `#28676` `#28692` `#28706` `#28726` `#28738` `#28748` `#28760` `#28772` `#28784` `#28796` `#28810` `#28824` `#28838` `#437` `#28852` `#28864` `#12` `#28876`
ADVAPI32.dll	`#28892` `#28908` `#28928` `#28946` `#28976` `#28994` `#29012` `#29032` `#29050` `#29066` `#29078` `#29090` `#29104` `#29118` `#29142` `#29160` `#29182` `#29202` `#29222` `#29236` `#29250` `#29264` `#29284` `#29306` `#29328` `#29352` `#29408` `#29434` `#29456` `#29484` `#29508` `#29518` `#29536` `#29562` `#29618` `#29634` `#29658` `#29678` `#29696` `#29716` `#29738` `#29752` `#29768` `#29792` `#29814` `#29838` `#29860` `#29882` `#29898` `#29916` `#29934` `#29950` `#29970` `#29990` `#30006` `#30020` `#30036` `#30054` `#30070` `#30092`
KERNEL32.dll	`#30114` `#30134` `#30154` `#30172` `#30192` `#30208` `#30220` `#30242` `#30254` `#30268` `#30288` `#30312` `#30340` `#30362` `#30378` `#30402` `#30426` `#30442` `#30454` `#30472` `#30498` `#30512` `#30524` `#30536` `#30556` `#30582` `#30602` `#30622` `#30644` `#30666` `#30680` `#30692` `#30714` `#30730` `#30758` `#30772` `#30800` `#30826` `#30840` `#30850` `#30876` `#30892` `#30900` `#30914` `#30936` `#30954` `#30970` `#30982` `#31006` `#31024` `#31040` `#31058` `#31076` `#31098` `#31118` `#31134` `#31146` `#31158` `#31176` `#31194` `#31212` `#31232` `#31248` `#31262` `#31288` `#31308` `#31336` `#31366` `#31384` `#31400` `#31418` `#31434` `#31456` `#31472` `#31502` `#31530` `#31544` `#31560` `#31576` `#31594` `#31614` `#31636` `#31654` `#31684` `#31706` `#31728` `#31744` `#31766` `#31794` `#31816` `#31842` `#31860` `#31890` `#31906` `#31924` `#31938` `#31952` `#31968` `#31986` `#32000` `#32016` `#32034` `#32050` `#32064` `#32086` `#32100` `#32116` `#32132` `#32156` `#32180` `#32198` `#32220` `#32242` `#32264` `#32280` `#32296` `#32314` `#32330` `#32352` `#32364` `#32378` `#32402` `#32414` `#32438` `#32450` `#32462` `#32486` `#32508` `#32548` `#32564` `#32588` `#32600` `#32614` `#32628` `#32642` `#32660` `#32672` `#32694` `#32710` `#32740` `#32760` `#8` `#28` `#46` `#60` `#80` `#92` `#112` `#126` `#144` `#162` `#182` `#202` `#232` `#246` `#264` `#286` `#302` `#320` `#338` `#350` `#364` `#378` `#388` `#404` `#428`
USER32.dll	`#448` `#462` `#478` `#504` `#518` `#536` `#556` `#578` `#590` `#604` `#618` `#632` `#648` `#660` `#676` `#694` `#708` `#720` `#732` `#750` `#766` `#782` `#804` `#822` `#840` `#858` `#876` `#894` `#906` `#924` `#938` `#950` `#966` `#980` `#994` `#1008` `#1030` `#1058` `#1078` `#1096` `#1110` `#1124` `#1138` `#1154` `#1166` `#1182` `#1200` `#1214` `#1236` `#1248` `#1264` `#1276` `#1292` `#1304` `#1312` `#1334` `#1348`
urlmon.dll	`#423` `#416` `#422` `#407` `#414` `#410` `#408` `#421`
iertutil.dll	`#32` `#33` `#37` `#50` `#58` `#9` `#16` `#670` `#654` `#651` `#650` `#17` `#685`

Delayed Imports

Ordinal	`101`
Address	`0x145bf`

(#2)

Ordinal	`102`
Address	`0x32e25`

(#3)

Ordinal	`103`
Address	`0x9cb36`

(#4)

Ordinal	`104`
Address	`0x91425`

(#5)

Ordinal	`105`
Address	`0x91779`

DispatchAPICall

Ordinal	`106`
Address	`0x7f011`

CommitUrlCacheEntryA

Ordinal	`107`
Address	`0x48665`

(#6)

Ordinal	`108`
Address	`0x77a45`

(#7)

Ordinal	`109`
Address	`0x78367`

(#8)

Ordinal	`110`
Address	`0x775f9`

(#9)

Ordinal	`111`
Address	`0x77f48`

(#10)

Ordinal	`112`
Address	`0x4d984`

CommitUrlCacheEntryW

Ordinal	`113`
Address	`0x10a46`

CreateMD5SSOHash

Ordinal	`114`
Address	`0x7bced`

CreateUrlCacheContainerA

Ordinal	`115`
Address	`0x394cb`

(#11)

Ordinal	`116`
Address	`0x4da60`

(#12)

Ordinal	`117`
Address	`0x92563`

(#13)

Ordinal	`118`
Address	`0x91033`

CreateUrlCacheContainerW

Ordinal	`119`
Address	`0x4ab5c`

(#14)

Ordinal	`120`
Address	`0x95d01`

(#15)

Ordinal	`121`
Address	`0x961d3`

(#16)

Ordinal	`122`
Address	`0x95c5f`

(#17)

Ordinal	`123`
Address	`0x95c49`

CreateUrlCacheEntryA

Ordinal	`124`
Address	`0x4b29c`

CreateUrlCacheEntryW

Ordinal	`125`
Address	`0x10b8e`

CreateUrlCacheGroup

Ordinal	`126`
Address	`0x9be0d`

DeleteIE3Cache

Ordinal	`127`
Address	`0x9be6c`

DeleteUrlCacheContainerA

Ordinal	`128`
Address	`0x9be77`

DeleteUrlCacheContainerW

Ordinal	`129`
Address	`0x9bebb`

DeleteUrlCacheEntry

Ordinal	`130`
Address	`0x459e8`

DeleteUrlCacheEntryA

Ordinal	`131`
Address	`0x459e8`

DeleteUrlCacheEntryW

Ordinal	`132`
Address	`0x59573`

DeleteUrlCacheGroup

Ordinal	`133`
Address	`0x9bf30`

DeleteWpadCacheForNetworks

Ordinal	`134`
Address	`0x8e481`

DetectAutoProxyUrl

Ordinal	`135`
Address	`0x33f41`

DllInstall

Ordinal	`136`
Address	`0x78488`

FindCloseUrlCache

Ordinal	`137`
Address	`0x48409`

FindFirstUrlCacheContainerA

Ordinal	`138`
Address	`0x4a075`

FindFirstUrlCacheContainerW

Ordinal	`139`
Address	`0x31e41`

FindFirstUrlCacheEntryA

Ordinal	`140`
Address	`0x2d8ca`

FindFirstUrlCacheEntryExA

Ordinal	`141`
Address	`0x2d8f4`

FindFirstUrlCacheEntryExW

Ordinal	`142`
Address	`0x397b4`

FindFirstUrlCacheEntryW

Ordinal	`143`
Address	`0x3978a`

FindFirstUrlCacheGroup

Ordinal	`144`
Address	`0x9bf83`

FindNextUrlCacheContainerA

Ordinal	`145`
Address	`0x4a034`

FindNextUrlCacheContainerW

Ordinal	`146`
Address	`0x9bff9`

FindNextUrlCacheEntryA

Ordinal	`147`
Address	`0x2da09`

FindNextUrlCacheEntryExA

Ordinal	`148`
Address	`0x2da2a`

FindNextUrlCacheEntryExW

Ordinal	`149`
Address	`0x398bd`

FindNextUrlCacheEntryW

Ordinal	`150`
Address	`0x3989c`

FindNextUrlCacheGroup

Ordinal	`151`
Address	`0x9c07b`

ForceNexusLookup

Ordinal	`152`
Address	`0x7bbb4`

ForceNexusLookupExW

Ordinal	`153`
Address	`0x7bb70`

FreeUrlCacheSpaceA

Ordinal	`154`
Address	`0x9c0d4`

FreeUrlCacheSpaceW

Ordinal	`155`
Address	`0x9c11c`

FtpCommandA

Ordinal	`156`
Address	`0x881fd`

FtpCommandW

Ordinal	`157`
Address	`0x89853`

FtpCreateDirectoryA

Ordinal	`158`
Address	`0x87f65`

FtpCreateDirectoryW

Ordinal	`159`
Address	`0x8956f`

FtpDeleteFileA

Ordinal	`160`
Address	`0x87ed6`

FtpDeleteFileW

Ordinal	`161`
Address	`0x892bf`

FtpFindFirstFileA

Ordinal	`162`
Address	`0x8905d`

FtpFindFirstFileW

Ordinal	`163`
Address	`0x89190`

FtpGetCurrentDirectoryA

Ordinal	`164`
Address	`0x88e35`

FtpGetCurrentDirectoryW

Ordinal	`165`
Address	`0x89784`

FtpGetFileA

Ordinal	`166`
Address	`0x86616`

FtpGetFileEx

Ordinal	`167`
Address	`0x8a286`

FtpGetFileSize

Ordinal	`168`
Address	`0x8768e`

FtpGetFileW

Ordinal	`169`
Address	`0x8a1e2`

FtpOpenFileA

Ordinal	`170`
Address	`0x890af`

FtpOpenFileW

Ordinal	`171`
Address	`0x89f3b`

FtpPutFileA

Ordinal	`172`
Address	`0x86715`

FtpPutFileEx

Ordinal	`173`
Address	`0x8a338`

FtpPutFileW

Ordinal	`174`
Address	`0x8a237`

FtpRemoveDirectoryA

Ordinal	`175`
Address	`0x87fab`

FtpRemoveDirectoryW

Ordinal	`176`
Address	`0x89622`

FtpRenameFileA

Ordinal	`177`
Address	`0x87f1c`

FtpRenameFileW

Ordinal	`178`
Address	`0x89372`

FtpSetCurrentDirectoryA

Ordinal	`179`
Address	`0x87ff1`

FtpSetCurrentDirectoryW

Ordinal	`180`
Address	`0x896d3`

GetUrlCacheConfigInfoA

Ordinal	`181`
Address	`0x9c19b`

GetUrlCacheConfigInfoW

Ordinal	`182`
Address	`0x9c1ec`

GetUrlCacheEntryInfoA

Ordinal	`183`
Address	`0x485a0`

GetUrlCacheEntryInfoExA

Ordinal	`184`
Address	`0x473ca`

GetUrlCacheEntryInfoExW

Ordinal	`185`
Address	`0x4874f`

GetUrlCacheEntryInfoW

Ordinal	`186`
Address	`0x48445`

GetUrlCacheGroupAttributeA

Ordinal	`187`
Address	`0x9c26a`

GetUrlCacheGroupAttributeW

Ordinal	`188`
Address	`0x9c2db`

GetUrlCacheHeaderData

Ordinal	`189`
Address	`0x50a4`

GopherCreateLocatorA

Ordinal	`190`
Address	`0x8e36d`

GopherCreateLocatorW

Ordinal	`191`
Address	`0x8e36d`

GopherFindFirstFileA

Ordinal	`192`
Address	`0x8e349`

GopherFindFirstFileW

Ordinal	`193`
Address	`0x8e349`

GopherGetAttributeA

Ordinal	`194`
Address	`0x8e391`

GopherGetAttributeW

Ordinal	`195`
Address	`0x8e391`

GopherGetLocatorTypeA

Ordinal	`196`
Address	`0x8e37f`

GopherGetLocatorTypeW

Ordinal	`197`
Address	`0x8e37f`

GopherOpenFileA

Ordinal	`198`
Address	`0x8e35b`

GopherOpenFileW

Ordinal	`199`
Address	`0x8e35b`

HttpAddRequestHeadersA

Ordinal	`200`
Address	`0x1dcd2`

HttpAddRequestHeadersW

Ordinal	`201`
Address	`0x24fae`

HttpCheckDavCompliance

Ordinal	`202`
Address	`0x91425`

HttpEndRequestA

Ordinal	`203`
Address	`0x345ea`

HttpEndRequestW

Ordinal	`204`
Address	`0x91895`

HttpOpenRequestA

Ordinal	`205`
Address	`0x24c7d`

HttpOpenRequestW

Ordinal	`206`
Address	`0x24a42`

HttpQueryInfoA

Ordinal	`207`
Address	`0x1a33e`

HttpQueryInfoW

Ordinal	`208`
Address	`0x25c75`

HttpSendRequestA

Ordinal	`209`
Address	`0x918f8`

HttpSendRequestExA

Ordinal	`210`
Address	`0x91812`

HttpSendRequestExW

Ordinal	`211`
Address	`0x34a3d`

HttpSendRequestW

Ordinal	`212`
Address	`0x2ba12`

IncrementUrlCacheHeaderData

Ordinal	`213`
Address	`0x4ec05`

InternetAlgIdToStringA

Ordinal	`214`
Address	`0xa2495`

InternetAlgIdToStringW

Ordinal	`215`
Address	`0xa25f3`

InternetAttemptConnect

Ordinal	`216`
Address	`0x7aa70`

InternetAutodial

Ordinal	`217`
Address	`0x759df`

InternetAutodialCallback

Ordinal	`218`
Address	`0x75f34`

InternetAutodialHangup

Ordinal	`219`
Address	`0x75e79`

InternetCanonicalizeUrlA

Ordinal	`220`
Address	`0x7a787`

InternetCanonicalizeUrlW

Ordinal	`221`
Address	`0x47f70`

InternetCheckConnectionA

Ordinal	`222`
Address	`0x7b66e`

InternetCheckConnectionW

Ordinal	`223`
Address	`0x7bffe`

InternetClearAllPerSiteCookieDecisions

Ordinal	`224`
Address	`0x9235c`

InternetCloseHandle

Ordinal	`225`
Address	`0x1ab49`

InternetCombineUrlA

Ordinal	`226`
Address	`0x7a7eb`

InternetCombineUrlW

Ordinal	`227`
Address	`0x44f85`

InternetConfirmZoneCrossing

Ordinal	`228`
Address	`0xa3896`

InternetConfirmZoneCrossingA

Ordinal	`229`
Address	`0xa3896`

InternetConfirmZoneCrossingW

Ordinal	`230`
Address	`0x4f2e1`

InternetConnectA

Ordinal	`231`
Address	`0x249e9`

InternetConnectW

Ordinal	`232`
Address	`0x2492c`

InternetCrackUrlA

Ordinal	`233`
Address	`0xd075`

InternetCrackUrlW

Ordinal	`234`
Address	`0x48930`

InternetCreateUrlA

Ordinal	`235`
Address	`0x1dbcd`

InternetCreateUrlW

Ordinal	`236`
Address	`0x58836`

InternetDial

Ordinal	`237`
Address	`0x75875`

InternetDialA

Ordinal	`238`
Address	`0x75875`

InternetDialW

Ordinal	`239`
Address	`0x7537b`

InternetEnumPerSiteCookieDecisionA

Ordinal	`240`
Address	`0x92274`

InternetEnumPerSiteCookieDecisionW

Ordinal	`241`
Address	`0x922c8`

InternetErrorDlg

Ordinal	`242`
Address	`0xa3328`

InternetFindNextFileA

Ordinal	`243`
Address	`0x7b62a`

InternetFindNextFileW

Ordinal	`244`
Address	`0x7bf14`

InternetFortezzaCommand

Ordinal	`245`
Address	`0x74cf2`

InternetGetCertByURL

Ordinal	`246`
Address	`0x7a84b`

InternetGetCertByURLA

Ordinal	`247`
Address	`0x7a84b`

InternetGetConnectedState

Ordinal	`248`
Address	`0x481f5`

InternetGetConnectedStateEx

Ordinal	`249`
Address	`0x167a5`

InternetGetConnectedStateExA

Ordinal	`250`
Address	`0x167a5`

InternetGetConnectedStateExW

Ordinal	`251`
Address	`0x13866`

InternetGetCookieA

Ordinal	`252`
Address	`0x92c90`

InternetGetCookieExA

Ordinal	`253`
Address	`0x4a464`

InternetGetCookieExW

Ordinal	`254`
Address	`0x4a365`

InternetGetCookieW

Ordinal	`255`
Address	`0x92cec`

InternetGetLastResponseInfoA

Ordinal	`256`
Address	`0x7a920`

InternetGetLastResponseInfoW

Ordinal	`257`
Address	`0x7c18d`

InternetGetPerSiteCookieDecisionA

Ordinal	`258`
Address	`0x921ce`

InternetGetPerSiteCookieDecisionW

Ordinal	`259`
Address	`0x92205`

InternetGetSecurityInfoByURL

Ordinal	`260`
Address	`0x7ae6d`

InternetGetSecurityInfoByURLA

Ordinal	`261`
Address	`0x7ae6d`

InternetGetSecurityInfoByURLW

Ordinal	`262`
Address	`0x7c108`

InternetGoOnline

Ordinal	`263`
Address	`0x762b4`

InternetGoOnlineA

Ordinal	`264`
Address	`0x762b4`

InternetGoOnlineW

Ordinal	`265`
Address	`0x761d3`

InternetHangUp

Ordinal	`266`
Address	`0x758e3`

InternetInitializeAutoProxyDll

Ordinal	`267`
Address	`0x1fb1c`

InternetLockRequestFile

Ordinal	`268`
Address	`0x1b67a`

InternetOpenA

Ordinal	`269`
Address	`0x2f18e`

InternetOpenUrlA

Ordinal	`270`
Address	`0x430f1`

InternetOpenUrlW

Ordinal	`271`
Address	`0x7be5c`

InternetOpenW

Ordinal	`272`
Address	`0x29197`

InternetQueryDataAvailable

Ordinal	`273`
Address	`0x25e5d`

InternetQueryFortezzaStatus

Ordinal	`274`
Address	`0x8e37f`

InternetQueryOptionA

Ordinal	`275`
Address	`0x11b56`

InternetQueryOptionW

Ordinal	`276`
Address	`0x17ed7`

InternetReadFile

Ordinal	`277`
Address	`0x1b406`

InternetReadFileExA

Ordinal	`278`
Address	`0x4ae46`

InternetReadFileExW

Ordinal	`279`
Address	`0x4ae0e`

InternetSecurityProtocolToStringA

Ordinal	`280`
Address	`0xa2761`

InternetSecurityProtocolToStringW

Ordinal	`281`
Address	`0xa283c`

InternetSetCookieA

Ordinal	`282`
Address	`0x92cb1`

InternetSetCookieExA

Ordinal	`283`
Address	`0x92cdc`

InternetSetCookieExW

Ordinal	`284`
Address	`0x4d0b1`

InternetSetCookieW

Ordinal	`285`
Address	`0x92d0f`

InternetSetDialState

Ordinal	`286`
Address	`0x74cf2`

InternetSetDialStateA

Ordinal	`287`
Address	`0x74cf2`

InternetSetDialStateW

Ordinal	`288`
Address	`0x74cf2`

InternetSetFilePointer

Ordinal	`289`
Address	`0x7af16`

InternetSetOptionA

Ordinal	`290`
Address	`0x175e8`

InternetSetOptionExA

Ordinal	`291`
Address	`0x7c466`

InternetSetOptionExW

Ordinal	`292`
Address	`0x7c497`

InternetSetOptionW

Ordinal	`293`
Address	`0x17741`

InternetSetPerSiteCookieDecisionA

Ordinal	`294`
Address	`0x920fd`

InternetSetPerSiteCookieDecisionW

Ordinal	`295`
Address	`0x92167`

InternetSetStatusCallback

Ordinal	`296`
Address	`0x2933e`

InternetSetStatusCallbackA

Ordinal	`297`
Address	`0x2933e`

InternetSetStatusCallbackW

Ordinal	`298`
Address	`0x7c065`

InternetShowSecurityInfoByURL

Ordinal	`299`
Address	`0x7b52a`

InternetShowSecurityInfoByURLA

Ordinal	`300`
Address	`0x7b52a`

InternetShowSecurityInfoByURLW

Ordinal	`301`
Address	`0x7c0ab`

InternetTimeFromSystemTime

Ordinal	`302`
Address	`0x2b75d`

InternetTimeFromSystemTimeA

Ordinal	`303`
Address	`0x2b75d`

InternetTimeFromSystemTimeW

Ordinal	`304`
Address	`0x92ecc`

InternetTimeToSystemTime

Ordinal	`305`
Address	`0x92ddb`

InternetTimeToSystemTimeA

Ordinal	`306`
Address	`0x92ddb`

InternetTimeToSystemTimeW

Ordinal	`307`
Address	`0x92e18`

InternetUnlockRequestFile

Ordinal	`308`
Address	`0x47457`

InternetWriteFile

Ordinal	`309`
Address	`0x346da`

InternetWriteFileExA

Ordinal	`310`
Address	`0x7a90e`

InternetWriteFileExW

Ordinal	`311`
Address	`0x7a90e`

IsHostInProxyBypassList

Ordinal	`312`
Address	`0x57af6`

IsUrlCacheEntryExpiredA

Ordinal	`313`
Address	`0x9c3b0`

IsUrlCacheEntryExpiredW

Ordinal	`314`
Address	`0x584d0`

LoadUrlCacheContent

Ordinal	`315`
Address	`0x9c469`

ParseX509EncodedCertificateForListBoxEntry

Ordinal	`316`
Address	`0xa20c9`

PrivacyGetZonePreferenceW

Ordinal	`317`
Address	`0x568e9`

PrivacySetZonePreferenceW

Ordinal	`318`
Address	`0x91139`

ReadUrlCacheEntryStream

Ordinal	`319`
Address	`0x2ca97`

ReadUrlCacheEntryStreamEx

Ordinal	`320`
Address	`0x2b052`

RegisterUrlCacheNotification

Ordinal	`321`
Address	`0x9c789`

ResumeSuspendedDownload

Ordinal	`322`
Address	`0x7e6df`

RetrieveUrlCacheEntryFileA

Ordinal	`323`
Address	`0x9c479`

RetrieveUrlCacheEntryFileW

Ordinal	`324`
Address	`0x108e8`

RetrieveUrlCacheEntryStreamA

Ordinal	`325`
Address	`0x2caca`

RetrieveUrlCacheEntryStreamW

Ordinal	`326`
Address	`0x395a0`

RunOnceUrlCache

Ordinal	`327`
Address	`0x9c4f0`

SetUrlCacheConfigInfoA

Ordinal	`328`
Address	`0x9c8dd`

SetUrlCacheConfigInfoW

Ordinal	`329`
Address	`0x9c512`

SetUrlCacheEntryGroup

Ordinal	`330`
Address	`0x9c57c`

SetUrlCacheEntryGroupA

Ordinal	`331`
Address	`0x9c57c`

SetUrlCacheEntryGroupW

Ordinal	`332`
Address	`0x41171`

SetUrlCacheEntryInfoA

Ordinal	`333`
Address	`0x469b3`

SetUrlCacheEntryInfoW

Ordinal	`334`
Address	`0x9c5ec`

SetUrlCacheGroupAttributeA

Ordinal	`335`
Address	`0x9c675`

SetUrlCacheGroupAttributeW

Ordinal	`336`
Address	`0x9c6d1`

SetUrlCacheHeaderData

Ordinal	`337`
Address	`0x9c759`

ShowCertificate

Ordinal	`338`
Address	`0xa20a3`

ShowClientAuthCerts

Ordinal	`339`
Address	`0xa20b6`

ShowSecurityInfo

Ordinal	`340`
Address	`0xa1f04`

ShowX509EncodedCertificate

Ordinal	`341`
Address	`0xa20dc`

UnlockUrlCacheEntryFile

Ordinal	`342`
Address	`0x1b149`

UnlockUrlCacheEntryFileA

Ordinal	`343`
Address	`0x1b149`

UnlockUrlCacheEntryFileW

Ordinal	`344`
Address	`0x109c6`

UnlockUrlCacheEntryStream

Ordinal	`345`
Address	`0x1b196`

(#18)

Ordinal	`346`
Address	`0x3e9f0`

UpdateUrlCacheContentPath

Ordinal	`347`
Address	`0x9c7d7`

UrlZonesDetach

Ordinal	`348`
Address	`0x4957d`

_GetFileExtensionFromUrl

Ordinal	`349`
Address	`0x80e2e`

(#19)

Ordinal	`401`
Address	`0x8e3a3`

Version Info

IMAGE_DEBUG_TYPE_UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

IMAGE_DEBUG_TYPE_UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x75ed93a0`
SEHandlerTable	`0x75e94a28`
SEHandlerCount	`1`

RICH Header

XOR Key	`0x4a34de4`
Unmarked objects	`0`
ASM objects (VS2008 SP1 build 30729)	`11`
Total imports	`572`
Imports (VS2008 SP1 build 30729)	`17`
C++ objects (VS2008 build 21022)	`1`
Exports (VS2008 SP1 build 30729)	`1`
C++ objects (VS2008 SP1 build 30729)	`179`
C objects (VS2008 SP1 build 30729)	`43`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded!
[!] Error: Could not read an IMAGE_RESOURCE_DIRECTORY_ENTRY's name.
[*] Warning: 51 invalid export(s) not shown.