downloader.dll
Description:
Authors:
Version:
Architecture: 32-bit
Operating System:
SHA256: 96f7b268820511abeeb6bbfad0918cf9
File Size: 197.5 KB
Uploaded At: Jan. 28, 2026, 11:25 p.m.
Views: 13
Exported Functions
- GetEsd (Ordinal: 1, Address: 0xefc0)
Imported DLLs & Functions
ADVAPI32.dll
- ControlTraceW (Address: 0x1002e034)
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x1002e028)
- CryptAcquireContextW (Address: 0x1002e01c)
- CryptCreateHash (Address: 0x1002e014)
- CryptDeriveKey (Address: 0x1002e010)
- CryptDestroyHash (Address: 0x1002e008)
- CryptDestroyKey (Address: 0x1002e05c)
- CryptEncrypt (Address: 0x1002e018)
- CryptGetHashParam (Address: 0x1002e004)
- CryptHashData (Address: 0x1002e00c)
- CryptReleaseContext (Address: 0x1002e000)
- EnableTraceEx2 (Address: 0x1002e020)
- EventRegister (Address: 0x1002e04c)
- EventSetInformation (Address: 0x1002e044)
- EventUnregister (Address: 0x1002e030)
- EventWriteTransfer (Address: 0x1002e050)
- QueryTraceW (Address: 0x1002e02c)
- RegCloseKey (Address: 0x1002e054)
- RegCreateKeyExW (Address: 0x1002e048)
- RegOpenKeyExW (Address: 0x1002e038)
- RegQueryValueExW (Address: 0x1002e024)
- RegSetKeySecurity (Address: 0x1002e040)
- RegSetValueExW (Address: 0x1002e03c)
- StartTraceW (Address: 0x1002e058)
KERNEL32.dll
- CloseHandle (Address: 0x1002e0a8)
- CompareStringW (Address: 0x1002e0d8)
- CopyFileW (Address: 0x1002e118)
- CreateDirectoryW (Address: 0x1002e0c8)
- CreateFileW (Address: 0x1002e088)
- CreateMutexExW (Address: 0x1002e0b4)
- CreateMutexW (Address: 0x1002e0f0)
- CreateSemaphoreExW (Address: 0x1002e06c)
- DebugBreak (Address: 0x1002e0c0)
- DeleteFileW (Address: 0x1002e104)
- FindClose (Address: 0x1002e0f4)
- FindFirstFileW (Address: 0x1002e0d4)
- FindNextFileW (Address: 0x1002e0dc)
- FormatMessageW (Address: 0x1002e094)
- FreeLibrary (Address: 0x1002e114)
- GetCurrentProcess (Address: 0x1002e0e0)
- GetCurrentProcessId (Address: 0x1002e144)
- GetCurrentThreadId (Address: 0x1002e08c)
- GetFileAttributesW (Address: 0x1002e0fc)
- GetFileSizeEx (Address: 0x1002e068)
- GetFullPathNameW (Address: 0x1002e140)
- GetLastError (Address: 0x1002e098)
- GetModuleFileNameA (Address: 0x1002e064)
- GetModuleFileNameW (Address: 0x1002e0e8)
- GetModuleHandleExW (Address: 0x1002e080)
- GetModuleHandleW (Address: 0x1002e0bc)
- GetProcAddress (Address: 0x1002e0b0)
- GetProcessHeap (Address: 0x1002e0b8)
- GetSystemDefaultUILanguage (Address: 0x1002e0e4)
- GetSystemInfo (Address: 0x1002e10c)
- GetSystemTimeAsFileTime (Address: 0x1002e148)
- GetTempPathW (Address: 0x1002e0ec)
- GetTickCount (Address: 0x1002e13c)
- GlobalFree (Address: 0x1002e108)
- HeapAlloc (Address: 0x1002e0ac)
- HeapFree (Address: 0x1002e070)
- InitOnceBeginInitialize (Address: 0x1002e0d0)
- InitOnceComplete (Address: 0x1002e100)
- IsDebuggerPresent (Address: 0x1002e0c4)
- LoadLibraryExW (Address: 0x1002e124)
- LocalAlloc (Address: 0x1002e0f8)
- LocalFree (Address: 0x1002e110)
- MoveFileW (Address: 0x1002e120)
- OpenSemaphoreW (Address: 0x1002e0a4)
- OutputDebugStringW (Address: 0x1002e09c)
- QueryPerformanceCounter (Address: 0x1002e138)
- ReadFile (Address: 0x1002e0cc)
- ReleaseMutex (Address: 0x1002e090)
- ReleaseSemaphore (Address: 0x1002e078)
- SetLastError (Address: 0x1002e074)
- SetUnhandledExceptionFilter (Address: 0x1002e130)
- Sleep (Address: 0x1002e128)
- TerminateProcess (Address: 0x1002e134)
- UnhandledExceptionFilter (Address: 0x1002e12c)
- WaitForSingleObject (Address: 0x1002e084)
- WaitForSingleObjectEx (Address: 0x1002e0a0)
- WideCharToMultiByte (Address: 0x1002e11c)
- WriteFile (Address: 0x1002e07c)
msvcrt.dll
- __dllonexit (Address: 0x1002e1bc)
- _amsg_exit (Address: 0x1002e1d4)
- _except_handler4_common (Address: 0x1002e1b4)
- _initterm (Address: 0x1002e1c8)
- _lock (Address: 0x1002e1c4)
- _onexit (Address: 0x1002e1b8)
- _purecall (Address: 0x1002e1f0)
- _unlock (Address: 0x1002e1c0)
- _vsnwprintf (Address: 0x1002e1a8)
- _wcsicmp (Address: 0x1002e1a0)
- _wcsnicmp (Address: 0x1002e19c)
- _wcstoui64 (Address: 0x1002e1e0)
- _wtoi64 (Address: 0x1002e1f4)
- _XcptFilter (Address: 0x1002e1d8)
- bsearch (Address: 0x1002e1a4)
- free (Address: 0x1002e1d0)
- iswspace (Address: 0x1002e198)
- malloc (Address: 0x1002e1cc)
- memcmp (Address: 0x1002e1ac)
- memcpy (Address: 0x1002e200)
- memcpy_s (Address: 0x1002e1fc)
- memmove (Address: 0x1002e1b0)
- memset (Address: 0x1002e204)
- sprintf_s (Address: 0x1002e1dc)
- strncmp (Address: 0x1002e1ec)
- swprintf_s (Address: 0x1002e1e8)
- wcscat_s (Address: 0x1002e1f8)
- wcschr (Address: 0x1002e1e4)
ntdll.dll
- DbgPrintEx (Address: 0x1002e20c)
- NtClose (Address: 0x1002e228)
- NtOpenFile (Address: 0x1002e218)
- NtQueryInformationFile (Address: 0x1002e220)
- NtReadFile (Address: 0x1002e230)
- NtSetInformationFile (Address: 0x1002e234)
- NtWaitForSingleObject (Address: 0x1002e21c)
- NtWriteFile (Address: 0x1002e240)
- NtYieldExecution (Address: 0x1002e210)
- RtlAllocateHeap (Address: 0x1002e248)
- RtlDosPathNameToNtPathName_U_WithStatus (Address: 0x1002e23c)
- RtlExpandEnvironmentStrings (Address: 0x1002e224)
- RtlFreeHeap (Address: 0x1002e244)
- RtlGetVersion (Address: 0x1002e250)
- RtlInitUnicodeString (Address: 0x1002e238)
- RtlNtStatusToDosError (Address: 0x1002e24c)
- RtlRaiseStatus (Address: 0x1002e214)
- RtlReAllocateHeap (Address: 0x1002e22c)
ole32.dll
- CoCreateGuid (Address: 0x1002e258)
RPCRT4.dll
- UuidCreate (Address: 0x1002e150)
SHLWAPI.dll
- PathFileExistsW (Address: 0x1002e15c)
- PathRemoveFileSpecW (Address: 0x1002e158)
WINHTTP.dll
- WinHttpCloseHandle (Address: 0x1002e164)
- WinHttpConnect (Address: 0x1002e174)
- WinHttpCrackUrl (Address: 0x1002e188)
- WinHttpGetIEProxyConfigForCurrentUser (Address: 0x1002e168)
- WinHttpGetProxyForUrl (Address: 0x1002e180)
- WinHttpOpen (Address: 0x1002e16c)
- WinHttpOpenRequest (Address: 0x1002e178)
- WinHttpQueryHeaders (Address: 0x1002e184)
- WinHttpReadData (Address: 0x1002e190)
- WinHttpReceiveResponse (Address: 0x1002e170)
- WinHttpSendRequest (Address: 0x1002e18c)
- WinHttpSetOption (Address: 0x1002e17c)