socelars | 7zS8A52FD1B[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

7zS8A52FD1B.zip
Size

8.7MB
MD5

5eb1036bb35ae755376ba3d22001e238
SHA1

d72bdb22a8d47fa3d50a25ff9704feaf1393a8cc
SHA256

4bb31847846180bf78033b5eb7761b874b114f6dd086862472915be761fc042a
SHA512

9215f3fcf99d9f2ee43ef6e552123128520e2601bd17f664385bb01f050b4ad8fec7ad9316967a359ec79c404cc911a5d3861634310e116d55930e5aa97baecd
SSDEEP

196608:2sNwxyEw6x/zafOHy/8di4tBgTCuPTRjt4zmII65yQWK3esMyir7S3C2Y8JTW:2eqyP0/zamHZU6+Rjtsm165JeeirmS3

Score

10^/10

agilenet vmprotect aspackv2 socelars

Malware Config

Extracted

Family

socelars

https://sa-us-bucket.s3.us-east-2.amazonaws.com/ujfreids61/

Signatures

Socelars Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/7zS8A52FD1B/62a1ea319013f_e64e1ff.exe	family_socelars

Socelars family
socelars

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/7zS8A52FD1B/libstdc++-6.dll	aspack_v212_v242

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/7zS8A52FD1B/62a1ea2d09364_3056ccd.exe	vmprotect

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
static1/unpack001/7zS8A52FD1B/62a1ea23342ae_c77562.exe	agile_net

Files

7zS8A52FD1B.zip
.zip
7zS8A52FD1B/62a1ea227dc1c_17ee33ef3.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

3AlL!|
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea23342ae_c77562.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea23da745_6e68c9a.exe
.exe windows x86

cd8430e1ebe09a39fed57f14fe148292

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
ExitProcess
RtlUnwind
HeapReAlloc
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcessHeap
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapAlloc
HeapFree
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
lstrlenA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
InterlockedDecrement
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
CloseHandle
GlobalUnlock
lstrlenW
WritePrivateProfileStringW
FreeResource
GlobalFree
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
TerminateProcess
SizeofResource

user32

RegisterClipboardFormatW
PostThreadMessageW
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
LoadCursorW
SetCapture
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSysColor
LoadIconW
GetSystemMenu
UnregisterClassA
AppendMenuW
IsIconic
SendMessageW
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
UnregisterClassW
CharUpperW
GetSysColorBrush
CallNextHookEx
GetMessageW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
GetSystemMetrics
GetClientRect
DrawIcon
EnableWindow
wsprintfW
PostMessageW
PostQuitMessage
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
DispatchMessageW
TranslateMessage
IsChild

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetDeviceCaps
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW
GetObjectW
Escape

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoInitializeSecurity
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocStringLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantChangeType
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
GetErrorInfo
SysAllocString

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea243386e_a4f8a5d8a.exe
.exe windows x86

52d4b77743751abbeb4702a29196fe32

Code Sign

6a:81:17:6c:ae:7c:b2:fe:a1:f5:8f:3d:02:fd:00
Certificate

Issuer

CN=Entrust Certification Authority - L1K,OU=See www.entrust.net/legal-terms+OU=(c) 2012 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

13-08-2021 20:37

Not After

12-09-2022 20:37

Subject

CN=www.grainger.ca,O=W.W. Grainger\, Inc,L=Lake Forest,ST=Illinois,C=US

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ad:15:f5:19:c2:2a:b4:27:0a:1d:7c:dc:14:3d:00:41:9e:12:e4:f9:4b:4a:f1:ca:ec:38:c9:4f:b1:bf:de:6b
Signer

Actual PE Digest

ad:15:f5:19:c2:2a:b4:27:0a:1d:7c:dc:14:3d:00:41:9e:12:e4:f9:4b:4a:f1:ca:ec:38:c9:4f:b1:bf:de:6b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=www.grainger.ca,O=W.W. Grainger\, Inc,L=Lake Forest,ST=Illinois,C=US

08-06-2022 18:46
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameA
CreateFiber
InterlockedIncrement
InterlockedDecrement
CopyFileTransactedA
FlushConsoleInputBuffer
FlushViewOfFile
GetCurrentThread
GenerateConsoleCtrlEvent
ConvertFiberToThread
ActivateActCtx
GlobalAlloc
LoadLibraryW
FatalAppExitW
DeactivateActCtx
DeleteFiber
GetStdHandle
GetLastError
GetProcAddress
VirtualAlloc
DisableThreadLibraryCalls
LoadLibraryA
CreateHardLinkW
GetCurrentConsoleFont
GetModuleHandleA
BuildCommDCBA
GetCurrentThreadId
SuspendThread
ReadFile
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
HeapValidate
IsBadReadPtr
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
GetModuleFileNameA
WriteFile
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetStdHandle
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapSize
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
FlushFileBuffers
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CloseHandle
WriteConsoleA
GetConsoleOutputCP
RaiseException
CreateFileA

user32

ActivateKeyboardLayout

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea2501f48_0371f5.exe
.exe windows x86

4681ca2694bc7221d2898efdb737c063

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthA
OpenEventA
GetLocaleInfoA
GetLongPathNameA
_lwrite
WriteConsoleInputA
GetSystemDirectoryW
MoveFileExW
CreateEventA
VerifyVersionInfoA
InterlockedExchange
ReadConsoleInputA
WaitNamedPipeW
LocalFree
GetCPInfoExW
FreeLibraryAndExitThread
GetConsoleAliasExesLengthW
EnumCalendarInfoExA
MoveFileW
ReadConsoleOutputCharacterW
GlobalAlloc
GetProcAddress
GetCalendarInfoA
CommConfigDialogA
SetFileAttributesA
AreFileApisANSI
OpenJobObjectA
LCMapStringW
GetFileAttributesA
SetConsoleTitleA
CreateHardLinkA
SetLastError
GetCurrentProcessId
GetSystemDefaultLangID
GetEnvironmentStringsW
GetFileTime
FindResourceExA
GetConsoleMode
GetDiskFreeSpaceW
GetConsoleAliasExesA
WaitForSingleObject
SetDefaultCommConfigW
LoadLibraryA
HeapSize
SetFilePointer
BeginUpdateResourceA
LoadLibraryW
CreateFileW
WriteConsoleW
MultiByteToWideChar
RtlUnwind
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
GetCurrentThreadId
HeapAlloc
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
WideCharToMultiByte
GetStringTypeW
Sleep
SetStdHandle
GetConsoleCP
FlushFileBuffers
RaiseException
HeapReAlloc

user32

ClientToScreen

gdi32

GetTextExtentPoint32A

winhttp

WinHttpCloseHandle

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fis
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sixi
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xek
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zifec
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea2a20759_b7a66dc968.exe
.exe windows x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea2b65292_c4804f5141.exe
.exe windows x86

4681ca2694bc7221d2898efdb737c063

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthA
OpenEventA
GetLocaleInfoA
GetLongPathNameA
_lwrite
WriteConsoleInputA
GetSystemDirectoryW
MoveFileExW
CreateEventA
VerifyVersionInfoA
InterlockedExchange
ReadConsoleInputA
WaitNamedPipeW
LocalFree
GetCPInfoExW
FreeLibraryAndExitThread
GetConsoleAliasExesLengthW
EnumCalendarInfoExA
MoveFileW
ReadConsoleOutputCharacterW
GlobalAlloc
GetProcAddress
GetCalendarInfoA
CommConfigDialogA
SetFileAttributesA
AreFileApisANSI
OpenJobObjectA
LCMapStringW
GetFileAttributesA
SetConsoleTitleA
CreateHardLinkA
SetLastError
GetCurrentProcessId
GetSystemDefaultLangID
GetEnvironmentStringsW
GetFileTime
FindResourceExA
GetConsoleMode
GetDiskFreeSpaceW
GetConsoleAliasExesA
WaitForSingleObject
SetDefaultCommConfigW
LoadLibraryA
HeapSize
SetFilePointer
BeginUpdateResourceA
LoadLibraryW
CreateFileW
WriteConsoleW
MultiByteToWideChar
RtlUnwind
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
GetCurrentThreadId
HeapAlloc
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
WideCharToMultiByte
GetStringTypeW
Sleep
SetStdHandle
GetConsoleCP
FlushFileBuffers
RaiseException
HeapReAlloc

user32

ClientToScreen

gdi32

GetTextExtentPoint32A

winhttp

WinHttpCloseHandle

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guyasew
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pocoha
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bigah
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wuzij
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea2d09364_3056ccd.exe
.exe windows x64

bb46f1abb2c1ede95f964a725f9d1284

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

EnterCriticalSection
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

shell32

SHGetFolderPathW

winhttp

WinHttpSetOption

crypt32

CryptUnprotectData

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 871KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea2df066e_add786971.exe
.exe windows x86

4681ca2694bc7221d2898efdb737c063

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthA
OpenEventA
GetLocaleInfoA
GetLongPathNameA
_lwrite
WriteConsoleInputA
GetSystemDirectoryW
MoveFileExW
CreateEventA
VerifyVersionInfoA
InterlockedExchange
ReadConsoleInputA
WaitNamedPipeW
LocalFree
GetCPInfoExW
FreeLibraryAndExitThread
GetConsoleAliasExesLengthW
EnumCalendarInfoExA
MoveFileW
ReadConsoleOutputCharacterW
GlobalAlloc
GetProcAddress
GetCalendarInfoA
CommConfigDialogA
SetFileAttributesA
AreFileApisANSI
OpenJobObjectA
LCMapStringW
GetFileAttributesA
SetConsoleTitleA
CreateHardLinkA
SetLastError
GetCurrentProcessId
GetSystemDefaultLangID
GetEnvironmentStringsW
GetFileTime
FindResourceExA
GetConsoleMode
GetDiskFreeSpaceW
GetConsoleAliasExesA
WaitForSingleObject
SetDefaultCommConfigW
LoadLibraryA
HeapSize
SetFilePointer
BeginUpdateResourceA
LoadLibraryW
CreateFileW
WriteConsoleW
MultiByteToWideChar
RtlUnwind
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
GetCurrentThreadId
HeapAlloc
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
WideCharToMultiByte
GetStringTypeW
Sleep
SetStdHandle
GetConsoleCP
FlushFileBuffers
RaiseException
HeapReAlloc

user32

ClientToScreen

gdi32

GetTextExtentPoint32A

winhttp

WinHttpCloseHandle

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pademi
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mid
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rer
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sufo
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea2f0beee_36a9ec29c.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea2fb0309_1d35870d.exe
.exe windows x86

248c3fed9ff950fb0e1f0157391ec3fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHChangeNotification_Unlock
SHFree
SHLoadInProc
IsLFNDrive
DoEnvironmentSubstA
SignalFileOpen
SHOpenPropSheetW
DragQueryFile
DllGetClassObject
SHGetFolderLocation
SHGetNewLinkInfoW
SHFreeNameMappings
SHGetFolderPathA
StrNCmpIW
PathIsSlowW
SHGetImageList
ILAppendID
SHMultiFileProperties
SHCreateFileExtractIconW
ExtractIconW
StrCmpNIA
SHReplaceFromPropSheetExtArray
SHAppBarMessage
ExtractIconExA
ILCombine
PathQualify
DllRegisterServer
DAD_AutoScroll
SHGetSettings
SHCreateStdEnumFmtEtc
SHDestroyPropSheetExtArray
CommandLineToArgvW
SHStartNetConnectionDialogW
Control_RunDLLAsUserW
SHCreateDirectory
SHGetUnreadMailCountW
PathYetAnotherMakeUniqueName
SHSetInstanceExplorer
GetFileNameFromBrowse
SHGetDiskFreeSpaceA
PickIconDlg
InternalExtractIconListA
StrNCmpW
CheckEscapesW
ShellExecuteW
SHLoadNonloadedIconOverlayIdentifiers
SHGetNewLinkInfo
IsNetDrive
SHCreateProcessAsUserW
SHCreateLocalServerRunDll
ShellExec_RunDLL
SHChangeNotification_Lock
SHGetSpecialFolderPathW
Shell_GetCachedImageIndex
SHFileOperationW
SHGetFileInfoW
StrStrW
ExtractAssociatedIconA
InternalExtractIconListW
SHDefExtractIconW
SHGetFolderPathAndSubDirW
SHQueryRecycleBinW
SHSimpleIDListFromPath
SheChangeDirExW
OpenRegStream
StrChrIA
StrRChrA
StrRStrW

gdi32

EngFreeModule
EngAssociateSurface
RealizePalette
DdEntry28
GetOutlineTextMetricsW
EudcLoadLinkW
PolyTextOutA
GetArcDirection
bInitSystemAndFontsDirectoriesW
DdEntry5
RoundRect
ColorCorrectPalette
DdEntry27
GetDCOrgEx
GetTextExtentPointI
GdiSetServerAttr
GetStringBitmapA
ResetDCA
EnumFontFamiliesW
DdEntry22
DdEntry49
GetMetaFileBitsEx
EnumObjects
SetColorAdjustment
GetEnhMetaFileDescriptionA
GdiEntry12
GetStringBitmapW
AbortPath
TranslateCharsetInfo
EndFormPage
SetVirtualResolution
SetViewportOrgEx
StartFormPage
EngLoadModule
CreateDCA
EngFindResource
TextOutA
DdEntry36
SetICMMode
STROBJ_vEnumStart
CloseEnhMetaFile
SetMagicColors
GdiQueryFonts
EngDeletePalette
DdEntry51
bMakePathNameW
GdiPlayPrivatePageEMF
GetKerningPairsA
GetMetaRgn
DdEntry18
SetWindowExtEx
SetAbortProc
IntersectClipRect
EngCreateBitmap
GdiGetLocalFont
GetCharABCWidthsA
GetTextColor
ChoosePixelFormat
TextOutW
CreateFontIndirectW
GetStockObject
ModifyWorldTransform
GdiPlayJournal
GetFontUnicodeRanges
GetEnhMetaFileDescriptionW
SetICMProfileA
GdiQueryTable
GdiFlush
GetTextAlign
GdiGetLocalDC
CreatePen
EngBitBlt
SetWorldTransform
ExcludeClipRect
GdiConvertBitmapV5
GdiDeleteSpoolFileHandle
GetTextMetricsA
DdEntry39
HT_Get8BPPFormatPalette
DeleteDC
GdiGetCharDimensions
RemoveFontResourceExA
GetGlyphIndicesW
SelectPalette
GetCharWidthInfo
EngAlphaBlend
PatBlt
GetFontResourceInfoW
GdiCreateLocalEnhMetaFile
GetTextCharset
PolyBezier
GetEnhMetaFileBits
GdiPrinterThunk
XFORMOBJ_bApplyXform
GetEnhMetaFilePixelFormat
GdiEntry5
CLIPOBJ_cEnumStart
CreateFontIndirectExW
AddFontResourceExW
PtVisible
XLATEOBJ_hGetColorTransform
GetMetaFileW

kernel32

GetEnvironmentStrings
PostQueuedCompletionStatus
SetLocaleInfoA
EncodeSystemPointer
SetTapeParameters
CompareFileTime
GlobalFree
GetSystemTimes
CreateThread
GetDiskFreeSpaceExW
SetThreadPriority
EnumDateFormatsExW
FindFirstFileW
InitializeSListHead
QueryActCtxW
GetModuleHandleA
VerifyVersionInfoA
MoveFileWithProgressW
InterlockedPushEntrySList
DuplicateHandle
GetNumaAvailableMemoryNode
VirtualQueryEx
GetThreadTimes
Heap32ListNext
SetFileAttributesA
GlobalFix
SetHandleContext
GetModuleHandleW
SetConsoleNumberOfCommandsW
GlobalCompact
GetConsoleDisplayMode
SetEnvironmentVariableW
SetFileShortNameA
GetProcessDEPPolicy
SetConsoleLocalEUDC
CommConfigDialogW
lstrlen
GetNumberFormatW
CopyLZFile
SetDefaultCommConfigA
GetDriveTypeW
ReadFileScatter
TzSpecificLocalTimeToSystemTime
EnumSystemCodePagesW
UnhandledExceptionFilter
GetStringTypeA
HeapCompact
GetNumaProcessorNode
GetConsoleOutputCP
RegisterWaitForInputIdle
GetConsoleCommandHistoryLengthW
CreateFileW
CreateProcessW
GetConsoleInputExeNameA
LZClose
FindVolumeMountPointClose
WritePrivateProfileStructA
SetConsoleMenuClose
GetTempPathW
lstrcatW
GetSystemDefaultUILanguage
FreeLibrary
Process32Next
SetConsoleHardwareState
QueryMemoryResourceNotification
MulDiv
LZDone
GlobalMemoryStatus
CreateNamedPipeA
SetThreadContext
GetPrivateProfileIntW
OutputDebugStringA
EnumResourceNamesA
SetConsoleTitleW
QueryPerformanceCounter
GetConsoleTitleA
WaitForMultipleObjects
OpenSemaphoreW
VirtualAlloc
OpenJobObjectA
IsBadStringPtrW
GetConsoleCommandHistoryLengthA
GetCPInfo
WaitNamedPipeW
GetQueuedCompletionStatus
RegisterConsoleVDM
Process32FirstW
DebugActiveProcessStop
CreateTimerQueue
HeapValidate
BasepCheckWinSaferRestrictions
GetTickCount
WriteConsoleInputVDMA
SetDllDirectoryW
QueueUserWorkItem
GetLongPathNameA
WriteFile
FoldStringW
lstrcpyn
FillConsoleOutputCharacterW
CopyFileExA
EnumResourceLanguagesW
InitAtomTable
CreateFiber
GetSystemRegistryQuota
GetLocaleInfoA
ResumeThread
FindAtomA

shlwapi

PathRemoveFileSpecA
SHQueryValueExA
PathUnquoteSpacesA
StrCmpICW
SHRegEnumUSKeyW
PathQuoteSpacesW
PathUnExpandEnvStringsA
PathFindSuffixArrayA
StrPBrkA
StrChrA
SHRegSetUSValueW
UrlCanonicalizeW
StrFormatKBSizeW
StrCmpICA
ColorRGBToHLS
PathMakeSystemFolderW
SHSetValueA
ColorHLSToRGB
PathFindFileNameW
PathIsPrefixW
PathStripToRootW
GetMenuPosFromID
StrChrNIW
StrRStrIA
UrlApplySchemeW
PathIsDirectoryEmptyW
SHRegQueryInfoUSKeyW
PathIsUNCServerA
StrFormatByteSize64A
StrCmpCA
StrRChrA
wvnsprintfA
SHOpenRegStream2A
SHLockShared
SHGetValueA
StrToIntA
wnsprintfA
DelayLoadFailureHook
PathIsURLW
SHDeleteEmptyKeyW
SHRegQueryInfoUSKeyA
UrlIsA
StrFromTimeIntervalW
StrRetToBSTR
PathCreateFromUrlW
PathFindExtensionA
IntlStrEqWorkerW
SHRegEnumUSKeyA
SHRegGetUSValueW
UrlCreateFromPathW
SHQueryInfoKeyA
IntlStrEqWorkerA
StrCSpnW
SHDeleteKeyA
ChrCmpIW
PathRemoveFileSpecW
PathCompactPathW
PathIsContentTypeA
PathRemoveBlanksW
UrlCombineA
SHQueryInfoKeyW
PathGetDriveNumberW
ColorAdjustLuma
IsCharSpaceW
PathStripPathA
UrlCreateFromPathA
PathRemoveBlanksA
UrlHashW
PathCombineW
SHGetViewStatePropertyBag
StrRChrIA
SHEnumValueW
StrCatBuffA
PathFileExistsA
DllGetVersion
PathCreateFromUrlA
SHDeleteValueW
PathIsURLA
PathAddExtensionA
SHRegCreateUSKeyA
PathUnExpandEnvStringsW
SHIsLowMemoryMachine
StrSpnA

advapi32

SaferiChangeRegistryScope
OpenEventLogA
ConvertSDToStringSDRootDomainA
LsaQueryDomainInformationPolicy
ElfOpenBackupEventLogW
ClearEventLogA
OpenSCManagerW
OpenBackupEventLogA
AbortSystemShutdownA
GetSecurityDescriptorRMControl
SetPrivateObjectSecurityEx
DuplicateTokenEx
GetExplicitEntriesFromAclA
BuildTrusteeWithObjectsAndSidA
SaferiRecordEventLogEntry
GetSidSubAuthorityCount
PrivilegeCheck
SetAclInformation
EqualDomainSid
LsaSetSecurityObject
GetFileSecurityA
CreateServiceW
LsaSetQuotasForAccount
SaferiPopulateDefaultsInRegistry
CheckTokenMembership
GetTrusteeFormA
I_ScPnPGetServiceName
CryptSignHashA
BuildTrusteeWithSidW
SystemFunction030
RegQueryInfoKeyW
SetNamedSecurityInfoW
IsValidSecurityDescriptor
RegDeleteKeyW
ElfCloseEventLog
CryptSetProvParam
LsaQueryTrustedDomainInfo
CredMarshalCredentialW
CryptDeriveKey
WmiEnumerateGuids
AccessCheck
WmiFreeBuffer
DecryptFileW
IdentifyCodeAuthzLevelW
AccessCheckAndAuditAlarmA
GetLengthSid
CryptDuplicateKey
CryptGetHashParam
LogonUserExW
SetTokenInformation
CredFree
RegSaveKeyExA
CredRenameW
LsaOpenSecret
RegOpenKeyA
CommandLineFromMsiDescriptor
ConvertStringSDToSDRootDomainW
LsaDeleteTrustedDomain
LsaSetSecret
ClearEventLogW
SetEntriesInAclW
AddAuditAccessAceEx
GetLocalManagedApplicationData
AddAccessDeniedObjectAce
LsaQuerySecret
SetSecurityInfoExA
CryptHashData
EnumServicesStatusExA
TrusteeAccessToObjectA
GetTrusteeNameA
ElfRegisterEventSourceA
SetInformationCodeAuthzLevelW
RegRestoreKeyW
LsaQueryForestTrustInformation
SystemFunction022
SetEntriesInAccessListW
RegCreateKeyExW
I_ScSendTSMessage
CredProfileLoaded
FindFirstFreeAce
GetServiceKeyNameW
ImpersonateAnonymousToken
QueryAllTracesW
LsaSetForestTrustInformation
SetSecurityDescriptorRMControl
OpenServiceA
UpdateTraceW
LookupAccountSidA
ObjectCloseAuditAlarmA
InitiateSystemShutdownExW
SystemFunction021
LsaQuerySecurityObject
GetTrusteeTypeW
OpenBackupEventLogW
AddAccessDeniedAceEx
GetSecurityDescriptorLength
MD4Init
StartServiceCtrlDispatcherA

user32

VkKeyScanA
CreateAcceleratorTableW
EnumWindowStationsA
TranslateMessageEx
PaintDesktop
DrawTextW
SetWindowLongW
DrawCaption
SendDlgItemMessageA
SetMenuItemBitmaps
GetGUIThreadInfo
CharPrevW
ChildWindowFromPointEx
SetSystemCursor
DlgDirListW
DlgDirSelectExA
PostMessageA
GetUpdateRgn
GetMenuInfo
LoadIconW
EnumPropsExA
LoadMenuA
CreateAcceleratorTableA
EnumDesktopWindows
GetWindowLongW
AppendMenuW
LoadIconA
GetTopWindow
DefDlgProcA
DefFrameProcA
IsWindowEnabled
LoadImageA
CharLowerA
DdeCreateStringHandleW
GetKeyboardState
SetInternalWindowPos
LockWindowStation
GetCursorPos
GetTitleBarInfo
GetNextDlgGroupItem
MenuItemFromPoint
DestroyCursor
BroadcastSystemMessageW
CharToOemA
GetMessageA
BringWindowToTop
DdeUninitialize
PostThreadMessageW
VkKeyScanExW
GetRawInputDeviceInfoW
ActivateKeyboardLayout
CopyAcceleratorTableA
GetKeyboardLayoutNameW
SetShellWindow
GetSysColorBrush
UpdateLayeredWindow
SendIMEMessageExW
GetWindowTextLengthW
LookupIconIdFromDirectoryEx
DlgDirListComboBoxW
DisplayExitWindowsWarnings
SendNotifyMessageA
GetMenuItemInfoW
GetMonitorInfoA
SwitchDesktop
SetLastErrorEx
DialogBoxIndirectParamW
SetSystemMenu
TranslateAcceleratorA
GetWindowContextHelpId
SetClassLongW
InSendMessageEx
GetWindowDC
DdeInitializeW
GetAppCompatFlags
DrawFocusRect
SendMessageCallbackW
EnumClipboardFormats
EndPaint
IsCharAlphaA
DefWindowProcA
ChangeMenuW
RegisterShellHookWindow
SetPropW
CreateSystemThreads
IMPQueryIMEA
DragObject
SetClipboardViewer
SetTimer
DdeUnaccessData
LoadCursorFromFileA
RegisterLogonProcess

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 883B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea319013f_e64e1ff.exe
.exe windows x86

d69e4c13e25f0ad622344ac56118c0df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameW
GetModuleFileNameA
GetCurrentProcessId
OpenProcess
GetModuleFileNameW
SetLastError
WaitForSingleObject
CreateEventW
FreeLibrary
WinExec
GetPrivateProfileStringW
CopyFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
LocalFree
LocalAlloc
LoadResource
FindResourceW
SizeofResource
LockResource
GetTickCount
GetCurrentThread
Sleep
GetProcessHeap
HeapAlloc
GetLastError
GetTempPathA
SetCurrentDirectoryW
GetShortPathNameA
LoadLibraryW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
DosDateTimeToFileTime
GetCurrentProcess
DuplicateHandle
CloseHandle
WriteFile
SetFileTime
SetFilePointer
ReadFile
GetFileType
CreateFileW
CreateDirectoryW
TerminateProcess
GetCurrentDirectoryW
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetFileSizeEx
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
RaiseException
GetStringTypeW
WriteConsoleW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
DeleteCriticalSection
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken

shell32

ShellExecuteExA

ole32

CoInitializeEx
CoGetObject
CoUninitialize

wininet

InternetGetCookieExA

netapi32

Netbios

ntdll

RtlInitUnicodeString
NtFreeVirtualMemory
LdrEnumerateLoadedModules
RtlEqualUnicodeString
RtlAcquirePebLock
NtAllocateVirtualMemory
RtlReleasePebLock
RtlNtStatusToDosError
RtlCreateHeap
RtlDestroyHeap
RtlAllocateHeap
RtlFreeHeap
NtClose
NtOpenKey
NtEnumerateValueKey
NtQueryValueKey

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mzpyvba
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mzpyvba
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zS8A52FD1B/62a1ea3215fd5_67a668.exe
.exe windows x86

7fdcc6a683cb0206d139f8f2eb2e772c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryDataAvailable
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile

ws2_32

recv
connect
socket
send
WSAStartup
gethostbyname
closesocket
WSACleanup

winhttp

WinHttpConnect
WinHttpReceiveResponse
WinHttpOpen
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable

shlwapi

wnsprintfW
PathCombineW

kernel32

GetStringTypeW
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
SetStdHandle
WriteFile
LCMapStringW
GetEnvironmentVariableW
CreateFileW
LoadLibraryA
CloseHandle
GetProcAddress
ExitProcess
GetModuleHandleW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer
WriteConsoleW
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
GetModuleHandleExW
FindClose
FindFirstFileExW

user32

wsprintfW
wsprintfA

advapi32

CryptGenRandom
CryptAcquireContextW
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
CryptReleaseContext
GetTokenInformation

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zS8A52FD1B/libgcc_s_dw2-1.dll
.dll windows x86

04f9a5136edc374e78bc81dc8b0d07af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcpy
memset
realloc
strlen
strncmp
vfprintf

libwinpthread-1

pthread_getspecific
pthread_key_create
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

Exports

Exports

_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_Find_FDE
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__absvdi2
__absvsi2
__addtf3
__addvdi3
__addvsi3
__ashldi3
__ashrdi3
__bswapdi2
__bswapsi2
__clear_cache
__clrsbdi2
__clrsbsi2
__clzdi2
__clzsi2
__cmpdi2
__ctzdi2
__ctzsi2
__deregister_frame
__deregister_frame_info
__deregister_frame_info_bases
__divdc3
__divdi3
__divmoddi4
__divsc3
__divtc3
__divtf3
__divxc3
__emutls_get_address
__emutls_register_common
__enable_execute_stack
__eqtf2
__extenddftf2
__extendsftf2
__extendxftf2
__ffsdi2
__ffssi2
__fixdfdi
__fixsfdi
__fixtfdi
__fixtfsi
__fixunsdfdi
__fixunsdfsi
__fixunssfdi
__fixunssfsi
__fixunstfdi
__fixunstfsi
__fixunsxfdi
__fixunsxfsi
__fixxfdi
__floatdidf
__floatdisf
__floatditf
__floatdixf
__floatsitf
__floatundidf
__floatundisf
__floatunditf
__floatundixf
__floatunsitf
__gcc_personality_v0
__getf2
__gttf2
__letf2
__lshrdi3
__lttf2
__moddi3
__muldc3
__muldi3
__mulsc3
__multc3
__multf3
__mulvdi3
__mulvsi3
__mulxc3
__negdi2
__negtf2
__negvdi2
__negvsi2
__netf2
__paritydi2
__paritysi2
__popcountdi2
__popcountsi2
__powidf2
__powisf2
__powitf2
__powixf2
__register_frame
__register_frame_info
__register_frame_info_bases
__register_frame_info_table
__register_frame_info_table_bases
__register_frame_table
__subtf3
__subvdi3
__subvsi3
__trunctfdf2
__trunctfsf2
__trunctfxf2
__ucmpdi2
__udivdi3
__udivmoddi4
__umoddi3
__unordtf2

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zS8A52FD1B/libstdc++-6.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_Z20_txnal_cow_string_D1Pv
_Z23_txnal_cow_string_c_strPKv
_Z23_txnal_sso_string_c_strPKv
_Z26_txnal_logic_error_get_msgPv
_Z27_txnal_cow_string_D1_commitPv
_Z28_txnal_runtime_error_get_msgPv
_Z35_txnal_cow_string_C1_for_exceptionsPvPKcS_
_Z7fprintfP6_iobufPKcz
_ZGTtNKSt11logic_error4whatEv
_ZGTtNKSt13bad_exception4whatEv
_ZGTtNKSt13bad_exceptionD1Ev
_ZGTtNKSt13runtime_error4whatEv
_ZGTtNKSt9exception4whatEv
_ZGTtNKSt9exceptionD1Ev
_ZGTtNSt11logic_errorC1EPKc
_ZGTtNSt11logic_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt11logic_errorC2EPKc
_ZGTtNSt11logic_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt11logic_errorD0Ev
_ZGTtNSt11logic_errorD1Ev
_ZGTtNSt11logic_errorD2Ev
_ZGTtNSt11range_errorC1EPKc
_ZGTtNSt11range_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt11range_errorC2EPKc
_ZGTtNSt11range_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt11range_errorD0Ev
_ZGTtNSt11range_errorD1Ev
_ZGTtNSt11range_errorD2Ev
_ZGTtNSt12domain_errorC1EPKc
_ZGTtNSt12domain_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12domain_errorC2EPKc
_ZGTtNSt12domain_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12domain_errorD0Ev
_ZGTtNSt12domain_errorD1Ev
_ZGTtNSt12domain_errorD2Ev
_ZGTtNSt12length_errorC1EPKc
_ZGTtNSt12length_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12length_errorC2EPKc
_ZGTtNSt12length_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12length_errorD0Ev
_ZGTtNSt12length_errorD1Ev
_ZGTtNSt12length_errorD2Ev
_ZGTtNSt12out_of_rangeC1EPKc
_ZGTtNSt12out_of_rangeC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12out_of_rangeC2EPKc
_ZGTtNSt12out_of_rangeC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12out_of_rangeD0Ev
_ZGTtNSt12out_of_rangeD1Ev
_ZGTtNSt12out_of_rangeD2Ev
_ZGTtNSt13runtime_errorC1EPKc
_ZGTtNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt13runtime_errorC2EPKc
_ZGTtNSt13runtime_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt13runtime_errorD0Ev
_ZGTtNSt13runtime_errorD1Ev
_ZGTtNSt13runtime_errorD2Ev
_ZGTtNSt14overflow_errorC1EPKc
_ZGTtNSt14overflow_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt14overflow_errorC2EPKc
_ZGTtNSt14overflow_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt14overflow_errorD0Ev
_ZGTtNSt14overflow_errorD1Ev
_ZGTtNSt14overflow_errorD2Ev
_ZGTtNSt15underflow_errorC1EPKc
_ZGTtNSt15underflow_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt15underflow_errorC2EPKc
_ZGTtNSt15underflow_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt15underflow_errorD0Ev
_ZGTtNSt15underflow_errorD1Ev
_ZGTtNSt15underflow_errorD2Ev
_ZGTtNSt16invalid_argumentC1EPKc
_ZGTtNSt16invalid_argumentC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt16invalid_argumentC2EPKc
_ZGTtNSt16invalid_argumentC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt16invalid_argumentD0Ev
_ZGTtNSt16invalid_argumentD1Ev
_ZGTtNSt16invalid_argumentD2Ev
_ZGVN9__gnu_cxx16bitmap_allocatorIcE13_S_mem_blocksE
_ZGVN9__gnu_cxx16bitmap_allocatorIcE15_S_last_requestE
_ZGVN9__gnu_cxx16bitmap_allocatorIcE6_S_mutE
_ZGVN9__gnu_cxx16bitmap_allocatorIwE13_S_mem_blocksE
_ZGVN9__gnu_cxx16bitmap_allocatorIwE15_S_last_requestE
_ZGVN9__gnu_cxx16bitmap_allocatorIwE6_S_mutE
_ZGVNSt10moneypunctIcLb0EE2idE
_ZGVNSt10moneypunctIcLb1EE2idE
_ZGVNSt10moneypunctIwLb0EE2idE
_ZGVNSt10moneypunctIwLb1EE2idE
_ZGVNSt11__timepunctIcE2idE
_ZGVNSt11__timepunctIwE2idE
_ZGVNSt7__cxx1110moneypunctIcLb0EE2idE
_ZGVNSt7__cxx1110moneypunctIcLb1EE2idE
_ZGVNSt7__cxx1110moneypunctIwLb0EE2idE
_ZGVNSt7__cxx1110moneypunctIwLb1EE2idE
_ZGVNSt7__cxx117collateIcE2idE
_ZGVNSt7__cxx117collateIwE2idE
_ZGVNSt7__cxx118messagesIcE2idE
_ZGVNSt7__cxx118messagesIwE2idE
_ZGVNSt7__cxx118numpunctIcE2idE
_ZGVNSt7__cxx118numpunctIwE2idE
_ZGVNSt7__cxx118time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7__cxx118time_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt7__cxx119money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7__cxx119money_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt7__cxx119money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7__cxx119money_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt7collateIcE2idE
_ZGVNSt7collateIwE2idE
_ZGVNSt7num_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7num_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7num_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt8messagesIcE2idE
_ZGVNSt8messagesIwE2idE
_ZGVNSt8numpunctIcE2idE
_ZGVNSt8numpunctIwE2idE
_ZGVNSt8time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt8time_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt8time_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt9money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt9money_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt9money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt9money_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVZN9__gnu_cxx13__common_poolINS_6__poolELb1EE11_S_get_poolEvE7_S_pool
_ZGVZN9__gnu_cxx9free_list12_M_get_mutexEvE8_S_mutex
_ZGVZN9__gnu_cxx9free_list16_M_get_free_listEvE12_S_free_list
_ZN10__cxxabiv111__terminateEPFvvE
_ZN10__cxxabiv112__unexpectedEPFvvE
_ZN10__cxxabiv115__forced_unwindD0Ev
_ZN10__cxxabiv115__forced_unwindD1Ev
_ZN10__cxxabiv115__forced_unwindD2Ev
_ZN10__cxxabiv116__enum_type_infoD0Ev
_ZN10__cxxabiv116__enum_type_infoD1Ev
_ZN10__cxxabiv116__enum_type_infoD2Ev
_ZN10__cxxabiv117__array_type_infoD0Ev
_ZN10__cxxabiv117__array_type_infoD1Ev
_ZN10__cxxabiv117__array_type_infoD2Ev
_ZN10__cxxabiv117__class_type_infoD0Ev
_ZN10__cxxabiv117__class_type_infoD1Ev
_ZN10__cxxabiv117__class_type_infoD2Ev
_ZN10__cxxabiv117__pbase_type_infoD0Ev
_ZN10__cxxabiv117__pbase_type_infoD1Ev
_ZN10__cxxabiv117__pbase_type_infoD2Ev
_ZN10__cxxabiv119__foreign_exceptionD0Ev
_ZN10__cxxabiv119__foreign_exceptionD1Ev
_ZN10__cxxabiv119__foreign_exceptionD2Ev
_ZN10__cxxabiv119__pointer_type_infoD0Ev
_ZN10__cxxabiv119__pointer_type_infoD1Ev
_ZN10__cxxabiv119__pointer_type_infoD2Ev
_ZN10__cxxabiv119__terminate_handlerE
_ZN10__cxxabiv120__function_type_infoD0Ev
_ZN10__cxxabiv120__function_type_infoD1Ev
_ZN10__cxxabiv120__function_type_infoD2Ev
_ZN10__cxxabiv120__si_class_type_infoD0Ev
_ZN10__cxxabiv120__si_class_type_infoD1Ev
_ZN10__cxxabiv120__si_class_type_infoD2Ev
_ZN10__cxxabiv120__unexpected_handlerE
_ZN10__cxxabiv121__vmi_class_type_infoD0Ev
_ZN10__cxxabiv121__vmi_class_type_infoD1Ev
_ZN10__cxxabiv121__vmi_class_type_infoD2Ev
_ZN10__cxxabiv123__fundamental_type_infoD0Ev
_ZN10__cxxabiv123__fundamental_type_infoD1Ev
_ZN10__cxxabiv123__fundamental_type_infoD2Ev
_ZN10__cxxabiv129__pointer_to_member_type_infoD0Ev
_ZN10__cxxabiv129__pointer_to_member_type_infoD1Ev
_ZN10__cxxabiv129__pointer_to_member_type_infoD2Ev
_ZN11__gnu_debug19_Safe_iterator_base12_M_get_mutexEv
_ZN11__gnu_debug19_Safe_iterator_base16_M_attach_singleEPNS_19_Safe_sequence_baseEb
_ZN11__gnu_debug19_Safe_iterator_base16_M_detach_singleEv
_ZN11__gnu_debug19_Safe_iterator_base8_M_resetEv
_ZN11__gnu_debug19_Safe_iterator_base9_M_attachEPNS_19_Safe_sequence_baseEb
_ZN11__gnu_debug19_Safe_iterator_base9_M_detachEv
_ZN11__gnu_debug19_Safe_sequence_base12_M_get_mutexEv
_ZN11__gnu_debug19_Safe_sequence_base13_M_detach_allEv
_ZN11__gnu_debug19_Safe_sequence_base16_M_attach_singleEPNS_19_Safe_iterator_baseEb
_ZN11__gnu_debug19_Safe_sequence_base16_M_detach_singleEPNS_19_Safe_iterator_baseE
_ZN11__gnu_debug19_Safe_sequence_base18_M_detach_singularEv
_ZN11__gnu_debug19_Safe_sequence_base22_M_revalidate_singularEv
_ZN11__gnu_debug19_Safe_sequence_base7_M_swapERS0_
_ZN11__gnu_debug19_Safe_sequence_base9_M_attachEPNS_19_Safe_iterator_baseEb
_ZN11__gnu_debug19_Safe_sequence_base9_M_detachEPNS_19_Safe_iterator_baseE
_ZN11__gnu_debug25_Safe_local_iterator_base16_M_attach_singleEPNS_19_Safe_sequence_baseEb
_ZN11__gnu_debug25_Safe_local_iterator_base16_M_detach_singleEv
_ZN11__gnu_debug25_Safe_local_iterator_base9_M_attachEPNS_19_Safe_sequence_baseEb
_ZN11__gnu_debug25_Safe_local_iterator_base9_M_detachEv
_ZN11__gnu_debug30_Safe_unordered_container_base13_M_detach_allEv
_ZN11__gnu_debug30_Safe_unordered_container_base15_M_attach_localEPNS_19_Safe_iterator_baseEb
_ZN11__gnu_debug30_Safe_unordered_container_base15_M_detach_localEPNS_19_Safe_iterator_baseE
_ZN11__gnu_debug30_Safe_unordered_container_base22_M_attach_local_singleEPNS_19_Safe_iterator_baseEb
_ZN11__gnu_debug30_Safe_unordered_container_base22_M_detach_local_singleEPNS_19_Safe_iterator_baseE
_ZN11__gnu_debug30_Safe_unordered_container_base7_M_swapERS0_
_ZN14__gnu_internal12buf_cin_syncE
_ZN14__gnu_internal13buf_cerr_syncE
_ZN14__gnu_internal13buf_cout_syncE
_ZN14__gnu_internal13buf_wcin_syncE
_ZN14__gnu_internal14buf_wcerr_syncE
_ZN14__gnu_internal14buf_wcout_syncE
_ZN14__gnu_internal7buf_cinE
_ZN14__gnu_internal8buf_cerrE
_ZN14__gnu_internal8buf_coutE
_ZN14__gnu_internal8buf_wcinE
_ZN14__gnu_internal9buf_wcerrE
_ZN14__gnu_internal9buf_wcoutE
_ZN14__gnu_internal9get_mutexEh
_ZN14__gnu_parallel9_Settings3getEv
_ZN14__gnu_parallel9_Settings3setERS0_
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEE10deallocateEPcj
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEE14_M_get_optionsEv
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEE14_M_set_optionsENS_11__pool_base5_TuneE
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEE8allocateEjPKv
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEEC1ERKS4_
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEEC1Ev
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEEC2ERKS4_
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEEC2Ev
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEED1Ev
_ZN9__gnu_cxx10__mt_allocIcNS_20__common_pool_policyINS_6__poolELb1EEEED2Ev
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEE10deallocateEPwj
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEE14_M_get_optionsEv
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEE14_M_set_optionsENS_11__pool_base5_TuneE
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEE8allocateEjPKv
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEEC1ERKS4_
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEEC1Ev
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEEC2ERKS4_
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEEC2Ev
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEED1Ev
_ZN9__gnu_cxx10__mt_allocIwNS_20__common_pool_policyINS_6__poolELb1EEEED2Ev
_ZN9__gnu_cxx12__atomic_addEPVii
_ZN9__gnu_cxx12__pool_allocIcE10deallocateEPcj
_ZN9__gnu_cxx12__pool_allocIcE12_S_force_newE
_ZN9__gnu_cxx12__pool_allocIcE7destroyEPc
_ZN9__gnu_cxx12__pool_allocIcE8allocateEjPKv
_ZN9__gnu_cxx12__pool_allocIcE9constructEPcRKc
_ZN9__gnu_cxx12__pool_allocIcEC1ERKS1_
_ZN9__gnu_cxx12__pool_allocIcEC1Ev
_ZN9__gnu_cxx12__pool_allocIcEC2ERKS1_
_ZN9__gnu_cxx12__pool_allocIcEC2Ev
_ZN9__gnu_cxx12__pool_allocIcED1Ev
_ZN9__gnu_cxx12__pool_allocIcED2Ev
_ZN9__gnu_cxx12__pool_allocIwE10deallocateEPwj
_ZN9__gnu_cxx12__pool_allocIwE12_S_force_newE
_ZN9__gnu_cxx12__pool_allocIwE7destroyEPw
_ZN9__gnu_cxx12__pool_allocIwE8allocateEjPKv
_ZN9__gnu_cxx12__pool_allocIwE9constructEPwRKw
_ZN9__gnu_cxx12__pool_allocIwEC1ERKS1_
_ZN9__gnu_cxx12__pool_allocIwEC1Ev
_ZN9__gnu_cxx12__pool_allocIwEC2ERKS1_
_ZN9__gnu_cxx12__pool_allocIwEC2Ev
_ZN9__gnu_cxx12__pool_allocIwED1Ev
_ZN9__gnu_cxx12__pool_allocIwED2Ev
_ZN9__gnu_cxx13__scoped_lockD1Ev
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEE2fdEv
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEE4fileEv
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEE4swapERS3_
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEEC1EP6_iobufSt13_Ios_Openmodej
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEEC1EiSt13_Ios_Openmodej
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEEC1Ev
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEEC2EP6_iobufSt13_Ios_Openmodej
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEEC2EiSt13_Ios_Openmodej
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEEC2Ev
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEED0Ev
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEED1Ev
_ZN9__gnu_cxx13stdio_filebufIcSt11char_traitsIcEED2Ev
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEE2fdEv
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEE4fileEv
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEE4swapERS3_
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEEC1EP6_iobufSt13_Ios_Openmodej
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEEC1EiSt13_Ios_Openmodej
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEEC1Ev
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEEC2EP6_iobufSt13_Ios_Openmodej
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEEC2EiSt13_Ios_Openmodej
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEEC2Ev
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEED0Ev
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEED1Ev
_ZN9__gnu_cxx13stdio_filebufIwSt11char_traitsIwEED2Ev
_ZN9__gnu_cxx15__concat_size_tEPcjj
_ZN9__gnu_cxx15__snprintf_liteEPcjPKcS0_
_ZN9__gnu_cxx16bitmap_allocatorIcE10deallocateEPcj
_ZN9__gnu_cxx16bitmap_allocatorIcE13_S_block_sizeE
_ZN9__gnu_cxx16bitmap_allocatorIcE13_S_mem_blocksE
_ZN9__gnu_cxx16bitmap_allocatorIcE14_S_refill_poolEv
_ZN9__gnu_cxx16bitmap_allocatorIcE15_S_last_requestE
_ZN9__gnu_cxx16bitmap_allocatorIcE21_S_last_dealloc_indexE
_ZN9__gnu_cxx16bitmap_allocatorIcE25_M_allocate_single_objectEv
_ZN9__gnu_cxx16bitmap_allocatorIcE27_M_deallocate_single_objectEPc
_ZN9__gnu_cxx16bitmap_allocatorIcE6_S_mutE
_ZN9__gnu_cxx16bitmap_allocatorIcE7destroyEPc
_ZN9__gnu_cxx16bitmap_allocatorIcE8allocateEj
_ZN9__gnu_cxx16bitmap_allocatorIcE8allocateEjPKv
_ZN9__gnu_cxx16bitmap_allocatorIcE9constructEPcRKc
_ZN9__gnu_cxx16bitmap_allocatorIcEC1ERKS1_
_ZN9__gnu_cxx16bitmap_allocatorIcEC1Ev
_ZN9__gnu_cxx16bitmap_allocatorIcEC2ERKS1_
_ZN9__gnu_cxx16bitmap_allocatorIcEC2Ev
_ZN9__gnu_cxx16bitmap_allocatorIcED1Ev
_ZN9__gnu_cxx16bitmap_allocatorIcED2Ev
_ZN9__gnu_cxx16bitmap_allocatorIwE10deallocateEPwj
_ZN9__gnu_cxx16bitmap_allocatorIwE13_S_block_sizeE
_ZN9__gnu_cxx16bitmap_allocatorIwE13_S_mem_blocksE
_ZN9__gnu_cxx16bitmap_allocatorIwE14_S_refill_poolEv
_ZN9__gnu_cxx16bitmap_allocatorIwE15_S_last_requestE
_ZN9__gnu_cxx16bitmap_allocatorIwE21_S_last_dealloc_indexE
_ZN9__gnu_cxx16bitmap_allocatorIwE25_M_allocate_single_objectEv
_ZN9__gnu_cxx16bitmap_allocatorIwE27_M_deallocate_single_objectEPw
_ZN9__gnu_cxx16bitmap_allocatorIwE6_S_mutE
_ZN9__gnu_cxx16bitmap_allocatorIwE7destroyEPw
_ZN9__gnu_cxx16bitmap_allocatorIwE8allocateEj
_ZN9__gnu_cxx16bitmap_allocatorIwE8allocateEjPKv
_ZN9__gnu_cxx16bitmap_allocatorIwE9constructEPwRKw
_ZN9__gnu_cxx16bitmap_allocatorIwEC1ERKS1_
_ZN9__gnu_cxx16bitmap_allocatorIwEC1Ev
_ZN9__gnu_cxx16bitmap_allocatorIwEC2ERKS1_
_ZN9__gnu_cxx16bitmap_allocatorIwEC2Ev
_ZN9__gnu_cxx16bitmap_allocatorIwED1Ev
_ZN9__gnu_cxx16bitmap_allocatorIwED2Ev
_ZN9__gnu_cxx17__pool_alloc_base11_S_end_freeE
_ZN9__gnu_cxx17__pool_alloc_base12_M_get_mutexEv
_ZN9__gnu_cxx17__pool_alloc_base12_S_free_listE
_ZN9__gnu_cxx17__pool_alloc_base12_S_heap_sizeE
_ZN9__gnu_cxx17__pool_alloc_base13_S_start_freeE
_ZN9__gnu_cxx17__pool_alloc_base16_M_get_free_listEj
_ZN9__gnu_cxx17__pool_alloc_base17_M_allocate_chunkEjRi
_ZN9__gnu_cxx17__pool_alloc_base9_M_refillEj
_ZN9__gnu_cxx18__common_pool_baseINS_6__poolELb1EE13_S_initializeEv
_ZN9__gnu_cxx18__exchange_and_addEPVii
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE4fileEv
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE4swapERS3_
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE4syncEv
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE5uflowEv
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE6xsgetnEPci
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE6xsputnEPKci
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE7seekoffExSt12_Ios_SeekdirSt13_Ios_Openmode
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE7seekposESt4fposIiESt13_Ios_Openmode
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE8overflowEi
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE9pbackfailEi
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE9underflowEv
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEC1EOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEC1EP6_iobuf
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEC2EOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEC2EP6_iobuf
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEED0Ev
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEED1Ev
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEaSEOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE4fileEv
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE4swapERS3_
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE4syncEv
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE5uflowEv
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE6xsgetnEPwi
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE6xsputnEPKwi
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE7seekoffExSt12_Ios_SeekdirSt13_Ios_Openmode
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE7seekposESt4fposIiESt13_Ios_Openmode
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE8overflowEt
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE9pbackfailEt
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE9underflowEv
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEC1EOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEC1EP6_iobuf
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEC2EOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEC2EP6_iobuf
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEED0Ev
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEED1Ev
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEaSEOS3_
_ZN9__gnu_cxx19__function_requiresINS_19_ConvertibleConceptIjjEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_21_InputIteratorConceptIPKcEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_21_InputIteratorConceptIPKwEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_21_InputIteratorConceptIPcEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_21_InputIteratorConceptIPwEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_22_OutputIteratorConceptISt19ostreambuf_iteratorIcSt11char_traitsIcEEcEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_22_OutputIteratorConceptISt19ostreambuf_iteratorIwSt11char_traitsIwEEwEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_26_LessThanComparableConceptIPcEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_26_LessThanComparableConceptIPwEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_26_LessThanComparableConceptIiEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_26_LessThanComparableConceptIjEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_26_LessThanComparableConceptIlEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_26_LessThanComparableConceptIxEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_28_RandomAccessIteratorConceptINS_17__normal_iteratorIPKcSsEEEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_28_RandomAccessIteratorConceptINS_17__normal_iteratorIPKwSbIwSt11char_traitsIwESaIwEEEEEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_28_RandomAccessIteratorConceptINS_17__normal_iteratorIPcSsEEEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_28_RandomAccessIteratorConceptINS_17__normal_iteratorIPwSbIwSt11char_traitsIwESaIwEEEEEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_28_RandomAccessIteratorConceptIPKcEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_28_RandomAccessIteratorConceptIPKwEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_28_RandomAccessIteratorConceptIPcEEEEvv
_ZN9__gnu_cxx19__function_requiresINS_28_RandomAccessIteratorConceptIPwEEEEvv
_ZN9__gnu_cxx20recursive_init_errorD0Ev
_ZN9__gnu_cxx20recursive_init_errorD1Ev
_ZN9__gnu_cxx20recursive_init_errorD2Ev
_ZN9__gnu_cxx24__concurrence_lock_errorD0Ev
_ZN9__gnu_cxx24__concurrence_lock_errorD1Ev
_ZN9__gnu_cxx24__concurrence_wait_errorD0Ev
_ZN9__gnu_cxx24__concurrence_wait_errorD1Ev
_ZN9__gnu_cxx26__aux_require_boolean_exprIbEEvRKT_
_ZN9__gnu_cxx26__concurrence_unlock_errorD0Ev
_ZN9__gnu_cxx26__concurrence_unlock_errorD1Ev
_ZN9__gnu_cxx26__throw_insufficient_spaceEPKcS1_
_ZN9__gnu_cxx27__verbose_terminate_handlerEv
_ZN9__gnu_cxx29__concurrence_broadcast_errorD0Ev
_ZN9__gnu_cxx29__concurrence_broadcast_errorD1Ev
_ZN9__gnu_cxx30__throw_concurrence_lock_errorEv
_ZN9__gnu_cxx32__throw_concurrence_unlock_errorEv
_ZN9__gnu_cxx35__throw_concurrence_broadcast_errorEv
_ZN9__gnu_cxx4ropeIcSaIcEE10_S_min_lenE
_ZN9__gnu_cxx4ropeIcSaIcEE8_S_fetchEPNS_13_Rope_RopeRepIcS1_EEj
_ZN9__gnu_cxx4ropeIwSaIwEE10_S_min_lenE
_ZN9__gnu_cxx4ropeIwSaIwEE8_S_fetchEPNS_13_Rope_RopeRepIwS1_EEj
_ZN9__gnu_cxx6__poolILb0EE10_M_destroyEv
_ZN9__gnu_cxx6__poolILb0EE13_M_initializeEv
_ZN9__gnu_cxx6__poolILb0EE16_M_reclaim_blockEPcj
_ZN9__gnu_cxx6__poolILb0EE16_M_reserve_blockEjj
_ZN9__gnu_cxx6__poolILb1EE10_M_destroyEv
_ZN9__gnu_cxx6__poolILb1EE13_M_initializeEPFvPvE
_ZN9__gnu_cxx6__poolILb1EE13_M_initializeEv
_ZN9__gnu_cxx6__poolILb1EE16_M_get_thread_idEv
_ZN9__gnu_cxx6__poolILb1EE16_M_reclaim_blockEPcj
_ZN9__gnu_cxx6__poolILb1EE16_M_reserve_blockEjj
_ZN9__gnu_cxx6__poolILb1EE21_M_destroy_thread_keyEPv
_ZN9__gnu_cxx8__detail13__lower_boundIPPjjNS_9free_list19_LT_pointer_compareEEET_S6_S6_RKT0_T1_
_ZN9__gnu_cxx8__detail13__mini_vectorIPjE10deallocateEPS2_j
_ZN9__gnu_cxx8__detail13__mini_vectorIPjE5clearEv
_ZN9__gnu_cxx8__detail13__mini_vectorIPjE5eraseEPS2_
_ZN9__gnu_cxx8__detail13__mini_vectorIPjE6insertEPS2_RKS2_
_ZN9__gnu_cxx8__detail13__mini_vectorIPjE8allocateEj
_ZN9__gnu_cxx8__detail13__mini_vectorIPjE8pop_backEv
_ZN9__gnu_cxx8__detail13__mini_vectorIPjE9push_backERKS2_
_ZN9__gnu_cxx8__detail13__mini_vectorIPjEC1Ev
_ZN9__gnu_cxx8__detail13__mini_vectorIPjEC2Ev
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIcE12_Alloc_blockES6_EE10deallocateEPS7_j
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIcE12_Alloc_blockES6_EE5clearEv
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIcE12_Alloc_blockES6_EE5eraseEPS7_
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIcE12_Alloc_blockES6_EE6insertEPS7_RKS7_
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIcE12_Alloc_blockES6_EE8allocateEj
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIcE12_Alloc_blockES6_EE8pop_backEv
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIcE12_Alloc_blockES6_EE9push_backERKS7_
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIcE12_Alloc_blockES6_EEC1Ev
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIcE12_Alloc_blockES6_EEC2Ev
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIwE12_Alloc_blockES6_EE10deallocateEPS7_j
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIwE12_Alloc_blockES6_EE5clearEv
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIwE12_Alloc_blockES6_EE5eraseEPS7_
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIwE12_Alloc_blockES6_EE6insertEPS7_RKS7_
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIwE12_Alloc_blockES6_EE8allocateEj
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIwE12_Alloc_blockES6_EE8pop_backEv
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIwE12_Alloc_blockES6_EE9push_backERKS7_
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIwE12_Alloc_blockES6_EEC1Ev
_ZN9__gnu_cxx8__detail13__mini_vectorISt4pairIPNS_16bitmap_allocatorIwE12_Alloc_blockES6_EEC2Ev
_ZN9__gnu_cxx9__freeresEv
_ZN9__gnu_cxx9free_list6_M_getEj
_ZN9__gnu_cxx9free_list8_M_clearEv
_ZN9__gnu_cxxeqIPKcNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEEbRKNS_17__normal_iteratorIT_T0_EESE_
_ZN9__gnu_cxxeqIPKcSsEEbRKNS_17__normal_iteratorIT_T0_EES8_
_ZN9__gnu_cxxeqIPKwNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEEEEbRKNS_17__normal_iteratorIT_T0_EESE_
_ZN9__gnu_cxxeqIPKwSbIwSt11char_traitsIwESaIwEEEEbRKNS_17__normal_iteratorIT_T0_EESC_
_ZN9__gnu_cxxeqIPcNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEEbRKNS_17__normal_iteratorIT_T0_EESD_
_ZN9__gnu_cxxeqIPcSsEEbRKNS_17__normal_iteratorIT_T0_EES7_
_ZN9__gnu_cxxeqIPwNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEEEEbRKNS_17__normal_iteratorIT_T0_EESD_
_ZN9__gnu_cxxeqIPwSbIwSt11char_traitsIwESaIwEEEEbRKNS_17__normal_iteratorIT_T0_EESB_
_ZNK10__cxxabiv117__class_type_info10__do_catchEPKSt9type_infoPPvj
_ZNK10__cxxabiv117__class_type_info11__do_upcastEPKS0_PKvRNS0_15__upcast_resultE
_ZNK10__cxxabiv117__class_type_info11__do_upcastEPKS0_PPv
_ZNK10__cxxabiv117__class_type_info12__do_dyncastEiNS0_10__sub_kindEPKS0_PKvS3_S5_RNS0_16__dyncast_resultE
_ZNK10__cxxabiv117__class_type_info20__do_find_public_srcEiPKvPKS0_S2_
_ZNK10__cxxabiv117__pbase_type_info10__do_catchEPKSt9type_infoPPvj
_ZNK10__cxxabiv117__pbase_type_info15__pointer_catchEPKS0_PPvj
_ZNK10__cxxabiv119__pointer_type_info14__is_pointer_pEv
_ZNK10__cxxabiv119__pointer_type_info15__pointer_catchEPKNS_17__pbase_type_infoEPPvj
_ZNK10__cxxabiv120__function_type_info15__is_function_pEv
_ZNK10__cxxabiv120__si_class_type_info11__do_upcastEPKNS_17__class_type_infoEPKvRNS1_15__upcast_resultE
_ZNK10__cxxabiv120__si_class_type_info12__do_dyncastEiNS_17__class_type_info10__sub_kindEPKS1_PKvS4_S6_RNS1_16__dyncast_resultE
_ZNK10__cxxabiv120__si_class_type_info20__do_find_public_srcEiPKvPKNS_17__class_type_infoES2_
_ZNK10__cxxabiv121__vmi_class_type_info11__do_upcastEPKNS_17__class_type_infoEPKvRNS1_15__upcast_resultE
_ZNK10__cxxabiv121__vmi_class_type_info12__do_dyncastEiNS_17__class_type_info10__sub_kindEPKS1_PKvS4_S6_RNS1_16__dyncast_resultE
_ZNK10__cxxabiv121__vmi_class_type_info20__do_find_public_srcEiPKvPKNS_17__class_type_infoES2_
_ZNK10__cxxabiv129__pointer_to_member_type_info15__pointer_catchEPKNS_17__pbase_type_infoEPPvj
_ZNK11__gnu_debug16_Error_formatter10_M_messageENS_13_Debug_msg_idE
_ZNK11__gnu_debug16_Error_formatter10_Parameter14_M_print_fieldEPKS0_PKc
_ZNK11__gnu_debug16_Error_formatter10_Parameter20_M_print_descriptionEPKS0_
_ZNK11__gnu_debug16_Error_formatter13_M_print_wordEPKc
_ZNK11__gnu_debug16_Error_formatter14_M_format_wordIPKcEEvPciS3_T_
_ZNK11__gnu_debug16_Error_formatter14_M_format_wordIPKvEEvPciPKcT_
_ZNK11__gnu_debug16_Error_formatter14_M_format_wordIjEEvPciPKcT_
_ZNK11__gnu_debug16_Error_formatter14_M_format_wordIlEEvPciPKcT_
_ZNK11__gnu_debug16_Error_formatter15_M_print_stringEPKc
_ZNK11__gnu_debug16_Error_formatter17_M_get_max_lengthEv
_ZNK11__gnu_debug16_Error_formatter8_M_errorEv
_ZNK11__gnu_debug19_Safe_iterator_base11_M_singularEv
_ZNK11__gnu_debug19_Safe_iterator_base14_M_can_compareERKS0_
_ZNK11__gnu_debug25_Safe_local_iterator_base16_M_get_containerEv
_ZNK9__gnu_cxx12__pool_allocIcE7addressERKc
_ZNK9__gnu_cxx12__pool_allocIcE7addressERc
_ZNK9__gnu_cxx12__pool_allocIcE8max_sizeEv
_ZNK9__gnu_cxx12__pool_allocIwE7addressERKw
_ZNK9__gnu_cxx12__pool_allocIwE7addressERw
_ZNK9__gnu_cxx12__pool_allocIwE8max_sizeEv
_ZNK9__gnu_cxx16bitmap_allocatorIcE7addressERKc
_ZNK9__gnu_cxx16bitmap_allocatorIcE7addressERc
_ZNK9__gnu_cxx16bitmap_allocatorIcE8max_sizeEv
_ZNK9__gnu_cxx16bitmap_allocatorIwE7addressERKw
_ZNK9__gnu_cxx16bitmap_allocatorIwE7addressERw
_ZNK9__gnu_cxx16bitmap_allocatorIwE8max_sizeEv
_ZNK9__gnu_cxx24__concurrence_lock_error4whatEv
_ZNK9__gnu_cxx24__concurrence_wait_error4whatEv
_ZNK9__gnu_cxx26__concurrence_unlock_error4whatEv
_ZNK9__gnu_cxx29__concurrence_broadcast_error4whatEv
_ZNK9__gnu_cxx8__detail13__mini_vectorIPjE13_M_space_leftEv

Sections

.text
Size: 208KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 44KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 350KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7zS8A52FD1B/libwinpthread-1.dll
.dll windows x86

fc24104becbbff1210c7fd71e49c8b5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

___lc_codepage_func
__dllonexit
__mb_cur_max
_amsg_exit
_beginthreadex
_endthreadex
_errno
_ftime
_initterm
_iob
_lock
_onexit
_setjmp3
_unlock
abort
calloc
exit
fprintf
fputc
free
getenv
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
strerror
strlen
strncmp
wcslen

Exports

Exports

__pth_gpointer_locked
__pthread_clock_nanosleep
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
clock_getres
clock_gettime
clock_nanosleep
clock_settime
nanosleep
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zS8A52FD1B/setup_install.exe
.exe windows x86

9d849e0cc2d9a3b680d96d4152e71ec4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__pioinfo
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fstat64
_initterm
_iob
_lseeki64
_onexit
_popen
_read
_strnicmp
_write
_write
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getenv
getwc
isspace
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
realloc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strncmp
strtoul
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

libwinpthread-1

pthread_cond_broadcast
pthread_cond_wait
pthread_getspecific
pthread_key_create
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

user32

FindWindowA
ShowWindow

Sections

.text
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

3AlL!| Size: 24KB - Virtual size: 24KB

.text Size: 28KB - Virtual size: 28KB

.rsrc Size: 102KB - Virtual size: 102KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 180KB - Virtual size: 180KB

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 512B - Virtual size: 12B

cd8430e1ebe09a39fed57f14fe148292

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 40KB - Virtual size: 37KB

52d4b77743751abbeb4702a29196fe32

Code Sign

6a:81:17:6c:ae:7c:b2:fe:a1:f5:8f:3d:02:fd:00Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ad:15:f5:19:c2:2a:b4:27:0a:1d:7c:dc:14:3d:00:41:9e:12:e4:f9:4b:4a:f1:ca:ec:38:c9:4f:b1:bf:de:6bSigner

Signature Validations

Verification

08-06-2022 18:46 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 203KB - Virtual size: 203KB

.reloc Size: 17KB - Virtual size: 16KB

4681ca2694bc7221d2898efdb737c063

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

3AlL!|
Size: 24KB - Virtual size: 24KB

.text
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 102KB - Virtual size: 102KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 180KB - Virtual size: 180KB

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 40KB - Virtual size: 37KB

6a:81:17:6c:ae:7c:b2:fe:a1:f5:8f:3d:02:fd:00
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ad:15:f5:19:c2:2a:b4:27:0a:1d:7c:dc:14:3d:00:41:9e:12:e4:f9:4b:4a:f1:ca:ec:38:c9:4f:b1:bf:de:6b
Signer

08-06-2022 18:46
Valid: false

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 203KB - Virtual size: 203KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: 87KB - Virtual size: 87KB

.data
Size: 65KB - Virtual size: 4.8MB

.fis
Size: 3KB - Virtual size: 2KB

.sixi
Size: 1024B - Virtual size: 624B

.xek
Size: 512B - Virtual size: 23B

.zifec
Size: 1024B - Virtual size: 963B

.rsrc
Size: 13KB - Virtual size: 13KB

.text
Size: 193KB - Virtual size: 193KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 142KB

.gfids
Size: 512B - Virtual size: 232B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 203KB - Virtual size: 202KB

.data
Size: 65KB - Virtual size: 4.8MB

.guyasew
Size: 3KB - Virtual size: 2KB

.pocoha
Size: 1024B - Virtual size: 624B

.bigah
Size: 512B - Virtual size: 23B

.wuzij
Size: 1024B - Virtual size: 963B

.rsrc
Size: 13KB - Virtual size: 13KB

.text
Size: - Virtual size: 871KB

.rdata
Size: - Virtual size: 212KB

.data
Size: - Virtual size: 37KB

.pdata
Size: - Virtual size: 32KB

_RDATA
Size: - Virtual size: 244B

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 512B - Virtual size: 469B