Static task
static1
Behavioral task
behavioral1
Sample
BTD5-Win.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
BTD5-Win.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
BTD5-Win.exe
-
Size
11.4MB
-
MD5
a942334e330137d29ce21e795a1fb043
-
SHA1
ddc8f1ddfaf6dd135b03250d36f7f515376f3404
-
SHA256
46d296427b186f9de6480a824485c00f5a760763bc73516cac04c76dcaa955e8
-
SHA512
e59710a5d8b68c8ee461467bc2d2ff86564761e2816167e93807ca57ec69b591dd54f79191a48a8e33b6da63b3a561066c85706a14bfe549f55fd4df0e8aa426
-
SSDEEP
196608:QNH8gnEM/o7ngjOsJON4loj+ceNURt0YVASrfXdGPpkF3h:QF8gEb7nhsJOV7AEs
Malware Config
Signatures
Files
-
BTD5-Win.exe.exe windows x86
562a01474e907b563c0f18b86eae20b5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
opengl32
wglGetProcAddress
wglGetCurrentContext
wglMakeCurrent
wglDeleteContext
wglCreateContext
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
comctl32
InitCommonControlsEx
steam_api
SteamAPI_UnregisterCallResult
SteamAPI_WriteMiniDump
SteamInternal_FindOrCreateUserInterface
SteamAPI_RestartAppIfNecessary
SteamAPI_SetMiniDumpComment
SteamAPI_GetHSteamUser
SteamAPI_RegisterCallResult
SteamInternal_ContextInit
SteamAPI_RunCallbacks
SteamAPI_IsSteamRunning
SteamAPI_Shutdown
SteamAPI_Init
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
kernel32
HeapFree
WaitForSingleObjectEx
HeapAlloc
GetProcessHeap
GetCurrentThreadId
GetCurrentProcess
GetModuleFileNameW
CreateFileW
Sleep
GetCurrentProcessId
GetSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
LoadLibraryW
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
DuplicateHandle
CreateSemaphoreA
GetSystemTimeAsFileTime
GetVersionExW
GetSystemDefaultLocaleName
GetTickCount64
K32GetProcessMemoryInfo
QueryPerformanceFrequency
GlobalAlloc
RaiseException
GlobalLock
FreeLibrary
QueryPerformanceCounter
GlobalUnlock
OpenEventA
ResetEvent
GetLastError
TlsAlloc
TlsFree
GetModuleHandleA
GetTickCount
OutputDebugStringA
FlushFileBuffers
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
ReadFile
WaitForMultipleObjects
SetFilePointer
CreateEventW
CreateEventA
GetOverlappedResult
LoadLibraryExW
SetWaitableTimer
TlsSetValue
SetLastError
ResumeThread
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
MultiByteToWideChar
TerminateThread
QueueUserAPC
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleHandleW
CreateWaitableTimerW
CloseHandle
SetEvent
CreateWaitableTimerA
WaitForMultipleObjectsEx
GetModuleFileNameA
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
PeekNamedPipe
GetFileType
GetStdHandle
InitializeCriticalSectionEx
FormatMessageA
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
AreFileApisANSI
DeviceIoControl
GetFileAttributesW
ReadFileEx
EnterCriticalSection
CreateDirectoryW
FormatMessageW
SystemTimeToFileTime
user32
SendMessageW
SetWindowLongW
SetCursor
ReleaseDC
LoadIconW
TranslateMessage
PeekMessageW
ShowCursor
UpdateWindow
LoadImageW
SystemParametersInfoW
GetDesktopWindow
ToUnicode
GetClientRect
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
ShowWindow
GetKeyboardState
LoadStringW
RegisterClassExW
ScreenToClient
CreateWindowExW
MessageBoxW
SetWindowPos
DispatchMessageW
GetDC
DestroyWindow
GetWindowRect
MapVirtualKeyW
PostMessageW
AdjustWindowRectEx
DefWindowProcW
SetClipboardData
GetCursorInfo
gdi32
ChoosePixelFormat
GetDeviceCaps
SetPixelFormat
SwapBuffers
shell32
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW
ole32
CoSetProxyBlanket
CoInitialize
CoCreateInstance
CoUninitialize
oleaut32
VariantClear
msvcp140
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?do_length@?$codecvt@_WDU_Mbstatet@@@std@@MBEHAAU_Mbstatet@@PBD1I@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?_Xlength_error@std@@YAXPBD@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?toupper@?$ctype@D@std@@QBEDD@Z
??Bid@locale@std@@QAEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7_Facet_base@std@@6B@
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?classic@locale@std@@SAABV12@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??_7codecvt_base@std@@6B@
??_7facet@locale@std@@6B@
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
??1codecvt_base@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??1_Facet_base@std@@UAE@XZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Xtime_get_ticks
_Cnd_signal
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Thrd_sleep
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_detach
_Mtx_destroy
_Cnd_init
_Cnd_destroy_in_situ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PAV32@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?exceptions@ios_base@std@@QAEXH@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
dbghelp
MiniDumpWriteDump
ws2_32
recvfrom
send
socket
recv
getpeername
sendto
ioctlsocket
freeaddrinfo
htons
__WSAFDIsSet
WSAIoctl
WSASendTo
WSARecvFrom
accept
WSAStartup
WSACleanup
select
bind
closesocket
WSASend
ntohl
shutdown
listen
WSASetLastError
WSAStringToAddressW
WSASocketW
getaddrinfo
getsockname
ntohs
connect
WSAAddressToStringW
WSARecv
getsockopt
gethostname
WSAGetLastError
setsockopt
htonl
mswsock
AcceptEx
GetAcceptExSockaddrs
vcruntime140
memset
_except_handler4_common
__CxxLongjmpUnwind
strrchr
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
__CxxFrameHandler3
__std_type_info_name
__std_terminate
_setjmp3
longjmp
memcpy
strstr
_set_se_translator
__RTtypeid
memchr
__std_type_info_compare
_purecall
__std_exception_copy
memmove
__std_exception_destroy
strchr
__RTDynamicCast
api-ms-win-crt-utility-l1-1-0
srand
rand
qsort
api-ms-win-crt-runtime-l1-1-0
_getpid
strerror_s
_beginthreadex
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
__sys_nerr
exit
_invalid_parameter_noinfo
_controlfp_s
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_invalid_parameter_noinfo_noreturn
_exit
_errno
_initterm_e
_initterm
abort
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
strerror
_crt_atexit
system
api-ms-win-crt-time-l1-1-0
clock
_mktime64
_gmtime64
strftime
_time64
_localtime64
_difftime64
api-ms-win-crt-math-l1-1-0
round
_except1
modf
frexp
floor
__setusermatherr
_libm_sse2_pow_precise
_CIfmod
roundf
_dtest
ceil
fminf
_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_log_precise
_libm_sse2_log10_precise
_libm_sse2_exp_precise
_libm_sse2_cos_precise
_libm_sse2_asin_precise
_libm_sse2_acos_precise
_CItanh
_CIsinh
_CIcosh
_CIatan2
ldexp
api-ms-win-crt-convert-l1-1-0
strtof
strtol
mbstowcs
strtoll
atoi
strtod
strtoul
atof
api-ms-win-crt-string-l1-1-0
strncat
isupper
islower
isgraph
strncmp
strpbrk
strspn
ispunct
isalpha
isprint
isdigit
toupper
strcoll
iscntrl
isxdigit
_stricmp
isalnum
_strdup
tolower
isspace
strncpy
iswprint
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf
_set_fmode
__p__commode
_fileno
__stdio_common_vfprintf
fputc
freopen
fread
fopen
ferror
feof
__acrt_iob_func
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
fflush
fclose
_open
_close
_write
_read
rewind
setvbuf
fgetpos
puts
__stdio_common_vswprintf
fwrite
__stdio_common_vsprintf_p
_get_osfhandle
__stdio_common_vsscanf
fgetc
__stdio_common_vsnprintf_s
fseek
tmpnam
ftell
fgets
fputs
tmpfile
_popen
_pclose
_ftelli64
clearerr
__stdio_common_vsprintf_s
_lseeki64
getc
api-ms-win-crt-heap-l1-1-0
malloc
calloc
realloc
_set_new_mode
_callnewh
free
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
_access
remove
_fstat64
rename
_stat64
api-ms-win-crt-locale-l1-1-0
setlocale
_configthreadlocale
localeconv
xinput1_3
ord2
winmm
mmioOpenW
mmioAdvance
mmioAscend
mmioSetInfo
mmioClose
mmioSeek
mmioGetInfo
mmioRead
mmioDescend
wininet
InternetGetConnectedState
shlwapi
PathFindFileNameW
PathRemoveExtensionW
advapi32
CryptCreateHash
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptEncrypt
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-multibyte-l1-1-0
_mbschr
_mbspbrk
_mbsnbcpy
wldap32
ord41
ord301
ord200
ord30
ord79
ord35
ord143
ord46
ord211
ord60
ord45
ord50
ord22
ord26
ord27
ord32
ord33
crypt32
CertFreeCertificateContext
Sections
.text Size: 7.8MB - Virtual size: 7.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 500KB - Virtual size: 1018KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 25B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 244KB - Virtual size: 244KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 880KB - Virtual size: 880KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.bind Size: 166KB - Virtual size: 166KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ