Extracted

• 2013911086eeba13ee90a57d81a27fabdab52e9896f0ec55e7b9aec0528c57b7_unpacked_x64

  .dll windows x64

  5014e587c9b067fe58ef1ad53d43de29

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  ntdll

  ZwOpenProcessToken

  ZwClose

  ZwQueryInformationToken

  ZwOpenProcess

  strcpy

  NtQuerySystemInformation

  RtlNtStatusToDosError

  ZwQueryInformationProcess

  RtlImageNtHeader

  _wcsupr

  _snprintf

  memmove

  memset

  wcscpy

  RtlFreeUnicodeString

  ZwQueryKey

  RtlUpcaseUnicodeString

  wcstombs

  RtlAdjustPrivilege

  mbstowcs

  memcpy

  NtCreateSection

  NtUnmapViewOfSection

  NtMapViewOfSection

  _strupr

  sprintf

  __C_specific_handler

  __chkstk

  kernel32

  GetDriveTypeW

  GetComputerNameW

  VirtualProtectEx

  QueueUserWorkItem

  CompareFileTime

  FindFirstFileA

  GetFileTime

  FindNextFileA

  ExpandEnvironmentStringsA

  GetLocalTime

  QueryPerformanceFrequency

  QueryPerformanceCounter

  GetModuleFileNameA

  CreateDirectoryA

  GetLastError

  HeapFree

  RemoveDirectoryA

  CloseHandle

  LoadLibraryA

  CreateFileA

  DeleteFileA

  lstrcpyA

  lstrlenA

  lstrcatA

  WriteFile

  HeapAlloc

  HeapDestroy

  HeapCreate

  SetEvent

  HeapReAlloc

  GetTickCount

  GetTempPathA

  WaitForSingleObject

  SuspendThread

  OpenProcess

  ResumeThread

  lstrcmpiW

  lstrcpyW

  GetModuleHandleA

  CreateThread

  lstrcatW

  SwitchToThread

  CreateFileW

  Sleep

  CopyFileW

  GetCurrentThreadId

  SetWaitableTimer

  DuplicateHandle

  GetCurrentThread

  lstrlenW

  GetSystemTimeAsFileTime

  CreateEventA

  GetWindowsDirectoryA

  DeleteFileW

  CreateDirectoryW

  SetLastError

  lstrcmpiA

  WaitForMultipleObjects

  lstrcmpA

  ResetEvent

  CreateMutexA

  OpenWaitableTimerA

  MapViewOfFile

  OpenMutexA

  UnmapViewOfFile

  ReleaseMutex

  GetVersionExA

  CreateWaitableTimerA

  LeaveCriticalSection

  InitializeCriticalSection

  EnterCriticalSection

  LoadLibraryExW

  TlsSetValue

  VirtualAlloc

  UnregisterWait

  VirtualProtect

  RegisterWaitForSingleObject

  TlsAlloc

  TlsGetValue

  GetProcAddress

  GetLogicalDriveStringsW

  OpenFileMappingA

  GetExitCodeProcess

  LocalFree

  CreateProcessA

  GetFileSize

  CreateFileMappingA

  VirtualFree

  WideCharToMultiByte

  lstrcpynA

  QueueUserAPC

  OpenThread

  Thread32Next

  Thread32First

  CreateToolhelp32Snapshot

  GetOverlappedResult

  CancelIo

  DisconnectNamedPipe

  FlushFileBuffers

  CallNamedPipeA

  CreateNamedPipeA

  GetSystemTime

  WaitNamedPipeA

  ReadFile

  ConnectNamedPipe

  AddVectoredExceptionHandler

  SleepEx

  OpenEventA

  RemoveVectoredExceptionHandler

  LocalAlloc

  FreeLibrary

  RaiseException

  GetModuleFileNameW

  GetCurrentProcessId

  GetVersion

  DeleteCriticalSection

  ExpandEnvironmentStringsW

  GetTempFileNameA

  SetEndOfFile

  SetFilePointer

  RemoveDirectoryW

  FindFirstFileW

  FindNextFileW

  FindClose

  GetFileAttributesW

  SetFilePointerEx

  oleaut32

  VariantClear

  SysFreeString

  SysAllocString

  VariantInit

  Sections

  .text

  Size: 159KB - Virtual size: 159KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 19KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ