Extracted

• 3237ec73a4f16533fd2c3fb92b3caf43e42b5c9f11d61a5f8576a86c478f0b55_unpacked_x64

  .dll windows x64

  50dcf9bae0972d35371308a5a1f17a75

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  ntdll

  NtCreateSection

  NtMapViewOfSection

  sprintf

  ZwQueryInformationToken

  ZwOpenProcess

  ZwClose

  RtlFreeUnicodeString

  ZwOpenProcessToken

  RtlConvertSidToUnicodeString

  strcpy

  NtGetContextThread

  ZwQueryInformationProcess

  RtlNtStatusToDosError

  NtSetContextThread

  wcsncat

  memcpy

  _wcsupr

  _strupr

  strstr

  wcscpy

  memset

  wcstombs

  RtlAdjustPrivilege

  mbstowcs

  NtUnmapViewOfSection

  __C_specific_handler

  kernel32

  GlobalLock

  GetThreadContext

  GetVersionExA

  VerLanguageNameW

  GetLocaleInfoW

  GetComputerNameW

  QueueUserWorkItem

  WriteProcessMemory

  GetModuleFileNameA

  GetLocalTime

  VirtualAllocEx

  VirtualAlloc

  CreateFileA

  lstrlenA

  HeapAlloc

  HeapFree

  WriteFile

  lstrcatA

  CreateDirectoryA

  GetLastError

  RemoveDirectoryA

  LoadLibraryA

  CloseHandle

  DeleteFileA

  lstrcpyA

  HeapReAlloc

  SetEvent

  GetTickCount

  HeapDestroy

  HeapCreate

  SetWaitableTimer

  GetCurrentProcess

  CreateDirectoryW

  GetCurrentThread

  GetSystemTimeAsFileTime

  GetWindowsDirectoryA

  Sleep

  CopyFileW

  CreateEventA

  lstrlenW

  GetProcAddress

  GetModuleHandleA

  lstrcatW

  GetCurrentThreadId

  DeleteFileW

  GetCurrentProcessId

  GetTempPathA

  SuspendThread

  ResumeThread

  lstrcpyW

  CreateThread

  MapViewOfFile

  UnmapViewOfFile

  WaitForSingleObject

  WideCharToMultiByte

  LeaveCriticalSection

  EnterCriticalSection

  WaitForMultipleObjects

  CreateMutexA

  ReleaseMutex

  CreateWaitableTimerA

  SwitchToThread

  UnregisterWait

  LoadLibraryExW

  SetLastError

  RegisterWaitForSingleObject

  GetFileSize

  GetDriveTypeW

  GetLogicalDriveStringsW

  GetFileAttributesA

  GetExitCodeProcess

  GetFileAttributesW

  CreateProcessA

  CreateFileW

  GetTempFileNameA

  CreateFileMappingA

  OpenFileMappingA

  lstrcpynA

  ReadProcessMemory

  GlobalUnlock

  lstrcmpiA

  Thread32First

  Thread32Next

  QueueUserAPC

  OpenThread

  CreateToolhelp32Snapshot

  CallNamedPipeA

  WaitNamedPipeA

  ConnectNamedPipe

  ReadFile

  GetOverlappedResult

  DisconnectNamedPipe

  FlushFileBuffers

  CreateNamedPipeA

  CancelIo

  GetSystemTime

  lstrcmpW

  SleepEx

  InitializeCriticalSection

  ResetEvent

  SetEndOfFile

  LocalAlloc

  LocalFree

  FreeLibrary

  RaiseException

  OpenProcess

  CreateRemoteThread

  VirtualFree

  GetSystemDefaultUILanguage

  GetVersion

  DeleteCriticalSection

  VirtualProtect

  lstrcmpA

  ExpandEnvironmentStringsW

  FindNextFileW

  FindNextFileA

  FindClose

  FindFirstFileA

  ExpandEnvironmentStringsA

  SetFilePointer

  FindFirstFileW

  VirtualProtectEx

  Exports

  Exports

  CreateProcessNotify

  Sections

  .text

  Size: 107KB - Virtual size: 106KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 13KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ