Extracted

• file.exe

  .exe windows x86

  66aeb47c1a9ff80438a704dfe52ed185

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetLocaleInfoA

  FreeResource

  SetCurrentDirectoryA

  CreateToolhelp32Snapshot

  MultiByteToWideChar

  Sleep

  GetTempPathA

  GetModuleHandleExA

  GetTimeZoneInformation

  GetTickCount64

  CopyFileA

  GetLastError

  GetFileAttributesA

  TzSpecificLocalTimeToSystemTime

  CreateFileA

  LoadLibraryA

  GetVersionExA

  LockResource

  DeleteFileA

  Process32Next

  CloseHandle

  GetSystemInfo

  GetWindowsDirectoryA

  LoadResource

  SetFileAttributesA

  GetLocalTime

  GetProcAddress

  LocalFree

  RemoveDirectoryA

  GetCurrentProcessId

  GlobalMemoryStatusEx

  FreeLibrary

  WideCharToMultiByte

  CreateDirectoryA

  GetSystemTime

  GetPrivateProfileStringA

  IsWow64Process

  GetComputerNameA

  SetUnhandledExceptionFilter

  lstrcpynA

  ReadFile

  SetFilePointer

  CreateFileW

  AreFileApisANSI

  TryEnterCriticalSection

  GetModuleHandleA

  HeapFree

  EnterCriticalSection

  GetFullPathNameW

  GetDiskFreeSpaceW

  OutputDebugStringA

  LockFile

  LeaveCriticalSection

  InitializeCriticalSection

  GetFullPathNameA

  FindNextFileA

  UnlockFileEx

  GetTempPathW

  CreateMutexW

  WaitForSingleObject

  GetFileAttributesW

  UnmapViewOfFile

  HeapValidate

  HeapSize

  FormatMessageW

  GetDiskFreeSpaceA

  GetFileAttributesExW

  OutputDebugStringW

  FlushViewOfFile

  WaitForSingleObjectEx

  DeleteFileW

  HeapReAlloc

  LoadLibraryW

  HeapAlloc

  HeapCompact

  HeapDestroy

  UnlockFile

  LockFileEx

  GetFileSize

  DeleteCriticalSection

  GetProcessHeap

  SystemTimeToFileTime

  GetSystemTimeAsFileTime

  FormatMessageA

  CreateFileMappingW

  MapViewOfFile

  QueryPerformanceCounter

  GetTickCount

  FlushFileBuffers

  LoadLibraryExA

  VirtualQuery

  VirtualProtect

  RaiseException

  InitializeSListHead

  GetStartupInfoW

  IsDebuggerPresent

  GetModuleHandleW

  CreateEventW

  GetCurrentThreadId

  LocalAlloc

  GetVolumeInformationA

  FindClose

  lstrlenA

  HeapCreate

  GetUserDefaultLocaleName

  TerminateProcess

  WriteFile

  GetCurrentProcess

  SetPriorityClass

  FindFirstFileA

  Process32First

  GetPrivateProfileSectionNamesA

  SizeofResource

  ResetEvent

  SetEvent

  InitializeCriticalSectionAndSpinCount

  FindFirstFileExW

  FindNextFileW

  GetFinalPathNameByHandleW

  GetFileInformationByHandleEx

  UnhandledExceptionFilter

  FindResourceA

  SetEndOfFile

  GetModuleFileNameA

  IsProcessorFeaturePresent

  user32

  EnumDisplayDevicesA

  wsprintfA

  GetWindowRect

  GetDC

  GetSystemMetrics

  ReleaseDC

  GetKeyboardLayoutList

  GetDesktopWindow

  gdi32

  CreateCompatibleBitmap

  SelectObject

  CreateCompatibleDC

  DeleteObject

  BitBlt

  advapi32

  CredEnumerateA

  RegOpenKeyExA

  RegCloseKey

  GetCurrentHwProfileA

  RegQueryValueExA

  RegEnumKeyExA

  CredFree

  GetUserNameA

  shell32

  SHGetFolderPathA

  ShellExecuteA

  msvcp140

  ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ

  ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z

  ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

  ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

  ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z

  ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

  ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

  ?always_noconv@codecvt_base@std@@QBE_NXZ

  ??1facet@locale@std@@MAE@XZ

  ??0facet@locale@std@@IAE@I@Z

  ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ

  ?_Incref@facet@locale@std@@UAEXXZ

  ??Bid@locale@std@@QAEIXZ

  ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ

  ??1_Locinfo@std@@QAE@XZ

  ??0_Locinfo@std@@QAE@PBD@Z

  ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

  ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ

  _Strcoll

  ?_Syserror_map@std@@YAPBDH@Z

  ?id@?$collate@D@std@@2V0locale@2@A

  ?id@?$ctype@D@std@@2V0locale@2@A

  ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z

  ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Xbad_function_call@std@@YAXXZ

  ?_Winerror_map@std@@YAHH@Z

  ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

  ?_Xout_of_range@std@@YAXPBD@Z

  ?_Xbad_alloc@std@@YAXXZ

  ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z

  ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

  ??0_Lockit@std@@QAE@H@Z

  ??1_Lockit@std@@QAE@XZ

  _Strxfrm

  ?_Xlength_error@std@@YAXPBD@Z

  ?tolower@?$ctype@D@std@@QBEDD@Z

  ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z

  crypt32

  CryptStringToBinaryA

  CryptUnprotectData

  gdiplus

  GdipFree

  GdipDisposeImage

  GdipSaveImageToFile

  GdipGetImageEncodersSize

  GdipCreateBitmapFromHBITMAP

  GdipGetImageEncoders

  GdipAlloc

  GdipCloneImage

  GdiplusShutdown

  GdiplusStartup

  setupapi

  SetupDiGetDeviceInterfaceDetailA

  SetupDiEnumDeviceInterfaces

  SetupDiGetClassDevsA

  SetupDiEnumDeviceInfo

  vcruntime140

  memchr

  strrchr

  memcmp

  __std_terminate

  memcpy

  strstr

  __std_exception_copy

  memmove

  _CxxThrowException

  __current_exception

  strchr

  _except_handler4_common

  __std_exception_destroy

  memset

  __CxxFrameHandler3

  __current_exception_context

  api-ms-win-crt-string-l1-1-0

  strcspn

  strncmp

  toupper

  isalnum

  _strnicmp

  api-ms-win-crt-runtime-l1-1-0

  _beginthreadex

  _errno

  _invalid_parameter_noinfo_noreturn

  _endthreadex

  _configure_narrow_argv

  _controlfp_s

  terminate

  exit

  _initialize_narrow_environment

  _initialize_onexit_table

  _register_onexit_function

  _crt_atexit

  _cexit

  _seh_filter_exe

  _set_app_type

  _register_thread_local_exe_atexit_callback

  _get_narrow_winmain_command_line

  _initterm

  _initterm_e

  _exit

  _c_exit

  api-ms-win-crt-stdio-l1-1-0

  ferror

  _ftelli64

  __p__commode

  ftell

  _set_fmode

  fputc

  fopen

  __acrt_iob_func

  fflush

  _fseeki64

  fclose

  fread

  fseek

  fsetpos

  ungetc

  fgetc

  __stdio_common_vfprintf

  setvbuf

  fgetpos

  fwrite

  _get_stream_buffer_pointers

  __stdio_common_vsprintf

  api-ms-win-crt-heap-l1-1-0

  malloc

  realloc

  _callnewh

  free

  calloc

  _set_new_mode

  _msize

  api-ms-win-crt-utility-l1-1-0

  rand

  srand

  api-ms-win-crt-convert-l1-1-0

  strtoull

  strtoll

  strtod

  atoll

  api-ms-win-crt-filesystem-l1-1-0

  _lock_file

  _unlock_file

  remove

  api-ms-win-crt-locale-l1-1-0

  localeconv

  ___lc_codepage_func

  _configthreadlocale

  api-ms-win-crt-time-l1-1-0

  _ctime64

  _localtime64

  _time64

  _localtime64_s

  api-ms-win-crt-math-l1-1-0

  _dclass

  __setusermatherr

  Sections

  .text

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 107KB - Virtual size: 106KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 5.8MB - Virtual size: 5.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 24KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ