ad77b97e0f8f066852e42d3e573247920a20a84479cc8739db40165786e9ac26

Sharing

Copy URL

Twitter E-mail

General

Target

ad77b97e0f8f066852e42d3e573247920a20a84479cc8739db40165786e9ac26
Size

16.8MB
MD5

056c387b4f4fadad469c00dc42cae825
SHA1

e30d8117665b25a3809ea343b007c2590bed342e
SHA256

ad77b97e0f8f066852e42d3e573247920a20a84479cc8739db40165786e9ac26
SHA512

960a6ab2c2fa773f5e6df31866a7563c8b85388646468736af58eb7a0e8fbbf1a90ec94c547cd0198c4bc7117a24df27d70735e1f9dc884a04997800c7bbfc58
SSDEEP

196608:ebyMGbFR6G5e83jAUqeup6ubo6jUjOX85aK:e+xR6G5euAcup6ubX8E

Score

N/A

Malware Config

Signatures

Files

ad77b97e0f8f066852e42d3e573247920a20a84479cc8739db40165786e9ac26
.exe windows x64

f8673d12e296e7865f94d42bbf5b8d8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d2d1

ord1

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoFailFastWithErrorContext

api-ms-win-core-localization-l1-2-0

FormatMessageW
FindNLSStringEx

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventExW
SetEvent
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FindStringOrdinal
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
FreeLibrary
GetProcAddress

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoGetContextToken
CoCreateFreeThreadedMarshaler
CoGetObjectContext
CoGetApartmentType
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CreateThreadpoolTimer

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
RecordFeatureError
GetFeatureEnabledState
RecordFeatureUsage

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringLen
WindowsDeleteString
WindowsDuplicateString
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx

vccorlib140_app

?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?ToString@Guid@Platform@@QEAAPE$AAVString@2@XZ
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ
??0Exception@Platform@@QE$AAA@HPE$AAVString@1@@Z
?ToString@int32@default@@QEAAPE$AAVString@Platform@@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?ToString@int64@default@@QEAAPE$AAVString@Platform@@XZ
?GetHashCode@Object@Platform@@QE$AAAHXZ
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?ToString@uint32@default@@QEAAPE$AAVString@Platform@@XZ
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?ToString@Boolean@Platform@@QEAAPE$AAVString@2@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?ToString@Enum@Platform@@QE$AAAPE$AAVString@2@XZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0Delegate@Platform@@QE$AAA@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_translateCurrentException@@YAJ_N@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?InitializeData@Details@Platform@@YAJH@Z
?ToString@uint16@default@@QEAAPE$AAVString@Platform@@XZ
?UninitializeData@Details@Platform@@YAXH@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z

msvcp140_app

?_Random_device@std@@YAIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tellp@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@_W@std@@2V0locale@2@A
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Xtime_get_ticks
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Xbad_alloc@std@@YAXXZ
_Query_perf_frequency
_Query_perf_counter
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ
_Cnd_wait
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_init_in_situ
_Mtx_init_in_situ
_Cnd_destroy_in_situ
_Mtx_destroy_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Cnd_broadcast
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z

vcruntime140_1_app

__CxxFrameHandler4

vcruntime140_app

__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
__std_terminate
wcsstr
wcsrchr
_CxxThrowException
memmove
memcpy
strchr
memcmp
__CxxFrameHandler3
__current_exception_context
__current_exception
__C_specific_handler
_purecall
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_atexit
_execute_onexit_table
_initterm_e
_seh_filter_exe
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
abort
terminate
_invalid_parameter_noinfo
_errno
_register_onexit_function
_set_app_type
_get_narrow_winmain_command_line
_initialize_narrow_environment
_initialize_onexit_table
_configure_narrow_argv
exit
_exit
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
realloc
_callnewh

api-ms-win-crt-string-l1-1-0

towupper
tolower
wcslen
_wcsicmp
iswspace
iswalpha
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s
_set_fmode
__p__commode
__stdio_common_vsnprintf_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
roundf
ceil
pow
floor
ceilf

api-ms-win-crt-convert-l1-1-0

wcstod
wcstol
_wtoi
wcstoll

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

icuuc

u_isdigit
u_charDigitValue

oleaut32

SetErrorInfo
SysAllocString
SysStringLen
GetErrorInfo
SysFreeString

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-winrt-error-l1-1-1

RoReportUnhandledError

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
VSDesignerDllMain

Sections

.text
Size: 12.9MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8673d12e296e7865f94d42bbf5b8d8b

Headers

DLL Characteristics

File Characteristics

Imports

d2d1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-string-l1-1-0

vccorlib140_app

msvcp140_app

vcruntime140_1_app

vcruntime140_app

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

icuuc

oleaut32

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-sysinfo-l1-2-0

Exports

Exports

Sections

.text Size: 12.9MB - Virtual size: 12.9MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 1.1MB - Virtual size: 1.1MB

.pdata Size: 415KB - Virtual size: 414KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 138KB - Virtual size: 137KB

.text
Size: 12.9MB - Virtual size: 12.9MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 1.1MB - Virtual size: 1.1MB

.pdata
Size: 415KB - Virtual size: 414KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 138KB - Virtual size: 137KB