Extracted

• System.exe

  .exe windows x64

  8165cdb35d04e3fd8f82e179f08008b5

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  secur32

  DecryptMessage

  QueryContextAttributesW

  ApplyControlToken

  AcquireCredentialsHandleA

  AcceptSecurityContext

  EncryptMessage

  FreeCredentialsHandle

  DeleteSecurityContext

  FreeContextBuffer

  LsaFreeReturnBuffer

  LsaGetLogonSessionData

  InitializeSecurityContextW

  LsaEnumerateLogonSessions

  kernel32

  Sleep

  MultiByteToWideChar

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GlobalFree

  GetSystemInfo

  GetUserPreferredUILanguages

  GetTickCount64

  GetLogicalDrives

  GetComputerNameExW

  LoadLibraryExW

  GetProcAddress

  FreeLibrary

  GetFileInformationByHandleEx

  SetFileInformationByHandle

  GetModuleFileNameA

  AddVectoredExceptionHandler

  SetThreadStackGuarantee

  GetCurrentThread

  SetLastError

  GlobalSize

  WideCharToMultiByte

  SleepConditionVariableSRW

  WakeAllConditionVariable

  GetModuleHandleW

  HeapAlloc

  GetProcessHeap

  SwitchToThread

  TryAcquireSRWLockExclusive

  GetQueuedCompletionStatusEx

  CreateIoCompletionPort

  SetFileCompletionNotificationModes

  WakeConditionVariable

  AcquireSRWLockShared

  ReleaseSRWLockShared

  GetFileInformationByHandle

  GetCurrentProcess

  DuplicateHandle

  GetModuleHandleA

  GetStdHandle

  GetConsoleMode

  WaitForSingleObject

  WriteConsoleW

  WaitForSingleObjectEx

  LoadLibraryA

  CreateMutexA

  ReleaseMutex

  GetEnvironmentVariableW

  RtlLookupFunctionEntry

  FormatMessageW

  GetTempPathW

  GetModuleFileNameW

  CreateFileW

  DeviceIoControl

  GetFullPathNameW

  SetFilePointerEx

  GetFinalPathNameByHandleW

  FindNextFileW

  CreateDirectoryW

  SetHandleInformation

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  CompareStringOrdinal

  GetSystemDirectoryW

  GetFileAttributesW

  GetWindowsDirectoryW

  CreateProcessW

  HeapReAlloc

  CreateNamedPipeW

  CreateThread

  ReadFileEx

  SleepEx

  WriteFileEx

  QueryPerformanceFrequency

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  GetCurrentDirectoryW

  RtlCaptureContext

  FindFirstFileW

  CopyFileExW

  OpenProcess

  ReadProcessMemory

  GetProcessTimes

  VirtualQueryEx

  GetSystemTimes

  GetProcessIoCounters

  LocalFree

  GetDriveTypeW

  GetVolumeInformationW

  GetDiskFreeSpaceExW

  GlobalMemoryStatusEx

  PostQueuedCompletionStatus

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionEx

  DeleteCriticalSection

  GetSystemDirectoryA

  GetTickCount

  MoveFileExA

  GetEnvironmentVariableA

  VerSetConditionMask

  VerifyVersionInfoW

  CreateFileA

  GetFileSizeEx

  ReadFile

  RtlVirtualUnwind

  FlushFileBuffers

  MapViewOfFile

  CreateFileMappingW

  FormatMessageA

  GetSystemTime

  SystemTimeToFileTime

  GetFileSize

  LockFileEx

  UnlockFile

  HeapDestroy

  HeapCompact

  LoadLibraryW

  DeleteFileW

  DeleteFileA

  FlushViewOfFile

  OutputDebugStringW

  GetFileAttributesExW

  GetFileAttributesA

  GetDiskFreeSpaceA

  GetTempPathA

  HeapSize

  HeapValidate

  UnmapViewOfFile

  CreateMutexW

  UnlockFileEx

  SetEndOfFile

  GetFullPathNameA

  SetFilePointer

  LockFile

  OutputDebugStringA

  GetDiskFreeSpaceW

  WriteFile

  HeapCreate

  AreFileApisANSI

  InitializeCriticalSection

  TryEnterCriticalSection

  GetCurrentThreadId

  FindClose

  InitializeSListHead

  IsProcessorFeaturePresent

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  ReleaseSRWLockExclusive

  CloseHandle

  AcquireSRWLockExclusive

  HeapFree

  IsDebuggerPresent

  GetLastError

  GetCurrentProcessId

  ntdll

  NtDeviceIoControlFile

  RtlNtStatusToDosError

  NtCancelIoFileEx

  NtQueryInformationProcess

  RtlGetVersion

  NtQuerySystemInformation

  NtCreateFile

  advapi32

  RegQueryValueExW

  FreeSid

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  CryptGenRandom

  CryptGetHashParam

  CryptReleaseContext

  CryptAcquireContextA

  GetUserNameW

  LookupAccountSidW

  GetTokenInformation

  OpenProcessToken

  CheckTokenMembership

  AllocateAndInitializeSid

  RegOpenKeyExA

  RegSetValueExA

  RegCloseKey

  SystemFunction036

  RegOpenKeyExW

  oleaut32

  SysAllocString

  VariantClear

  SysFreeString

  SafeArrayAccessData

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayUnaccessData

  SysAllocStringLen

  pdh

  PdhAddEnglishCounterW

  PdhOpenQueryA

  PdhGetFormattedCounterValue

  PdhCloseQuery

  PdhRemoveCounter

  PdhCollectQueryData

  crypt32

  CertFindExtension

  CertEnumCertificatesInStore

  CertDuplicateStore

  CryptDecodeObjectEx

  CertCreateCertificateChainEngine

  CryptStringToBinaryA

  CertGetNameStringA

  CertAddCertificateContextToStore

  CertDuplicateCertificateChain

  CertFindCertificateInStore

  CertVerifyCertificateChainPolicy

  CertFreeCertificateChain

  CertGetCertificateChain

  PFXImportCertStore

  CertDuplicateCertificateContext

  CryptUnprotectData

  CertCloseStore

  CertFreeCertificateContext

  CertGetEnhancedKeyUsage

  CertOpenStore

  CertFreeCertificateChainEngine

  CryptQueryObject

  user32

  CloseClipboard

  OpenClipboard

  EnumDisplaySettingsExW

  GetClipboardData

  GetMonitorInfoW

  EmptyClipboard

  SetClipboardData

  EnumDisplayMonitors

  ole32

  CoInitializeEx

  CoCreateInstance

  CoUninitialize

  CoSetProxyBlanket

  CoInitializeSecurity

  iphlpapi

  FreeMibTable

  GetIfEntry2

  GetIfTable2

  netapi32

  NetApiBufferFree

  NetUserEnum

  NetUserGetLocalGroups

  gdi32

  GetObjectW

  CreateCompatibleDC

  SetStretchBltMode

  GetDIBits

  DeleteDC

  SelectObject

  GetDeviceCaps

  CreateDCW

  DeleteObject

  CreateCompatibleBitmap

  StretchBlt

  bcrypt

  BCryptGenRandom

  ws2_32

  WSAResetEvent

  WSAEventSelect

  WSAEnumNetworkEvents

  WSACreateEvent

  WSACloseEvent

  select

  shutdown

  htons

  ntohs

  recv

  socket

  getsockname

  WSASend

  WSARecv

  getsockopt

  WSACleanup

  WSAStartup

  freeaddrinfo

  getaddrinfo

  setsockopt

  WSASocketW

  bind

  connect

  ioctlsocket

  WSAIoctl

  closesocket

  recvfrom

  WSAGetLastError

  WSASetLastError

  __WSAFDIsSet

  accept

  htonl

  listen

  WSAWaitForMultipleEvents

  send

  getpeername

  shell32

  CommandLineToArgvW

  powrprof

  CallNtPowerInformation

  psapi

  EnumProcessModulesEx

  GetPerformanceInfo

  GetModuleFileNameExW

  vcruntime140

  strstr

  memmove

  memcmp

  memchr

  memcpy

  __C_specific_handler

  __current_exception

  __current_exception_context

  strchr

  __CxxFrameHandler3

  strrchr

  memset

  api-ms-win-crt-string-l1-1-0

  strncmp

  tolower

  _strdup

  wcslen

  strcmp

  strcpy

  strcspn

  strspn

  strpbrk

  strncpy

  isupper

  strlen

  api-ms-win-crt-heap-l1-1-0

  realloc

  calloc

  malloc

  free

  _msize

  _set_new_mode

  api-ms-win-crt-runtime-l1-1-0

  abort

  _endthreadex

  _seh_filter_exe

  _set_app_type

  _beginthreadex

  _configure_narrow_argv

  _initialize_narrow_environment

  _get_initial_narrow_environment

  __sys_nerr

  _initterm

  __sys_errlist

  exit

  _exit

  _wassert

  __p___argc

  terminate

  _crt_atexit

  _register_onexit_function

  _initialize_onexit_table

  __p___argv

  _cexit

  _c_exit

  _register_thread_local_exe_atexit_callback

  _errno

  _initterm_e

  api-ms-win-crt-convert-l1-1-0

  wcstombs

  strtoll

  strtol

  strtoul

  atoi

  api-ms-win-crt-stdio-l1-1-0

  fwrite

  fseek

  fopen

  __acrt_iob_func

  fflush

  __p__commode

  __stdio_common_vsprintf

  ftell

  _lseeki64

  fputc

  _write

  feof

  fgets

  fclose

  _open

  fputs

  _set_fmode

  _read

  fread

  _close

  __stdio_common_vsscanf

  api-ms-win-crt-time-l1-1-0

  _gmtime64

  _time64

  _localtime64_s

  strftime

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-filesystem-l1-1-0

  _unlink

  _fstat64

  _access

  _stat64

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  log

  _dclass

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  Sections

  .text

  Size: 4.2MB - Virtual size: 4.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 28KB - Virtual size: 31KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 101KB - Virtual size: 100KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 42KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ