output[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

output.zip
Size

7.2MB
MD5

e2adea486b615d0a8d27e8efb27fce6c
SHA1

219563977591694d2fd3a56ebc60436bbba956a0
SHA256

127d6b91a9148738be74897e8bfc5b99a62da415a084b1466a70191a599a67e4
SHA512

acbbfe27361bb58da0ccf53531999ddd883a92725f46d846b26934578bd894778bfd74747e14da0237836ea6f1e0b66d8f4ad033b0bb802f352274301d4c4a2f
SSDEEP

196608:JORhBtupDxIx/8U0Lw6XE7ikb5O/1ijQrkIxeFtt56liPmlvNugE+x+P:IZUpNIx/Uw6Xy5011gXFtt5VcvNzRx4

Score

1^/10

Malware Config

Signatures

Files

output.zip
.zip
libcurl-x64.def
libcurl-x64.dll
.dll windows x64

3ab3e3fdb126c73331ab8e0617fd27ff

Code Sign

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9d
Certificate

Issuer

CN=curl-for-win Root CA 2021

Not Before

17/01/2021, 22:40

Not After

17/01/2024, 22:40

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25
Certificate

Issuer

CN=curl-for-win Root CA 2021

Not Before

17/01/2021, 22:40

Not After

17/01/2026, 22:40

Subject

CN=curl-for-win Root CA 2021

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

bcrypt

BCryptGenRandom

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetNameStringA
CertOpenStore
CertOpenSystemStoreA
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CancelIo
CloseHandle
CompareFileTime
ConvertFiberToThread
ConvertThreadToFiberEx
CreateEventA
CreateFiberEx
CreateFileA
CreateFileMappingA
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeLibrary
GetACP
GetConsoleMode
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileSizeEx
GetFileType
GetLastError
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetVersion
InitializeCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlVirtualUnwind
SetConsoleMode
SetHandleInformation
SetLastError
Sleep
SleepEx
SwitchToFiber
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteFile

normaliz

IdnToAscii

api-ms-win-crt-convert-l1-1-0

atoi
mbrtowc
strtol
strtoll
strtoul
wcrtomb
wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_unlink
_access

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_fdopen

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr
wcsstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__sys_errlist
__sys_nerr
_beginthreadex
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort
raise
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_fileno
_lseeki64
_wfopen
_write
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
fseek
ftell
fwrite
rewind
setvbuf
_write
_setmode
_read
_open
_close

api-ms-win-crt-string-l1-1-0

isspace
memset
strcat
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
tolower
wcscpy
wcslen
_strdup
_strdup

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_gmtime64
_time64
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

qsort

user32

FindWindowA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA

wldap32

ber_free
ldap_bind_s
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libgcc_s_seh-1.dll
.dll windows x64

343f6197c0b6868f098f6e9005e5eb3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcpy
memset
realloc
signal
strlen
strncmp
vfprintf

Exports

Exports

_GCC_specific_handler
_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__absvdi2
__absvsi2
__absvti2
__addtf3
__addvdi3
__addvsi3
__addvti3
__ashlti3
__ashrti3
__bswapdi2
__bswapsi2
__clear_cache
__clrsbdi2
__clrsbti2
__clzdi2
__clzti2
__cmpti2
__ctzdi2
__ctzti2
__divdc3
__divmodti4
__divsc3
__divtc3
__divtf3
__divti3
__divxc3
__emutls_get_address
__emutls_register_common
__enable_execute_stack
__eqtf2
__extenddftf2
__extendsftf2
__extendxftf2
__ffsdi2
__ffsti2
__fixdfti
__fixsfti
__fixtfdi
__fixtfsi
__fixtfti
__fixunsdfdi
__fixunsdfti
__fixunssfdi
__fixunssfti
__fixunstfdi
__fixunstfsi
__fixunstfti
__fixunsxfdi
__fixunsxfti
__fixxfti
__floatditf
__floatsitf
__floattidf
__floattisf
__floattitf
__floattixf
__floatunditf
__floatunsitf
__floatuntidf
__floatuntisf
__floatuntitf
__floatuntixf
__gcc_personality_seh0
__getf2
__gttf2
__letf2
__lshrti3
__lttf2
__modti3
__muldc3
__mulsc3
__multc3
__multf3
__multi3
__mulvdi3
__mulvsi3
__mulvti3
__mulxc3
__negtf2
__negti2
__negvdi2
__negvsi2
__negvti2
__netf2
__paritydi2
__parityti2
__popcountdi2
__popcountti2
__powidf2
__powisf2
__powitf2
__powixf2
__subtf3
__subvdi3
__subvsi3
__subvti3
__trunctfdf2
__trunctfsf2
__trunctfxf2
__ucmpti2
__udivmodti4
__udivti3
__umodti3
__unordtf2

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libsodium-23.dll
.dll windows x64

48e49e7af792eecd6b9841f5e4e48513

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock

msvcrt

__iob_func
_amsg_exit
_assert
_errno
_ftime64
_getpid
_initterm
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcpy
memmove
memset
raise
realloc
signal
strchr
strlen
strncmp
strrchr
vfprintf

libgcc_s_seh-1

__emutls_get_address

Exports

Exports

PBKDF2_SHA256
_crypto_generichash_blake2b_pick_best_implementation
_crypto_onetimeauth_poly1305_pick_best_implementation
_crypto_pwhash_argon2_pick_best_implementation
_crypto_scalarmult_curve25519_pick_best_implementation
_crypto_sign_ed25519_detached
_crypto_sign_ed25519_ref10_hinit
_crypto_sign_ed25519_verify_detached
_crypto_stream_chacha20_pick_best_implementation
_crypto_stream_salsa20_pick_best_implementation
_sodium_alloc_init
_sodium_crit_init
_sodium_runtime_get_cpu_features
alloc_region
argon2_ctx
argon2_hash
argon2_pick_best_implementation
argon2_verify
argon2i_hash_encoded
argon2i_hash_raw
argon2i_verify
argon2id_hash_encoded
argon2id_hash_raw
argon2id_verify
blake2b_compress_avx2
blake2b_compress_ref
blake2b_compress_sse41
blake2b_compress_ssse3
blake2b_long
crypto_aead_aes256gcm_abytes
crypto_aead_aes256gcm_beforenm
crypto_aead_aes256gcm_decrypt
crypto_aead_aes256gcm_decrypt_afternm
crypto_aead_aes256gcm_decrypt_detached
crypto_aead_aes256gcm_decrypt_detached_afternm
crypto_aead_aes256gcm_encrypt
crypto_aead_aes256gcm_encrypt_afternm
crypto_aead_aes256gcm_encrypt_detached
crypto_aead_aes256gcm_encrypt_detached_afternm
crypto_aead_aes256gcm_is_available
crypto_aead_aes256gcm_keybytes
crypto_aead_aes256gcm_keygen
crypto_aead_aes256gcm_messagebytes_max
crypto_aead_aes256gcm_npubbytes
crypto_aead_aes256gcm_nsecbytes
crypto_aead_aes256gcm_statebytes
crypto_aead_chacha20poly1305_abytes
crypto_aead_chacha20poly1305_decrypt
crypto_aead_chacha20poly1305_decrypt_detached
crypto_aead_chacha20poly1305_encrypt
crypto_aead_chacha20poly1305_encrypt_detached
crypto_aead_chacha20poly1305_ietf_abytes
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_decrypt_detached
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_aead_chacha20poly1305_ietf_encrypt_detached
crypto_aead_chacha20poly1305_ietf_keybytes
crypto_aead_chacha20poly1305_ietf_keygen
crypto_aead_chacha20poly1305_ietf_messagebytes_max
crypto_aead_chacha20poly1305_ietf_npubbytes
crypto_aead_chacha20poly1305_ietf_nsecbytes
crypto_aead_chacha20poly1305_keybytes
crypto_aead_chacha20poly1305_keygen
crypto_aead_chacha20poly1305_messagebytes_max
crypto_aead_chacha20poly1305_npubbytes
crypto_aead_chacha20poly1305_nsecbytes
crypto_aead_xchacha20poly1305_ietf_abytes
crypto_aead_xchacha20poly1305_ietf_decrypt
crypto_aead_xchacha20poly1305_ietf_decrypt_detached
crypto_aead_xchacha20poly1305_ietf_encrypt
crypto_aead_xchacha20poly1305_ietf_encrypt_detached
crypto_aead_xchacha20poly1305_ietf_keybytes
crypto_aead_xchacha20poly1305_ietf_keygen
crypto_aead_xchacha20poly1305_ietf_messagebytes_max
crypto_aead_xchacha20poly1305_ietf_npubbytes
crypto_aead_xchacha20poly1305_ietf_nsecbytes
crypto_auth
crypto_auth_bytes
crypto_auth_hmacsha256
crypto_auth_hmacsha256_bytes
crypto_auth_hmacsha256_final
crypto_auth_hmacsha256_init
crypto_auth_hmacsha256_keybytes
crypto_auth_hmacsha256_keygen
crypto_auth_hmacsha256_statebytes
crypto_auth_hmacsha256_update
crypto_auth_hmacsha256_verify
crypto_auth_hmacsha512
crypto_auth_hmacsha512256
crypto_auth_hmacsha512256_bytes
crypto_auth_hmacsha512256_final
crypto_auth_hmacsha512256_init
crypto_auth_hmacsha512256_keybytes
crypto_auth_hmacsha512256_keygen
crypto_auth_hmacsha512256_statebytes
crypto_auth_hmacsha512256_update
crypto_auth_hmacsha512256_verify
crypto_auth_hmacsha512_bytes
crypto_auth_hmacsha512_final
crypto_auth_hmacsha512_init
crypto_auth_hmacsha512_keybytes
crypto_auth_hmacsha512_keygen
crypto_auth_hmacsha512_statebytes
crypto_auth_hmacsha512_update
crypto_auth_hmacsha512_verify
crypto_auth_keybytes
crypto_auth_keygen
crypto_auth_primitive
crypto_auth_verify
crypto_box
crypto_box_afternm
crypto_box_beforenm
crypto_box_beforenmbytes
crypto_box_boxzerobytes
crypto_box_curve25519xchacha20poly1305_beforenm
crypto_box_curve25519xchacha20poly1305_beforenmbytes
crypto_box_curve25519xchacha20poly1305_detached
crypto_box_curve25519xchacha20poly1305_detached_afternm
crypto_box_curve25519xchacha20poly1305_easy
crypto_box_curve25519xchacha20poly1305_easy_afternm
crypto_box_curve25519xchacha20poly1305_keypair
crypto_box_curve25519xchacha20poly1305_macbytes
crypto_box_curve25519xchacha20poly1305_messagebytes_max
crypto_box_curve25519xchacha20poly1305_noncebytes
crypto_box_curve25519xchacha20poly1305_open_detached
crypto_box_curve25519xchacha20poly1305_open_detached_afternm
crypto_box_curve25519xchacha20poly1305_open_easy
crypto_box_curve25519xchacha20poly1305_open_easy_afternm
crypto_box_curve25519xchacha20poly1305_publickeybytes
crypto_box_curve25519xchacha20poly1305_seal
crypto_box_curve25519xchacha20poly1305_seal_open
crypto_box_curve25519xchacha20poly1305_sealbytes
crypto_box_curve25519xchacha20poly1305_secretkeybytes
crypto_box_curve25519xchacha20poly1305_seed_keypair
crypto_box_curve25519xchacha20poly1305_seedbytes
crypto_box_curve25519xsalsa20poly1305
crypto_box_curve25519xsalsa20poly1305_afternm
crypto_box_curve25519xsalsa20poly1305_beforenm
crypto_box_curve25519xsalsa20poly1305_beforenmbytes
crypto_box_curve25519xsalsa20poly1305_boxzerobytes
crypto_box_curve25519xsalsa20poly1305_keypair
crypto_box_curve25519xsalsa20poly1305_macbytes
crypto_box_curve25519xsalsa20poly1305_messagebytes_max
crypto_box_curve25519xsalsa20poly1305_noncebytes
crypto_box_curve25519xsalsa20poly1305_open
crypto_box_curve25519xsalsa20poly1305_open_afternm
crypto_box_curve25519xsalsa20poly1305_publickeybytes
crypto_box_curve25519xsalsa20poly1305_secretkeybytes
crypto_box_curve25519xsalsa20poly1305_seed_keypair
crypto_box_curve25519xsalsa20poly1305_seedbytes
crypto_box_curve25519xsalsa20poly1305_zerobytes
crypto_box_detached
crypto_box_detached_afternm
crypto_box_easy
crypto_box_easy_afternm
crypto_box_keypair
crypto_box_macbytes
crypto_box_messagebytes_max
crypto_box_noncebytes
crypto_box_open
crypto_box_open_afternm
crypto_box_open_detached
crypto_box_open_detached_afternm
crypto_box_open_easy
crypto_box_open_easy_afternm
crypto_box_primitive
crypto_box_publickeybytes
crypto_box_seal
crypto_box_seal_open
crypto_box_sealbytes
crypto_box_secretkeybytes
crypto_box_seed_keypair
crypto_box_seedbytes
crypto_box_zerobytes
crypto_core_ed25519_add
crypto_core_ed25519_bytes
crypto_core_ed25519_from_hash
crypto_core_ed25519_from_uniform
crypto_core_ed25519_hashbytes
crypto_core_ed25519_is_valid_point
crypto_core_ed25519_nonreducedscalarbytes
crypto_core_ed25519_random
crypto_core_ed25519_scalar_add
crypto_core_ed25519_scalar_complement
crypto_core_ed25519_scalar_invert
crypto_core_ed25519_scalar_mul
crypto_core_ed25519_scalar_negate
crypto_core_ed25519_scalar_random
crypto_core_ed25519_scalar_reduce
crypto_core_ed25519_scalar_sub
crypto_core_ed25519_scalarbytes
crypto_core_ed25519_sub
crypto_core_ed25519_uniformbytes
crypto_core_hchacha20
crypto_core_hchacha20_constbytes
crypto_core_hchacha20_inputbytes
crypto_core_hchacha20_keybytes
crypto_core_hchacha20_outputbytes
crypto_core_hsalsa20
crypto_core_hsalsa20_constbytes
crypto_core_hsalsa20_inputbytes
crypto_core_hsalsa20_keybytes
crypto_core_hsalsa20_outputbytes
crypto_core_ristretto255_add
crypto_core_ristretto255_bytes
crypto_core_ristretto255_from_hash
crypto_core_ristretto255_hashbytes
crypto_core_ristretto255_is_valid_point
crypto_core_ristretto255_nonreducedscalarbytes
crypto_core_ristretto255_random
crypto_core_ristretto255_scalar_add
crypto_core_ristretto255_scalar_complement
crypto_core_ristretto255_scalar_invert
crypto_core_ristretto255_scalar_mul
crypto_core_ristretto255_scalar_negate
crypto_core_ristretto255_scalar_random
crypto_core_ristretto255_scalar_reduce
crypto_core_ristretto255_scalar_sub
crypto_core_ristretto255_scalarbytes
crypto_core_ristretto255_sub
crypto_core_salsa20
crypto_core_salsa2012
crypto_core_salsa2012_constbytes
crypto_core_salsa2012_inputbytes
crypto_core_salsa2012_keybytes
crypto_core_salsa2012_outputbytes
crypto_core_salsa208
crypto_core_salsa208_constbytes
crypto_core_salsa208_inputbytes
crypto_core_salsa208_keybytes
crypto_core_salsa208_outputbytes
crypto_core_salsa20_constbytes
crypto_core_salsa20_inputbytes
crypto_core_salsa20_keybytes
crypto_core_salsa20_outputbytes
crypto_generichash
crypto_generichash_blake2b
crypto_generichash_blake2b__blake2b
crypto_generichash_blake2b__blake2b_salt_personal
crypto_generichash_blake2b__final
crypto_generichash_blake2b__init
crypto_generichash_blake2b__init_key
crypto_generichash_blake2b__init_key_salt_personal
crypto_generichash_blake2b__init_param
crypto_generichash_blake2b__init_salt_personal
crypto_generichash_blake2b__pick_best_implementation
crypto_generichash_blake2b__update
crypto_generichash_blake2b_bytes
crypto_generichash_blake2b_bytes_max
crypto_generichash_blake2b_bytes_min
crypto_generichash_blake2b_final
crypto_generichash_blake2b_init
crypto_generichash_blake2b_init_salt_personal
crypto_generichash_blake2b_keybytes
crypto_generichash_blake2b_keybytes_max
crypto_generichash_blake2b_keybytes_min
crypto_generichash_blake2b_keygen
crypto_generichash_blake2b_personalbytes
crypto_generichash_blake2b_salt_personal
crypto_generichash_blake2b_saltbytes
crypto_generichash_blake2b_statebytes
crypto_generichash_blake2b_update
crypto_generichash_bytes
crypto_generichash_bytes_max
crypto_generichash_bytes_min
crypto_generichash_final
crypto_generichash_init
crypto_generichash_keybytes
crypto_generichash_keybytes_max
crypto_generichash_keybytes_min
crypto_generichash_keygen
crypto_generichash_primitive
crypto_generichash_statebytes
crypto_generichash_update
crypto_hash
crypto_hash_bytes
crypto_hash_primitive
crypto_hash_sha256
crypto_hash_sha256_bytes
crypto_hash_sha256_final
crypto_hash_sha256_init
crypto_hash_sha256_statebytes
crypto_hash_sha256_update
crypto_hash_sha512
crypto_hash_sha512_bytes
crypto_hash_sha512_final
crypto_hash_sha512_init
crypto_hash_sha512_statebytes
crypto_hash_sha512_update
crypto_kdf_blake2b_bytes_max
crypto_kdf_blake2b_bytes_min
crypto_kdf_blake2b_contextbytes
crypto_kdf_blake2b_derive_from_key
crypto_kdf_blake2b_keybytes
crypto_kdf_bytes_max
crypto_kdf_bytes_min
crypto_kdf_contextbytes
crypto_kdf_derive_from_key
crypto_kdf_keybytes
crypto_kdf_keygen
crypto_kdf_primitive
crypto_kx_client_session_keys
crypto_kx_keypair
crypto_kx_primitive
crypto_kx_publickeybytes
crypto_kx_secretkeybytes
crypto_kx_seed_keypair
crypto_kx_seedbytes
crypto_kx_server_session_keys
crypto_kx_sessionkeybytes
crypto_onetimeauth
crypto_onetimeauth_bytes
crypto_onetimeauth_final
crypto_onetimeauth_init
crypto_onetimeauth_keybytes
crypto_onetimeauth_keygen
crypto_onetimeauth_poly1305
crypto_onetimeauth_poly1305_bytes
crypto_onetimeauth_poly1305_donna_implementation
crypto_onetimeauth_poly1305_final
crypto_onetimeauth_poly1305_init
crypto_onetimeauth_poly1305_keybytes
crypto_onetimeauth_poly1305_keygen
crypto_onetimeauth_poly1305_sse2_implementation
crypto_onetimeauth_poly1305_statebytes
crypto_onetimeauth_poly1305_update
crypto_onetimeauth_poly1305_verify
crypto_onetimeauth_primitive
crypto_onetimeauth_statebytes
crypto_onetimeauth_update
crypto_onetimeauth_verify
crypto_pwhash
crypto_pwhash_alg_argon2i13
crypto_pwhash_alg_argon2id13
crypto_pwhash_alg_default
crypto_pwhash_argon2i
crypto_pwhash_argon2i_alg_argon2i13
crypto_pwhash_argon2i_bytes_max
crypto_pwhash_argon2i_bytes_min
crypto_pwhash_argon2i_memlimit_interactive
crypto_pwhash_argon2i_memlimit_max
crypto_pwhash_argon2i_memlimit_min
crypto_pwhash_argon2i_memlimit_moderate
crypto_pwhash_argon2i_memlimit_sensitive
crypto_pwhash_argon2i_opslimit_interactive
crypto_pwhash_argon2i_opslimit_max
crypto_pwhash_argon2i_opslimit_min
crypto_pwhash_argon2i_opslimit_moderate
crypto_pwhash_argon2i_opslimit_sensitive
crypto_pwhash_argon2i_passwd_max
crypto_pwhash_argon2i_passwd_min
crypto_pwhash_argon2i_saltbytes
crypto_pwhash_argon2i_str
crypto_pwhash_argon2i_str_needs_rehash
crypto_pwhash_argon2i_str_verify
crypto_pwhash_argon2i_strbytes
crypto_pwhash_argon2i_strprefix
crypto_pwhash_argon2id
crypto_pwhash_argon2id_alg_argon2id13
crypto_pwhash_argon2id_bytes_max
crypto_pwhash_argon2id_bytes_min
crypto_pwhash_argon2id_memlimit_interactive
crypto_pwhash_argon2id_memlimit_max
crypto_pwhash_argon2id_memlimit_min
crypto_pwhash_argon2id_memlimit_moderate
crypto_pwhash_argon2id_memlimit_sensitive
crypto_pwhash_argon2id_opslimit_interactive
crypto_pwhash_argon2id_opslimit_max
crypto_pwhash_argon2id_opslimit_min
crypto_pwhash_argon2id_opslimit_moderate
crypto_pwhash_argon2id_opslimit_sensitive
crypto_pwhash_argon2id_passwd_max
crypto_pwhash_argon2id_passwd_min
crypto_pwhash_argon2id_saltbytes
crypto_pwhash_argon2id_str
crypto_pwhash_argon2id_str_needs_rehash
crypto_pwhash_argon2id_str_verify
crypto_pwhash_argon2id_strbytes
crypto_pwhash_argon2id_strprefix
crypto_pwhash_bytes_max
crypto_pwhash_bytes_min
crypto_pwhash_memlimit_interactive
crypto_pwhash_memlimit_max
crypto_pwhash_memlimit_min
crypto_pwhash_memlimit_moderate
crypto_pwhash_memlimit_sensitive
crypto_pwhash_opslimit_interactive
crypto_pwhash_opslimit_max
crypto_pwhash_opslimit_min
crypto_pwhash_opslimit_moderate
crypto_pwhash_opslimit_sensitive
crypto_pwhash_passwd_max
crypto_pwhash_passwd_min
crypto_pwhash_primitive
crypto_pwhash_saltbytes
crypto_pwhash_scryptsalsa208sha256
crypto_pwhash_scryptsalsa208sha256_bytes_max
crypto_pwhash_scryptsalsa208sha256_bytes_min
crypto_pwhash_scryptsalsa208sha256_ll
crypto_pwhash_scryptsalsa208sha256_memlimit_interactive
crypto_pwhash_scryptsalsa208sha256_memlimit_max
crypto_pwhash_scryptsalsa208sha256_memlimit_min
crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive
crypto_pwhash_scryptsalsa208sha256_opslimit_interactive
crypto_pwhash_scryptsalsa208sha256_opslimit_max
crypto_pwhash_scryptsalsa208sha256_opslimit_min
crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive
crypto_pwhash_scryptsalsa208sha256_passwd_max
crypto_pwhash_scryptsalsa208sha256_passwd_min
crypto_pwhash_scryptsalsa208sha256_saltbytes
crypto_pwhash_scryptsalsa208sha256_str
crypto_pwhash_scryptsalsa208sha256_str_needs_rehash
crypto_pwhash_scryptsalsa208sha256_str_verify
crypto_pwhash_scryptsalsa208sha256_strbytes
crypto_pwhash_scryptsalsa208sha256_strprefix
crypto_pwhash_str
crypto_pwhash_str_alg
crypto_pwhash_str_needs_rehash
crypto_pwhash_str_verify
crypto_pwhash_strbytes
crypto_pwhash_strprefix
crypto_scalarmult
crypto_scalarmult_base
crypto_scalarmult_bytes
crypto_scalarmult_curve25519
crypto_scalarmult_curve25519_base
crypto_scalarmult_curve25519_bytes
crypto_scalarmult_curve25519_ref10_implementation
crypto_scalarmult_curve25519_scalarbytes
crypto_scalarmult_ed25519
crypto_scalarmult_ed25519_base
crypto_scalarmult_ed25519_base_noclamp
crypto_scalarmult_ed25519_bytes
crypto_scalarmult_ed25519_noclamp
crypto_scalarmult_ed25519_scalarbytes
crypto_scalarmult_primitive
crypto_scalarmult_ristretto255
crypto_scalarmult_ristretto255_base
crypto_scalarmult_ristretto255_bytes
crypto_scalarmult_ristretto255_scalarbytes
crypto_scalarmult_scalarbytes
crypto_secretbox
crypto_secretbox_boxzerobytes
crypto_secretbox_detached
crypto_secretbox_easy
crypto_secretbox_keybytes
crypto_secretbox_keygen
crypto_secretbox_macbytes
crypto_secretbox_messagebytes_max
crypto_secretbox_noncebytes
crypto_secretbox_open
crypto_secretbox_open_detached
crypto_secretbox_open_easy
crypto_secretbox_primitive
crypto_secretbox_xchacha20poly1305_detached
crypto_secretbox_xchacha20poly1305_easy
crypto_secretbox_xchacha20poly1305_keybytes
crypto_secretbox_xchacha20poly1305_macbytes
crypto_secretbox_xchacha20poly1305_messagebytes_max
crypto_secretbox_xchacha20poly1305_noncebytes
crypto_secretbox_xchacha20poly1305_open_detached
crypto_secretbox_xchacha20poly1305_open_easy
crypto_secretbox_xsalsa20poly1305
crypto_secretbox_xsalsa20poly1305_boxzerobytes
crypto_secretbox_xsalsa20poly1305_keybytes
crypto_secretbox_xsalsa20poly1305_keygen
crypto_secretbox_xsalsa20poly1305_macbytes
crypto_secretbox_xsalsa20poly1305_messagebytes_max
crypto_secretbox_xsalsa20poly1305_noncebytes
crypto_secretbox_xsalsa20poly1305_open
crypto_secretbox_xsalsa20poly1305_zerobytes
crypto_secretbox_zerobytes
crypto_secretstream_xchacha20poly1305_abytes
crypto_secretstream_xchacha20poly1305_headerbytes
crypto_secretstream_xchacha20poly1305_init_pull
crypto_secretstream_xchacha20poly1305_init_push
crypto_secretstream_xchacha20poly1305_keybytes
crypto_secretstream_xchacha20poly1305_keygen
crypto_secretstream_xchacha20poly1305_messagebytes_max
crypto_secretstream_xchacha20poly1305_pull
crypto_secretstream_xchacha20poly1305_push
crypto_secretstream_xchacha20poly1305_rekey
crypto_secretstream_xchacha20poly1305_statebytes
crypto_secretstream_xchacha20poly1305_tag_final
crypto_secretstream_xchacha20poly1305_tag_message
crypto_secretstream_xchacha20poly1305_tag_push
crypto_secretstream_xchacha20poly1305_tag_rekey
crypto_shorthash
crypto_shorthash_bytes
crypto_shorthash_keybytes
crypto_shorthash_keygen
crypto_shorthash_primitive
crypto_shorthash_siphash24
crypto_shorthash_siphash24_bytes
crypto_shorthash_siphash24_keybytes
crypto_shorthash_siphashx24
crypto_shorthash_siphashx24_bytes
crypto_shorthash_siphashx24_keybytes
crypto_sign
crypto_sign_bytes

Sections

.text
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libsodium-24.def
main.exe
.exe windows x64

ea19fad7034fac26044aac90e32071e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

DeregisterEventSource
GetUserNameA
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegisterEventSourceW
ReportEventW

bcrypt

BCryptGenRandom

crypt32

CryptUnprotectData

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetBitmapBits
SelectObject

iphlpapi

GetAdaptersAddresses

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileA
CreateDirectoryA
CreateFiberEx
CreateProcessA
CreateSemaphoreW
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FormatMessageW
FreeLibrary
GetACP
GetConsoleMode
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetEnvironmentVariableW
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GlobalLock
GlobalMemoryStatusEx
GlobalUnlock
InitializeCriticalSection
InitializeSRWLock
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
OpenProcess
Process32First
Process32Next
QueryPerformanceCounter
RaiseException
ReadConsoleA
ReadConsoleW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleMode
SetFileAttributesA
SetLastError
SetUnhandledExceptionFilter
Sleep
SwitchToFiber
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
Wow64DisableWow64FsRedirection
WriteFile
lstrlenW

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_cexit
_errno
_exit
_fdopen
_filelengthi64
_fileno
_findclose
_findfirst64
_fileno
_findnext64
_fmode
_fstat64
_fullpath
_gmtime64
_initterm
_lseeki64
_mkdir
_onexit
_pclose
_popen
_read
_setmode
_snwprintf
_stat64
_strdup
_strdup
_strnicmp
_time64
_vsnprintf
_vsnwprintf
_wfopen
_wgetcwd
_time64
_wpopen
_write
_write
abort
atoi
calloc
ctime
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fgetws
fopen
fprintf
fputc
fputs
fputwc
fread
free
fseek
fsetpos
ftell
fwprintf
fwprintf
fwrite
getc
getenv
getwc
islower
isspace
isupper
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
qsort
raise
rand
realloc
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
strxfrm
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
vswprintf_s
wcscoll
wcscpy
wcsftime
wcslen
wcsstr
wcstombs
wcsxfrm

shlwapi

PathFindExtensionW
PathFindFileNameA
PathFindFileNameW

user32

CloseClipboard
GetClipboardData
GetDC
GetDesktopWindow
GetProcessWindowStation
GetSystemMetrics
GetUserObjectInformationW
GetWindowRect
MessageBoxA
MessageBoxW
OpenClipboard
ReleaseDC
ShowWindow

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

sqlite3

sqlite3_close
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_text
sqlite3_finalize
sqlite3_open
sqlite3_prepare_v2
sqlite3_step

libcurl-x64

curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_easy_strerror
curl_formadd
curl_formfree
curl_global_init
curl_mime_addpart
curl_mime_filedata
curl_mime_free
curl_mime_init
curl_mime_name
curl_slist_append

libsodium-23

sodium_base642bin

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 720KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlite3.def
sqlite3.dll
.dll windows x64

021e9684b039913b408a03728cfb3701

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
ReadConsoleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwind
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetTimeZoneInformation
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
WriteConsoleW

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_autovacuum_pages
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_changes64
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_filename
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_data_directory
sqlite3_database_file_object
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_name
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_deserialize
sqlite3_drop_modules
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_error_offset
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_filename_database
sqlite3_filename_journal
sqlite3_filename_wal
sqlite3_finalize
sqlite3_free
sqlite3_free_filename
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_hard_heap_limit64
sqlite3_initialize
sqlite3_interrupt
sqlite3_is_interrupted
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_preupdate_blobwrite
sqlite3_preupdate_count
sqlite3_preupdate_depth
sqlite3_preupdate_hook
sqlite3_preupdate_new
sqlite3_preupdate_old
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_serialize
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_total_changes64
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_txn_state
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_key
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_encoding
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_distinct
sqlite3_vtab_in
sqlite3_vtab_in_first
sqlite3_vtab_in_next
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_vtab_rhs_value
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug
sqlite3changegroup_add
sqlite3changegroup_add_strm
sqlite3changegroup_delete
sqlite3changegroup_new
sqlite3changegroup_output
sqlite3changegroup_output_strm
sqlite3changeset_apply
sqlite3changeset_apply_strm
sqlite3changeset_apply_v2
sqlite3changeset_apply_v2_strm
sqlite3changeset_concat
sqlite3changeset_concat_strm
sqlite3changeset_conflict
sqlite3changeset_finalize
sqlite3changeset_fk_conflicts
sqlite3changeset_invert
sqlite3changeset_invert_strm
sqlite3changeset_new
sqlite3changeset_next
sqlite3changeset_old
sqlite3changeset_op
sqlite3changeset_pk
sqlite3changeset_start
sqlite3changeset_start_strm
sqlite3changeset_start_v2
sqlite3changeset_start_v2_strm
sqlite3rebaser_configure
sqlite3rebaser_create
sqlite3rebaser_delete
sqlite3rebaser_rebase
sqlite3rebaser_rebase_strm
sqlite3session_attach
sqlite3session_changeset
sqlite3session_changeset_size
sqlite3session_changeset_strm
sqlite3session_config
sqlite3session_create
sqlite3session_delete
sqlite3session_diff
sqlite3session_enable
sqlite3session_indirect
sqlite3session_isempty
sqlite3session_memory_used
sqlite3session_object_config
sqlite3session_patchset
sqlite3session_patchset_strm
sqlite3session_table_filter

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ab3e3fdb126c73331ab8e0617fd27ff

Code Sign

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9dCertificate

Extended Key Usages

Key Usages

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25Certificate

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

crypt32

kernel32

normaliz

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

user32

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 42KB - Virtual size: 57KB

.pdata Size: 106KB - Virtual size: 105KB

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 42KB - Virtual size: 42KB

343f6197c0b6868f098f6e9005e5eb3b

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 3KB - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.xdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 2KB

.edata Size: 3KB - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 100B

48e49e7af792eecd6b9841f5e4e48513

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

libgcc_s_seh-1

Exports

Exports

Sections

.text Size: 277KB - Virtual size: 276KB

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9d
Certificate

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25
Certificate

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 42KB - Virtual size: 57KB

.pdata
Size: 106KB - Virtual size: 105KB

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 42KB - Virtual size: 42KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 3KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 3KB - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 100B

.text
Size: 277KB - Virtual size: 276KB

.data
Size: 1024B - Virtual size: 768B

.rdata
Size: 43KB - Virtual size: 42KB

.pdata
Size: 1024B - Virtual size: 528B

.xdata
Size: 512B - Virtual size: 404B

.bss
Size: - Virtual size: 2KB

.edata
Size: 29KB - Virtual size: 28KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 232B

/4
Size: 1024B - Virtual size: 832B

/19
Size: 213KB - Virtual size: 212KB

/31
Size: 9KB - Virtual size: 8KB

/45
Size: 12KB - Virtual size: 11KB

/57
Size: 2KB - Virtual size: 2KB

/70
Size: 1KB - Virtual size: 1KB

/81
Size: 14KB - Virtual size: 13KB

/92
Size: 1KB - Virtual size: 1KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 23KB - Virtual size: 22KB

.rdata
Size: 720KB - Virtual size: 720KB

.pdata
Size: 173KB - Virtual size: 172KB

.xdata
Size: 220KB - Virtual size: 220KB

.bss
Size: - Virtual size: 15KB

.idata
Size: 11KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 87KB - Virtual size: 87KB

/19
Size: 3.4MB - Virtual size: 3.4MB

/31
Size: 12KB - Virtual size: 12KB

/45
Size: 275KB - Virtual size: 274KB

/57
Size: 373KB - Virtual size: 373KB

/70
Size: 65KB - Virtual size: 64KB

/81
Size: 9KB - Virtual size: 8KB

/92
Size: 94KB - Virtual size: 93KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 347KB - Virtual size: 346KB

.data
Size: 33KB - Virtual size: 42KB

.pdata
Size: 95KB - Virtual size: 94KB

.idata
Size: 6KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.rsrc
Size: 5KB - Virtual size: 4KB