f6c51f4ea5ab816b4cfe91c42177da894bcc012e0e71340c03137b5ed8387680

Sharing

Copy URL Twitter E-mail

General

Target

f6c51f4ea5ab816b4cfe91c42177da894bcc012e0e71340c03137b5ed8387680
Size

5.7MB
MD5

c5b155eb76d2459845240faae48ac52f
SHA1

527f84c94965b392487fa22089df6ff2a9f702db
SHA256

f6c51f4ea5ab816b4cfe91c42177da894bcc012e0e71340c03137b5ed8387680
SHA512

73a3c9c51df426155cde59d8a215d306b85deea061b03b6562a991ef41ad3092f64bdc61c5e9fecc705b55de9c7f6aadec7242753d35b6f332258910d2200442
SSDEEP

98304:02PwNcO3eSD5VtZa+hYSKChuNtvs+3GHZW7bixvw8u0C6eE6eUzESaFLFVnyoApE:BPW2SlE70IU+3GHKuvUzAr5AmN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$WimLibBR/Tools/ChkDskGui.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$WimLibBR/Apps/7z.dll
unpack001/$WimLibBR/Apps/7zFM.exe
unpack001/$WimLibBR/Apps/TBWinPE_Lang.dll
unpack001/$WimLibBR/Apps/icons.dll
unpack001/$WimLibBR/Apps/libwim-15.dll
unpack001/$WimLibBR/Apps/wimlib-imagex.exe
unpack001/$WimLibBR/Apps/x86/7z.dll
unpack001/$WimLibBR/Apps/x86/7zFM.exe
unpack001/$WimLibBR/Apps/x86/libwim-15.dll
unpack001/$WimLibBR/Apps/x86/wimlib-imagex.exe
unpack001/$WimLibBR/Tools/BOOTICE.exe
unpack001/$WimLibBR/Tools/ChkDskGui.exe
unpack001/$WimLibBR/Tools/FSCapture.exe

Files

f6c51f4ea5ab816b4cfe91c42177da894bcc012e0e71340c03137b5ed8387680
.zip
$WimLibBR/Apps/7z.dll
.dll windows:4 windows x64

928b316f3126865cdd91c5fd11b09dbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

user32

CharUpperW
CharPrevExA

advapi32

SystemFunction036

msvcrt

strchr
_purecall
memset
free
malloc
strlen
__CxxFrameHandler
realloc
strstr
wcscmp
strcmp
memmove
_CxxThrowException
memcpy
memcmp
exit
__C_specific_handler
_beginthreadex
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
Sleep
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
SetEvent
DeleteFileW
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
QueryPerformanceCounter
GetOEMCP
DeleteCriticalSection
LocalFileTimeToFileTime
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
WriteFile
ReadFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetFileInformationByHandle
FindClose
FindFirstFileW
GetModuleHandleA
GetFileAttributesW

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/7zFM.exe
.exe windows:4 windows x64

2a6028724a24299febbe21b8b8918959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
CreateToolbarEx
CreateStatusWindowW
ord17
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
PropertySheetW

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

gdi32

DeleteObject

oleaut32

SysFreeString
VariantCopy
VariantClear
SysAllocStringLen
SysStringLen
SysAllocString
SysStringByteLen

ole32

CoUninitialize
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
RevokeDragDrop
OleUninitialize
OleInitialize
DoDragDrop
CoCreateInstance
CoInitialize

user32

DestroyIcon
CharUpperW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetMenuItemInfoW
SetMenuItemInfoW
InsertMenuItemW
LoadStringW
RegisterClipboardFormatW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetParent
GetWindowRect
ScreenToClient
MoveWindow
ShowWindow
SetWindowLongPtrW
GetWindowLongPtrW
GetDlgItem
MapDialogRect
SystemParametersInfoW
GetMonitorInfoA
MonitorFromWindow
GetDialogBaseUnits
DialogBoxParamW
SetCursor
KillTimer
ClientToScreen
GetMenuItemCount
GetCursorPos
ChildWindowFromPointEx
WindowFromPoint
IsWindowEnabled
TrackPopupMenuEx
MapVirtualKeyW
SetTimer
UpdateWindow
GetMenu
LoadMenuW
SetMenu
DrawMenuBar
EnableMenuItem
CheckMenuItem
CheckMenuRadioItem
RemoveMenu
AppendMenuW
GetSubMenu
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
ReleaseCapture
SetCapture
GetCapture
IsZoomed
GetClientRect
PostQuitMessage
GetWindowPlacement
SetWindowPlacement
GetFocus
SetDlgItemTextW
GetKeyState
PostMessageW
InvalidateRect
EndDialog
EnableWindow
SetFocus
DestroyWindow
SetWindowTextW
LoadBitmapW
DestroyMenu
CreatePopupMenu
MessageBoxW
GetClassInfoW
LoadCursorW
RegisterClassW
DefWindowProcW
CallWindowProcW
CreateWindowExW

advapi32

RegQueryValueExA
RegOpenKeyExA
LsaClose
LsaAddAccountRights
LookupAccountNameW
LsaOpenPolicy
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
GetFileSecurityW
SetFileSecurityW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFileInfoW
SHFileOperationW
ExtractIconExW
SHChangeNotify
ShellExecuteExW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderLocation

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
_onexit
__dllonexit
?terminate@@YAXXZ
__setusermatherr
__C_specific_handler
_beginthreadex
_purecall
memcmp
strlen
wcslen
memset
rand
srand
free
malloc
_commode
_fmode
__set_app_type
??1type_info@@UEAA@XZ
memcpy
_CxxThrowException
__CxxFrameHandler
memmove
strcmp
wcscmp
wcsstr

kernel32

ExpandEnvironmentStringsW
SetPriorityClass
Sleep
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDefaultLangID
GetUserDefaultLangID
CopyFileW
GetCompressedFileSizeW
FindNextChangeNotification
GetCommandLineW
GetVersion
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GlobalMemoryStatusEx
GlobalSize
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
CreateProcessW
GetCurrentProcess
GlobalFree
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
DeviceIoControl
GetLogicalDriveStringsW
FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileAttributesW
GetModuleHandleA
FindNextFileW
VirtualAlloc
FindClose
GetFileInformationByHandle
GetCurrentThreadId
GetCurrentProcessId
SetLastError
GetTempPathW
GetCurrentDirectoryW
DeleteFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
CloseHandle
GetWindowsDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
FreeLibrary
GlobalUnlock
GlobalLock
GetProcessHeap
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumeInformationW
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetTickCount
RtlCaptureContext
SetEvent
InitializeCriticalSection
LoadLibraryA
LocalAlloc
RaiseException
GetStartupInfoA
QueryPerformanceCounter
TerminateProcess
FindFirstFileW
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GlobalAlloc

Sections

.text
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/Autorun.wim
$WimLibBR/Apps/TBWinPE.exe
.exe windows:5 windows x86

cce11b064faf4fff9763ac8c748d0024

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/07/2022, 00:00

Not After

30/07/2025, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:a1:1c:72:46:5f:ab:c6:fa:7f:87:de:12:b8:a1:2c:8b:17:69:d3:1d:c5:6e:3a:85:0a:f3:8e:c5:73:9c:7f
Signer

Actual PE Digest

e4:a1:1c:72:46:5f:ab:c6:fa:7f:87:de:12:b8:a1:2c:8b:17:69:d3:1d:c5:6e:3a:85:0a:f3:8e:c5:73:9c:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

CreatePropertySheetPageW
PropertySheetW

shlwapi

PathRemoveFileSpecW
PathStripPathW
PathMatchSpecW

kernel32

CreateDirectoryW
GetCurrentProcess
LocalFree
GetLocalTime
GetFileAttributesExW
GetDiskFreeSpaceExW
FindFirstVolumeW
QueryDosDeviceW
FindNextVolumeW
FindVolumeClose
SetFileAttributesW
RemoveDirectoryW
GetModuleFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
MulDiv
GetCurrentThreadId
GetCommandLineW
GetFileAttributesW
WaitForSingleObject
CopyFileExW
TerminateProcess
GetFullPathNameW
GetDriveTypeW
GetVolumeInformationW
CreateFileW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GetTickCount
GetLogicalDrives
LCMapStringW
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
GetStringTypeW
GetACP
WriteFile
MultiByteToWideChar
SetErrorMode
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryW
MoveFileW
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RaiseException
RtlUnwind
WideCharToMultiByte
GetLocaleInfoW
SetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FindFirstFileExW
SetStdHandle
SetEnvironmentVariableW
ExpandEnvironmentStringsW
FreeLibrary
GetVersion
CopyFileW
FindClose
FindFirstFileW
WriteConsoleW
DeleteFileW
FindNextFileW
ReadFile
PeekNamedPipe
SetHandleInformation
CreatePipe
CloseHandle
GetConsoleScreenBufferInfo
ReadConsoleOutputCharacterW
GetExitCodeProcess
GetStdHandle
FreeConsole
AllocConsole
AttachConsole
Sleep
CreateProcessW
GetProcAddress
GetLastError
TlsFree
LoadLibraryExW
CreateThread
GetEnvironmentVariableW
HeapSize
HeapReAlloc
SetEndOfFile
DecodePointer

user32

GetWindowLongW
EnableMenuItem
LoadImageW
DestroyIcon
FillRect
GetClientRect
IsCharAlphaNumericW
SetCursor
FindWindowW
IntersectRect
ScreenToClient
GetSubMenu
CheckMenuItem
EndDialog
SetWindowPos
EnumWindows
GetMenu
GetMonitorInfoW
OffsetRect
IsIconic
SetMenu
LoadMenuW
SetWindowLongW
GetWindowTextW
DestroyMenu
TrackPopupMenu
GetFocus
GetWindowRect
AppendMenuW
CreatePopupMenu
SetMenuItemBitmaps
CheckRadioButton
SetWindowTextW
GetDlgItemTextW
IsWindowVisible
EnableWindow
GetParent
GetAsyncKeyState
SetDlgItemTextW
PostQuitMessage
EndPaint
BeginPaint
DestroyWindow
DialogBoxParamW
ShowWindow
LoadCursorW
LoadIconW
CallNextHookEx
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
UnhookWindowsHookEx
SetWindowsHookExW
GetSystemMetrics
GetDesktopWindow
SystemParametersInfoW
ReleaseDC
GetDC
MessageBoxW
GetForegroundWindow
MonitorFromWindow
GetDlgItem
SendMessageW
RegisterWindowMessageW
PostMessageW
CreateDialogParamW
MessageBeep
IsDialogMessageW
SetFocus
ClientToScreen
DrawIconEx

gdi32

GetTextExtentPoint32W
TextOutW
SetTextColor
GetTextMetricsW
SetBkMode
CreateFontW
CreatePen
CreateSolidBrush
DeleteObject
DeleteDC
Rectangle
GetStockObject
PatBlt
SelectObject
CreateBitmap
CreateCompatibleDC
CreateFontIndirectW
GetDeviceCaps

advapi32

AllocateAndInitializeSid
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetEntriesInAclW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetNamedSecurityInfoW
FreeSid
RegLoadKeyW
RegUnLoadKeyW
RegDeleteKeyW
InitiateSystemShutdownW
RegDeleteValueW

shell32

CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderLocation
ShellExecuteW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateGuid
StringFromGUID2
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

Sections

.text
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/TBWinPE_Lang.dll
.dll windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/icons.dll
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/libwim-15.dll
.dll windows:4 windows x64

44c0b43fc6c236bd71bf360bb0a11eb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
CloseEncryptedFileRaw
LookupPrivilegeValueW
OpenEncryptedFileRawW
OpenProcessToken
ReadEncryptedFileRaw
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegUnLoadKeyW
SystemFunction036
WriteEncryptedFileRaw

kernel32

CloseHandle
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
EnterCriticalSection
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCurrentProcess
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTimeAsFileTime
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MoveFileExW
MoveFileW
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetLastError
Sleep
SleepConditionVariableCS
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_fstat64
_get_osfhandle
_gmtime64
_initterm
_lock
_lseeki64
_open_osfhandle
fwprintf
_telli64
_unlock
_waccess
_wassert
_wcserror_s
_wcsicmp
_wgetenv
_wmkdir
_wopen
_wstat64
_wtempnam
_wunlink
abort
calloc
fclose
feof
fflush
fgetwc
fputc
fputwc
fputws
fread
free
fwrite
getenv
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
qsort
realloc
strchr
strerror
strlen
strncmp
towlower
ungetwc
vfprintf
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcspbrk
wcsrchr
wcsstr
wcstol
wcstoul
_fdopen
_close

ntdll

NtClose
NtCreateFile
NtFsControlFile
NtOpenFile
NtOpenSymbolicLinkObject
NtQueryDirectoryFile
NtQueryEaFile
NtQueryInformationFile
NtQuerySecurityObject
NtQueryVolumeInformationFile
NtReadFile
NtSetEaFile
NtSetInformationFile
NtSetSecurityObject
NtWaitForSingleObject
NtWriteFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError

user32

wsprintfW

Exports

Exports

wimlib_add_empty_image
wimlib_add_image
wimlib_add_image_multisource
wimlib_add_tree
wimlib_compress
wimlib_create_compressor
wimlib_create_decompressor
wimlib_create_new_wim
wimlib_decompress
wimlib_delete_image
wimlib_delete_path
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_free_compressor
wimlib_free_decompressor
wimlib_get_compression_type_string
wimlib_get_compressor_needed_memory
wimlib_get_error_string
wimlib_get_image_description
wimlib_get_image_name
wimlib_get_image_property
wimlib_get_version
wimlib_get_version_string
wimlib_get_wim_info
wimlib_get_xml_data
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join
wimlib_join_with_progress
wimlib_load_text_file
wimlib_mount_image
wimlib_open_wim
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_rename_path
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_error_file
wimlib_set_error_file_by_name
wimlib_set_image_descripton
wimlib_set_image_flags
wimlib_set_image_name
wimlib_set_image_property
wimlib_set_memory_allocator
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_unmount_image
wimlib_unmount_image_with_progress
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/wimlib-imagex.exe
.exe windows:4 windows x64

020af8d73be10310a1f823f8c944558a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libwim-15

wimlib_add_image_multisource
wimlib_create_new_wim
wimlib_delete_image
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_get_compression_type_string
wimlib_get_error_string
wimlib_get_image_property
wimlib_get_version_string
wimlib_get_wim_info
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join_with_progress
wimlib_load_text_file
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_image_property
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__iob_func
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_commode
_errno
_fmode
_gmtime64
_initterm
_lock
_onexit
_putws
_setmode
fwprintf
_unlock
_wcmdln
_wcserror
_wcsicmp
_wfopen
_wgetenv
_wstat64
abort
calloc
exit
fclose
ferror
fflush
fprintf
fputc
fputwc
fputws
free
fwrite
getenv
iswctype
localeconv
malloc
memcpy
memmove
memset
realloc
signal
strerror
strlen
strncmp
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcstoul
_wcsdup
_isatty

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/x86/7z.dll
.dll windows:4 windows x86

7f7b1b0ce265feb7c3c3540bd5d7e6c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharPrevExA
CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
exit
realloc
strchr
memset
free
malloc
strlen
wcscmp
strcmp
strstr
memmove
_CxxThrowException
memcpy
memcmp
_purecall
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
InterlockedIncrement
GetVersion
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetOEMCP
DeleteCriticalSection
GetVersionExW
LocalFileTimeToFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
WriteFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
GetModuleHandleA
GetFileAttributesW
GetFileInformationByHandle
ReadFile

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 949KB - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/x86/7zFM.exe
.exe windows:4 windows x86

469bd5a691b4d1351b3e9f2837a8130b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
CreateToolbarEx
CreateStatusWindowW
ord17
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
PropertySheetW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

gdi32

DeleteObject

oleaut32

SysAllocStringLen
VariantClear
VariantCopy
SysStringByteLen
SysFreeString
SysAllocString
SysStringLen

ole32

OleUninitialize
OleInitialize
RegisterDragDrop
CoTaskMemAlloc
DoDragDrop
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium
CoUninitialize
RevokeDragDrop
CoInitialize

user32

IsWindowEnabled
ChildWindowFromPointEx
WindowFromPoint
UpdateWindow
SetTimer
MapVirtualKeyW
EnableMenuItem
RemoveMenu
CheckMenuRadioItem
CheckMenuItem
AppendMenuW
GetMenu
LoadMenuW
SetMenu
DrawMenuBar
GetSubMenu
IsDlgButtonChecked
TrackPopupMenuEx
CheckRadioButton
IsZoomed
GetClientRect
ReleaseCapture
SetCapture
GetCapture
LoadIconW
GetWindowPlacement
SetWindowPlacement
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
PostQuitMessage
SetDlgItemTextW
GetFocus
GetKeyState
InvalidateRect
PostMessageW
SetWindowTextW
EndDialog
EnableWindow
DestroyWindow
SetFocus
LoadBitmapW
CreatePopupMenu
DestroyMenu
MessageBoxW
DefWindowProcW
GetClassInfoW
LoadCursorW
RegisterClassW
CallWindowProcW
CreateWindowExW
DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetParent
ShowWindow
MoveWindow
ScreenToClient
GetDlgItem
GetWindowRect
MapDialogRect
MonitorFromWindow
GetMonitorInfoA
SystemParametersInfoW
GetDialogBaseUnits
GetWindowTextLengthW
GetWindowTextW
SendMessageW
RegisterClipboardFormatW
LoadStringW
InsertMenuItemW
SetMenuItemInfoW
GetMenuItemInfoW
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
CharUpperW
GetCursorPos
GetMenuItemCount
ClientToScreen
SetCursor
KillTimer
DestroyIcon
CheckDlgButton

advapi32

RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
GetFileSecurityW
SetFileSecurityW
LsaAddAccountRights
LsaClose
GetUserNameW
LsaOpenPolicy
LookupAccountNameW
AdjustTokenPrivileges
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW

shell32

SHChangeNotify
ExtractIconExW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetDesktopFolder
SHFileOperationW

msvcrt

rand
exit
_XcptFilter
_exit
_onexit
__dllonexit
_controlfp
__set_app_type
?terminate@@YAXXZ
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
memcpy
__CxxFrameHandler
_CxxThrowException
memmove
strcmp
wcsstr
wcscmp
malloc
free
srand
??1type_info@@UAE@XZ
memset
wcslen
strlen
_purecall
memcmp
_beginthreadex
_except_handler3
_acmdln

kernel32

OpenProcess
GetSystemDefaultLangID
GetUserDefaultLangID
CopyFileW
FindNextChangeNotification
GetCompressedFileSizeW
GetVersionExW
GetCommandLineW
GetVersion
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
WaitForMultipleObjects
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GlobalMemoryStatus
GlobalSize
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
CreateProcessW
GetCurrentProcess
GlobalFree
GlobalAlloc
SetEndOfFile
CreateToolhelp32Snapshot
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileInformationByHandle
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
Process32NextW
GetCurrentThreadId
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
CloseHandle
GetWindowsDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
FreeLibrary
GlobalLock
GlobalUnlock
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleW
GetProcAddress
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumeInformationW
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetTickCount
Sleep
SetPriorityClass
ExpandEnvironmentStringsW
VirtualAlloc
VirtualFree
SetEvent
InitializeCriticalSection
LoadLibraryA
FindClose
Process32FirstW
LocalAlloc
InterlockedExchange
RaiseException
GetStartupInfoA
WriteFile

Sections

.text
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/x86/libwim-15.dll
.dll windows:4 windows x86

5246d9411a3af41e1bb12a7f476de9a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
CloseEncryptedFileRaw
LookupPrivilegeValueW
OpenEncryptedFileRawW
OpenProcessToken
ReadEncryptedFileRaw
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegUnLoadKeyW
SystemFunction036
WriteEncryptedFileRaw

kernel32

CloseHandle
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
EnterCriticalSection
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCurrentProcess
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTimeAsFileTime
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MoveFileExW
MoveFileW
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetLastError
Sleep
SleepConditionVariableCS
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile

msvcrt

__mb_cur_max
_amsg_exit
_assert
_errno
_fstat64
_get_osfhandle
_gmtime64
_initterm
_iob
_lock
_lseeki64
_open_osfhandle
fwprintf
_telli64
_unlock
_waccess
_wcserror_s
_wcsicmp
_wgetenv
_wmkdir
_wopen
_wtempnam
_wunlink
abort
atoi
calloc
fclose
feof
fflush
fgetwc
fputc
fputwc
fputws
fread
free
fwrite
getenv
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
qsort
realloc
setlocale
strchr
strerror
strlen
strncmp
towlower
ungetwc
vfprintf
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcspbrk
wcsrchr
wcsstr
wcstol
wcstombs
wcstoul
_wstat64
_fdopen
_close

ntdll

NtClose
NtCreateFile
NtFsControlFile
NtOpenFile
NtOpenSymbolicLinkObject
NtQueryDirectoryFile
NtQueryEaFile
NtQueryInformationFile
NtQuerySecurityObject
NtQueryVolumeInformationFile
NtReadFile
NtSetEaFile
NtSetInformationFile
NtSetSecurityObject
NtWaitForSingleObject
NtWriteFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError

user32

wsprintfW

Exports

Exports

wimlib_add_empty_image
wimlib_add_image
wimlib_add_image_multisource
wimlib_add_tree
wimlib_compress
wimlib_create_compressor
wimlib_create_decompressor
wimlib_create_new_wim
wimlib_decompress
wimlib_delete_image
wimlib_delete_path
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_free_compressor
wimlib_free_decompressor
wimlib_get_compression_type_string
wimlib_get_compressor_needed_memory
wimlib_get_error_string
wimlib_get_image_description
wimlib_get_image_name
wimlib_get_image_property
wimlib_get_version
wimlib_get_version_string
wimlib_get_wim_info
wimlib_get_xml_data
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join
wimlib_join_with_progress
wimlib_load_text_file
wimlib_mount_image
wimlib_open_wim
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_rename_path
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_error_file
wimlib_set_error_file_by_name
wimlib_set_image_descripton
wimlib_set_image_flags
wimlib_set_image_name
wimlib_set_image_property
wimlib_set_memory_allocator
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_unmount_image
wimlib_unmount_image_with_progress
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

Sections

.text
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Apps/x86/wimlib-imagex.exe
.exe windows:4 windows x86

dfc9faa7596d94acb3b30a9e1664a764

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libwim-15

wimlib_add_image_multisource
wimlib_create_new_wim
wimlib_delete_image
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_get_compression_type_string
wimlib_get_error_string
wimlib_get_image_property
wimlib_get_version_string
wimlib_get_wim_info
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join_with_progress
wimlib_load_text_file
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_image_property
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
__p__commode
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_errno
_gmtime64
_initterm
_iob
_lock
_onexit
_putws
_setmode
fwprintf
_unlock
_wcserror
_wcsicmp
_wfopen
_wgetenv
abort
atoi
calloc
exit
fclose
ferror
fflush
fprintf
fputc
fputwc
fputws
free
fwrite
getenv
iswctype
localeconv
malloc
memcpy
memmove
memset
realloc
setlocale
signal
strchr
strerror
strlen
strncmp
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcstoul
_wstat64
_wcsdup
_isatty

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WimLibBR/Tools/BOOTICE.exe
.exe windows:5 windows x86

319b0d21f3ca70cb96ac176f55e8b0bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

FreeSid

comctl32

ImageList_Create

comdlg32

ChooseFontA

gdi32

LineTo

ole32

CoCreateGuid

rpcrt4

UuidFromStringA

setupapi

SetupDiGetClassDevsA

shell32

DragFinish

shlwapi

StrStrA

user32

GetDC

Sections

.MPRESS1
Size: 464KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$WimLibBR/Tools/ChkDskGui.exe
.exe windows:5 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 552KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 330KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$WimLibBR/Tools/FSCapture.exe
.exe windows:4 windows x86

f6baa5eaa8231d4fe8e922a2e6d240ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetWindowLongW
GetMenu
SetWindowPos
GetWindowDC
ReleaseDC
GetDlgItem
GetParent
GetWindowRect
GetClassNameA
CreateWindowExW
SetTimer
GetMessageW
DispatchMessageW
KillTimer
DestroyWindow
SendMessageW
EndDialog
wsprintfW
GetWindowTextW
GetWindowTextLengthW
GetSysColor
wsprintfA
SetWindowTextW
MessageBoxA
ScreenToClient
GetClientRect
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
ShowWindow
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
CreateWindowExA
wvsprintfW
CharUpperW
GetKeyState
CopyImage

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysFreeString
OleLoadPicture
SysAllocString

kernel32

GetFileSize
SetFilePointer
ReadFile
WaitForMultipleObjects
GetModuleHandleA
SetFileTime
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetCurrentDirectoryW
GetDriveTypeW
CreateFileW
GetCommandLineW
GetStartupInfoW
CreateProcessW
CreateJobObjectW
ResumeThread
AssignProcessToJobObject
CreateIoCompletionPort
SetInformationJobObject
GetQueuedCompletionStatus
GetExitCodeProcess
CloseHandle
SetEnvironmentVariableW
GetTempPathW
GetSystemTimeAsFileTime
lstrlenW
CompareFileTime
SetThreadLocale
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
WideCharToMultiByte
VirtualAlloc
GlobalMemoryStatusEx
lstrcmpW
GetEnvironmentVariableW
lstrcmpiW
lstrlenA
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
LoadLibraryA
GetProcAddress
GetModuleHandleW
ExitProcess
lstrcatW
GetDiskFreeSpaceExW
SetFileAttributesW
SetLastError
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread
GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetStartupInfoA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
free
memcpy
_wtol
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memset
_wcsnicmp
strncmp
wcsncmp
malloc
memmove
_purecall

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WimLibBR/WimLibBR.ahk
$WimLibBR/WimLibBR.exe
.exe windows:5 windows x86

48e414e431433a62713440d22abb8343

Code Sign

7c:68:77:01:63:65:f2:8a:49:86:f3:65:aa:7e:22:75
Certificate

Issuer

CN=Myserver

Not Before

10/08/2021, 15:00

Not After

30/12/2077, 15:00

Subject

CN=Myserver

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:68:77:01:63:65:f2:8a:49:86:f3:65:aa:7e:22:75
Certificate

Issuer

CN=Myserver

Not Before

10/08/2021, 15:00

Not After

30/12/2077, 15:00

Subject

CN=Myserver

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:d6:35:d3:34:86:97:11:b8:52:d1:98:4b:b6:2a:1d:6f:62:8e:87:0d:76:ff:55:88:6a:96:cd:47:05:ad:39
Signer

Actual PE Digest

63:d6:35:d3:34:86:97:11:b8:52:d1:98:4b:b6:2a:1d:6f:62:8e:87:0d:76:ff:55:88:6a:96:cd:47:05:ad:39

Digest Algorithm

sha256

PE Digest Matches

true

63:d6:35:d3:34:86:97:11:b8:52:d1:98:4b:b6:2a:1d:6f:62:8e:87:0d:76:ff:55:88:6a:96:cd:47:05:ad:39
Signer

Actual PE Digest

63:d6:35:d3:34:86:97:11:b8:52:d1:98:4b:b6:2a:1d:6f:62:8e:87:0d:76:ff:55:88:6a:96:cd:47:05:ad:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 314KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$WimLibBR/WimLibBR64.exe
.exe windows:5 windows x64

48e414e431433a62713440d22abb8343

Code Sign

7c:68:77:01:63:65:f2:8a:49:86:f3:65:aa:7e:22:75
Certificate

Issuer

CN=Myserver

Not Before

10/08/2021, 15:00

Not After

30/12/2077, 15:00

Subject

CN=Myserver

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:68:77:01:63:65:f2:8a:49:86:f3:65:aa:7e:22:75
Certificate

Issuer

CN=Myserver

Not Before

10/08/2021, 15:00

Not After

30/12/2077, 15:00

Subject

CN=Myserver

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:74:72:26:f0:10:51:de:26:9e:76:39:1c:e3:2c:16:6e:b3:88:2c:4f:30:48:14:eb:bb:cc:d1:87:25:cd:77
Signer

Actual PE Digest

44:74:72:26:f0:10:51:de:26:9e:76:39:1c:e3:2c:16:6e:b3:88:2c:4f:30:48:14:eb:bb:cc:d1:87:25:cd:77

Digest Algorithm

sha256

PE Digest Matches

true

44:74:72:26:f0:10:51:de:26:9e:76:39:1c:e3:2c:16:6e:b3:88:2c:4f:30:48:14:eb:bb:cc:d1:87:25:cd:77
Signer

Actual PE Digest

44:74:72:26:f0:10:51:de:26:9e:76:39:1c:e3:2c:16:6e:b3:88:2c:4f:30:48:14:eb:bb:cc:d1:87:25:cd:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 431KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LoadF1BR.cmd

Sharing

General

Malware Config

Signatures

Files

928b316f3126865cdd91c5fd11b09dbf

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 344KB - Virtual size: 343KB

.data Size: 1KB - Virtual size: 35KB

.pdata Size: 76KB - Virtual size: 76KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 13KB - Virtual size: 12KB

2a6028724a24299febbe21b8b8918959

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

comdlg32

gdi32

oleaut32

ole32

user32

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 600KB - Virtual size: 600KB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 512B - Virtual size: 5KB

.pdata Size: 54KB - Virtual size: 54KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 6KB - Virtual size: 5KB

cce11b064faf4fff9763ac8c748d0024

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e4:a1:1c:72:46:5f:ab:c6:fa:7f:87:de:12:b8:a1:2c:8b:17:69:d3:1d:c5:6e:3a:85:0a:f3:8e:c5:73:9c:7fSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

comctl32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 557KB - Virtual size: 556KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 344KB - Virtual size: 343KB

.data
Size: 1KB - Virtual size: 35KB

.pdata
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 13KB - Virtual size: 12KB

.text
Size: 600KB - Virtual size: 600KB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 54KB - Virtual size: 54KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 6KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e4:a1:1c:72:46:5f:ab:c6:fa:7f:87:de:12:b8:a1:2c:8b:17:69:d3:1d:c5:6e:3a:85:0a:f3:8e:c5:73:9c:7f
Signer

.text
Size: 557KB - Virtual size: 556KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 3KB - Virtual size: 16KB

.rsrc
Size: 212KB - Virtual size: 211KB

.reloc
Size: 33KB - Virtual size: 32KB

.rdata
Size: 512B - Virtual size: 108B

.rsrc
Size: 181KB - Virtual size: 181KB

.rsrc
Size: 204KB - Virtual size: 203KB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 337KB - Virtual size: 336KB

.data
Size: 512B - Virtual size: 320B

.rdata
Size: 99KB - Virtual size: 98KB

/4
Size: 512B - Virtual size: 4B

.pdata
Size: 10KB - Virtual size: 10KB

.xdata
Size: 13KB - Virtual size: 12KB

.bss
Size: - Virtual size: 131KB

.edata
Size: 2KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 624B

.text
Size: 82KB - Virtual size: 81KB

.data
Size: 512B - Virtual size: 368B

.rdata
Size: 37KB - Virtual size: 37KB

/4
Size: 512B - Virtual size: 4B

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 556B