Extracted

• e2d7b22c3714d33bf8ccbd4eaf0ee4c62e57b63408e19f2d2811f94e55b70dab

  .exe windows:5 windows x86 arch:x86

  e60d6136789d1031cc3df6834c2f3b85

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  HeapReAlloc

  HeapSize

  GetStringTypeW

  SetStdHandle

  GetConsoleCP

  FreeEnvironmentStringsW

  GetConsoleMode

  SetFilePointerEx

  FlushFileBuffers

  OpenEventW

  GetFileAttributesW

  GetModuleFileNameW

  SetEvent

  WaitForMultipleObjects

  CreateEventW

  DecodePointer

  RaiseException

  InitializeCriticalSectionAndSpinCount

  CreateProcessW

  GetProcessHeap

  HeapAlloc

  GetLastError

  GetModuleHandleW

  CreateFileW

  GetProcAddress

  GetModuleHandleA

  WideCharToMultiByte

  DeleteCriticalSection

  EnterCriticalSection

  CloseHandle

  Sleep

  MultiByteToWideChar

  InitializeCriticalSection

  LeaveCriticalSection

  GetCurrentProcess

  GetEnvironmentStringsW

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  OutputDebugStringW

  EncodePointer

  SetLastError

  RtlUnwind

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  LoadLibraryExW

  GetCommandLineA

  GetCommandLineW

  ExitProcess

  GetModuleHandleExW

  GetStdHandle

  WriteFile

  GetACP

  HeapFree

  GetFileType

  LCMapStringW

  WriteConsoleW

  user32

  GetSystemMetrics

  LoadStringW

  advapi32

  ChangeServiceConfig2W

  FreeSid

  CheckTokenMembership

  AllocateAndInitializeSid

  QueryServiceConfigW

  OpenServiceA

  ControlService

  StartServiceW

  QueryServiceStatus

  DeleteService

  CloseServiceHandle

  OpenServiceW

  CreateServiceW

  OpenSCManagerW

  StartServiceCtrlDispatcherW

  RegisterServiceCtrlHandlerExW

  SetServiceStatus

  RegCreateKeyExW

  RegOpenKeyExW

  RegDeleteValueW

  SetSecurityDescriptorDacl

  RegQueryValueExA

  RegSetValueExW

  InitializeSecurityDescriptor

  RegOpenKeyExA

  RegQueryValueExW

  RegCloseKey

  shell32

  ShellExecuteW

  ole32

  CoInitializeEx

  CoCreateInstance

  oleaut32

  VariantClear

  VariantInit

  SysFreeString

  SysAllocString

  Sections

  .text

  Size: 82KB - Virtual size: 82KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 216B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 122KB - Virtual size: 121KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ