Extracted

• c69eb279e87295c25188e6d127b25ad3662a2033e70930ad4d658f4fd56bcc6f

  .zip
• c69eb279e87295c25188e6d127b25ad3662a2033e70930ad4d658f4fd56bcc6f

  .exe windows:6 windows x86 arch:x86

  078471ac5a76189ffe465abe0c89c6b7

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetCurrentThreadId

  GetModuleHandleA

  GetLocaleInfoA

  OpenProcess

  CreateToolhelp32Snapshot

  MultiByteToWideChar

  Sleep

  GetTempPathA

  GetModuleHandleExA

  GetTimeZoneInformation

  GetTickCount64

  CopyFileA

  GetLastError

  GetFileAttributesA

  TzSpecificLocalTimeToSystemTime

  CreateFileA

  SetEvent

  TerminateThread

  LoadLibraryA

  GetVersionExA

  DeleteFileA

  Process32Next

  CloseHandle

  GetSystemInfo

  CreateThread

  ResetEvent

  GetWindowsDirectoryA

  HeapAlloc

  SetFileAttributesA

  GetLocalTime

  GetProcAddress

  VirtualAllocEx

  LocalFree

  IsProcessorFeaturePresent

  GetFileSize

  RemoveDirectoryA

  GetCurrentProcessId

  GetProcessHeap

  GlobalMemoryStatusEx

  FreeLibrary

  WideCharToMultiByte

  CreateRemoteThread

  CreateProcessA

  CreateDirectoryA

  GetSystemTime

  VirtualFreeEx

  LocalAlloc

  CreateEventA

  GetPrivateProfileStringA

  IsWow64Process

  IsDebuggerPresent

  GetComputerNameA

  SetUnhandledExceptionFilter

  SetFilePointer

  CreateFileW

  AreFileApisANSI

  EnterCriticalSection

  GetFullPathNameW

  GetDiskFreeSpaceW

  LockFile

  LeaveCriticalSection

  InitializeCriticalSection

  GetFullPathNameA

  SetEndOfFile

  GetTempPathW

  GetFileAttributesW

  FormatMessageW

  GetDiskFreeSpaceA

  DeleteFileW

  UnlockFile

  LockFileEx

  DeleteCriticalSection

  GetSystemTimeAsFileTime

  FormatMessageA

  QueryPerformanceCounter

  GetTickCount

  FlushFileBuffers

  WriteConsoleW

  HeapSize

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  WaitForSingleObject

  GetVolumeInformationA

  CreateMutexA

  FindClose

  lstrlenA

  InitializeCriticalSectionEx

  FindNextFileA

  GetUserDefaultLocaleName

  TerminateProcess

  WriteFile

  GetCurrentProcess

  HeapFree

  FindFirstFileA

  WriteProcessMemory

  Process32First

  GetPrivateProfileSectionNamesA

  SetStdHandle

  HeapReAlloc

  EnumSystemLocalesW

  GetUserDefaultLCID

  ReadFile

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetTimeFormatW

  GetDateFormatW

  GetFileSizeEx

  GetConsoleOutputCP

  ReadConsoleW

  GetConsoleMode

  GetStdHandle

  GetModuleFileNameW

  GetModuleHandleExW

  ExitProcess

  GetModuleFileNameA

  lstrcpynA

  GetFileType

  SetFilePointerEx

  LoadLibraryExW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  SetLastError

  RaiseException

  RtlUnwind

  InitializeSListHead

  GetStartupInfoW

  FindFirstFileW

  FindFirstFileExW

  FindNextFileW

  GetFileAttributesExW

  GetFinalPathNameByHandleW

  GetModuleHandleW

  GetFileInformationByHandleEx

  GetLocaleInfoEx

  InitializeSRWLock

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  TryAcquireSRWLockExclusive

  LCMapStringEx

  EncodePointer

  DecodePointer

  CompareStringEx

  GetCPInfo

  GetStringTypeW

  UnhandledExceptionFilter

  user32

  GetWindowRect

  GetDC

  GetSystemMetrics

  GetKeyboardLayoutList

  GetDesktopWindow

  ReleaseDC

  EnumDisplayDevicesA

  CharNextA

  wsprintfA

  gdi32

  CreateCompatibleBitmap

  SelectObject

  CreateCompatibleDC

  DeleteObject

  BitBlt

  advapi32

  SystemFunction036

  RegOpenKeyExA

  RegSetValueExA

  RegEnumKeyA

  RegCloseKey

  GetCurrentHwProfileA

  RegQueryValueExA

  CredEnumerateA

  RegCreateKeyExA

  CredFree

  GetUserNameA

  RegEnumKeyExA

  shell32

  SHGetFolderPathA

  ShellExecuteA

  ole32

  CoUninitialize

  CoInitializeEx

  CoCreateInstance

  CoInitialize

  ws2_32

  WSACleanup

  closesocket

  shutdown

  getaddrinfo

  WSAStartup

  WSAGetLastError

  socket

  connect

  recv

  freeaddrinfo

  setsockopt

  send

  crypt32

  CryptUnprotectData

  shlwapi

  PathFindExtensionA

  gdiplus

  GdipSaveImageToFile

  GdipGetImageEncodersSize

  GdipFree

  GdipDisposeImage

  GdipCreateBitmapFromHBITMAP

  GdipAlloc

  GdipCloneImage

  GdipGetImageEncoders

  GdiplusShutdown

  GdiplusStartup

  setupapi

  SetupDiEnumDeviceInterfaces

  SetupDiGetClassDevsA

  SetupDiEnumDeviceInfo

  SetupDiGetDeviceInterfaceDetailA

  ntdll

  RtlUnicodeStringToAnsiString

  Sections

  .text

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 215KB - Virtual size: 214KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 37KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ