14547527485[.]zip

Resubmissions

26/01/2024, 19:41

240126-yeacvadaf9 7

26/01/2024, 16:31

240126-t1m4lshge2 3

26/01/2024, 16:13

240126-tpggpaahfl 7

Sharing

Copy URL Twitter E-mail

General

Target

14547527485.zip
Size

7.2MB
MD5

86c27b0a55465bbb4a581febaca36036
SHA1

156f132aa2d9e8f7730e85cc5377aed7be14b703
SHA256

8a43b9adfd437c627e3a047297bf9042529a9352e9eedad3dc216f41e3c228fb
SHA512

9c7afae820cb771d3282a7b3c90fbe7c7fb227e21e4b9f66c08752d434f7d5e4bf41578db77f51274dd5fcc25c2a9d370e3e07db99408a0d55ca2a164c96dde5
SSDEEP

98304:GTbLr+ckQhbbZgMtmf4dSTrkTkkgrX1k7oWTJ0E4f6FPnE+xbTQLtmznjJW:UXlh3+8QQBTJ0ELFPE4bTQAo

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/113c9e7760da82261d77426d9c41bc108866c45947111dbae5cd3093d69e0f1d
unpack001/3dffb7f05788d981efb12013d7fadf74fdf8f39fa74f04f72be482847c470a53
unpack001/b9e313e08b49d8d2ffe44cb6ec2192ee3a1c97b57c56f024c17d44db042fb9eb
unpack005/usersfiles/user.exe
unpack001/d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c

Files

14547527485.zip
.zip

Password: infected
113c9e7760da82261d77426d9c41bc108866c45947111dbae5cd3093d69e0f1d
.dll windows:6 windows x64 arch:x64

Password: infected

7d011c3a5c476597aaa31e8a9fff1f97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

wctomb
iswctype
wcstombs
realloc
__badioinfo
_read
_fileno
_isatty
ungetc
_iob
localeconv
isxdigit
isleadbyte
__mb_cur_max
mbtowc
isdigit
calloc
_CxxThrowException
memset
memcpy
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
_resetstkoflw
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_errno
__CxxFrameHandler
_purecall
_vsnwprintf
malloc
free
__pioinfo
_wfopen
fread
ftell
fseek
fclose
wcschr
strncmp
memmove

kernel32

FlushFileBuffers
WriteFile
SetFilePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
GetModuleFileNameW
GetCurrentThreadId
GetLocalTime
FormatMessageW
Sleep
VirtualProtect
DelayLoadFailureHook
LoadLibraryExA
LocalFree
CloseHandle
DeleteCriticalSection
LockResource
CreateFileMappingW
DisableThreadLibraryCalls
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
CreateFileW
LeaveCriticalSection
SizeofResource
InitializeCriticalSectionAndSpinCount
LoadLibraryW
LoadResource
FreeLibrary
FindResourceW
UnmapViewOfFile
MapViewOfFile
GetFileSize

Exports

Exports

LangDataCall

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3dffb7f05788d981efb12013d7fadf74fdf8f39fa74f04f72be482847c470a53
.dll windows:5 windows x64 arch:x64

Password: infected

04a2de43d6724a1a52ec06f045f88902

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vulkan-1.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesExW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableSRW
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

cfgmgr32

CM_Get_Child
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Status
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_Sibling
CM_Locate_DevNodeW
CM_Open_DevNode_Key

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

vkAcquireNextImage2KHR
vkAcquireNextImageKHR
vkAllocateCommandBuffers
vkAllocateDescriptorSets
vkAllocateMemory
vkBeginCommandBuffer
vkBindBufferMemory
vkBindBufferMemory2
vkBindImageMemory
vkBindImageMemory2
vkCmdBeginQuery
vkCmdBeginRenderPass
vkCmdBeginRenderPass2
vkCmdBindDescriptorSets
vkCmdBindIndexBuffer
vkCmdBindPipeline
vkCmdBindVertexBuffers
vkCmdBlitImage
vkCmdClearAttachments
vkCmdClearColorImage
vkCmdClearDepthStencilImage
vkCmdCopyBuffer
vkCmdCopyBufferToImage
vkCmdCopyImage
vkCmdCopyImageToBuffer
vkCmdCopyQueryPoolResults
vkCmdDispatch
vkCmdDispatchBase
vkCmdDispatchIndirect
vkCmdDraw
vkCmdDrawIndexed
vkCmdDrawIndexedIndirect
vkCmdDrawIndexedIndirectCount
vkCmdDrawIndirect
vkCmdDrawIndirectCount
vkCmdEndQuery
vkCmdEndRenderPass
vkCmdEndRenderPass2
vkCmdExecuteCommands
vkCmdFillBuffer
vkCmdNextSubpass
vkCmdNextSubpass2
vkCmdPipelineBarrier
vkCmdPushConstants
vkCmdResetEvent
vkCmdResetQueryPool
vkCmdResolveImage
vkCmdSetBlendConstants
vkCmdSetDepthBias
vkCmdSetDepthBounds
vkCmdSetDeviceMask
vkCmdSetEvent
vkCmdSetLineWidth
vkCmdSetScissor
vkCmdSetStencilCompareMask
vkCmdSetStencilReference
vkCmdSetStencilWriteMask
vkCmdSetViewport
vkCmdUpdateBuffer
vkCmdWaitEvents
vkCmdWriteTimestamp
vkCreateBuffer
vkCreateBufferView
vkCreateCommandPool
vkCreateComputePipelines
vkCreateDescriptorPool
vkCreateDescriptorSetLayout
vkCreateDescriptorUpdateTemplate
vkCreateDevice
vkCreateDisplayModeKHR
vkCreateDisplayPlaneSurfaceKHR
vkCreateEvent
vkCreateFence
vkCreateFramebuffer
vkCreateGraphicsPipelines
vkCreateImage
vkCreateImageView
vkCreateInstance
vkCreatePipelineCache
vkCreatePipelineLayout
vkCreateQueryPool
vkCreateRenderPass
vkCreateRenderPass2
vkCreateSampler
vkCreateSamplerYcbcrConversion
vkCreateSemaphore
vkCreateShaderModule
vkCreateSharedSwapchainsKHR
vkCreateSwapchainKHR
vkCreateWin32SurfaceKHR
vkDestroyBuffer
vkDestroyBufferView
vkDestroyCommandPool
vkDestroyDescriptorPool
vkDestroyDescriptorSetLayout
vkDestroyDescriptorUpdateTemplate
vkDestroyDevice
vkDestroyEvent
vkDestroyFence
vkDestroyFramebuffer
vkDestroyImage
vkDestroyImageView
vkDestroyInstance
vkDestroyPipeline
vkDestroyPipelineCache
vkDestroyPipelineLayout
vkDestroyQueryPool
vkDestroyRenderPass
vkDestroySampler
vkDestroySamplerYcbcrConversion
vkDestroySemaphore
vkDestroyShaderModule
vkDestroySurfaceKHR
vkDestroySwapchainKHR
vkDeviceWaitIdle
vkEndCommandBuffer
vkEnumerateDeviceExtensionProperties
vkEnumerateDeviceLayerProperties
vkEnumerateInstanceExtensionProperties
vkEnumerateInstanceLayerProperties
vkEnumerateInstanceVersion
vkEnumeratePhysicalDeviceGroups
vkEnumeratePhysicalDevices
vkFlushMappedMemoryRanges
vkFreeCommandBuffers
vkFreeDescriptorSets
vkFreeMemory
vkGetBufferDeviceAddress
vkGetBufferMemoryRequirements
vkGetBufferMemoryRequirements2
vkGetBufferOpaqueCaptureAddress
vkGetDescriptorSetLayoutSupport
vkGetDeviceGroupPeerMemoryFeatures
vkGetDeviceGroupPresentCapabilitiesKHR
vkGetDeviceGroupSurfacePresentModesKHR
vkGetDeviceMemoryCommitment
vkGetDeviceMemoryOpaqueCaptureAddress
vkGetDeviceProcAddr
vkGetDeviceQueue
vkGetDeviceQueue2
vkGetDisplayModeProperties2KHR
vkGetDisplayModePropertiesKHR
vkGetDisplayPlaneCapabilities2KHR
vkGetDisplayPlaneCapabilitiesKHR
vkGetDisplayPlaneSupportedDisplaysKHR
vkGetEventStatus
vkGetFenceStatus
vkGetImageMemoryRequirements
vkGetImageMemoryRequirements2
vkGetImageSparseMemoryRequirements
vkGetImageSparseMemoryRequirements2
vkGetImageSubresourceLayout
vkGetInstanceProcAddr
vkGetPhysicalDeviceDisplayPlaneProperties2KHR
vkGetPhysicalDeviceDisplayPlanePropertiesKHR
vkGetPhysicalDeviceDisplayProperties2KHR
vkGetPhysicalDeviceDisplayPropertiesKHR
vkGetPhysicalDeviceExternalBufferProperties
vkGetPhysicalDeviceExternalFenceProperties
vkGetPhysicalDeviceExternalSemaphoreProperties
vkGetPhysicalDeviceFeatures
vkGetPhysicalDeviceFeatures2
vkGetPhysicalDeviceFormatProperties
vkGetPhysicalDeviceFormatProperties2
vkGetPhysicalDeviceImageFormatProperties
vkGetPhysicalDeviceImageFormatProperties2
vkGetPhysicalDeviceMemoryProperties
vkGetPhysicalDeviceMemoryProperties2
vkGetPhysicalDevicePresentRectanglesKHR
vkGetPhysicalDeviceProperties
vkGetPhysicalDeviceProperties2
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceQueueFamilyProperties2
vkGetPhysicalDeviceSparseImageFormatProperties
vkGetPhysicalDeviceSparseImageFormatProperties2
vkGetPhysicalDeviceSurfaceCapabilities2KHR
vkGetPhysicalDeviceSurfaceCapabilitiesKHR
vkGetPhysicalDeviceSurfaceFormats2KHR
vkGetPhysicalDeviceSurfaceFormatsKHR
vkGetPhysicalDeviceSurfacePresentModesKHR
vkGetPhysicalDeviceSurfaceSupportKHR
vkGetPhysicalDeviceWin32PresentationSupportKHR
vkGetPipelineCacheData
vkGetQueryPoolResults
vkGetRenderAreaGranularity
vkGetSemaphoreCounterValue
vkGetSwapchainImagesKHR
vkInvalidateMappedMemoryRanges
vkMapMemory
vkMergePipelineCaches
vkQueueBindSparse
vkQueuePresentKHR
vkQueueSubmit
vkQueueWaitIdle
vkResetCommandBuffer
vkResetCommandPool
vkResetDescriptorPool
vkResetEvent
vkResetFences
vkResetQueryPool
vkSetEvent
vkSignalSemaphore
vkTrimCommandPool
vkUnmapMemory
vkUpdateDescriptorSetWithTemplate
vkUpdateDescriptorSets
vkWaitForFences
vkWaitSemaphores

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
98ec46ac0e3b0b49140f710d0437e03e1f89f9b6fc092be7a5a1fde7d59e312e
.elf linux x64
b9e313e08b49d8d2ffe44cb6ec2192ee3a1c97b57c56f024c17d44db042fb9eb
.dll windows:10 windows x64 arch:x64

Password: infected

05d1938ad4ce929f3eca1814b2c87ed7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

onexui.pdb

Imports

msvcrt

memset
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
__CxxFrameHandler3
memcmp
_beginthreadex
_purecall
memcpy_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
_itow
memmove_s
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memcpy
_vsnwprintf
_endthreadex
wcscmp

ntdll

RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventWriteTransfer
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlQueryWnfStateData

user32

KillTimer
LoadIconW
TranslateMessage
SetFocus
GetWindowInfo
SetTimer
ShowWindow
SetWindowTextW
GetSystemMetrics
SendMessageW
GetLastInputInfo
PostMessageW
GetKeyState
GetMessageW
SystemParametersInfoW
EnableWindow
MsgWaitForMultipleObjects
DispatchMessageW
LoadStringW
PeekMessageW

gdi32

DeleteObject

kernel32

CloseHandle
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SizeofResource
DelayLoadFailureHook
ResolveDelayLoadedAPI
LockResource
LoadResource
FindResourceW
GetLastError
UnhandledExceptionFilter
GetCurrentThreadId
QueryPerformanceCounter
Sleep
GetCurrentProcessId
GetTickCount
ProcessIdToSessionId
GetSystemTimeAsFileTime

comctl32

ord413
ord410
ord412

Exports

Exports

OneXGetUserFriendlyText
OneXMapEAPHostInteractiveUIToOneXUIResponse
OneXShowUI
OneXShowUIFromEAPCreds

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
be4334ce0be2683878c5b9fb911a4fb9beaaa09845028215134081268621df38
.rar

Password: infected
usersfiles/META-INF/MANIFEST.MF
usersfiles/WEB-INF/classes/com/ilient/server/UserEntry.class
usersfiles/WEB-INF/lib/gson-2.8.6.jar
.jar
usersfiles/WEB-INF/web.xml
.xml
usersfiles/user.bin
usersfiles/user.exe
.exe windows:5 windows x64 arch:x64

Password: infected

06ed791760f01a9818957f0234599d87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
GetModuleHandleA
CloseHandle
ReadFile
VirtualAlloc
GetFileSize
CreateFileA
lstrlenA
GetModuleFileNameA
GetCommandLineA
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
TerminateProcess
GetCurrentProcess
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetLastError
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
HeapSize
WriteConsoleW
SetStdHandle
CreateFileW

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d14122fa7883b89747f273c44b1f71b81669a088764e97256f97b4b20d945ed0
.elf linux x64
d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c
.dll windows:4 windows x64 arch:x64

Password: infected

dce96bc6319a78e5eaf9315128c98209

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileW
CreateMutexW
CreateSemaphoreW
CreateThread
CreateTimerQueueTimer
DeleteCriticalSection
DeleteTimerQueueTimer
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumResourceLanguagesA
EnumSystemLocalesA
FormatMessageW
FreeLibrary
GetACP
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesW
GetFileSize
GetLastError
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadLocale
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleOutputCP
SetConsoleTitleW
SetEvent
SetFilePointerEx
SetLastError
SetPriorityClass
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

msvcrt

___lc_codepage_func
__dllonexit
__iob_func
__mb_cur_max
__setusermatherr
_amsg_exit
_beginthreadex
_close
_commit
_endthreadex
_errno
_exit
_fdopen
_fileno
_findclose
_fstat64
fwprintf
_get_osfhandle
_gmtime64
_initterm
_isatty
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_open_osfhandle
_pipe
_stat64
_stricmp
_strnicmp
_sys_errlist
_sys_nerr
_time64
_unlock
_vsnprintf
_wfindfirst64
_wfindnext64
_wfullpath
_wgetcwd
_wmkdir
_wopen
_wremove
_wrename
_wstat64
_wunlink
abort
atof
atoi
atol
bsearch
calloc
clearerr
clock
div
exit
fclose
feof
ferror
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fputwc
fputws
fread
free
freopen
fseek
ftell
fwprintf
fwrite
getc
getchar
getenv
isalnum
isalpha
iscntrl
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putchar
puts
qsort
raise
rand
realloc
rewind
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
tolower
toupper
towlower
ungetc
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsrchr
wcstombs
_vsnwprintf
_snwprintf
_write
_stricmp
_strdup
_setmode
_read
_open
_getpid
_getcwd
_fileno
_fdopen
_dup
_close
_access

shell32

SHGetFolderPathW
ShellExecuteW

user32

FindWindowW
GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
MessageBoxW
SendMessageW

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSARecv
WSARecvFrom
WSASendTo
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
ioctlsocket
listen
ntohl
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

AddMD5
EndMD5
FromCharset
GetLang_1
GetLang_2B
GetLang_2T
InitMD5
NTPtime64
ToCharset
VLC_CompileBy
VLC_CompileHost
VLC_Compiler
access_vaDirectoryControlHelper
addon_entry_Hold
addon_entry_New
addon_entry_Release
addons_manager_Delete
addons_manager_Gather
addons_manager_Install
addons_manager_LoadCatalog
addons_manager_New
addons_manager_Remove
aout_BitsPerSample
aout_ChannelExtract
aout_ChannelReorder
aout_CheckChannelExtraction
aout_CheckChannelReorder
aout_Deinterleave
aout_DeviceGet
aout_DeviceSet
aout_DevicesList
aout_FiltersAdjustResampling
aout_FiltersChangeViewpoint
aout_FiltersDelete
aout_FiltersDrain
aout_FiltersFlush
aout_FiltersNew
aout_FiltersPlay
aout_FormatPrepare
aout_FormatPrint
aout_FormatPrintChannels
aout_Interleave
aout_MuteGet
aout_MuteSet
aout_VolumeGet
aout_VolumeSet
aout_VolumeUpdate
aout_filter_RequestVout
block_Alloc
block_FifoCount
block_FifoEmpty
block_FifoGet
block_FifoNew
block_FifoPut
block_FifoRelease
block_FifoShow
block_File
block_FilePath
block_Init
block_Realloc
block_TryRealloc
block_heap_Alloc
block_mmap_Alloc
block_shm_Alloc
config_AddIntf
config_ChainCreate
config_ChainDestroy
config_ChainDuplicate
config_ChainParse
config_ChainParseOptions
config_ExistIntf
config_FindConfig
config_GetDataDir
config_GetFloat
config_GetInt
config_GetIntChoices
config_GetLibDir
config_GetPsz
config_GetPszChoices
config_GetType
config_GetUserDir
config_PutFloat
config_PutInt
config_PutPsz
config_RemoveIntf
config_ResetAll
config_SaveConfigFile
config_StringEscape
config_StringUnescape
date_Change
date_Decrement
date_Get
date_Increment
date_Init
date_Move
date_Set
decoder_AbortPictures
decoder_GetDisplayDate
decoder_GetDisplayRate
decoder_GetInputAttachments
decoder_NewAudioBuffer
decoder_NewSubpicture
demux_Delete
demux_New
demux_PacketizerDestroy
demux_PacketizerNew
demux_vaControl
demux_vaControlHelper
es_format_Clean
es_format_Copy
es_format_Init
es_format_InitFromVideo
es_format_IsSimilar
filter_AddProxyCallbacks
filter_Blend
filter_ConfigureBlend
filter_DelProxyCallbacks
filter_DeleteBlend
filter_NewBlend
filter_chain_AppendConverter
filter_chain_AppendFilter
filter_chain_AppendFromString
filter_chain_Delete
filter_chain_DeleteFilter
filter_chain_GetFmtOut
filter_chain_IsEmpty
filter_chain_MouseEvent
filter_chain_MouseFilter
filter_chain_NewVideo
filter_chain_Reset
filter_chain_SubFilter
filter_chain_VideoFilter
filter_chain_VideoFlush
fingerprinter_Create
fingerprinter_Destroy
httpd_ClientIP
httpd_FileDelete
httpd_FileNew
httpd_HandlerDelete
httpd_HandlerNew
httpd_HostDelete
httpd_MsgAdd
httpd_MsgGet
httpd_RedirectDelete
httpd_RedirectNew
httpd_ServerIP
httpd_StreamDelete
httpd_StreamHeader
httpd_StreamNew
httpd_StreamSend
httpd_StreamSetHTTPHeaders
httpd_UrlCatch
httpd_UrlDelete
httpd_UrlNew
image_Ext2Fourcc
image_HandlerCreate
image_HandlerDelete
image_Mime2Fourcc
image_Type2Fourcc
input_Close
input_Control
input_Create
input_CreateFilename
input_DecoderCreate
input_DecoderDecode
input_DecoderDelete
input_DecoderDrain
input_DecoderFlush
input_GetItem
input_Read
input_Start
input_Stop
input_item_AddInfo
input_item_AddOpaque
input_item_AddOption
input_item_AddOptions
input_item_AddSlave
input_item_Copy
input_item_CopyOptions
input_item_DelInfo
input_item_GetDuration
input_item_GetInfo
input_item_GetMeta
input_item_GetName
input_item_GetNowPlayingFb
input_item_GetTitleFbName
input_item_GetURI
input_item_HasErrorWhenReading
input_item_Hold
input_item_IsArtFetched
input_item_IsPreparsed
input_item_MergeInfos
input_item_MetaMatch
input_item_NewExt
input_item_Release
input_item_ReplaceInfos
input_item_SetDuration
input_item_SetMeta
input_item_SetName
input_item_SetURI
input_item_WriteMeta
input_item_node_AppendItem
input_item_node_AppendNode
input_item_node_Create
input_item_node_Delete
input_item_slave_GetType
input_item_slave_New
input_resource_GetAout
input_resource_HoldAout
input_resource_New
input_resource_PutAout
input_resource_Release
input_resource_ResetAout
input_resource_Terminate
input_resource_TerminateVout
input_vaControl
intf_Create
libvlc_ArtRequest
libvlc_InternalAddIntf
libvlc_InternalCleanup
libvlc_InternalCreate
libvlc_InternalDestroy
libvlc_InternalDialogClean
libvlc_InternalDialogInit
libvlc_InternalInit
libvlc_InternalKeystoreClean
libvlc_InternalKeystoreInit
libvlc_InternalPlay
libvlc_MetadataCancel
libvlc_MetadataRequest
libvlc_Quit
libvlc_SetExitHandler
mdate
module_config_free
module_config_get
module_exists
module_find
module_get_capability
module_get_help
module_get_name
module_get_object
module_get_score
module_gettext
module_list_free
module_list_get
module_need
module_provides
module_unneed
msleep
mwait
net_Accept
net_AcceptSingle
net_Connect
net_ConnectDgram
net_Gets
net_Listen
net_ListenClose
net_OpenDgram
net_Printf
net_Read
net_SetCSCov
net_Write
net_vaPrintf
picture_BlendSubpicture
picture_Clone
picture_Copy
picture_CopyPixels
picture_CopyProperties
picture_Export
picture_Hold
picture_New
picture_NewFromFormat
picture_NewFromResource
picture_Release
picture_Reset
picture_Setup
picture_fifo_Delete
picture_fifo_Flush
picture_fifo_New
picture_fifo_OffsetDate
picture_fifo_Peek
picture_fifo_Pop
picture_fifo_Push
picture_pool_Enum
picture_pool_Get
picture_pool_GetSize
picture_pool_New
picture_pool_NewExtended
picture_pool_NewFromFormat
picture_pool_Release
picture_pool_Reserve
picture_pool_Wait
plane_CopyPixels
playlist_Add
playlist_AddExt
playlist_AddInput
playlist_AssertLocked
playlist_ChildSearchName
playlist_Clear
playlist_Control
playlist_CurrentInput
playlist_CurrentInputLocked
playlist_CurrentPlayingItem
playlist_Deactivate
playlist_EnableAudioFilter
playlist_Export
playlist_GetAout
playlist_GetNodeDuration
playlist_Import
playlist_IsServicesDiscoveryLoaded
playlist_ItemGetById
playlist_ItemGetByInput
playlist_LiveSearchUpdate
playlist_Lock
playlist_MuteGet
playlist_MuteSet
playlist_NodeAddCopy
playlist_NodeAddInput
playlist_NodeCreate
playlist_NodeDelete
playlist_RecursiveNodeSort
playlist_ServicesDiscoveryAdd
playlist_ServicesDiscoveryControl
playlist_ServicesDiscoveryRemove
playlist_SetRenderer
playlist_Status
playlist_TreeMove
playlist_TreeMoveMany
playlist_Unlock
playlist_VolumeGet
playlist_VolumeSet
playlist_VolumeUp
sdp_AddAttribute
sdp_AddMedia
secstotimestr
sout_AccessOutControl
sout_AccessOutDelete
sout_AccessOutNew
sout_AccessOutRead
sout_AccessOutSeek
sout_AccessOutWrite
sout_AnnounceRegisterSDP
sout_AnnounceUnRegister
sout_EncoderCreate
sout_MuxAddStream
sout_MuxDelete
sout_MuxDeleteStream
sout_MuxFlush
sout_MuxGetStream
sout_MuxNew
sout_MuxSendBuffer
sout_StreamChainDelete
sout_StreamChainNew
spu_ChangeFilters
spu_ChangeSources
spu_ClearChannel
spu_Create
spu_Destroy
spu_PutSubpicture
spu_RegisterChannel
spu_Render
subpicture_Delete
subpicture_New
subpicture_NewFromPicture
subpicture_Update
subpicture_region_ChainDelete
subpicture_region_Copy
subpicture_region_Delete
subpicture_region_New
text_segment_ChainDelete
text_segment_Copy
text_segment_Delete
text_segment_New
text_segment_NewInheritStyle
text_style_Copy
text_style_Create
text_style_Delete
text_style_Duplicate
text_style_Merge
text_style_New
update_Check
update_Delete
update_Download
update_GetRelease
update_NeedUpgrade
update_New
us_asprintf
us_atof
us_strtod
us_strtof
us_vasprintf
utf8_fprintf
utf8_vfprintf
var_AddCallback
var_AddListCallback
var_Change
var_Create
var_DelCallback
var_DelListCallback
var_Destroy
var_FreeList
var_Get
var_GetAndSet
var_GetChecked
var_Inherit
var_InheritURational
var_LocationParse
var_Set
var_SetChecked
var_TriggerCallback
var_Type
video_format_ApplyRotation
video_format_CopyCrop
video_format_FixRgb
video_format_GetTransform
video_format_IsSimilar
video_format_Print
video_format_ScaleCropAr
video_format_Setup
video_format_TransformBy
video_format_TransformTo
vlc_CPU
vlc_GetCPUCount
vlc_Log
vlc_LogSet
vlc_UrlClean
vlc_UrlParse
vlc_UrlParseFixup
vlc_accept
vlc_accept_i11e
vlc_access_NewMRL
vlc_actions_get_id
vlc_actions_get_key_names
vlc_actions_get_keycodes
vlc_b64_decode
vlc_b64_decode_binary
vlc_b64_decode_binary_to_buffer
vlc_b64_encode
vlc_b64_encode_binary
vlc_cancel
vlc_clone
vlc_close
vlc_cond_broadcast
vlc_cond_destroy
vlc_cond_init
vlc_cond_signal
vlc_cond_timedwait
vlc_cond_wait
vlc_control_cancel
vlc_credential_clean
vlc_credential_get
vlc_credential_init
vlc_credential_store
vlc_demux_chained_ControlVa
vlc_demux_chained_Delete
vlc_demux_chained_New
vlc_demux_chained_Send
vlc_dialog_display_error
vlc_dialog_display_error_va
vlc_dialog_display_progress
vlc_dialog_display_progress_va
vlc_dialog_id_dismiss
vlc_dialog_id_get_context
vlc_dialog_id_post_action
vlc_dialog_id_post_login
vlc_dialog_id_set_context
vlc_dialog_is_cancelled
vlc_dialog_provider_set_callbacks
vlc_dialog_provider_set_ext_callback
vlc_dialog_release
vlc_dialog_update_progress
vlc_dialog_update_progress_text
vlc_dialog_update_progress_text_va
vlc_dialog_wait_login
vlc_dialog_wait_login_va
vlc_dialog_wait_question
vlc_dialog_wait_question_va
vlc_drand48
vlc_dup
vlc_epg_AddEvent
vlc_epg_Delete
vlc_epg_Duplicate
vlc_epg_New
vlc_epg_SetCurrent
vlc_epg_event_Delete
vlc_epg_event_Duplicate
vlc_epg_event_New
vlc_error
vlc_event_attach
vlc_event_detach
vlc_ext_dialog_update
vlc_fifo_DequeueAllUnlocked
vlc_fifo_DequeueUnlocked
vlc_fifo_GetBytes
vlc_fifo_GetCount
vlc_fifo_Lock
vlc_fifo_QueueUnlocked
vlc_fifo_Signal
vlc_fifo_Unlock
vlc_fifo_Wait

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ef792687b8bcd3c03bed4b09c4722bba921536802afe01f7cdb01cc7c3c60815
.elf linux x64

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

7d011c3a5c476597aaa31e8a9fff1f97

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 3KB - Virtual size: 22KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 10KB - Virtual size: 10KB

Password: infected

04a2de43d6724a1a52ec06f045f88902

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

cfgmgr32

advapi32

Exports

Exports

Sections

.text Size: 424KB - Virtual size: 423KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 7KB - Virtual size: 18KB

.pdata Size: 19KB - Virtual size: 19KB

.00cfg Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 21B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 421KB - Virtual size: 420KB

.reloc Size: 3KB - Virtual size: 3KB

Password: infected

05d1938ad4ce929f3eca1814b2c87ed7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

user32

gdi32

kernel32

comctl32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 508B

Password: infected

Password: infected

06ed791760f01a9818957f0234599d87

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 21KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 3KB - Virtual size: 22KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 424KB - Virtual size: 423KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 7KB - Virtual size: 18KB

.pdata
Size: 19KB - Virtual size: 19KB

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 21B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 421KB - Virtual size: 420KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 508B

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 21KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 732B

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 18KB - Virtual size: 17KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 43KB - Virtual size: 42KB

.xdata
Size: 42KB - Virtual size: 42KB

.bss
Size: - Virtual size: 18KB

.edata
Size: 21KB - Virtual size: 21KB

.idata
Size: 11KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 365KB - Virtual size: 364KB

.reloc
Size: 6KB - Virtual size: 5KB

/4
Size: 512B - Virtual size: 24B