HanzoByCypher[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

HanzoByCypher.rar
Size

8.0MB
MD5

893d97581a4ad14afa9fac3b60690a1a
SHA1

99042c496f3d56f7a3fe17af1fa845155ecb6a16
SHA256

ac3217ce5d314a9f1ffcc83ad8909a9195d98f2d2cf747b7abefc3700a3b78f1
SHA512

bb4d32a266dec2271f5351df709ec19119dd6c8f9e54c058fe6b2240a05f5cceff38ce3e921650db275c8fc4e46686cd7708a71b79dc5def58d28f1e31dc86be
SSDEEP

196608:k03PWOmjUsZm+Ae5k4Ow7TGCfmqAe6h+SBMo1AIYu:kgPPsZm3nwT+Fp+SB9ixu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/HanzoByCypher/USB Setup/EFI/Boot/bootx64.efi	upx
static1/unpack001/HanzoByCypher/USB Setup/avm.efi	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HanzoByCypher/Hanzo Chair.exe
unpack001/HanzoByCypher/USB Setup/EFI/Boot/bootx64.efi
unpack001/HanzoByCypher/USB Setup/avm.efi
unpack001/HanzoByCypher/ZX.exe
unpack001/HanzoByCypher/hanzo.hookedbycypher.exe

Files

HanzoByCypher.rar
.rar
HanzoByCypher/Hanzo Chair.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 264KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 46KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PYTGUARD
Size: - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
HanzoByCypher/Install.bat
HanzoByCypher/Medal Settings/Medal Link.bat
HanzoByCypher/Medal Settings/Screenshot_1.png
.png
HanzoByCypher/Medal Settings/Screenshot_2.png
.png
HanzoByCypher/Medal Settings/Screenshot_3.png
.png
HanzoByCypher/Medal Settings/Screenshot_4.png
.png
HanzoByCypher/USB Setup/EFI/Boot/bootx64.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 660KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HanzoByCypher/USB Setup/EFI/Boot/startup.nsh
HanzoByCypher/USB Setup/avm.efi
.exe windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HanzoByCypher/ZX.exe
.exe windows:6 windows x86 arch:x86

51850908103fac568ec032763c0d304c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\franci~1\docume~1\projects\interc~1\instal~1\exe\objfre_wxp_x86\i386\install-interception.pdb

Imports

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegDeleteKeyA

kernel32

GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetLastError
MoveFileExA
GetSystemDirectoryA
GetSystemInfo
CloseHandle
FreeResource
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetVersionExA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep

msvcrt

free
_callnewh
malloc
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
fgetc
fputc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
abort
islower
__getmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__uncaught_exception
memmove
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_errno
__CxxFrameHandler
exit
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memset
memcpy
_stricmp
setlocale

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HanzoByCypher/hanzo.hookedbycypher.exe
.exe windows:6 windows x64 arch:x64

83d8d34692ad34fbceb4be1f788cb404

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileSizeEx
WaitForMultipleObjects
CreateEventA
DeviceIoControl
GetProcessHeap
HeapFree
HeapAlloc
CreateFileA
LoadLibraryA
GetModuleHandleA
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
FreeLibrary
IsProcessorFeaturePresent
TerminateProcess
VerSetConditionMask
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
Process32NextW
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
Process32FirstW
CreateToolhelp32Snapshot
GetConsoleWindow
WideCharToMultiByte
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
SetPriorityClass
GetCurrentProcess
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
Beep
Sleep
LoadLibraryW
GetModuleHandleW
GetCurrentProcessId
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
ReleaseSRWLockExclusive
GetProcAddress
VirtualFree
VirtualAlloc
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
ReadFile
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
MultiByteToWideChar
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

MessageBoxA
SetClipboardData
DestroyWindow
LoadCursorW
ScreenToClient
ClientToScreen
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
CloseClipboard
OpenClipboard
GetWindow
GetCursorPos
EmptyClipboard
GetWindowRect
GetSystemMetrics
SendInput
GetKeyState
GetClipboardData

msvcp140

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

d3d9

Direct3DCreate9Ex

xinput1_3

ord2

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

normaliz

IdnToAscii

wldap32

ord22
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord143
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore

ws2_32

ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
ntohl
gethostname
recvfrom
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
sendto

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
__intrinsic_setjmp
strstr
longjmp
memcpy
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
memset
strchr
strrchr
memmove
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strspn
isupper
_stricmp
strpbrk
strncpy
_wcsicmp
strcspn
_strdup
strncmp
strcmp
tolower

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
system
exit
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
_initialize_onexit_table
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
_configure_narrow_argv
__sys_nerr
strerror
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_seh_filter_exe
_get_initial_narrow_environment
_set_app_type
_errno
_register_onexit_function
_getpid

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
calloc
free
_set_new_mode

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-stdio-l1-1-0

__p__commode
_lseeki64
fputc
feof
fgets
_read
_write
_set_fmode
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vsscanf
_close
_open
fputs
fopen
__acrt_iob_func
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen

api-ms-win-crt-math-l1-1-0

logf
__setusermatherr
log
ceilf
acosf
tanf
sqrtf
sinf
powf
atan2f
fmodf
floorf
pow
cosf
atan2
asin

api-ms-win-crt-convert-l1-1-0

atoi
strtoll
strtoul
atof
strtol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64
_fstat64
_access

advapi32

CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
CryptCreateHash
CryptHashData
CryptGetHashParam

Exports

Exports

interception_create_context
interception_destroy_context
interception_get_filter
interception_get_hardware_id
interception_get_precedence
interception_is_invalid
interception_is_keyboard
interception_is_mouse
interception_receive
interception_send
interception_set_filter
interception_set_precedence
interception_wait
interception_wait_with_timeout

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 948KB - Virtual size: 948KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 264KB - Virtual size: 565KB

Size: 46KB - Virtual size: 121KB

Size: 1024B - Virtual size: 5KB

Size: 12KB - Virtual size: 20KB

Size: 512B - Virtual size: 488B

Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

PYTGUARD Size: - Virtual size: 9.2MB

.boot Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 16B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 660KB

UPX1 Size: 259KB - Virtual size: 259KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 18KB - Virtual size: 20KB

51850908103fac568ec032763c0d304c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 29KB - Virtual size: 28KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 424KB - Virtual size: 423KB

.reloc Size: 4KB - Virtual size: 3KB

83d8d34692ad34fbceb4be1f788cb404

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

d3d9

xinput1_3

imm32

normaliz

wldap32

crypt32

ws2_32

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

advapi32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 948KB - Virtual size: 948KB

.pdata Size: 52KB - Virtual size: 52KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

PYTGUARD
Size: - Virtual size: 9.2MB

.boot
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 16B - Virtual size: 4KB

UPX0
Size: - Virtual size: 660KB

UPX1
Size: 259KB - Virtual size: 259KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 18KB - Virtual size: 20KB

.text
Size: 29KB - Virtual size: 28KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 424KB - Virtual size: 423KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 948KB - Virtual size: 948KB

.pdata
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB