diceloader | Malware-1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Malware-1.zip
Size

3.7MB
MD5

350b39f9447ca3b549fc02278f5cfa73
SHA1

4f5e9724eeb4d6c93153f496760481c76ff004a2
SHA256

84373ce008bb056e6e9519af8ee59db2ccfa53bea9fde1eebb61712fa1cfa9c7
SHA512

07484f4fb87237526e3e334334a922240a84de8679edb7a2e889850a0eaafcb67ee7ca9210958c2b552d66e695e23e7d07064083ab8eb166e729038add23953b
SSDEEP

98304:g2nfLAg3Z+D1iE4WXKKypINzpVEltYQZT6C0XV6Gs:g2n0gJ6tXestieXV6Z

Score

10^/10

diceloader

Malware Config

Signatures

Diceloader family
diceloader

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DLLs/_ctypes.pyd
unpack001/python27.dll
unpack001/pythonw.exe

Files

Malware-1.zip
.zip
DLLs/_ctypes.pyd
.dll windows:5 windows x64 arch:x64

d2a6801f784181898580963468a46355

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\build27\cpython\PCBuild\amd64\_ctypes.pdb

Imports

kernel32

GetProcAddress
GetLastError
SetLastError
DisableThreadLibraryCalls
FreeLibrary
FormatMessageA
LoadLibraryA
LocalFree
IsBadStringPtrW
IsBadStringPtrA
VirtualAlloc
GetSystemInfo
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
Sleep

ole32

ProgIDFromCLSID

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
SysAllocStringLen

python27

PyObject_SetAttrString
PyExc_OverflowError
_PyObject_CallFunction_SizeT
PyObject_AsWriteBuffer
PyErr_ExceptionMatches
PyObject_CallFunctionObjArgs
_PyArg_ParseTuple_SizeT
_Py_NoneStruct
PyMem_Free
PyErr_WriteUnraisable
PyNumber_AsSsize_t
PyString_Format
PyTuple_GetItem
Py_InitModule4_64
PyExc_ValueError
PyErr_Occurred
_Py_CheckRecursiveCall
PyDict_GetItemString
PyObject_SetAttr
PyObject_IsSubclass
PyErr_SetString
PyDescr_NewClassMethod
PySequence_GetItem
PyType_IsSubtype
_Py_BuildValue_SizeT
PyErr_NewException
PyUnicodeUCS2_AsWideChar
PyCFunction_NewEx
PyTuple_Pack
_PyObject_CallMethod_SizeT
PyWeakref_NewProxy
_PyWeakref_CallableProxyType
PyType_Type
PyModule_AddStringConstant
PyErr_Clear
PyObject_IsInstance
PyEval_InitThreads
PyMethod_New
PyLong_AsSsize_t
PyList_New
PyType_GenericNew
PySequence_GetSlice
PyExc_RuntimeError
PyMem_Malloc
PyErr_Format
PyModule_AddObject
PyExc_TypeError
PyLong_FromVoidPtr
PyDict_SetItemString
PyExc_IndexError
PyObject_GetAttrString
PyObject_GetBuffer
_PySlice_Unpack
PyDict_Size
PyArg_UnpackTuple
PyDict_Type
PySys_GetObject
PyFile_WriteString
PyGILState_Release
PyInt_AsLong
Py_Initialize
PyObject_GC_Del
PyCode_NewEmpty
PyFrame_New
PyObject_CallFunction
Py_IsInitialized
PyThreadState_Get
PyExc_RuntimeWarning
PyTraceBack_Here
PyObject_GC_Track
PyErr_Print
PyObject_GC_UnTrack
PyImport_ImportModuleNoBlock
PyGILState_Ensure
_PyObject_GC_NewVar
PyErr_WarnEx
_PyWeakref_ProxyType
PyObject_Str
PyCapsule_IsValid
PyErr_SetFromWindowsErr
Py_BuildValue
PyLong_FromSsize_t
PyTuple_Type
PyCapsule_New
PyErr_SetObject
PyEval_RestoreThread
PyEval_SaveThread
PyArg_ParseTuple
PyObject_Free
PyObject_CallMethod
PyLong_AsUnsignedLong
PyLong_AsLong
PyMem_Realloc
PyThreadState_GetDict
PyCapsule_GetPointer
PyErr_NormalizeException
PyString_ConcatAndDel
PyString_FromFormatV
PyString_Type
PyExc_WindowsError
PyErr_Fetch
PyFloat_FromDouble
_PyFloat_Pack8
PyInt_AsUnsignedLongLongMask
PyLong_FromUnsignedLong
_PyFloat_Unpack4
PyFloat_Type
PyLong_FromLongLong
_PyFloat_Unpack8
PyBool_FromLong
_PyFloat_Pack4
PyString_Size
PyFloat_AsDouble
PyObject_IsTrue
PyLong_FromUnsignedLongLong
Py_FatalError
_PyInt_AsInt
PySequence_Fast
PyTuple_Size
PyObject_HasAttrString
PyObject_GetAttr
PyErr_NoMemory
PyUnicodeUCS2_AsEncodedString
_PyThreadState_Current
PyObject_AsReadBuffer
PyObject_GenericSetAttr
PyString_AsString
PyBuffer_Type
PyDict_DelItem
PyDict_GetItem
PyTuple_GetSlice
PyString_FromStringAndSize
_PySlice_AdjustIndices
PyUnicodeUCS2_FromWideChar
PyBuffer_Release
PyDict_Update
PyInt_FromLong
PyObject_CallObject
PyString_FromFormat
PyString_Concat
PyUnicodeUCS2_FromEncodedObject
PyDict_New
PyLong_AsVoidPtr
PyTuple_New
PyDict_Next
PyCallable_Check
PySequence_Size
PyUnicodeUCS2_FromUnicode
PySequence_Tuple
PyInt_AsUnsignedLongMask
_Py_CheckRecursionLimit
PyInt_FromSsize_t
PyString_FromString
PyDict_SetItem
PySequence_SetItem
PyExc_AttributeError
PySlice_Type
PyType_Ready
_PyObject_New
PyString_InternFromString
PyDescr_NewGetSet

msvcr90

memcpy
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__crt_debugger_hook
__CppXcptFilter
__C_specific_handler
_amsg_exit
_decode_pointer
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
_encode_pointer
isspace
_vsnprintf
_errno
memset
strchr
memmove
sprintf
memcmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
init_ctypes

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lib/BaseHTTPServer.py
Lib/Bastion.py
Lib/CGIHTTPServer.py
Lib/ConfigParser.py
Lib/ConfigParser.pyc
Lib/Cookie.py
.py .js
Lib/Cookie.pyc
.js
Lib/DocXMLRPCServer.py
Lib/HTMLParser.py
Lib/HTMLParser.pyc
Lib/MimeWriter.py
Lib/Queue.py
Lib/Queue.pyc
Lib/SimpleHTTPServer.py
Lib/SimpleXMLRPCServer.py
Lib/SocketServer.py
.py .js
Lib/SocketServer.pyc
Lib/StringIO.py
Lib/StringIO.pyc
Lib/UserDict.py
Lib/UserDict.pyc
Lib/UserList.py
Lib/UserString.py
.py .sh linux
Lib/_LWPCookieJar.py
Lib/_LWPCookieJar.pyc
Lib/_MozillaCookieJar.py
Lib/_MozillaCookieJar.pyc
Lib/__future__.py
Lib/__future__.pyc
Lib/__phello__.foo.py
Lib/_abcoll.py
Lib/_abcoll.pyc
Lib/_osx_support.py
Lib/_pyio.py
Lib/_strptime.py
Lib/_threading_local.py
Lib/_weakrefset.py
Lib/_weakrefset.pyc
Lib/abc.py
Lib/abc.pyc
Lib/aifc.py
Lib/antigravity.py
Lib/anydbm.py
Lib/argparse.py
.py .vbs
Lib/argparse.pyc
Lib/ast.py
Lib/asynchat.py
Lib/asyncore.py
Lib/atexit.py
Lib/atexit.pyc
Lib/audiodev.py
Lib/base64.py
Lib/base64.pyc
Lib/bdb.py
.py .js
Lib/binhex.py
Lib/bisect.py
Lib/bisect.pyc
Lib/cProfile.py
Lib/calendar.py
Lib/calendar.pyc
Lib/cgi.py
Lib/cgi.pyc
Lib/cgitb.py
Lib/chunk.py
Lib/cmd.py
Lib/code.py
Lib/codecs.py
Lib/codecs.pyc
Lib/codeop.py
Lib/collections.py
Lib/collections.pyc
Lib/colorsys.py
Lib/commands.py
Lib/compileall.py
Lib/compileall.pyc
Lib/contextlib.py
Lib/contextlib.pyc
Lib/cookielib.py
.py .vbs
Lib/cookielib.pyc
Lib/copy.py
Lib/copy.pyc
Lib/copy_reg.py
Lib/copy_reg.pyc
Lib/csv.py
Lib/csv.pyc
Lib/ctypes/__init__.py
Lib/ctypes/__init__.pyc
Lib/ctypes/_endian.py
Lib/ctypes/_endian.pyc
Lib/ctypes/macholib/__init__.py
Lib/ctypes/macholib/dyld.py
Lib/ctypes/macholib/dylib.py
Lib/ctypes/macholib/framework.py
Lib/ctypes/test/__init__.py
Lib/ctypes/test/runtests.py
Lib/ctypes/test/test_anon.py
Lib/ctypes/test/test_array_in_pointer.py
Lib/ctypes/test/test_arrays.py
Lib/ctypes/test/test_as_parameter.py
Lib/ctypes/test/test_bitfields.py
Lib/ctypes/test/test_buffers.py
Lib/ctypes/test/test_byteswap.py
Lib/ctypes/test/test_callbacks.py
Lib/ctypes/test/test_cast.py
Lib/ctypes/test/test_cfuncs.py
Lib/ctypes/test/test_checkretval.py
Lib/ctypes/test/test_delattr.py
Lib/ctypes/test/test_errno.py
Lib/ctypes/test/test_find.py
Lib/ctypes/test/test_frombuffer.py
Lib/ctypes/test/test_funcptr.py
Lib/ctypes/test/test_functions.py
Lib/ctypes/test/test_incomplete.py
Lib/ctypes/test/test_init.py
Lib/ctypes/test/test_internals.py
Lib/ctypes/test/test_keeprefs.py
Lib/ctypes/test/test_libc.py
Lib/ctypes/test/test_loading.py
Lib/ctypes/test/test_macholib.py
Lib/ctypes/test/test_memfunctions.py
Lib/ctypes/test/test_numbers.py
Lib/ctypes/test/test_objects.py
Lib/ctypes/test/test_parameters.py
Lib/ctypes/test/test_pep3118.py
Lib/ctypes/test/test_pickling.py
Lib/ctypes/test/test_pointers.py
Lib/ctypes/test/test_prototypes.py
Lib/ctypes/test/test_python_api.py
Lib/ctypes/test/test_random_things.py
Lib/ctypes/test/test_refcounts.py
Lib/ctypes/test/test_repr.py
Lib/ctypes/test/test_returnfuncptrs.py
Lib/ctypes/test/test_simplesubclasses.py
Lib/ctypes/test/test_sizes.py
Lib/ctypes/test/test_slicing.py
Lib/ctypes/test/test_stringptr.py
Lib/ctypes/test/test_strings.py
Lib/ctypes/test/test_struct_fields.py
Lib/ctypes/test/test_structures.py
Lib/ctypes/test/test_unaligned_structures.py
Lib/ctypes/test/test_unicode.py
Lib/ctypes/test/test_values.py
Lib/ctypes/test/test_varsize_struct.py
Lib/ctypes/test/test_win32.py
Lib/ctypes/test/test_wintypes.py
Lib/ctypes/util.py
Lib/ctypes/wintypes.py
Lib/ctypes/wintypes.pyc
Lib/dbhash.py
Lib/decimal.py
Lib/difflib.py
Lib/dircache.py
Lib/dis.py
Lib/dis.pyc
Lib/doctest.py
Lib/dumbdbm.py
Lib/dummy_thread.py
Lib/dummy_threading.py
Lib/encodings/__init__.py
Lib/encodings/__init__.pyc
Lib/encodings/aliases.py
Lib/encodings/aliases.pyc
Lib/encodings/ascii.py
Lib/encodings/ascii.pyc
Lib/encodings/base64_codec.py
Lib/encodings/big5.py
Lib/encodings/big5hkscs.py
Lib/encodings/bz2_codec.py
Lib/encodings/charmap.py
Lib/encodings/cp037.py
Lib/encodings/cp1006.py
Lib/encodings/cp1026.py
Lib/encodings/cp1140.py
Lib/encodings/cp1250.py
Lib/encodings/cp1251.py
Lib/encodings/cp1251.pyc
Lib/encodings/cp1252.py
Lib/encodings/cp1253.py
Lib/encodings/cp1254.py
Lib/encodings/cp1255.py
Lib/encodings/cp1256.py
Lib/encodings/cp1257.py
Lib/encodings/cp1258.py
Lib/encodings/cp424.py
Lib/encodings/cp437.py
Lib/encodings/cp500.py
Lib/encodings/cp720.py
Lib/encodings/cp737.py
Lib/encodings/cp775.py
Lib/encodings/cp850.py
Lib/encodings/cp852.py
Lib/encodings/cp855.py
Lib/encodings/cp856.py
Lib/encodings/cp857.py
Lib/encodings/cp858.py
Lib/encodings/cp860.py
Lib/encodings/cp861.py
Lib/encodings/cp862.py
Lib/encodings/cp863.py
Lib/encodings/cp864.py
Lib/encodings/cp865.py
Lib/encodings/cp866.py
Lib/encodings/cp869.py
Lib/encodings/cp874.py
Lib/encodings/cp875.py
Lib/encodings/cp932.py
Lib/encodings/cp949.py
Lib/encodings/cp950.py
Lib/encodings/euc_jis_2004.py
Lib/encodings/euc_jisx0213.py
Lib/encodings/euc_jp.py
Lib/encodings/euc_kr.py
Lib/encodings/gb18030.py
Lib/encodings/gb2312.py
Lib/encodings/gbk.py
Lib/encodings/hex_codec.py
Lib/encodings/hp_roman8.py
Lib/encodings/hz.py
Lib/encodings/idna.py
Lib/encodings/idna.pyc
Lib/encodings/iso2022_jp.py
Lib/encodings/iso2022_jp_1.py
Lib/encodings/iso2022_jp_2.py
Lib/encodings/iso2022_jp_2004.py
Lib/encodings/iso2022_jp_3.py
Lib/encodings/iso2022_jp_ext.py
Lib/encodings/iso2022_kr.py
Lib/encodings/iso8859_1.py
Lib/encodings/iso8859_10.py
Lib/encodings/iso8859_11.py
Lib/encodings/iso8859_13.py
Lib/encodings/iso8859_14.py
Lib/encodings/iso8859_15.py
Lib/encodings/iso8859_16.py
Lib/encodings/iso8859_2.py
Lib/encodings/iso8859_3.py
Lib/encodings/iso8859_4.py
Lib/encodings/iso8859_5.py
Lib/encodings/iso8859_6.py
Lib/encodings/iso8859_7.py
Lib/encodings/iso8859_8.py
Lib/encodings/iso8859_9.py
Lib/encodings/johab.py
Lib/encodings/koi8_r.py
Lib/encodings/koi8_u.py
Lib/encodings/latin_1.py
Lib/encodings/latin_1.pyc
Lib/encodings/mac_arabic.py
Lib/encodings/mac_centeuro.py
Lib/encodings/mac_croatian.py
Lib/encodings/mac_cyrillic.py
Lib/encodings/mac_farsi.py
Lib/encodings/mac_greek.py
Lib/encodings/mac_iceland.py
Lib/encodings/mac_latin2.py
Lib/encodings/mac_roman.py
Lib/encodings/mac_romanian.py
Lib/encodings/mac_turkish.py
Lib/encodings/mbcs.py
Lib/encodings/mbcs.pyc
Lib/encodings/palmos.py
Lib/encodings/ptcp154.py
Lib/encodings/punycode.py
Lib/encodings/quopri_codec.py
Lib/encodings/raw_unicode_escape.py
Lib/encodings/rot_13.py
.py .sh linux
Lib/encodings/shift_jis.py
Lib/encodings/shift_jis_2004.py
Lib/encodings/shift_jisx0213.py
Lib/encodings/string_escape.py
Lib/encodings/tis_620.py
Lib/encodings/undefined.py
Lib/encodings/unicode_escape.py
Lib/encodings/unicode_internal.py
Lib/encodings/utf_16.py
Lib/encodings/utf_16_be.py
Lib/encodings/utf_16_be.pyc
Lib/encodings/utf_16_le.py
Lib/encodings/utf_16_le.pyc
Lib/encodings/utf_32.py
Lib/encodings/utf_32_be.py
Lib/encodings/utf_32_be.pyc
Lib/encodings/utf_32_le.py
Lib/encodings/utf_7.py
Lib/encodings/utf_8.py
Lib/encodings/utf_8.pyc
Lib/encodings/utf_8_sig.py
Lib/encodings/uu_codec.py
Lib/encodings/zlib_codec.py
Lib/filecmp.py
Lib/fileinput.py
Lib/fnmatch.py
Lib/fnmatch.pyc
Lib/formatter.py
Lib/fpformat.py
Lib/fractions.py
Lib/ftplib.py
.py .js
Lib/functools.py
Lib/functools.pyc
Lib/genericpath.py
Lib/genericpath.pyc
Lib/getopt.py
Lib/getopt.pyc
Lib/getpass.py
Lib/getpass.pyc
Lib/gettext.py
Lib/gettext.pyc
Lib/glob.py
Lib/glob.pyc
Lib/gzip.py
Lib/gzip.pyc
Lib/hashlib.py
Lib/hashlib.pyc
Lib/heapq.py
Lib/heapq.pyc
Lib/hmac.py
Lib/hmac.pyc
Lib/htmlentitydefs.py
Lib/htmlentitydefs.pyc
Lib/htmllib.py
Lib/httplib.py
Lib/httplib.pyc
Lib/ihooks.py
Lib/imaplib.py
Lib/imghdr.py
Lib/imputil.py
Lib/inspect.py
Lib/inspect.pyc
Lib/io.py
Lib/io.pyc
Lib/keyword.py
Lib/keyword.pyc
Lib/linecache.py
Lib/linecache.pyc
Lib/locale.py
Lib/locale.pyc
Lib/macpath.py
Lib/macurl2path.py
Lib/mailbox.py
Lib/mailcap.py
Lib/markupbase.py
Lib/markupbase.pyc
Lib/md5.py
Lib/mhlib.py
Lib/mimetools.py
Lib/mimetools.pyc
Lib/mimetypes.py
Lib/mimetypes.pyc
Lib/mimify.py
Lib/modulefinder.py
Lib/multifile.py
Lib/mutex.py
Lib/netrc.py
Lib/new.py
Lib/nntplib.py
Lib/ntpath.py
Lib/ntpath.pyc
Lib/nturl2path.py
Lib/nturl2path.pyc
Lib/numbers.py
Lib/opcode.py
Lib/opcode.pyc
Lib/optparse.py
Lib/optparse.pyc
Lib/os.py
Lib/os.pyc
Lib/os2emxpath.py
Lib/pdb.py
.py .js
Lib/pickle.py
Lib/pickletools.py
Lib/pipes.py
Lib/pipes.pyc
Lib/pkgutil.py
Lib/pkgutil.pyc
Lib/platform.py
.py .sh linux
Lib/platform.pyc
Lib/plistlib.py
Lib/plistlib.pyc
Lib/popen2.py
Lib/poplib.py
Lib/posixfile.py
Lib/posixpath.py
Lib/posixpath.pyc
Lib/pprint.py
Lib/pprint.pyc
Lib/profile.py
Lib/pstats.py
Lib/pty.py
Lib/py_compile.py
Lib/py_compile.pyc
Lib/pyclbr.py
.py .js
Lib/pydoc.py
.py .sh linux
Lib/quopri.py
Lib/quopri.pyc
Lib/random.py
Lib/random.pyc
Lib/re.py
Lib/re.pyc
Lib/repr.py
Lib/rexec.py
.py .js
Lib/rfc822.py
Lib/rfc822.pyc
Lib/rlcompleter.py
Lib/robotparser.py
Lib/runpy.py
Lib/runpy.pyc
Lib/sched.py
Lib/sets.py
Lib/sgmllib.py
Lib/sha.py
Lib/shelve.py
Lib/shlex.py
Lib/shlex.pyc
Lib/shutil.py
Lib/shutil.pyc
Lib/site.py
Lib/site.pyc
Lib/smtpd.py
Lib/smtplib.py
Lib/sndhdr.py
Lib/socket.py
.py .js
Lib/socket.pyc
Lib/sre.py
Lib/sre_compile.py
Lib/sre_compile.pyc
Lib/sre_constants.py
Lib/sre_constants.pyc
Lib/sre_parse.py
Lib/sre_parse.pyc
Lib/ssl.py
.py .js
Lib/ssl.pyc
Lib/stat.py
Lib/stat.pyc
Lib/statvfs.py
Lib/string.py
Lib/string.pyc
Lib/stringold.py
Lib/stringprep.py
Lib/stringprep.pyc
Lib/struct.py
Lib/struct.pyc
Lib/subprocess.py
Lib/subprocess.pyc
Lib/sunau.py
Lib/sunaudio.py
Lib/symbol.py
Lib/symtable.py
Lib/sysconfig.py
Lib/sysconfig.pyc
Lib/tabnanny.py
Lib/tarfile.py
Lib/tarfile.pyc
Lib/telnetlib.py
Lib/tempfile.py
Lib/tempfile.pyc
Lib/textwrap.py
Lib/textwrap.pyc
Lib/this.py
Lib/threading.py
Lib/threading.pyc
Lib/timeit.py
Lib/toaiff.py
Lib/token.py
Lib/token.pyc
Lib/tokenize.py
Lib/tokenize.pyc
Lib/trace.py
.py .sh linux
Lib/traceback.py
Lib/traceback.pyc
Lib/tty.py
Lib/types.py
Lib/types.pyc
Lib/urllib.py
Lib/urllib.pyc
Lib/urllib2.py
.py .js
Lib/urllib2.pyc
Lib/urlparse.py
Lib/urlparse.pyc
Lib/user.py
Lib/uu.py
Lib/uu.pyc
Lib/uuid.py
Lib/warnings.py
Lib/warnings.pyc
Lib/wave.py
Lib/weakref.py
Lib/weakref.pyc
Lib/webbrowser.py
Lib/whichdb.py
Lib/xdrlib.py
Lib/xmllib.py
Lib/xmlrpclib.py
Lib/xmlrpclib.pyc
Lib/zipfile.py
Lib/zipfile.pyc
Microsoft.VC90.CRT.manifest
Run-PYC-1.txt
msvcr90.dll
.dll windows:5 windows x64 arch:x64

78d931040351d53199b8eea44e33c764

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:c5:c1:43:6e:9f:85:77:8a:5e:52:55:a2:2d:ee:8b:68:2b:78:ed
Signer

Actual PE Digest

4b:c5:c1:43:6e:9f:85:77:8a:5e:52:55:a2:2d:ee:8b:68:2b:78:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msvcr90.amd64.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
FlsSetValue
FlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
EncodePointer
DecodePointer
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetDateFormatA
GetTimeFormatA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapSetInformation
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileA
FlushFileBuffers
CreatePipe
CreateFileW
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetEndOfFile
GetProcessHeap
GetFileInformationByHandle
PeekNamedPipe
LockFile
UnlockFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetStringTypeA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryW

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QEAA@AEBV01@@Z
??0__non_rtti_object@std@@QEAA@PEBD@Z
??0bad_cast@std@@AEAA@PEBQEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_typeid@std@@QEAA@AEBV01@@Z
??0bad_typeid@std@@QEAA@PEBD@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@XZ
??1__non_rtti_object@std@@UEAA@XZ
??1bad_cast@std@@UEAA@XZ
??1bad_typeid@std@@UEAA@XZ
??1exception@std@@UEAA@XZ
??1type_info@@UEAA@XZ
??2@YAPEAX_K@Z
??2@YAPEAX_KHPEBDH@Z
??3@YAXPEAX@Z
??4__non_rtti_object@std@@QEAAAEAV01@AEBV01@@Z
??4bad_cast@std@@QEAAAEAV01@AEBV01@@Z
??4bad_typeid@std@@QEAAAEAV01@AEBV01@@Z
??4exception@std@@QEAAAEAV01@AEBV01@@Z
??8type_info@@QEBA_NAEBV0@@Z
??9type_info@@QEBA_NAEBV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QEAAXXZ
??_Fbad_typeid@std@@QEAAXXZ
??_U@YAPEAX_K@Z
??_U@YAPEAX_KHPEBDH@Z
??_V@YAXPEAX@Z
?_Name_base@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPEAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPEAV1@@Z
?_ValidateExecute@@YAHP6A_JXZ@Z
?_ValidateRead@@YAHPEBXI@Z
?_ValidateWrite@@YAHPEAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPEBG00I_K@Z
?_is_exception_typeof@@YAHAEBVtype_info@@PEAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?_open@@YAHPEBDHH@Z
?_query_new_handler@@YAP6AH_K@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AH_K@ZH@Z
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPEBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?_wopen@@YAHPEB_WHH@Z
?_wsopen@@YAHPEB_WHHH@Z
?before@type_info@@QEBAHAEBV1@@Z
?name@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?raw_name@type_info@@QEBAPEBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@std@@UEBAPEBDXZ
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_SetImageBase
_SetThrowImageBase
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__crt_debugger_hook
__daylight
__dllonexit
__doserrno
__dstbias
__fls_getvalue
__fls_setvalue
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abs64
_access
_access_s
_acmdln
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flsbuf
_flushall
_fmode
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initptd
_initterm
_initterm_e
_invalid_parameter
_invalid_parameter_noinfo
_invoke_watson
_iob
_isalnum_l
_isalpha_l
_isatty
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l

Sections

.text
Size: 475KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
python27.dll
.dll windows:5 windows x64 arch:x64

172215d4ee4fc38159b3f12b922e76e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\build27\cpython\PCBuild\amd64\python27.pdb

Imports

kernel32

FindFirstFileW
SystemTimeToFileTime
SetEnvironmentVariableW
CreateDirectoryW
WaitForSingleObject
GetFileAttributesExA
GenerateConsoleCtrlEvent
SetFileTime
GetProcessTimes
OpenProcess
GetFileAttributesA
GetExitCodeProcess
GetFileAttributesW
CreateProcessA
TerminateProcess
CreateFileW
GetEnvironmentVariableA
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetCurrentDirectoryW
SetLastError
MoveFileW
RemoveDirectoryA
SetFileAttributesA
FindClose
GetFileType
MoveFileA
SetCurrentDirectoryW
RemoveDirectoryW
CreatePipe
SetEnvironmentVariableA
GetModuleFileNameA
FindNextFileA
FindNextFileW
GetCurrentDirectoryA
GetFileAttributesExW
GetVersion
CreateFileA
GetFileInformationByHandle
GetSystemTime
SetFileAttributesW
DeleteFileA
SetEvent
Sleep
CreateEventA
ResetEvent
SetConsoleCtrlHandler
WideCharToMultiByte
IsDBCSLeadByte
MultiByteToWideChar
GetStdHandle
GetProcAddress
GetModuleHandleA
ExpandEnvironmentStringsW
GetModuleHandleW
OutputDebugStringA
SetErrorMode
FreeLibrary
FormatMessageA
LoadLibraryExA
LocalFree
OutputDebugStringW
GetConsoleCP
GetConsoleOutputCP
GetVersionExA
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
TlsSetValue
GetCurrentThreadId
TlsAlloc
TlsFree
GetCurrentProcessId
GetTickCount
RtlCaptureContext
GetFullPathNameA
GetFullPathNameW
CloseHandle
DuplicateHandle
GetSystemInfo
CreateFileMappingA
GetLastError
FlushViewOfFile
GetCurrentProcess
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
GetACP
GetLocaleInfoA
QueryPerformanceFrequency
DeleteFileW
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime

user32

CharPrevA
LoadStringA

advapi32

RegCloseKey
RegConnectRegistryA
RegFlushKey
RegLoadKeyA
RegEnumValueA
RegSaveKeyA
RegQueryValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegSetValueA
CryptReleaseContext

shell32

ShellExecuteA
ShellExecuteW

msvcr90

strchr
free
malloc
ungetc
fflush
fgetc
fopen
isdigit
fwrite
fclose
_finite
wcscoll
localeconv
strcoll
isalpha
isupper
islower
fprintf
strxfrm
_errno
_copysign
_isnan
_HUGE
_time64
sprintf
isalnum
tolower
realloc
isspace
fread
ferror
clearerr
memchr
ldexp
feof
strtol
getc
_gmtime64
modf
_localtime64
_fstat64i32
strerror
__iob_func
strtok
setvbuf
_setmode
getenv
sqrt
cos
ceil
tanh
sinh
tan
cosh
acos
floor
frexp
atan
exp
fabs
asin
sin
_get_osfhandle
abort
_stricmp
tmpfile
_wcsicmp
strncat
_lseeki64
_environ
_tempnam
_wopen
tmpnam
strncmp
_msize
_cwait
__pioinfo
_spawnve
system
_exit
strncpy
wcsrchr
_spawnv
_commit
strrchr
_open_osfhandle
wcsncmp
_stat64i32
_fdopen
toupper
_mktime64
clock
_ftime64
strftime
ftell
fseek
_snprintf
wcstombs
fgetpos
_wfopen
fsetpos
fgets
_fileno
fputc
isxdigit
printf
exit
strstr
atoi
_mbstrlen
_getche
_getwch
_putch
_locking
_heapmin
_ungetch
_getwche
_kbhit
_putwch
_getch
__sys_nerr
__sys_errlist
putc
_vsnprintf
strpbrk
rewind
signal
strtoul
vfprintf
_endthreadex
_beginthreadex
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
fputs
memmove
memcpy
memcmp
pow
atan2
log
log10
setlocale
_getcwd
_hypot
_isatty
_lseek
_execve
_putenv
_read
_umask
_close
_open
_getpid
_dup
_execv
_write
_dup2
_tzset
_tzname
_timezone
_daylight
_strdup
_strnicmp
_unlink
memset
fmod

Exports

Exports

PyAST_Compile
PyAST_FromNode
PyArena_AddPyObject
PyArena_Free
PyArena_Malloc
PyArena_New
PyArg_Parse
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
PyArg_VaParse
PyArg_VaParseTupleAndKeywords
PyBaseObject_Type
PyBaseString_Type
PyBool_FromLong
PyBool_Type
PyBuffer_FillContiguousStrides
PyBuffer_FillInfo
PyBuffer_FromContiguous
PyBuffer_FromMemory
PyBuffer_FromObject
PyBuffer_FromReadWriteMemory
PyBuffer_FromReadWriteObject
PyBuffer_GetPointer
PyBuffer_IsContiguous
PyBuffer_New
PyBuffer_Release
PyBuffer_ToContiguous
PyBuffer_Type
PyByteArrayIter_Type
PyByteArray_AsString
PyByteArray_Concat
PyByteArray_Fini
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyByteArray_Init
PyByteArray_Resize
PyByteArray_Size
PyByteArray_Type
PyCFunction_Call
PyCFunction_ClearFreeList
PyCFunction_Fini
PyCFunction_GetFlags
PyCFunction_GetFunction
PyCFunction_GetSelf
PyCFunction_New
PyCFunction_NewEx
PyCFunction_Type
PyCObject_AsVoidPtr
PyCObject_FromVoidPtr
PyCObject_FromVoidPtrAndDesc
PyCObject_GetDesc
PyCObject_Import
PyCObject_SetVoidPtr
PyCObject_Type
PyCallIter_New
PyCallIter_Type
PyCallable_Check
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_Import
PyCapsule_IsValid
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetDestructor
PyCapsule_SetName
PyCapsule_SetPointer
PyCapsule_Type
PyCell_Get
PyCell_New
PyCell_Set
PyCell_Type
PyClassMethod_New
PyClassMethod_Type
PyClass_IsSubclass
PyClass_New
PyClass_Type
PyCode_Addr2Line
PyCode_New
PyCode_NewEmpty
PyCode_Optimize
PyCode_Type
PyCodec_BackslashReplaceErrors
PyCodec_Decode
PyCodec_Decoder
PyCodec_Encode
PyCodec_Encoder
PyCodec_IgnoreErrors
PyCodec_IncrementalDecoder
PyCodec_IncrementalEncoder
PyCodec_LookupError
PyCodec_Register
PyCodec_RegisterError
PyCodec_ReplaceErrors
PyCodec_StreamReader
PyCodec_StreamWriter
PyCodec_StrictErrors
PyCodec_XMLCharRefReplaceErrors
PyComplex_AsCComplex
PyComplex_FromCComplex
PyComplex_FromDoubles
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyDescr_NewMember
PyDescr_NewMethod
PyDescr_NewWrapper
PyDictItems_Type
PyDictIterItem_Type
PyDictIterKey_Type
PyDictIterValue_Type
PyDictKeys_Type
PyDictProxy_New
PyDictProxy_Type
PyDictValues_Type
PyDict_Clear
PyDict_Contains
PyDict_Copy
PyDict_DelItem
PyDict_DelItemString
PyDict_Fini
PyDict_GetItem
PyDict_GetItemString
PyDict_Items
PyDict_Keys
PyDict_Merge
PyDict_MergeFromSeq2
PyDict_New
PyDict_Next
PyDict_SetItem
PyDict_SetItemString
PyDict_Size
PyDict_Type
PyDict_Update
PyDict_Values
PyEllipsis_Type
PyEnum_Type
PyErr_BadArgument
PyErr_BadInternalCall
PyErr_CheckSignals
PyErr_Clear
PyErr_Display
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_GivenExceptionMatches
PyErr_NewException
PyErr_NewExceptionWithDoc
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Print
PyErr_PrintEx
PyErr_ProgramText
PyErr_Restore
PyErr_SetExcFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilename
PyErr_SetExcFromWindowsErrWithFilenameObject
PyErr_SetExcFromWindowsErrWithUnicodeFilename
PyErr_SetFromErrno
PyErr_SetFromErrnoWithFilename
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrnoWithUnicodeFilename
PyErr_SetFromWindowsErr
PyErr_SetFromWindowsErrWithFilename
PyErr_SetFromWindowsErrWithUnicodeFilename
PyErr_SetInterrupt
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_SyntaxLocation
PyErr_Warn
PyErr_WarnEx
PyErr_WarnExplicit
PyErr_WriteUnraisable
PyEval_AcquireLock
PyEval_AcquireThread
PyEval_CallFunction
PyEval_CallMethod
PyEval_CallObjectWithKeywords
PyEval_EvalCode
PyEval_EvalCodeEx
PyEval_EvalFrame
PyEval_EvalFrameEx
PyEval_GetBuiltins
PyEval_GetCallStats
PyEval_GetFrame
PyEval_GetFuncDesc
PyEval_GetFuncName
PyEval_GetGlobals
PyEval_GetLocals
PyEval_GetRestricted
PyEval_InitThreads
PyEval_MergeCompilerFlags
PyEval_ReInitThreads
PyEval_ReleaseLock
PyEval_ReleaseThread
PyEval_RestoreThread
PyEval_SaveThread
PyEval_SetProfile
PyEval_SetTrace
PyEval_ThreadsInitialized
PyExc_ArithmeticError
PyExc_AssertionError
PyExc_AttributeError
PyExc_BaseException
PyExc_BufferError
PyExc_BytesWarning
PyExc_DeprecationWarning
PyExc_EOFError
PyExc_EnvironmentError
PyExc_Exception
PyExc_FloatingPointError
PyExc_FutureWarning
PyExc_GeneratorExit
PyExc_IOError
PyExc_ImportError
PyExc_ImportWarning
PyExc_IndentationError
PyExc_IndexError
PyExc_KeyError
PyExc_KeyboardInterrupt
PyExc_LookupError
PyExc_MemoryError
PyExc_MemoryErrorInst
PyExc_NameError
PyExc_NotImplementedError
PyExc_OSError
PyExc_OverflowError
PyExc_PendingDeprecationWarning
PyExc_RecursionErrorInst
PyExc_ReferenceError
PyExc_RuntimeError
PyExc_RuntimeWarning
PyExc_StandardError
PyExc_StopIteration
PyExc_SyntaxError
PyExc_SyntaxWarning
PyExc_SystemError
PyExc_SystemExit
PyExc_TabError
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_UnicodeDecodeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_UnicodeTranslateError
PyExc_UnicodeWarning
PyExc_UserWarning
PyExc_ValueError
PyExc_Warning
PyExc_WindowsError
PyExc_ZeroDivisionError
PyFile_AsFile
PyFile_DecUseCount
PyFile_FromFile
PyFile_FromString
PyFile_GetLine
PyFile_IncUseCount
PyFile_Name
PyFile_SetBufSize
PyFile_SetEncoding
PyFile_SetEncodingAndErrors
PyFile_SoftSpace
PyFile_Type
PyFile_WriteObject
PyFile_WriteString
PyFloat_AsDouble
PyFloat_AsReprString
PyFloat_AsString
PyFloat_ClearFreeList
PyFloat_Fini
PyFloat_FromDouble
PyFloat_FromString
PyFloat_GetInfo
PyFloat_GetMax
PyFloat_GetMin
PyFloat_Type
PyFrame_BlockPop
PyFrame_BlockSetup
PyFrame_ClearFreeList
PyFrame_FastToLocals
PyFrame_Fini
PyFrame_GetLineNumber
PyFrame_LocalsToFast
PyFrame_New
PyFrame_Type
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetClosure
PyFunction_GetCode
PyFunction_GetDefaults
PyFunction_GetGlobals
PyFunction_GetModule
PyFunction_New
PyFunction_SetClosure
PyFunction_SetDefaults
PyFunction_Type
PyFuture_FromAST
PyGC_Collect
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyGen_NeedsFinalizing
PyGen_New
PyGen_Type
PyGetSetDescr_Type
PyImport_AddModule
PyImport_AppendInittab
PyImport_Cleanup
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_ExtendInittab
PyImport_FrozenModules
PyImport_GetImporter
PyImport_GetMagicNumber
PyImport_GetModuleDict
PyImport_Import
PyImport_ImportFrozenModule
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleNoBlock
PyImport_Inittab
PyImport_ReloadModule
PyInstance_New
PyInstance_NewRaw
PyInstance_Type
PyInt_AsLong
PyInt_AsSsize_t
PyInt_AsUnsignedLongLongMask
PyInt_AsUnsignedLongMask
PyInt_ClearFreeList
PyInt_Fini
PyInt_FromLong
PyInt_FromSize_t
PyInt_FromSsize_t
PyInt_FromString
PyInt_FromUnicode
PyInt_GetMax
PyInt_Type
PyInterpreterState_Clear
PyInterpreterState_Delete
PyInterpreterState_Head
PyInterpreterState_New
PyInterpreterState_Next
PyInterpreterState_ThreadHead
PyIter_Next
PyList_Append
PyList_AsTuple
PyList_Fini
PyList_GetItem
PyList_GetSlice
PyList_Insert
PyList_New
PyList_Reverse
PyList_SetItem
PyList_SetSlice
PyList_Size
PyList_Sort
PyList_Type
PyLong_AsDouble
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsLongLong
PyLong_AsLongLongAndOverflow
PyLong_AsSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyLong_AsUnsignedLongMask
PyLong_AsVoidPtr
PyLong_FromDouble
PyLong_FromLong
PyLong_FromLongLong
PyLong_FromSize_t
PyLong_FromSsize_t
PyLong_FromString
PyLong_FromUnicode
PyLong_FromUnsignedLong
PyLong_FromUnsignedLongLong
PyLong_FromVoidPtr
PyLong_GetInfo
PyLong_Type
PyMapping_Check
PyMapping_GetItemString
PyMapping_HasKey
PyMapping_HasKeyString
PyMapping_Length
PyMapping_SetItemString
PyMapping_Size
PyMarshal_ReadLastObjectFromFile
PyMarshal_ReadLongFromFile
PyMarshal_ReadObjectFromFile
PyMarshal_ReadObjectFromString
PyMarshal_ReadShortFromFile
PyMarshal_WriteLongToFile
PyMarshal_WriteObjectToFile
PyMarshal_WriteObjectToString
PyMem_Free
PyMem_Malloc
PyMem_Realloc
PyMemberDescr_Type
PyMember_Get
PyMember_GetOne
PyMember_Set
PyMember_SetOne
PyMemoryView_FromBuffer
PyMemoryView_FromObject
PyMemoryView_GetContiguous
PyMemoryView_Type
PyMethod_Class
PyMethod_ClearFreeList
PyMethod_Fini
PyMethod_Function
PyMethod_New
PyMethod_Self
PyMethod_Type
PyModule_AddIntConstant
PyModule_AddObject
PyModule_AddStringConstant
PyModule_GetDict
PyModule_GetFilename
PyModule_GetName
PyModule_New
PyModule_Type
PyNode_AddChild
PyNode_Compile
PyNode_Free
PyNode_ListTree
PyNode_New
PyNullImporter_Type
PyNumber_Absolute
PyNumber_Add
PyNumber_And
PyNumber_AsSsize_t
PyNumber_Check
PyNumber_Coerce
PyNumber_CoerceEx
PyNumber_Divide
PyNumber_Divmod
PyNumber_Float
PyNumber_FloorDivide
PyNumber_InPlaceAdd
PyNumber_InPlaceAnd
PyNumber_InPlaceDivide
PyNumber_InPlaceFloorDivide
PyNumber_InPlaceLshift
PyNumber_InPlaceMultiply
PyNumber_InPlaceOr
PyNumber_InPlacePower
PyNumber_InPlaceRemainder
PyNumber_InPlaceRshift
PyNumber_InPlaceSubtract
PyNumber_InPlaceTrueDivide
PyNumber_InPlaceXor
PyNumber_Index
PyNumber_Int
PyNumber_Invert
PyNumber_Long
PyNumber_Lshift
PyNumber_Multiply
PyNumber_Negative
PyNumber_Or
PyNumber_Positive
PyNumber_Power
PyNumber_Remainder
PyNumber_Rshift
PyNumber_Subtract
PyNumber_ToBase
PyNumber_TrueDivide
PyNumber_Xor
PyOS_AfterFork
PyOS_FiniInterrupts
PyOS_InitInterrupts
PyOS_InputHook
PyOS_InterruptOccurred
PyOS_Readline
PyOS_ReadlineFunctionPointer
PyOS_ascii_atof
PyOS_ascii_formatd
PyOS_ascii_strtod
PyOS_double_to_string
PyOS_getsig
PyOS_mystricmp
PyOS_mystrnicmp
PyOS_setsig
PyOS_snprintf
PyOS_string_to_double
PyOS_strtol
PyOS_strtoul
PyOS_vsnprintf
PyObject_AsCharBuffer
PyObject_AsFileDescriptor
PyObject_AsReadBuffer
PyObject_AsWriteBuffer
PyObject_Call

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 427KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pythonw.exe
.exe windows:5 windows x64 arch:x64

43620a8d832b69b4d682344304996bb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\build27\cpython\PCBuild\amd64\pythonw.pdb

Imports

python27

Py_Main

msvcr90

__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
_configthreadlocale
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_amsg_exit
__argc
__argv
__crt_debugger_hook

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
Sleep
GetCurrentProcessId

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tmp1463.pyc

Sharing

General

Malware Config

Signatures

Files

d2a6801f784181898580963468a46355

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

python27

msvcr90

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 14KB - Virtual size: 15KB

.pdata Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

78d931040351d53199b8eea44e33c764

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

4b:c5:c1:43:6e:9f:85:77:8a:5e:52:55:a2:2d:ee:8b:68:2b:78:edSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 475KB - Virtual size: 474KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 15KB - Virtual size: 25KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 3KB - Virtual size: 2KB

172215d4ee4fc38159b3f12b922e76e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcr90

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 427KB - Virtual size: 555KB

.pdata Size: 114KB - Virtual size: 113KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 30KB

43620a8d832b69b4d682344304996bb6

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 14KB - Virtual size: 15KB

.pdata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

4b:c5:c1:43:6e:9f:85:77:8a:5e:52:55:a2:2d:ee:8b:68:2b:78:ed
Signer

.text
Size: 475KB - Virtual size: 474KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 15KB - Virtual size: 25KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 427KB - Virtual size: 555KB

.pdata
Size: 114KB - Virtual size: 113KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 30KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 192B

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 60B