Optimze[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Optimze.zip
Size

78.0MB
MD5

7bea08cd254233ee422460961f256dc1
SHA1

25dbc0b9a7e973dce990c13dbb1b441cdff5c22b
SHA256

108dc4f00b0e2578673796d5d27cce40ed54ccba875c2fe92a3c14da714b3dd6
SHA512

5af377a3f6f44f1547b2e3e2694ef1e7c55f92ea9810df7909ea7a61821a18d11a03ef97e880c56b846ce3f1cdc15ceff0365bd97de089f70827834b4b84d80c
SSDEEP

1572864:vTLRToPlNN3gyQHSQQBOqBzVgphtVRU5dlQkAIgcbB/eABBiI/eRtQ4FVUrKGp:79cnVjQhS4hAXQkxB2fM4vdGp

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/Optimze/AutoGpuAffinity/AutoGpuAffinity.exe	pyinstaller

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Optimze/AutoGpuAffinity/AutoGpuAffinity.exe
unpack001/Optimze/AutoGpuAffinity/bin/PresentMon/PresentMon-1.6.0-x64.exe
unpack001/Optimze/AutoGpuAffinity/bin/PresentMon/PresentMon-1.8.0-x64.exe
unpack001/Optimze/AutoGpuAffinity/bin/liblava/lava-triangle.exe
unpack001/Optimze/AutoGpuAffinity/bin/restart64/restart64.exe

Files

Optimze.zip
.zip
Optimze/68WAntiLagApp.exe
.exe windows:4 windows x64 arch:x64

Code Sign

57:ea:3a:b0:e2:30:ae:a8:4d:78:68:58:fa:74:98:85
Certificate

Issuer

CN=AmbitiousPilots 68Whiskey

Not Before

04/10/2020, 18:40

Not After

04/10/2021, 19:00

Subject

CN=AmbitiousPilots 68Whiskey

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:cb:0d:f7:df:ed:54:e6:f8:ec:16:95:97:fc:e1:e7:31:e4:5a:c1
Signer

Actual PE Digest

27:cb:0d:f7:df:ed:54:e6:f8:ec:16:95:97:fc:e1:e7:31:e4:5a:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\App Development\_Dev\68WAntiLag\68WAntiLagApp\68WAntiLagApp\obj\x64\Release\68WAntiLagApp.pdb

Sections

.text
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Optimze/AutoGpuAffinity/AutoGpuAffinity.exe
.exe windows:5 windows x64 arch:x64

ba5546933531fafa869b1f86a4e2a959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
FreeLibrary
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
SetEndOfFile

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGpuAffinity.pyc
Optimze/AutoGpuAffinity/bin/PresentMon/LICENSE.txt
Optimze/AutoGpuAffinity/bin/PresentMon/PresentMon-1.6.0-x64.exe
.exe windows:6 windows x64 arch:x64

17f3247fa6593e2577a42f20ebffdf43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\PresentMon\build\Release\PresentMon-1.6.0-x64.pdb

Imports

advapi32

ProcessTrace
CloseTrace
StartTraceA
ControlTraceW
EnableTraceEx2
OpenTraceA
ControlTraceA

shell32

ShellExecuteExA

shlwapi

PathFindFileNameA

user32

DefWindowProcW
GetKeyState
GetMessageExtraInfo
PostMessageW
GetMessageW
CreateWindowExW
UnregisterClassW
RegisterClassExW
DispatchMessageW
SetTimer
RegisterHotKey
TranslateMessage
KillTimer
SendInput
DestroyWindow

kernel32

CreateFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleScreenBufferInfo
GetStdHandle
WriteConsoleOutputCharacterA
SetConsoleCursorPosition
SetThreadPriority
GetCurrentThread
SetConsoleCtrlHandler
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OpenProcess
QueryFullProcessImageNameA
CloseHandle
DeleteCriticalSection
QueryPerformanceCounter
GetExitCodeProcess
GetModuleFileNameA
GetCurrentProcess
WaitForSingleObject
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
VerSetConditionMask
VerifyVersionInfoW
GetCurrentThreadId
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
TryEnterCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
WriteConsoleW
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
TlsGetValue
FindNextFileA
FindFirstFileExA
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitThread
GetModuleHandleExW
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
HeapSize
FindClose

tdh

TdhGetPropertySize
TdhGetEventInformation

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Optimze/AutoGpuAffinity/bin/PresentMon/PresentMon-1.8.0-x64.exe
.exe windows:6 windows x64 arch:x64

75084f6bf4795dbe05bb5df4da31989c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\etw\PresentMon\build\Release\PresentMon-1.8.0-x64.pdb

Imports

kernel32

GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
WriteConsoleOutputCharacterA
SetConsoleCursorPosition
SetThreadPriority
GetCurrentThread
SetConsoleCtrlHandler
LoadLibraryExA
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OpenProcess
QueryFullProcessImageNameA
CloseHandle
DeleteCriticalSection
QueryPerformanceCounter
GetExitCodeProcess
GetModuleFileNameA
GetCurrentProcess
WaitForSingleObject
GetLastError
GetProcAddress
FreeLibrary
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
ReadConsoleW
RtlUnwindEx
RtlPcToFileHeader
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
HeapSize
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadFile

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Optimze/AutoGpuAffinity/bin/liblava/LICENSE.txt
Optimze/AutoGpuAffinity/bin/liblava/lava-triangle.exe
.exe windows:6 windows x64 arch:x64

75c7f84229e7c3ee0423b0f2b28ab3f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVolumeInformationA
CloseHandle
GetLastError
SetErrorMode
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
GetCurrentProcess
CreateThread
GetCurrentThreadId
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
FreeConsole
GetFileAttributesA
Sleep
GetCurrentProcessId
GetDynamicTimeZoneInformation
GetStdHandle
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetThreadExecutionState
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
SetFilePointer
GetSystemTimeAsFileTime
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
SetLastError
AreFileApisANSI
GetFileInformationByHandle
FindFirstFileExW
GetCurrentDirectoryW
FormatMessageA
LocalFree
WriteFile
RemoveDirectoryW
ReadFile
GetFileAttributesExW
InitializeSListHead
GetDriveTypeA
FlushFileBuffers
GetFileSize
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
FormatMessageW
GlobalAlloc

user32

GetPropW
ReleaseDC
RemovePropW
GetClientRect
AdjustWindowRectEx
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
WindowFromPoint
ClipCursor
SetRect
PtInRect
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ToUnicode
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongPtrW
SetWindowLongW
SetPropW
GetDC
SetForegroundWindow
GetSystemMetrics
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
UnregisterClassA
RegisterClassExA
CreateWindowExA
DestroyWindow
TrackMouseEvent
PeekMessageW
GetMessageTime
SendMessageW
WaitMessage
UnregisterClassW
RegisterClassExW
GetWindowLongW
CreateWindowExW
ShowWindow
GetLayeredWindowAttributes
SetLayeredWindowAttributes
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
SetFocus
GetActiveWindow
GetKeyState
MapVirtualKeyW
SetCapture
ReleaseCapture

gdi32

CreateDIBSection
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
DeleteObject
CreateDCW
DeleteDC
GetDeviceCaps
SetDeviceGammaRamp
SwapBuffers
CreateBitmap
CreateRectRgn

shell32

DragQueryFileW
DragAcceptFiles
DragFinish
DragQueryPoint
SHGetFolderPathW

advapi32

OpenProcessToken

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_signal
_Cnd_destroy_in_situ
_Thrd_id
_Thrd_join
?id@?$numpunct@D@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exceptions@std@@YAHXZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

vcruntime140

__current_exception
__current_exception_context
strrchr
strchr
_purecall
strstr
memset
memmove
memcpy
memcmp
memchr
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_configure_narrow_argv
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
terminate
_initialize_narrow_environment
strerror_s
_errno

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
_aligned_free
realloc
_aligned_realloc
calloc
_aligned_malloc
malloc
free

api-ms-win-crt-string-l1-1-0

strspn
strcmp
strncmp
strcspn
strncpy
isdigit

api-ms-win-crt-stdio-l1-1-0

feof
fopen_s
__p__commode
_set_fmode
ferror
fgetc
ungetc
_get_stream_buffer_pointers
fgetpos
fputc
fsetpos
__stdio_common_vsscanf
__stdio_common_vsprintf
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
_fseeki64
_fsopen
setvbuf
__stdio_common_vsnprintf_s
__stdio_common_vfprintf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

ldexp
tanf
powf
_ldclass
_fdclass
_ldsign
sqrtf
sinf
floorf
_fdsign
cosf
ceilf
_dsign
acosf
_dclass
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtoull
strtoul
strtol
strtoll
strtod

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

strftime
_mktime64
_gmtime64_s
_localtime64_s

Exports

Exports

PHYSFS_addToSearchPath
PHYSFS_caseFold
PHYSFS_close
PHYSFS_deinit
PHYSFS_delete
PHYSFS_deregisterArchiver
PHYSFS_enumerate
PHYSFS_enumerateFiles
PHYSFS_enumerateFilesCallback
PHYSFS_eof
PHYSFS_exists
PHYSFS_fileLength
PHYSFS_flush
PHYSFS_freeList
PHYSFS_getAllocator
PHYSFS_getBaseDir
PHYSFS_getCdRomDirs
PHYSFS_getCdRomDirsCallback
PHYSFS_getDirSeparator
PHYSFS_getErrorByCode
PHYSFS_getLastError
PHYSFS_getLastErrorCode
PHYSFS_getLastModTime
PHYSFS_getLinkedVersion
PHYSFS_getMountPoint
PHYSFS_getPrefDir
PHYSFS_getRealDir
PHYSFS_getSearchPath
PHYSFS_getSearchPathCallback
PHYSFS_getUserDir
PHYSFS_getWriteDir
PHYSFS_init
PHYSFS_isDirectory
PHYSFS_isInit
PHYSFS_isSymbolicLink
PHYSFS_mkdir
PHYSFS_mount
PHYSFS_mountHandle
PHYSFS_mountIo
PHYSFS_mountMemory
PHYSFS_openAppend
PHYSFS_openRead
PHYSFS_openWrite
PHYSFS_permitSymbolicLinks
PHYSFS_read
PHYSFS_readBytes
PHYSFS_readSBE16
PHYSFS_readSBE32
PHYSFS_readSBE64
PHYSFS_readSLE16
PHYSFS_readSLE32
PHYSFS_readSLE64
PHYSFS_readUBE16
PHYSFS_readUBE32
PHYSFS_readUBE64
PHYSFS_readULE16
PHYSFS_readULE32
PHYSFS_readULE64
PHYSFS_registerArchiver
PHYSFS_removeFromSearchPath
PHYSFS_seek
PHYSFS_setAllocator
PHYSFS_setBuffer
PHYSFS_setErrorCode
PHYSFS_setRoot
PHYSFS_setSaneConfig
PHYSFS_setWriteDir
PHYSFS_stat
PHYSFS_supportedArchiveTypes
PHYSFS_swapSBE16
PHYSFS_swapSBE32
PHYSFS_swapSBE64
PHYSFS_swapSLE16
PHYSFS_swapSLE32
PHYSFS_swapSLE64
PHYSFS_swapUBE16
PHYSFS_swapUBE32
PHYSFS_swapUBE64
PHYSFS_swapULE16
PHYSFS_swapULE32
PHYSFS_swapULE64
PHYSFS_symbolicLinksPermitted
PHYSFS_tell
PHYSFS_ucs4stricmp
PHYSFS_unmount
PHYSFS_utf16stricmp
PHYSFS_utf8FromLatin1
PHYSFS_utf8FromUcs2
PHYSFS_utf8FromUcs4
PHYSFS_utf8FromUtf16
PHYSFS_utf8ToUcs2
PHYSFS_utf8ToUcs4
PHYSFS_utf8ToUtf16
PHYSFS_utf8stricmp
PHYSFS_write
PHYSFS_writeBytes
PHYSFS_writeSBE16
PHYSFS_writeSBE32
PHYSFS_writeSBE64
PHYSFS_writeSLE16
PHYSFS_writeSLE32
PHYSFS_writeSLE64
PHYSFS_writeUBE16
PHYSFS_writeUBE32
PHYSFS_writeUBE64
PHYSFS_writeULE16
PHYSFS_writeULE32
PHYSFS_writeULE64

Sections

.text
Size: 822KB - Virtual size: 821KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Optimze/AutoGpuAffinity/bin/liblava/res.zip
.zip
font/gui/Roboto-Regular.ttf
font/icon/fa-solid-900.ttf
icon.png
.png
lamp/fragment.spirv
lamp/vertex.spirv
spawn/fragment.spirv
spawn/lava-spawn-game.mtl
spawn/lava-spawn-game.obj
spawn/vertex.spirv
triangle/fragment.spirv
triangle/vertex.spirv
Optimze/AutoGpuAffinity/bin/restart64/LICENSE.TXT
Optimze/AutoGpuAffinity/bin/restart64/restart64.exe
.exe windows:5 windows x64 arch:x64

2a69fe822ced9bf301916c1307e497a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSize
HeapReAlloc
CompareStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
SetStdHandle
GetStringTypeW
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
WriteConsoleW
CreateFileW
IsWow64Process
GetModuleFileNameW
Sleep
CreateProcessW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetStartupInfoW
TerminateProcess
OpenProcess
GetCurrentProcess
QueryPerformanceCounter
GetFileType
SetHandleCount
LCMapStringW
EnterCriticalSection
GetLastError
HeapFree
HeapAlloc
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
DecodePointer
HeapSetInformation
GetVersion
HeapCreate
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FlushFileBuffers

user32

SetWindowPlacement
GetWindowRect
EnumWindows
GetWindowPlacement
SetWindowPos
ShowWindow
IsWindowVisible
SetForegroundWindow
DialogBoxParamW
OpenInputDesktop
FindWindowW
GetClientRect
CloseDesktop
EndDialog
FindWindowExW
MessageBoxW
UnregisterHotKey
RegisterHotKey
GetWindowThreadProcessId
GetShellWindow
PostMessageW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegRenameKey
RegDeleteTreeW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
CreateProcessWithTokenW
OpenProcessToken
RegSetValueExW

setupapi

SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623201726/CSVs/CPU-0.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623201726/CSVs/CPU-1.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623201726/CSVs/CPU-2.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623201726/CSVs/CPU-3.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623201726/CSVs/CPU-4.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623201726/CSVs/CPU-5.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623201726/CSVs/CPU-6.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623201726/CSVs/CPU-7.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623203844/CSVs/CPU-0.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623203844/CSVs/CPU-1.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623203844/CSVs/CPU-2.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623203844/CSVs/CPU-3.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623203844/CSVs/CPU-4.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623203844/CSVs/CPU-5.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623203844/CSVs/CPU-6.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-020623203844/CSVs/CPU-7.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623100500/CSVs/CPU-0.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623100500/CSVs/CPU-1.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623100500/CSVs/CPU-2.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623100500/CSVs/CPU-3.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623100500/CSVs/CPU-4.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623100500/CSVs/CPU-5.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623100500/CSVs/CPU-6.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623100500/CSVs/CPU-7.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623104357/CSVs/CPU-0.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623104357/CSVs/CPU-1.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623104357/CSVs/CPU-2.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623104357/CSVs/CPU-3.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623104357/CSVs/CPU-4.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623104357/CSVs/CPU-5.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623104357/CSVs/CPU-6.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623104357/CSVs/CPU-7.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623112716/CSVs/CPU-0.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623112716/CSVs/CPU-1.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623112716/CSVs/CPU-2.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623112716/CSVs/CPU-3.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623112716/CSVs/CPU-4.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623112716/CSVs/CPU-5.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623112716/CSVs/CPU-6.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-030623112716/CSVs/CPU-7.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-0.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-1.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-10.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-11.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-2.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-3.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-4.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-5.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-6.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-7.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-8.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-170224085636/CSVs/CPU-9.csv
Optimze/AutoGpuAffinity/captures/AutoGpuAffinity-300523181320/CSVs/CPU-0.csv

Sharing

General

Malware Config

Signatures

Files

Code Sign

57:ea:3a:b0:e2:30:ae:a8:4d:78:68:58:fa:74:98:85Certificate

Extended Key Usages

Key Usages

27:cb:0d:f7:df:ed:54:e6:f8:ec:16:95:97:fc:e1:e7:31:e4:5a:c1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 484KB - Virtual size: 484KB

.rsrc Size: 109KB - Virtual size: 108KB

ba5546933531fafa869b1f86a4e2a959

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 3KB - Virtual size: 64KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 2KB - Virtual size: 1KB

17f3247fa6593e2577a42f20ebffdf43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shell32

shlwapi

user32

kernel32

tdh

Sections

.text Size: 307KB - Virtual size: 307KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 9KB - Virtual size: 24KB

.pdata Size: 19KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

75084f6bf4795dbe05bb5df4da31989c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 213KB - Virtual size: 212KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 4KB - Virtual size: 18KB

.pdata Size: 11KB - Virtual size: 11KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

75c7f84229e7c3ee0423b0f2b28ab3f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

msvcp140

imm32

vcruntime140

57:ea:3a:b0:e2:30:ae:a8:4d:78:68:58:fa:74:98:85
Certificate

27:cb:0d:f7:df:ed:54:e6:f8:ec:16:95:97:fc:e1:e7:31:e4:5a:c1
Signer

.text
Size: 484KB - Virtual size: 484KB

.rsrc
Size: 109KB - Virtual size: 108KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 307KB - Virtual size: 307KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 9KB - Virtual size: 24KB

.pdata
Size: 19KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 213KB - Virtual size: 212KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 4KB - Virtual size: 18KB

.pdata
Size: 11KB - Virtual size: 11KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 822KB - Virtual size: 821KB

.rdata
Size: 311KB - Virtual size: 311KB

.data
Size: 32KB - Virtual size: 46KB

.pdata
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 521KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB