b4368821ca6ca45b3a77cfe6822000bb

Sharing

Copy URL Twitter E-mail

General

Target

b4368821ca6ca45b3a77cfe6822000bb
Size

6.3MB
MD5

b4368821ca6ca45b3a77cfe6822000bb
SHA1

489798ac4b4be34ce93098e7a92b68ce75e33e5f
SHA256

ec884f7ba50474e74dea8022ad5a167b3a9fefa39f8af2d6ee454dbc35047909
SHA512

9608d67c32901a975f7ffb116a284af08ac54052457b50c83d4d1e9569e48d4bd48ee1498f60ead7c59ef76f470197a4d2a736f03cbe1663b908c71af781784c
SSDEEP

196608:Xr8P+RJPCq9bLQXAZFJjk19z/BIxqJ4F74:XoWvhZQQtjYZqquF74

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
b4368821ca6ca45b3a77cfe6822000bb
unpack001/bin/win32/runscript.dll
unpack001/bin/win32/runscript.exe
unpack001/bin/win32/wrunscript.exe
unpack001/tlpkg/installer/lz4/lz4.exe
unpack001/tlpkg/installer/tar.exe
unpack001/tlpkg/installer/wget/wget.exe
unpack001/tlpkg/installer/xz/xz.exe
unpack001/tlpkg/tltcl/tclkit.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

b4368821ca6ca45b3a77cfe6822000bb
.exe windows:4 windows x86 arch:x86

fc01392fe93045b475f10ef1edeaf66c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExA
MoveFileA
MoveFileExA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ReleaseDC
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LICENSE.CTAN
LICENSE.TL
README
README.usergroups
bin/win32/runscript.dll
.dll windows:4 windows x86 arch:x86

90c785422a7cd5796b9f28e022811139

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
GetFileAttributesA
GetCommandLineA
SetEnvironmentVariableA

msvcrt

_snprintf
strrchr
strlen
strcpy
malloc
free
_iob
fprintf
getenv
atexit
__getmainargs

luatex

dllluatexmain

user32

MessageBoxA

Exports

Exports

dllrunscript
dllwrunscript

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/win32/runscript.exe
.exe windows:4 windows x86 arch:x86

52f8698cd85b91ca7ebb340d668fc083

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

runscript

dllrunscript

msvcrt

_controlfp
__set_app_type
__getmainargs
exit

Sections

.text
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/win32/runscript.tlu
bin/win32/tlmgr.bat
.bat .vbs
bin/win32/wrunscript.exe
.exe windows:4 windows x86 arch:x86

ee58462edf3a864b618f06c89bb1c9c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
_unlock
abort
vfprintf
calloc

runscript

dllwrunscript

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1008B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
index.html
.html
readme-html.dir/readme.cs.html
.html
readme-html.dir/readme.de.html
.html
readme-html.dir/readme.en.html
.html
readme-html.dir/readme.es.html
readme-html.dir/readme.fr.html
.html
readme-html.dir/readme.it.html
.html
readme-html.dir/readme.ja.html
.html
readme-html.dir/readme.pl.html
readme-html.dir/readme.pt-br.html
.html
readme-html.dir/readme.ru.html
.html
readme-html.dir/readme.sr.html
.html
readme-html.dir/readme.vi.html
.html
readme-html.dir/readme.zh-cn.html
.html
readme-txt.dir/README.CS
readme-txt.dir/README.DE
readme-txt.dir/README.EN
readme-txt.dir/README.ES
readme-txt.dir/README.FR
readme-txt.dir/README.IT
readme-txt.dir/README.JA
readme-txt.dir/README.PL
readme-txt.dir/README.PT-BR
readme-txt.dir/README.RU
readme-txt.dir/README.SK-ascii
readme-txt.dir/README.SR
readme-txt.dir/README.VI
readme-txt.dir/README.ZH-CN
release-texlive.txt
texmf-dist/doc/man/man1/tlmgr.1
texmf-dist/doc/man/man1/tlmgr.man1.pdf
.pdf
- https://tug.org/texlive/acquire.html
- https://tug.org/texlive/tlmgr.html
- https://tug.org/texlive/doc
- http://mirror.ctan.org/systems/texlive/tlnetTelltlmgrto
- https://ctan.org/mirrors/mirmon
- http://ctan.example.org/its/ctan/dir/systems/texlive/tlnetOf
- http://mirror.ctan.org/systems/texlive/tlnetPick
- https://ctan.org
- https://tug.org/texlive/doc/tlmgr.html#ENVIRONMENT�VARIABLES
- https://en.wikipedia.org/wiki/OpenSSH
- https://en.wikipedia.org/wiki/Ssh�agent
- https://tug.org/texlive/doc/tlmgr.html
- http://arepresent.run
- https://tug.org/fonts/fontinstall.html
- http://pkg...info
- http://mirror.ctan.org/systems/texlive/tlnetTheinstall�tldocumentation
- http://version.help
- http://TLPDB.save
- http://for.show
- http://TEXMFCONFIG...to
- http://option.no
- http://afterdownloading.no
- https://openssl.org
- https://www.gnu.org/software/coreutils
- http://contrib.texlive.info
- http://contrib.texlive.info/current
- https://search.cpan.org/search?query=perl%2Ftk
- https://tug.org/texlive/distro.html#perltk
- https://tug.org/texlive/doc.html
- https://search.cpan.org/perldoc?Tk
- http://wasdrawn.total
- https://tug.org/texlive
- http://tlmgr.pl
- Show all
texmf-dist/scripts/texlive/NEWS
texmf-dist/scripts/texlive/tlmgr.pl
.pl .sh linux
texmf-dist/scripts/texlive/tlmgrgui.pl
.pl .sh linux
texmf-dist/scripts/texlive/uninstall-win32.pl
.sh .vbs linux polyglot
texmf-dist/scripts/texlive/uninstq.vbs
texmf-dist/web2c/fmtutil-hdr.cnf
texmf-dist/web2c/updmap-hdr.cfg
tlpkg/README
tlpkg/TeXLive/TLConfFile.pm
.vbs
tlpkg/TeXLive/TLConfig.pm
.vbs
tlpkg/TeXLive/TLCrypto.pm
.vbs
tlpkg/TeXLive/TLDownload.pm
.vbs
tlpkg/TeXLive/TLPDB.pm
.ps1
tlpkg/TeXLive/TLPOBJ.pm
.vbs
tlpkg/TeXLive/TLPSRC.pm
.vbs
tlpkg/TeXLive/TLPaper.pm
.vbs
tlpkg/TeXLive/TLTREE.pm
.vbs
tlpkg/TeXLive/TLUtils.pm
tlpkg/TeXLive/TLWinGoo.pm
.vbs
tlpkg/TeXLive/TeXCatalogue.pm
.vbs
tlpkg/TeXLive/trans.pl
.sh .vbs linux polyglot
tlpkg/gpg/pubring.gpg
tlpkg/gpg/random_seed
tlpkg/gpg/tl-key-extension.txt
tlpkg/gpg/trustdb.gpg
tlpkg/installer/COPYING.MinGW-runtime.txt
tlpkg/installer/config.guess
tlpkg/installer/lz4/lz4.exe
.exe windows:5 windows x86 arch:x86

c2f8ed4bb1d62693b36999e68b8c0d74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\usr\work\tmp\lz4-1.8.3\visual\VS2010\bin\Win32_Release\lz4.pdb

Imports

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
SetPriorityClass
GetCurrentProcess
GetConsoleMode
FindNextFileA
FindClose
FindFirstFileA
DeviceIoControl
GetModuleFileNameA
GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetSystemTimeAsFileTime
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapReAlloc
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetCommandLineA
HeapSetInformation
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
HeapCreate
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
WideCharToMultiByte
GetConsoleCP
SetHandleCount
GetStartupInfoW
DeleteCriticalSection
GetFullPathNameA
CloseHandle
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
MultiByteToWideChar
ReadFile
FlushFileBuffers
RtlUnwind
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
LCMapStringW
GetStringTypeW
WriteConsoleW
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
HeapSize
CreateFileW
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tlpkg/installer/tar.exe
.exe windows:5 windows x86 arch:x86

c232a79d8ea1c42dbbea6c6ab6238b54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CopyFileA
DeviceIoControl
GetLastError
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
FindClose
FindFirstFileA
SearchPathA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileAttributesA
FindNextFileA
GetFullPathNameA
SetFileTime
SetFileAttributesA
GetSystemTime
SystemTimeToFileTime
CreateDirectoryW
GetFullPathNameW
BackupWrite
CreateFileW
GetDriveTypeA
FindFirstFileExA
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
CreateDirectoryA
MoveFileA
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetModuleFileNameA
GetCommandLineA
HeapSetInformation
PeekNamedPipe
GetFileType
HeapReAlloc
SetStdHandle
GetExitCodeProcess
GetCurrentDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
IsProcessorFeaturePresent
SetHandleCount
GetStartupInfoW
DeleteCriticalSection
RtlUnwind
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameW
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
Sleep
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringW
GetTimeZoneInformation
GetDriveTypeW
GetProcessHeap
HeapSize
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
GetCurrentDirectoryA
RemoveDirectoryA
GetCurrentProcess
GetStdHandle
DuplicateHandle
CreatePipe
CreateProcessA
InitializeCriticalSectionAndSpinCount
CloseHandle
DeleteFileA
SetCurrentDirectoryA

user32

wsprintfW

advapi32

GetSecurityDescriptorOwner
IsValidSid
EqualSid
LookupAccountSidA
GetFileSecurityA
GetUserNameA

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tlpkg/installer/wget/wget.exe
.exe windows:4 windows x86 arch:x86

a889930dda044afe246f753c69172fc7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FormatMessageA
FreeLibrary
GetACP
GetCommandLineA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVolumeInformationW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
PeekConsoleInputA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ResumeThread
SetConsoleCtrlHandler
SetConsoleTitleA
SetEndOfFile
SetEvent
SetFilePointer
SetFileTime
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TerminateThread
TlsGetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__argv
__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_close
_commode
_environ
_errno
_exit
_filelengthi64
_fileno
_findclose
_findnext
_fmode
_fullpath
_get_osfhandle
_getch
_getmaxstdio
_getmbcp
_initterm
_iob
_isctype
_lock
_lseeki64
_mkdir
_onexit
_open
_open_osfhandle
_pipe
_putenv
_setmaxstdio
_setmode
_snwprintf
_stati64
time
_stricmp
_strnicmp
_sys_errlist
_sys_nerr
_telli64
_unlock
calloc
clearerr
clock
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
gmtime
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
perror
puts
qsort
raise
rand
realloc
rename
rewind
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
_vsnprintf
_wopen
_write
abort
atoi
time
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcscpy
wcslen
wcstombs
_findfirst
_write
_unlink
_strdup
_setmode
_read
_open
_lseek
_isatty
_getpid
_fileno
_fdopen
_dup2
_dup
_close
_chmod

user32

DispatchMessageA
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage

ws2_32

WSAAddressToStringA
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
htons
ioctlsocket
listen
ntohs
recv
select
send
setsockopt

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tlpkg/installer/xz/xz.exe
.exe windows:4 windows x86 arch:x86

d687eb87b25e8a0cb9372ce90f92edee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateEventA
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetVersion
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
SetConsoleCtrlHandler
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__argv
__dllonexit
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_commode
_errno
_fmode
_fstati64
_futime
_initterm
_iob
_lock
_lseeki64
_onexit
_stricmp
_unlock
calloc
exit
fclose
feof
ferror
fgetc
fopen
fprintf
fputc
free
fwrite
getenv
isspace
localeconv
malloc
memcmp
memcpy
memmove
memset
putchar
puts
realloc
setlocale
signal
strchr
strcmp
strerror
strlen
strncmp
strpbrk
strrchr
strstr
abort
atoi
vfprintf
wcslen
_write
_unlink
_setmode
_read
_open
_isatty
_close

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tlpkg/tlpobj/texlive.infra.tlpobj
tlpkg/tlpobj/texlive.infra.win32.tlpobj
tlpkg/tltcl/gui_err.tcl
.sh .vbs linux polyglot
tlpkg/tltcl/tclkit.exe
.exe windows:4 windows x86 arch:x86

4fdd7e1132f4c968d164815e4a5c801b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AccessCheck
EqualSid
GetFileSecurityW
GetNamedSecurityInfoW
GetSecurityDescriptorOwner
GetSidIdentifierAuthority
GetTokenInformation
GetUserNameW
ImpersonateSelf
OpenProcessToken
OpenThreadToken
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RevertToSelf

comctl32

InitCommonControlsEx

comdlg32

ChooseColorW
ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

gdi32

Arc
BeginPath
BitBlt
Chord
CloseFigure
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreatePalette
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
EndPath
EnumFontFamiliesW
ExtCreatePen
ExtTextOutW
GetBkMode
GetCharWidthA
GetCharWidthW
GetDIBits
GetDeviceCaps
GetFontData
GetMapMode
GetNearestColor
GetNearestPaletteIndex
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetTextCharset
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextFaceA
GetTextFaceW
GetTextMetricsW
OffsetClipRgn
PatBlt
Pie
Polygon
Polyline
RealizePalette
RectInRegion
Rectangle
ResizePalette
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetMapMode
SetPaletteEntries
SetPolyFillMode
SetROP2
SetRectRgn
SetTextAlign
SetTextColor
StretchDIBits
StrokeAndFillPath
StrokePath
TextOutA
TextOutW
TranslateCharsetInfo
UpdateColors

imm32

ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

kernel32

BuildCommDCBW
ClearCommError
CloseHandle
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreatePipe
CreateProcessW
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EscapeCommFunction
ExitProcess
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FindResourceW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCommModemStatus
GetCommState
GetCommandLineA
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetOverlappedResult
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetWindowsDirectoryA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalGetAtomNameW
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByte
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFree
LockResource
MapViewOfFile
MoveFileW
MulDiv
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputW
PeekNamedPipe
PurgeComm
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
SearchPathW
SetCommState
SetCommTimeouts
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SetupComm
Sleep
SleepEx
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiA
lstrlenW

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_controlfp
_endthreadex
_environ
_errno
_fdopen
_fileno
_fmode
_ftime
_get_osfhandle
_hypot
_initterm
_iob
_lock
_onexit
_open
_snprintf
_snwprintf
time
mktime
localtime
gmtime
ctime
_stricmp
_strnicmp
_unlock
calloc
cosh
exit
fclose
ferror
fflush
fprintf
fputc
fputs
fread
free
frexp
fseek
ftell
fwrite
getenv
isalnum
isalpha
islower
isprint
isspace
isupper
isxdigit
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
realloc
setlocale
signal
sinh
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
_vsnprintf
_wcsicmp
_wcsnicmp
_wopen
abort
acos
asin
atan
atof
tan
tanh
tolower
toupper
vfprintf
vsprintf
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
wcsrchr
atoi
_timezone
_write
_tzset
_strdup
_putenv
_isatty
_getpid

netapi32

NetApiBufferFree
NetGetDCName
NetUserGetInfo

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CreateBindCtx
CreateErrorInfo
CreateFileMoniker
GetRunningObjectTable
SetErrorInfo

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantChangeType
VariantClear
VariantInit

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW

user32

AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
ClientToScreen
CloseClipboard
CreateCaret
CreateIconFromResource
CreateIconFromResourceEx
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DdeAbandonTransaction
DdeAccessData
DdeClientTransaction
DdeConnect
DdeCreateDataHandle
DdeCreateStringHandleW
DdeDisconnect
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeW
DdeNameService
DdeQueryStringW
DdeUnaccessData
DdeUninitialize
DefWindowProcW
DestroyCaret
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
EmptyClipboard
EnableWindow
EndDialog
EndPaint
EnumWindows
FillRect
GetAsyncKeyState
GetCapture
GetClassLongW
GetClientRect
GetClipboardData
GetClipboardOwner
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetLastInputInfo
GetMenuItemCount
GetMessageA
GetMessagePos
GetMessageW
GetParent
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
InsertMenuW
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsWindow
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorA
LoadCursorFromFileA
LoadCursorW
LoadIconW
MapVirtualKeyW
MessageBeep
MessageBoxA
MessageBoxW
MoveWindow
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassExW
RegisterClassW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindowEx
SendInput
SendMessageTimeoutW
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetParent
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
ToUnicode
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
VkKeyScanW
WaitForInputIdle
WindowFromPoint
wsprintfA
wsprintfW

userenv

GetProfilesDirectoryW

ws2_32

WSAAsyncSelect
WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

Exports

Exports

Dde_Init
Dde_SafeInit
Mk4tcl_Init
Mk4tcl_SafeInit
Mk_Init
Mk_SafeInit
Pwb_Init
Rechan_Init
Registry_Init
Registry_Unload

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tlpkg/tltcl/tlmgr.gif
.gif
tlpkg/tltcl/tltcl.tcl
.sh .vbs linux polyglot

Sharing

General

Malware Config

Signatures

Files

fc01392fe93045b475f10ef1edeaf66c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 264B

.rdata Size: 27KB - Virtual size: 27KB

.bss Size: - Virtual size: 288KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 512B - Virtual size: 256KB

.rsrc Size: 3KB - Virtual size: 3KB

90c785422a7cd5796b9f28e022811139

Headers

File Characteristics

Imports

kernel32

msvcrt

luatex

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 128B

52f8698cd85b91ca7ebb340d668fc083

Headers

File Characteristics

Imports

runscript

msvcrt

Sections

.text Size: 512B - Virtual size: 224B

.data Size: 512B - Virtual size: 224B

ee58462edf3a864b618f06c89bb1c9c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

runscript

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 48B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 1008B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

c2f8ed4bb1d62693b36999e68b8c0d74

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 161KB - Virtual size: 160KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

c232a79d8ea1c42dbbea6c6ab6238b54

Headers

DLL Characteristics

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 264B

.rdata
Size: 27KB - Virtual size: 27KB

.bss
Size: - Virtual size: 288KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 512B - Virtual size: 256KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 128B

.text
Size: 512B - Virtual size: 224B

.data
Size: 512B - Virtual size: 224B

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 1008B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 185KB - Virtual size: 184KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 19KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 16KB - Virtual size: 16KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.bss
Size: - Virtual size: 29KB

.idata
Size: 7KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.text
Size: 199KB - Virtual size: 199KB

.data
Size: 1024B - Virtual size: 572B

.rdata
Size: 45KB - Virtual size: 45KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 864B

.text
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 26KB - Virtual size: 25KB

.rdata
Size: 373KB - Virtual size: 372KB

.bss
Size: - Virtual size: 11KB

.edata
Size: 512B - Virtual size: 265B