snatch | samples (2)[.]zip

Resubmissions

18-04-2024 18:50

240418-xha8wabh29 10

01-01-2024 15:12

240101-slnwxsfeh4 10

Sharing

Copy URL

Twitter E-mail

General

Target

samples (2).zip
Size

120.4MB
MD5

aec75f441aa8bee97dde00cf38aa20b7
SHA1

df50a2ff2d2f0892bd9212ca6ebec02c8753c265
SHA256

44ee695b532eb984e46de29569ce35854b37d409efaabb6bcf9f5316e2b0546d
SHA512

e6fc8544f3840cc9bc5778baf9294f2df086ed793acd014a354300615fb82effa27bc3c77320d44e9a67404fd1ac7d06bd029829b40936fc9a38deaa46c6ca44
SSDEEP

3145728:VLfH9HbbMDj02Cdpnge0LREc1Z4sJCwZ3lehMSA/nSMBTlrdG:xP9HbbM0P0LLb0wxchfA/nSMBhg

Score

10^/10

vmprotect pyinstaller themida snatch

Malware Config

Signatures

Detecting the common Go functions and variables names used by Snatch ransomware 3 IoCs

Processes:

resource	yara_rule
static1/unpack001/f3c6dac2d21f7289e2807c0479a76105a5e8ed3a5c7ccbeae6d289e0b6e6880f	family_snatch
static1/unpack001/f682e063bc2c822fbe3083507b0717b1f8bc244149ed9acd9a78566f5a79a140	family_snatch
static1/unpack001/f7537bf47cc039b9cda59c844faa90a75ba80f08148166fd83ff10a0bf55120b	family_snatch

Snatch family
snatch

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e	themida

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9	vmprotect
static1/unpack001/4fcaca23e9cfb7e5448f41bb520c9c35c68fd795ac6b3707d0c64cf92738acf2	vmprotect

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack001/04035f6fdd921309391aef9c88e550d8b3d31c7a4ea80267cb436f491aedd1f9	autoit_exe

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
static1/unpack001/627a5569d47d6c66be6888e4f68f0a50e491404a08da1a7d9242c2d29e3e8ee3	pyinstaller

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/04035f6fdd921309391aef9c88e550d8b3d31c7a4ea80267cb436f491aedd1f9
unpack001/0ed3c87ce3ae58f3dcbf46fa022acd3cbbe0b96af2e9f7a47eee0dd50af88507
unpack001/1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9
unpack001/30e66f95b46c8162c921648e31f8c4146ba3f0580f4e5aa3b4c4de18687f6a49
unpack001/335160bee7e253c4ffa69e5164c4a36fe5fb4be2c246958dfcc509d8202db5cf
unpack001/3d7dd597a465d5275ef31d9e4f9dd80ed4de6139a1b3707cb3b0ffa068595567
unpack001/42dcc46f9d6e6e8efe3f95bc09dbdfb6206a52a4347dbb652f315cec483a2046
unpack001/4fcaca23e9cfb7e5448f41bb520c9c35c68fd795ac6b3707d0c64cf92738acf2
unpack001/5994300c1c7d099bec13d2a6aec942a6a866966e9545773d3fbe26cc5e308da7
unpack001/627a5569d47d6c66be6888e4f68f0a50e491404a08da1a7d9242c2d29e3e8ee3
unpack001/63fa775052a5c7258d44a00d9f2b4a9263f96fb7c61778cbb1ba9102fed2082f
unpack001/645b8dfe73255d9e5be6e778292f3dde84ff8c5918a044ae42bcace0fe9ca279
unpack001/64862ec69991a7d454c3ea3a0c3a8f1cc9c80192078740b9c753abbf1b7bef1b
unpack001/741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e
unpack001/7554a27519a2c960152cbe49ecef3948cf7bad12fa21cda62c8c236bbddb502d
unpack001/80bf2731a81c113432f061b397d70cac72d907c39102513abe0f2bae079373e4
unpack001/8cc9f83e2ec4d36e50ec8407932ff3b8a7ad188a0cb95dad78028cce7921e492
unpack001/9c80067790a910e99831e1c546fd569fb273cb34db2710fe99281d1c53475795
unpack001/de1793d8db7f58f0ef53bee7fb0942ef4c6c348e4a547b6cfeb74ffa8de56cdf
unpack001/de6da70478e7f84cd06ace1a0934cc9d5732f35aa20e960dc121fd8cf2388d6e
unpack001/dfef52ffdea9d5129cd6bf0b3df2997db40091a4bdb7f356f48feec5ac5ebcfe
unpack001/f3c6dac2d21f7289e2807c0479a76105a5e8ed3a5c7ccbeae6d289e0b6e6880f
unpack001/f682e063bc2c822fbe3083507b0717b1f8bc244149ed9acd9a78566f5a79a140
unpack001/f7537bf47cc039b9cda59c844faa90a75ba80f08148166fd83ff10a0bf55120b
unpack001/f89ee06ed27ff00fa5d8f6a5811a9e57063c72c9ec7d478321cdf2a2f018866f

Files

samples (2).zip
.zip
04035f6fdd921309391aef9c88e550d8b3d31c7a4ea80267cb436f491aedd1f9
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0ed3c87ce3ae58f3dcbf46fa022acd3cbbe0b96af2e9f7a47eee0dd50af88507
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Nickolas\Desktop\Guster\Guster\obj\x86\Release\Guster.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9
.exe windows:6 windows x64 arch:x64

515a2557c21b9523bb81c175957ade52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

AllocateAndInitializeSid

shell32

ord164

shlwapi

StrStrIW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
30e66f95b46c8162c921648e31f8c4146ba3f0580f4e5aa3b4c4de18687f6a49
.exe windows:5 windows x86 arch:x86

4b932974a1b8b4dec33cf044302323ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Legion\Desktop\fuck you so much\r n s\ehsanmilad rans\Release\curl.pdb

Imports

ws2_32

recv
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket

normaliz

IdnToAscii

wldap32

ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord301
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord200
ord22

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

kernel32

HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleFileNameA
GetDateFormatW
SetFilePointerEx
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RaiseException
RtlUnwind
WaitForSingleObject
LoadLibraryW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetExitCodeProcess
CreateProcessA
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
HeapSize
FindFirstFileExA
IsValidCodePage
FindNextFileA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
SetEndOfFile
ExitProcess
CreateFileW
GetLogicalDrives
FindFirstFileW
Process32First
FindNextFileW
TerminateProcess
GetDriveTypeA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
FreeConsole
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
GetCurrentThread
GetThreadTimes
UnregisterWaitEx
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetModuleHandleW
CopyFileW
MoveFileExW
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList

Sections

.text
Size: 954KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
335160bee7e253c4ffa69e5164c4a36fe5fb4be2c246958dfcc509d8202db5cf
.exe windows:5 windows x86 arch:x86

2940ba579b7a4325c4a69b7d1d865846

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExW

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

kernel32

GetVersion
GetVersionExW
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoUninitialize

shell32

SHGetSpecialFolderPathW

wsock32

WSACleanup

netapi32

NetShareEnum

Exports

Exports

TMethodImplementationIntercept

Sections

.text
Size: - Virtual size: 878KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3d7dd597a465d5275ef31d9e4f9dd80ed4de6139a1b3707cb3b0ffa068595567
.exe windows:5 windows x86 arch:x86

e798bfb56516c458d97e60d4f0e3cc29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
GetActiveObject
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
TerminateProcess
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OpenProcess
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CopyFileW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CloseEnhMetaFile
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetWkstaGetInfo

ole32

CreateStreamOnHGlobal
OleRegEnumVerbs
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

ShellExecuteW
Shell_NotifyIconW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

winhttp

WinHttpWriteData
WinHttpSetOption
WinHttpSetCredentials
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpQueryAuthSchemes
WinHttpOpenRequest
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpCloseHandle
WinHttpAddRequestHeaders

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
42dcc46f9d6e6e8efe3f95bc09dbdfb6206a52a4347dbb652f315cec483a2046
.exe windows:5 windows x86 arch:x86

4b932974a1b8b4dec33cf044302323ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Legion\Desktop\fuck you so much\r n s\ehsanmilad rans\Release\curl.pdb

Imports

ws2_32

recv
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket

normaliz

IdnToAscii

wldap32

ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord301
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord200
ord22

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

kernel32

HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleFileNameA
GetDateFormatW
SetFilePointerEx
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RaiseException
RtlUnwind
WaitForSingleObject
LoadLibraryW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetExitCodeProcess
CreateProcessA
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
HeapSize
FindFirstFileExA
IsValidCodePage
FindNextFileA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
SetEndOfFile
ExitProcess
CreateFileW
GetLogicalDrives
FindFirstFileW
Process32First
FindNextFileW
TerminateProcess
GetDriveTypeA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
FreeConsole
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
GetCurrentThread
GetThreadTimes
UnregisterWaitEx
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetModuleHandleW
CopyFileW
MoveFileExW
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList

Sections

.text
Size: 954KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4fcaca23e9cfb7e5448f41bb520c9c35c68fd795ac6b3707d0c64cf92738acf2
.exe windows:5 windows x86 arch:x86

f681018170984f9109a21e44cd16d340

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
5994300c1c7d099bec13d2a6aec942a6a866966e9545773d3fbe26cc5e308da7
.exe windows:6 windows x64 arch:x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
627a5569d47d6c66be6888e4f68f0a50e491404a08da1a7d9242c2d29e3e8ee3
.exe windows:5 windows x86 arch:x86

fa2936ff523bbe01bb11c81e10c9ad2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongW
GetWindowLongW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
DecodePointer
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kf12.pyc
63fa775052a5c7258d44a00d9f2b4a9263f96fb7c61778cbb1ba9102fed2082f
.exe windows:5 windows x86 arch:x86

4fc9cfab107039a1e5e81ba24c8742a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegCloseKey

user32

CharNextW
LoadStringW
WINNLSEnableIME
SetWindowLongW
GetWindowLongW
CreateWindowExW
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TrackMouseEvent
SystemParametersInfoW
ShowWindow
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetTimer
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetFocus
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageTimeoutW
SendMessageW
ScreenToClient
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterClassW
PostQuitMessage
PostMessageW
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjects
MessageBoxIndirectW
MessageBoxW
MapVirtualKeyW
LoadStringW
LoadIconW
LoadCursorW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsMenu
IsIconic
IsClipboardFormatAvailable
InvalidateRect
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetPropW
GetParent
GetMenuItemInfoW
GetMenuItemCount
GetMenu
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetFocus
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoW
GetCapture
GetActiveWindow
FindWindowW
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EmptyClipboard
DrawTextW
DrawIconEx
DispatchMessageW
DestroyWindow
DestroyMenu
DefWindowProcW
CreateMenu
CloseClipboard
ClientToScreen
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AppendMenuW
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FindResourceW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OutputDebugStringW
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemDirectoryW
GetStdHandle
GetLongPathNameW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Sleep

gdi32

TextOutW
StartPage
StartDocW
SetWindowOrgEx
SetTextColor
SetTextAlign
SetMapMode
SetBkColor
SetAbortProc
SelectObject
GetWindowOrgEx
GetTextMetricsW
GetTextExtentPoint32W
GetStockObject
GetRegionData
GetPath
GetObjectA
GetDeviceCaps
GetCharABCWidthsFloatW
ExtCreateRegion
EnumFontsW
EndPath
EndPage
EndDoc
DeleteObject
DeleteDC
CreateRectRgn
CreateICW
CreateFontIndirectW
CreateFontW
CreateDIBSection
CreateDCW
CreateCompatibleDC
CombineRgn
BitBlt
BeginPath
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shfolder

SHGetFolderPathW

netapi32

NetWkstaGetInfo

ole32

CreateStreamOnHGlobal
OleRegEnumFormatEtc
ReleaseStgMedium
OleDraw
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

msvcrt

isxdigit
isupper
isspace
ispunct
isprint
islower
isgraph
isdigit
iscntrl
isalpha
isalnum
toupper
tolower
strchr
strlen
strncmp
memset
memcpy
memcmp

shell32

ShellExecuteW
DragQueryFileW

comdlg32

PageSetupDlgW
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

winmm

timeGetTime

winspool.drv

SetPrinterW
OpenPrinterW
GetPrinterW
GetDefaultPrinterW
EnumPrintersW
DocumentPropertiesW
DeviceCapabilitiesW
ClosePrinter

d3d9

Direct3DCreate9

winhttp

WinHttpWriteData
WinHttpSetOption
WinHttpSetCredentials
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpQueryAuthSchemes
WinHttpOpenRequest
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpCloseHandle
WinHttpAddRequestHeaders

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 102KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
645b8dfe73255d9e5be6e778292f3dde84ff8c5918a044ae42bcace0fe9ca279
.exe windows:5 windows x86 arch:x86

aee678a5f1a4387df8b73d6176b314a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

kernel32

Sleep
SizeofResource
GetConsoleWindow
GetVersionExW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GetLastError
GetProcAddress
GetSystemDirectoryW
CreateEventW
GetModuleFileNameA
GetModuleHandleA
CloseHandle
CreateThread
WriteFile
GetModuleHandleW
SetEvent
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
LoadResource
FindResourceW
GetNativeSystemInfo
CreateFileA
GetCommandLineW
LockResource
ExitProcess
WriteConsoleW
SetStdHandle
ReadConsoleW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
SetEndOfFile
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
HeapSize
LoadLibraryExW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
OutputDebugStringW

user32

ShowWindow
ExitWindowsEx

advapi32

RegisterServiceCtrlHandlerW
RevertToSelf
SetServiceStatus
ImpersonateLoggedOnUser
ChangeServiceConfig2W
LookupPrivilegeValueW
CreateProcessAsUserW
LogonUserW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CreateServiceW
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteA

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
64862ec69991a7d454c3ea3a0c3a8f1cc9c80192078740b9c753abbf1b7bef1b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
741d75a02d0c4974968f0738a8b67104e1c24a58143b73b5ed1c25ac023b695e
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
7554a27519a2c960152cbe49ecef3948cf7bad12fa21cda62c8c236bbddb502d
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
80bf2731a81c113432f061b397d70cac72d907c39102513abe0f2bae079373e4
.exe windows:4 windows x86 arch:x86

f6baa5eaa8231d4fe8e922a2e6d240ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetWindowLongW
GetMenu
SetWindowPos
GetWindowDC
ReleaseDC
GetDlgItem
GetParent
GetWindowRect
GetClassNameA
CreateWindowExW
SetTimer
GetMessageW
DispatchMessageW
KillTimer
DestroyWindow
SendMessageW
EndDialog
wsprintfW
GetWindowTextW
GetWindowTextLengthW
GetSysColor
wsprintfA
SetWindowTextW
MessageBoxA
ScreenToClient
GetClientRect
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
ShowWindow
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
CreateWindowExA
wvsprintfW
CharUpperW
GetKeyState
CopyImage

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysFreeString
OleLoadPicture
SysAllocString

kernel32

GetFileSize
SetFilePointer
ReadFile
WaitForMultipleObjects
GetModuleHandleA
SetFileTime
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetCurrentDirectoryW
GetDriveTypeW
CreateFileW
GetCommandLineW
GetStartupInfoW
CreateProcessW
CreateJobObjectW
ResumeThread
AssignProcessToJobObject
CreateIoCompletionPort
SetInformationJobObject
GetQueuedCompletionStatus
GetExitCodeProcess
CloseHandle
SetEnvironmentVariableW
GetTempPathW
GetSystemTimeAsFileTime
lstrlenW
CompareFileTime
SetThreadLocale
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
WideCharToMultiByte
VirtualAlloc
GlobalMemoryStatusEx
lstrcmpW
GetEnvironmentVariableW
lstrcmpiW
lstrlenA
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
LoadLibraryA
GetProcAddress
GetModuleHandleW
ExitProcess
lstrcatW
GetDiskFreeSpaceExW
SetFileAttributesW
SetLastError
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread
GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetStartupInfoA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
free
memcpy
_wtol
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memset
_wcsnicmp
strncmp
wcsncmp
malloc
memmove
_purecall

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8cc9f83e2ec4d36e50ec8407932ff3b8a7ad188a0cb95dad78028cce7921e492
.exe windows:6 windows x86 arch:x86

00dd08e2a6d58ff220bb2dcd9dd4c64a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb

Imports

kernel32

CreateFileW
CloseHandle
WriteFile
DeleteFileW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventExW
WaitForSingleObject
SetEvent
RemoveDirectoryW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
MoveFileW
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
CreateEventW
FindClose
FindFirstFileW
GetFullPathNameW
InitializeCriticalSection
lstrcpynW
CreateThread
GetProcAddress
LoadLibraryExW
GetCurrentProcess
Sleep
WideCharToMultiByte
GetDiskFreeSpaceExW
DecodePointer
GetExitCodeThread
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpiW
GetModuleHandleW
LoadLibraryW
GetDriveTypeW
CompareStringW
FindNextFileW
GetLogicalDriveStringsW
GetFileSize
GetFileAttributesW
GetShortPathNameW
SetFileAttributesW
GetFileTime
CopyFileW
ReadFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
MultiByteToWideChar
GetSystemInfo
WaitForMultipleObjects
GetVersionExW
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
SetUnhandledExceptionFilter
FileTimeToSystemTime
GetEnvironmentVariableW
GetSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateProcessW
GetExitCodeProcess
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetEnvironmentStringsW
LocalFree
InitializeCriticalSectionEx
LoadLibraryA
GetModuleFileNameA
GetCurrentThread
GetConsoleOutputCP
FlushFileBuffers
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
OutputDebugStringW
GetTickCount
GetCommandLineW
SetCurrentDirectoryW
SetEndOfFile
EnumResourceLanguagesW
GetSystemDefaultLangID
GetUserDefaultLangID
GetLocalTime
ResetEvent
GlobalFree
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
CreateNamedPipeW
ConnectNamedPipe
TerminateThread
LocalAlloc
CompareFileTime
CopyFileExW
OpenEventW
PeekNamedPipe
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadConsoleW
WriteConsoleW
GetProcessAffinityMask
GetModuleHandleA
GlobalMemoryStatus
ReleaseSemaphore
CreateSemaphoreW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 555KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9c80067790a910e99831e1c546fd569fb273cb34db2710fe99281d1c53475795
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\sd\Documents\SharpDevelop Projects\StormByte\StormByte\obj\Debug\StormByte.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
de1793d8db7f58f0ef53bee7fb0942ef4c6c348e4a547b6cfeb74ffa8de56cdf
.exe windows:6 windows x86 arch:x86

6ba04bbf51a24a534538120ae9d50b8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHFileOperationW

imagehlp

UnMapAndLoad
MapAndLoad

kernel32

TlsSetValue
WriteConsoleW
HeapReAlloc
HeapSize
CreateDirectoryW
ReadFile
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
GetShortPathNameW
GetModuleFileNameW
GetProcessId
SetFilePointer
GetTempPathW
WaitForSingleObject
CreateFileW
GetLastError
CloseHandle
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
GetSystemTimeAsFileTime
FormatMessageA
GenerateConsoleCtrlEvent
GetExitCodeProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetFilePointerEx
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
DecodePointer
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
LCMapStringW
GetFileType
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
de6da70478e7f84cd06ace1a0934cc9d5732f35aa20e960dc121fd8cf2388d6e
.exe windows:5 windows x86 arch:x86

7af2fe87a3ab930007d141d21c36ceda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetFocus
MessageBoxA

msvcr90

_onexit
_decode_pointer
_lock
_invoke_watson
_strdup
_crt_debugger_hook
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
realloc
bsearch
qsort
memset
memcpy
fprintf
__iob_func
setbuf
getenv
atoi
malloc
free
strncmp
strrchr
__argv
__argc
strncpy
_snprintf
_stricmp
_except_handler4_common
_controlfp_s

kernel32

IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapAlloc
IsBadReadPtr
SetLastError
GetProcessHeap
HeapFree
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibrary
GetModuleHandleA
OutputDebugStringA
GetFullPathNameA
LoadLibraryA
GetProcAddress
UnmapViewOfFile
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetLastError
FormatMessageA
LocalFree
lstrlenA
UnhandledExceptionFilter

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dfef52ffdea9d5129cd6bf0b3df2997db40091a4bdb7f356f48feec5ac5ebcfe
.exe windows:5 windows x86 arch:x86

fe6be290d8c1facea964a32bd638d0ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

GetCurrentDirectoryA
GetProcessHeap
GetLastError
GetModuleHandleA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetShortPathNameW
GetTempPathW
Sleep
LoadLibraryExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStartupInfoW
GetProcAddress
WriteConsoleA
GetStdHandle
VirtualFree
VirtualAlloc
GetModuleFileNameW
GetVersionExA
LoadLibraryA
SetEndOfFile
CompareStringW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
GetCurrentProcessId
DeleteFileA
RemoveDirectoryA
FindNextFileA
SetStdHandle
GetFileType
SetConsoleCtrlHandler
GetModuleHandleW
ExitProcess
HeapReAlloc
GetFullPathNameA
GetFileAttributesA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
DeleteCriticalSection
WriteFile
GetModuleFileNameA
SetHandleCount
RtlUnwind
CloseHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
FlushFileBuffers
CreateFileW
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA
CompareStringA

ws2_32

ntohl

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_pyi_bootstrap.pyc
floodwork.pyc
pyi_carchive.pyc
f3c6dac2d21f7289e2807c0479a76105a5e8ed3a5c7ccbeae6d289e0b6e6880f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 274B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 36B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/99
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/112
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f682e063bc2c822fbe3083507b0717b1f8bc244149ed9acd9a78566f5a79a140
.exe windows:6 windows x64 arch:x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f7537bf47cc039b9cda59c844faa90a75ba80f08148166fd83ff10a0bf55120b
.exe windows:6 windows x64 arch:x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f89ee06ed27ff00fa5d8f6a5811a9e57063c72c9ec7d478321cdf2a2f018866f
.exe windows:6 windows x64 arch:x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

version

winmm

comctl32

mpr

wininet

psapi

iphlpapi

userenv

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 567KB - Virtual size: 567KB

.rdata Size: 184KB - Virtual size: 184KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 157KB - Virtual size: 157KB

.reloc Size: 28KB - Virtual size: 28KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

515a2557c21b9523bb81c175957ade52

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

wtsapi32

Sections

.text Size: - Virtual size: 126KB

.rdata Size: - Virtual size: 58KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 5KB

_RDATA Size: - Virtual size: 348B

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 512B - Virtual size: 184B

.rsrc Size: 512B - Virtual size: 480B

4b932974a1b8b4dec33cf044302323ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

normaliz

wldap32

crypt32

advapi32

kernel32

Sections

.text
Size: 567KB - Virtual size: 567KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 157KB - Virtual size: 157KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 126KB

.rdata
Size: - Virtual size: 58KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 5KB

_RDATA
Size: - Virtual size: 348B

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: 954KB - Virtual size: 954KB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 27KB - Virtual size: 42KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 54KB - Virtual size: 54KB

.text
Size: - Virtual size: 878KB

.itext
Size: - Virtual size: 19KB

.data
Size: - Virtual size: 22KB

.bss
Size: - Virtual size: 25KB

.idata
Size: - Virtual size: 4KB

.didata
Size: - Virtual size: 250B

.edata
Size: - Virtual size: 108B

.tls
Size: - Virtual size: 20B

.rdata
Size: - Virtual size: 24B

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

.rsrc
Size: 65KB - Virtual size: 352KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.itext
Size: 9KB - Virtual size: 8KB

.data
Size: 42KB - Virtual size: 42KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 15KB - Virtual size: 15KB

.didata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 154B

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 256KB - Virtual size: 256KB

.rsrc
Size: 54KB - Virtual size: 53KB