55b967543d0b0e972ac76f679a74b93b20063f15926f0b7e72fe5e6a46b37888

Sharing

Copy URL

Twitter E-mail

General

Target

55b967543d0b0e972ac76f679a74b93b20063f15926f0b7e72fe5e6a46b37888
Size

2.4MB
MD5

3186da2a6f756d2b503e86f402ffe0bf
SHA1

fd45e2fcddf98ebc5a3f8a108a4d9f15ac492f64
SHA256

55b967543d0b0e972ac76f679a74b93b20063f15926f0b7e72fe5e6a46b37888
SHA512

e4d48bf337ffd441e966c76be5def00df28ebb48d691215f6bcaf091f30eaf7cade4809881d926a6426d2536eea59c68cb136db63382b1cdb5ef7bac925f298d
SSDEEP

49152:ZhIL9tt29wosM+b7HRhJ/3F8IMsGpiKdbKCaFuEKoiCifKTAAvM:7IL9K9nsZbbNGpPdbKZuEKuXAAvM

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/Menu_v0.12b_AIO/Menu 0.12 beta.exe	autoit_exe

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Menu_v0.12b_AIO/Menu 0.12 beta.exe
unpack001/Menu_v0.12b_AIO/hacbrewpack.exe
unpack001/Menu_v0.12b_AIO/msys-2.0.dll
unpack001/Menu_v0.12b_AIO/msys-gcc_s-seh-1.dll

Files

55b967543d0b0e972ac76f679a74b93b20063f15926f0b7e72fe5e6a46b37888
.zip
Menu_v0.12b_AIO/AU3 Script Files/Menu 0.11B.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu 0.12 Beta.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_0.10B.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.2.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.3.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.4.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.5.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.6_Diagnose.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.6_WIP.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.7.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.8 Beta.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.8.au3
Menu_v0.12b_AIO/AU3 Script Files/Menu_v0.9 Beta.au3
Menu_v0.12b_AIO/Menu 0.12 beta.exe
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Menu_v0.12b_AIO/control/control.nacp
Menu_v0.12b_AIO/exefs/main
Menu_v0.12b_AIO/exefs/main.npdm
Menu_v0.12b_AIO/hacbrewpack.exe
.exe windows:4 windows x86 arch:x86

e4abcf668a38ab5928b8dd4e843ca002

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

CloseHandle
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__lconv_init
__p___argv
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_exit
_filelengthi64
_fileno
_findclose
_findfirst
_findnext
_fullpath
_initterm
_iob
_lock
_onexit
_snwprintf
_stat64
_stati64
_unlock
_vsnprintf_s
_wfindfirst
_wfindnext
_wfopen
_wfullpath
_wmkdir
_wrename
_wrmdir
_wstati64
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getenv
islower
isspace
isupper
localeconv
malloc
memset
memcmp
memcpy
printf
putchar
puts
raise
rand
remove
setlocale
signal
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strstr
strtoul
vfprintf
wcscat
wcscpy
wcslen

user32

MessageBoxW

Sections

.text
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Menu_v0.12b_AIO/keys.dat
Menu_v0.12b_AIO/logo/NintendoLogo.bak
.png
Menu_v0.12b_AIO/logo/NintendoLogo.png
.png
Menu_v0.12b_AIO/logo/StartupMovie.gif
.gif
Menu_v0.12b_AIO/msys-2.0.dll
.dll windows:4 windows x64 arch:x64

c4600459f46c6d12e6d271248e6197a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Imports

kernel32

AcquireSRWLockExclusive
AddVectoredContinueHandler
AllocConsole
AttachConsole
CallNamedPipeA
CancelIo
CancelSynchronousIo
ClearCommBreak
ClearCommError
CloseHandle
CompareStringW
ConnectNamedPipe
CopyFileA
CreateDirectoryExA
CreateFileA
CreateFileW
CreateNamedPipeA
CreatePipe
CreateProcessW
CreateRemoteThread
CreateSymbolicLinkW
CreateTapePartition
CreateThread
DebugBreak
DeleteCriticalSection
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileA
FindFirstVolumeW
FindNextFileA
FindNextVolumeW
FindVolumeClose
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetBinaryTypeW
GetCommModemStatus
GetCommState
GetCommandLineW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleProcessList
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentConsoleFontEx
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetHandleInformation
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetNamedPipeClientProcessId
GetNumberOfConsoleInputEvents
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessWorkingSetSize
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTapeParameters
GetTapePosition
GetTapeStatus
GetTempPathW
GetThreadContext
GetThreadId
GetThreadPriority
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GlobalAlloc
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
IdnToAscii
IdnToUnicode
InitializeCriticalSection
InitializeProcThreadAttributeList
IsBadStringPtrA
IsDebuggerPresent
IsProcessInJob
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
LocaleNameToLCID
MapViewOfFile
MapViewOfFileEx
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
PeekConsoleInputA
PeekConsoleInputW
PeekNamedPipe
PrepareTape
PurgeComm
QueryDosDeviceW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlRestoreContext
RtlUnwindEx
RtlVirtualUnwind
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
SetComputerNameExW
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleTextAttribute
SetConsoleTitleW
SetConsoleWindowInfo
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFilePointerEx
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessAffinityMask
SetProcessWorkingSetSize
SetStdHandle
SetSystemTime
SetTapeParameters
SetTapePosition
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetThreadStackGuarantee
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransmitCommChar
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitCommEvent
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WideCharToMultiByte
WriteConsoleInputA
WriteConsoleOutputW
WriteConsoleW
WriteFile
WriteProcessMemory
WriteTapemark

ntdll

NtAccessCheck
NtAdjustPrivilegesToken
NtAllocateLocallyUniqueId
NtCancelTimer
NtClose
NtCommitTransaction
NtCreateDirectoryObject
NtCreateEvent
NtCreateFile
NtCreateKey
NtCreateMutant
NtCreateNamedPipeFile
NtCreateSection
NtCreateSemaphore
NtCreateSymbolicLinkObject
NtCreateTimer
NtCreateToken
NtCreateTransaction
NtDuplicateToken
NtFlushBuffersFile
NtFsControlFile
NtLockFile
NtLockVirtualMemory
NtMapViewOfSection
NtOpenDirectoryObject
NtOpenEvent
NtOpenFile
NtOpenKey
NtOpenMutant
NtOpenProcessToken
NtOpenSection
NtOpenSemaphore
NtOpenSymbolicLinkObject
NtOpenThreadToken
NtPrivilegeCheck
NtQueryAttributesFile
NtQueryDirectoryFile
NtQueryDirectoryObject
NtQueryEaFile
NtQueryEvent
NtQueryInformationFile
NtQueryInformationProcess
NtQueryInformationThread
NtQueryInformationToken
NtQueryObject
NtQueryQuotaInformationFile
NtQuerySecurityObject
NtQuerySemaphore
NtQuerySymbolicLinkObject
NtQuerySystemInformation
NtQuerySystemTime
NtQueryTimer
NtQueryTimerResolution
NtQueryValueKey
NtQueryVirtualMemory
NtQueryVolumeInformationFile
NtReadFile
NtRollbackTransaction
NtSetEaFile
NtSetEvent
NtSetInformationFile
NtSetInformationThread
NtSetInformationToken
NtSetQuotaInformationFile
NtSetSecurityObject
NtSetTimer
NtSetValueKey
NtSetVolumeInformationFile
NtUnlockFile
NtUnlockVirtualMemory
NtUnmapViewOfSection
NtWriteFile
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlAddAccessAllowedAceEx
RtlAddAccessDeniedAceEx
RtlAllocateHeap
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCheckRegistryKey
RtlCompareUnicodeString
RtlConvertSidToUnicodeString
RtlCopySid
RtlCopyUnicodeString
RtlCreateAcl
RtlCreateQueryDebugBuffer
RtlCreateSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
RtlDestroyQueryDebugBuffer
RtlDowncaseUnicodeString
RtlEnterCriticalSection
RtlEqualPrefixSid
RtlEqualSid
RtlEqualUnicodeString
RtlFirstFreeAce
RtlFreeHeap
RtlFreeUnicodeString
RtlGetAce
RtlGetControlSecurityDescriptor
RtlGetCurrentTransaction
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetNtVersionNumbers
RtlGetOwnerSecurityDescriptor
RtlGetVersion
RtlIdentifierAuthoritySid
RtlInitAnsiString
RtlInitUnicodeString
RtlInitializeSid
RtlLeaveCriticalSection
RtlLengthSid
RtlNtStatusToDosError
RtlPrefixUnicodeString
RtlQueryProcessDebugInformation
RtlQueryRegistryValues
RtlSetControlSecurityDescriptor
RtlSetCurrentDirectory_U
RtlSetCurrentTransaction
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlUnicodeStringToAnsiString
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString

Exports

Exports

GetCommandLineA@0
GetCommandLineW@0
_Exit
__argc
__argv
__assert
__assert_func
__assertfail
__b64_ntop
__b64_pton
__bsd_qsort_r
__check_rhosts_file
__chk_fail
__ctype_ptr__
__cxa_atexit
__cxa_finalize
__cygwin_user_data
__dn_comp
__dn_expand
__dn_skipname
__eprintf
__errno
__fbufsize
__flbf
__fpclassifyd
__fpclassifyf
__fpending
__fpurge
__freadable
__freading
__fsetlocking
__fwritable
__fwriting
__getpagesize
__getreent
__gets_chk
__gnu_basename
__infinity
__isinfd
__isinff
__isnand
__isnanf
__locale_ctype_ptr
__locale_ctype_ptr_l
__locale_mb_cur_max
__main
__mb_cur_max
__memcpy_chk
__memmove_chk
__mempcpy
__mempcpy_chk
__memset_chk
__opendir_with_d_ino
__progname
__rcmd_errstr
__res_close
__res_init
__res_mkquery
__res_nclose
__res_ninit
__res_nmkquery
__res_nquery
__res_nquerydomain
__res_nsearch
__res_nsend
__res_query
__res_querydomain
__res_search
__res_send
__res_state
__sched_getaffinity_sys
__signbitd
__signbitf
__signgam
__snprintf_chk
__sprintf_chk
__srget
__srget_r
__stack_chk_fail
__stack_chk_fail_local
__stack_chk_guard
__stpcpy_chk
__stpncpy_chk
__strcat_chk
__strcpy_chk
__strncat_chk
__strncpy_chk
__swbuf
__swbuf_r
__vsnprintf_chk
__vsprintf_chk
__wrap__ZdaPv
__wrap__ZdaPvRKSt9nothrow_t
__wrap__ZdlPv
__wrap__ZdlPvRKSt9nothrow_t
__wrap__Znam
__wrap__ZnamRKSt9nothrow_t
__wrap__Znwm
__wrap__ZnwmRKSt9nothrow_t
__xdrrec_getrec
__xdrrec_setnonblock
__xpg_sigpause
__xpg_strerror_r
_alloca
_check_for_executable
_ctype_
_daylight
_dll_crt0
_exit
_fe_dfl_env
_fe_nomask_env
_feinitialise
_fscanf_r
_get_osfhandle
_impure_ptr
_longjmp
_pipe
_pthread_cleanup_pop
_pthread_cleanup_push
_setjmp
_setmode
_sys_errlist
_sys_nerr
_timezone
_tzname
a64l
abort
abs
accept
accept4
access
acl
acl_add_perm
acl_calc_mask
acl_check
acl_clear_perms
acl_cmp
acl_copy_entry
acl_copy_ext
acl_copy_int
acl_create_entry
acl_delete_def_file
acl_delete_entry
acl_delete_perm
acl_dup
acl_entries
acl_equiv_mode
acl_error
acl_extended_fd
acl_extended_file
acl_extended_file_nofollow
acl_free
acl_from_mode
acl_from_text
acl_get_entry
acl_get_fd
acl_get_file
acl_get_perm
acl_get_permset
acl_get_qualifier
acl_get_tag_type
acl_init
acl_set_fd
acl_set_file
acl_set_permset
acl_set_qualifier
acl_set_tag_type
acl_size
acl_to_any_text
acl_to_text
acl_valid
aclcheck
aclfrommode
aclfrompbits
aclfromtext
aclsort
acltomode
acltopbits
acltotext
acos
acosf
acosh
acoshf
acoshl
acosl
aio_cancel
aio_error
aio_fsync
aio_read
aio_return
aio_suspend
aio_write
alarm
aligned_alloc
alphasort
arc4random
arc4random_addrandom
arc4random_buf
arc4random_stir
arc4random_uniform
argz_add
argz_add_sep
argz_append
argz_count
argz_create
argz_create_sep
argz_delete
argz_extract
argz_insert
argz_next
argz_replace
argz_stringify
asctime
asctime_r
asin
asinf
asinh
asinhf
asinhl
asinl
asnprintf
asprintf
at_quick_exit
atan
atan2
atan2f
atan2l
atanf
atanh
atanhf
atanhl
atanl
atexit
atof
atoff
atoi
atol
atoll
basename
bcmp
bcopy
bind
bindresvport
bindresvport_sa
bsearch
btowc
bzero
cabs
cabsf
cabsl
cacos
cacosf
cacosh
cacoshf
cacoshl
cacosl
call_once
calloc
canonicalize_file_name
carg
cargf
cargl
casin
casinf
casinh
casinhf
casinhl
casinl
catan
catanf
catanh
catanhf
catanhl
catanl
catclose
catgets
catopen
cbrt
cbrtf
cbrtl
ccos
ccosf
ccosh
ccoshf
ccoshl
ccosl
ceil
ceilf
ceill
cexp
cexpf
cexpl
cfgetispeed
cfgetospeed
cfmakeraw
cfsetispeed
cfsetospeed
cfsetspeed
chdir
chmod
chown
chroot
cimag
cimagf
cimagl
cleanup_glue
clearenv
clearerr
clearerr_unlocked
clock
clock_getcpuclockid
clock_getres
clock_gettime
clock_nanosleep
clock_setres
clock_settime
clog
clog10
clog10f
clog10l
clogf
clogl
close
closedir
closelog
cnd_broadcast
cnd_destroy
cnd_init
cnd_signal
cnd_timedwait
cnd_wait
confstr
conj
conjf
conjl
connect
copysign
copysignf
copysignl
cos
cosf
cosh
coshf
coshl
cosl
cpow
cpowf
cpowl
cproj
cprojf
cprojl
creal
crealf
creall
creat
csin
csinf
csinh
csinhf
csinhl
csinl
csqrt
csqrtf
csqrtl
ctan
ctanf
ctanh
ctanhf
ctanhl
ctanl
ctermid
ctime
ctime_r
cuserid
cwait
cygwin_attach_handle_to_fd
cygwin_conv_path
cygwin_conv_path_list
cygwin_create_path
cygwin_internal
cygwin_logon_user
cygwin_posix_path_list_p
cygwin_set_impersonation_token
cygwin_split_path
cygwin_stackdump
cygwin_umount
cygwin_winpid_to_pid
daemon
dbm_clearerr
dbm_close
dbm_delete
dbm_dirfno
dbm_error
dbm_fetch
dbm_firstkey
dbm_nextkey
dbm_open
dbm_store
difftime
dirfd
dirname
div
dladdr
dlclose
dlerror
dlfork
dll_crt0__FP11per_process
dll_dllcrt0
dll_entry
dlopen
dlsym
dn_comp
dn_expand
dn_skipname
dprintf
drand48
drem
dremf
dreml
dup
dup2
dup3
duplocale
eaccess
ecvt
ecvtbuf
ecvtf
endgrent
endhostent
endmntent
endprotoent
endpwent
endservent
endusershell
endutent
endutxent
environ
envz_add
envz_entry
envz_get
envz_merge
envz_remove
envz_strip
erand48
erf
erfc
erfcf
erfcl
erff
erfl
err
error
error_at_line
error_message_count
error_one_per_line
error_print_progname
errx
euidaccess
execl
execle
execlp
execv
execve
execvp
execvpe
exit
exp
exp10
exp10f
exp10l
exp2
exp2f
exp2l
expf
expl
explicit_bzero
expm1
expm1f
expm1l
fabs
fabsf
fabsl
faccessat
facl
fchdir
fchmod
fchmodat
fchown
fchownat
fclose
fcloseall
fcntl
fcvt
fcvtbuf
fcvtf
fdatasync
fdim
fdimf
fdiml
fdopen

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/4
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 223KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/38
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cygheap
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Menu_v0.12b_AIO/msys-gcc_s-seh-1.dll
.dll windows:4 windows x64 arch:x64

a5a7f42ecaf368e7f571f0dbb489538c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

PDB Paths

Imports

msys-2.0

__cxa_atexit
_impure_ptr
abort
calloc
cygwin_internal
dll_dllcrt0
free
malloc
memcpy
memset
msys_detach_dll
posix_memalign
pthread_getspecific
pthread_key_create
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific
realloc

kernel32

GetModuleHandleA
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
VirtualProtect
VirtualQuery

Exports

Exports

_GCC_specific_handler
_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__absvdi2
__absvsi2
__absvti2
__addtf3
__addvdi3
__addvsi3
__addvti3
__ashlti3
__ashrti3
__bswapdi2
__bswapsi2
__clear_cache
__clrsbdi2
__clrsbti2
__clzdi2
__clzti2
__cmpti2
__ctzdi2
__ctzti2
__divdc3
__divmodti4
__divsc3
__divtc3
__divtf3
__divti3
__divxc3
__emutls_get_address
__emutls_register_common
__enable_execute_stack
__eqtf2
__extenddftf2
__extendsftf2
__extendxftf2
__ffsdi2
__ffsti2
__fixdfti
__fixsfti
__fixtfdi
__fixtfsi
__fixtfti
__fixunsdfdi
__fixunsdfti
__fixunssfdi
__fixunssfti
__fixunstfdi
__fixunstfsi
__fixunstfti
__fixunsxfdi
__fixunsxfti
__fixxfti
__floatditf
__floatsitf
__floattidf
__floattisf
__floattitf
__floattixf
__floatunditf
__floatunsitf
__floatuntidf
__floatuntisf
__floatuntitf
__floatuntixf
__gcc_personality_seh0
__getf2
__gttf2
__letf2
__lshrti3
__lttf2
__modti3
__muldc3
__mulsc3
__multc3
__multf3
__multi3
__mulvdi3
__mulvsi3
__mulvti3
__mulxc3
__negtf2
__negti2
__negvdi2
__negvsi2
__negvti2
__netf2
__paritydi2
__parityti2
__popcountdi2
__popcountti2
__powidf2
__powisf2
__powitf2
__powixf2
__subtf3
__subvdi3
__subvsi3
__subvti3
__trunctfdf2
__trunctfsf2
__trunctfxf2
__ucmpti2
__udivmodti4
__udivti3
__umodti3
__unordtf2

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 496B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

version

winmm

comctl32

mpr

wininet

psapi

iphlpapi

userenv

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 568KB - Virtual size: 567KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 277KB - Virtual size: 277KB

.reloc Size: 28KB - Virtual size: 28KB

e4abcf668a38ab5928b8dd4e843ca002

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 245KB - Virtual size: 245KB

.data Size: 1024B - Virtual size: 604B

.rdata Size: 75KB - Virtual size: 75KB

/4 Size: 43KB - Virtual size: 42KB

.bss Size: - Virtual size: 13KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

/14 Size: 1KB - Virtual size: 1KB

/29 Size: 458KB - Virtual size: 457KB

/41 Size: 19KB - Virtual size: 19KB

/55 Size: 24KB - Virtual size: 24KB

/67 Size: 3KB - Virtual size: 3KB

/78 Size: 32KB - Virtual size: 31KB

/89 Size: 1KB - Virtual size: 1KB

c4600459f46c6d12e6d271248e6197a5

Headers

File Characteristics

PDB Paths

Imports

kernel32

ntdll

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

/4 Size: 14KB - Virtual size: 14KB

.data Size: 274KB - Virtual size: 273KB

.rdata Size: 384KB - Virtual size: 383KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 68KB - Virtual size: 67KB

.xdata Size: 81KB - Virtual size: 81KB

.bss Size: - Virtual size: 223KB

.edata Size: 35KB - Virtual size: 35KB

.reloc Size: 22KB - Virtual size: 21KB

/19 Size: 49KB - Virtual size: 48KB

.text
Size: 568KB - Virtual size: 567KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 277KB - Virtual size: 277KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 245KB - Virtual size: 245KB

.data
Size: 1024B - Virtual size: 604B

.rdata
Size: 75KB - Virtual size: 75KB

/4
Size: 43KB - Virtual size: 42KB

.bss
Size: - Virtual size: 13KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

/14
Size: 1KB - Virtual size: 1KB

/29
Size: 458KB - Virtual size: 457KB

/41
Size: 19KB - Virtual size: 19KB

/55
Size: 24KB - Virtual size: 24KB

/67
Size: 3KB - Virtual size: 3KB

/78
Size: 32KB - Virtual size: 31KB

/89
Size: 1KB - Virtual size: 1KB

.text
Size: 1.9MB - Virtual size: 1.9MB

/4
Size: 14KB - Virtual size: 14KB

.data
Size: 274KB - Virtual size: 273KB

.rdata
Size: 384KB - Virtual size: 383KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 68KB - Virtual size: 67KB

.xdata
Size: 81KB - Virtual size: 81KB

.bss
Size: - Virtual size: 223KB

.edata
Size: 35KB - Virtual size: 35KB

.reloc
Size: 22KB - Virtual size: 21KB

/19
Size: 49KB - Virtual size: 48KB

.idata
Size: 14KB - Virtual size: 14KB

/38
Size: 512B - Virtual size: 20B

.rsrc
Size: 1KB - Virtual size: 1KB

.cygheap
Size: - Virtual size: 3.1MB

.text
Size: 53KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 6KB - Virtual size: 5KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 496B

.edata
Size: 3KB - Virtual size: 2KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B