f3e191bd3f1bc7291d1d56687bb8bffa03970ca3a16d42b7d30a7884477684a9

Sharing

Copy URL

Twitter E-mail

General

Target

f3e191bd3f1bc7291d1d56687bb8bffa03970ca3a16d42b7d30a7884477684a9
Size

4.5MB
MD5

32ca37f79f961c7e1bb73107c38f5d57
SHA1

70f51ae3004e8e24689b742e6bbe24f6fd381724
SHA256

f3e191bd3f1bc7291d1d56687bb8bffa03970ca3a16d42b7d30a7884477684a9
SHA512

5872e2a4a818f9e40e7fce72b34392b31f5487dd2179de5f306615a6541f8631bc0578bb6a7b8b2434a56f5d56f4833e4a1a6b545a1f564fd3e2750aa30487dd
SSDEEP

49152:rZ0pad/+8Mv6ozxvviYfI5NtMbdNyc9glh9dhGA4inxGWGa57n0IuV/nSblgYNXh:r6Ze1pvY64Gt2sEE5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3e191bd3f1bc7291d1d56687bb8bffa03970ca3a16d42b7d30a7884477684a9

Files

f3e191bd3f1bc7291d1d56687bb8bffa03970ca3a16d42b7d30a7884477684a9
.exe windows:10 windows x64 arch:x64

e5ee0f98f6e5b7709e392e01293e9349

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vmcompute.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__wcsdup
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtof
_o__wtoi64
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_free
memmove
_o_isalpha
_o_isdigit
_o_ispunct
_o_iswalpha
_o_iswspace
_o_iswxdigit
_o_malloc
_o_rand_s
_o_realloc
_o_setlocale
_o_sqrt
_o_terminate
_o_toupper
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstoll
_o_wcstoul
_o_wcstoull
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__malloc_base
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__calloc_base
_o__callnewh
_o__aligned_malloc
_o__aligned_free
strchr
wcschr
__AdjustPointer
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__isctype
_o__invalid_parameter_noinfo_noreturn
_o__free_base
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o___p___wargv
_o___p___argc
_o__get_initial_wide_environment
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__RTDynamicCast
_local_unwind
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
__isascii
wcsncmp
memset
wcsnlen

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
DuplicateTokenEx
InitializeSid
GetSidLengthRequired
GetSidSubAuthority
InitializeAcl
InitializeSecurityDescriptor
CreateRestrictedToken
ImpersonateLoggedOnUser
RevertToSelf
GetSecurityDescriptorControl
CopySid
SetSecurityDescriptorDacl
GetTokenInformation
AllocateLocallyUniqueId
MakeAbsoluteSD
GetLengthSid
SetSecurityDescriptorOwner
ImpersonateSelf
CheckTokenMembership
AccessCheck
GetAce
CreatePrivateObjectSecurityWithMultipleInheritance
IsValidSid
SetPrivateObjectSecurityEx
AddAccessAllowedAce
GetSecurityDescriptorDacl
CreateWellKnownSid
DuplicateToken
MakeSelfRelativeSD
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
FreeSid

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FindResourceExW
LoadLibraryExW
LoadStringW
LockResource
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
LoadResource
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeCriticalSectionEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
TryAcquireSRWLockExclusive
ResetEvent
CreateSemaphoreExW
InitializeSRWLock
ReleaseSRWLockShared
CreateEventExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
WakeConditionVariable
WakeByAddressSingle
InitializeConditionVariable
WakeByAddressAll
SleepConditionVariableCS
SleepConditionVariableSRW
WaitOnAddress
InitOnceComplete
WakeAllConditionVariable
InitOnceExecuteOnce

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapSize
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetProcessId
CreateProcessAsUserW
TerminateProcess
GetCurrentProcess
SetThreadToken
CreateThread
ResumeThread
GetCurrentProcessId
GetCurrentThread
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
OpenThreadToken
UpdateProcThreadAttribute
OpenProcessToken
InitializeProcThreadAttributeList
TlsFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-service-management-l1-1-0

CreateServiceW
DeleteService
CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
RtlCaptureStackBackTrace

ntdll

NtQueryInformationJobObject
NtDelayExecution
RtlInitUnicodeString
RtlImpersonateSelf
NtAdjustPrivilegesToken
NtOpenJobObject
NtSystemDebugControl
NtCreateEvent
NtCreateNamedPipeFile
NtOpenFile
RtlConvertDeviceFamilyInfoToString
RtlQueryRegistryValuesEx
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
NtOpenSymbolicLinkObject
NtSetInformationJobObject
NtQuerySymbolicLinkObject
RtlUpcaseUnicodeChar
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtSetInformationThread
RtlUTF8ToUnicodeN
TpStartAsyncIoOperation
TpCancelAsyncIoOperation
NtOpenThreadToken
NtCreateJobObject
NtSetInformationSymbolicLink
NtTerminateJobObject
NtCreateSymbolicLinkObject
NtMakeTemporaryObject
NtQueryObject
NtQueryInformationProcess
NtMakePermanentObject
NtCreateDirectoryObject
NtFsControlFile
NtCreateFile
NtOpenPartition
NtCreatePartition
NtManagePartition
RtlCompareMemory
RtlReleasePrivilege
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlAcquirePrivilege
NtDeviceIoControlFile
RtlNtStatusToDosError
NtQueryVolumeInformationFile
RtlInitializeBitMapEx
RtlNumberOfSetBitsEx
NtQuerySystemInformationEx
RtlAllocateHeap
NtClose
RtlFreeHeap
NtQuerySystemInformation
NtWaitForSingleObject
RtlDosPathNameToNtPathName_U
NtResetEvent
LdrGetProcedureAddress
LdrGetDllHandle
RtlCreateUserThread
NtSetEvent
RtlUnicodeToUTF8N
TpWaitForIoCompletion
TpAllocIoCompletion
NtOpenProcess
TpReleaseIoCompletion
NtQueryInformationFile

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoInitializeSecurity
CoDisableCallCancellation
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoRevertToSelf
CoDisconnectObject
CoUninitialize
CoEnableCallCancellation
CoTaskMemFree
CoTaskMemAlloc
CoCancelCall

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventWrite
EventActivityIdControl
EventUnregister
EventEnabled
EventWriteEx
EventRegister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteTreeW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegGetValueW
RegSetValueExW
RegCloseKey

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
CreateThreadpoolIo
CloseThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
CloseThreadpool
CallbackMayRunLong
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolIoCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerShareW
PathIsUNCServerW
PathIsRelativeW
PathSkipRootW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformationEx
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64
GetWindowsDirectoryW
GetSystemInfo
GetSystemDirectoryW

rpcrt4

UuidFromStringW
RpcServerUnregisterIf
UuidCreate
UuidCompare
NdrClientCall3
NdrServerCallAll
RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingVectorFree
RpcServerUseProtseqW
NdrServerCall2
RpcServerRegisterIf3
RpcRevertToSelfEx
RpcEpUnregister
RpcImpersonateClient2
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
RpcBindingFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead

vmsif

VmsIfPortSetSecurityInfo
VmsIfPortCreate
VmsIfPortDelete
VmsIfDriverOpen
VmsIfDriverClose
VmsIfSwitchEnumerate
VmsIfMemFree

netsetupapi

NetSetupGetObjectProperties
NetSetupFreeObjectProperties
NetSetupFreeObjects
NetSetupInitialize
NetSetupClose
NetSetupGetObjects

combase

ord139
ord168

hvsocket

GetHvSocketLocalAddress
GetHvSocketParentAddress

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
GetSystemFirmwareTable

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

FindVolumeClose
FindFirstVolumeW
SetFileAttributesW
FindNextVolumeW
GetFileType
GetVolumePathNameW
GetFinalPathNameByHandleW
SetFileTime
QueryDosDeviceW
RemoveDirectoryW
FlushFileBuffers
LockFileEx
SetFilePointerEx
UnlockFileEx
SetEndOfFile
WriteFile
GetFileSizeEx
GetFileTime
ReadFile
SetFileInformationByHandle
CompareFileTime
GetDiskFreeSpaceW
GetFileAttributesW
CreateDirectoryW
DeleteFileW
CreateFileW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-path-l1-1-0

PathCchCombineEx
PathCchAddBackslash
PathCchSkipRoot
PathAllocCombine

bcrypt

BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash

iphlpapi

GetJobCompartmentId
SetJobCompartmentId

api-ms-win-devices-config-l1-1-1

CM_Open_DevNode_Key
CM_Unregister_Notification
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_MapCrToWin32Err
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Register_Notification
CM_Get_Device_ID_List_SizeW

xmllite

CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlReader

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW

mpr

WNetGetResourceInformationW

api-ms-win-core-job-l2-1-0

QueryInformationJobObject
CreateJobObjectW
SetInformationJobObject

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
CopyFile2

api-ms-win-core-debug-minidump-l1-1-0

MiniDumpWriteDump

api-ms-win-core-file-l1-2-0

CreateFile2
GetTempPathW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
CompareStringOrdinal
WideCharToMultiByte
GetStringTypeW

oleaut32

VariantCopy
SafeArrayCreateVectorEx
SysAllocStringLen
SafeArrayCreateVector
SafeArrayPutElement
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayCopy
SysAllocStringByteLen
SafeArrayUnaccessData
VariantInit
SysStringByteLen
VariantClear
SysAllocString
SysFreeString
SafeArrayAccessData

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-eventing-tdh-l1-1-0

TdhGetManifestEventInformation

api-ms-win-core-sysinfo-l1-2-1

DnsHostnameToComputerNameExW

cfgmgr32

CM_Enumerate_Classes

api-ms-win-security-lsapolicy-l1-1-0

LsaAddAccountRights
LsaOpenPolicy
LsaClose

api-ms-win-security-lsalookup-l2-1-1

LsaManageSidNameMapping

userenv

DeleteAppContainerProfile

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-core-kernel32-legacy-l1-1-1

GetNumaAvailableMemoryNodeEx
GetNumaProcessorNodeEx

api-ms-win-core-systemtopology-l1-1-1

GetNumaProximityNodeEx

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage

fltlib

FilterConnectCommunicationPort
FilterSendMessage

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
SetFileCompletionNotificationModes

api-ms-win-core-perfcounters-l1-1-0

PerfCreateInstance
PerfSetULongCounterValue
PerfDeleteInstance
PerfSetCounterSetInfo
PerfStartProvider
PerfSetULongLongCounterValue
PerfStopProvider

ws2_32

WSASend
shutdown
listen
WSASocketW
closesocket
WSAIoctl
WSAStartup
WSARecv
htons
WSAGetLastError
bind
WSACleanup
inet_pton
setsockopt

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

api-ms-win-core-io-l1-1-1

GetOverlappedResultEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

profapi

ord101
ord106
ord105
ord102

api-ms-win-security-logon-l1-1-1

LogonUserW

api-ms-win-core-console-l1-2-1

ResizePseudoConsole
ClosePseudoConsole

api-ms-win-core-console-internal-l1-1-0

CreatePseudoConsoleAsUser

sspicli

LogonUserExExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateHiveEx
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORFlushHive
ORGetKeySecurity
ORGetValue
ORGetVirtualFlags
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORQueryInfoKeyEx
ORQueryInfoKeyValueEx
ORRenameKey
ORSaveHive
ORSaveHiveEx
ORSaveHiveToHandle
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 130B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 844KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 604KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5ee0f98f6e5b7709e392e01293e9349

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

ntdll

api-ms-win-core-com-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-handle-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

rpcrt4

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

vmsif

netsetupapi

combase

hvsocket

api-ms-win-crt-locale-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-path-l1-1-0

bcrypt

iphlpapi

api-ms-win-devices-config-l1-1-1

xmllite

api-ms-win-core-processenvironment-l1-1-0

mpr

api-ms-win-core-job-l2-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-debug-minidump-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-string-l1-1-0

oleaut32

api-ms-win-security-systemfunctions-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-eventing-tdh-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

cfgmgr32

api-ms-win-security-lsapolicy-l1-1-0

api-ms-win-security-lsalookup-l2-1-1

userenv

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-systemtopology-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

.text
Size: 2.8MB - Virtual size: 2.8MB

PAGE
Size: 12KB - Virtual size: 9KB

PAGECMRC
Size: 4KB - Virtual size: 130B

.rdata
Size: 844KB - Virtual size: 842KB

.data
Size: 128KB - Virtual size: 175KB

.pdata
Size: 124KB - Virtual size: 123KB

.didat
Size: 4KB - Virtual size: 600B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 604KB - Virtual size: 608KB