r1[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

r1.zip
Size

64.9MB
MD5

27a3d5cae2e8bd83328fc915c4b1b55c
SHA1

c75f646a74bec684b3c65d532b63f73342e7ab7e
SHA256

19ffc101f7c4457a5adb66b38ce5823d52f596b323578de48d3585b1b57d24c6
SHA512

50605b254e737c36d2334133ccca232fdc2b5659454d5bebf13209424481e3526eeeb1b1589f9fbe27f6ca908d7a9a39a599076a2d23d9de6484c7ea02dd7d0a
SSDEEP

1572864:UVpRCJnhhUa+zzhNQmqQwF+HwARUKMtwLksVSJF1de:LJhSFzf2YUj3e

Score

3^/10

Malware Config

Signatures

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack001/000643ece079f96ed416c42e9dec2e3a647599f99950c60349c52e36cb724e88
unpack001/0e413fa9690c02a45dc95f1ea020874ed2745670117fed803aea439be9b8683c
unpack001/123830f5adc2114333a361b752e02a6ae770080082ba2b79c984aaf2debf810f
unpack001/189bf8b11dee99ed7e1e469dc473e6a36cc501c81db6093fdae6c031c37139e3
unpack001/30781e91d68861344f162ee5566cedc2c3c10246b4ec0c14b8f23cffe8bc9c0c
unpack001/4312b77e6031b30312b6c5c30180fca1895d4c065914103fa2e4ca9e8da9a0ce
unpack001/55a2613b9117beb668b5eda94de72151952cc566a09c80460e6169cfe1e7edce
unpack001/57e17d171cef6609925870e83612ab3f4cb883b2bac745d2a500d5e839fada0b
unpack001/604b676155ad58fa6826907866dfba9510268d91c3cbfa0df8706492c47c0f8c
unpack001/617783538bdab4bd7c8fbacae9e8749b50cd02e596dc328612ea1d600c11dc1f
unpack001/729187837b6282872fd853df135ab03458edda808d089983498f29a635b978ea
unpack001/747238b5bd007fbf264cbd66b42a3fa3d6c54ccb6a1d0ce2c79715650a55d097
unpack001/7ec0dcfd6246ae153473783715a6fcdc5d5b76379404002057ad04b8746c7aa1
unpack001/8468f46bfbde3077ec27b4d06b0b5617a8dec77c7537ca26f5b248d5def7dad1
unpack001/8e6dae5587d0150e1fa568f6ff42d2f6790750c017c08f86cff2c14b18de7422
unpack001/9966ddcefba77b1337606836fd7507a61fc0f6488163d75c6c426d9c488139d8
unpack001/b7dd4fa2a0deaf6b70cea7aaf1292a2e835aef45edb5a190cc515d98cf60a8d9
unpack001/dd86e508d33a5b71e82ab1b41a8dd7c49009ac65ba2191c467d7c58267e8ead9
unpack001/e500bee084b2757ef23283d465255eeb1eed61d9ed67171a24f814de66cf3b71
unpack001/ff54e8ca62b5d37f515d9883b629f0761bba9e583cfd91abda232bc4e5b5cd50

Files

r1.zip
.zip

Password: infected
000643ece079f96ed416c42e9dec2e3a647599f99950c60349c52e36cb724e88
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 574KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0e413fa9690c02a45dc95f1ea020874ed2745670117fed803aea439be9b8683c
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 356KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
123830f5adc2114333a361b752e02a6ae770080082ba2b79c984aaf2debf810f
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 823KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
189bf8b11dee99ed7e1e469dc473e6a36cc501c81db6093fdae6c031c37139e3
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 275KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
30781e91d68861344f162ee5566cedc2c3c10246b4ec0c14b8f23cffe8bc9c0c
.exe windows:6 windows x86 arch:x86

b173fd164ea5d936a10964262116e359

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
WaitForSingleObject
GetModuleHandleA
FreeConsole
CreateThread
GetProcAddress
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4312b77e6031b30312b6c5c30180fca1895d4c065914103fa2e4ca9e8da9a0ce
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
55a2613b9117beb668b5eda94de72151952cc566a09c80460e6169cfe1e7edce
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 481KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
57e17d171cef6609925870e83612ab3f4cb883b2bac745d2a500d5e839fada0b
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 885KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
604b676155ad58fa6826907866dfba9510268d91c3cbfa0df8706492c47c0f8c
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 888KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
617783538bdab4bd7c8fbacae9e8749b50cd02e596dc328612ea1d600c11dc1f
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 481KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
729187837b6282872fd853df135ab03458edda808d089983498f29a635b978ea
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 481KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
747238b5bd007fbf264cbd66b42a3fa3d6c54ccb6a1d0ce2c79715650a55d097
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7ec0dcfd6246ae153473783715a6fcdc5d5b76379404002057ad04b8746c7aa1
.exe windows:6 windows x86 arch:x86

8227b22f62327fabe0f061931b660b88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcA

advapi32

CryptReleaseContext

shell32

ExtractIconExA

kernel32

CreateFileW
GetCurrentThreadId
HeapSize
GetProcessHeap
VirtualAlloc
WaitForSingleObject
GetModuleHandleA
FreeConsole
CreateThread
GetProcAddress
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
WideCharToMultiByte
Sleep
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
WriteConsoleW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetStdHandle
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8468f46bfbde3077ec27b4d06b0b5617a8dec77c7537ca26f5b248d5def7dad1
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8e6dae5587d0150e1fa568f6ff42d2f6790750c017c08f86cff2c14b18de7422
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9966ddcefba77b1337606836fd7507a61fc0f6488163d75c6c426d9c488139d8
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b7dd4fa2a0deaf6b70cea7aaf1292a2e835aef45edb5a190cc515d98cf60a8d9
.exe windows:6 windows x86 arch:x86

19233e39149f52fdb71945647d5026f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetUpdateRgn

kernel32

FreeLibrary
CreateFileW
WaitForSingleObject
CloseHandle
FreeConsole
CreateThread
VirtualProtectEx
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapSize
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteConsoleW
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 1024B - Virtual size: 969B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dd86e508d33a5b71e82ab1b41a8dd7c49009ac65ba2191c467d7c58267e8ead9
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51.0MB - Virtual size: 51.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e500bee084b2757ef23283d465255eeb1eed61d9ed67171a24f814de66cf3b71
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ff54e8ca62b5d37f515d9883b629f0761bba9e583cfd91abda232bc4e5b5cd50
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 273KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 574KB - Virtual size: 576KB

.reloc Size: 2KB - Virtual size: 2KB

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 356KB - Virtual size: 360KB

.reloc Size: 2KB - Virtual size: 2KB

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 823KB - Virtual size: 824KB

.reloc Size: 2KB - Virtual size: 2KB

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 574KB - Virtual size: 576KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 356KB - Virtual size: 360KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 823KB - Virtual size: 824KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 275KB - Virtual size: 276KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 114KB - Virtual size: 118KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 356KB - Virtual size: 356KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 481KB - Virtual size: 484KB

.reloc
Size: 2KB - Virtual size: 2KB