SublimeHQ-Keygen_and_Patch-DrMARIO[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SublimeHQ-Keygen_and_Patch-DrMARIO.exe
Size

607KB
MD5

40d0fc46410624598e57533437d9ed84
SHA1

ec9ebfdf2f7eade872d7a9c69b8f68b8f0136f73
SHA256

5df37390b2f01738da7c0424ae4e12b45ffa38ed493cc0c505025da73113c27c
SHA512

d187960ca6eaf8818626958a7d2250a985aaf79d97dfeb1ffefcce26342709c811b282216bf4270218a7744e021f5665046478fb6ac362ef45598bceeed309db
SSDEEP

12288:oHadxsZ4uQp1vdDcK0gdPWk5lBnhsKjTS1fzjKpoLanoHDJOf:sad6ZpolvNl5lBnhbjTkOnoHDJ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
SublimeHQ-Keygen_and_Patch-DrMARIO.exe
unpack001/$TEMP/BASSMOD.dll
unpack001/$TEMP/SublimeHQ-Keygen_and_Patch-DrMARIO.exe
unpack001/$TEMP/libgcc_s_dw2-1.dll
unpack001/$TEMP/libtomcrypt.dll
unpack001/$TEMP/libtommath.dll
unpack001/$TEMP/libwinpthread-1.dll

Files

SublimeHQ-Keygen_and_Patch-DrMARIO.exe
.exe windows:4 windows x86 arch:x86

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/BASSMOD.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASSMOD_ErrorGetCode
BASSMOD_Free
BASSMOD_GetCPU
BASSMOD_GetDeviceDescription
BASSMOD_GetVersion
BASSMOD_GetVolume
BASSMOD_Init
BASSMOD_MusicDecode
BASSMOD_MusicFree
BASSMOD_MusicGetLength
BASSMOD_MusicGetName
BASSMOD_MusicGetPosition
BASSMOD_MusicGetVolume
BASSMOD_MusicIsActive
BASSMOD_MusicLoad
BASSMOD_MusicPause
BASSMOD_MusicPlay
BASSMOD_MusicPlayEx
BASSMOD_MusicRemoveSync
BASSMOD_MusicSetAmplify
BASSMOD_MusicSetPanSep
BASSMOD_MusicSetPosition
BASSMOD_MusicSetPositionScaler
BASSMOD_MusicSetSync
BASSMOD_MusicSetVolume
BASSMOD_MusicStop
BASSMOD_SetVolume

Sections

Size: 31KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/SublimeHQ-Keygen_and_Patch-DrMARIO.exe
.exe windows:4 windows x86 arch:x86

73e2dd744394f2fd6bd38d6d12028b88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

bassmod

BASSMOD_GetVersion
BASSMOD_Init
BASSMOD_Free
BASSMOD_MusicLoad
BASSMOD_MusicGetLength
BASSMOD_MusicPlay
BASSMOD_MusicPause

gdi32

CreateFontA

kernel32

DeleteCriticalSection
EnterCriticalSection
FindResourceA
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MultiByteToWideChar
SetUnhandledExceptionFilter
SizeofResource
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__getmainargs
__initenv
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_initterm
_iob
_ismbblead
_onexit
abort
atoi
calloc
exit
fclose
fopen
fprintf
fputc
fread
free
fseek
ftell
fwrite
localeconv
malloc
memcmp
memcpy
memset
rand
rename
setlocale
signal
srand
strchr
strcmp
strcpy
strerror
strlen
strncmp
time
vfprintf
wcslen

libwinpthread-1

pthread_exit

shell32

DragAcceptFiles
DragFinish
DragQueryFileA

libtomcrypt

find_hash
hash_memory
ltc_mp
ltm_desc
register_all_ciphers
register_all_hashes
register_all_prngs
register_hash
rsa_free
rsa_import
rsa_sign_hash_ex
sha1_desc

user32

DialogBoxParamA
EndDialog
EnumChildWindows
GetDlgItem
GetDlgItemTextA
LoadCursorA
LoadIconA
MessageBoxA
MessageBoxIndirectA
PostMessageA
SendMessageA
SetCursor
SetDlgItemTextA
SetWindowTextA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/libgcc_s_dw2-1.dll
.dll windows:4 windows x86 arch:x86

a2ca8e0bb1cf1bb62c4524a7631dab4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcpy
memmove
memset
realloc
strlen
strncmp
vfprintf

libwinpthread-1

pthread_getspecific
pthread_key_create
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

Exports

Exports

_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_Find_FDE
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__absvdi2
__absvsi2
__addtf3
__addvdi3
__addvsi3
__ashldi3
__ashrdi3
__bswapdi2
__bswapsi2
__clear_cache
__clrsbdi2
__clrsbsi2
__clzdi2
__clzsi2
__cmpdi2
__ctzdi2
__ctzsi2
__deregister_frame
__deregister_frame_info
__deregister_frame_info_bases
__divdc3
__divdi3
__divmodbitint4
__divmoddi4
__divsc3
__divtc3
__divtf3
__divxc3
__emutls_get_address
__emutls_register_common
__enable_execute_stack
__eqtf2
__extenddftf2
__extendsfdf2
__extendsftf2
__extendxftf2
__ffsdi2
__ffssi2
__fixdfbitint
__fixdfdi
__fixsfbitint
__fixsfdi
__fixtfdi
__fixtfsi
__fixunsdfdi
__fixunsdfsi
__fixunssfdi
__fixunssfsi
__fixunstfdi
__fixunstfsi
__fixunsxfdi
__fixunsxfsi
__fixxfdi
__floatbitintdf
__floatbitintsf
__floatdidf
__floatdisf
__floatditf
__floatdixf
__floatsitf
__floatundidf
__floatundisf
__floatunditf
__floatundixf
__floatunsitf
__gcc_personality_v0
__getf2
__gttf2
__hardcfr_check
__letf2
__lshrdi3
__lttf2
__moddi3
__mulbitint3
__muldc3
__muldi3
__mulsc3
__multc3
__multf3
__mulvdi3
__mulvsi3
__mulxc3
__negdi2
__negtf2
__negvdi2
__negvsi2
__netf2
__paritydi2
__paritysi2
__popcountdi2
__popcountsi2
__powidf2
__powisf2
__powitf2
__powixf2
__register_frame
__register_frame_info
__register_frame_info_bases
__register_frame_info_table
__register_frame_info_table_bases
__register_frame_table
__strub_enter
__strub_leave
__strub_update
__subtf3
__subvdi3
__subvsi3
__truncdfsf2
__trunctfdf2
__trunctfsf2
__trunctfxf2
__ucmpdi2
__udivdi3
__udivmoddi4
__umoddi3
__unordtf2

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 228B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/libtomcrypt.dll
.dll windows:4 windows x86 arch:x86

5a68e3f7726953d984d19bb045bcd134

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libtommath

mp_2expt
mp_add
mp_add_d
mp_addmod
mp_clear
mp_cmp
mp_cmp_d
mp_cnt_lsb
mp_copy
mp_count_bits
mp_div
mp_div_2
mp_exptmod
mp_gcd
mp_get_int
mp_init
mp_invmod
mp_lcm
mp_mod_d
mp_montgomery_calc_normalization
mp_montgomery_reduce
mp_montgomery_setup
mp_mul
mp_mul_d
mp_mulmod
mp_neg
mp_prime_is_prime
mp_rand
mp_read_radix
mp_read_unsigned_bin
mp_set_int
mp_sqr
mp_sqrmod
mp_sub
mp_sub_d
mp_submod
mp_to_unsigned_bin
mp_toradix
mp_unsigned_bin_size

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_unlock
abort
atoi
calloc
clock
fclose
fopen
fputc
fread
free
fwrite
localeconv
malloc
memcmp
memcpy
memmove
memset
qsort
realloc
setlocale
strchr
strcmp
strerror
strlen
strncmp
vfprintf
wcslen

Exports

Exports

adler32_finish
adler32_init
adler32_test
adler32_update
aes_desc
aes_enc_desc
anubis_desc
anubis_done
anubis_ecb_decrypt
anubis_ecb_encrypt
anubis_keysize
anubis_setup
anubis_test
base64_decode
base64_encode
base64_strict_decode
base64url_decode
base64url_encode
base64url_strict_decode
base64url_strict_encode
blake2b_160_desc
blake2b_160_init
blake2b_160_test
blake2b_256_desc
blake2b_256_init
blake2b_256_test
blake2b_384_desc
blake2b_384_init
blake2b_384_test
blake2b_512_desc
blake2b_512_init
blake2b_512_test
blake2b_done
blake2b_init
blake2b_process
blake2bmac_done
blake2bmac_file
blake2bmac_init
blake2bmac_memory
blake2bmac_memory_multi
blake2bmac_process
blake2bmac_test
blake2s_128_desc
blake2s_128_init
blake2s_128_test
blake2s_160_desc
blake2s_160_init
blake2s_160_test
blake2s_224_desc
blake2s_224_init
blake2s_224_test
blake2s_256_desc
blake2s_256_init
blake2s_256_test
blake2s_done
blake2s_init
blake2s_process
blake2smac_done
blake2smac_file
blake2smac_init
blake2smac_memory
blake2smac_memory_multi
blake2smac_process
blake2smac_test
blowfish_desc
blowfish_done
blowfish_ecb_decrypt
blowfish_ecb_encrypt
blowfish_keysize
blowfish_setup
blowfish_test
burn_stack
camellia_desc
camellia_done
camellia_ecb_decrypt
camellia_ecb_encrypt
camellia_keysize
camellia_setup
camellia_test
cast5_desc
cast5_done
cast5_ecb_decrypt
cast5_ecb_encrypt
cast5_keysize
cast5_setup
cast5_test
cbc_decrypt
cbc_done
cbc_encrypt
cbc_getiv
cbc_setiv
cbc_start
ccm_add_aad
ccm_add_nonce
ccm_done
ccm_init
ccm_memory
ccm_process
ccm_reset
ccm_test
cfb_decrypt
cfb_done
cfb_encrypt
cfb_getiv
cfb_setiv
cfb_start
chacha20_prng_add_entropy
chacha20_prng_desc
chacha20_prng_done
chacha20_prng_export
chacha20_prng_import
chacha20_prng_read
chacha20_prng_ready
chacha20_prng_start
chacha20_prng_test
chacha20poly1305_add_aad
chacha20poly1305_decrypt
chacha20poly1305_done
chacha20poly1305_encrypt
chacha20poly1305_init
chacha20poly1305_memory
chacha20poly1305_setiv
chacha20poly1305_setiv_rfc7905
chacha20poly1305_test
chacha_crypt
chacha_done
chacha_ivctr32
chacha_ivctr64
chacha_keystream
chacha_setup
chacha_test
chc_desc
chc_done
chc_init
chc_process
chc_register
chc_test
cipher_descriptor
cipher_is_valid
compare_testvector
crc32_finish
crc32_init
crc32_test
crc32_update
crypt_argchk
crypt_build_settings
crypt_fsa
crypt_get_constant
crypt_get_size
crypt_list_all_constants
crypt_list_all_sizes
ctr_decrypt
ctr_done
ctr_encrypt
ctr_getiv
ctr_setiv
ctr_start
ctr_test
der_decode_bit_string
der_decode_boolean
der_decode_choice
der_decode_generalizedtime
der_decode_ia5_string
der_decode_integer
der_decode_object_identifier
der_decode_octet_string
der_decode_printable_string
der_decode_raw_bit_string
der_decode_sequence_ex
der_decode_sequence_flexi
der_decode_sequence_multi
der_decode_short_integer
der_decode_subject_public_key_info
der_decode_teletex_string
der_decode_utctime
der_decode_utf8_string
der_encode_bit_string
der_encode_boolean
der_encode_generalizedtime
der_encode_ia5_string
der_encode_integer
der_encode_object_identifier
der_encode_octet_string
der_encode_printable_string
der_encode_raw_bit_string
der_encode_sequence_ex
der_encode_sequence_multi
der_encode_set
der_encode_setof
der_encode_short_integer
der_encode_subject_public_key_info
der_encode_utctime
der_encode_utf8_string
der_ia5_char_encode
der_ia5_value_decode
der_length_bit_string
der_length_boolean
der_length_generalizedtime
der_length_ia5_string
der_length_integer
der_length_object_identifier
der_length_octet_string
der_length_printable_string
der_length_sequence
der_length_sequence_ex
der_length_short_integer
der_length_teletex_string
der_length_utctime
der_length_utf8_string
der_object_identifier_bits
der_printable_char_encode
der_printable_value_decode
der_sequence_free
der_sequence_shrink
der_teletex_char_encode
der_teletex_value_decode
der_utf8_charsize
der_utf8_valid_char
des3_desc
des3_done
des3_ecb_decrypt
des3_ecb_encrypt
des3_keysize
des3_setup
des3_test
des_desc
des_done
des_ecb_decrypt
des_ecb_encrypt
des_keysize
des_setup
des_test
dh_check_pubkey
dh_export
dh_export_key
dh_free
dh_generate_key
dh_get_groupsize
dh_import
dh_set_key
dh_set_pg
dh_set_pg_dhparam
dh_set_pg_groupsize
dh_shared_secret
dsa_decrypt_key
dsa_encrypt_key
dsa_export
dsa_free
dsa_generate_key
dsa_generate_pqg
dsa_import
dsa_int_validate_pqg
dsa_int_validate_primes
dsa_int_validate_xy
dsa_make_key
dsa_set_key
dsa_set_pqg
dsa_set_pqg_dsaparam
dsa_shared_secret
dsa_sign_hash
dsa_sign_hash_raw
dsa_verify_hash
dsa_verify_hash_raw
dsa_verify_key
eax_addheader
eax_decrypt
eax_decrypt_verify_memory
eax_done
eax_encrypt
eax_encrypt_authenticate_memory
eax_init
eax_test
ecb_decrypt
ecb_done
ecb_encrypt
ecb_start
ecc_ansi_x963_export
ecc_ansi_x963_import
ecc_ansi_x963_import_ex
ecc_decrypt_key
ecc_encrypt_key
ecc_export
ecc_free
ecc_get_size
ecc_import
ecc_import_ex
ecc_make_key
ecc_make_key_ex
ecc_shared_secret
ecc_sign_hash
ecc_sign_hash_rfc7518
ecc_sizes
ecc_test
ecc_verify_hash
ecc_verify_hash_rfc7518
error_to_string
f8_decrypt
f8_done
f8_encrypt
f8_getiv
f8_setiv
f8_start
f8_test_mode
f9_done
f9_file
f9_init
f9_memory
f9_memory_multi
f9_process
f9_test
find_cipher
find_cipher_any
find_cipher_id
find_hash
find_hash_any
find_hash_id
find_hash_oid
find_prng
fortuna_add_entropy
fortuna_desc
fortuna_done
fortuna_export
fortuna_import
fortuna_read
fortuna_ready
fortuna_start
fortuna_test
gcm_add_aad
gcm_add_iv
gcm_done
gcm_gf_mult
gcm_init
gcm_memory
gcm_mult_h
gcm_process
gcm_reset
gcm_shift_table
gcm_test
hash_descriptor
hash_file
hash_filehandle
hash_is_valid
hash_memory
hash_memory_multi
hkdf
hkdf_expand
hkdf_extract
hkdf_test
hmac_done
hmac_file
hmac_init
hmac_memory
hmac_memory_multi
hmac_process
hmac_test
init_LTM
kasumi_desc
kasumi_done
kasumi_ecb_decrypt
kasumi_ecb_encrypt
kasumi_keysize
kasumi_setup
kasumi_test
khazad_desc
khazad_done
khazad_ecb_decrypt
khazad_ecb_encrypt
khazad_keysize
khazad_setup
khazad_test
kseed_desc
kseed_done
kseed_ecb_decrypt
kseed_ecb_encrypt
kseed_keysize
kseed_setup
kseed_test
lrw_decrypt
lrw_done
lrw_encrypt
lrw_getiv
lrw_process
lrw_setiv
lrw_start
lrw_test
ltc_cleanup_multi
ltc_deinit_multi
ltc_dh_sets
ltc_ecc_del_point
ltc_ecc_is_valid_idx
ltc_ecc_map
ltc_ecc_mul2add
ltc_ecc_mulmod
ltc_ecc_new_point
ltc_ecc_projective_add_point
ltc_ecc_projective_dbl_point
ltc_ecc_sets
ltc_init_multi
ltc_mp
ltm_desc
md2_desc
md2_done
md2_init
md2_process
md2_test
md4_desc
md4_done
md4_init
md4_process
md4_test
md5_desc
md5_done
md5_init
md5_process
md5_test
mem_neq
multi2_desc
multi2_done
multi2_ecb_decrypt
multi2_ecb_encrypt
multi2_keysize
multi2_setup
multi2_test
noekeon_desc
noekeon_done
noekeon_ecb_decrypt
noekeon_ecb_encrypt
noekeon_keysize
noekeon_setup
noekeon_test
ocb3_add_aad
ocb3_decrypt
ocb3_decrypt_last
ocb3_decrypt_verify_memory
ocb3_done
ocb3_encrypt
ocb3_encrypt_authenticate_memory
ocb3_encrypt_last
ocb3_init
ocb3_int_ntz
ocb3_int_xor_blocks
ocb3_test
ocb_decrypt
ocb_decrypt_verify_memory
ocb_done_decrypt
ocb_done_encrypt
ocb_encrypt
ocb_encrypt_authenticate_memory
ocb_init
ocb_ntz
ocb_shift_xor
ocb_test
ofb_decrypt
ofb_done
ofb_encrypt
ofb_getiv
ofb_setiv
ofb_start
omac_done
omac_file
omac_init
omac_memory
omac_memory_multi
omac_process
omac_test
pelican_done
pelican_init
pelican_memory
pelican_process
pelican_test
pk_get_oid
pkcs_1_i2osp
pkcs_1_mgf1
pkcs_1_oaep_decode
pkcs_1_oaep_encode
pkcs_1_os2ip
pkcs_1_pss_decode
pkcs_1_pss_encode
pkcs_1_v1_5_decode
pkcs_1_v1_5_encode
pkcs_5_alg1
pkcs_5_alg1_openssl
pkcs_5_alg2
pkcs_5_test
pmac_done
pmac_file
pmac_init
pmac_memory
pmac_memory_multi
pmac_ntz
pmac_process
pmac_shift_xor
pmac_test
poly1305_done
poly1305_file
poly1305_init
poly1305_memory
poly1305_memory_multi
poly1305_process
poly1305_test

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/libtommath.dll
.dll windows:4 windows x86 arch:x86

966f3a636ca56496603d86799d741c54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
fgetc
free
fwrite
malloc
memcpy
memset
realloc
strlen
strncmp
vfprintf

Exports

Exports

KARATSUBA_MUL_CUTOFF
KARATSUBA_SQR_CUTOFF
TOOM_MUL_CUTOFF
TOOM_SQR_CUTOFF
fast_mp_invmod
fast_mp_montgomery_reduce
fast_s_mp_mul_digs
fast_s_mp_mul_high_digs
fast_s_mp_sqr
ltm_prime_tab
mp_2expt
mp_abs
mp_add
mp_add_d
mp_addmod
mp_and
mp_balance_mul
mp_clamp
mp_clear
mp_clear_multi
mp_cmp
mp_cmp_d
mp_cmp_mag
mp_cnt_lsb
mp_complement
mp_copy
mp_count_bits
mp_decr
mp_div
mp_div_2
mp_div_2d
mp_div_3
mp_div_d
mp_dr_is_modulus
mp_dr_reduce
mp_dr_setup
mp_error_to_string
mp_exch
mp_export
mp_expt_d
mp_expt_d_ex
mp_expt_n
mp_expt_u32
mp_exptmod
mp_exptmod_fast
mp_exteuclid
mp_fread
mp_from_sbin
mp_from_ubin
mp_fwrite
mp_gcd
mp_get_bit
mp_get_double
mp_get_i32
mp_get_i64
mp_get_int
mp_get_l
mp_get_ll
mp_get_long
mp_get_long_long
mp_get_mag_u32
mp_get_mag_u64
mp_get_mag_ul
mp_get_mag_ull
mp_grow
mp_import
mp_incr
mp_init
mp_init_copy
mp_init_i32
mp_init_i64
mp_init_l
mp_init_ll
mp_init_multi
mp_init_set
mp_init_set_int
mp_init_size
mp_init_u32
mp_init_u64
mp_init_ul
mp_init_ull
mp_invmod
mp_invmod_slow
mp_is_square
mp_iseven
mp_isodd
mp_jacobi
mp_karatsuba_mul
mp_karatsuba_sqr
mp_kronecker
mp_lcm
mp_log_n
mp_log_u32
mp_lshd
mp_mod
mp_mod_2d
mp_mod_d
mp_montgomery_calc_normalization
mp_montgomery_reduce
mp_montgomery_setup
mp_mul
mp_mul_2
mp_mul_2d
mp_mul_d
mp_mulmod
mp_n_root
mp_n_root_ex
mp_neg
mp_or
mp_pack
mp_pack_count
mp_prime_fermat
mp_prime_frobenius_underwood
mp_prime_is_divisible
mp_prime_is_prime
mp_prime_miller_rabin
mp_prime_next_prime
mp_prime_rabin_miller_trials
mp_prime_rand
mp_prime_random_ex
mp_prime_strong_lucas_selfridge
mp_radix_size
mp_rand
mp_rand_digit
mp_rand_source
mp_read_radix
mp_read_signed_bin
mp_read_unsigned_bin
mp_reduce
mp_reduce_2k
mp_reduce_2k_l
mp_reduce_2k_setup
mp_reduce_2k_setup_l
mp_reduce_is_2k
mp_reduce_is_2k_l
mp_reduce_setup
mp_root_n
mp_root_u32
mp_rshd
mp_s_rmap
mp_s_rmap_reverse
mp_s_rmap_reverse_sz
mp_sbin_size
mp_set
mp_set_double
mp_set_i32
mp_set_i64
mp_set_int
mp_set_l
mp_set_ll
mp_set_long
mp_set_long_long
mp_set_u32
mp_set_u64
mp_set_ul
mp_set_ull
mp_shrink
mp_signed_bin_size
mp_signed_rsh
mp_sqr
mp_sqrmod
mp_sqrt
mp_sqrtmod_prime
mp_sub
mp_sub_d
mp_submod
mp_tc_and
mp_tc_div_2d
mp_tc_or
mp_tc_xor
mp_to_radix
mp_to_sbin
mp_to_signed_bin
mp_to_signed_bin_n
mp_to_ubin
mp_to_unsigned_bin
mp_to_unsigned_bin_n
mp_toom_mul
mp_toom_sqr
mp_toradix
mp_toradix_n
mp_ubin_size
mp_unpack
mp_unsigned_bin_size
mp_xor
mp_zero
s_mp_add
s_mp_balance_mul
s_mp_div_3
s_mp_exptmod
s_mp_exptmod_fast
s_mp_get_bit
s_mp_invmod_fast
s_mp_invmod_slow
s_mp_karatsuba_mul
s_mp_karatsuba_sqr
s_mp_log
s_mp_log_2expt
s_mp_log_d
s_mp_montgomery_reduce_fast
s_mp_mul_digs
s_mp_mul_digs_fast
s_mp_mul_high_digs
s_mp_mul_high_digs_fast
s_mp_prime_is_divisible
s_mp_prime_random_ex
s_mp_prime_tab
s_mp_rand_jenkins
s_mp_rand_jenkins_init
s_mp_rand_platform
s_mp_rand_source
s_mp_reverse
s_mp_sqr
s_mp_sqr_fast
s_mp_sub
s_mp_toom_mul
s_mp_toom_sqr

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 196B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/libwinpthread-1.dll
.dll windows:4 windows x86 arch:x86

9c91098ab4a2cfa622505772f314a714

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
InitializeCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_iob
_lock
_setjmp3
_strdup
_unlock
_vsnprintf
_write
abort
calloc
exit
fprintf
free
fwrite
longjmp
malloc
memmove
memset
printf
realloc
strlen
strncmp
vfprintf

Exports

Exports

__pth_gpointer_locked
__pthread_clock_nanosleep
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
clock_getres
clock_gettime
clock_nanosleep
clock_settime
nanosleep
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstack
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstack
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper@4
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getname_np
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 18KB - Virtual size: 18KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 31KB - Virtual size: 68KB

Size: 2KB - Virtual size: 1KB

73e2dd744394f2fd6bd38d6d12028b88

Headers

DLL Characteristics

File Characteristics

Imports

bassmod

gdi32

kernel32

msvcrt

libwinpthread-1

shell32

libtomcrypt

user32

comdlg32

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 6KB - Virtual size: 5KB

.eh_fram Size: 7KB - Virtual size: 7KB

.bss Size: - Virtual size: 7KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 193KB - Virtual size: 193KB

.reloc Size: 2KB - Virtual size: 1KB

a2ca8e0bb1cf1bb62c4524a7631dab4c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

libwinpthread-1

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.data Size: 512B - Virtual size: 40B

.rdata Size: 10KB - Virtual size: 10KB

/4 Size: 17KB - Virtual size: 16KB

.bss Size: - Virtual size: 228B

.edata Size: 3KB - Virtual size: 3KB

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 3KB - Virtual size: 3KB

5a68e3f7726953d984d19bb045bcd134

Headers

DLL Characteristics

File Characteristics

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 6KB - Virtual size: 5KB

.eh_fram
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 7KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 193KB - Virtual size: 193KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 164KB - Virtual size: 163KB

.data
Size: 512B - Virtual size: 40B

.rdata
Size: 10KB - Virtual size: 10KB

/4
Size: 17KB - Virtual size: 16KB

.bss
Size: - Virtual size: 228B

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 421KB - Virtual size: 420KB

.data
Size: 3KB - Virtual size: 3KB

.rdata
Size: 285KB - Virtual size: 284KB

.eh_fram
Size: 58KB - Virtual size: 57KB

.bss
Size: - Virtual size: 10KB

.edata
Size: 18KB - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 55KB - Virtual size: 55KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 10KB - Virtual size: 9KB

.eh_fram
Size: 16KB - Virtual size: 16KB

.bss
Size: - Virtual size: 196B

.edata
Size: 5KB - Virtual size: 5KB

.idata
Size: 1024B - Virtual size: 984B

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 744B

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 3KB - Virtual size: 2KB

/4
Size: 13KB - Virtual size: 13KB

.bss
Size: - Virtual size: 224B

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB