RemoteNaturalLanguage[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

RemoteNaturalLanguage.dll
Size

729KB
MD5

af3f5ee938656d2f92b2ca512dcb034b
SHA1

276668cff206d68ebb6ea576b57706d0765bf338
SHA256

4045d31cefb63eefec71db5c7f0182e28f3130d5b30d36b5f6d8bff364cae674
SHA512

ab304dedeabea68236d8b06f02d5907ed6ddb5d40b460d21e21d997629206eb43d9b644d2ba080968cc25ab72be9f89f8d29a045d62e2d1fdeb6d830498cb8de
SSDEEP

12288:5SoV73etIF7DuuWOt7VJ2y7X+xcb4kzA2qceQQpXY27aoBD9L128/4WITyTO2KGy:4ox3dRB5t7v2yymVXeP1YkaotG8/4PTF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RemoteNaturalLanguage.dll

Files

RemoteNaturalLanguage.dll
.dll windows:10 windows x86 arch:x86

1e2b0f9945bc0d4be11fe132378426d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

RemoteNaturalLanguage.pdb

Imports

msvcp110_win

?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QBE?AVlocale@2@XZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Getcat@?$codecvt@GDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?unshift@?$codecvt@GDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@GDH@std@@QBEHAAHPBG1AAPBGPAD3AAPAD@Z
?in@?$codecvt@GDH@std@@QBEHAAHPBD1AAPBDPAG3AAPAG@Z
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??0id@locale@std@@QAE@I@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Xbad_alloc@std@@YAXXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xbad_function_call@std@@YAXXZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??0_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?_BADOFF@std@@3_JB
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?_Add_vtordisp2@?$basic_ios@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UAEXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAE_J_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

msvcrt

realloc
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
_i64tow_s
iswspace
iswdigit
_wtoi
swscanf_s
_wtoi64
_wtof
_wmkdir
_get_errno
_wstat
_snwprintf_s
time
_isnan
_finite
sprintf_s
iswalpha
towlower
_ui64tow_s
_vsnprintf
?terminate@@YAXXZ
memmove_s
_ultow_s
wcstol
_errno
_vsnwprintf_l
wcsncmp
swprintf_s
_free_locale
_create_locale
??8type_info@@QBEHABV0@@Z
_wpgmptr
_wcsicmp
_wcsnicmp
mbstowcs
?name@type_info@@QBEPBDXZ
clock
strnlen
??_V@YAXPAX@Z
memcpy
memcmp
_ftol2_sse
_ftol2
_except_handler4_common
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnprintf_s
memcpy_s
malloc
free
_vsnwprintf
_purecall
??3@YAXPAX@Z
memmove
_wtol
_ftime64_s
_mkgmtime64
_difftime64
modf
fgetc
fputc
ungetc
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fwrite
fclose
fgetwc
fputwc
ungetwc
_CIpow
_CxxThrowException
memset

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-2-0

ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSection
SetEvent
CreateEventExW
ResetEvent
CreateMutexW
AcquireSRWLockExclusive
EnterCriticalSection
InitOnceExecuteOnce
Sleep
ReleaseMutex
CreateMutexExW
CreateSemaphoreExW
InitOnceComplete
InitOnceBeginInitialize
OpenSemaphoreW
CreateEventW
WaitForSingleObject
InitializeSRWLock
ReleaseSemaphore
WaitForSingleObjectEx

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
RoGetMatchingRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate
GetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsCreateString
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventWrite
EventUnregister
EventRegister

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
TlsGetValue
TlsFree
CreateThread
OpenProcessToken
GetCurrentProcessId
OpenProcess
TlsSetValue
GetCurrentProcess
TlsAlloc
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
FreeLibraryAndExitThread
LoadLibraryExW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetTickCount64
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCloseKey

api-ms-win-core-com-l1-1-1

CoGetApartmentType
CoTaskMemRealloc
CoCreateGuid
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoMarshalInterface
CreateStreamOnHGlobal
RoGetAgileReference
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoReleaseMarshalData
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-shlwapi-obsolete-l1-2-0

StrChrW

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadRef
SHSetThreadRef
SHGetThreadRef

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
SetThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-security-base-l1-2-0

GetTokenInformation

ntdll

RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlConvertDeviceFamilyInfoToString

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l1-2-1

GetFileInformationByHandle
WriteFile
FileTimeToLocalFileTime
LockFileEx
ReadFile
CreateFileW
UnlockFileEx
SetFilePointer
SetEndOfFile

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-obsolete-l1-3-0

GetSystemDefaultUILanguage

winhttp

WinHttpTimeToSystemTime
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpCrackUrl
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketClose
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpCloseHandle

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

api-ms-win-rtcore-ntuser-window-l1-1-0

PeekMessageW
DispatchMessageW
PostThreadMessageW
TranslateMessage

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

?GetClientID@Halsey@@YG?AVswstring@1@XZ
?IsErrorThatResetsConnection@Halsey@@YG_NJ@Z
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
_CreateRemoteNaturalLanguageInterpreter@16
_GetExistingRemoteNaturalLanguageInterpreter@4
_InBandMetricsCuCookieReceived@0
_InBandMetricsMicrophoneStart@0
_InBandMetricsMicrophoneStop@0
_InBandMetricsOnSnRLoadCompleted@0
_InBandMetricsOnSnRLoadStarted@0
_InBandMetricsSRResponseCode@4
_NotifyCuOfFailure@4

Sections

.text
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e2b0f9945bc0d4be11fe132378426d3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp110_win

msvcrt

api-ms-win-core-heap-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-security-base-l1-2-0

ntdll

api-ms-win-core-url-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-obsolete-l1-3-0

winhttp

rpcrt4

oleaut32

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-rtcore-ntuser-synch-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 648KB - Virtual size: 648KB

.data Size: 19KB - Virtual size: 26KB

.idata Size: 17KB - Virtual size: 17KB

.didat Size: 512B - Virtual size: 8B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 648KB - Virtual size: 648KB

.data
Size: 19KB - Virtual size: 26KB

.idata
Size: 17KB - Virtual size: 17KB

.didat
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 40KB