fa11c7ec5d56dd190040e3d8daaa75104900d9ed740f5464867361a4416aae67

Sharing

Copy URL Twitter E-mail

General

Target

fa11c7ec5d56dd190040e3d8daaa75104900d9ed740f5464867361a4416aae67
Size

743KB
MD5

c6476468bc74b97d015fcf60ae1b17be
SHA1

658c54a9b16882b6f1e3b8301ce8912c29ed46d7
SHA256

fa11c7ec5d56dd190040e3d8daaa75104900d9ed740f5464867361a4416aae67
SHA512

248f7a4a3e83a70d73193c2f066f983beaa6fb9bd0dfa688507fa3eb9c6fd8b9c8ae97d61a928fb146530b31c425b6f03b2884d00139cb71271d845915f6f970
SSDEEP

12288:GNt7zgomBvcKvRnmZbCU5W2xfT77mgrUap9L:wtiJCW6T77mgDpd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa11c7ec5d56dd190040e3d8daaa75104900d9ed740f5464867361a4416aae67

Files

fa11c7ec5d56dd190040e3d8daaa75104900d9ed740f5464867361a4416aae67
.exe windows:5 windows x86 arch:x86

edba8c2b87ee64207a8008a343668e26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\buildbot\build1\kugou\build\Release\Win32\KGService.pdb

Imports

kernel32

LoadLibraryExW
WritePrivateProfileStringW
GetPrivateProfileIntW
ExitProcess
FreeLibrary
MoveFileW
GetFileSize
GetProcAddress
MultiByteToWideChar
SetFileAttributesW
GetFileAttributesW
CreateFileW
WriteFile
CreateDirectoryW
Sleep
GetACP
GetSystemDirectoryW
WaitForSingleObject
ReadFile
CreateProcessW
CreatePipe
SetHandleInformation
GetTickCount
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCurrentProcessId
GetLogicalDriveStringsW
GetExitCodeProcess
SetUnhandledExceptionFilter
DeleteFileW
GetCurrentThread
GetCurrentThreadId
SetErrorMode
FlushViewOfFile
GetNamedPipeInfo
CancelIo
CreateNamedPipeW
ConnectNamedPipe
DuplicateHandle
GetModuleFileNameW
GetWindowsDirectoryW
GetVersionExW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
ReleaseMutex
CreateMutexW
TerminateProcess
lstrlenA
GetProcessAffinityMask
DeviceIoControl
SetProcessAffinityMask
GetCurrentProcess
SetLastError
LocalFree
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
MapViewOfFile
CreateFileMappingW
CloseHandle
GetDriveTypeW

ws2_32

inet_addr
ntohl
inet_ntoa

infra

?IntToString16@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?DeleteFileW@base@@YA_NABVFilePath@1@_N@Z
?HasSwitch@CommandLine@base@@QBE_NQBD@Z
?ForCurrentProcess@CommandLine@base@@SAPAV12@XZ
??0ScopedProfile@tracked_objects@@QAE@ABVLocation@1@W4Mode@01@@Z
?Serialize@JSONFileValueSerializer@@UAE_NABVValue@base@@@Z
??1JSONFileValueSerializer@@UAE@XZ
??0JSONFileValueSerializer@@QAE@ABVFilePath@base@@@Z
??1ScopedProfile@tracked_objects@@QAE@XZ
??0LogMessage@logging@@QAE@PBDH0@Z
?RunUntilIdle@MessageLoop@base@@QAEXXZ
?StartWithOptions@Thread@base@@QAE_NABUOptions@12@@Z
?end@ListValue@base@@QAE?AV?$_Vector_iterator@V?$_Vector_val@U?$_Simple_types@PAVValue@base@@@std@@@std@@@std@@XZ
?begin@ListValue@base@@QAE?AV?$_Vector_iterator@V?$_Vector_val@U?$_Simple_types@PAVValue@base@@@std@@@std@@@std@@XZ
?BelongsToCurrentThread@SingleThreadTaskRunner@base@@QBE_NXZ
?QuitWhenIdle@MessageLoop@base@@QAEXXZ
??0Options@Thread@base@@QAE@XZ
??1Options@Thread@base@@QAE@XZ
?GetFileInfo@base@@YA_NABVFilePath@1@PAUInfo@File@1@@Z
??0FilePath@base@@QAE@V?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@1@@Z
?Run@MessageLoop@base@@QAEXXZ
?Init@CommandLine@base@@SA_NHPBQBD@Z
??0LoggingSettings@logging@@QAE@XZ
?BaseInitLoggingImpl_built_with_NDEBUG@logging@@YA_NABULoggingSettings@1@@Z
??0FilePath@base@@QAE@XZ
??4FilePath@base@@QAEAAV01@ABV01@@Z
?DirName@FilePath@base@@QBE?AV12@XZ
?DirectoryExists@base@@YA_NABVFilePath@1@@Z
??0Info@File@base@@QAE@XZ
?Equals@DictionaryValue@base@@UBE_NPBVValue@2@@Z
??1MessageLoopForUI@base@@UAE@XZ
??1Info@File@base@@QAE@XZ
?Init@Thread@base@@MAEXXZ
?CleanUp@Thread@base@@MAEXXZ
?Run@Thread@base@@MAEXPAVMessageLoop@2@@Z
?ThreadMain@Thread@base@@EAEXXZ
??0RegKey@win@base@@QAE@PAUHKEY__@@PB_WK@Z
??0RegKey@win@base@@QAE@PAUHKEY__@@@Z
??1RegKey@win@base@@QAE@XZ
??0MessageLoopForUI@base@@QAE@XZ
?Create@RegKey@win@base@@QAEJPAUHKEY__@@PB_WK@Z
?OpenKey@RegKey@win@base@@QAEJPB_WK@Z
?Take@RegKey@win@base@@QAEPAUHKEY__@@XZ
?ReadValue@RegKey@win@base@@QBEJPB_WPAXPAK2@Z
?WriteValue@RegKey@win@base@@QAEJPB_WPBXKK@Z
?UTF8ToWide@base@@YA_NPBDIPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?current@MessageLoop@base@@SAPAV12@XZ
?SetString@DictionaryValue@base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?Remove@DictionaryValue@base@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV?$scoped_ptr@VValue@base@@U?$default_delete@VValue@base@@@std@@@@@Z
?RemoveWithoutPathExpansion@DictionaryValue@base@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV?$scoped_ptr@VValue@base@@U?$default_delete@VValue@base@@@std@@@@@Z
?RemovePath@DictionaryValue@base@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV?$scoped_ptr@VValue@base@@U?$default_delete@VValue@base@@@std@@@@@Z
?Swap@DictionaryValue@base@@UAEXPAV12@@Z
?Now@TimeTicks@base@@SA?AV12@XZ
?PostDelayedTask@MessageLoop@base@@QAEXABVLocation@tracked_objects@@ABV?$Callback@$$A6AXXZ@2@VTimeDelta@2@@Z
?GetSize@ListValue@base@@QBEIXZ
?StringToInt@base@@YA_NABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAH@Z
?SysUTF8ToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?Get@ListValue@base@@QAE_NIPAPAVValue@2@@Z
?GetString@DictionaryValue@base@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?GetString@DictionaryValue@base@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV34@@Z
?GetList@DictionaryValue@base@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAPAVListValue@2@@Z
?MD5Sum@base@@YAXPBXIPAUMD5Digest@1@@Z
?SetInteger@DictionaryValue@base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?SysWideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?WideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?StringPrintf@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ
?Base64Decode@base@@YA_NABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ToTimeT@Time@base@@QBE_JXZ
?Int64ToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?IntToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?StringPrintf@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WZZ
?Read@JSONReader@base@@SA?AV?$scoped_ptr@VValue@base@@U?$default_delete@VValue@base@@@std@@@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?Base64Encode@base@@YAXABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?RandInt@base@@YAHHH@Z
?UintToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?Write@JSONWriter@base@@SA_NABVValue@2@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0WaitableEvent@base@@QAE@_N0@Z
??1WaitableEvent@base@@QAE@XZ
?Signal@WaitableEvent@base@@QAEXXZ
?Wait@WaitableEvent@base@@QAEXXZ
??0DictionaryValue@base@@QAE@XZ
??1DictionaryValue@base@@UAE@XZ
?SetString@DictionaryValue@base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?GetInteger@DictionaryValue@base@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAH@Z
?ToDoubleT@Time@base@@QBENXZ
?MD5String@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
??1FilePath@base@@QAE@XZ
?Append@FilePath@base@@QBE?AV12@V?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@Z
?PostTask@MessageLoop@base@@QAEXABVLocation@tracked_objects@@ABV?$Callback@$$A6AXXZ@2@@Z
?is_null@CallbackBase@internal@base@@QBE_NXZ
??0CallbackBase@internal@base@@QAE@ABV012@@Z
?FromSeconds@TimeDelta@base@@SA?AV12@_J@Z
??0Timer@base@@QAE@_N0@Z
??1Timer@base@@UAE@XZ
?IsRunning@Timer@base@@UBE_NXZ
?GetCurrentDelay@Timer@base@@UBE?AVTimeDelta@2@XZ
?SetTaskRunner@Timer@base@@UAEXV?$scoped_refptr@VSequencedTaskRunner@base@@@@@Z
?Start@Timer@base@@UAEXABVLocation@tracked_objects@@VTimeDelta@2@ABV?$Callback@$$A6AXXZ@2@@Z
?Stop@Timer@base@@UAEXXZ
?Reset@Timer@base@@UAEXXZ
?PostTask@TaskRunner@base@@QAE_NABVLocation@tracked_objects@@ABV?$Callback@$$A6AXXZ@2@@Z
?FromMilliseconds@TimeDelta@base@@SA?AV12@_J@Z
?IsSet@CancellationFlag@base@@QBE_NXZ
??4CallbackBase@internal@base@@QAEAAV012@ABV012@@Z
?LocalExplode@Time@base@@QBEXPAUExploded@12@@Z
??0Lock@base@@QAE@XZ
??1Lock@base@@QAE@XZ
?task_runner@Thread@base@@QBE?AV?$scoped_refptr@VSingleThreadTaskRunner@base@@@@XZ
?Release@?$RefCountedThreadSafe@VTaskRunner@base@@UTaskRunnerTraits@2@@base@@QBEXXZ
??0LogMessage@logging@@QAE@PBDHH@Z
?Acquire@Lock@base@@QAEXXZ
?Release@Lock@base@@QAEXXZ
?MD5DigestToBase16@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUMD5Digest@1@@Z
?TimedWait@WaitableEvent@base@@QAE_NABVTimeDelta@2@@Z
?IsRunning@Thread@base@@QBE_NXZ
?Stop@Thread@base@@QAEXXZ
?Start@Thread@base@@QAE_NXZ
??1Thread@base@@UAE@XZ
??0Thread@base@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FromTimeT@Time@base@@SA?AV12@_J@Z
?SysMultiByteToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@I@Z
?SetBoolean@DictionaryValue@base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
??0JSONStringValueSerializer@@QAE@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1JSONStringValueSerializer@@UAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PB_W@Z
?GetAsBoolean@Value@base@@UBE_NPA_N@Z
?GetAsInteger@Value@base@@UBE_NPAH@Z
?GetAsDouble@Value@base@@UBE_NPAN@Z
?GetAsString@Value@base@@UBE_NPAPBVStringValue@2@@Z
?GetAsString@Value@base@@UBE_NPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetAsString@Value@base@@UBE_NPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetAsBinary@Value@base@@UBE_NPAPBVBinaryValue@2@@Z
?GetAsList@Value@base@@UBE_NPAPBVListValue@2@@Z
?GetAsList@Value@base@@UAE_NPAPAVListValue@2@@Z
?GetAsDictionary@Value@base@@UBE_NPAPBVDictionaryValue@2@@Z
?DeepCopy@DictionaryValue@base@@UBEPAV12@XZ
?Now@Time@base@@SA?AV12@XZ
?InMilliseconds@TimeDelta@base@@QBE_JXZ
??1CallbackBase@internal@base@@IAE@XZ
?GetAsDictionary@Value@base@@UAE_NPAPAVDictionaryValue@2@@Z
??0ListValue@base@@QAE@XZ
??1ListValue@base@@UAE@XZ
?Remove@ListValue@base@@UAE_NIPAV?$scoped_ptr@VValue@base@@U?$default_delete@VValue@base@@@std@@@@@Z
?Append@ListValue@base@@QAEXPAVValue@2@@Z
?Swap@ListValue@base@@UAEXPAV12@@Z
?GetAsList@ListValue@base@@UBE_NPAPBV12@@Z
?GetAsList@ListValue@base@@UAE_NPAPAV12@@Z
?DeepCopy@ListValue@base@@UBEPAV12@XZ
?Equals@ListValue@base@@UBE_NPBVValue@2@@Z
??1Parsed@url@@QAE@XZ
??0Parsed@url@@QAE@XZ
?ReplaceComponents@GURL@@QBE?AV1@ABV?$Replacements@D@url@@@Z
?spec@GURL@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1GURL@@QAE@XZ
??0GURL@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?query@GURL@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?StringToInt64@base@@YA_NABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PA_J@Z
?SysWideToMultiByte@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@I@Z
DES_ncbc_encrypt
RSA_size
DES_set_key
d2i_RSA_PUBKEY
RSA_free
RSA_encrypt
DES_set_odd_parity
?UTF8ToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?CloseHandle@HandleTraits@win@base@@SA_NPAX@Z
?StopTracking@VerifierTraits@win@base@@SAXPAXPBX11@Z
?StartTracking@VerifierTraits@win@base@@SAXPAXPBX11@Z
?ReadValue@RegKey@win@base@@QBEJPB_WPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?ReadValueDW@RegKey@win@base@@QBEJPB_WPAK@Z
?Open@RegKey@win@base@@QAEJPAUHKEY__@@PB_WK@Z
??0RegKey@win@base@@QAE@XZ
?HexStringToInt@base@@YA_NABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAH@Z
?TrimString@base@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAV23@@Z
?EncodeURIComponent@url@@YAXPBDHPAV?$CanonOutputT@D@1@@Z
??_7?$CanonOutputT@D@url@@6B@
?HexStringToBytes@base@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV?$vector@EV?$allocator@E@std@@@3@@Z
?UninitializeInfra@infra@@YAXXZ
?InitializeInfra@infra@@YAXXZ
?AddRef@?$RefCountedThreadSafe@VTaskRunner@base@@UTaskRunnerTraits@2@@base@@QBEXXZ
??0FilePath@base@@QAE@ABV01@@Z
?empty@FilePath@base@@QBE_NXZ
?ReferencesParent@FilePath@base@@QBE_NXZ
?MakeAbsoluteFilePath@base@@YA?AVFilePath@1@ABV21@@Z
?PathExists@base@@YA_NABVFilePath@1@@Z
?GetCurrentDirectoryW@base@@YA_NPAVFilePath@1@@Z
??0LockImpl@internal@base@@QAE@XZ
?Lock@LockImpl@internal@base@@QAEXXZ
?Unlock@LockImpl@internal@base@@QAEXXZ
??1LockImpl@internal@base@@QAE@XZ
?YieldCurrentThread@PlatformThread@base@@SAXXZ
?GetTempDir@base@@YA_NPAVFilePath@1@@Z
?GetHomeDir@base@@YA?AVFilePath@1@XZ
?Create@Environment@base@@SAPAV12@XZ
?AppendASCII@FilePath@base@@QBE?AV12@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?GetInstance@OSInfo@win@base@@SAPAV123@XZ
?GetVersion@win@base@@YA?AW4Version@12@XZ
?LoadNativeLibrary@base@@YAPAUHINSTANCE__@@ABVFilePath@1@PAUNativeLibraryLoadError@1@@Z
??0ScopedNativeLibrary@base@@QAE@PAUHINSTANCE__@@@Z
??1ScopedNativeLibrary@base@@QAE@XZ
?GetFunctionPointer@ScopedNativeLibrary@base@@QBEPAXPBD@Z
?ShouldCreateLogMessage@logging@@YA_NH@Z
?GetLastSystemErrorCode@logging@@YAKXZ
??0Win32ErrorLogMessage@logging@@QAE@PBDHHK@Z
??1Win32ErrorLogMessage@logging@@QAE@XZ
?Release@RefCountedThreadSafeBase@subtle@base@@IBE_NXZ
??0PickleIterator@base@@QAE@ABVPickle@1@@Z
?ReadInt@PickleIterator@base@@QAE_NPAH@Z
?WriteInt@Pickle@base@@QAE_NH@Z
?WriteUInt32@Pickle@base@@QAE_NI@Z
?CurrentId@PlatformThread@base@@SAKXZ
??1WeakReference@internal@base@@QAE@XZ
?is_valid@WeakReference@internal@base@@QBE_NXZ
??0WeakReferenceOwner@internal@base@@QAE@XZ
??1WeakReferenceOwner@internal@base@@QAE@XZ
?GetRef@WeakReferenceOwner@internal@base@@QBE?AVWeakReference@23@XZ
??1WeakPtrBase@internal@base@@QAE@XZ
??0WeakPtrBase@internal@base@@IAE@ABVWeakReference@12@@Z
??0WeakPtrBase@internal@base@@QAE@ABV012@@Z
?current@MessageLoopForIO@base@@SAPAV12@XZ
?RegisterIOHandler@MessageLoopForIO@base@@QAEXPAXPAVIOHandler@MessagePumpForIO@2@@Z
?WaitForIOCompletion@MessageLoopForIO@base@@QAE_NKPAVIOHandler@MessagePumpForIO@2@@Z
?GetInstance@TraceLog@trace_event@base@@SAPAV123@XZ
?GetCategoryGroupEnabled@TraceLog@trace_event@base@@SAPBEPBD@Z
?AddTraceEventWithThreadIdAndTimestamp@TraceLog@trace_event@base@@QAE?AUTraceEventHandle@23@DPBEPBD_K2HABVTimeTicks@3@HPAPBD0PB_KPBV?$scoped_refptr@VConvertableToTraceFormat@trace_event@base@@@@I@Z
??1ScopedTracer@trace_event_internal@@QAE@XZ
?ASCIIToUTF16@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?AddRef@RefCountedThreadSafeBase@subtle@base@@IBEXXZ
??0LogMessage@logging@@QAE@PBDHPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ReadBool@PickleIterator@base@@QAE_NPA_N@Z
??0Pickle@base@@QAE@H@Z
??0Pickle@base@@QAE@PBDH@Z
??0Pickle@base@@QAE@ABV01@@Z
??1Pickle@base@@UAE@XZ
?WriteBool@Pickle@base@@QAE_N_N@Z
?PeekNext@Pickle@base@@KA_NIPBD0PAI@Z
??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ
??1RefCountedThreadSafeBase@subtle@base@@IAE@XZ
?find_last_of@internal@base@@YAIABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@0I@Z
?ReplaceExtension@FilePath@base@@QBE?AV12@V?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@Z
?RemoveExtension@FilePath@base@@QBE?AV12@XZ
?Extension@FilePath@base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?BaseName@FilePath@base@@QBE?AV12@XZ
?ToUpperASCII@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?WriteFile@base@@YAHABVFilePath@1@PBDH@Z
?ReadFileToString@base@@YA_NABVFilePath@1@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SplitString@base@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@0W4WhitespaceHandling@1@W4SplitResult@1@@Z
?GenerateGUID@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?kUtf8ByteOrderMark@base@@3QBDB
?WriteValue@RegKey@win@base@@QAEJPB_W0@Z
?Close@RegKey@win@base@@QAEXXZ
?TrimWhitespaceASCII@base@@YA?AW4TrimPositions@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W421@PAV34@@Z
?RemoveChars@base@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAV23@@Z
?Alias@debug@base@@YAXPBX@Z
?AmountOfAvailablePhysicalMemory@SysInfo@base@@SA_JXZ
?AmountOfPhysicalMemory@SysInfo@base@@SA_JXZ
?Deserialize@JSONFileValueDeserializer@@UAE?AV?$scoped_ptr@VValue@base@@U?$default_delete@VValue@base@@@std@@@@PAHPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1JSONFileValueDeserializer@@UAE@XZ
??0JSONFileValueDeserializer@@QAE@ABVFilePath@base@@@Z
?CompareEqualIgnoreCase@FilePath@base@@SA_NV?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@0@Z
?OnDestruct@TaskRunner@base@@MBEXXZ
??1TaskRunner@base@@MAE@XZ
??0TaskRunner@base@@IAE@XZ
?RandUint64@base@@YA_KXZ
?InSeconds@TimeDelta@base@@QBE_JXZ
??H?$TimeBase@VTime@base@@@time_internal@base@@QBE?AVTime@2@VTimeDelta@2@@Z
?FromHours@TimeDelta@base@@SA?AV12@H@Z
?ColumnString16@Statement@sql@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?ColumnString@Statement@sql@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?ColumnInt64@Statement@sql@@QBE_JH@Z
?ColumnInt@Statement@sql@@QBEHH@Z
?ColumnBool@Statement@sql@@QBE_NH@Z
?Step@Statement@sql@@QAE_NXZ
?WriteBytes@Pickle@base@@QAE_NPBXH@Z
?WriteString16@Pickle@base@@QAE_NABV?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@Z
?WriteString@Pickle@base@@QAE_NABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?ReadBytes@PickleIterator@base@@QAE_NPAPBDH@Z
?ReadString16@PickleIterator@base@@QAE_NPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?ReadString@PickleIterator@base@@QAE_NPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ReadInt64@PickleIterator@base@@QAE_NPA_J@Z
?ReadLong@PickleIterator@base@@QAE_NPAJ@Z
?WriteInt64@Pickle@base@@QAE_N_J@Z
?WriteLongUsingDangerousNonPortableLessPersistableForm@Pickle@base@@QAE_NJ@Z
?ReadUInt32@PickleIterator@base@@QAE_NPAI@Z
?GetAsDictionary@DictionaryValue@base@@UBE_NPAPBV12@@Z
?GetAsDictionary@DictionaryValue@base@@UAE_NPAPAV12@@Z
??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z
??1LogMessage@logging@@QAE@XZ
??0SequencedTaskRunner@base@@QAE@XZ
??1SequencedTaskRunner@base@@MAE@XZ
?ReadData@PickleIterator@base@@QAE_NPAPBDPAH@Z
?WriteData@Pickle@base@@QAE_NPBDH@Z
??0Timer@base@@QAE@_N0ABV?$scoped_refptr@VSequencedTaskRunner@base@@@@@Z
?GetSQLStatement@Statement@sql@@QAEPBDXZ
??1Statement@sql@@QAE@XZ
??0Statement@sql@@QAE@V?$scoped_refptr@VStatementRef@Connection@sql@@@@@Z
?GetErrorMessage@Connection@sql@@QBEPBDXZ
?GetLastErrno@Connection@sql@@QBEHXZ
?GetErrorCode@Connection@sql@@QBEHXZ
?DoesTableExist@Connection@sql@@QBE_NPBD@Z
?GetUniqueStatement@Connection@sql@@QAE?AV?$scoped_refptr@VStatementRef@Connection@sql@@@@PBD@Z
?GetCachedStatement@Connection@sql@@QAE?AV?$scoped_refptr@VStatementRef@Connection@sql@@@@ABVStatementID@2@PBD@Z
?Execute@Connection@sql@@QAE_NPBD@Z
?CommitTransaction@Connection@sql@@QAE_NXZ
?RollbackTransaction@Connection@sql@@QAEXXZ
?BeginTransaction@Connection@sql@@QAE_NXZ
?Close@Connection@sql@@QAEXXZ
?SetBusyTimeout@Connection@sql@@QAEXH@Z
?OpenWithKey@Connection@sql@@QAE_NABVFilePath@base@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
?Open@Connection@sql@@QAE_NABVFilePath@base@@@Z
??1Connection@sql@@QAE@XZ
??0Connection@sql@@QAE@XZ
?is_valid@Statement@sql@@QBE_NXZ
?set_error_callback@Connection@sql@@QAEXABV?$Callback@$$A6AXHPAVStatement@sql@@@Z@base@@@Z
?GetProgramCounter@tracked_objects@@YAPBXXZ
??0Location@tracked_objects@@QAE@PBD0HPBX@Z
?Set@DictionaryValue@base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAVValue@2@@Z

iphlpapi

GetAdaptersInfo
GetNetworkParams
IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

logging

??1KLogMessage@@QAE@XZ
??0KLogMessage@@QAE@PB_WHH@Z
?GetMinKLogLevel@@YAHXZ
?FinalizeKLogging@@YAXXZ
?SetLoggingFilePath@@YAXPB_W@Z

msvcp140

?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@D@std@@QBEDD@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?exceptions@ios_base@std@@QAEXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?narrow@?$ctype@_W@std@@QBED_WD@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_BADOFF@std@@3_JB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

vcruntime140

__std_exception_destroy
memmove
__std_exception_copy
_purecall
_except_handler4_common
__std_terminate
_CxxThrowException
__CxxFrameHandler3
_set_purecall_handler
memcmp
memset
memcpy
__std_type_info_compare
memchr

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
signal
_set_new_handler
_set_invalid_parameter_handler
exit
abort
_errno
_invalid_parameter_noinfo
terminate
_beginthreadex
_invalid_parameter_noinfo_noreturn
_set_abort_behavior

api-ms-win-crt-string-l1-1-0

isprint
wcslen
iswprint
wcscat_s
tolower
isalnum

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

fsetpos
__stdio_common_vswprintf
fputc
__acrt_iob_func
fflush
fclose
__stdio_common_vfwprintf
fgetc
fwrite
__p__commode
_set_fmode
fgetpos
setvbuf
ungetc
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
_get_stream_buffer_pointers
_fseeki64

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

MessageBoxW

advapi32

RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoTaskMemFree

oleaut32

VariantClear

dbghelp

StackWalk64
SymGetModuleBase64
SymFunctionTableAccess64
MiniDumpWriteDump

psapi

GetModuleBaseNameW
EnumProcessModules
GetProcessMemoryInfo
GetModuleInformation

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

edba8c2b87ee64207a8008a343668e26

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

infra

iphlpapi

logging

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

advapi32

shell32

ole32

oleaut32

dbghelp

psapi

version

Sections

.text Size: 462KB - Virtual size: 461KB

.rdata Size: 157KB - Virtual size: 156KB

.data Size: 14KB - Virtual size: 15KB

.gfids Size: 512B - Virtual size: 108B

.rsrc Size: 90KB - Virtual size: 92KB

.text
Size: 462KB - Virtual size: 461KB

.rdata
Size: 157KB - Virtual size: 156KB

.data
Size: 14KB - Virtual size: 15KB

.gfids
Size: 512B - Virtual size: 108B

.rsrc
Size: 90KB - Virtual size: 92KB