50bb137dc5dc91ece4a31d01787c0db3361853f2e7b559ff731c05d102bec0ca

Sharing

Copy URL

Twitter E-mail

General

Target

50bb137dc5dc91ece4a31d01787c0db3361853f2e7b559ff731c05d102bec0ca
Size

1014KB
MD5

ba13f98a1f19d7b6d10e243cc76d532c
SHA1

6383da469d8152b1de367eb7c50aae6d31468134
SHA256

50bb137dc5dc91ece4a31d01787c0db3361853f2e7b559ff731c05d102bec0ca
SHA512

beaa6d66bb12bad6342721131118bae630ba3524355c6579dc66c56b2f5b2571da1a51034ecbb1b50fd2a61e90aec5ff73b679b03b681d7b3b06df4407c35155
SSDEEP

24576:/ZPjc72nqQtrFX6jzET6HQ1TM4+gCc1dQf9sa:9g8FX6fjw1g4CcjQf9B

Score

8^/10

macro xlm

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with 4.0 macros.

macro xlm

Processes:

resource	yara_rule
static1/unpack001/Users/wilmer.coughlin/Downloads/subscription_1617056233.xlsb	office_xlm_macros

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/ProgramData/huqvg/huqvg.exe
unpack001/Users/Public/4123.do1
unpack001/Users/wilmer.coughlin/AppData/Local/Temp/C618.tmp.dll
unpack001/Windows/Temp/adf/anchorAsjuster_x64.exe
unpack001/Windows/Temp/adf/anchorDNS_x64.exe
unpack001/Windows/Temp/adf/anchor_x64.exe

Files

50bb137dc5dc91ece4a31d01787c0db3361853f2e7b559ff731c05d102bec0ca
.zip

Password: infected
ProgramData/huqvg/huqvg.exe
.exe windows:6 windows x64 arch:x64

787151c6bef6ee11d1d73736521d9ba7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

DlgDirListComboBoxW
LoadImageA
LoadBitmapA
GetWindow
GetUpdateRect
IsWindowVisible

gdi32

CreateEllipticRgnIndirect
DrawEscape
CreateEllipticRgn
CreateCompatibleBitmap
CombineRgn
AbortPath
EndDoc

shlwapi

StrToIntA
StrRChrA
StrCmpIW
StrPBrkA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Users/Public/4123.do1
.dll windows:4 windows x86 arch:x86

17bfed211106b3e7d0f15493e6716264

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
LoadLibraryW
GetProcAddress
DisableThreadLibraryCalls

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

msvcrt

malloc
free
atoi
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

DF1

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Users/Public/4123.xlsb
Users/Public/4123.xsg
Users/wilmer.coughlin/AppData/Local/Temp/C618.tmp.dll
.dll windows:6 windows x64 arch:x64

ddb095d2ce52d8eb057df35ac1fd603b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Ohuevhu\source\repos\naglo\Release\naglo.pdb

Imports

kernel32

GetCurrentProcess
CreateMutexA
Sleep
GetLastError
LoadLibraryA
GetTickCount
GetProcAddress
WideCharToMultiByte
GetCurrentThreadId
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEvent
CreateThread
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitThread
GetModuleHandleExW
ExitProcess
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
HeapAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
RtlUnwind

Exports

Exports

lowslow

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Users/wilmer.coughlin/Downloads/subscription_1617056233.xlsb
.xlsb office2007
Windows/System32/Tasks/Sun SvcRestartTask#32640
Windows/Temp/adf/anchorAsjuster_x64.exe
.exe windows:6 windows x64 arch:x64

9859b7a32d1227be2ca925c81ae9265e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoInitialize
CoCreateGuid
CoUninitialize

kernel32

GetLastError
HeapSize
WriteConsoleW
CreateFileW
GetTickCount
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
SetEndOfFile
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
ReadFile
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.table
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows/Temp/adf/anchorDNS_x64.exe
.exe windows:6 windows x64 arch:x64

e2450fb3cc5b1b7305e3193fe03f3369

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\D\GIT\anchorDns.llvm\Bin\x64\Release\anchorDNS_x64.pdb

Imports

user32

CloseDesktop
CreateDesktopA

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ws2_32

WSAGetLastError
freeaddrinfo
getaddrinfo
htonl

rpcrt4

UuidCreate

kernel32

CloseHandle
CreateEventW
CreateFileA
CreateFileW
CreateRemoteThread
CreateThread
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
WTSGetActiveConsoleSessionId
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpA

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.addr
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rand
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows/Temp/adf/anchor_x64.exe
.exe windows:6 windows x64 arch:x64

e2450fb3cc5b1b7305e3193fe03f3369

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\D\GIT\anchorDns.llvm\Bin\x64\Release\anchorDNS_x64.pdb

Imports

user32

CloseDesktop
CreateDesktopA

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ws2_32

WSAGetLastError
freeaddrinfo
getaddrinfo
htonl

rpcrt4

UuidCreate

kernel32

CloseHandle
CreateEventW
CreateFileA
CreateFileW
CreateRemoteThread
CreateThread
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
WTSGetActiveConsoleSessionId
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpA

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.addr
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rand
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

787151c6bef6ee11d1d73736521d9ba7

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

shlwapi

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 109KB - Virtual size: 108KB

17bfed211106b3e7d0f15493e6716264

Headers

File Characteristics

Imports

kernel32

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 632B

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 4KB - Virtual size: 1KB

ddb095d2ce52d8eb057df35ac1fd603b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 3KB

9859b7a32d1227be2ca925c81ae9265e

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

Sections

.text Size: 144KB - Virtual size: 144KB

.table Size: 512B - Virtual size: 16B

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 8KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 604B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 3KB - Virtual size: 3KB

e2450fb3cc5b1b7305e3193fe03f3369

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

oleaut32

advapi32

ws2_32

rpcrt4

kernel32

Sections

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 109KB - Virtual size: 108KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 632B

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 144KB - Virtual size: 144KB

.table
Size: 512B - Virtual size: 16B

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 8KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 604B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 3KB - Virtual size: 14KB

.pdata
Size: 9KB - Virtual size: 9KB

.00cfg
Size: 512B - Virtual size: 40B

.addr
Size: 512B - Virtual size: 132B

.rand
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 608B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 3KB - Virtual size: 14KB

.pdata
Size: 9KB - Virtual size: 9KB

.00cfg
Size: 512B - Virtual size: 40B

.addr
Size: 512B - Virtual size: 132B

.rand
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 608B

.reloc
Size: 2KB - Virtual size: 1KB