C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb
Static task
static1
1 signatures
General
-
Target
mapple.rar
-
Size
54.4MB
-
MD5
19368eccfe00a49285d4af9c95b2e07d
-
SHA1
ae25875a42ac30e10ea7a5676f62d33394d4406c
-
SHA256
9a1469845776be2ec28018a6a93034b7f63d5305e10f8a65fdf846b79df3e6d5
-
SHA512
42ea8e7d681746c25a344efe36f4ea8d7b2a7db608bbec9fd5ef9c36384d14ea2267c42327cda8b46a94cefaf6a4c2af4465303de12c8eb6f5fffb190fd1d836
-
SSDEEP
1572864:0EyGu2oNPPOlovcxAK4hPsNa9me5FtEeUooBorQw4YX:w7tHcB4OaMe5Ftlk8Qlw
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/mapple/chromedriver.exe unpack001/mapple/crack.dll unpack001/mapple/loader.exe unpack001/mapple/maple.exe
Files
-
mapple.rar.rar
Password: infected
-
mapple/assets/avatars/image.png.png
Password: infected
-
mapple/assets/config.json
-
mapple/chromedriver.exe.exe windows:5 windows x86 arch:x86
Password: infected
b5044d2e15ec938753af9304bbe4958e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
BuildTrusteeWithSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CreateProcessAsUserW
EventRegister
EventSetInformation
EventUnregister
EventWrite
GetLengthSid
GetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
InitializeAcl
InitializeSecurityDescriptor
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
RegCloseKey
RegCreateKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
SetSecurityInfo
SystemFunction036
dbghelp
SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW
user32
AllowSetForegroundWindow
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
GetActiveWindow
GetQueueStatus
GetWindowLongW
KillTimer
LoadKeyboardLayoutW
MapVirtualKeyW
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassExW
SetTimer
SetWindowLongW
ToUnicode
TranslateMessage
UnregisterClassW
VkKeyScanW
ws2_32
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecvFrom
WSAResetEvent
WSASend
WSASendTo
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
ioctlsocket
listen
ntohs
recv
recvfrom
sendto
setsockopt
shutdown
socket
kernel32
AcquireSRWLockExclusive
AcquireSRWLockShared
AssignProcessToJobObject
CancelIo
CloseHandle
CompareStringW
ConnectNamedPipe
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateNamedPipeW
CreateProcessW
CreateThread
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetWindowsDirectoryW
GlobalFree
GlobalMemoryStatusEx
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleInformation
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
ReplaceFileW
ResetEvent
RtlCaptureStackBackTrace
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
iphlpapi
GetAdaptersAddresses
winmm
timeBeginPeriod
timeEndPeriod
timeGetTime
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
shell32
CommandLineToArgvW
ord680
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW
shlwapi
PathMatchSpecW
ole32
CoInitializeEx
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoTaskMemFree
CoUninitialize
secur32
AcquireCredentialsHandleW
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW
QuerySecurityPackageInfoW
winhttp
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpSetTimeouts
urlmon
CoInternetCreateSecurityManager
crypt32
CertAddStoreToCollection
CertCloseStore
CertControlStore
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertOpenStore
dhcpcsvc
DhcpCApiInitialize
DhcpRequestParams
Exports
Exports
GetHandleVerifier
sqlite3_dbdata_init
Sections
.text Size: 8.4MB - Virtual size: 8.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rodata Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 445B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
malloc_h Size: 512B - Virtual size: 185B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 59KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 285KB - Virtual size: 285KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mapple/crack.dll.dll windows:4 windows x64 arch:x64
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Exports
Exports
PyEval_InitThreads
PyGILState_Ensure
PyGILState_Release
PyRun_SimpleStringFlags
Py_SetProgramName
_GCC_specific_handler
_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
_Z10MainThreadP11HINSTANCE__
_ZN3SDK11InitCPythonEv
__emutls_get_address
__emutls_register_common
__pth_gpointer_locked
__pthread_clock_nanosleep
__pthread_shallcancel
__xl_f
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_setnobreak
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
cond_print
cond_print_set
do_sema_b_wait_intern
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_delay_np_ms
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getname_np
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
rwl_print
rwl_print_set
sdk
thread_print
thread_print_set
Sections
Size: 216KB - Virtual size: 640KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 15KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 26KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 11KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 5KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 17KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 465B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.edata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 5.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
-
mapple/loader.exe.exe windows:6 windows x64 arch:x64
Password: infected
ee29f6ddfc1eee572c8ed36fe8cea20a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
shell32
SHFileOperationW
SHGetFolderPathW
kernel32
TlsAlloc
WriteConsoleW
CreateDirectoryW
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
Sections
.text Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5.1MB - Virtual size: 5.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mapple/maple.exe.exe windows:6 windows x64 arch:x64
Password: infected
16bdacb1c91a7c4b568bce4938368cda
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
shell32
SHFileOperationW
SHGetFolderPathW
kernel32
EnterCriticalSection
WriteConsoleW
CreateDirectoryW
SizeofResource
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
SetEnvironmentVariableW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
Sections
.text Size: 128KB - Virtual size: 128KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 40.6MB - Virtual size: 40.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ