MsSense.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0c4b19eaae7a46e570f735528d2085d0N.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
0c4b19eaae7a46e570f735528d2085d0N.exe
-
Size
6.4MB
-
MD5
0c4b19eaae7a46e570f735528d2085d0
-
SHA1
51c5ae3b9a7f370c5e3a22c8b7995aa317c46d0c
-
SHA256
29870871ba8287c6c695c204603aaa9c8503fe5fab6517cb8e61033035c27b7b
-
SHA512
e6d9ca27c0a5ab1bb7e256f42527fb67bffdaf85b5d54a52ff1c580498899768f74343c873d123cb43aa0b7d42f32380ee4748525470a28d66704d13d5df16c1
-
SSDEEP
49152:Qh2VWFw8G0nTDe1NW8SPA9QwAbctvVo/Za9DUS/MDDLXSjTWlomyuwazfKGQtze3:LQlbPzKSNZAD527BWG
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0c4b19eaae7a46e570f735528d2085d0N.exe
Files
-
0c4b19eaae7a46e570f735528d2085d0N.exe.exe windows:10 windows x64 arch:x64
80a95e0a698b80dd58049c86238926c3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
msvcp_win
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?exceptions@ios_base@std@@QEAAXH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?narrow@?$ctype@D@std@@QEBADDD@Z
?widen@?$ctype@D@std@@QEBADD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setf@ios_base@std@@QEAAHHH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setf@ios_base@std@@QEAAHH@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Xbad_function_call@std@@YAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Cnd_do_broadcast_at_thread_exit
_Thrd_join
_Thrd_id
?_Throw_Cpp_error@std@@YAXH@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
??Bios_base@std@@QEBA_NXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?fail@ios_base@std@@QEBA_NXZ
?_Random_device@std@@YAIXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
_Wcsxfrm
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?uncaught_exception@std@@YA_NXZ
_Wcscoll
??Bid@locale@std@@QEAA_KXZ
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?toupper@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Query_perf_counter
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?flags@ios_base@std@@QEAAHH@Z
?precision@ios_base@std@@QEAA_J_J@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?classic@locale@std@@SAAEBV12@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
_Mtx_lock
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
?eof@ios_base@std@@QEBA_NXZ
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?bad@ios_base@std@@QEBA_NXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
?swap@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAXAEAV12@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_signal
_Mtx_current_owns
_Cnd_timedwait
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
_Thrd_yield
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA_W_W@Z
?_Xbad_alloc@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-runtime-l1-1-0
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__strnicmp
_o__ui64toa_s
_o__ui64tow_s
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o__wcstod_l
_o__wgetenv_s
_o__wmakepath_s
_o__write
_o__wsopen_s
_o__wsplitpath_s
_o__wtoi
_o__wtoi64
_o_abort
_o_bsearch
_o_calloc
_o_ceilf
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fputc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_isalpha
_o_isdigit
_o_isspace
_o_iswalpha
_o_iswspace
_o_isxdigit
_o_malloc
_o_pow
_o_qsort
_o_rand
_o_realloc
_o_setvbuf
memmove
_o_strerror
_o_strftime
_o_terminate
_o_tolower
_o_towlower
_o_ungetc
_o_wcscpy_s
_o_wcsftime
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstombs
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
wcschr
_o__malloc_base
_o__lseeki64
_o__lock_file
_o__localtime64
_o__itoa_s
_o__isctype_l
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__i64tow_s
_o__i64toa_s
_o__gmtime64_s
_o__get_stream_buffer_pointers
_o__get_initial_wide_environment
_o__fseeki64
_o__free_locale
_o__free_base
_o__purecall
_o__exit
_o__errno
_o__crt_atexit
_o__create_locale
_o__configure_wide_argv
_o__configthreadlocale
_o__close
_o__cexit
_o__callnewh
_o__beginthreadex
_o__atodbl
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
__std_type_info_hash
strchr
__std_type_info_compare
__RTtypeid
wcsrchr
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
__RTDynamicCast
memchr
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
memset
wcsnlen
strncmp
wcscmp
strnlen
wcsncmp
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleA
GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExW
api-ms-win-core-synch-l1-1-0
ReleaseSRWLockExclusive
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateEventW
ResetEvent
CreateEventExW
CreateSemaphoreExW
CreateMutexExW
InitializeCriticalSection
SetEvent
OpenSemaphoreW
WaitForSingleObjectEx
TryEnterCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
api-ms-win-core-heap-l1-1-0
HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap
HeapSize
HeapReAlloc
api-ms-win-core-errorhandling-l1-1-0
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
GetProcessId
GetExitCodeProcess
TerminateProcess
SwitchToThread
CreateThread
SetThreadPriority
GetCurrentProcessId
api-ms-win-core-localization-l1-2-0
GetSystemPreferredUILanguages
FormatMessageW
GetUserPreferredUILanguages
FormatMessageA
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
SetHandleInformation
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister
EventUnregister
api-ms-win-core-synch-l1-2-0
InitializeConditionVariable
WakeByAddressSingle
WaitOnAddress
InitOnceBeginInitialize
SleepConditionVariableCS
InitOnceComplete
WakeConditionVariable
api-ms-win-core-threadpool-l1-2-0
CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolWork
SubmitThreadpoolWork
TrySubmitThreadpoolCallback
CloseThreadpoolWork
CloseThreadpool
SetThreadpoolThreadMinimum
CreateThreadpoolTimer
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
IsThreadpoolTimerSet
api-ms-win-core-registry-l1-1-0
RegGetValueW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
api-ms-win-core-kernel32-legacy-l1-1-0
RegisterWaitForSingleObject
UnregisterWait
GetComputerNameW
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
api-ms-win-oobe-notification-l1-1-0
UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetSystemInfo
GetTickCount64
GetSystemDirectoryW
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InterlockedPushEntrySList
InitializeSListHead
api-ms-win-core-com-l1-1-0
CoIncrementMTAUsage
CoGetObjectContext
user32
UnregisterDeviceNotification
RegisterDeviceNotificationW
ws2_32
WSAGetLastError
WSAStartup
WSACleanup
GetNameInfoW
InetNtopW
api-ms-win-core-path-l1-1-0
PathCchCombine
ntdll
NtOpenFile
ZwQueryEaFile
NtSetInformationProcess
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlIpv4StringToAddressExW
RtlIpv6AddressToStringW
VerSetConditionMask
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
NtDeleteKey
RtlCreateUnicodeString
NtQueryInformationProcess
NtDeleteValueKey
RtlIpv4AddressToStringW
RtlInitUnicodeString
RtlEthernetStringToAddressW
RtlQueryImageMitigationPolicy
RtlNtStatusToDosError
NtQuerySystemInformation
RtlFreeUnicodeString
rpcrt4
NdrClientCall3
RpcStringBindingComposeW
UuidCreate
UuidHash
RpcBindingFree
RpcBindingFromStringBindingW
UuidFromStringW
UuidCompare
RpcStringFreeW
UuidToStringW
bcrypt
BCryptFinishHash
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptVerifySignature
BCryptHashData
BCryptDestroyKey
BCryptGetProperty
kernel32
InstallELAMCertificateInfo
WTSGetActiveConsoleSessionId
K32GetMappedFileNameW
Process32FirstW
GetTempPathW
GetModuleFileNameW
QueryDosDeviceW
GetComputerNameExW
FindFirstVolumeW
DeviceIoControl
WerRegisterCustomMetadata
GetWindowsDirectoryW
CreateFileW
GetVolumeNameForVolumeMountPointW
MultiByteToWideChar
FindVolumeClose
ExpandEnvironmentStringsW
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
GetLongPathNameW
LocalFree
GetDriveTypeW
GetProcessMitigationPolicy
SetProcessMitigationPolicy
CompareFileTime
CreateDirectoryW
ReadFile
GetFileInformationByHandleEx
FindFirstFileW
GetFileSizeEx
FindNextFileW
GetTempFileNameW
Process32NextW
GetProductInfo
GetVersionExW
VerifyVersionInfoW
WriteFile
GetLogicalDrives
OpenProcess
GetPackageFullName
GetVolumeInformationW
RemoveDirectoryW
SetEndOfFile
FindClose
GetFileAttributesW
Sleep
DeleteFileW
SetFilePointerEx
MoveFileExW
CopyFileW
FlushFileBuffers
QueryPerformanceFrequency
GetEnvironmentVariableW
WideCharToMultiByte
DuplicateHandle
ReadProcessMemory
GetProcessTimes
CancelIo
UnregisterWaitEx
CreateToolhelp32Snapshot
GetOverlappedResultEx
QueryFullProcessImageNameW
GetFileSize
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetFileInformationByHandle
advapi32
ConvertSidToStringSidW
GetSidSubAuthorityCount
LookupAccountNameW
LookupAccountSidW
CreateRestrictedToken
LogonUserW
ImpersonateLoggedOnUser
RevertToSelf
DestroyPrivateObjectSecurity
GetTokenInformation
FreeSid
GetSecurityDescriptorLength
ChangeServiceConfig2W
DuplicateTokenEx
QueryServiceConfigW
GetLengthSid
ChangeServiceConfigW
QueryServiceConfig2W
StopTraceW
AuditSetSystemPolicy
OpenProcessToken
IsValidSid
ConvertStringSidToSidW
GetSidSubAuthority
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
GetAllUsersProfileDirectoryW
ExpandEnvironmentStringsForUserW
GetProfilesDirectoryW
DeleteAppContainerProfile
CreateAppContainerProfile
api-ms-win-security-isolatedcontainer-l1-1-1
IsProcessInWDAGContainer
wldp
WldpQueryWindowsLockdownMode
msi
ord45
ord244
ord270
ord205
winipcfile
ord7
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeExW
urlmon
FindMimeFromData
netapi32
NetUserEnum
NetGetAadJoinInformation
NetGetJoinInformation
NetFreeAadJoinInformation
NetApiBufferFree
tellib
TelLib_SetBandwidthExceededChangedCallback
TelLib_Initialize
TelLib_SetDiskActivityCallback
TelLib_SetTimerValue
TelLib_SetUploadFailedCallback
TelLib_SetAgentConnectivityCallback
TelLib_EventWrite
TelLib_Initialize2
TelLib_SetNetworkActivityCallback
TelLib_SetCustomRequestFieldCallback
TelLib_SetNetworkState
TelLib_SetConnectedStandby
TelLib_Cleanup
TelLib_SetGeneralQuietMode
TelLib_SetBatteryState
TelLib_SetTenantToken
TelLib_SetUploadUrls
TelLib_SetProxyInfo
TelLib_SetDiskQuota
TelLib_SetDailyUploadQuota
TelLib_ForceUpload
api-ms-win-crt-time-l1-1-0
_time64
iphlpapi
GetIpNetTable2
GetAdaptersAddresses
NotifyUnicastIpAddressChange
NotifyIpInterfaceChange
FreeMibTable
GetUnicastIpAddressTable
CancelMibChangeNotify2
GetUnicastIpAddressEntry
GetIfEntry2
api-ms-win-core-version-private-l1-1-0
GetFileVersionInfoByHandle
api-ms-win-core-shlwapi-legacy-l1-1-0
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
api-ms-win-core-xstate-l2-1-0
GetEnabledXStateFeatures
crypt32
CryptBinaryToStringA
CertFreeCertificateChain
CertStrToNameW
CertCreateSelfSignCertificate
CryptBinaryToStringW
CryptImportPublicKeyInfoEx2
CryptDecodeObjectEx
CertCreateCertificateContext
CryptUnprotectMemory
CertFreeCertificateContext
CryptImportPublicKeyInfo
CertOpenStore
CertFindCertificateInStore
CertAddCertificateContextToStore
CertGetCertificateChain
CertFindExtension
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertGetNameStringW
CryptStringToBinaryW
CertCloseStore
api-ms-win-power-setting-l1-1-0
PowerSettingUnregisterNotification
PowerSettingRegisterNotification
api-ms-win-power-base-l1-1-0
PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification
api-ms-win-core-io-l1-1-0
GetOverlappedResult
CreateIoCompletionPort
GetQueuedCompletionStatus
api-ms-win-core-job-l2-1-0
QueryInformationJobObject
CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
api-ms-win-core-job-l1-1-0
IsProcessInJob
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-realtime-l1-1-0
QueryProcessCycleTime
QueryThreadCycleTime
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
StartTraceW
EventAccessRemove
EventAccessControl
EnableTraceEx2
EnumerateTraceGuidsEx
api-ms-win-eventing-consumer-l1-1-0
OpenTraceW
ProcessTrace
CloseTrace
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-file-l1-1-0
LocalFileTimeToFileTime
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileTime
SetFilePointer
api-ms-win-eventing-tdh-l1-1-0
TdhGetEventInformation
TdhGetProperty
TdhGetPropertySize
api-ms-win-core-memory-l1-1-0
CreateFileMappingW
VirtualQueryEx
MapViewOfFile
UnmapViewOfFile
sspicli
GetUserNameExW
api-ms-win-security-base-l1-1-0
IsWellKnownSid
SetTokenInformation
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
api-ms-win-core-heap-l2-1-0
GlobalFree
LocalAlloc
winhttp
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSetOption
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpReceiveResponse
oleaut32
SafeArrayUnlock
SafeArrayLock
SysStringByteLen
SafeArrayGetVartype
GetErrorInfo
SafeArrayDestroy
VariantClear
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SetErrorInfo
VariantInit
SafeArrayGetUBound
SafeArrayCopy
SafeArrayGetLBound
api-ms-win-core-datetime-l1-1-0
GetDateFormatW
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
RoActivateInstance
api-ms-win-core-winrt-string-l1-1-0
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference
WindowsIsStringEmpty
cabinet
ord35
ord33
ord31
ord30
api-ms-win-security-cryptoapi-l1-1-0
CryptVerifySignatureW
CryptAcquireContextW
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptCreateHash
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
ControlService
api-ms-win-service-management-l1-1-0
OpenSCManagerW
StartServiceW
CloseServiceHandle
OpenServiceW
api-ms-win-core-kernel32-legacy-l1-1-1
GetFirmwareType
api-ms-win-core-psapi-l1-1-0
K32EnumProcessModules
K32GetProcessMemoryInfo
api-ms-win-core-namedpipe-l1-1-0
CreatePipe
ncrypt
NCryptSetProperty
NCryptCreatePersistedKey
NCryptVerifySignature
NCryptOpenKey
NCryptOpenStorageProvider
NCryptSignHash
NCryptFinalizeKey
NCryptFreeObject
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
devobj
DevObjEnumDeviceInterfaces
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList
DevObjGetClassDevs
DevObjGetDeviceInterfaceDetail
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-string-l1-1-0
CompareStringW
shlwapi
PathIsDirectoryW
PathIsDirectoryEmptyW
dnsapi
DnsQuery_W
DnsFree
DnsGetCacheDataTable
wevtapi
EvtCreateRenderContext
EvtQuery
EvtClose
EvtSubscribe
EvtNext
EvtRender
mssecuser
SecUninitializeDriver
SecSetConfiguration
SecGetCiInformation
SecRequestOplock
SecWriteFileDlpEA
SecWriteFileHashEA
SecSetFileMonitorOperations
SecSetProcessInfo
SecRegisterConsumer
SecUnregisterConsumer
SecSetDlpConfiguration
SecGetFileHashes
SecSetRegistryOperations
SecClearRegistryOperations
SecCreateSessionFilter
SecDeleteSessionFilter
SecIsKernelIntegrityEnabled
SecGetProcessInfo
api-ms-win-crt-stdio-l1-1-0
_wopen
_open
api-ms-win-security-trustee-l1-1-0
BuildSecurityDescriptorW
fwpuclnt
FwpmEngineClose0
FwpmFilterAdd0
FwpmFreeMemory0
FwpmFilterCreateEnumHandle0
FwpmProviderAdd0
FwpmProviderGetByKey0
FwpmTransactionCommit0
FwpmSubLayerAdd0
FwpmSubLayerGetByKey0
FwpmSubLayerDeleteByKey0
FwpmFilterDestroyEnumHandle0
FwpmEngineOpen0
FwpmProviderDeleteByKey0
FwpmTransactionBegin0
FwpmFilterDeleteByKey0
FwpmFilterEnum0
FwpmGetAppIdFromFileName0
api-ms-win-core-sysinfo-l1-2-0
GetSystemTimePreciseAsFileTime
Exports
Exports
adler32
adler32_combine
adler32_z
crc32
crc32_combine
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose_w
gzdopen
gzeof
gzerror
gzflush
gzfwrite
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzvprintf
gzwrite
inflate
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
zError
zlibCompileFlags
zlibVersion
Sections
.text Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 216KB - Virtual size: 417KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 220KB - Virtual size: 218KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 416B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 600KB - Virtual size: 604KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE