WebCruiser[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WebCruiser.zip
Size

5.8MB
MD5

dd345e0c0b9fc4c59ad5c4050846be3f
SHA1

8dc66a8a4e6c0473c31eb95038b2799279aac387
SHA256

026b26bcb8efe352aa1d289ed1c6958e37bd496105b7956af59025887436e953
SHA512

35664dd1f822e742e46d06100fc04e07321c0589185ac0cc377b30ff76bcbdb04ac843a7a52053049b87a60439b66d6b4574225645ad9572e53016282597e374
SSDEEP

98304:g3k9x6cgHFYT551Vclu62S0TLru+oEHSp7FeYIoujraqeX6dY+1aYANpfJeHaDl:g3KxrP5q10Te2HSp70CuHaFlsaYkHeH+

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/WebCruiserPro/WebCruiserWVS/Getting_Started_with_WebCruiser_Web_Vulnerability_Scanner.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WebCruiserPro/Interop.SHDocVw.dll
unpack001/WebCruiserPro/NcaSvc.dll
unpack001/WebCruiserPro/WebCruiserWVS.exe
unpack001/WebCruiserPro/WebCruiserWVS/Interop.SHDocVw.dll
unpack001/WebCruiserPro/WebCruiserWVS/WebCruiserWVS.exe
unpack001/WebCruiserPro/lib/Interop.SHDocVw.dll
unpack001/WebCruiserPro/lib/Ionic.Zip.dll
unpack001/WebCruiserPro/lib/Launcher.exe
unpack001/WebCruiserPro/lib/wcw.exe
unpack001/WebCruiserPro/mstscax.dll

Files

WebCruiser.zip
.zip
WebCruiserPro/Interop.SHDocVw.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCruiserPro/NcaSvc.dll
.dll windows:10 windows x64 arch:x64

be040105def20e0c8f67a8a06bf21b12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NcaSvc.pdb

Imports

msvcrt

malloc
memset
_wcsnicmp
free
_amsg_exit
_XcptFilter
_vsnprintf_s
wcschr
_wcsicmp
_vsnwprintf
strchr
__C_specific_handler
memcpy
_initterm
wcscmp

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
SetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateEventW
ReleaseSRWLockShared
SetWaitableTimer
DeleteCriticalSection
WaitForSingleObject
ResetEvent
InitializeSRWLock

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateWaitableTimerW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
LeaveCriticalSectionWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
QueueUserAPC
CreateProcessW
TerminateProcess
GetCurrentProcessId
ResumeThread
GetCurrentProcess
GetCurrentThreadId
SetThreadToken
OpenProcessToken
GetCurrentThread
OpenThreadToken
CreateThread

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance

ws2_32

GetAddrInfoW
WSACleanup
InetPtonW
WSAStartup
FreeAddrInfoW

iphlpapi

IcmpCloseHandle
Icmp6SendEcho2
NotifyIpInterfaceChange
Icmp6CreateFile
FreeMibTable
CreateSortedAddressPairs
CancelMibChangeNotify2
GetAdaptersAddresses
NotifyUnicastIpAddressChange
NotifyRouteChange2

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
GetLengthSid
RevertToSelf
EqualSid
GetTokenInformation
CopySid
CheckTokenMembership
AccessCheck

rpcrt4

RpcServerInqBindings
RpcServerRegisterIfEx
RpcEpUnregister
RpcStringFreeW
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
NdrServerCall2
RpcBindingVectorFree
RpcServerUnregisterIfEx
I_RpcBindingIsClientLocal
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingInqAuthClientW
UuidEqual
RpcEpRegisterW
RpcServerUseProtseqW
RpcAsyncCompleteCall
RpcAsyncAbortCall
RpcImpersonateClient
RpcRevertToSelf

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
CreateFileW
GetTempFileNameW
GetLongPathNameW
SetFilePointer

api-ms-win-core-file-l1-2-0

GetTempPathW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
RegisterGPNotification
UnregisterGPNotification

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableCS

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCompareMemory

winhttp

WinHttpCrackUrl
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpCloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount64
GetSystemTime

dnsapi

DnsFreePolicyConfig
DnsGetPolicyTableInfo

sspicli

FreeContextBuffer
GetUserNameExW
DeleteSecurityContext
InitializeSecurityContextW
QuerySecurityPackageInfoW
FreeCredentialsHandle
AcquireCredentialsHandleW
RevertSecurityContext
ImpersonateSecurityContext
AcceptSecurityContext

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegCloseKey
RegNotifyChangeKeyValue
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

bcrypt

BCryptGetFipsAlgorithmMode

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCanonicalizeW

ntdll

EtwTraceMessage
RtlIpv6AddressToStringW
WinSqmIsOptedIn
WinSqmSetDWORD

umpdc

PdcNotificationClientUnregister
PdcNotificationClientRegister

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

httpprxp

ProxyHelperProviderConnectToServer
ProxyHelperProviderRegisterForEventNotification
ProxyHelperProviderUnregisterEventNotification
ProxyHelperProviderDisconnectFromServer

kernel32

GetComputerNameW
CreateJobObjectW
RegisterWaitForSingleObject
UnregisterWaitEx
TerminateJobObject
UnregisterWait
AssignProcessToJobObject

fwpuclnt

FwpmNetEventSubscribe4
FwpmNetEventUnsubscribe0
FwpmEngineClose0
FwpmEngineOpen0

firewallapi

FWChangeNotificationDestroy
FWChangeNotificationCreate

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCruiserPro/Readme.html
.html
WebCruiserPro/WebCruiser.png
.png
WebCruiserPro/WebCruiser01.png
.png
WebCruiserPro/WebCruiserWVS.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCruiserPro/WebCruiserWVS/Getting_Started_with_WebCruiser_Web_Vulnerability_Scanner.pdf
.pdf
- http://en-USwww.janusec.com/download/WebCruiserUserGuide.pdfen-US
- http://sourceforge.net/projects/wavsep/
- http://sourceforge.net/projects/wavsep/en-US
- http://www.janusec.com/documentation/
- http://www.janusec.com/documentationen-US/en-US
- http://www.janusec.com/download/WebCruiserUserGuide.pdf
- http://www.janusec.com/download/WebCruiser_Web_Vulnerability_Scanner_Test_Report.pdf
WebCruiserPro/WebCruiserWVS/Interop.SHDocVw.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCruiserPro/WebCruiserWVS/WebCruiserWVS.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\U2\Program\WebCruiserWVS\WebCruiserWVS\obj\Release\WebCruiserWVS.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 609KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCruiserPro/WebCruiserWVS/combo.txt
WebCruiserPro/WebCruiserWVS/password.txt
WebCruiserPro/WebCruiserWVS/username.txt
WebCruiserPro/WebCruiserWVS/wvs.png
.png
WebCruiserPro/lib/Interop.SHDocVw.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCruiserPro/lib/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCruiserPro/lib/LICENCE.dat
.zip
WebCruiserPro/lib/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCruiserPro/lib/Readme.html
.html
WebCruiserPro/lib/WebCruiser.png
.png
WebCruiserPro/lib/WebCruiser01.png
.png
WebCruiserPro/lib/wcw.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Data\U2\Program\WebCruiserWVS\WebCruiserWVS\obj\Release\WebCruiserWVS.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCruiserPro/mstscax.dll
.dll regsvr32 windows:10 windows x64 arch:x64

6040dc80a09960397e448f384516c856

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mstscax.pdb

Imports

msvcrt

_ultow
wcsncat_s
wcstoul
wcsftime
tolower
towupper
_itow_s
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
??0exception@@QEAA@XZ
_ltow
printf
isalpha
??1exception@@UEAA@XZ
memcpy
memcmp
_wfopen_s
log10f
log10
log
floorf
floor
exp
cos
_waccess_s
_wfopen
vswprintf_s
wcsnlen
swscanf_s
wcschr
_strnicmp
_strlwr_s
_vsnprintf
memcpy_s
wcstol
iswdigit
iswspace
toupper
wcstombs_s
_wcsnicmp
wcstok
wcsrchr
realloc
wcscat_s
wcsncmp
bsearch
isdigit
memchr
wcsstr
vsprintf_s
_resetstkoflw
towlower
swprintf_s
_aligned_free
memmove
memset
pow
sin
sqrt
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_aligned_malloc
_XcptFilter
free
_callnewh
time
gmtime
srand
rand
fclose
fprintf
fwrite
_wtoi
__CxxFrameHandler3
wcstok_s
_itoa_s
wcscspn
sprintf_s
_ltow_s
memmove_s
_stricmp
_vscwprintf
wcsncpy_s
malloc
_wcsicmp
_vsnwprintf
wcscpy_s
calloc
strtok_s
_wtol
strncmp
iswalnum
wcspbrk
_wcslwr
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
_purecall
ceilf
ceil
atan2
_CxxThrowException
wcscmp

ntdll

RtlFreeUnicodeString
NtSetInformationFile
RtlStringFromGUID
RtlAreBitsSet
RtlClearBits
RtlInitializeBitMap
RtlFindClearBitsAndSet
RtlNtStatusToDosError
RtlInitString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtDeviceIoControlFile
NtClose
NtReadFile
NtWriteFile
RtlEnumerateGenericTableWithoutSplaying
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlEnumerateGenericTable
RtlInitializeGenericTable
NtOpenSection
RtlAppendUnicodeToString
NtDuplicateObject
RtlGetLastNtStatus
RtlVerifyVersionInfo

kernel32

LocalAlloc
ExpandEnvironmentStringsW
CreateTimerQueueTimer
GetACP
CompareStringW
TryAcquireSRWLockExclusive
DeleteTimerQueueTimer
LocalFree
LoadLibraryA
K32GetModuleFileNameExW
IsDBCSLeadByte
CreateDirectoryW
TerminateThread
lstrcmpA
GetVersion
GetModuleHandleA
LoadLibraryExW
CreateFileW
DuplicateHandle
DeleteFileW
GetFileAttributesW
SetFileAttributesW
SetFilePointer
WriteFile
ReadFile
CreateMutexW
GetDiskFreeSpaceW
GetSystemTime
GetTimeFormatW
GetDateFormatW
FormatMessageW
GetNumberFormatW
GlobalHandle
LoadResource
GetSystemDefaultLangID
GetVersionExA
GetTempPathW
GetModuleFileNameW
TlsGetValue
TlsSetValue
PostQueuedCompletionStatus
VerifyVersionInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
VerSetConditionMask
GetFullPathNameW
GetSystemFirmwareTable
GetModuleHandleW
GlobalFree
IsWow64Process
GetComputerNameA
InterlockedFlushSList
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
CreateThread
SetErrorMode
CreateWaitableTimerW
SetWaitableTimer
QueryPerformanceFrequency
WaitForMultipleObjectsEx
CancelWaitableTimer
GetComputerNameExW
InitializeSListHead
GetDriveTypeW
GetCPInfo
ResumeThread
FlushFileBuffers
DeviceIoControl
FindCloseChangeNotification
QueryDosDeviceW
FindFirstChangeNotificationW
FindNextChangeNotification
GetVolumeInformationW
GetFileInformationByHandle
GetFileAttributesExW
GetVersionExW
SetFileTime
RemoveDirectoryW
MoveFileW
LockFileEx
GlobalDeleteAtom
LockFile
GlobalAddAtomW
UnlockFile
EscapeCommFunction
GetCommState
SetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
GetCommTimeouts
SetupComm
GetCommMask
TlsFree
TlsAlloc
LoadLibraryW
GetSystemDirectoryW
SetCommMask
CreateFileMappingW
CloseHandle
PurgeComm
GetCommModemStatus
GetLastError
ClearCommError
GetCommProperties
GetCommConfig
SleepConditionVariableSRW
WakeAllConditionVariable
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
VirtualAlloc
VirtualFree
HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryExA
VirtualProtect
DisableThreadLibraryCalls
SizeofResource
lstrcmpiW
CreateEventExW
GetTimeZoneInformation
GetLocalTime
OpenThread
SwitchToThread
InitializeCriticalSection
GetComputerNameW
Beep
TrySubmitThreadpoolCallback
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
GetDefaultCommConfigW
FindFirstVolumeW
GetModuleHandleExA
GetProcAddress
FindNextVolumeW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetVolumePathNamesForVolumeNameW
FindVolumeClose
OpenProcess
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetTempFileNameW
CreateProcessW
FreeLibrary
SystemTimeToFileTime
GetCommandLineW
GlobalSize
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
InitializeCriticalSectionAndSpinCount
SetThreadPriority
ProcessIdToSessionId
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
GetOverlappedResult
GetTickCount64
DisconnectNamedPipe
CreateThreadpoolIo
CancelThreadpoolIo
StartThreadpoolIo
CloseThreadpoolIo
BindIoCompletionCallback
CancelIo
SearchPathW
SetLastError
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
UnmapViewOfFile
MultiByteToWideChar
FindResourceExW
MapViewOfFile
WideCharToMultiByte
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
PowerCreateRequest
PowerSetRequest
PowerClearRequest
NormalizeString
MulDiv
lstrcmpW
RaiseException
VirtualQuery
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
ReleaseSemaphore
ReleaseMutex
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetProcessHeap
DebugBreak
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
GetFileSize
OpenEventW
OpenMutexW
OpenFileMappingW
GetSystemInfo
GetActiveProcessorCount
GetProcessAffinityMask
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetEndOfFile
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
SetFilePointerEx
CompareStringEx
GetNativeSystemInfo
WaitForMultipleObjects
IsProcessorFeaturePresent
CreateWaitableTimerExW
GetExitCodeThread
FreeLibraryAndExitThread
CreateSemaphoreW
QueueUserWorkItem
WaitForThreadpoolIoCallbacks

gdi32

GdiDrawStream
GetDeviceCaps
CreateRectRgn
SetRectRgn
OffsetRgn
DPtoLP
IntersectClipRect
CreateRectRgnIndirect
GetRgnBox
ExtCreateRegion
CreateSolidBrush
CreatePalette
RestoreDC
TextOutW
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
OffsetWindowOrgEx
GetDIBColorTable
CreateDCW
GetPaletteEntries
GetClipBox
GetNearestColor
SetDIBColorTable
GetRegionData
PtInRegion
CreateFontIndirectW
SetPixel
GetTextExtentPoint32W
ExtTextOutW
CreatePolygonRgn
GetMapMode
GetTextExtentPointW
GetClipRgn
UpdateColors
GetPixel
GetNearestPaletteIndex
GetSystemPaletteEntries
CombineRgn
CreateDIBPatternBrushPt
CreateBrushIndirect
DeleteObject
CreatePen
LPtoDP
DeleteDC
SelectObject
SetStretchBltMode
StretchBlt
CreateDIBitmap
CreateCompatibleDC
SetBitmapBits
CreateBitmap
CreateCompatibleBitmap
CreateDIBSection
SelectPalette
GetObjectW
GetCurrentObject
FillRgn
FrameRgn
Polygon
Ellipse
SetPolyFillMode
Rectangle
LineTo
MoveToEx
SetROP2
RealizePalette
PatBlt
SetDCBrushColor
GetStockObject
SelectClipRgn
GdiFlush
SetBrushOrgEx
GetBrushOrgEx
SetBkMode
SetMetaFileBitsEx
GetMetaFileBitsEx
PlayMetaFile
GetBkMode
BitBlt
StretchDIBits
SetBkColor
SetTextColor
SetTextAlign
GetTextAlign

advapi32

RegEnumValueW
IsTextUnicode
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegDeleteKeyValueW
RegSetKeyValueW
RegEnumKeyW
RegFlushKey
CryptGenRandom
CryptAcquireContextW
RegQueryInfoKeyW
EventUnregister
EventRegister
CopySid
GetLengthSid
OpenProcessToken
EventWriteTransfer
GetTokenInformation
CryptReleaseContext
CryptSetProvParam
CredFree
CredUnmarshalCredentialW
RegGetValueW
GetUserNameA
RegDeleteKeyW
CredIsMarshaledCredentialW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CredReadW
CredWriteW
CredGetSessionTypes
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
CredDeleteW
EventActivityIdControl
RegNotifyChangeKeyValue
CredReadDomainCredentialsW
CredWriteDomainCredentialsW
GetFileSecurityW
GetSecurityDescriptorLength
SetFileSecurityW
CryptDestroyKey
CredProtectW
CredUnprotectW
SystemFunction036
TraceEvent
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TraceMessage

user32

UpdateLayeredWindow
RedrawWindow
GetIconInfo
DrawIconEx
SetForegroundWindow
RegisterHotKey
UnregisterHotKey
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetTopWindow
OffsetRect
UnionRect
EnumChildWindows
EnumDisplayMonitors
EnumDisplayDevicesW
CopyIcon
PostThreadMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
CharNextW
IsChild
CallWindowProcW
DrawTextW
SetWindowLongW
EnumThreadWindows
AllowSetForegroundWindow
MonitorFromPoint
UnregisterClassA
CharLowerW
GetWindowDC
FillRect
IntersectRect
SetTimer
LoadCursorW
SetWindowPos
ShowWindow
KillTimer
DestroyWindow
UnregisterClassW
GetClassInfoW
RegisterClassW
CreateWindowExW
SetPropW
GetKeyState
SetParent
MoveWindow
GetKeyboardType
ScreenToClient
GetCapture
SetCursorPos
ClientToScreen
SetFocus
MapVirtualKeyW
GetSystemMetrics
UnhookWinEvent
keybd_event
GetCursorPos
GetRawInputData
GetAncestor
GetKeyboardLayoutNameW
TrackMouseEvent
DefWindowProcW
GetWindowLongPtrW
FlashWindow
GetWindowRect
EndPaint
SetWindowLongPtrW
GetLastInputInfo
CharPrevA
CharNextA
SetWinEventHook
EndDeferWindowPos
DeferWindowPos
GetGUIThreadInfo
BeginDeferWindowPos
GetClassNameW
GetActiveWindow
FindWindowExW
SendMessageTimeoutW
DispatchMessageW
GetMessageW
PostQuitMessage
ValidateRect
SetWindowTextW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
UpdateWindow
RegisterClassExW
GetClassInfoExW
IsRectEmpty
GetWindowLongW
GetParent
RemovePropW
SetRectEmpty
LoadStringW
LoadIconW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
GetWindowPlacement
SystemParametersInfoA
LockWindowUpdate
GetSysColor
SetScrollPos
AdjustWindowRect
ShowScrollBar
SetScrollInfo
GetCursorInfo
LoadMenuW
DialogBoxParamW
CheckDlgButton
EndDialog
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem
GetProcessDefaultLayout
GetDlgCtrlID
MonitorFromRect
GetLastActivePopup
SetLayeredWindowAttributes
GetSubMenu
TrackPopupMenuEx
SetClassLongPtrW
GetClassLongPtrW
GetMenuItemInfoW
IsWindowEnabled
DestroyMenu
CreateDialogParamW
AnimateWindow
GetKeyboardLayoutNameA
GetKeyboardLayout
SendDlgItemMessageW
GetNextDlgTabItem
GetDlgItemTextW
InflateRect
GetSysColorBrush
EnumDisplaySettingsW
CopyRect
GetClipboardFormatNameW
SetRect
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
IsClipboardFormatAvailable
DestroyIcon
LoadImageW
EqualRect
DefDlgProcW
GetDesktopWindow
DestroyCursor
PeekMessageW
SendInput
ShowCursor
MapWindowPoints
IsWindow
SetWindowRgn
SetActiveWindow
IsIconic
IsZoomed
RegisterWindowMessageW
GetWindow
IsWindowVisible
FindWindowW
CreateCursor
GetClientRect
SendMessageW
ReleaseDC
GetDC
InvalidateRect
RegisterClipboardFormatW
MessageBeep
GetMessageExtraInfo
GetWindowRgn
GetAsyncKeyState
AttachThreadInput
RegisterRawInputDevices
PtInRect
CallNextHookEx
GetWindowThreadProcessId
SetWindowsHookExW
SetCursor
FlashWindowEx
SetCapture
ReleaseCapture
GetForegroundWindow
GetFocus
UnhookWindowsHookEx
BeginPaint
PostMessageW
GetKeyboardState
SetMenuItemInfoW

d2d1

ord1

dwrite

DWriteCreateFactory

cfgmgr32

CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_Parent
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Device_Interface_PropertyW

msacm32

acmDriverEnum
acmFormatTagDetailsW
acmDriverOpen
acmStreamOpen
acmFormatSuggest
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamSize
acmDriverClose
acmStreamClose

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute

pdh

PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery
PdhOpenQueryW
PdhRemoveCounter
PdhCollectQueryData

secur32

EncryptMessage
AcceptSecurityContext
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleW
SetContextAttributesW
FreeCredentialsHandle
InitializeSecurityContextW
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
DecryptMessage
LsaLookupAuthenticationPackage
InitSecurityInterfaceW
QuerySecurityPackageInfoW
FreeContextBuffer
GetUserNameExW
LsaCallAuthenticationPackage

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

uxtheme

SetWindowTheme
GetCurrentThemeName

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsExW
CM_Get_Sibling
SetupDiOpenClassRegKeyExW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Child
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoList
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW

iphlpapi

CreateSortedAddressPairs
FreeMibTable

rpcrt4

NdrMesTypeDecode3
NdrMesTypeEncode3
NdrMesTypeFree3
MesDecodeBufferHandleCreate
RpcStringFreeW
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
MesHandleFree
MesEncodeDynBufferHandleCreate
UuidToStringW
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
IUnknown_Release_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
I_RpcExceptionFilter
NdrDllCanUnloadNow

dxgi

CreateDXGIFactory1

imm32

ImmGetContext
ImmAssociateContext

ncrypt

NCryptFreeObject
NCryptSetProperty

netapi32

NetGetJoinInformation
NetApiBufferFree

d3d11

D3D11CreateDevice

bcrypt

BCryptHashData
BCryptImportKeyPair
BCryptCreateHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptImportKey
BCryptEncrypt
BCryptFinishHash
BCryptDestroyKey

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

Exports

Exports

DllCanUnloadNow
DllCancelAuthentication
DllGetClaimsToken
DllGetClassObject
DllGetTscCtlVer
DllLogoffClaimsToken
DllRegisterServer
DllSetAuthProperties
DllSetClaimsToken
DllUnregisterServer

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 124KB - Virtual size: 120KB

.rsrc Size: 4KB - Virtual size: 872B

.reloc Size: 4KB - Virtual size: 12B

be040105def20e0c8f67a8a06bf21b12

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

oleaut32

api-ms-win-core-com-l1-1-0

ws2_32

iphlpapi

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

rpcrt4

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

userenv

api-ms-win-core-string-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

winhttp

api-ms-win-core-sysinfo-l1-1-0

dnsapi

sspicli

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

bcrypt

api-ms-win-core-profile-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

ntdll

umpdc

api-ms-win-security-lsalookup-l1-1-0

httpprxp

kernel32

fwpuclnt

firewallapi

Exports

Exports

Sections

.text Size: 113KB - Virtual size: 113KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 1KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 596B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

.text
Size: 124KB - Virtual size: 120KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 113KB - Virtual size: 113KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 1KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 596B

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 254KB - Virtual size: 254KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 140KB - Virtual size: 136KB

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 609KB - Virtual size: 608KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 124KB - Virtual size: 120KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 478KB - Virtual size: 477KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 386KB - Virtual size: 386KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B