build[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

build.zip
Size

1.4MB
MD5

e98b833eb56c5b20c4fff386acc61a73
SHA1

0192ea0813220a61e745f94f1beb83d9ebeac075
SHA256

f930eaa7fe0ebf0e4f4298ae33d0697435a2d77d25dc248130864d5873ffcab7
SHA512

63fb5af957b2073d6b3d5963bca6e3c2361147c2dae490e5bc0ce83cdf6b7d037122996eeba1fb112b4909feb42509d174649758db32f1aa2fc36ef14b400f34
SSDEEP

24576:5bPrM80ShAfDs98nwkaOdKjaTkSZFS6wduhZSn6NO4:5E80gAbsenTzKjaTkO0x664

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/build/GC3.exe
unpack001/build/drv/Map.exe

Files

build.zip
.zip
build/GC3.exe
.exe windows:6 windows x64 arch:x64

401e93b9b2193507b232792704229ee5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\forei\Desktop\client\GC3\build\GC3.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

ReadFile
GetFileType
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileA
SetLastError
FormatMessageA
GetLastError
LoadLibraryExA
GetModuleFileNameA
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
QueryPerformanceFrequency
LoadLibraryA
GetLocaleInfoA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
CreateThread
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCurrentDirectoryW
CreateFileW
FindClose
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
GetTickCount64
FindFirstFileW
FindFirstFileExW
FormatMessageW
GetEnvironmentVariableA
GetSystemDirectoryA
CreateEventA
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
LocalFree
GetLocaleInfoEx
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetStdHandle
SetConsoleTextAttribute
PeekNamedPipe
GetConsoleScreenBufferInfo
Sleep
MoveFileExA
WaitForSingleObjectEx
SetEvent
WaitForSingleObject
GetFileSizeEx

user32

PostQuitMessage
ScreenToClient
SetWindowLongW
FindWindowW
GetCursorPos
SendInput
SetLayeredWindowAttributes
MoveWindow
PeekMessageW
GetMonitorInfoW
DispatchMessageW
GetAsyncKeyState
RegisterClassExW
FindWindowA
TranslateMessage
UnregisterClassW
GetKeyState
GetMessageExtraInfo
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
MessageBoxA
GetForegroundWindow
SetForegroundWindow
GetWindowLongW
DefWindowProcW
GetWindowRect
MonitorFromWindow
CreateWindowExW

shell32

SHGetKnownFolderPath

ole32

CoInitialize
CoUninitialize
CoCreateInstance

msvcp140

_Query_perf_counter
_Xtime_get_ticks
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?iword@ios_base@std@@QEAAAEAJH@Z
?xalloc@ios_base@std@@SAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Mtx_lock
_Mtx_unlock
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??Bios_base@std@@QEBA_NXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

winmm

PlaySoundW

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
strchr
longjmp
strrchr
memmove
memcpy
memcmp
memset
_CxxThrowException
__intrinsic_setjmp
__C_specific_handler
__current_exception
__current_exception_context
strstr
memchr

api-ms-win-crt-runtime-l1-1-0

exit
_register_onexit_function
_beginthreadex
strerror
abort
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
terminate
_invalid_parameter_noinfo_noreturn
_c_exit
_configure_narrow_argv
_initialize_narrow_environment
__p___argv
__p___argc
_initialize_onexit_table
_errno
_exit
__sys_errlist
__sys_nerr
_initterm_e
system
_initterm
_crt_atexit
_get_initial_narrow_environment
_cexit
_set_app_type
_seh_filter_exe

api-ms-win-crt-heap-l1-1-0

free
malloc
_aligned_malloc
realloc
_set_new_mode
_aligned_free
_callnewh
calloc

api-ms-win-crt-stdio-l1-1-0

_write
_read
_lseeki64
_set_fmode
_open
__stdio_common_vswprintf
fputs
fgetc
__p__commode
ungetc
feof
fread
fputc
fflush
fwrite
fgetpos
fclose
setvbuf
tmpnam
__acrt_iob_func
_isatty
_fileno
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fsetpos
__stdio_common_vsscanf
_ftelli64
_popen
tmpfile
ftell
_pclose
clearerr
_close
fgets
_fseeki64
_get_stream_buffer_pointers
fseek
ferror
getc
fopen
freopen
__stdio_common_vfprintf
_wfopen

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
_difftime64
_localtime64
strftime
_mktime64
clock

api-ms-win-crt-math-l1-1-0

pow
log
frexp
ldexp
_ldsign
_fdsign
__setusermatherr
_fdopen
acos
acosf
asin
atan2
ceil
ceilf
cos
cosf
exp
floor
tan
floorf
fmod
fmodf
log10
powf
sin
sinf
sqrt
sqrtf
_dsign

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-string-l1-1-0

toupper
isblank
strncpy
isspace
strspn
isdigit
strpbrk
isgraph
isalpha
iscntrl
ispunct
islower
strcoll
strcmp
strncmp
_strdup
strcspn
isalnum
isupper
isxdigit
tolower

api-ms-win-crt-convert-l1-1-0

strtol
strtoll
atoi
strtoul
wcstombs
atof
strtod

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_unlink
remove
rename
_access
_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func
setlocale

api-ms-win-crt-environment-l1-1-0

getenv

ws2_32

WSAEventSelect
WSAEnumNetworkEvents
WSASetLastError
WSACloseEvent
send
getsockopt
WSAGetLastError
getaddrinfo
connect
socket
recvfrom
ntohs
getsockname
WSAIoctl
__WSAFDIsSet
htonl
listen
closesocket
recv
getpeername
select
ioctlsocket
gethostname
accept
bind
WSACreateEvent
setsockopt
sendto
freeaddrinfo
htons

advapi32

CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptEncrypt
CryptImportKey

bcrypt

BCryptGenRandom

normaliz

IdnToUnicode
IdnToAscii

crypt32

CertFreeCertificateChainEngine
CertFreeCertificateChain
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateChain

wldap32

ord217
ord60
ord45
ord46
ord211
ord50
ord41
ord22
ord32
ord26
ord27
ord33
ord301
ord200
ord30
ord79
ord35
ord143

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 700KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
build/drv/Map.exe
.exe windows:6 windows x64 arch:x64

55df5ed4bd18ba1e9b15c1f5c8ba2ddf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegSetValueExA
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExA
OpenProcessToken
RegQueryValueExA
RegCloseKey

ntdll

RtlLookupFunctionEntry
RtlPcToFileHeader
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlAnsiStringToUnicodeString
NtQuerySystemInformation
RtlInitUnicodeString
RtlInitAnsiString
RtlGetVersion
RtlUnwind

kernel32

FlsFree
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
VirtualFree
GetCurrentProcess
GetStdHandle
DeviceIoControl
VirtualAlloc
LoadLibraryExA
GetModuleHandleA
CreateFileA
CloseHandle
GetProcAddress
LocalFree
ExitProcess
GetCurrentProcessId
FreeLibrary
FormatMessageA
CreateFileW
GetLastError
GetFileAttributesExW
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
ReadFile
CreatePipe
GetExitCodeProcess
WaitForSingleObject
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetLocaleInfoEx
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFullPathNameW
GetTempPathW
AreFileApisANSI
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
WaitForSingleObjectEx
FlushFileBuffers
GetExitCodeThread
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LCMapStringEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
DuplicateHandle
CreateProcessW
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc

user32

MessageBoxA

dbghelp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

401e93b9b2193507b232792704229ee5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

kernel32

user32

shell32

ole32

msvcp140

winmm

imm32

d3dcompiler_47

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

ws2_32

advapi32

bcrypt

normaliz

crypt32

wldap32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 393KB - Virtual size: 392KB

.data Size: 700KB - Virtual size: 714KB

.pdata Size: 59KB - Virtual size: 58KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

55df5ed4bd18ba1e9b15c1f5c8ba2ddf

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

kernel32

user32

dbghelp

Sections

.text Size: 285KB - Virtual size: 285KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 5KB - Virtual size: 13KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 393KB - Virtual size: 392KB

.data
Size: 700KB - Virtual size: 714KB

.pdata
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 285KB - Virtual size: 285KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 3KB - Virtual size: 2KB