b83e0840658dadaa88d44dd4e6d9a1ec8cf7ea94e53b7f8050fb59628648ef0b

Sharing

Copy URL Twitter E-mail

General

Target

b83e0840658dadaa88d44dd4e6d9a1ec8cf7ea94e53b7f8050fb59628648ef0b
Size

1.5MB
MD5

b80e95bef0854cdb4a96948261d94bd9
SHA1

2a4aa64efb943e1c66c6b878097f689b9040b8c1
SHA256

b83e0840658dadaa88d44dd4e6d9a1ec8cf7ea94e53b7f8050fb59628648ef0b
SHA512

c604fb993481d3a3e6ac6f1952ab4c8e398ac753fad09761a856f48074b9ba1ec6ca4840258b5a3f9c17a725d3715ec7761631dbb9386e34c66356a2c073ffc2
SSDEEP

24576:bIQ8WS/l1h46q6kMTcr6DNPsqsbXnabczYjsCVyt2oQo+Tbc40eU:bBDS/DM6kMTcr6duWczQVa7Q24DU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b83e0840658dadaa88d44dd4e6d9a1ec8cf7ea94e53b7f8050fb59628648ef0b

Files

b83e0840658dadaa88d44dd4e6d9a1ec8cf7ea94e53b7f8050fb59628648ef0b
.exe windows:6 windows x86 arch:x86

e7455ffd9804d090cecba2e23b5fcd79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\OneClient\swup\output\v143\x86\Release\fssua.pdb

Imports

libwaapi

wa_api_teardown
wa_api_free
wa_api_invoke
wa_api_setup

shlwapi

UrlEscapeW
UrlUnescapeW

wintrust

WinVerifyTrust

kernel32

OutputDebugStringA
SetLastError
GetSystemTime
GetLocalTime
GetTimeZoneInformation
GetFileInformationByHandle
SetFilePointerEx
WriteFile
ReleaseMutex
GetTickCount64
CreateMutexW
OpenMutexW
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
SystemTimeToFileTime
VerifyVersionInfoW
VerSetConditionMask
OpenEventW
CreateBoundaryDescriptorW
AddSIDToBoundaryDescriptor
DeleteBoundaryDescriptor
CreatePrivateNamespaceW
ClosePrivateNamespace
OpenPrivateNamespaceW
ResetEvent
GlobalFindAtomW
GlobalAddAtomW
SetThreadPriority
GetCurrentThread
GetThreadPriority
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
GetExitCodeProcess
InitOnceComplete
WTSGetActiveConsoleSessionId
MoveFileExW
CopyFileW
GetSystemDirectoryW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
CreateEventW
SetEvent
ProcessIdToSessionId
ReadFile
GetModuleFileNameW
LocalAlloc
WaitForMultipleObjects
MultiByteToWideChar
FormatMessageW
LocalFree
LoadLibraryW
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
RegisterApplicationRecoveryCallback
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetCurrentThreadId
CreateThread
GetCurrentProcessId
Sleep
WaitForSingleObject
SetErrorMode
SetUnhandledExceptionFilter
FlushFileBuffers
CreateFileW
TerminateProcess
GetCurrentProcess
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSymbolicLinkW
GetFileInformationByHandleEx
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetProcessHeap
DeleteCriticalSection
HeapAlloc
GetLastError
InitializeCriticalSectionEx
HeapFree
CloseHandle
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetEndOfFile
GetFileTime
GetFileSizeEx
CompareFileTime
QueryPerformanceCounter
GetVersionExW
SwitchToThread
GetComputerNameW
CreateProcessW
PeekNamedPipe
CreatePipe
SetHandleInformation
InitializeSListHead
GetSystemTimeAsFileTime
FormatMessageA
ExpandEnvironmentStringsW
InitOnceBeginInitialize
GetLocaleInfoEx

user32

ExitWindowsEx

advapi32

LsaRemoveAccountRights
CryptAcquireContextW
ChangeServiceConfigW
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
StartServiceW
CreateProcessAsUserW
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
LogonUserW
CryptReleaseContext
CreateProcessWithLogonW
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaEnumerateAccountRights
AdjustTokenPrivileges
LookupPrivilegeValueW
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetEntriesInAclW
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyW
RegNotifyChangeKeyValue
ConvertSidToStringSidW
LookupAccountNameW
LookupAccountSidW
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
CreateWellKnownSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
LsaAddAccountRights

shell32

SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance
OleRun
CoInitializeSecurity
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
VariantInit
VariantClear
VariantTimeToSystemTime
GetErrorInfo

msvcp140

?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
_Query_perf_counter
_Query_perf_frequency
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
_Xtime_get_ticks
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?setf@ios_base@std@@QAEHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE_W_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
_Mtx_lock
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
?_Random_device@std@@YAIXZ
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?id@?$collate@D@std@@2V0locale@2@A
_Strxfrm
_Strcoll
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Xout_of_range@std@@YAXPBD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QBE_NXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
_Cnd_broadcast
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?in_avail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

crypt32

CryptBinaryToStringW
CertFreeCertificateContext

vcruntime140

memset
__RTDynamicCast
__CxxFrameHandler3
memmove
__std_type_info_compare
_CxxThrowException
__std_terminate
_set_purecall_handler
_purecall
_except_handler4_common
__std_exception_destroy
__current_exception_context
__std_exception_copy
__current_exception
strchr
memchr
memcpy

api-ms-win-crt-runtime-l1-1-0

abort
_errno
terminate
_set_invalid_parameter_handler
_controlfp_s
signal
_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
__p___argc
_beginthreadex
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
localeconv

api-ms-win-crt-math-l1-1-0

ceil
_dclass
__setusermatherr
_dsign

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vsprintf
__stdio_common_vswscanf
__p__commode
__stdio_common_vsnwprintf_s
_set_fmode
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
__stdio_common_vswprintf_s
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread

api-ms-win-crt-convert-l1-1-0

wcstoll
strtoll
strtod
_wtoi64
strtoull
_wtoi
_itow_s
wcstoul
wcstol
_wtoll

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc
realloc

api-ms-win-crt-string-l1-1-0

towlower
tolower
strncpy_s
iswspace
_wcsicmp
towupper

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winhttp

WinHttpQueryHeaders
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpCreateUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryOption
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSendRequest

msvcp140_atomic_wait

__std_atomic_wait_direct
__std_atomic_notify_all_direct

api-ms-win-crt-utility-l1-1-0

rand_s

netapi32

NetGetDCName
NetUserGetInfo
NetApiBufferFree

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7455ffd9804d090cecba2e23b5fcd79

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libwaapi

shlwapi

wintrust

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

crypt32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

version

userenv

winhttp

msvcp140_atomic_wait

api-ms-win-crt-utility-l1-1-0

netapi32

wtsapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 300KB - Virtual size: 299KB

.data Size: 42KB - Virtual size: 48KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 63KB - Virtual size: 62KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 300KB - Virtual size: 299KB

.data
Size: 42KB - Virtual size: 48KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 63KB - Virtual size: 62KB