Release[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Release.rar
Size

466KB
MD5

c029799f9d2cc45c8492509664e15290
SHA1

7f1b63c54cf6ea12d6a5a8901874f5cc6c02162b
SHA256

bad850e1152d2eeb68d5ff2d7ebf992537f90180a7200d7b65a001054fb230dd
SHA512

9e088b53e7fb56fc854a7d6f41ffebe2a4aeec9fc34dbbb5d3e78eeeda152dae9a359e6e3a4357a31b029319451c41bd8496966120491aa770570f95ff3d93a9
SSDEEP

12288:clmwhHJljnX5YZGFFiJYOkwkNeYOEO8mcHu2XyuS:yhjX5YZGDi6XZ4YXyb

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/driver.sys
unpack001/map.exe
unpack001/um.exe

Files

Release.rar
.rar
driver.sys
.sys windows:10 windows x64 arch:x64

a673f839deae5b29b0e8a0fe26dfcd36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Desi\Desktop\Stuff\Development\FN PROJECTS\ioctl base updated by redshirtfan\build\driver\driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrintEx
ExAllocatePool
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmGetPhysicalMemoryRanges
MmCopyMemory
MmGetVirtualForPhysical
MmIsAddressValid
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license.log
map.exe
.exe windows:4 windows x86 arch:x86

8c16c795b57934183422be5f6df7d891

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
ord661
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
ord669
ord593
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord705
__vbaStrFixstr
_CIsin
ord631
ord709
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaGet4
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord714
ord609
__vbaFPException
ord319
__vbaGetOwner3
__vbaUbound
ord535
__vbaFileSeek
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord689
__vbaAryLock
__vbaVarAdd
ord611
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaFpI4
ord616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaCastObj
__vbaR8IntI4
ord650
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
um.exe
.exe windows:6 windows x64 arch:x64

85d855b479e35f4c76c0437726197375

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Clxp\Desktop\ratted\Crypt Slotted\um\x64\Release\um.pdb

Imports

kernel32

GetCurrentProcess
GetStdHandle
SetConsoleMode
DeviceIoControl
VirtualAlloc
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetConsoleMode
GetTempPathA
GetLastError
Process32NextW
Process32FirstW
CloseHandle
ExitProcess
GetConsoleWindow
lstrcmpiW
SetConsoleTitleA
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetCommandLineW
GetFileAttributesExW
FindFirstFileW
FindClose
GetLocaleInfoEx
FormatMessageA
LocalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VirtualFree
SetLastError
GetVolumeInformationW
GetStartupInfoW
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar

user32

GetAsyncKeyState
EnumWindows
PeekMessageW
ShowWindow
MoveWindow
DispatchMessageW
DefWindowProcA
SetLayeredWindowAttributes
TranslateMessage
LoadIconW
SetWindowPos
SetWindowLongW
GetDesktopWindow
RegisterClassExA
UpdateWindow
GetKeyState
ScreenToClient
ClientToScreen
GetForegroundWindow
LoadCursorW
SetCursor
GetClientRect
GetWindowThreadProcessId
GetWindow
GetWindowRect
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DestroyWindow
GetSystemMetrics

advapi32

SetThreadToken
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
RevertToSelf
PrivilegeCheck
SetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathA
ShellExecuteA

d3d9

Direct3DCreate9Ex

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?id@?$collate@D@std@@2V0locale@2@A
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
_Xtime_get_ticks
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
_Strcoll
_Strxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z

urlmon

URLDownloadToFileA

ws2_32

getsockopt
__WSAFDIsSet
closesocket
connect
getnameinfo
freeaddrinfo
ioctlsocket
getaddrinfo
WSASocketW
getpeername
WSAGetLastError
getsockname
WSAStartup
socket
shutdown
WSACleanup
ntohs
setsockopt
send
select
recv

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_compare
__std_type_info_name
_CxxThrowException
memchr
__current_exception
__current_exception_context
__C_specific_handler
memmove
strstr
memset
memcpy
memcmp
_purecall
__std_exception_copy
__std_exception_destroy
strchr
__std_terminate

api-ms-win-crt-stdio-l1-1-0

fputc
fwrite
_wfopen
__stdio_common_vsprintf
ftell
__acrt_iob_func
fflush
fread
__stdio_common_vsscanf
_set_fmode
__stdio_common_vsprintf_s
fgetc
__p__commode
fclose
fgetpos
fseek
_get_stream_buffer_pointers
setvbuf
_fseeki64
fsetpos
ungetc
__stdio_common_vfprintf

api-ms-win-crt-utility-l1-1-0

rand
_byteswap_ulong
qsort

api-ms-win-crt-string-l1-1-0

strcmp
_stricmp
strncpy
_wcsicmp
strlen
tolower
isdigit
strncmp

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
realloc
malloc
_callnewh
free
_set_new_mode
_aligned_free

api-ms-win-crt-convert-l1-1-0

strtod
atof
strtoull
strtol
strtoul
strtoll

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
_exit
exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
system
abort
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
_crt_atexit
terminate
_register_onexit_function
_set_app_type
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

_dsign
acosf
asin
atan
_dtest
atan2
atan2f
ceilf
cos
cosf
pow
fmodf
powf
sinf
sqrt
sqrtf
tanf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func
_configthreadlocale

Sections

.text
Size: 666KB - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a673f839deae5b29b0e8a0fe26dfcd36

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 128B

.pdata Size: 512B - Virtual size: 192B

INIT Size: 1024B - Virtual size: 664B

.reloc Size: 512B - Virtual size: 36B

8c16c795b57934183422be5f6df7d891

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 104KB - Virtual size: 100KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 4KB

85d855b479e35f4c76c0437726197375

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

d3d9

imm32

dwmapi

msvcp140

urlmon

ws2_32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 666KB - Virtual size: 665KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 25KB - Virtual size: 31KB

.pdata Size: 30KB - Virtual size: 29KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 128B

.pdata
Size: 512B - Virtual size: 192B

INIT
Size: 1024B - Virtual size: 664B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 104KB - Virtual size: 100KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 666KB - Virtual size: 665KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 25KB - Virtual size: 31KB

.pdata
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 5KB - Virtual size: 5KB