DontBearWithCheaters (1)[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

DontBearWithCheaters (1).rar
Size

1.0MB
MD5

e31d8afc4e1c9ed4fa3ffdd525fb3049
SHA1

a8307cc941c7bcb45277e584444b280b44e4cd39
SHA256

7bc23223c8f81d70c230ceac3deb05670e9778974fd285b8cae1e693c2367de4
SHA512

d4435d623904ad044653dba8c315dabdc9bd50a0691c31b9f5a43d4896f82ea7d81953e96da66253fd1ac4352c0e6501ddc0a36b26ec6c5a2991bd1d2a65b431
SSDEEP

24576:LbeTRQDrR5Q9HkpZlKN6w3FdZN3NPcZykPOFY4gHnr:OTR+bQqlKN6wVdZ1NKPOxMr

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DontBearWithCheaters/EasyCheating.exe
unpack001/DontBearWithCheaters/execution.dll
unpack001/DontBearWithCheaters/libcurl.dll
unpack001/DontBearWithCheaters/xxhash.dll
unpack001/DontBearWithCheaters/zlib1.dll
unpack001/DontBearWithCheaters/zstd.dll

Files

DontBearWithCheaters (1).rar
.rar
DontBearWithCheaters/EasyCheating.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DontBearWithCheaters/execution.dll
.dll windows:6 windows x64 arch:x64

617a505260cc5663df1ba140d89d57bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

xxhash

XXH32

zstd

ZSTD_isError
ZSTD_compressBound
ZSTD_compress
ZSTD_maxCLevel

libcurl

curl_easy_cleanup
curl_easy_init
curl_free
curl_easy_escape
curl_easy_getinfo
curl_easy_perform
curl_easy_setopt
curl_version_info
curl_slist_free_all
curl_slist_append
curl_mime_free

wsock32

getsockname
getpeername
inet_ntoa
getsockopt
htonl
ord1141
ord1142
bind
htons
listen
closesocket
WSASetLastError
WSACleanup
WSAStartup
shutdown
ntohl
ntohs
setsockopt
select
WSAGetLastError

ws2_32

WSAStringToAddressW
WSASend
WSARecv
WSASocketW
WSAAddressToStringW

shlwapi

PathFindExtensionA

kernel32

RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
RtlVirtualUnwind
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
InitOnceComplete
InitOnceBeginInitialize
GetLocaleInfoEx
Sleep
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
RtlLookupFunctionEntry
IsDebuggerPresent
UnhandledExceptionFilter
GetStdHandle
CloseHandle
GetCurrentProcess
WriteProcessMemory
AssignProcessToJobObject
SetInformationJobObject
TerminateProcess
GetModuleHandleW
GetProcAddress
LoadLibraryW
CreateJobObjectA
AllocConsole
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetLastError
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObject
SleepEx
CreateMutexW
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
GetCurrentProcessId
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
FormatMessageA
CreateWaitableTimerA
MultiByteToWideChar
WideCharToMultiByte
OpenThread
GetThreadContext
OpenProcess
VirtualAllocEx
VirtualQueryEx
ReadProcessMemory
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
FreeLibrary
InitializeSListHead

user32

GetDesktopWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumWindows
FindWindowA
SetForegroundWindow
GetForegroundWindow
MapVirtualKeyA
GetWindowThreadProcessId
keybd_event

msvcp140

?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?xalloc@ios_base@std@@SAHXZ
?iword@ios_base@std@@QEAAAEAJH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_join
_Thrd_yield
_Thrd_hardware_concurrency
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?classic@locale@std@@SAAEBV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?toupper@?$ctype@D@std@@QEBADD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

vcruntime140

memcpy
__C_specific_handler
__std_type_info_compare
memset
memmove
__std_type_info_destroy_list
__current_exception_context
__current_exception
memcmp
_CxxThrowException
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
signal
_initterm
exit
_beginthreadex
_cexit
_invalid_parameter_noinfo_noreturn
abort
_errno
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_seh_filter_dll
_invalid_parameter_noinfo

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_aligned_free
_aligned_malloc

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-stdio-l1-1-0

fseek
fread
fputc
fopen
_fseeki64
fgetc
fflush
fclose
_get_stream_buffer_pointers
ftell
fwrite
setvbuf
_fileno
ungetc
__stdio_common_vsprintf
_isatty
__acrt_iob_func
freopen_s
__stdio_common_vswprintf_s
fsetpos
__stdio_common_vfprintf
fgetpos

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
strftime
_gmtime64_s

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

sqrt
sinh
_dsign
sin
log2
log10
log
tan
fmod
_dclass
ceilf
cosh
cos
tanh
floor
pow
ldexp
round
acos
asin
atan
atan2
ceil
exp

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
strtoull
strtod
atoi

api-ms-win-crt-string-l1-1-0

strnlen
strspn
tolower
toupper
strncmp
strcspn
strcpy_s
strcmp

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

Exports

Exports

attach
execute

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DontBearWithCheaters/libcurl.dll
.dll windows:6 windows x64 arch:x64

14248874c6f626cc676f0d1638a85bc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\user\Downloads\vcpkg-master\vcpkg-master\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb

Imports

ws2_32

htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
__WSAFDIsSet
listen
accept
gethostname
freeaddrinfo
getaddrinfo
inet_ntop
WSAIoctl
socket
select
WSAStartup
WSACleanup
recvfrom
sendto
setsockopt
getpeername
connect
bind
WSAGetLastError
inet_pton
WSASetLastError
send
closesocket
WSACloseEvent
getsockname
getsockopt
htons
ntohs
recv

bcrypt

BCryptGenRandom

zlib1

inflate
inflateEnd
inflateInit_
inflateInit2_
zlibVersion

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryW
PFXImportCertStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain

kernel32

GetModuleHandleA
GetSystemDirectoryW
QueryPerformanceFrequency
FormatMessageW
SetLastError
GetLastError
GetCurrentProcessId
MoveFileExW
Sleep
GetModuleHandleW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
GetProcAddress
FreeLibrary
WideCharToMultiByte
SleepEx
MultiByteToWideChar
CreateEventW
LoadLibraryW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetEnvironmentVariableA
GetTickCount
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
WaitForSingleObject

vcruntime140

__std_type_info_destroy_list
strstr
wcschr
memcmp
memchr
strrchr
memmove
strchr
memset
memcpy
__C_specific_handler

api-ms-win-crt-string-l1-1-0

_wcsdup
strcmp
strpbrk
_strdup
wcsncmp
wcspbrk
strspn
strncmp
wcsncpy
strcspn

api-ms-win-crt-stdio-l1-1-0

fflush
_read
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vsscanf
ftell
fputc
fseek
fclose
fputs
_fseeki64
fread
_lseeki64
_write
fwrite
__acrt_iob_func
_wfopen
_wopen
fgets
_fileno
_close
feof

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
strtoll
strtol
wcstombs

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_cexit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_beginthreadex
_errno
__sys_nerr
__sys_errlist

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_unlink
_wstat64
_fstat64

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_waitfds
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DontBearWithCheaters/xxhash.dll
.dll windows:6 windows x64 arch:x64

fba6b233846a2ea5e6907e23b2de9a26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\user\Downloads\vcpkg-master\vcpkg-master\buildtrees\xxhash\x64-windows-rel\xxhash.pdb

Imports

vcruntime140

memcpy
__std_type_info_destroy_list
__C_specific_handler
memset

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_cexit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table
_initialize_narrow_environment

kernel32

GetCurrentThreadId
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
RtlCaptureContext
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess

Exports

Exports

XXH128
XXH128_canonicalFromHash
XXH128_cmp
XXH128_hashFromCanonical
XXH128_isEqual
XXH32
XXH32_canonicalFromHash
XXH32_copyState
XXH32_createState
XXH32_digest
XXH32_freeState
XXH32_hashFromCanonical
XXH32_reset
XXH32_update
XXH3_128bits
XXH3_128bits_digest
XXH3_128bits_reset
XXH3_128bits_reset_withSecret
XXH3_128bits_reset_withSecretandSeed
XXH3_128bits_reset_withSeed
XXH3_128bits_update
XXH3_128bits_withSecret
XXH3_128bits_withSecretandSeed
XXH3_128bits_withSeed
XXH3_64bits
XXH3_64bits_digest
XXH3_64bits_reset
XXH3_64bits_reset_withSecret
XXH3_64bits_reset_withSecretandSeed
XXH3_64bits_reset_withSeed
XXH3_64bits_update
XXH3_64bits_withSecret
XXH3_64bits_withSecretandSeed
XXH3_64bits_withSeed
XXH3_copyState
XXH3_createState
XXH3_freeState
XXH3_generateSecret
XXH3_generateSecret_fromSeed
XXH64
XXH64_canonicalFromHash
XXH64_copyState
XXH64_createState
XXH64_digest
XXH64_freeState
XXH64_hashFromCanonical
XXH64_reset
XXH64_update
XXH_versionNumber

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DontBearWithCheaters/zlib1.dll
.dll windows:6 windows x64 arch:x64

d879d2294039900ef484e0f01607f882

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\user\Downloads\vcpkg-master\vcpkg-master\buildtrees\zlib\x64-windows-rel\zlib.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memmove
memchr
memset
memcpy

api-ms-win-crt-stdio-l1-1-0

_wopen
_write
_read
_close
__stdio_common_vsprintf
_open
_lseeki64

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-runtime-l1-1-0

_errno
strerror
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit

kernel32

DisableThreadLibraryCalls
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine_gen
crc32_combine_op
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DontBearWithCheaters/zstd.dll
.dll windows:6 windows x64 arch:x64

f32e8587cacdf9095c309b87f2877ebb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\user\Downloads\vcpkg-master\vcpkg-master\buildtrees\zstd\x64-windows-rel\lib\zstd.pdb

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
CloseHandle
GetLastError
WaitForSingleObject
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

vcruntime140

memcmp
memcpy
__C_specific_handler
memmove
__std_type_info_destroy_list
memset

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
_initterm_e
_configure_narrow_argv
_seh_filter_dll
_initterm
_beginthreadex
_errno
_execute_onexit_table
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

fflush
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

clock

Exports

Exports

ZDICT_addEntropyTablesFromBuffer
ZDICT_finalizeDictionary
ZDICT_getDictHeaderSize
ZDICT_getDictID
ZDICT_getErrorName
ZDICT_isError
ZDICT_optimizeTrainFromBuffer_cover
ZDICT_optimizeTrainFromBuffer_fastCover
ZDICT_trainFromBuffer
ZDICT_trainFromBuffer_cover
ZDICT_trainFromBuffer_fastCover
ZDICT_trainFromBuffer_legacy
ZSTD_CCtxParams_getParameter
ZSTD_CCtxParams_init
ZSTD_CCtxParams_init_advanced
ZSTD_CCtxParams_registerSequenceProducer
ZSTD_CCtxParams_reset
ZSTD_CCtxParams_setParameter
ZSTD_CCtx_getParameter
ZSTD_CCtx_loadDictionary
ZSTD_CCtx_loadDictionary_advanced
ZSTD_CCtx_loadDictionary_byReference
ZSTD_CCtx_refCDict
ZSTD_CCtx_refPrefix
ZSTD_CCtx_refPrefix_advanced
ZSTD_CCtx_refThreadPool
ZSTD_CCtx_reset
ZSTD_CCtx_setCParams
ZSTD_CCtx_setFParams
ZSTD_CCtx_setParameter
ZSTD_CCtx_setParametersUsingCCtxParams
ZSTD_CCtx_setParams
ZSTD_CCtx_setPledgedSrcSize
ZSTD_CStreamInSize
ZSTD_CStreamOutSize
ZSTD_DCtx_getParameter
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DCtx_setParameter
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_adjustCParams
ZSTD_cParam_getBounds
ZSTD_checkCParams
ZSTD_compress
ZSTD_compress2
ZSTD_compressBegin
ZSTD_compressBegin_advanced
ZSTD_compressBegin_usingCDict
ZSTD_compressBegin_usingCDict_advanced
ZSTD_compressBegin_usingDict
ZSTD_compressBlock
ZSTD_compressBound
ZSTD_compressCCtx
ZSTD_compressContinue
ZSTD_compressEnd
ZSTD_compressSequences
ZSTD_compressStream
ZSTD_compressStream2
ZSTD_compressStream2_simpleArgs
ZSTD_compress_advanced
ZSTD_compress_usingCDict
ZSTD_compress_usingCDict_advanced
ZSTD_compress_usingDict
ZSTD_copyCCtx
ZSTD_copyDCtx
ZSTD_createCCtx
ZSTD_createCCtxParams
ZSTD_createCCtx_advanced
ZSTD_createCDict
ZSTD_createCDict_advanced
ZSTD_createCDict_advanced2
ZSTD_createCDict_byReference
ZSTD_createCStream
ZSTD_createCStream_advanced
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_createThreadPool
ZSTD_dParam_getBounds
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressBound
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompressStream_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_decompressionMargin
ZSTD_defaultCLevel
ZSTD_endStream
ZSTD_estimateCCtxSize
ZSTD_estimateCCtxSize_usingCCtxParams
ZSTD_estimateCCtxSize_usingCParams
ZSTD_estimateCDictSize
ZSTD_estimateCDictSize_advanced
ZSTD_estimateCStreamSize
ZSTD_estimateCStreamSize_usingCCtxParams
ZSTD_estimateCStreamSize_usingCParams
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_flushStream
ZSTD_frameHeaderSize
ZSTD_freeCCtx
ZSTD_freeCCtxParams
ZSTD_freeCDict
ZSTD_freeCStream
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_freeThreadPool
ZSTD_generateSequences
ZSTD_getBlockSize
ZSTD_getCParams
ZSTD_getDecompressedSize
ZSTD_getDictID_fromCDict
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_getFrameProgression
ZSTD_getParams
ZSTD_initCStream
ZSTD_initCStream_advanced
ZSTD_initCStream_srcSize
ZSTD_initCStream_usingCDict
ZSTD_initCStream_usingCDict_advanced
ZSTD_initCStream_usingDict
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticCCtx
ZSTD_initStaticCDict
ZSTD_initStaticCStream
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_isSkippableFrame
ZSTD_maxCLevel
ZSTD_mergeBlockDelimiters
ZSTD_minCLevel
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_readSkippableFrame
ZSTD_registerSequenceProducer
ZSTD_resetCStream
ZSTD_resetDStream
ZSTD_sequenceBound
ZSTD_sizeof_CCtx
ZSTD_sizeof_CDict
ZSTD_sizeof_CStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_toFlushNow
ZSTD_versionNumber
ZSTD_versionString
ZSTD_writeSkippableFrame

Sections

.text
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 48KB - Virtual size: 47KB

.rsrc Size: 1KB - Virtual size: 1KB

617a505260cc5663df1ba140d89d57bb

Headers

DLL Characteristics

File Characteristics

Imports

xxhash

zstd

libcurl

wsock32

ws2_32

shlwapi

kernel32

user32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 182KB - Virtual size: 182KB

.data Size: 20KB - Virtual size: 58KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

14248874c6f626cc676f0d1638a85bc6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

bcrypt

zlib1

advapi32

crypt32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 411KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 10KB - Virtual size: 12KB

.pdata Size: 21KB - Virtual size: 21KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

fba6b233846a2ea5e6907e23b2de9a26

Headers

DLL Characteristics

.text
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 182KB - Virtual size: 182KB

.data
Size: 20KB - Virtual size: 58KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 412KB - Virtual size: 411KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 10KB - Virtual size: 12KB

.pdata
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 44B

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 108B

.text
Size: 553KB - Virtual size: 553KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 196B