D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
IwaraDownloader.exe
Resource
win7-20240729-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
IwaraDownloader.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
aspnetcorev2_inprocess.dll
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral4
Sample
aspnetcorev2_inprocess.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
e_sqlite3.dll
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
e_sqlite3.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
5c37db136c25990eafc81f6cb367c067b9a077f396494116af8bd0e2067462d8
-
Size
13.9MB
-
MD5
df6746cbfc23f9a71fa4762b3b53f6df
-
SHA1
0b73b47d89651778c01bd3132329efc4d19fb240
-
SHA256
5c37db136c25990eafc81f6cb367c067b9a077f396494116af8bd0e2067462d8
-
SHA512
5f63d68f0d6e05e6b3a3b4026156004299c1960278da80c7056116145417054d8cdb134dc2b77a4d162819e9a99bbcd4ceeed15e561811c2688f419dc651941b
-
SSDEEP
393216:4UROPK9iLpF85Ic/Jc1OSt/vIehtROKIuhsX7o78opYA75MWoXCRO3:hcyoL/7c/JxG/AthVX7o6DWoXZ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/IwaraDownloader.exe unpack001/e_sqlite3.dll
Files
-
5c37db136c25990eafc81f6cb367c067b9a077f396494116af8bd0e2067462d8.zip
-
IwaraDownloader.exe.exe windows:6 windows x64 arch:x64
0256a58fd9b0438015663c91d138cf1e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
RaiseException
FreeLibrary
RaiseFailFastException
GetExitCodeProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
MultiByteToWideChar
GetTickCount
GetCurrentProcessId
FlushInstructionCache
QueryPerformanceFrequency
QueryPerformanceCounter
RtlLookupFunctionEntry
LocateXStateFeature
RtlDeleteFunctionTable
InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead
GetTickCount64
DuplicateHandle
QueueUserAPC
WaitForSingleObjectEx
SetThreadPriority
GetThreadPriority
ResumeThread
GetCurrentThreadId
TlsAlloc
GetCurrentThread
CreateThread
GetModuleHandleW
WaitForMultipleObjectsEx
SignalObjectAndWait
RtlCaptureContext
SetThreadStackGuarantee
VirtualQuery
WriteFile
GetStdHandle
GetConsoleOutputCP
MapViewOfFileEx
UnmapViewOfFile
GetStringTypeExW
SetEvent
GetCurrentProcessorNumber
GlobalMemoryStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
InterlockedPopEntrySList
GetCurrentProcessorNumberEx
ExitProcess
Sleep
CreateMemoryResourceNotification
GetProcessAffinityMask
SetThreadIdealProcessorEx
GetThreadIdealProcessorEx
GetLargePageMinimum
VirtualUnlock
GetLogicalProcessorInformation
SetThreadGroupAffinity
SetThreadAffinityMask
IsProcessInJob
QueryInformationJobObject
K32GetProcessMemoryInfo
VirtualAlloc
VirtualFree
VirtualProtect
SleepEx
SwitchToThread
InitializeContext
SetXStateFeaturesMask
RtlRestoreContext
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
ReadFile
GetFileSize
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateEventW
ResetEvent
CreateSemaphoreExW
WaitForSingleObject
CreateMutexW
ReleaseMutex
GetThreadContext
SuspendThread
SetThreadContext
GetEnabledXStateFeatures
CopyContext
WerRegisterRuntimeExceptionModule
RtlInstallFunctionTableCallback
GetSystemDefaultLCID
GetUserDefaultLCID
RtlUnwind
LoadLibraryExW
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
GetACP
LCMapStringEx
LocalFree
VerSetConditionMask
VerifyVersionInfoW
QueryThreadCycleTime
VirtualAllocExNuma
GetNumaProcessorNodeEx
GetNumaHighestNodeNumber
GetLogicalProcessorInformationEx
GetThreadGroupAffinity
GetSystemTimes
GetProcessGroupAffinity
CreateFileMappingW
GetSystemTimeAsFileTime
GetModuleFileNameW
CreateProcessW
GetCPInfo
CreateFileW
GetFileAttributesExW
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameW
LoadLibraryExA
OutputDebugStringA
OpenEventW
ExitThread
HeapReAlloc
CreateNamedPipeA
WaitForMultipleObjects
DisconnectNamedPipe
CreateFileA
CancelIoEx
GetOverlappedResult
ConnectNamedPipe
FlushFileBuffers
SetFilePointer
MapViewOfFile
GetActiveProcessorGroupCount
GetSystemTime
SetConsoleCtrlHandler
GetLocaleInfoEx
GetUserDefaultLocaleName
RtlAddFunctionTable
LoadLibraryW
CreateDirectoryW
RemoveDirectoryW
GetFileSizeEx
FindFirstFileExW
FindNextFileW
FindClose
LoadLibraryA
IsWow64Process
InitializeCriticalSectionAndSpinCount
CloseHandle
TlsSetValue
TlsGetValue
GetSystemInfo
GetCurrentProcess
OutputDebugStringW
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetProcAddress
GetModuleHandleExW
SetErrorMode
FlushProcessWriteBuffers
SetLastError
GetLastError
WideCharToMultiByte
ReleaseSemaphore
DebugBreak
DecodePointer
InitializeCriticalSectionEx
RtlVirtualUnwind
IsProcessorFeaturePresent
RtlUnwindEx
EncodePointer
TlsFree
RtlPcToFileHeader
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetExitCodeThread
GetStringTypeW
CreateFileMappingA
advapi32
RegGetValueW
SetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
SetThreadToken
RevertToSelf
OpenThreadToken
EventWriteTransfer
EventWrite
ole32
CoUnmarshalInterface
CoMarshalInterface
CoGetObjectContext
StringFromGUID2
CoRevokeInitializeSpy
CoUninitialize
CoWaitForMultipleHandles
CoRegisterInitializeSpy
CoInitializeEx
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoReleaseMarshalData
CoGetContextToken
CoGetClassObject
IIDFromString
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoGetMarshalSizeMax
CLSIDFromProgID
oleaut32
SafeArrayAllocData
SafeArrayGetElemsize
SysStringByteLen
SafeArraySetRecordInfo
SafeArrayCreateVector
SafeArrayPutElement
LoadRegTypeLi
CreateErrorInfo
SysAllocStringByteLen
SafeArrayAllocDescriptorEx
VarCyFromDec
SysFreeString
VariantInit
VariantClear
VariantChangeTypeEx
VariantChangeType
SafeArrayGetVartype
LoadTypeLibEx
QueryPathOfRegTypeLi
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetDim
SysAllocStringLen
SysAllocString
SysStringLen
SetErrorInfo
GetErrorInfo
GetRecordInfoFromTypeInfo
user32
MessageBoxW
LoadStringW
shell32
ShellExecuteW
api-ms-win-crt-string-l1-1-0
strlen
_strnicmp
tolower
wcsncmp
iswupper
towlower
isalpha
isdigit
wcstok_s
strnlen
strncpy_s
iswascii
towupper
wcscat_s
strcat_s
isupper
toupper
wcsncat_s
_wcsdup
strncat_s
iswspace
islower
strcspn
strncmp
strcmp
_wcsnicmp
__strncnt
_stricmp
wcsnlen
strcpy_s
_wcsicmp
_strdup
isspace
strtok_s
wcscpy_s
wcsncpy_s
api-ms-win-crt-stdio-l1-1-0
fgetc
fclose
_wfopen
__p__commode
fgets
_set_fmode
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
fputs
__stdio_common_vsnwprintf_s
fwrite
fopen
_flushall
fseek
__stdio_common_vfprintf
ftell
_fileno
_dup
_setmode
__stdio_common_vsprintf_s
__stdio_common_vswprintf
__acrt_iob_func
fflush
setvbuf
__stdio_common_vfwprintf
fputws
fputwc
_get_stream_buffer_pointers
_wfsopen
fputc
fread
fgetpos
ungetc
fsetpos
_fseeki64
api-ms-win-crt-runtime-l1-1-0
_wcserror_s
abort
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
terminate
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_exit
_beginthreadex
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_controlfp_s
_set_app_type
_invalid_parameter_noinfo
_errno
api-ms-win-crt-convert-l1-1-0
atol
_atoi64
strtoull
wcstoul
_wcstoui64
_itow_s
_wtoi
_ltow_s
strtoul
api-ms-win-crt-heap-l1-1-0
realloc
free
_set_new_mode
malloc
calloc
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-math-l1-1-0
cosh
cosf
cos
ceilf
ceil
atanf
atan2f
log10f
atan2
atanh
acosh
sinhf
asinh
asinhf
atanhf
cbrtf
log2
atan
_copysign
asinf
asin
exp
acosf
acos
expf
powf
pow
_fdopen
sqrt
floor
_copysignf
_isnanf
trunc
truncf
ilogb
ilogbf
floorf
_finite
__setusermatherr
fma
frexp
modf
modff
fmaf
fmod
sinf
fmodf
log2f
logf
coshf
log
sinh
_isnan
log10
acoshf
sin
sqrtf
tan
tanf
tanh
cbrt
tanhf
api-ms-win-crt-time-l1-1-0
_time64
wcsftime
_gmtime64_s
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
setlocale
__pctype_func
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func
localeconv
_configthreadlocale
_lock_locales
_unlock_locales
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_wremove
_wrename
_lock_file
Exports
Exports
CLRJitAttachState
DotNetRuntimeInfo
MetaDataGetDispenser
g_CLREngineMetrics
g_dacTable
Sections
.text Size: 5.9MB - Virtual size: 5.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.CLR_UEF Size: 512B - Virtual size: 221B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 216KB - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Section Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 77KB - Virtual size: 77KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
aspnetcorev2_inprocess.dll.dll windows:6 windows x64 arch:x64
d8498b18488511aa024d3b818125e2d4
Code Sign
33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4dCertificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before16/03/2023, 18:43Not After14/03/2024, 18:43SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
89:e7:b3:e6:a7:af:6e:92:b6:ba:53:c7:af:39:0b:c8:d9:79:4a:88:91:9c:3f:7f:13:85:c5:65:8f:59:66:3fSigner
Actual PE Digest89:e7:b3:e6:a7:af:6e:92:b6:ba:53:c7:af:39:0b:c8:d9:79:4a:88:91:9c:3f:7f:13:85:c5:65:8f:59:66:3fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\a\_work\1\s\artifacts\bin\InProcessRequestHandler\x64\Release\aspnetcorev2_inprocess.pdb
Imports
kernel32
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleExW
SetDllDirectoryW
CloseHandle
GetConsoleWindow
DecodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSection
IsDebuggerPresent
SetCurrentDirectoryW
GetLastError
SetEnvironmentVariableW
DisableThreadLibraryCalls
GetCurrentProcessId
InitializeSRWLock
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
InitializeCriticalSectionAndSpinCount
LCMapStringEx
EncodePointer
GetSystemTimeAsFileTime
SetLastError
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
HeapLock
HeapUnlock
HeapWalk
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList
GetCurrentProcessorNumber
GetSystemInfo
GetModuleHandleW
GetStdHandle
CreateFileW
FlushFileBuffers
SetFilePointer
WriteFile
OutputDebugStringW
DuplicateHandle
GetCurrentProcess
CompareStringOrdinal
WideCharToMultiByte
GetConsoleOutputCP
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CreateDirectoryW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetNativeSystemInfo
IsWow64Process
GetDllDirectoryW
CopyFileW
GetProcessTimes
FileTimeToSystemTime
GetProcAddress
LoadLibraryW
ReadFile
CreatePipe
CancelSynchronousIo
CreateThread
TerminateThread
GetExitCodeThread
AllocConsole
SetHandleInformation
GetExitCodeProcess
CreateProcessW
LocalFree
GetBinaryTypeW
SetStdHandle
GetFileAttributesW
HeapReAlloc
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ExitThread
QueueUserWorkItem
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
ReadDirectoryChangesW
RaiseException
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
GetLocaleInfoEx
WaitForSingleObjectEx
GetCurrentThreadId
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
QueryPerformanceCounter
GetStringTypeW
user32
GetWindowThreadProcessId
EnumWindows
PostMessageW
advapi32
RegCloseKey
RegQueryValueExW
ReportEventW
RegisterEventSourceW
RegGetValueW
RegOpenKeyExW
oleaut32
VariantClear
VariantInit
SysAllocString
VariantChangeType
SysFreeString
api-ms-win-crt-runtime-l1-1-0
_errno
_beginthreadex
_execute_onexit_table
terminate
abort
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_initterm_e
_initterm
_cexit
_crt_atexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
api-ms-win-crt-string-l1-1-0
_wcsnicmp
_stricmp
strcpy_s
isupper
wcsncmp
islower
wcsnlen
toupper
__strncnt
strcspn
_wcsdup
api-ms-win-crt-stdio-l1-1-0
_wfsopen
__stdio_common_vsnprintf_s
fseek
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
__stdio_common_vsnwprintf_s
__stdio_common_vfwprintf
fputws
fputwc
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
__acrt_iob_func
freopen_s
_fileno
_dup
_dup2
_get_osfhandle
_open_osfhandle
api-ms-win-crt-heap-l1-1-0
calloc
free
_callnewh
malloc
_aligned_malloc
_aligned_free
api-ms-win-crt-time-l1-1-0
_gmtime64_s
wcsftime
_time64
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
api-ms-win-crt-math-l1-1-0
frexp
_fdopen
api-ms-win-crt-convert-l1-1-0
_wtoi
strtol
wcstoul
shell32
CommandLineToArgvW
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
api-ms-win-crt-locale-l1-1-0
localeconv
__pctype_func
___lc_codepage_func
_unlock_locales
___mb_cur_max_func
setlocale
___lc_locale_name_func
_lock_locales
Exports
Exports
CreateApplication
get_hostfxr_path
http_cancel_io
http_close_connection
http_disable_buffering
http_enable_websockets
http_flush_response_bytes
http_get_application_properties
http_get_authentication_information
http_get_completion_info
http_get_raw_request
http_get_raw_response
http_get_server_variable
http_has_response4
http_indicate_completion
http_post_completion
http_read_request_bytes
http_reset_stream
http_response_set_known_header
http_response_set_need_goaway
http_response_set_trailer
http_response_set_unknown_header
http_set_completion_status
http_set_managed_context
http_set_response_status_code
http_set_server_variable
http_set_startup_error_page_content
http_stop_calls_into_managed
http_stop_incoming_requests
http_websockets_flush_bytes
http_websockets_read_bytes
http_websockets_write_bytes
http_write_response_bytes
register_callbacks
set_main_handler
Sections
.text Size: 254KB - Virtual size: 254KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 85KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
e_sqlite3.dll.dll windows:6 windows x64 arch:x64
0fb20445d5d7bb0c6cc4c3e775f04999
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\a\cb\cb\cb\bld\bin\e_sqlite3\win\v142\plain\x64\e_sqlite3.pdb
Imports
kernel32
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetTimeZoneInformation
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
Exports
Exports
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_autovacuum_pages
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_changes64
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_filename
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_data_directory
sqlite3_database_file_object
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_name
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_deserialize
sqlite3_drop_modules
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_error_offset
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_filename_database
sqlite3_filename_journal
sqlite3_filename_wal
sqlite3_finalize
sqlite3_free
sqlite3_free_filename
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_hard_heap_limit64
sqlite3_initialize
sqlite3_interrupt
sqlite3_key
sqlite3_key_v2
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_rekey
sqlite3_rekey_v2
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_serialize
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snapshot_cmp
sqlite3_snapshot_free
sqlite3_snapshot_get
sqlite3_snapshot_open
sqlite3_snapshot_recover
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_total_changes64
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_txn_state
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_key
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_encoding
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_distinct
sqlite3_vtab_in
sqlite3_vtab_in_first
sqlite3_vtab_in_next
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_vtab_rhs_value
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 196KB - Virtual size: 195KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ