build[.]exe[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

build.exe.exe
Size

4.2MB
MD5

4586ad607fd47e991bae09f87d697aff
SHA1

188dd80658aed689a96d3e3135569828bc23e5f1
SHA256

682321774f0b93b834e8ae7a7152a4e4b75a050206328ce587a136cff7b07393
SHA512

b8f009be58c81ff52199805b16769a21e0bf8667b6c0031a5df29976e3b9e0139ca7773506768e0dd628ed4e318c55bad74865021a9a3fb62e35644882eb4cd0
SSDEEP

49152:67smTDX2hUJDlA/oyGKwbeKmomaTTaGcqGcX1Ozr/cGngmMj5f8aploudkurxZ:KMhVFozyG/GREUMlxploc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
build.exe.exe

Files

build.exe.exe
.exe windows:6 windows x64 arch:x64

48d82f742673c2098b6af8953b6bf931

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\files\visual\project\cheat\Paid\Current\DW-Public\Build\Fortnite.pdb

Imports

kernel32

GetPrivateProfileIntA
QueryFullProcessImageNameW
lstrcmpiA
LoadLibraryW
OpenProcess
SetThreadPriority
GetCurrentThread
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
WakeAllConditionVariable
GetFileInformationByHandleEx
AreFileApisANSI
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Process32First
Process32Next
GetExitCodeProcess
TerminateProcess
Sleep
WaitForSingleObject
GetPrivateProfileStringA
FindNextFileW
DeleteCriticalSection
GetCurrentProcess
CreateThread
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
CloseHandle
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
VerifyVersionInfoW
QueryDosDeviceW
K32GetModuleFileNameExW
GetEnvironmentVariableW
K32GetProcessImageFileNameW
GetSystemDirectoryW
K32GetModuleInformation
Module32FirstW
GetFileAttributesExW
WritePrivateProfileStringA
GetCurrentProcessId
Module32NextW
VirtualQuery
InitializeCriticalSectionEx
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetConsoleScreenBufferInfo
GetProcessHeap
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
GetBinaryTypeW
VirtualFree
VirtualAlloc
GetWriteWatch
ResetWriteWatch
GlobalGetAtomNameW
GetThreadContext
HeapQueryInformation
ReadProcessMemory
IsDebuggerPresent
CreateRemoteThread
SetUnhandledExceptionFilter
CheckRemoteDebuggerPresent
OutputDebugStringW
GetSystemInfo
lstrlenW
CreateEventW
SetEvent
SwitchToThread
GetFileAttributesW
Beep
GetStdHandle
CreateFileW
CreateFileA
GetLocaleInfoA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
K32EnumProcessModules
WriteFile
WaitNamedPipeW
CreateFileMappingA
VirtualProtectEx
IsWow64Process
SetThreadExecutionState
GetCurrentThreadId
SuspendThread
ResumeThread
SetThreadContext
FlushInstructionCache
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleWindowInfo
HeapSize
SetConsoleTitleA
SleepEx
GlobalAlloc
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SleepConditionVariableSRW

user32

DispatchMessageA
PeekMessageA
DefWindowProcW
PostQuitMessage
UnregisterClassW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
GetSystemMetrics
GetClassNameW
FindWindowExW
TranslateMessage
FindWindowW
SetMenu
UpdateWindow
GetWindowTextA
GetWindowRect
MessageBoxA
GetWindowLongPtrA
SetWindowLongPtrA
GetDesktopWindow
FindWindowA
EnumWindows
GetClassNameA
GetWindowThreadProcessId
SetProcessDPIAware
MonitorFromWindow
LoadCursorA
ScreenToClient
ClientToScreen
SetCursor
SetCursorPos
GetClientRect
ReleaseDC
GetForegroundWindow
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetMessageExtraInfo
TrackMouseEvent
GetKeyboardLayout
GetCursorPos
GetDC
GetAsyncKeyState
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard

gdi32

GetPixel
GetDeviceCaps
CreateRectRgn
DeleteObject

advapi32

GetTokenInformation
LookupPrivilegeValueW
RegOpenKeyExW
RegQueryValueExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
AdjustTokenPrivileges
InitializeAcl
IsValidSid
GetUserNameA
SetSecurityInfo
CopySid
ConvertSidToStringSidA

shell32

ShellExecuteExA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

d3d11

D3D11CreateDeviceAndSwapChain

msvcp140

?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?fail@ios_base@std@@QEBA_NXZ
?_Throw_C_error@std@@YAXH@Z
_Cnd_signal
_Cnd_broadcast
_Cnd_timedwait
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Cnd_destroy
_Cnd_init
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_destroy
_Mtx_init
_Thrd_id
_Thrd_join
_Xtime_get_ticks
_Thrd_start
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setf@ios_base@std@@QEAAHHH@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?rdstate@ios_base@std@@QEBAHXZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Mtx_lock
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
?uncaught_exceptions@std@@YAHXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea
DwmGetColorizationColor

ntdll

NtDeviceIoControlFile
RtlInitUnicodeString
RtlLookupFunctionEntry
NtCreateFile
RtlVirtualUnwind
RtlCaptureContext
NtRaiseHardError
RtlAdjustPrivilege
RtlAddFunctionTable

normaliz

IdnToAscii

wldap32

ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord217
ord46
ord211
ord60
ord45
ord50
ord143

crypt32

CertOpenStore
CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore

ws2_32

getsockname
getsockopt
htons
setsockopt
connect
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
bind
WSAGetLastError
send
recv
closesocket
getpeername
socket
ntohs

shlwapi

StrChrW
StrStrIW
StrCmpNIW
StrCmpIW
PathFindFileNameW

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

memchr
__intrinsic_setjmp
__current_exception_context
__current_exception
longjmp
__CxxFrameHandler3
__std_terminate
strstr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__C_specific_handler
strrchr
memcpy
memmove
memset
memcmp
strchr
_purecall
wcsstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
system
_invalid_parameter_noinfo_noreturn
terminate
_getpid
_crt_atexit
_seh_filter_exe
strerror
__sys_nerr
exit
_errno
_beginthreadex
_invalid_parameter_noinfo
_resetstkoflw
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
abort
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

tolower
_strdup
strcmp
strcpy_s
strcspn
strspn
strpbrk
strncmp
isupper
strncpy
isalpha
wcscpy_s
wcscmp
wcslen
_wcsicmp
islower

api-ms-win-crt-stdio-l1-1-0

_pclose
_popen
fopen
fputs
feof
fseek
ftell
fwrite
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_set_fmode
__p__commode
_read
_write
_close
_open
fgets
__stdio_common_vsprintf_s
fflush
fclose
_wfopen
__acrt_iob_func
fopen_s
__stdio_common_vswprintf
_get_stream_buffer_pointers
fgetc
fgetpos
_lseeki64
fputc
fsetpos
_fseeki64
setvbuf
ungetc
__stdio_common_vsnprintf_s
fread

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
realloc
_set_new_mode
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

sinf
sqrtf
acosf
ceilf
powf
ceil
cosf
cos
atan2
asin
acos
_dsign
log2
tanf
pow
logf
log
atan2f
sin
fmodf
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtoull
strtoll
strtof
strtod
atof
strtol

api-ms-win-crt-environment-l1-1-0

getenv
getenv_s

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_fstat64
_unlink
_access
remove
_lock_file
_stat64

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_localtime64
_gmtime64_s
_time64
_gmtime64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
localeconv

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48d82f742673c2098b6af8953b6bf931

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

d3d11

msvcp140

imm32

d3dcompiler_47

dwmapi

ntdll

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 426KB - Virtual size: 426KB

.data Size: 1.4MB - Virtual size: 1.6MB

.pdata Size: 79KB - Virtual size: 79KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 426KB - Virtual size: 426KB

.data
Size: 1.4MB - Virtual size: 1.6MB

.pdata
Size: 79KB - Virtual size: 79KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 8KB - Virtual size: 7KB