Nitro_Generator_with_Checker[.]rar

Resubmissions

19-09-2024 12:37

240919-ptfczaydpa 8

19-09-2024 12:33

240919-prhqbaygnn 8

Sharing

Copy URL

Twitter E-mail

General

Target

Nitro_Generator_with_Checker.rar
Size

8.0MB
MD5

65f2fcfbd2e9c0ab1df7eac86353cc62
SHA1

f874726ac4cdf4af8204738fdf3e5ff7e33db490
SHA256

c1e7a6fb6e66f5c0fc2a4777dc61c8732ab4c05756de7f4fae76bf766148141b
SHA512

29253dab150b85fb6f1ae65e1d17b526f8dc0132e6d5587bf02b6b164d4b8e4614475e6740ccb09c85e05288a98cd79ace8101107c50d9752599c18fc95a0e30
SSDEEP

196608:fP7lP7vLSfkzKcci0OmZsBh63/2HphTQX7BLtxYbXglKXOBMwxf/SWn:75DS4b0NCE2O7FtxYbXgl+rKTn

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/Nitro Generator with Checker/WebDriver/Jint.exe	pyinstaller

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nitro Generator with Checker/BFE.DLL
unpack001/Nitro Generator with Checker/NitroGen.exe
unpack001/Nitro Generator with Checker/WebDriver/BFE.DLL
unpack001/Nitro Generator with Checker/WebDriver/Ionic.Zip.dll
unpack001/Nitro Generator with Checker/WebDriver/Jint.exe
unpack001/Nitro Generator with Checker/WebDriver/Launcher.exe

Files

Nitro_Generator_with_Checker.rar
.rar
Nitro Generator with Checker/BFE.DLL
.dll windows:10 windows x64 arch:x64

af3ccebee341bc1634b9269a2d4ab01d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bfe.pdb

Imports

msvcrt

_initterm
__C_specific_handler
wcscspn
_wcslwr
bsearch
_ultoa_s
strpbrk
strstr
sprintf_s
isprint
_ltoa_s
_i64toa_s
_ui64toa_s
wprintf
memmove
memcpy
malloc
memcmp
log
wcstoul
_vsnprintf
_vsnwprintf
_wcsicmp
free
wcstol
qsort
_amsg_exit
iswctype
_XcptFilter
wcschr
_wcsnicmp
_ultow
tolower
wcsnlen
memset

ntdll

NtQueryObject
RtlGetSaclSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlNumberOfSetBits
RtlInitializeBitMap
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmAddToStream
RtlValidSid
RtlLengthSid
NtDeviceIoControlFile
RtlAllocateHeap
RtlInitializeSRWLock
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlGetCurrentServiceSessionId
RtlCreateHashTable
RtlDeleteHashTable
RtlInsertEntryHashTable
RtlRemoveEntryHashTable
RtlLookupEntryHashTable
RtlGetNextEntryHashTable
RtlInitEnumerationHashTable
RtlEnumerateEntryHashTable
RtlEndEnumerationHashTable
RtlContractHashTable
RtlGetOwnerSecurityDescriptor
RtlAdjustPrivilege
RtlAbsoluteToSelfRelativeSD
RtlSetOwnerSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlCreateServiceSid
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlSubAuthorityCountSid
TpReleaseTimer
TpWaitForTimer
RtlFreeHeap
RtlIpv4AddressToStringA
RtlIpv6AddressToStringA
RtlEthernetAddressToStringA
TpSetTimer
TpIsTimerSet
TpAllocTimer
RtlEqualSid
RtlLengthSecurityDescriptor
RtlApplicationVerifierStop
EtwEventEnabled
EtwEventWriteTransfer
EtwEventWrite
EtwEventActivityIdControl
EtwEventUnregister
EtwEventRegister
RtlNtStatusToDosError
EtwTraceMessage
RtlExpandHashTable
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlSetThreadPreferredUILanguages

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
CreateThread
TlsGetValue
GetCurrentThread
OpenThreadToken
TlsSetValue
GetCurrentProcess
TerminateProcess
TlsFree
TlsAlloc
GetProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SetEvent
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSRWLockExclusive

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
DeleteTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-security-base-l1-1-0

DestroyPrivateObjectSecurity
GetPrivateObjectSecurity
GetSecurityDescriptorControl
CreatePrivateObjectSecurityEx
GetSecurityDescriptorLength
SetSecurityDescriptorControl
SetPrivateObjectSecurityEx
MapGenericMask
PrivilegeCheck
EqualSid
CopySid
InitializeSecurityDescriptor
AllocateAndInitializeSid
CreateWellKnownSid
FreeSid
InitializeAcl
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorDacl

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapFree
GetProcessHeap
HeapSize
HeapCreate
HeapReAlloc

rpcrt4

RpcRaiseException
RpcImpersonateClient
RpcServerInqCallAttributesW
UuidCreate
RpcGetAuthorizationContextForClient
RpcBindingVectorFree
RpcServerUnregisterIfEx
RpcFreeAuthorizationContext
RpcEpUnregister
NdrServerCallAll
NdrServerCall2
RpcServerUseProtseqW
RpcServerRegisterIf3
I_RpcExceptionFilter
MesHandleFree
RpcServerInqBindings
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
UuidFromStringW
RpcRevertToSelf
NdrMesTypeEncode3
NdrMesTypeDecode3
I_RpcBindingInqLocalClientPID
RpcEpRegisterW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

authz

AuthzGetInformationFromContext
AuthzAccessCheck
AuthziFreeAuditEventType
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid
AuthzFreeAuditEvent
AuthziLogAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditEvent

ws2_32

htonl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

iphlpapi

GetCurrentThreadCompartmentId

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
DeleteFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-perfcounters-l1-1-0

PerfCreateInstance
PerfStartProvider
PerfSetULongLongCounterValue
PerfSetULongCounterValue
PerfStopProvider
PerfSetCounterSetInfo

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegEnumValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BfeGetDirectDispatchTable
BfeOnServiceStartTypeChange
BfeServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nitro Generator with Checker/NitroGen.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nitro Generator with Checker/WebDriver/BFE.DLL
.dll windows:10 windows x64 arch:x64

af3ccebee341bc1634b9269a2d4ab01d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bfe.pdb

Imports

msvcrt

_initterm
__C_specific_handler
wcscspn
_wcslwr
bsearch
_ultoa_s
strpbrk
strstr
sprintf_s
isprint
_ltoa_s
_i64toa_s
_ui64toa_s
wprintf
memmove
memcpy
malloc
memcmp
log
wcstoul
_vsnprintf
_vsnwprintf
_wcsicmp
free
wcstol
qsort
_amsg_exit
iswctype
_XcptFilter
wcschr
_wcsnicmp
_ultow
tolower
wcsnlen
memset

ntdll

NtQueryObject
RtlGetSaclSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlNumberOfSetBits
RtlInitializeBitMap
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmAddToStream
RtlValidSid
RtlLengthSid
NtDeviceIoControlFile
RtlAllocateHeap
RtlInitializeSRWLock
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlGetCurrentServiceSessionId
RtlCreateHashTable
RtlDeleteHashTable
RtlInsertEntryHashTable
RtlRemoveEntryHashTable
RtlLookupEntryHashTable
RtlGetNextEntryHashTable
RtlInitEnumerationHashTable
RtlEnumerateEntryHashTable
RtlEndEnumerationHashTable
RtlContractHashTable
RtlGetOwnerSecurityDescriptor
RtlAdjustPrivilege
RtlAbsoluteToSelfRelativeSD
RtlSetOwnerSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlCreateServiceSid
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlSubAuthorityCountSid
TpReleaseTimer
TpWaitForTimer
RtlFreeHeap
RtlIpv4AddressToStringA
RtlIpv6AddressToStringA
RtlEthernetAddressToStringA
TpSetTimer
TpIsTimerSet
TpAllocTimer
RtlEqualSid
RtlLengthSecurityDescriptor
RtlApplicationVerifierStop
EtwEventEnabled
EtwEventWriteTransfer
EtwEventWrite
EtwEventActivityIdControl
EtwEventUnregister
EtwEventRegister
RtlNtStatusToDosError
EtwTraceMessage
RtlExpandHashTable
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlSetThreadPreferredUILanguages

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
CreateThread
TlsGetValue
GetCurrentThread
OpenThreadToken
TlsSetValue
GetCurrentProcess
TerminateProcess
TlsFree
TlsAlloc
GetProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SetEvent
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSRWLockExclusive

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
DeleteTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-security-base-l1-1-0

DestroyPrivateObjectSecurity
GetPrivateObjectSecurity
GetSecurityDescriptorControl
CreatePrivateObjectSecurityEx
GetSecurityDescriptorLength
SetSecurityDescriptorControl
SetPrivateObjectSecurityEx
MapGenericMask
PrivilegeCheck
EqualSid
CopySid
InitializeSecurityDescriptor
AllocateAndInitializeSid
CreateWellKnownSid
FreeSid
InitializeAcl
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorDacl

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapFree
GetProcessHeap
HeapSize
HeapCreate
HeapReAlloc

rpcrt4

RpcRaiseException
RpcImpersonateClient
RpcServerInqCallAttributesW
UuidCreate
RpcGetAuthorizationContextForClient
RpcBindingVectorFree
RpcServerUnregisterIfEx
RpcFreeAuthorizationContext
RpcEpUnregister
NdrServerCallAll
NdrServerCall2
RpcServerUseProtseqW
RpcServerRegisterIf3
I_RpcExceptionFilter
MesHandleFree
RpcServerInqBindings
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
UuidFromStringW
RpcRevertToSelf
NdrMesTypeEncode3
NdrMesTypeDecode3
I_RpcBindingInqLocalClientPID
RpcEpRegisterW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

authz

AuthzGetInformationFromContext
AuthzAccessCheck
AuthziFreeAuditEventType
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid
AuthzFreeAuditEvent
AuthziLogAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditEvent

ws2_32

htonl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

iphlpapi

GetCurrentThreadCompartmentId

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
DeleteFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-perfcounters-l1-1-0

PerfCreateInstance
PerfStartProvider
PerfSetULongLongCounterValue
PerfSetULongCounterValue
PerfStopProvider
PerfSetCounterSetInfo

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegEnumValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BfeGetDirectDispatchTable
BfeOnServiceStartTypeChange
BfeServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nitro Generator with Checker/WebDriver/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nitro Generator with Checker/WebDriver/Jint.exe
.exe windows:5 windows x64 arch:x64

2cdcfb3a828433ba76b5b41f45519bd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
FreeLibrary
LoadLibraryExW
CloseHandle
GetCurrentProcess
LoadLibraryA
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
GetStartupInfoW
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
GetFileAttributesExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NitroGen.pyc
Nitro Generator with Checker/WebDriver/LICENCE.dat
.zip
Nitro Generator with Checker/WebDriver/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nitro Generator with Checker/WebDriver/vertdll.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:29:e8:93:3c:c4:14:fa:f5:7c:00:00:00:00:02:29
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2019 19:21

Not After

27-03-2020 19:21

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:85:c9:e0:e9:ae:0a:b2:47:6a:9d:d8:8a:9c:fe:8f:81:73:c9:11:97:32:22:71:86:7d:8f:a6:c6:19:18:72
Signer

Actual PE Digest

1f:85:c9:e0:e9:ae:0a:b2:47:6a:9d:d8:8a:9c:fe:8f:81:73:c9:11:97:32:22:71:86:7d:8f:a6:c6:19:18:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vertdll.pdb

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
CallEnclave
CloseHandle
CreateEventW
DbgPrint
DelayLoadFailureHook
DeleteCriticalSection
DeleteSynchronizationBarrier
DeviceIoControl
DisableThreadLibraryCalls
EnclaveGetAttestationReport
EnclaveGetEnclaveInformation
EnclaveSealData
EnclaveUnsealData
EnclaveVerifyAttestationReport
EnterCriticalSection
EnterSynchronizationBarrier
EtwEventRegister
EtwEventUnregister
EtwEventWrite
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwTraceMessage
EtwUnregisterTraceGuids
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
ExpInterlockedPopEntrySListEnd
ExpInterlockedPopEntrySListFault
ExpInterlockedPopEntrySListResume
FreeLibrary
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetEnabledXStateFeatures
GetFipsModeFromIumKernelState
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetSeedFromIumKernelState
GetSystemDirectoryW
GetSystemInfo
GetXStateFeaturesMask
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapSize
HeapUnlock
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InitializeSynchronizationBarrier
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedPushListSList
InterlockedPushListSListEx
KiUserExceptionDispatcher
LdrDisableThreadCalloutsForDll
LdrResolveDelayLoadedAPI
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocateXStateFeature
NtClose
NtDeviceIoControlFile
NtOpenFile
NtOpenKey
NtQueryInformationProcess
NtQueryValueKey
NtTerminateProcess
OpenProcessToken
OutputDebugStringW
PrivilegeCheck
QueryDepthSList
QueryFullProcess
QueryFullProcessImageNameW
RaiseException
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegisterWaitForSingleObjectEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResolveDelayLoadedAPI
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlAllocateHeap
RtlAssert
RtlCallEnclaveReturn
RtlCaptureContext
RtlCompareUnicodeString
RtlDeleteCriticalSection
RtlDeleteResource
RtlEnclaveCallDispatch
RtlEnclaveCallDispatchReturn
RtlEnterCriticalSection
RtlFreeHeap
RtlGetCurrentProcessorNumberEx
RtlGetLastNtStatus
RtlImageNtHeader
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlInitializeResource
RtlLeaveCriticalSection
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlPcToFileHeader
RtlRaiseStatus
RtlReleaseResource
RtlReleaseResourceShared
RtlTimeFieldsToTime
RtlUnhandledExceptionFilter
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCriticalSectionSpinCount
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SleepConditionVariableCS
SleepConditionVariableSRW
TerminateEnclave
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitOnAddress
WakeAllConditionVariable
WakeByAddressAll
WakeByAddressSingle
WakeConditionVariable
__C_specific_handler
__chkstk
_local_unwind
_vsnwprintf
_wcsicmp
memcmp
memcpy
memmove
memset
qsort
wcscmp
wcscpy_s
wcsncmp

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nitro Generator with Checker/vertdll.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:29:e8:93:3c:c4:14:fa:f5:7c:00:00:00:00:02:29
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2019 19:21

Not After

27-03-2020 19:21

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:85:c9:e0:e9:ae:0a:b2:47:6a:9d:d8:8a:9c:fe:8f:81:73:c9:11:97:32:22:71:86:7d:8f:a6:c6:19:18:72
Signer

Actual PE Digest

1f:85:c9:e0:e9:ae:0a:b2:47:6a:9d:d8:8a:9c:fe:8f:81:73:c9:11:97:32:22:71:86:7d:8f:a6:c6:19:18:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vertdll.pdb

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
CallEnclave
CloseHandle
CreateEventW
DbgPrint
DelayLoadFailureHook
DeleteCriticalSection
DeleteSynchronizationBarrier
DeviceIoControl
DisableThreadLibraryCalls
EnclaveGetAttestationReport
EnclaveGetEnclaveInformation
EnclaveSealData
EnclaveUnsealData
EnclaveVerifyAttestationReport
EnterCriticalSection
EnterSynchronizationBarrier
EtwEventRegister
EtwEventUnregister
EtwEventWrite
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwTraceMessage
EtwUnregisterTraceGuids
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
ExpInterlockedPopEntrySListEnd
ExpInterlockedPopEntrySListFault
ExpInterlockedPopEntrySListResume
FreeLibrary
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetEnabledXStateFeatures
GetFipsModeFromIumKernelState
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetSeedFromIumKernelState
GetSystemDirectoryW
GetSystemInfo
GetXStateFeaturesMask
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapSize
HeapUnlock
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InitializeSynchronizationBarrier
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedPushListSList
InterlockedPushListSListEx
KiUserExceptionDispatcher
LdrDisableThreadCalloutsForDll
LdrResolveDelayLoadedAPI
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocateXStateFeature
NtClose
NtDeviceIoControlFile
NtOpenFile
NtOpenKey
NtQueryInformationProcess
NtQueryValueKey
NtTerminateProcess
OpenProcessToken
OutputDebugStringW
PrivilegeCheck
QueryDepthSList
QueryFullProcess
QueryFullProcessImageNameW
RaiseException
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegisterWaitForSingleObjectEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResolveDelayLoadedAPI
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlAllocateHeap
RtlAssert
RtlCallEnclaveReturn
RtlCaptureContext
RtlCompareUnicodeString
RtlDeleteCriticalSection
RtlDeleteResource
RtlEnclaveCallDispatch
RtlEnclaveCallDispatchReturn
RtlEnterCriticalSection
RtlFreeHeap
RtlGetCurrentProcessorNumberEx
RtlGetLastNtStatus
RtlImageNtHeader
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlInitializeResource
RtlLeaveCriticalSection
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlPcToFileHeader
RtlRaiseStatus
RtlReleaseResource
RtlReleaseResourceShared
RtlTimeFieldsToTime
RtlUnhandledExceptionFilter
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCriticalSectionSpinCount
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SleepConditionVariableCS
SleepConditionVariableSRW
TerminateEnclave
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitOnAddress
WakeAllConditionVariable
WakeByAddressAll
WakeByAddressSingle
WakeConditionVariable
__C_specific_handler
__chkstk
_local_unwind
_vsnwprintf
_wcsicmp
memcmp
memcpy
memmove
memset
qsort
wcscmp
wcscpy_s
wcsncmp

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

af3ccebee341bc1634b9269a2d4ab01d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

rpcrt4

api-ms-win-core-heap-l2-1-0

authz

ws2_32

api-ms-win-core-timezone-l1-1-0

iphlpapi

api-ms-win-core-file-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-perfcounters-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-consumer-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 442KB - Virtual size: 441KB

.rdata Size: 356KB - Virtual size: 355KB

.data Size: 9KB - Virtual size: 26KB

.pdata Size: 28KB - Virtual size: 28KB

.didat Size: 512B - Virtual size: 360B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 14KB - Virtual size: 13KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 169KB - Virtual size: 168KB

.reloc Size: 512B - Virtual size: 12B

af3ccebee341bc1634b9269a2d4ab01d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

.text
Size: 442KB - Virtual size: 441KB

.rdata
Size: 356KB - Virtual size: 355KB

.data
Size: 9KB - Virtual size: 26KB

.pdata
Size: 28KB - Virtual size: 28KB

.didat
Size: 512B - Virtual size: 360B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 14KB - Virtual size: 13KB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 169KB - Virtual size: 168KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 442KB - Virtual size: 441KB

.rdata
Size: 356KB - Virtual size: 355KB

.data
Size: 9KB - Virtual size: 26KB

.pdata
Size: 28KB - Virtual size: 28KB

.didat
Size: 512B - Virtual size: 360B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 14KB - Virtual size: 13KB

.text
Size: 478KB - Virtual size: 477KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 133KB - Virtual size: 133KB