2844[.]explorer[.]exe[.]0x7f62a450000[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

2844.explorer.exe.0x7f62a450000.dmp
Size

2.3MB
MD5

9f49588c7fd8486b768541866e09c16d
SHA1

26ea7acd8121647889c5017f9a9ad858f37f9d23
SHA256

7e95730014fb869b225630af2b7e7820896ce8803007e71493b046fe957b0d6f
SHA512

6cf27b86314c69e1d10a42d86dcf847eea7bed100556105952d35e34979b0e4a6af8733e6b32c13fc6071dcace2dcae352bcab96c6b6d19a4ed4d8af88043ab3
SSDEEP

6144:iFhAed48YRD/hDp5Iwl+Ii2gkprBeZ0qfFnznHJS2qB0WxZO+c99YSAFawQDLz3H:ikVtNj5X+hkhAWqddC0+OtLz3p+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2844.explorer.exe.0x7f62a450000.dmp

Files

2844.explorer.exe.0x7f62a450000.dmp
.exe windows:6 windows x64 arch:x64

029fcdbb614ab12ef4e50dbee3b5515e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

iswalpha
strchr
_vsnwprintf
_wtoi
_wcsicmp
bsearch
ceil
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
malloc
realloc
wcsstr
free
wcschr
memset
memcpy
cosf
sin
memcmp
memmove
wcsrchr
sqrt

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocString
SysAllocStringLen

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoDisableCallCancellation
CreateStreamOnHGlobal
CoEnableCallCancellation
CoRegisterClassObject
CoRevokeClassObject
PropVariantClear
CoCancelCall
CoWaitForMultipleHandles
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
StringFromGUID2
CoFreeUnusedLibraries
CLSIDFromString
CoTaskMemAlloc
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegEnumValueW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegOpenCurrentUser
RegEnumKeyExW
RegCreateKeyExW

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventWrite
EventUnregister
EventRegister

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
ExitProcess
OpenThreadToken
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetStartupInfoW
TerminateProcess
GetProcessId
GetCurrentProcess
OpenProcess
CreateProcessW
ResumeThread
OpenThread
GetThreadPriority
OpenProcessToken
TerminateThread
SetProcessShutdownParameters
CreateThread
SetThreadPriority
GetPriorityClass
SetPriorityClass

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-errorhandling-l1-1-1

SetErrorMode
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

AcquireSRWLockExclusive
InitializeSRWLock
WaitForMultipleObjectsEx
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
EnterCriticalSection
Sleep
CreateMutexW
OpenMutexW
OpenEventW
CreateEventW
SetEvent
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
ReleaseMutex
ResetEvent

api-ms-win-core-string-l2-1-0

CharUpperW
CharLowerW
CharPrevW
CharNextW
IsCharAlphaNumericW

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc
HeapDestroy

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
CompareStringW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-1-1

LoadStringW
FreeLibrary
GetModuleHandleExW
FindResourceExW
LoadResource
GetModuleFileNameW
LockResource
FreeLibraryAndExitThread
GetModuleHandleA
GetProcAddress
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW
GetCommandLineW
GetCurrentDirectoryW
SearchPathW

api-ms-win-power-base-l1-1-0

GetPwrCapabilities
CallNtPowerInformation

api-ms-win-security-base-l1-2-0

GetSidSubAuthority
GetSidSubAuthorityCount
CreateWellKnownSid
GetLengthSid
IsValidSid
CopySid
CheckTokenMembership
GetTokenInformation

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend
PathCchAddExtension

api-ms-win-core-file-l1-2-0

WriteFile
CreateFileW
DeleteFileW
GetFileAttributesW
ReadFile
FindFirstFileW
FindClose
CompareFileTime
GetLongPathNameW
GetFileSize
FindNextFileW

api-ms-win-core-sysinfo-l1-2-0

GetLocalTime
GetProductInfo
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetVersionExW
GetWindowsDirectoryW
GetSystemDirectoryW

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatW
GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-memory-l1-1-1

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
VirtualAlloc
VirtualFree

api-ms-win-core-interlocked-l1-2-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

ntdll

NtOpenProcessToken
NtClose
NtOpenThreadToken
RtlGetProductInfo
NtQueryInformationToken
RtlNtStatusToDosError
WinSqmEventEnabled
WinSqmAddToStream
NtSetSystemInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
WinSqmAddToStreamEx
WinSqmSetString
WinSqmIsOptedIn
WinSqmSetDWORD
NtSetInformationProcess
NtQueryInformationProcess

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpNICW
StrToIntW
StrChrW
StrCmpNIW
StrCmpIW
SHLoadIndirectString
StrCmpICA
StrChrIW
StrStrIW
StrCmpCW
StrRStrIW
StrCmpNW
StrTrimW
StrCmpICW
StrCmpW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
LocalAlloc
LocalFree
LocalReAlloc
GlobalFree
GlobalUnlock
GlobalAlloc

api-ms-win-core-localization-obsolete-l1-1-0

GetUserDefaultUILanguage

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpA
lstrlenA
lstrcmpiW

api-ms-win-core-job-l2-1-0

SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW
PathFileExistsW
SHExpandEnvironmentStringsW
PathIsRootW
PathRemoveExtensionW
PathGetDriveNumberW
PathQuoteSpacesW
PathCommonPrefixW
PathStripToRootW
PathIsPrefixW
PathCombineW
PathRemoveBlanksW
PathFindFileNameW
PathRemoveFileSpecW
PathParseIconLocationW
PathStripPathW
PathFindExtensionW
PathIsFileSpecW

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
RaiseFailFastException
LoadLibraryW
MulDiv
GetComputerNameW

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

kernel32

RegisterApplicationRestart
SetTermsrvAppInstallMode

user32

CreateIconIndirect
FindWindowExW
ord2005
GetPropW
GetSysColorBrush
AllowSetForegroundWindow
GetSubMenu
LoadMenuW
SetMenuDefaultItem
RemoveMenu
DrawIconEx
SetGestureConfig
GetCapture
GetMessageExtraInfo
CalculatePopupWindowPosition
AdjustWindowRect
DrawTextW
ReleaseCapture
SetCapture
CallWindowProcW
IsWindowEnabled
CheckDlgButton
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
EnableWindow
GetDlgItem
LoadImageW
GetWindowLongPtrW
SetWindowLongPtrW
RegisterClassExW
MsgWaitForMultipleObjects
CopyIcon
AdjustWindowRectEx
DrawFocusRect
GetSysColor
ValidateRect
NotifyWinEvent
SetWindowTextW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetAncestor
GetCurrentInputMessageSource
ScreenToClient
LockWorkStation
TileWindows
CascadeWindows
GetWindowThreadProcessId
HungWindowFromGhostWindow
IsHungAppWindow
WindowFromPoint
ModifyMenuW
CheckMenuItem
DeleteMenu
IsIconic
DestroyIcon
LoadIconW
GetKeyState
GetFocus
EnableMenuItem
GetSystemMenu
EndPaint
DrawEdge
FillRect
BeginPaint
TrackMouseEvent
GetDoubleClickTime
ClientToScreen
GetMessagePos
SetCursorPos
ChildWindowFromPoint
GetAsyncKeyState
GetDesktopWindow
EndDialog
SendDlgItemMessageW
MonitorFromWindow
RegisterHotKey
UnregisterHotKey
GetLastActivePopup
SwitchToThisWindow
SetFocus
RemovePropW
SetCoalescableTimer
GetLastInputInfo
SetForegroundWindow
GetWindowPlacement
KillTimer
GetWindowRgnBox
SetWindowRgn
SendMessageTimeoutW
SendNotifyMessageW
OffsetRect
InvalidateRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetCursorPos
RedrawWindow
SubtractRect
TrackPopupMenuEx
MapWindowPoints
GetClientRect
GetWindowTextW
UpdateWindow
ord2530
TranslateAcceleratorW
IsWindow
GetParent
EnumWindows
IsWindowVisible
IntersectRect
SetWindowCompositionAttribute
ChangeWindowMessageFilterEx
LoadAcceleratorsW
SetTimer
ShowWindow
InflateRect
EnumDisplayMonitors
SetRectEmpty
IsRectEmpty
SetWindowPlacement
CopyRect
SetRect
GetWindowBand
GetForegroundWindow
SetPropW
MonitorFromRect
MonitorFromPoint
GetMonitorInfoW
RegisterWindowMessageW
SetWindowPos
EqualRect
UnhookWinEvent
SetWinEventHook
RegisterClassW
DefWindowProcW
DestroyWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
SetCursor
LoadCursorW
CloseDesktop
GetUserObjectInformationW
GetThreadDesktop
ReleaseDC
GetDC
FindWindowW
ChildWindowFromPointEx
MoveWindow
GetNextDlgTabItem
GetNextDlgGroupItem
GetGUIThreadInfo
SetClassLongW
SetMenuItemInfoW
InsertMenuItemW
UpdateLayeredWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetUpdateRect
GetLayeredWindowAttributes
GetWindowLongW
EnumChildWindows
SendMessageW
SetLayeredWindowAttributes
GetSystemMetrics
GetWindowRect
PtInRect
GetWindow
GetMessageW
UnionRect
GetCaretBlinkTime
EnumDisplayDevicesW
GetMenuStringW
GetWindowInfo
InternalGetWindowText
SetScrollPos
GetScrollInfo
SetScrollInfo
IsZoomed
IsTopLevelWindow
OpenInputDesktop
EndTask
SetThreadDesktop
GhostWindowFromHungWindow
GetIconInfo
GetClassLongPtrW
GetClassWord
BringWindowToTop
ShowWindowAsync
GetProcessWindowStation
SendMessageCallbackW
WindowFromDC
InsertMenuW
WaitMessage
GetDlgCtrlID
AppendMenuW
FrameRect
UnregisterClassW
SystemParametersInfoW
GetWindowDC
IsProcessDPIAware
GetMenuState
IsWinEventHookInstalled
RegisterClipboardFormatW
IsChild
DestroyMenu
GetClassNameW
GetClassLongW
GetKeyboardLayout
ActivateKeyboardLayout
GetShellWindow
GetMenuItemInfoW
GetMenuItemCount
GetClassInfoExW
GetClassInfoW
TranslateMessage
GetMenuDefaultItem
CreateWindowExW
CreatePopupMenu
PostMessageW
DispatchMessageW
ExitWindowsEx

gdi32

DeleteObject
GetRegionData
OffsetRgn
GdiFlush
Polyline
CreatePen
CreateSolidBrush
GetClipBox
CreateRectRgnIndirect
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPointW
CreateCompatibleDC
CreateDIBSection
CreateCompatibleBitmap
SelectObject
GdiAlphaBlend
StretchBlt
SetWindowOrgEx
CombineRgn
OffsetViewportOrgEx
LPtoDP
GetLayout
SetLayout
GetRgnBox
SetDIBits
GetTextExtentPoint32W
OffsetWindowOrgEx
GetDIBits
GetObjectW
GetStockObject
ExtTextOutW
GetTextMetricsW
GetTextColor
SetTextAlign
SelectClipRgn
SetViewportOrgEx
GetViewportOrgEx
IntersectClipRect
GetClipRgn
CreateRectRgn
GetBkColor
PatBlt
CreateBitmap
SetBkMode
BitBlt
SetTextColor
SetBkColor
DeleteDC
ExtCreateRegion

shcore

SetCurrentProcessExplicitAppUserModelID
SHCreateThread
ord162
ord122
ord123
ord121
SHOpenRegStream2W
IStream_Reset
ord170
IStream_Read
IStream_Write
SHDeleteKeyW
SHSetValueW
SHEnumKeyExW
SHGetValueW
ord190
SHRegGetValueW
IUnknown_SetSite
SHSetThreadRef
SHCreateThreadRef
SetProcessReference
ord187
ord186
ord184
ord200
IUnknown_QueryService
IUnknown_Set
SHStrDupW
ord142
ord183
IsOS
SHCreateStreamOnFileW
SHQueryInfoKeyW
ord213
ord212
SHDeleteValueW
SHStrDupA
ord126
ord145
ord130
SHAnsiToUnicode
SHCreateMemStream
ord193
SHUnicodeToAnsi
ord143

shlwapi

ChrCmpIW
ord164
ord172
PathRemoveArgsW
ord635
ord163
ord279
ord388
ord479
PathIsDirectoryW
ord292
ord197
ord165
ord204
ord478
ord413
ord548
ord433
AssocQueryStringW
ord467
ord571
ord509
AssocQueryKeyW
AssocCreate
ord236
ord240
ord278
ord24
ord178
ord177
ord193
ord168
ord225
ord484

shell32

ord95
ord850
SHGetFileInfoW
ord727
SHChangeNotify
ord747
SHGetItemFromObject
SHGetFolderPathW
ord723
ord22
ord134
DragQueryFileW
SHGetKnownFolderPath
SHCreateItemInKnownFolder
ord102
ord88
SHCreateItemFromParsingName
ord849
ord818
ord814
ord193
SHCreateItemWithParent
SHCreateShellItemArrayFromShellItem
SHEvaluateSystemCommandTemplate
SHOpenWithDialog
ord137
ExtractIconExW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHAddToRecentDocs
ord893
SHCreateItemFromIDList
ord132
ord91
ord254
ord54
SHEnableServiceObject
ShellExecuteW
ord61
ord64
ord896
ord60
SHUpdateRecycleBinIcon
ord2
SHGetFolderPathEx
SHFileOperationW
ord244
ord711
ord4
ord731
SHGetPathFromIDListW
ord645
ord644
ord753
ord733
ord21
ord25
ord17
ord16
ord19
SHChangeNotifyRegisterThread
ord67
SHCreateShellItem
ord892
SHGetNameFromIDList
ord206
ord201
ord904
ord188
ord899
ShellExecuteExW
SHGetKnownFolderIDList
ord680
ord68
ord200
ord245
ord89
SHBindToObject
SHGetSpecialFolderPathW
SHGetFolderLocation
ord190
ord155
SHParseDisplayName
ord18
ord85
ord100
ord790
ord787
SHGetLocalizedName
SHCreateDataObject
ord165
ord885
ord154
SHBindToFolderIDListParentEx
SHBindToFolderIDListParent
SHBindToParent
SHGetSpecialFolderLocation
ord28
ord23
ord152
Shell_GetCachedImageIndexW
ord74
ord902
ord895
ord6
ord792
SHCreateAssociationRegistration
ord906
ord181
SHGetPropertyStoreForWindow
ord894
ord162
SHAppBarMessage
ord764
ord840
SHCreateShellItemArrayFromIDLists
ord241
SHGetStockIconInfo
ord265
SHGetIDListFromObject

uxtheme

GetThemeFont
IsThemeActive
BufferedPaintUnInit
GetThemeMargins
EndBufferedPaint
DrawThemeTextEx
BeginBufferedPaint
SetWindowTheme
GetThemePartSize
GetThemeBackgroundContentRect
GetWindowTheme
DrawThemeParentBackground
GetThemeBackgroundRegion
GetBufferedPaintBits
GetThemeBool
GetCurrentThemeName
GetThemeColor
GetThemeBackgroundExtent
DrawThemeText
GetThemeTextExtent
ord86
OpenThemeData
DrawThemeBackground
CloseThemeData
GetThemeMetric
ord98
IsCompositionActive
IsAppThemed
BufferedPaintClear
GetThemeRect
IsThemePartDefined
DrawThemeIcon
ord97
BufferedPaintInit

dwmapi

ord113
DwmEnableBlurBehindWindow
DwmSetWindowAttribute
ord127
ord114
DwmUnregisterThumbnail
DwmIsCompositionEnabled
ord138
ord140
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
GetLocaleInfoW

userenv

GetProfileType

sspicli

GetUserNameExW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-io-l1-1-1

GetQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
StopTraceW

rpcrt4

NdrClientCall3
I_RpcExceptionFilter
RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
ChangeTimerQueueTimer
QueueUserWorkItem

propsys

PSCreateMemoryPropertyStore
PropVariantToBoolean
InitVariantFromResource
PropVariantToUInt32
PropVariantToStringAlloc
VariantToInt32WithDefault
VariantToStringWithDefault
PropVariantToString
VariantToBooleanWithDefault
VariantToStringAlloc

gdiplus

GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromHBITMAP

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 964KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

029fcdbb614ab12ef4e50dbee3b5515e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-power-base-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-memory-l1-1-1

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-profile-l1-1-0

ntdll

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-job-l2-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-registry-l2-1-0

kernel32

user32

gdi32

shcore

shlwapi

shell32

uxtheme

dwmapi

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-localization-l1-2-0

userenv

sspicli

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-eventing-controller-l1-1-0

rpcrt4

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

propsys

gdiplus

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.imrsiv Size: 4KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 16KB

.pdata Size: 64KB - Virtual size: 64KB

.idata Size: 32KB - Virtual size: 32KB

.rsrc Size: 964KB - Virtual size: 964KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.imrsiv
Size: 4KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 16KB

.pdata
Size: 64KB - Virtual size: 64KB

.idata
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 964KB - Virtual size: 964KB

.reloc
Size: 12KB - Virtual size: 12KB