474680b7eacf13aed352ef48d210dd7b1a7359c37876a80f911abaa1122ccc58

Sharing

Copy URL

Twitter E-mail

General

Target

474680b7eacf13aed352ef48d210dd7b1a7359c37876a80f911abaa1122ccc58
Size

11.3MB
MD5

11d9a0010bbe547a1cac2ba6c2c79b79
SHA1

5cce56424d479b3dba3049f72bc774614bb8bbfe
SHA256

474680b7eacf13aed352ef48d210dd7b1a7359c37876a80f911abaa1122ccc58
SHA512

c2a07b5daa6bcdc17571c17d7a8d3f57a34dcb19bbabcd7a4f5440d8a249f5c5c590948165ea62cb69af3099ab93fe3bbb61ad38b06015863746000d796ac007
SSDEEP

196608:ZFvOLEUJCJI13+G9dQ2EOmQbWmC2uh7V/ZvF1BU5NMabS+11R5HnARJDBHPIH+:ZMQUJC213+GvQ2E9Q6mHuzZN1GNMax1U

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
static1/unpack001/sunshine.exe	embeds_openssl

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
474680b7eacf13aed352ef48d210dd7b1a7359c37876a80f911abaa1122ccc58
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/sunshine.exe
unpack001/tools/audio-info.exe
unpack001/tools/ddprobe.exe
unpack001/tools/dxgi-info.exe
unpack001/tools/sunshinesvc.exe
unpack001/zlib1.dll

Files

474680b7eacf13aed352ef48d210dd7b1a7359c37876a80f911abaa1122ccc58
.exe windows:4 windows x64 arch:x64

c0f430a142bcdc701f4a3bdc3d2c6a84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetUserDefaultUILanguage
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHCLSIDFromString
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetAsyncKeyState
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongPtrW
GetWindowRect
InvalidateRect
IsDlgButtonChecked
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongPtrW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongPtrW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfW
wvsprintfW

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 392KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x64 arch:x64

5b8b126e882b293b41dddd3dd0aa445c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

gdi32

CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteObject
GetDIBits
GetObjectW
SelectObject
SetTextColor

kernel32

CloseHandle
CreateFileW
DeleteCriticalSection
EnterCriticalSection
GetCurrentDirectoryW
GetFileSize
GetLastError
GetModuleHandleW
GetPrivateProfileIntW
GetPrivateProfileStringW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
MultiByteToWideChar
ReadFile
SetCurrentDirectoryW
SetEndOfFile
SetFilePointer
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

ole32

CoTaskMemFree

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

user32

CallWindowProcW
CharNextW
CloseClipboard
CreateDialogParamW
CreateWindowExW
DestroyIcon
DestroyWindow
DispatchMessageW
DrawFocusRect
DrawTextW
EnableMenuItem
EnableWindow
GetClientRect
GetClipboardData
GetDlgCtrlID
GetDlgItem
GetMessageW
GetSysColor
GetSystemMenu
GetWindowLongPtrW
GetWindowRect
GetWindowTextW
IsDialogMessageW
LoadCursorW
LoadIconW
LoadImageW
MapDialogRect
MapWindowPoints
MessageBoxW
OpenClipboard
PostMessageW
PtInRect
SendMessageW
SetCursor
SetWindowLongPtrW
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowWindow
TranslateMessage
wsprintfW

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 135B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSIS.InstallOptions.ini
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x64 arch:x64

511c5f608df90f14ce6f4dd457c4ff2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

GetTextMetricsW
SelectObject

kernel32

FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleW
GlobalAlloc
GlobalFree
MulDiv
MultiByteToWideChar
WideCharToMultiByte
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW

ole32

CoTaskMemFree

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

user32

CallWindowProcW
CheckDlgButton
CreateDialogParamW
DestroyWindow
DispatchMessageW
EnableWindow
GetClientRect
GetDC
GetDlgItem
GetMessageW
GetWindowLongPtrW
GetWindowRect
GetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
LoadIconW
MoveWindow
PostMessageW
ReleaseDC
ScreenToClient
SendMessageW
SetWindowLongPtrW
SetWindowTextW
ShowWindow
TranslateMessage
wsprintfW

Exports

Exports

Init
Select
Show

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x64 arch:x64

4ac2553f9383a27d105aa18359e87ff3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
Sleep
TlsGetValue
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW
lstrlenW

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfW

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 400B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x64 arch:x64

6999456a03b632cf650f212358b1c70e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
EqualSid
FreeSid
GetTokenInformation
GetUserNameW
OpenProcessToken
OpenThreadToken

kernel32

CloseHandle
GetCurrentProcess
GetCurrentThread
GetLastError
GlobalAlloc
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
lstrcpyW
lstrcpynW

user32

wsprintfW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 129B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x64 arch:x64

74ba91b9fcb5a967b84ea9b49217f8d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
IsTextUnicode
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileW
CreateFileMappingW
CreateFileW
CreatePipe
CreateProcessW
DeleteFileW
ExitProcess
GetCommandLineW
GetExitCodeProcess
GetModuleFileNameW
GetStartupInfoW
GetTempFileNameW
GetTickCount
GlobalAlloc
GlobalFree
GlobalReAlloc
IsDBCSLeadByteEx
MapViewOfFile
MultiByteToWideChar
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
lstrcatW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

user32

CharNextW
CharPrevW
FindWindowExW
SendMessageW
wsprintfW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
assets/apps.json
assets/box.png
.png
assets/desktop-alt.png
.png
assets/desktop.png
.png
assets/shaders/directx/convert_yuv420_packed_uv_type0_ps.hlsl
assets/shaders/directx/convert_yuv420_packed_uv_type0_ps_linear.hlsl
assets/shaders/directx/convert_yuv420_packed_uv_type0_ps_perceptual_quantizer.hlsl
assets/shaders/directx/convert_yuv420_packed_uv_type0_vs.hlsl
assets/shaders/directx/convert_yuv420_packed_uv_type0s_ps.hlsl
assets/shaders/directx/convert_yuv420_packed_uv_type0s_ps_linear.hlsl
assets/shaders/directx/convert_yuv420_packed_uv_type0s_ps_perceptual_quantizer.hlsl
assets/shaders/directx/convert_yuv420_packed_uv_type0s_vs.hlsl
assets/shaders/directx/convert_yuv420_planar_y_ps.hlsl
assets/shaders/directx/convert_yuv420_planar_y_ps_linear.hlsl
assets/shaders/directx/convert_yuv420_planar_y_ps_perceptual_quantizer.hlsl
assets/shaders/directx/convert_yuv420_planar_y_vs.hlsl
assets/shaders/directx/convert_yuv444_packed_ayuv_ps.hlsl
assets/shaders/directx/convert_yuv444_packed_ayuv_ps_linear.hlsl
assets/shaders/directx/convert_yuv444_packed_vs.hlsl
assets/shaders/directx/convert_yuv444_packed_y410_ps.hlsl
assets/shaders/directx/convert_yuv444_packed_y410_ps_linear.hlsl
assets/shaders/directx/convert_yuv444_packed_y410_ps_perceptual_quantizer.hlsl
assets/shaders/directx/convert_yuv444_planar_ps.hlsl
assets/shaders/directx/convert_yuv444_planar_ps_linear.hlsl
assets/shaders/directx/convert_yuv444_planar_ps_perceptual_quantizer.hlsl
assets/shaders/directx/convert_yuv444_planar_vs.hlsl
assets/shaders/directx/cursor_ps.hlsl
assets/shaders/directx/cursor_ps_normalize_white.hlsl
assets/shaders/directx/cursor_vs.hlsl
assets/shaders/directx/include/base_vs.hlsl
assets/shaders/directx/include/base_vs_types.hlsl
assets/shaders/directx/include/common.hlsl
assets/shaders/directx/include/convert_base.hlsl
assets/shaders/directx/include/convert_linear_base.hlsl
assets/shaders/directx/include/convert_perceptual_quantizer_base.hlsl
assets/shaders/directx/include/convert_yuv420_packed_uv_ps_base.hlsl
assets/shaders/directx/include/convert_yuv420_planar_y_ps_base.hlsl
assets/shaders/directx/include/convert_yuv444_ps_base.hlsl
assets/steam.png
.png
assets/web/apps.html
.html
assets/web/assets/Navbar-13079613.css
assets/web/assets/Navbar-8c93c5d0.js
.js
assets/web/assets/ResourceCard-1c682650.js
assets/web/assets/_plugin-vue_export-helper-87e9c891.js
.js
assets/web/assets/_plugin-vue_export-helper-8f5add99.css
assets/web/assets/apps-7995f98a.js
.js
assets/web/assets/config-3167b2ff.css
assets/web/assets/config-5cc2e36e.js
.js
assets/web/assets/css/sunshine.css
assets/web/assets/fa-brands-400-bc844b5b.ttf
assets/web/assets/fa-brands-400-c411f119.woff2
assets/web/assets/fa-regular-400-64f9fb62.ttf
assets/web/assets/fa-regular-400-c732f106.woff2
assets/web/assets/fa-solid-900-1f0189e0.woff2
assets/web/assets/fa-solid-900-31f099c1.ttf
assets/web/assets/fa-v4compatibility-2aca24b3.woff2
assets/web/assets/fa-v4compatibility-a6274a12.ttf
assets/web/assets/index-2716a59b.js
.js
assets/web/assets/locale/de.json
assets/web/assets/locale/en.json
assets/web/assets/locale/en_GB.json
assets/web/assets/locale/en_US.json
assets/web/assets/locale/es.json
assets/web/assets/locale/fr.json
assets/web/assets/locale/it.json
assets/web/assets/locale/ja.json
assets/web/assets/locale/pt.json
assets/web/assets/locale/ru.json
assets/web/assets/locale/sv.json
assets/web/assets/locale/tr.json
assets/web/assets/locale/zh.json
assets/web/assets/password-0fda552f.js
.js
assets/web/assets/pin-cbbbd7af.js
.js
assets/web/assets/troubleshooting-f349cb2a.js
.js
assets/web/assets/welcome-b152eb88.js
.js
assets/web/config.html
.html
assets/web/images/logo-sunshine-16.png
.png
assets/web/images/logo-sunshine-45.png
.png
assets/web/images/sunshine-locked-16.png
.png
assets/web/images/sunshine-locked-45.png
.png
assets/web/images/sunshine-locked.ico
assets/web/images/sunshine-locked.png
.png
assets/web/images/sunshine-locked.svg
.xml
assets/web/images/sunshine-pausing-16.png
.png
assets/web/images/sunshine-pausing-45.png
.png
assets/web/images/sunshine-pausing.ico
assets/web/images/sunshine-pausing.png
.png
assets/web/images/sunshine-pausing.svg
.xml
assets/web/images/sunshine-playing-16.png
.png
assets/web/images/sunshine-playing-45.png
.png
assets/web/images/sunshine-playing.ico
assets/web/images/sunshine-playing.png
.png
assets/web/images/sunshine-playing.svg
.xml
assets/web/images/sunshine.ico
assets/web/index.html
.html
assets/web/password.html
.html
assets/web/pin.html
.html
assets/web/troubleshooting.html
.html
assets/web/welcome.html
.html
scripts/add-firewall-rule.bat
.bat .vbs
scripts/autostart-service.bat
scripts/delete-firewall-rule.bat
scripts/install-gamepad.bat
.bat .vbs
scripts/install-service.bat
.bat .vbs
scripts/migrate-config.bat
scripts/uninstall-gamepad.bat
scripts/uninstall-service.bat
sunshine.exe
.exe windows:4 windows x64 arch:x64

a1a5a15c7100363566ecf8ae9af84990

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CloseServiceHandle
CreateProcessAsUserW
CreateWellKnownSid
CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext
DeregisterEventSource
FreeSid
GetSecurityInfo
GetTokenInformation
ImpersonateLoggedOnUser
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegGetValueW
RegOpenCurrentUser
RegOpenKeyExW
RegOpenUserClassesRoot
RegOverridePredefKey
RegQueryInfoKeyW
RegQueryValueExW
RegSetKeyValueW
RegisterEventSourceW
ReportEventW
RevertToSelf
SetEntriesInAclA
SetSecurityInfo
StartServiceA

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDecrypt
BCryptDeriveKey
BCryptDestroyHash
BCryptDestroyKey
BCryptDestroySecret
BCryptEncrypt
BCryptExportKey
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGetProperty
BCryptHashData
BCryptImportKey
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptSecretAgreement
BCryptSetProperty
BCryptSignHash
BCryptVerifySignature

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetNameStringA
CertOpenStore
CertOpenSystemStoreW
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

d3d11

CreateDirect3D11DeviceFromDXGIDevice
D3D11CreateDevice

d3dcompiler_47

D3DCompileFromFile

dwmapi

DwmEnableMMCSS

dxgi

CreateDXGIFactory1

iphlpapi

GetAdaptersAddresses
GetBestInterface
GetTcpTable

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AreFileApisANSI
CancelIoEx
CloseHandle
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileExW
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiberEx
CreateFileA
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexA
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
CreateWaitableTimerA
CreateWaitableTimerExA
DebugBreak
DeleteCriticalSection
DeleteFiber
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetActiveProcessorGroupCount
GetCommandLineW
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLogicalProcessorInformation
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatus
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadGroupAffinity
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersion
GetVolumeInformationW
GetWindowsDirectoryW
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSRWLock
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MoveFileExA
MoveFileExW
MultiByteToWideChar
OpenEventA
OpenProcess
OutputDebugStringA
PeekNamedPipe
PostQueuedCompletionStatus
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetProcessShutdownParameters
SetSystemTime
SetThreadAffinityMask
SetThreadContext
SetThreadErrorMode
SetThreadExecutionState
SetThreadGroupAffinity
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SleepEx
SuspendThread
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
TerminateJobObject
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UpdateProcThreadAttribute
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

api-ms-win-crt-convert-l1-1-0

atoi
btowc
mbrtowc
strtod
strtol
strtoll
strtoul
strtoull
wcrtomb
wcstombs
wcstombs_s
wcstoul
wctob

api-ms-win-crt-environment-l1-1-0

__p__environ
_putenv_s
_wgetcwd
getenv

api-ms-win-crt-filesystem-l1-1-0

_findclose
_findfirst64
_findnext64
_fstat64
_fullpath
_lock_file
_stat64
_wfindnext64
_unlock_file
_unlink
_wchdir
_wchmod
_wfindfirst64
_wfullpath
_wmkdir
_wrename
_wstat64
_wunlink

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
_aligned_realloc
_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen
acos
asin
atan
atan2
ceil
cos
cosh
exp
exp2
exp2f
fabs
floor
floorf
fminf
frexp
hypot
log
log10
log1p
log2
log2f
lround
lroundf
pow
powf
round
sin
sinh
sqrt
sqrtf
tan
tanh

api-ms-win-crt-private-l1-1-0

__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr
wcsrchr
wcsstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__sys_errlist
__sys_nerr
_assert
_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_endthreadex
_errno
_exit
_get_errno
_initialize_narrow_environment
_initterm
_set_app_type
_set_errno
_set_invalid_parameter_handler
abort
exit
perror
raise
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_s
_close
_close
_fileno
_fileno
_fseeki64
_ftelli64
_get_osfhandle
_isatty
_lseeki64
_open
_read
_setmode
_sopen
_telli64
_wfopen
_wfsopen
_wopen
_write
_wsopen
fclose
feof
ferror
fflush
fgets
fopen
fopen_s
fputc
fputs
fread
fseek
ftell
fwrite
getc
getwc
putc
puts
putwc
rewind
setvbuf
ungetc
ungetwc

api-ms-win-crt-string-l1-1-0

_memicmp
_strdup
_strdup
_stricmp
_strnicmp
isalnum
isspace
isupper
iswctype
iswspace
isxdigit
mbrlen
memcpy_s
memset
strcat
strcmp
strcoll
strcpy
strcspn
strlen
strncmp
strncpy
strncpy_s
strnlen
strpbrk
strspn
strtok
strtok_s
strxfrm
tolower
towlower
towupper
wcscat
wcscmp
wcscoll
wcscpy
wcscpy_s
wcslen
wcsncpy
wcsnlen
wcsxfrm
wctype

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_ftime64
_ftime64_s
_gmtime64
_gmtime64_s
_localtime64
_localtime64_s
_mktime64
_time64
_tzset
_wutime64
clock
strftime
wcsftime

api-ms-win-crt-utility-l1-1-0

bsearch
qsort
rand
rand_s

ntdll

NtQueryTimerResolution
NtSetTimerResolution
RtlVirtualUnwind
VerSetConditionMask

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
GetErrorInfo
PropVariantClear
SetErrorInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW

shell32

ExtractIconExA
SHGetFileInfoW
SHQueryUserNotificationState
ShellExecuteExW
Shell_NotifyIconA

shlwapi

AssocQueryStringW
PathFindExtensionW
PathFindOnPathW
PathIsURLW
UrlGetPartW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitializeConditionVariable
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
WaitOnAddress
WakeAllConditionVariable
WakeByAddressSingle
WakeConditionVariable

user32

CloseDesktop
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
EnumWindows
FindWindowA
GetCursorPos
GetMenuItemInfoA
GetMessageA
GetProcessWindowStation
GetShellWindow
GetSystemMetrics
GetUserObjectInformationW
GetWindowThreadProcessId
InsertMenuA
InsertMenuItemA
LoadImageA
MapVirtualKeyA
MessageBoxW
OpenInputDesktop
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
RegisterClassExA
RegisterWindowMessageA
SendInput
SendMessageA
SendNotifyMessageW
SetForegroundWindow
SetThreadDesktop
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMessage
UnregisterClassA
UpdateWindow

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-core-com-l1-1-0

StringFromGUID2

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile

api-ms-win-core-namedpipe-ansi-l1-1-0

WaitNamedPipeA

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeEndPeriod

oleaut32

SysFreeString
SysStringLen

wldap32

ber_free
ldap_bind_s
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSAAddressToStringA
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAIoctl
WSARecv
WSARecvFrom
WSAResetEvent
WSASend
WSASendMsg
WSASetEvent
WSASocketW
WSAStringToAddressA
WSAStringToAddressW
WSAWaitForMultipleEvents
freeaddrinfo
getaddrinfo
gethostbyaddr
getnameinfo
getservbyname
getservbyport
inet_ntoa
inet_ntop
inet_pton

wsock32

AcceptEx
GetAcceptExSockaddrs
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

wtsapi32

WTSQueryUserToken

Exports

Exports

opus_custom_decode
opus_custom_decode_float
opus_custom_decoder_create
opus_custom_decoder_ctl
opus_custom_decoder_destroy
opus_custom_decoder_get_size
opus_custom_decoder_init
opus_custom_encode
opus_custom_encode_float
opus_custom_encoder_create
opus_custom_encoder_ctl
opus_custom_encoder_destroy
opus_custom_encoder_get_size
opus_custom_encoder_init
opus_custom_mode_create
opus_custom_mode_destroy
opus_decode
opus_decode_float
opus_decoder_create
opus_decoder_ctl
opus_decoder_destroy
opus_decoder_dred_decode
opus_decoder_dred_decode_float
opus_decoder_get_nb_samples
opus_decoder_get_size
opus_decoder_init
opus_dred_alloc
opus_dred_decoder_create
opus_dred_decoder_ctl
opus_dred_decoder_destroy
opus_dred_decoder_get_size
opus_dred_decoder_init
opus_dred_free
opus_dred_get_size
opus_dred_parse
opus_dred_process
opus_encode
opus_encode_float
opus_encoder_create
opus_encoder_ctl
opus_encoder_destroy
opus_encoder_get_size
opus_encoder_init
opus_get_version_string
opus_multistream_encode
opus_multistream_encode_float
opus_multistream_encoder_create
opus_multistream_encoder_ctl
opus_multistream_encoder_destroy
opus_multistream_encoder_get_size
opus_multistream_encoder_init
opus_multistream_packet_pad
opus_multistream_packet_unpad
opus_multistream_surround_encoder_create
opus_multistream_surround_encoder_get_size
opus_multistream_surround_encoder_init
opus_packet_get_bandwidth
opus_packet_get_nb_channels
opus_packet_get_nb_frames
opus_packet_get_nb_samples
opus_packet_get_samples_per_frame
opus_packet_has_lbrr
opus_packet_pad
opus_packet_parse
opus_packet_unpad
opus_pcm_soft_clip
opus_repacketizer_cat
opus_repacketizer_create
opus_repacketizer_destroy
opus_repacketizer_get_nb_frames
opus_repacketizer_get_size
opus_repacketizer_init
opus_repacketizer_out
opus_repacketizer_out_range
opus_strerror

Sections

.text
Size: 24.8MB - Virtual size: 24.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/audio-info.exe
.exe windows:4 windows x64 arch:x64

2d53948dd94b755d7007cc48041fe808

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LocalFree
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
__C_specific_handler

api-ms-win-crt-convert-l1-1-0

btowc
mbrtowc
strtoul
wcrtomb
wctob

api-ms-win-crt-environment-l1-1-0

__p__environ
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove
strchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_endthreadex
_errno
_exit
_initialize_narrow_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_fileno
_fseeki64
_ftelli64
_get_osfhandle
_lseeki64
_read
_wfopen
_write
fclose
fflush
fopen
fputc
fputs
fread
fwrite
getc
getwc
putc
putwc
setvbuf
ungetc
ungetwc

api-ms-win-crt-string-l1-1-0

_strdup
iswctype
memset
strcmp
strcoll
strlen
strncmp
strnlen
strxfrm
tolower
towlower
towupper
wcscoll
wcslen
wcsnlen
wcsxfrm
wctype

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset
strftime
wcsftime

api-ms-win-crt-utility-l1-1-0

rand_s

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
PropVariantClear

Sections

.text
Size: 817KB - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/ddprobe.exe
.exe windows:4 windows x64 arch:x64

eca040ee63f1254763a8a9b9f8feae82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegDeleteKeyValueW
RegSetKeyValueW

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory1

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LocalFree
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
__C_specific_handler

api-ms-win-crt-convert-l1-1-0

atoi
btowc
mbrtowc
strtoul
wcrtomb
wctob

api-ms-win-crt-environment-l1-1-0

__p__environ
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove
strchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_endthreadex
_errno
_exit
_initialize_narrow_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vswprintf_s
_fileno
_fseeki64
_ftelli64
_get_osfhandle
_lseeki64
_read
_wfopen
_write
fclose
fflush
fopen
fputc
fputs
fread
fwrite
getc
getwc
putc
putwc
setvbuf
ungetc
ungetwc

api-ms-win-crt-string-l1-1-0

_strdup
iswctype
memset
strcmp
strcoll
strlen
strncmp
strnlen
strxfrm
towlower
towupper
wcscoll
wcslen
wcsnlen
wcsxfrm
wctype

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset
strftime
wcsftime

api-ms-win-crt-utility-l1-1-0

rand_s

user32

CloseDesktop
OpenInputDesktop
SetThreadDesktop

Sections

.text
Size: 819KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/dxgi-info.exe
.exe windows:4 windows x64 arch:x64

f83eaf1143b8445a964468809146f257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

dxgi

CreateDXGIFactory1

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LocalFree
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
__C_specific_handler

api-ms-win-crt-convert-l1-1-0

btowc
mbrtowc
strtoul
wcrtomb
wctob

api-ms-win-crt-environment-l1-1-0

__p__environ
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove
strchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_endthreadex
_errno
_exit
_initialize_narrow_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_fileno
_fseeki64
_ftelli64
_get_osfhandle
_lseeki64
_read
_wfopen
_write
fclose
fflush
fopen
fputc
fputs
fread
fwrite
getc
getwc
putc
putwc
setvbuf
ungetc
ungetwc

api-ms-win-crt-string-l1-1-0

_strdup
iswctype
memset
strcmp
strcoll
strlen
strncmp
strnlen
strxfrm
towlower
towupper
wcscoll
wcslen
wcsnlen
wcsxfrm
wctype

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset
strftime
wcsftime

api-ms-win-crt-utility-l1-1-0

rand_s

user32

SetProcessDpiAwarenessContext

Sections

.text
Size: 813KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/sunshinesvc.exe
.exe windows:4 windows x64 arch:x64

40e2fbfac47129b602b28f84fbbe3af8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CreateProcessAsUserW
DuplicateTokenEx
OpenProcessToken
RegisterServiceCtrlHandlerExA
SetServiceStatus
SetTokenInformation
StartServiceCtrlDispatcherA

kernel32

AttachConsole
CloseHandle
CreateEventA
CreateFileW
CreateJobObjectW
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FormatMessageA
GenerateConsoleCtrlEvent
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeProcThreadAttributeList
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LocalFree
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEvent
SetInformationJobObject
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UpdateProcThreadAttribute
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
__C_specific_handler

api-ms-win-crt-convert-l1-1-0

atol
strtoul

api-ms-win-crt-environment-l1-1-0

__p__environ
getenv

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove
strchr
wcsrchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_endthreadex
_errno
_exit
_initialize_narrow_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_read
_write
fputc
fputs
fwrite

api-ms-win-crt-string-l1-1-0

_strdup
memset
strcmp
strlen
strncmp
wcscat_s
wcslen

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

api-ms-win-crt-utility-l1-1-0

rand_s

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 672B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib1.dll
.dll windows:4 windows x64 arch:x64

149f020ab6fdb4bb3d6cbf7e79214de9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetLastError
InitializeCriticalSection
IsProcessorFeaturePresent
LeaveCriticalSection
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-private-l1-1-0

memchr
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_close
_lseeki64
_open
_read
_wopen
_write
fwrite

api-ms-win-crt-string-l1-1-0

memset
strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

api-ms-win-crt-utility-l1-1-0

rand_s

Exports

Exports

_dist_code
_length_code
_tr_align
_tr_flush_bits
_tr_flush_block
_tr_init
_tr_stored_block
_tr_tally
adler32
adler32_combine
adler32_combine64
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
crc32_combine_gen
crc32_combine_gen64
crc32_combine_op
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
deflate_copyright
get_crc_table
gz_error
gz_intmax
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
inflate_copyright
inflate_fast
inflate_table
uncompress
uncompress2
zError
z_errmsg
zcalloc
zcfree
zlibCompileFlags
zlibVersion

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 288B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0f430a142bcdc701f4a3bdc3d2c6a84

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 352B

.rdata Size: 57KB - Virtual size: 56KB

.xdata Size: 1KB - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 392KB

.idata Size: 6KB - Virtual size: 6KB

.ndata Size: 512B - Virtual size: 1024KB

.rsrc Size: 38KB - Virtual size: 38KB

5b8b126e882b293b41dddd3dd0aa445c

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

gdi32

kernel32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 1008B

.rdata Size: 4KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1024B - Virtual size: 828B

.bss Size: - Virtual size: 17KB

.edata Size: 512B - Virtual size: 135B

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 512B - Virtual size: 144B

.reloc Size: 512B - Virtual size: 244B

511c5f608df90f14ce6f4dd457c4ff2a

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1024B - Virtual size: 640B

.pdata Size: 512B - Virtual size: 324B

.xdata Size: 512B - Virtual size: 280B

.bss Size: - Virtual size: 10KB

.edata Size: 512B - Virtual size: 101B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 296B

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 352B

.rdata
Size: 57KB - Virtual size: 56KB

.xdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 392KB

.idata
Size: 6KB - Virtual size: 6KB

.ndata
Size: 512B - Virtual size: 1024KB

.rsrc
Size: 38KB - Virtual size: 38KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 1008B

.rdata
Size: 4KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1024B - Virtual size: 828B

.bss
Size: - Virtual size: 17KB

.edata
Size: 512B - Virtual size: 135B

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 144B

.reloc
Size: 512B - Virtual size: 244B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1024B - Virtual size: 640B

.pdata
Size: 512B - Virtual size: 324B

.xdata
Size: 512B - Virtual size: 280B

.bss
Size: - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 101B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 16B

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 3KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1024B - Virtual size: 944B

.bss
Size: - Virtual size: 400B

.edata
Size: 512B - Virtual size: 179B

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 128B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 288B

.pdata
Size: 512B - Virtual size: 264B

.xdata
Size: 512B - Virtual size: 200B

.bss
Size: - Virtual size: 48B

.edata
Size: 512B - Virtual size: 129B

.idata
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 320B

.pdata
Size: 512B - Virtual size: 324B

.xdata
Size: 512B - Virtual size: 236B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 108B

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 16B