C:\code\EPP-Cert\LCA\AgentWin\Release\LCAMon.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
30247dc94a069b66fac54c2affcf49e741db1c1cc03766009215101bd965f179.exe
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
30247dc94a069b66fac54c2affcf49e741db1c1cc03766009215101bd965f179.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
30247dc94a069b66fac54c2affcf49e741db1c1cc03766009215101bd965f179
-
Size
3.2MB
-
MD5
bbb5544649c1118c2deae91c8f4af2ba
-
SHA1
23d65956c9771aa251962086c9f7b216a6224329
-
SHA256
30247dc94a069b66fac54c2affcf49e741db1c1cc03766009215101bd965f179
-
SHA512
79fc98dbde1a11a789f9bc0acb1ff2de71cd08520abd8804687167409ab7ed76bb89572c3aeb41cc9f9c8aa2b8d636364d62cbdda22a86941c533e9746292b79
-
SSDEEP
49152:FuwLq1HONpTTMvgs3XwQyQlxz+X/WpfMRKvbDSPgwE4ZTEDJfjSKbI:oIq1H33XmQlxz++qRcH9wE4
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 30247dc94a069b66fac54c2affcf49e741db1c1cc03766009215101bd965f179
Files
-
30247dc94a069b66fac54c2affcf49e741db1c1cc03766009215101bd965f179.exe windows:6 windows x86 arch:x86
46b1320740c998fb57dab41e54a0b279
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageW
GetTickCount64
GetCurrentProcessId
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
CreateDirectoryA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
LoadLibraryW
HeapCompact
UnlockFile
LockFileEx
SystemTimeToFileTime
FreeLibrary
GetSystemTime
FormatMessageA
CreateFileMappingW
QueryPerformanceCounter
GetProcAddress
OpenEventA
Thread32Next
Thread32First
SuspendThread
ResumeThread
GetProcessIoCounters
SetProcessWorkingSetSize
OpenThread
ReleaseMutex
OpenMutexW
GetModuleHandleExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetFileType
DeleteFiber
GetFileSizeEx
CreateFileMappingA
ConvertFiberToThread
QueryPerformanceFrequency
SwitchToThread
GetModuleHandleA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LocalAlloc
VirtualAlloc
VirtualFree
FileTimeToSystemTime
GetFileAttributesExW
Wow64RevertWow64FsRedirection
SetFilePointer
Wow64DisableWow64FsRedirection
GetExitCodeProcess
GetProcessTimes
MapViewOfFile
WTSGetActiveConsoleSessionId
GetLocalTime
OpenProcess
UnmapViewOfFile
GetSystemTimes
DeviceIoControl
WritePrivateProfileStringW
CreateIoCompletionPort
CreateSemaphoreW
GetProcessHeap
HeapDestroy
HeapAlloc
ResetEvent
GetSystemInfo
HeapReAlloc
PostQueuedCompletionStatus
HeapSize
GetCurrentThreadId
WaitForMultipleObjectsEx
GetQueuedCompletionStatus
ReleaseSemaphore
HeapFree
ExitProcess
FindResourceW
LoadResource
LockResource
OutputDebugStringW
QueueUserWorkItem
InitializeCriticalSection
TerminateProcess
OutputDebugStringA
GetCurrentProcess
SizeofResource
GetModuleFileNameA
GetTickCount
LocalFree
DeleteFileA
GetSystemDirectoryA
GetFileAttributesA
SetFileAttributesW
GetFileAttributesW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CreateEventA
WideCharToMultiByte
DeleteCriticalSection
GetFileSize
ReadDirectoryChangesW
CreateThread
RaiseException
CloseHandle
DeleteFileW
TerminateThread
SetEvent
GetLastError
Sleep
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
CreateEventW
CreateFileW
FindClose
InitializeCriticalSectionEx
WaitForMultipleObjects
GetModuleFileNameW
ExpandEnvironmentStringsW
WriteFile
FindNextFileW
FindFirstFileW
ReadFile
FlushFileBuffers
CreateDirectoryW
user32
GetSystemMetrics
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
advapi32
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
GetNamedSecurityInfoA
SetEntriesInAclW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoA
QueryServiceStatusEx
OpenServiceW
InitializeSecurityDescriptor
StartServiceW
DeleteService
OpenSCManagerW
CloseServiceHandle
CreateServiceW
SetSecurityDescriptorDacl
CreateProcessAsUserA
OpenProcessToken
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
CreateServiceA
ChangeServiceConfig2W
RegOpenKeyW
StartTraceW
ProcessTrace
CloseTrace
OpenTraceW
RegQueryValueExW
OpenServiceA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegisterEventSourceW
ReportEventW
LookupPrivilegeValueW
AdjustTokenPrivileges
shell32
SHGetKnownFolderPath
SHGetFolderPathA
ole32
CoTaskMemFree
CoCreateGuid
oleaut32
VariantClear
kavenginewrapper
ord1
msvcp140
?exceptions@ios_base@std@@QAEXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_lock
_Thrd_sleep
_Xtime_get_ticks
_Mtx_unlock
?_Xout_of_range@std@@YAXPBD@Z
_Cnd_signal
_Mtx_current_owns
_Cnd_init_in_situ
_Strxfrm
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPBDH@Z
_Cnd_timedwait
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Strcoll
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_id
_Mtx_destroy
_Cnd_init
_Thrd_join
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
_Thrd_detach
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PAV32@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@PAV32@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?pbackfail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGG@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?underflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?seekoff@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AAE@XZ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
_Cnd_register_at_thread_exit
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
shlwapi
PathFileExistsW
log4cpp
?shutdown@Category@log4cpp@@SAXXZ
??0RollingFileAppender@log4cpp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0II_NH@Z
??0OstreamAppender@log4cpp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV?$basic_ostream@DU?$char_traits@D@std@@@3@@Z
??0PatternLayout@log4cpp@@QAE@XZ
?getPriorityValue@Priority@log4cpp@@SAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getRoot@Category@log4cpp@@SAAAV12@XZ
libzmq-mt-4_3_2
zmq_recv
zmq_ctx_new
zmq_setsockopt
zmq_connect
zmq_close
zmq_errno
zmq_socket
zmq_ctx_term
zmq_getsockopt
zmq_strerror
zmq_send
zmq_ctx_set
zmq_bind
zlib
ord46
ord2
crypt32
CertOpenStore
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CryptMsgClose
CertGetNameStringW
setupapi
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
wintrust
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
wtsapi32
WTSQueryUserToken
ws2_32
WSACleanup
closesocket
WSASetLastError
send
recv
WSAGetLastError
pdh
PdhAddEnglishCounterW
PdhOpenQueryW
PdhCollectQueryData
fltlib
FilterGetMessage
FilterReplyMessage
FilterConnectCommunicationPort
FilterSendMessage
psapi
GetModuleFileNameExW
EnumProcessModules
GetProcessMemoryInfo
GetProcessImageFileNameA
GetModuleFileNameExA
bcrypt
BCryptGenRandom
vcruntime140
memmove
__std_terminate
__vcrt_InitializeCriticalSectionEx
wcschr
_CxxThrowException
wcsstr
wcsrchr
__std_exception_destroy
__CxxFrameHandler3
__std_exception_copy
_purecall
memchr
strchr
strrchr
__std_type_info_compare
strstr
memset
memcpy
_setjmp3
_except_handler4_common
longjmp
api-ms-win-crt-time-l1-1-0
_time64
_localtime64_s
_gmtime64
_mkgmtime64
_localtime64
_gmtime64_s
_mktime64
api-ms-win-crt-runtime-l1-1-0
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_initialize_onexit_table
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
system
terminate
_controlfp_s
signal
strerror_s
_wassert
strerror
_endthreadex
_exit
raise
_invalid_parameter_noinfo_noreturn
abort
_beginthreadex
_invalid_parameter_noinfo
_errno
api-ms-win-crt-string-l1-1-0
isdigit
strnlen
_strdup
toupper
towupper
_stricmp
wcsncpy
strcpy_s
wcscpy_s
_wcsicmp
strcat_s
_wcsnicmp
isspace
strncmp
isprint
isxdigit
strcmp
tolower
strncpy
strcspn
strspn
_strnicmp
api-ms-win-crt-convert-l1-1-0
atof
atoi
strtol
strtoull
wcstoul
strtoul
strtoll
strtod
_wtoi
_strtoi64
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vswprintf
__stdio_common_vsprintf
_read
__p__commode
_set_fmode
fputs
_setmode
_fileno
getc
clearerr
_sopen_s
_filelength
_close
_wfopen
fseek
ferror
ftell
feof
fputc
fgets
fflush
fclose
fgetc
__stdio_common_vsscanf
fread
__stdio_common_vsprintf_s
fwrite
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
_get_stream_buffer_pointers
fopen
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
fputwc
ungetwc
fgetwc
__acrt_iob_func
api-ms-win-crt-heap-l1-1-0
calloc
_msize
malloc
free
_recalloc
realloc
_callnewh
_set_new_mode
api-ms-win-crt-math-l1-1-0
_dsign
log2
_dclass
_except1
__setusermatherr
_dtest
_libm_sse2_pow_precise
_isnan
api-ms-win-crt-filesystem-l1-1-0
_findfirst64i32
_unlock_file
_findnext64i32
remove
_findclose
_stat64i32
_splitpath
_lock_file
api-ms-win-crt-locale-l1-1-0
localeconv
_configthreadlocale
api-ms-win-crt-environment-l1-1-0
_dupenv_s
getenv
api-ms-win-crt-utility-l1-1-0
srand
qsort
rand
Sections
.text Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 594KB - Virtual size: 594KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 90KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 116B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 111KB - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ