quasar | Solara V3[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Solara V3.rar
Size

1.4MB
MD5

7b4c7a41b1c7ee828b2f7f111cd067ed
SHA1

b1062487e3f233cf1ba5d1d1878085b7f6fa96a7
SHA256

38be048dda9dfebcea59c2cbf3cf2abb971b96636aefabc8cafa5359efb63bc2
SHA512

03da8476dd97bc834873fda0a0544e8f543e1ec27d03790aaa2ec2d4c525777afa3fbc65ed784706d6c0978fc6a6bb6c9841c02ccd8142d547e50c5370396bb4
SSDEEP

24576:NN/q6d/E3Ce+49qdLldADEV7utO65C3bL/w5EAGFJH4IiXCLCu7:TCgdLldAq2gL/IEAGFJYQ9

Score

10^/10

robot quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

robot

tcp://quasarrat12345-50279.portmap.host:50279

Mutex

5b3b6ef6-1f5c-4cf2-a902-f38fc18c6f74

Attributes

encryption_key
044C06AD5B6394C7D3CCD0919FA2C67D30EA87D4
install_name
SolaraV3.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Update
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/Solara V3/SolaraV3.exe	family_quasar

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Solara V3/SolaraV3.exe
unpack001/Solara V3/wiarpc.dll
unpack001/Solara V3/wiaservc.dll
unpack001/Solara V3/wiashext.dll

Files

Solara V3.rar
.rar
Solara V3/Read Me.txt
Solara V3/SolaraV3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara V3/wiarpc.dll
.dll windows:10 windows x64 arch:x64

efbaf14e4250b5c7da58fe8172f49d90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wiarpc.pdb

Imports

msvcrt

_onexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
??1type_info@@UEAA@XZ
memcpy
_vscwprintf
__C_specific_handler
malloc
free
_vsnprintf
memcpy_s
_callnewh
_splitpath_s
__CxxFrameHandler3
_vsnwprintf
wcschr
__dllonexit
memset

ntdll

NtDuplicateToken
NtClose
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
CreateProcessAsUserW
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-security-base-l1-1-0

DuplicateTokenEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

rpcrt4

Ndr64AsyncClientCall
RpcAsyncInitializeHandle
UuidToStringW
RpcBindingFree
RpcAsyncCancelCall
RpcStringFreeW
RpcAsyncCompleteCall
RpcBindingSetAuthInfoExW
RpcAsyncGetCallStatus
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW

user32

CharNextW
CharUpperA
CharNextA

kernel32

GetLastError
LoadLibraryExW
FreeLibrary
RegQueryValueExA
GetLocalTime
DeleteFileW
GetSystemDirectoryA
RegCreateKeyExA
GetFileInformationByHandle
GetModuleHandleA
lstrcmpA
CreateFileW
lstrlenA
CreateMutexW
InitializeCriticalSection
RegOpenKeyExA
LoadLibraryExA
RemoveDirectoryW
DelayLoadFailureHook
ResolveDelayLoadedAPI
ExpandEnvironmentStringsW
CreateDirectoryW
LocalAlloc
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
CompareStringW
DeleteCriticalSection
WTSGetActiveConsoleSessionId
UnregisterWaitEx
ResetEvent
InitOnceComplete
DisableThreadLibraryCalls
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RegisterWaitForSingleObject
lstrlenW
EnterCriticalSection
InitOnceBeginInitialize
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
LocalFree
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
SetEvent
OutputDebugStringW
FormatMessageW
CreateEventW
ReleaseMutex
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA

Exports

Exports

??0BUFFER@@QEAA@I@Z
??0BUFFER_CHAIN@@QEAA@XZ
??0BUFFER_CHAIN_ITEM@@QEAA@I@Z
??1BUFFER@@QEAA@XZ
??1BUFFER_CHAIN@@QEAA@XZ
??1BUFFER_CHAIN_ITEM@@QEAA@XZ
??_FBUFFER@@QEAAXXZ
??_FBUFFER_CHAIN_ITEM@@QEAAXXZ
?QueryPtr@BUFFER@@QEBAPEAXXZ
?QuerySize@BUFFER@@QEBAIXZ
?QueryUsed@BUFFER_CHAIN_ITEM@@QEBAKXZ
?SetUsed@BUFFER_CHAIN_ITEM@@QEAAXK@Z
ServiceMain

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara V3/wiaservc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

886dde22a75f2bd5d6a984f4b6cd9636

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wiaservc.pdb

Imports

msvcrt

__C_specific_handler
malloc
_callnewh
_XcptFilter
free
_lock
_unlock
__dllonexit
_purecall
??1type_info@@UEAA@XZ
memset
__CxxFrameHandler3
_vsnwprintf
_wsplitpath_s
wcsstr
_wcsicmp
_vscwprintf
wcschr
_onexit
_vsnprintf
__RTDynamicCast
memcpy
memmove
_splitpath_s
_initterm
memcpy_s
_amsg_exit
wcscmp

advapi32

AllocateAndInitializeSid
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueW
LookupAccountSidW
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AccessCheck
SetSecurityDescriptorOwner
GetAce
GetSidSubAuthorityCount
GetSidSubAuthority
DestroyPrivateObjectSecurity
GetSidLengthRequired
CreatePrivateObjectSecurity
CopySid
InitializeSid
SetSecurityDescriptorSacl
OpenServiceW
EventUnregister
StartServiceW
EventSetInformation
OpenSCManagerW
EventRegister
CloseServiceHandle
QueryServiceStatus
EventWriteTransfer
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
AddAce
OpenProcessToken
GetKernelObjectSecurity
SetKernelObjectSecurity
OpenThreadToken
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
FreeSid
InitializeSecurityDescriptor
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
AddAccessAllowedAce
RegOpenKeyW
RegGetValueW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegDeleteKeyExW
RegDeleteValueW

kernel32

OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
GetTickCount
IsDebuggerPresent
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
lstrlenW
LocalAlloc
LocalFree
SystemTimeToFileTime
GetSystemTime
lstrcmpiW
lstrcmpW
WriteFile
lstrlenA
MultiByteToWideChar
GetLocalTime
MulDiv
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryExA
RemoveDirectoryW
CreateDirectoryW
SetCommMask
ClearCommError
EscapeCommFunction
PurgeComm
FlushFileBuffers
GetDateFormatW
GetFileInformationByHandle
GetModuleFileNameW
WideCharToMultiByte
ReadFile
GetFileSize
SetEndOfFile
GetFileType
SetFilePointer
MapViewOfFileEx
CreateFileMappingW
GetTempPath2W
GetTempFileNameW
DeleteFileW
UnmapViewOfFile
OpenProcess
GetCurrentThread
ResetEvent
PowerClearRequest
InitOnceComplete
PowerCreateRequest
DuplicateHandle
DisableThreadLibraryCalls
OutputDebugStringW
GetLastError
FormatMessageW
Sleep
CreateEventW
SetProcessMitigationPolicy
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitOnceBeginInitialize
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
CompareStringW
GetModuleFileNameA
WaitForSingleObjectEx
PowerSetRequest
GetThreadId
CreateFileW
CreateThread
WaitForMultipleObjects
ExpandEnvironmentStringsW
SetEvent
lstrcmpA
GetModuleHandleA
GetSystemDirectoryA
FormatMessageA
VirtualQuery
GetSystemInfo
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
VirtualProtect
CreateMutexW

user32

CharUpperA
CharNextA
CharNextW
PostMessageW
IsWindow
UnregisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterPowerSettingNotification

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
BSTR_UserMarshal64
SysAllocString
SysFreeString
SysStringLen
BSTR_UserSize

ole32

CoGetCallContext
CreateStreamOnHGlobal
StgCreatePropStg
StgOpenPropStg
CoRevertToSelf
CoRevokeClassObject
CoRegisterClassObject
FreePropVariantArray
CoImpersonateClient
CoSuspendClassObjects
CoDisconnectObject
PropVariantCopy
CoTaskMemAlloc
PropVariantClear
CLSIDFromString
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize
CoResumeClassObjects

rpcrt4

RpcImpersonateClient
RpcServerRegisterAuthInfoW
RpcServerListen
RpcServerRegisterIfEx
RpcStringBindingParseW
UuidCreateNil
UuidToStringA
NdrServerCallAll
UuidCreate
RpcAsyncCompleteCall
RpcServerUnsubscribeForNotification
RpcServerTestCancel
RpcRevertToSelf
UuidToStringW
RpcStringFreeW
RpcBindingInqAuthClientW
RpcAsyncAbortCall
NdrAsyncServerCall
Ndr64AsyncServerCallAll
NdrServerCall2
RpcServerSubscribeForNotification
RpcServerUseProtseqEpW
RpcBindingToStringBindingW
RpcServerInqDefaultPrincNameW
RpcStringFreeA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DllRegisterServer
DllUnregisterServer
ServiceMain
wiasCreateChildAppItem
wiasCreateDrvItem
wiasCreateLogInstance
wiasCreatePropContext
wiasDebugError
wiasDebugTrace
wiasDownSampleBuffer
wiasFormatArgs
wiasFreePropContext
wiasGetChangedValueFloat
wiasGetChangedValueGuid
wiasGetChangedValueLong
wiasGetChangedValueStr
wiasGetChildrenContexts
wiasGetContextFromName
wiasGetDrvItem
wiasGetImageInformation
wiasGetItemType
wiasGetPropertyAttributes
wiasGetRootItem
wiasIsPropChanged
wiasParseEndorserString
wiasPrintDebugHResult
wiasQueueEvent
wiasReadMultiple
wiasReadPropBin
wiasReadPropFloat
wiasReadPropGuid
wiasReadPropLong
wiasReadPropStr
wiasSendEndOfPage
wiasSetItemPropAttribs
wiasSetItemPropNames
wiasSetPropChanged
wiasSetPropertyAttributes
wiasSetValidFlag
wiasSetValidListFloat
wiasSetValidListGuid
wiasSetValidListLong
wiasSetValidListStr
wiasSetValidRangeFloat
wiasSetValidRangeLong
wiasUpdateScanRect
wiasUpdateValidFormat
wiasValidateItemProperties
wiasWriteBufToFile
wiasWriteMultiple
wiasWritePageBufToFile
wiasWritePageBufToStream
wiasWritePropBin
wiasWritePropFloat
wiasWritePropGuid
wiasWritePropLong
wiasWritePropStr

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Solara V3/wiashext.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ec21291681095a701f38c649eb1e9940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wiashext.pdb

Imports

msvcrt

memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
_wcsicmp
_amsg_exit
_XcptFilter
wcstol
qsort
_itow
_vsnwprintf
wcsrchr
wcschr
wcsstr
free
memset

advapi32

RegEnumKeyW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW

gdi32

SetTextColor
ExtTextOutW
SetBkMode
GetDeviceCaps
SelectObject
GetTextExtentPoint32W
GetBkMode
SetBkColor

kernel32

RegEnumKeyExW
DelayLoadFailureHook
ResolveDelayLoadedAPI
LocalAlloc
LocalFree
GetModuleHandleW
GetLastError
lstrcmpiW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadLibraryW
GetProcAddress
WideCharToMultiByte
FreeLibrary
RegEnumValueW
GetTimeFormatW
GetLocalTime
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RegCreateKeyExW
GetDateFormatW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
LoadLibraryExW
RegQueryInfoKeyW
MultiByteToWideChar

ole32

CoInitialize
CoUninitialize
FreePropVariantArray
PropVariantClear
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
ReleaseStgMedium
CoUnmarshalInterface
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString

shell32

SHGetFileInfoW
ord6

shlwapi

ord219
PathRemoveArgsW
StrFormatByteSizeW
PathParseIconLocationW
AssocQueryStringW

user32

GetDC
ReleaseDC
DestroyIcon
GetSystemMetrics
ShowWindow
SetDlgItemInt
FindWindowExW
SetPropW
GetPropW
GetClassInfoW
RemovePropW
DefWindowProcW
IsWindowVisible
CheckRadioButton
GetWindowTextW
DrawFocusRect
DrawIconEx
GetSysColor
IsDlgButtonChecked
InvalidateRect
CheckDlgButton
SetWindowLongPtrW
SetCursor
LoadCursorW
GetParent
EnableWindow
LoadStringW
SendDlgItemMessageW
LoadIconW
SendMessageW
RegisterClipboardFormatW
SetWindowTextW
GetWindowTextLengthW
CallWindowProcW
GetWindowLongW
GetWindowLongPtrW
LoadImageW
MessageBoxIndirectW
GetDlgItem
SetDlgItemTextW

Exports

Exports

AddDeviceWasChosen
AddDeviceWasChosenA
AddDeviceWasChosenW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoDeleteAllItems
MakeFullPidlForDevice

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 12B

efbaf14e4250b5c7da58fe8172f49d90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-service-core-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

rpcrt4

user32

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 2KB

.didat Size: 4KB - Virtual size: 184B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 492B

886dde22a75f2bd5d6a984f4b6cd9636

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

oleaut32

ole32

rpcrt4

version

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 212KB - Virtual size: 210KB

.data Size: 12KB - Virtual size: 14KB

.pdata Size: 20KB - Virtual size: 17KB

.didat Size: 4KB - Virtual size: 208B

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

ec21291681095a701f38c649eb1e9940

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

gdi32

kernel32

ole32

oleaut32

shell32

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 2KB

.didat
Size: 4KB - Virtual size: 184B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 492B

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 212KB - Virtual size: 210KB

.data
Size: 12KB - Virtual size: 14KB

.pdata
Size: 20KB - Virtual size: 17KB

.didat
Size: 4KB - Virtual size: 208B

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 2KB

.didat
Size: 4KB - Virtual size: 80B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 580B