aresloader | dogecoin-1[.]14[.]9-win32[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

dogecoin-1.14.9-win32.zip
Size

22.4MB
MD5

61feb1d444654b7f757c25397701bd9e
SHA1

bb1b8f3b3b3818e99b069c5332c6f3293f9f7af2
SHA256

3d5f7b3325f260dc291e2b1c24c54818d2edcde5527ef31168016ae9aad25fc6
SHA512

d2f4d91e9ac9d0e4b1896d6b4ef979fee14521fa79972ac379c6f22e22235a0b2a23c3b792d24fe109722fb6feb43abc138dc5f1c47e85cbf0dad68d6be0249b
SSDEEP

393216:LIjwwCdNQ6aWrOIUweRBOhRPOrfNCg/LryUVsRKlcEdxkbfFX7h7kg7VoJ:LIkwONQ6aWa0ezOhRW5PHLuKLxqog74

Score

10^/10

aresloader

Malware Config

Extracted

Family

aresloader

http://127.0.0.1:22555

Signatures

Aresloader family
aresloader

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dogecoin-1.14.9-win32/daemon/dogecoin-cli.exe
unpack001/dogecoin-1.14.9-win32/daemon/dogecoind.exe
unpack001/dogecoin-1.14.9-win32/dogecoin-qt.exe
unpack001/dogecoin-1.14.9-win32/dogecore.exe
unpack001/dogecoin-1.14.9-win32/uninstall.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/dogecoin-1.14.9-win32/uninstall.exe	nsis_installer_2

Files

dogecoin-1.14.9-win32.zip
.zip
dogecoin-1.14.9-win32/COPYING.txt
dogecoin-1.14.9-win32/daemon/dogecoin-cli.exe
.exe windows:4 windows x86 arch:x86

18b756b5028865853f390585335adc52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
ReportEventA

gdi32

CreateCompatibleBitmap
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectA

iphlpapi

if_nametoindex

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
CloseHandle
CopyFileW
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateSemaphoreA
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersion
GetWindowsDirectoryW
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileExA
MoveFileExW
MultiByteToWideChar
OpenEventA
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointerEx
SetFileTime
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_beginthread
_beginthreadex
_cexit
_chsize
_close
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_fstat64
_fstati64
_get_osfhandle
_getch
_getpid
_gmtime64
_initterm
_iob
_lock
_lseeki64
_onexit
_open
_read
_setjmp3
_setmode
_strdup
_strnicmp
_ultoa
_unlock
_vscprintf
_vsnprintf
_wfopen
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
freopen
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
islower
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
localtime
gmtime
printf
putc
putwc
qsort
raise
realloc
setbuf
setlocale
setvbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
strxfrm
system
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
time
wcscoll
wcsftime
wcslen
wcsstr
wcstombs
wcsxfrm
longjmp
_write
_strdup
_read
_open
_fileno
_fdopen
_close

shell32

SHGetSpecialFolderPathA

user32

GetDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
ReleaseDC

ws2_32

WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSASend
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getpeername
getprotobynumber
getservbyname
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
select
send
setsockopt
shutdown
socket

Exports

Exports

main

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dogecoin-1.14.9-win32/daemon/dogecoind.exe
.exe windows:4 windows x86 arch:x86

a8c3cc578fdf37ea54a7ddee0be3e663

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
ReportEventA
SetSecurityDescriptorDacl

gdi32

CreateCompatibleBitmap
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectA

iphlpapi

GetAdaptersAddresses
GetBestRoute
GetIpAddrTable
if_indextoname
if_nametoindex

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
CloseHandle
CopyFileW
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateSemaphoreA
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationA
GetVolumeNameForVolumeMountPointA
GetVolumePathNameA
GetWindowsDirectoryW
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
LockFile
LockFileEx
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
PulseEvent
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_beginthread
_beginthreadex
_cexit
_chsize
_close
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_fstat64
_fstati64
_get_osfhandle
_getch
_getcwd
_getpid
_gmtime64
_initterm
_iob
_lock
_lseeki64
_onexit
_open
_read
_setjmp3
_setmode
_snprintf
_splitpath_s
_strdup
_stricmp
_strnicmp
_ultoa
_unlock
_vscprintf
_vsnprintf
_wfopen
abort
atoi
atol
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
freopen
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isalpha
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
localtime
gmtime
ctime
perror
printf
putc
puts
putwc
qsort
raise
rand
realloc
setbuf
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcpy_s
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok_s
strtol
strtoul
strxfrm
system
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
time
wcscoll
wcsftime
wcslen
wcsstr
wcstombs
wcsxfrm
_ftime
longjmp
_write
_strdup
_read
_open
_memicmp
_fileno
_fdopen
_close

shell32

SHGetSpecialFolderPathA

user32

GetDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
ReleaseDC

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSASend
WSASetLastError
WSASocketA
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getprotobynumber
getservbyname
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

main

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dogecoin-1.14.9-win32/doc/FAQ.md
dogecoin-1.14.9-win32/doc/README.md
dogecoin-1.14.9-win32/doc/README_osx.md
dogecoin-1.14.9-win32/doc/README_windows.txt
dogecoin-1.14.9-win32/doc/REST-interface.md
dogecoin-1.14.9-win32/doc/assets-attribution.md
dogecoin-1.14.9-win32/doc/benchmarking.md
dogecoin-1.14.9-win32/doc/bips.md
dogecoin-1.14.9-win32/doc/build-archlinux.md
dogecoin-1.14.9-win32/doc/build-fedora.md
dogecoin-1.14.9-win32/doc/build-freebsd.md
dogecoin-1.14.9-win32/doc/build-macos.md
dogecoin-1.14.9-win32/doc/build-nixos.md
dogecoin-1.14.9-win32/doc/build-openbsd.md
dogecoin-1.14.9-win32/doc/build-unix.md
dogecoin-1.14.9-win32/doc/build-windows.md
dogecoin-1.14.9-win32/doc/developer-notes.md
dogecoin-1.14.9-win32/doc/dnsseed-policy.md
dogecoin-1.14.9-win32/doc/experiments.md
dogecoin-1.14.9-win32/doc/fee-recommendation.md
dogecoin-1.14.9-win32/doc/files.md
dogecoin-1.14.9-win32/doc/fuzzing.md
dogecoin-1.14.9-win32/doc/getting-started.md
dogecoin-1.14.9-win32/doc/gitian-building.md
dogecoin-1.14.9-win32/doc/init.md
dogecoin-1.14.9-win32/doc/man/Makefile
dogecoin-1.14.9-win32/doc/man/Makefile.am
dogecoin-1.14.9-win32/doc/man/Makefile.in
dogecoin-1.14.9-win32/doc/man/dogecoin-cli.1
dogecoin-1.14.9-win32/doc/man/dogecoin-qt.1
dogecoin-1.14.9-win32/doc/man/dogecoin-tx.1
dogecoin-1.14.9-win32/doc/man/dogecoind.1
dogecoin-1.14.9-win32/doc/reduce-memory.md
dogecoin-1.14.9-win32/doc/reduce-traffic.md
dogecoin-1.14.9-win32/doc/release-notes.md
dogecoin-1.14.9-win32/doc/release-notes/RELEASE_NOTES_1.8.2.md
dogecoin-1.14.9-win32/doc/release-notes/RELEASE_NOTES_1.8.3.md
dogecoin-1.14.9-win32/doc/release-notes/RELEASE_NOTES_1_8.1.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-0.14.1.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-1.14.2.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-1.14.3.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-1.14.4.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-1.14.5.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-1.14.6.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-1.14.7.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-1.14.8.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-1.7.0.md
dogecoin-1.14.9-win32/doc/release-notes/release-notes-1.8.0.md
dogecoin-1.14.9-win32/doc/release-process.md
dogecoin-1.14.9-win32/doc/rpc-maturity.md
dogecoin-1.14.9-win32/doc/shared-libraries.md
dogecoin-1.14.9-win32/doc/tor.md
dogecoin-1.14.9-win32/doc/translation_process.md
dogecoin-1.14.9-win32/doc/translation_strings_policy.md
dogecoin-1.14.9-win32/doc/travis-ci.md
dogecoin-1.14.9-win32/doc/zmq.md
dogecoin-1.14.9-win32/dogecoin-qt.exe
.exe windows:4 windows x86 arch:x86

94b73573123ce730c53a96cb8983133e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AddAccessAllowedAce
AllocateAndInitializeSid
CopySid
CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
FreeSid
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegisterEventSourceA
ReportEventA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

comdlg32

PrintDlgExW

crypt32

CertCreateCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain

gdi32

AbortDoc
AddFontMemResourceEx
AddFontResourceExW
BeginPath
BitBlt
CloseFigure
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
EndDoc
EndPage
EndPath
EnumFontFamiliesExW
ExtCreatePen
ExtTextOutW
FillPath
GdiFlush
GetBitmapBits
GetBkMode
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetDIBits
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetObjectA
GetObjectW
GetOutlineTextMetricsW
GetRegionData
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
LineTo
MoveToEx
OffsetRgn
PolyBezierTo
RemoveFontMemResourceEx
RemoveFontResourceExW
ResetDCW
RestoreDC
SaveDC
SelectClipPath
SelectClipRgn
SelectObject
SetBkMode
SetGraphicsMode
SetPolyFillMode
SetTextAlign
SetTextColor
SetWorldTransform
StartDocW
StartPage
StretchBlt
StrokePath

imm32

ImmAssociateContext
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetVirtualKey
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetBestRoute
GetIpAddrTable
GetNetworkParams
if_indextoname
if_nametoindex

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
CancelIo
CheckRemoteDebuggerPresent
CloseHandle
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateThread
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExW
FindFirstFileW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleWindow
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetUserGeoID
GetVersion
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointA
GetVolumePathNameA
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLanguageGroup
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
LockFile
LockFileEx
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
PulseEvent
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadFileEx
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepEx
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WideCharToMultiByte
WriteFile
WriteFileEx
lstrcmpW

msvcrt

__argc
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p___argv
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_beginthread
_beginthreadex
_cexit
_chsize
_close
_dup
_dup2
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_fstat64
_fstati64
_get_osfhandle
_getch
_getcwd
_getdrive
_getpid
_gmtime64
_initterm
_iob
_lock
_lseek
_lseeki64
_onexit
_open
_open_osfhandle
_read
_setjmp3
_setmode
_snprintf
_splitpath_s
_strdup
_stricmp
_strnicmp
_tzset
_ultoa
_unlock
_vscprintf
_vsnprintf
_waccess
_wchdir
_wchmod
_wfopen
_wgetdcwd
_wmkdir
_wopen
_write
abort
acos
asin
atan
atof
atoi
atol
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
freopen
frexp
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isalpha
islower
isprint
ispunct
isspace
isupper
iswalpha
iswctype
isxdigit
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
localtime
gmtime
ctime
perror
printf
putc
puts
putwc
qsort
raise
rand
realloc
remove
setbuf
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcpy_s
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok_s
strtol
strtoul
strxfrm
system
tan
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
time
wcscmp
wcscoll
wcsftime
wcslen
wcsncmp
wcsrchr
wcsstr
wcstombs
wcsxfrm
_wstat
_stat
_ftime
_tzname
_timezone
longjmp
_write
_strdup
_read
_putenv
_open
_memicmp
_fileno
_fdopen
_close

ole32

CoCreateGuid
CoCreateInstance
CoGetMalloc
CoInitialize
CoLockObjectExternal
CoTaskMemFree
CoUninitialize
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StringFromGUID2

oleaut32

SysAllocStringLen
VariantInit

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

shlwapi

PathRemoveFileSpecA

user32

AdjustWindowRectEx
AttachThreadInput
BeginPaint
CallNextHookEx
ChangeClipboardChain
CharNextExA
ChildWindowFromPointEx
ClientToScreen
CreateCaret
CreateCursor
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageW
DrawIconEx
EnableMenuItem
EndPaint
EnumDisplayMonitors
EnumWindows
FindWindowExW
FindWindowW
FlashWindowEx
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClientRect
GetClipboardFormatNameW
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenu
GetMessageExtraInfo
GetMonitorInfoW
GetParent
GetProcessWindowStation
GetQueueStatus
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetUpdateRect
GetUserObjectInformationW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InvalidateRect
IsChild
IsIconic
IsWindow
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MoveWindow
MsgWaitForMultipleObjectsEx
NotifyWinEvent
PeekMessageW
PostMessageW
RealGetWindowClassW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageW
SetCapture
SetCaretPos
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenuItemInfoW
SetParent
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
ToAscii
ToUnicode
TrackMouseEvent
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW

winmm

PlaySoundW

winspool.drv

ClosePrinter
DeviceCapabilitiesW
DocumentPropertiesW
EnumPrintersW
GetDefaultPrinterW
GetPrinterW
OpenPrinterW

ws2_32

WSAAccept
WSAAsyncSelect
WSACleanup
WSACloseEvent
WSAConnect
WSACreateEvent
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAHtonl
WSAIoctl
WSANtohl
WSANtohs
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketA
WSASocketW
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getprotobynumber
getservbyname
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

main

Sections

.text
Size: 22.1MB - Virtual size: 22.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 71B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 701KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dogecoin-1.14.9-win32/dogecore.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 999KB - Virtual size: 999KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dogecoin-1.14.9-win32/readme.txt
dogecoin-1.14.9-win32/uninstall.exe
.exe windows:4 windows x86 arch:x86

2e2e377f6342cd8e55c65e7d5fb0d752

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExA
MoveFileA
MoveFileExA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ReleaseDC
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 105KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/modern-header.bmp

Sharing

General

Malware Config

Extracted

Signatures

Files

18b756b5028865853f390585335adc52

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

iphlpapi

kernel32

msvcrt

shell32

user32

ws2_32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 11KB - Virtual size: 11KB

.rdata Size: 290KB - Virtual size: 289KB

.bss Size: - Virtual size: 23KB

.edata Size: 512B - Virtual size: 72B

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 60B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 96KB - Virtual size: 96KB

a8c3cc578fdf37ea54a7ddee0be3e663

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

iphlpapi

kernel32

msvcrt

shell32

user32

ws2_32

Exports

Exports

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.data Size: 17KB - Virtual size: 17KB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.bss Size: - Virtual size: 35KB

.edata Size: 512B - Virtual size: 69B

.idata Size: 10KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 60B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 312KB - Virtual size: 312KB

94b73573123ce730c53a96cb8983133e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comdlg32

crypt32

gdi32

imm32

iphlpapi

kernel32

msvcrt

ole32

oleaut32

shell32

shlwapi

user32

winmm

winspool.drv

ws2_32

Exports

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 11KB - Virtual size: 11KB

.rdata
Size: 290KB - Virtual size: 289KB

.bss
Size: - Virtual size: 23KB

.edata
Size: 512B - Virtual size: 72B

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 60B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 96KB - Virtual size: 96KB

.text
Size: 8.5MB - Virtual size: 8.5MB

.data
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.bss
Size: - Virtual size: 35KB

.edata
Size: 512B - Virtual size: 69B

.idata
Size: 10KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 60B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 312KB - Virtual size: 312KB

.text
Size: 22.1MB - Virtual size: 22.1MB

.data
Size: 62KB - Virtual size: 62KB

.rdata
Size: 10.8MB - Virtual size: 10.8MB

/4
Size: 1024B - Virtual size: 864B

.bss
Size: - Virtual size: 85KB

.edata
Size: 512B - Virtual size: 71B

.idata
Size: 21KB - Virtual size: 20KB

.CRT
Size: 512B - Virtual size: 60B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 456KB - Virtual size: 456KB

.reloc
Size: 701KB - Virtual size: 700KB

.text
Size: 999KB - Virtual size: 999KB

.rsrc
Size: 456KB - Virtual size: 456KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 29KB - Virtual size: 28KB

.bss
Size: - Virtual size: 105KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 512B - Virtual size: 84KB

.rsrc
Size: 403KB - Virtual size: 402KB