-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathProcessOptions_Implant.dll.dumpbin
205 lines (186 loc) · 6.55 KB
/
ProcessOptions_Implant.dll.dumpbin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
Dump of file D:\4150\equationGroupWindows\equation_drug\ProcessOptions_Implant.dll
PE signature found
File Type: DLL
FILE HEADER VALUES
14C machine (x86)
4 number of sections
45C38E5B time date stamp Fri Feb 2 21:17:47 2007
0 file pointer to symbol table
0 number of symbols
E0 size of optional header
210E characteristics
Executable
Line numbers stripped
Symbols stripped
32 bit word machine
DLL
OPTIONAL HEADER VALUES
10B magic # (PE32)
7.10 linker version
3800 size of code
1C00 size of initialized data
0 size of uninitialized data
3F5D entry point (68003F5D)
1000 base of code
5000 base of data
68000000 image base (68000000 to 68008FFF)
1000 section alignment
200 file alignment
4.00 operating system version
1.00 image version
4.00 subsystem version
0 Win32 version
9000 size of image
400 size of headers
0 checksum
2 subsystem (Windows GUI)
0 DLL characteristics
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
6330 [ 3B] RVA [size] of Export Directory
5EA8 [ 50] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
8000 [ 338] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
5000 [ E0] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
37A5 virtual size
1000 virtual address (68001000 to 680047A4)
3800 size of raw data
400 file pointer to raw data (00000400 to 00003BFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
SECTION HEADER #2
.rdata name
136B virtual size
5000 virtual address (68005000 to 6800636A)
1400 size of raw data
3C00 file pointer to raw data (00003C00 to 00004FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
Section contains the following imports:
MSVCRT.dll
68005080 Import Address Table
68005F78 Import Name Table
0 time date stamp
0 Index of first forwarder reference
2A7 realloc
49 __CxxFrameHandler
9D _adjust_fdiv
291 malloc
10F _initterm
297 memcpy
2C0 strncmp
13C _local_unwind2
2C5 strstr
2E3 wcscpy
2E6 wcslen
2E7 wcsncat
2B8 strcmp
2BE strlen
299 memset
25E free
1C1 _stricmp
KERNEL32.dll
68005000 Import Address Table
68005EF8 Import Name Table
0 time date stamp
0 Index of first forwarder reference
169 GetLastError
15B GetFileSize
4E CreateFileMappingA
25E MapViewOfFile
252 LocalFree
24B LoadLibraryW
24E LocalAlloc
151 GetEnvironmentVariableW
50 CreateFileW
3B6 lstrcpyA
249 LoadLibraryExA
229 IsBadReadPtr
248 LoadLibraryA
EF FreeLibrary
1DE GetVersion
373 VirtualAlloc
2B6 ReleaseMutex
376 VirtualFree
279 OpenMutexW
5A CreateMutexA
30E SetFilePointer
84 DisableThreadLibraryCalls
13B GetCurrentProcessId
198 GetProcAddress
177 GetModuleHandleA
13A GetCurrentProcess
1DF GetVersionExA
2E CloseHandle
383 WaitForSingleObject
31B SetLastError
2A9 ReadFile
USER32.dll
680050C8 Import Address Table
68005FC0 Import Name Table
0 time date stamp
0 Index of first forwarder reference
2B4 UnregisterClassW
99 DestroyWindow
61 CreateWindowExW
26A SetPropA
2B3 UnregisterClassA
SECTION HEADER #3
.data name
148 virtual size
7000 virtual address (68007000 to 68007147)
200 size of raw data
5000 file pointer to raw data (00005000 to 000051FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write
SECTION HEADER #4
.reloc name
40E virtual size
8000 virtual address (68008000 to 6800840D)
600 size of raw data
5200 file pointer to raw data (00005200 to 000057FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42000040 flags
Initialized Data
Discardable
Read Only
Summary
1000 .data
2000 .rdata
1000 .reloc
4000 .text