all[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

all.zip
Size

36.2MB
MD5

7c2aa852211b49b68f38ebb9971915b4
SHA1

adcea03a835a323f8864706610adfefd16895d80
SHA256

91cd8bfbe714acc43beff32856c3d56ded48706d3c92c492a1acb994b606003b
SHA512

22a9baf252145f405741c639019cc56f0a5ab4a836b2b6077bf196e80e83089dbb49dff8414b79b8fd182aa79f0ed27611906c5c4a8bcbb43aee607c0ae8eb27
SSDEEP

786432:waRfSFdwzJBmpuPu/mD2h0bbWU06mgk+25yMj4FUx0I1NuDIm8+nomsmkQWCE:waRfSFdwz+uPu/N2x1mgGUoGUOIzu8m6

Score

8^/10

vmprotect upx pdf link themida

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/all/clickers/nigclickermp3.exe	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/all/clickers/axentav2.exe	vmprotect
static1/unpack001/all/gcs/encephalon_clean.exe	vmprotect

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/all/gcs/crypt.exe	themida
static1/unpack001/all/gcs/kryptonclient.exe	themida
static1/unpack001/all/gcs/kura.exe	themida
static1/unpack001/all/gcs/prismhack0.2.exe	themida

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
static1/unpack001/all/clickers/slinkylmao.exe	pdf_with_link_action

Files

all.zip
.zip
all/README.txt
all/clickers/Spotify.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/clickers/axentav2.exe
.exe windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 781KB - Virtual size: 780KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
all/clickers/isolation.exe
.exe windows x86

4f5deef55182827a8fedb62cb823e9ce

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerifyVersionInfoW
Sleep
CloseHandle
GetCurrentProcess
CreateThread
GetModuleHandleA
SetConsoleTitleA
GetConsoleWindow
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetProcAddress
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
LoadLibraryA
FreeLibrary
QueryPerformanceFrequency
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
QueryPerformanceCounter
GlobalUnlock
GetStartupInfoW
GlobalAlloc

user32

CloseClipboard
OpenClipboard
WindowFromPoint
FindWindowA
TranslateMessage
DispatchMessageA
PeekMessageA
DefWindowProcA
PostQuitMessage
UnregisterClassA
RegisterClassExA
SetWindowPos
CreateWindowExA
DestroyWindow
ShowWindow
SetProcessDPIAware
MessageBoxA
GetWindowRect
UpdateWindow
SetClipboardData
GetClipboardData
EmptyClipboard
MonitorFromWindow
GetAsyncKeyState
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
ReleaseDC
GetDC
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
PostMessageW

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

dwmapi

DwmGetColorizationColor
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

msvcp140d

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Random_device@std@@YAIXZ
_Thrd_sleep
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency

d3d9

Direct3DCreate9

vcruntime140d

__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__vcrt_GetModuleHandleW
memcmp
__CxxFrameHandler3
strstr
memcpy
memset
memmove
memchr
__std_exception_copy
__vcrt_LoadLibraryExW

ucrtbased

floor
_invalid_parameter
wcslen
atof
atan2
log
pow
_calloc_dbg
_CrtDbgReport
log2
exit
system
terminate
_CrtDbgReportW
_except1
_callnewh
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
sqrt
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_free_dbg
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_controlfp_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
sin
fabs
qsort
malloc
free
__stdio_common_vsscanf
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
_wassert
strncpy
strlen
strcmp
cos
acos
toupper
ceil
_set_fmode
fmod
__stdio_common_vsprintf

Sections

.text
Size: 896KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/clickers/mangoclicker.exe
.exe windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

/z}l-
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
all/clickers/nigclickermp3.exe
.exe windows x64

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
all/clickers/slinkylmao.exe
.exe windows x64

3b7764a1804c8f2ad22122774fc2bb1e

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeKillEvent
timeSetEvent

msimg32

AlphaBlend

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
GetLastError
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW

user32

PostMessageA
MessageBoxA
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetKeyState
GetAsyncKeyState
GetForegroundWindow
SetClipboardData
CloseClipboard
OpenClipboard
CreateWindowExW
UnregisterClassW
DispatchMessageW
PostQuitMessage
DefWindowProcW
PeekMessageW
IsClipboardFormatAvailable
GetClassLongPtrA
TranslateMessage
GetMessageW
GetClassNameA
GetClipboardData
RegisterClassW

gdi32

Polyline
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
DeleteObject
Ellipse
GetStockObject
GetTextExtentPoint32W
IntersectClipRect
LineTo
Rectangle
RoundRect
SelectClipRgn
SelectObject
SetBkColor
SetDCBrushColor
SetDCPenColor
StretchBlt
SetTextColor
GdiGradientFill
PolyBezier
GetTextMetricsW
Polygon
ExtTextOutW
MoveToEx
GetObjectA
CreatePen

shell32

ShellExecuteA

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
memset

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
malloc

api-ms-win-crt-stdio-l1-1-0

fopen_s
_set_fmode
fflush
__p__commode
__stdio_common_vfprintf
fclose
ferror
fwrite
fread

api-ms-win-crt-utility-l1-1-0

rand_s

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s
_time64

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
exit
_configure_narrow_argv
_get_narrow_winmain_command_line
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_exit
terminate
_crt_atexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 269KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
all/clickers/vega.exe
.exe windows x64

ccb4fa18bec40c1c0390cc7de45708ba

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

WideCharToMultiByte
GlobalUnlock
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
GetModuleHandleW
GetConsoleWindow
GlobalFree
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalAlloc
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalLock
MultiByteToWideChar
InitOnceBeginInitialize
DeleteCriticalSection
InitOnceComplete

user32

DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
PostQuitMessage
UpdateWindow
GetCursorPos
PostMessageA
GetAsyncKeyState
FindWindowA
GetKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
CloseClipboard
OpenClipboard
ScreenToClient

msvcp140

_Mtx_unlock
_Thrd_detach
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Cnd_broadcast
_Mtx_init_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_register_at_thread_exit
_Cnd_destroy_in_situ
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Mtx_destroy_in_situ

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

xinput1_4

ord2
ord4

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
memcmp
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
memcpy
__std_terminate
memmove
_purecall
strstr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf
fseek
fwrite
fflush
__acrt_iob_func
__p__commode
ftell
fclose
fread
__stdio_common_vsscanf
_wfopen

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

__p___argv
__p___argc
_exit
_c_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
exit
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
terminate
system
_beginthreadex
abort
_cexit
_crt_atexit
_wassert
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

powf
atan2f
__setusermatherr
ceilf
acosf
logf
pow
cosf
fmodf
floorf
sqrtf
log
sinf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/gcs/Client_Loader.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1023KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/gcs/Icetea.exe
.exe windows x64

47d3c83fef3237b69b3ad220edbea196

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3d9

Direct3DCreate9

kernel32

Process32Next
CloseHandle
DeleteCriticalSection
CreateProcessA
GetExitCodeProcess
SetConsoleCtrlHandler
WriteProcessMemory
GetConsoleScreenBufferInfo
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
CreateMutexA
GetModuleHandleA
GetSystemDirectoryA
LoadLibraryA
Beep
GetProcAddress
ReadProcessMemory
GetConsoleWindow
GetTickCount
VirtualQueryEx
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetLastError
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
FormatMessageA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
Process32First
GetStdHandle
InitializeCriticalSectionEx
GetVolumeInformationA
OpenProcess
CreateToolhelp32Snapshot
GetCurrentProcessId

user32

GetWindowThreadProcessId
GetSystemMenu
DispatchMessageA
GetWindowRect
DestroyWindow
GetDC
keybd_event
PostMessageA
DeleteMenu
ShowWindow
GetAsyncKeyState
GetWindowTextA
MapVirtualKeyA
DefWindowProcA
CreateWindowExA
TranslateMessage
SendMessageA
PeekMessageA
GetWindowTextLengthA
FindWindowA
RegisterClassExA
UpdateWindow
ReleaseDC
UnregisterClassA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
GetClipboardData
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData

gdi32

SelectObject
DeleteDC
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetDIBits

advapi32

OpenProcessToken
OpenServiceA
QueryServiceStatusEx
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegDeleteValueW
AdjustTokenPrivileges
GetCurrentHwProfileA
CloseServiceHandle
LookupPrivilegeValueA
OpenSCManagerA

msvcp140

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

xinput1_4

ord4
ord2

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
memcmp
memcpy
__std_terminate
strstr
memmove
_CxxThrowException
memset
__C_specific_handler
__current_exception
__std_exception_copy
__std_exception_destroy
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

ungetc
_get_stream_buffer_pointers
ftell
_fseeki64
getchar
__acrt_iob_func
fgetc
__p__commode
__stdio_common_vsscanf
fread
setvbuf
__stdio_common_vsprintf
_wfopen
fwrite
_set_fmode
fgetpos
fseek
fclose
fflush
fsetpos
fputc

api-ms-win-crt-string-l1-1-0

isupper
strcmp
toupper
strncpy

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_crt_atexit
_get_initial_narrow_environment
_initterm
_initterm_e
terminate
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_wassert
_initialize_onexit_table
_beginthreadex
exit
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_cexit
_exit
_Exit

api-ms-win-crt-convert-l1-1-0

atof
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_unlink
_stat64i32
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

ceilf
round
floorf
fmodf
acosf
sinf
log2
cosf
pow
atan2f
sqrtf
ceil
__setusermatherr
powf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/gcs/Koid.exe
.exe windows x64

3fd06be36c16623831cd45fd8968adcb

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

kernel32

QueryPerformanceCounter
GetModuleHandleA
GetConsoleWindow
CreateThread
Process32First
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
WriteProcessMemory
ReadProcessMemory
GetModuleFileNameA
GlobalLock
GetCurrentProcessId
VirtualQueryEx
GetExitCodeProcess
GlobalFree
QueryPerformanceFrequency
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GlobalUnlock
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
TerminateProcess

user32

GetWindowTextA
GetCursorInfo
SetCursor
PostMessageA
SendMessageA
keybd_event
SetForegroundWindow
GetWindowThreadProcessId
FindWindowA
WindowFromPoint
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
SetCapture
ScreenToClient
GetCapture
ClientToScreen
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetForegroundWindow
IsChild

advapi32

OpenProcessToken
OpenServiceA
AdjustTokenPrivileges
CloseServiceHandle
QueryServiceStatusEx
OpenSCManagerA
LookupPrivilegeValueA

msvcp140

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xbad_alloc@std@@YAXXZ
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Random_device@std@@YAIXZ
_To_wide
_Close_dir
_Open_dir
_Read_dir
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

xinput1_4

ord2
ord4

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memcmp
memchr
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memmove

api-ms-win-crt-stdio-l1-1-0

ungetc
fgetc
__stdio_common_vsscanf
fread
fputc
fclose
__stdio_common_vsprintf
_wfopen
fwrite
fsetpos
_fseeki64
fseek
setvbuf
fflush
__p__commode
__acrt_iob_func
fgetpos
ftell
_get_stream_buffer_pointers
_set_fmode

api-ms-win-crt-string-l1-1-0

toupper
strncpy
isprint
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atof
strtol

api-ms-win-crt-runtime-l1-1-0

_exit
_get_initial_narrow_environment
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_errno
_initialize_onexit_table
_initterm
_initialize_narrow_environment
_configure_narrow_argv
terminate
exit
_initterm_e
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

atan2f
ceil
ceilf
pow
powf
sinf
sqrtf
cosf
floorf
fmodf
__setusermatherr
acosf
log2

api-ms-win-crt-filesystem-l1-1-0

remove
_unlock_file
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/gcs/crypt.exe
.exe windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 336KB - Virtual size: 825KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 15.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
all/gcs/encephalon_clean.exe
.exe windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
all/gcs/epic.exe
.exe windows x64

a08599a345be82fd3b030fa5c3b87d5b

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

winmm

PlaySoundA

kernel32

QueryPerformanceCounter
WriteProcessMemory
OpenProcess
CloseHandle
CreateThread
ReadProcessMemory
GetModuleHandleA
GetConsoleWindow
GetModuleFileNameA
Process32First
GetCurrentProcess
TerminateProcess
CreateToolhelp32Snapshot
GetLastError
Process32Next
CreateProcessA
VirtualQueryEx
GetThreadTimes
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
HeapReAlloc
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetProcAddress
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
SetUnhandledExceptionFilter
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
RtlUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
Sleep
LocalFree
FormatMessageA
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetCurrentThread
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

GetKeyState
SetClipboardData
GetClipboardData
GetKeyNameTextA
MapVirtualKeyA
DestroyWindow
ShowWindow
DefWindowProcA
CreateWindowExA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetMessageA
DispatchMessageA
PostMessageA
CallNextHookEx
WindowFromPoint
GetAsyncKeyState
GetCursorInfo
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage
FindWindowA
SendInput
EmptyClipboard
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_4

ord4
ord2

Sections

.text
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/gcs/itami.exe
.exe windows x64

d76f672ed6f495da4bb83044aeaf8537

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

kernel32

GetModuleFileNameA
Process32First
WriteProcessMemory
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
ReadProcessMemory
VirtualQueryEx
FindFirstFileA
FindNextFileA
FindClose
GetModuleHandleA
FreeConsole
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId

user32

GetClientRect
LoadCursorA
SetCursor
SetCapture
GetWindowThreadProcessId
DispatchMessageA
DestroyWindow
ShowWindow
GetAsyncKeyState
GetWindowTextA
DefWindowProcA
CreateWindowExA
TranslateMessage
SendMessageA
PeekMessageA
UnregisterClassA
GetWindowTextLengthA
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
ReleaseCapture
GetForegroundWindow
CloseClipboard
EmptyClipboard
OpenClipboard
IsChild
GetClipboardData
SetClipboardData
ClientToScreen
GetCursorPos
GetCapture
ScreenToClient
SetCursorPos

advapi32

LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerA
OpenProcessToken
OpenServiceA
QueryServiceStatusEx
AdjustTokenPrivileges

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_4

ord4
ord2

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Random_device@std@@YAIXZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
memmove
memcpy
memcmp
__C_specific_handler
__current_exception_context
__current_exception
__std_type_info_name
__std_type_info_compare
__std_exception_destroy
strstr
__std_terminate
_CxxThrowException
__std_exception_copy
memchr

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
getchar
setvbuf
fgetpos
fsetpos
_fseeki64
fgetc
__stdio_common_vsprintf_s
ftell
fputc
__p__commode
_set_fmode
__acrt_iob_func
ungetc
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fseek
fclose

api-ms-win-crt-string-l1-1-0

isalnum
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

strtoul
atof
strtof

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
exit
_beginthreadex
_crt_atexit
_register_onexit_function
terminate
_set_app_type
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit

api-ms-win-crt-math-l1-1-0

log2f
sinf
ceilf
ceil
acosf
sqrtf
cosf
powf
pow
floorf
fmodf
atan2f
log2
__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/gcs/kryptonclient.exe
.exe windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 283KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 101KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 449B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 275B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
all/gcs/kura.exe
.exe windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 145KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 303B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 275B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 467B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
all/gcs/lithlite.exe
.exe windows x64

eba675b4d287f51402a7cf170e487e73

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

wintrust

WinVerifyTrust

ntdll

RtlVirtualUnwind
NtQuerySystemInformation
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

QueryPerformanceCounter
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
SetConsoleMode
GetConsoleCursorInfo
TerminateProcess
GetModuleFileNameW
K32GetModuleFileNameExW
GetVolumeInformationA
GetModuleHandleA
OpenProcess
GetConsoleMode
K32GetModuleFileNameExA
SetConsoleCursorInfo
QueryFullProcessImageNameA
CloseHandle
CreateThread
GetConsoleWindow
QueryFullProcessImageNameW
GetModuleFileNameA
Process32First
CreateToolhelp32Snapshot
Process32Next
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
VirtualQueryEx
GetExitCodeProcess
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FreeLibrary
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
EnterCriticalSection
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress

user32

GetClientRect
CloseClipboard
EmptyClipboard
SetClipboardData
OpenClipboard
GetCursorInfo
PostMessageA
SendMessageA
keybd_event
SetForegroundWindow
GetWindowThreadProcessId
WindowFromPoint
GetAsyncKeyState
GetSystemMenu
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
SetWindowLongA
GetWindowTextA
GetWindowLongA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
GetClipboardData
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
EnableMenuItem
GetCursorPos
SetCursorPos
ReleaseCapture

advapi32

LookupPrivilegeValueA
QueryServiceStatusEx
OpenProcessToken
OpenSCManagerA
CloseServiceHandle
AdjustTokenPrivileges
OpenServiceA

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Close_dir
_Open_dir
_Read_dir
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_To_wide
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Thrd_sleep
_Xtime_get_ticks
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

vcruntime140

__std_type_info_compare
__C_specific_handler
memset
_CxxThrowException
__std_exception_destroy
strstr
__std_terminate
__CxxFrameHandler3
__std_exception_copy
memcmp
memcpy
memmove
memchr

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfwprintf_s
_set_fmode
ftell
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fputc
__acrt_iob_func
fflush
fwrite
fclose
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fseek

api-ms-win-crt-string-l1-1-0

_stricmp
toupper
isprint
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
_set_new_mode
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_initialize_narrow_environment
_seh_filter_exe
_set_app_type
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_errno
exit
_invalid_parameter_noinfo_noreturn
_wassert
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

atof
strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

fmodf
floorf
acosf
sqrtf
logf
atan2f
log2
ceilf
sinf
powf
__setusermatherr
cosf
ceil

api-ms-win-crt-filesystem-l1-1-0

_lock_file
remove
_unlock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/gcs/obscure.exe
.exe windows x64

c1bfa4f2fb433253319f9886408f907d

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

WideCharToMultiByte
GlobalUnlock
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
WriteProcessMemory
SetPriorityClass
GetCurrentProcess
Module32Next
Module32First
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
CloseHandle
CreateThread
LeaveCriticalSection
GlobalLock
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalFree
GlobalAlloc
GetConsoleWindow
ReadProcessMemory
EnterCriticalSection

user32

SetClipboardData
GetClipboardData
EmptyClipboard
GetWindowThreadProcessId
DispatchMessageA
DestroyWindow
SetWindowPos
PostMessageA
ShowWindow
GetAsyncKeyState
DefWindowProcA
CreateWindowExA
TranslateMessage
SendMessageA
PeekMessageA
UnregisterClassA
PostQuitMessage
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
CloseClipboard
OpenClipboard
IsChild
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
ScreenToClient
GetCapture
ClientToScreen
GetForegroundWindow

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_3

ord2
ord4

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Xtime_get_ticks
_Thrd_detach
_Query_perf_counter
_Thrd_sleep
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
__std_terminate
strstr
memcpy
memcmp
memmove
memchr

api-ms-win-crt-stdio-l1-1-0

fflush
ftell
fclose
fseek
_wfopen
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
_set_fmode
__acrt_iob_func
__p__commode
fwrite

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
_initialize_onexit_table
__p___argc
_register_onexit_function
_exit
exit
_initterm_e
_beginthreadex
_initterm
_crt_atexit
_get_initial_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_cexit
_seh_filter_exe
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

api-ms-win-crt-math-l1-1-0

sinf
powf
sqrtf
acosf
atan2f
__setusermatherr
log
ceilf
fmodf
cosf
floorf
logf
pow

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/gcs/old_drip.exe
.exe windows x64

00696255f4f88c59d82891fc1a34b7e5

Code Sign

0d:ee:e4:51:13:53:38:6f:e6:f1:99:a3:6d:ec:53:ec
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03-04-2018 00:00

Not After

08-04-2019 12:00

Subject

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ee:e4:51:13:53:38:6f:e6:f1:99:a3:6d:ec:53:ec
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03-04-2018 00:00

Not After

08-04-2019 12:00

Subject

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:96:24:63:da:9d:ad:8f:8e:cf:13:08:09:62:c3:2f:56:fd:e0:5d:61:25:34:97:fe:bf:dc:7b:ad:d9:b2:c4
Signer

Actual PE Digest

6d:96:24:63:da:9d:ad:8f:8e:cf:13:08:09:62:c3:2f:56:fd:e0:5d:61:25:34:97:fe:bf:dc:7b:ad:d9:b2:c4

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

14-02-2022 17:36
Valid: false

2e:ed:67:53:05:f6:7d:54:22:67:16:0e:49:64:06:38:1b:be:7f:6c
Signer

Actual PE Digest

2e:ed:67:53:05:f6:7d:54:22:67:16:0e:49:64:06:38:1b:be:7f:6c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

11-04-2018 19:56
Valid: true

Chain 1

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
GetLastError
InitializeCriticalSectionEx
FreeLibrary
Sleep
SleepEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
TryEnterCriticalSection
DuplicateHandle
GetModuleHandleW
GetExitCodeThread
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
GetTickCount64
OpenProcess
QueryPerformanceCounter
WaitForSingleObject
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlPcToFileHeader
DecodePointer
RaiseException
VirtualAllocEx
VirtualProtect
InitializeCriticalSectionAndSpinCount
WriteProcessMemory
GetSystemFirmwareTable
GetSystemInfo
GetVolumeInformationA
GetCurrentThread
FormatMessageA

user32

GetWindowTextW
GetWindowThreadProcessId
DefWindowProcW
CreateWindowExW
GetSystemMetrics
UnregisterClassW
EnumWindows
MessageBoxA
MessageBoxW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
FindWindowW
PostQuitMessage
UpdateWindow
GetKeyState
GetCapture
ClientToScreen
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData

shell32

ShellExecuteW

d3d9

Direct3DCreate9

ws2_32

select
__WSAFDIsSet
socket
WSAGetLastError
ioctlsocket
gethostname
WSACleanup
htonl
ntohl
WSAStartup
WSASetLastError
sendto
recv
send
bind
recvfrom
closesocket
connect
listen
getpeername
getsockopt
htons
accept
freeaddrinfo
getsockname
ntohs
setsockopt
WSAIoctl
getaddrinfo

advapi32

CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

crypt32

CertFreeCertificateContext

wldap32

ord50
ord41
ord22
ord200
ord45
ord60
ord211
ord301
ord26
ord79
ord27
ord32
ord33
ord35
ord46
ord30
ord143

normaliz

IdnToAscii

imm32

ImmGetContext
ImmSetCompositionWindow

vcruntime140

memchr
memcmp
__CxxFrameHandler3
strrchr
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
memmove
strstr
strchr
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
_purecall
__AdjustPointer
__processing_throw
__current_exception
__RTDynamicCast
__uncaught_exception
memcpy

api-ms-win-crt-stdio-l1-1-0

fopen
fgets
fwrite
__stdio_common_vsscanf
fputc
fread
__p__commode
__stdio_common_vsprintf
_wfopen
_set_fmode
fseek
_lseeki64
__stdio_common_vfprintf
fclose
fflush
__acrt_iob_func
_read
_write
_close
_open
ftell
fputs
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

exit
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_getpid
_initterm_e
_beginthreadex
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_errno
strerror
__sys_nerr
_wassert
terminate
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
_calloc_base
_free_base
calloc
malloc
realloc

api-ms-win-crt-environment-l1-1-0

_dupenv_s
getenv

api-ms-win-crt-string-l1-1-0

isalpha
isgraph
strncmp
tolower
isprint
isxdigit
strpbrk
isdigit
isspace
islower
strncpy
isalnum
isupper
_strdup

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-math-l1-1-0

fmodf
cosf
floor
__setusermatherr
sinf
exp
ceil
acosf
sqrtf
sqrt

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_access

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul
strtoll

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3.2MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
all/gcs/prismhack0.2.exe
.exe windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 199KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
all/gcs/tuke.exe
.exe windows x64

50b30da1b43153598da37c3f8b076066

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
CreateThread
Sleep
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateToolhelp32Snapshot
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
IsProcessorFeaturePresent
OpenProcess
Module32First
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
Module32Next
GetConsoleWindow
InitializeSListHead

user32

GetCapture
ScreenToClient
UpdateWindow
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
ClientToScreen
ShowWindow
IsChild
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
ReleaseCapture
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SendMessageA
SendInput
GetAsyncKeyState
FindWindowA
GetForegroundWindow
GetClassLongPtrW
GetWindowThreadProcessId
GetCursorPos
SetCursorPos
LoadCursorA

msvcp140

?_Random_device@std@@YAIXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

ntdll

ZwReadVirtualMemory
ZwQueryVirtualMemory
ZwWriteVirtualMemory

winmm

PlaySoundA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
memchr
strstr
memset
memcmp
memcpy
memmove

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
__p___argc
_exit
_cexit
__p___argv
exit
_initterm_e
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initterm
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_crt_atexit

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vsprintf
fclose
fseek
fread
fflush
__p__commode
ftell
_wfopen
_set_fmode
fwrite

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

fmodf
cosf
ceilf
__setusermatherr
roundf
acosf
sinf
sqrtf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
all/gcs/zoomingc.exe
.exe windows x64

39b71dbdc35267de98c2852438cb1a94

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
Sleep
OpenProcess
CreateThread
GetModuleFileNameA
WriteProcessMemory
GetModuleHandleA
CloseHandle
ReadProcessMemory
GetConsoleWindow
GlobalUnlock
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
InitializeSListHead
CreateProcessA

user32

SetCapture
SetCursor
SetClipboardData
GetClientRect
GetMessageA
DispatchMessageA
DestroyWindow
SetWindowPos
CallNextHookEx
ShowWindow
SetWindowsHookExA
MapVirtualKeyA
UnhookWindowsHookEx
DefWindowProcA
CreateWindowExA
TranslateMessage
mouse_event
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
SendInput
GetWindowThreadProcessId
GetAsyncKeyState
FindWindowA
GetClipboardData
GetKeyState
LoadCursorA
ScreenToClient
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetCapture
IsChild
ClientToScreen
GetForegroundWindow

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
ZwReadVirtualMemory
ZwWriteVirtualMemory
ZwSetTimerResolution

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
__current_exception
__current_exception_context
__C_specific_handler
__std_exception_destroy
_CxxThrowException
strstr
__std_terminate
memcpy
memset
memchr
memcmp
memmove

api-ms-win-crt-stdio-l1-1-0

fwrite
fread
__p__commode
_set_fmode
__stdio_common_vfprintf
__stdio_common_vsscanf
_get_stream_buffer_pointers
fseek
fclose
fflush
__acrt_iob_func
_wfopen
ftell
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fputc
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_register_onexit_function
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
terminate
exit
_invalid_parameter_noinfo_noreturn
_wassert
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-math-l1-1-0

fmodf
floorf
acosf
ceilf
logf
atan2f
sqrt
log2
sqrtf
ceil
log2f
sinf
powf
log
pow
__setusermatherr
cosf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 512B - Virtual size: 12B

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 317KB

.vmp0 Size: - Virtual size: 275KB

.vmp1 Size: 781KB - Virtual size: 780KB

.rsrc Size: 4KB - Virtual size: 4KB

4f5deef55182827a8fedb62cb823e9ce

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

imm32

dwmapi

msvcp140d

d3d9

vcruntime140d

ucrtbased

Sections

.text Size: 896KB - Virtual size: 896KB

.rdata Size: 426KB - Virtual size: 425KB

.data Size: 1024B - Virtual size: 34KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 25KB

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

/z}l- Size: 863KB - Virtual size: 863KB

.text Size: 68KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 4KB

Code Sign

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 256KB

UPX1 Size: 152KB - Virtual size: 152KB

.rsrc Size: 2KB - Virtual size: 4KB

3b7764a1804c8f2ad22122774fc2bb1e

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

winmm

msimg32

kernel32

user32

gdi32

shell32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

.text
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 317KB

.vmp0
Size: - Virtual size: 275KB

.vmp1
Size: 781KB - Virtual size: 780KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 896KB - Virtual size: 896KB

.rdata
Size: 426KB - Virtual size: 425KB

.data
Size: 1024B - Virtual size: 34KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 25KB

/z}l-
Size: 863KB - Virtual size: 863KB

.text
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 256KB

UPX1
Size: 152KB - Virtual size: 152KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 350KB - Virtual size: 350KB

.data
Size: 512B - Virtual size: 18KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 132B

.vlizer
Size: 269KB - Virtual size: 1.1MB

.text
Size: 300KB - Virtual size: 299KB

.rdata
Size: 278KB - Virtual size: 278KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 14KB - Virtual size: 14KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1023KB - Virtual size: 1022KB

.rsrc
Size: 117KB - Virtual size: 116KB

.reloc
Size: 512B - Virtual size: 12B