Externals Client Updated[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Externals Client Updated.rar
Size

27.6MB
MD5

21f5e508feca1e26645f975afc0919dd
SHA1

c8674c943002970dc61a0cfa39921df6b3c28a4d
SHA256

75b8a119c9fbe1f2548c6f226816de7a26e3755e6a98fe348ed7973e5eefe435
SHA512

6d6b4bc31b0921e784f3825c57af5a244b585ed352ec7129aebecb2e5e241ce62e22fd4e359aa8188ea20b857b1c6767d1e4a675b76a2eb80eef7f078015fa12
SSDEEP

786432:3DwZGIDd0eU0THZEpE/EHgVkn51fj/c0ShmfI9u5dkJBI:zwDWeJQWEAVmfLug9jyI

Score

8^/10

vmprotect themida

Malware Config

Signatures

VMProtect packed file 5 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/Externals Client Updated/axv2.exe	vmprotect
static1/unpack001/Externals Client Updated/encephalon.exe	vmprotect
static1/unpack001/Externals Client Updated/hypnotic.exe	vmprotect
static1/unpack001/Externals Client Updated/pulsive.exe	vmprotect
static1/unpack001/Externals Client Updated/pulsive1.0.exe	vmprotect

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/Externals Client Updated/krypton.exe	themida
static1/unpack001/Externals Client Updated/kura.exe	themida

Files

Externals Client Updated.rar
.rar
Externals Client Updated/1.7.3.exe
.exe windows x64

8c969912d151126ced51c2df75005eee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
Sleep
OpenProcess
CreateThread
GetModuleFileNameA
WriteProcessMemory
GetModuleHandleA
CloseHandle
ReadProcessMemory
GetConsoleWindow
GlobalUnlock
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
InitializeSListHead
CreateProcessA

user32

EmptyClipboard
GetCapture
ClientToScreen
GetClipboardData
GetMessageA
DispatchMessageA
DestroyWindow
SetWindowPos
CallNextHookEx
ShowWindow
SetWindowsHookExA
MapVirtualKeyA
UnhookWindowsHookEx
DefWindowProcA
CreateWindowExA
TranslateMessage
mouse_event
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
SendInput
GetWindowThreadProcessId
GetAsyncKeyState
FindWindowA
GetKeyState
LoadCursorA
CloseClipboard
ScreenToClient
SetClipboardData
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
OpenClipboard
GetCursorPos

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Random_device@std@@YAIXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
ZwReadVirtualMemory
ZwWriteVirtualMemory
ZwSetTimerResolution

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
__current_exception
__current_exception_context
__C_specific_handler
memset
_CxxThrowException
strstr
memchr
__std_terminate
memcmp
__std_exception_destroy
memmove
memcpy

api-ms-win-crt-stdio-l1-1-0

ftell
_get_stream_buffer_pointers
_fseeki64
__p__commode
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fputc
__acrt_iob_func
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fseek
fclose
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_register_onexit_function
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_wassert
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
exit
terminate
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-math-l1-1-0

logf
sqrt
sinf
fmodf
floorf
cosf
ceilf
log2
ceil
pow
log2f
powf
acosf
sqrtf
log
__setusermatherr
atan2f

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Externals Client Updated/Hermotet.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

R<Q(b,[u
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Externals Client Updated/Lithium-Lite.exe
.exe windows x64

eba675b4d287f51402a7cf170e487e73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

wintrust

WinVerifyTrust

ntdll

RtlVirtualUnwind
NtQuerySystemInformation
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

QueryPerformanceCounter
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
SetConsoleMode
GetConsoleCursorInfo
TerminateProcess
GetModuleFileNameW
K32GetModuleFileNameExW
GetVolumeInformationA
GetModuleHandleA
OpenProcess
GetConsoleMode
K32GetModuleFileNameExA
SetConsoleCursorInfo
QueryFullProcessImageNameA
CloseHandle
CreateThread
GetConsoleWindow
QueryFullProcessImageNameW
GetModuleFileNameA
Process32First
CreateToolhelp32Snapshot
Process32Next
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
VirtualQueryEx
GetExitCodeProcess
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FreeLibrary
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
EnterCriticalSection
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress

user32

GetClientRect
CloseClipboard
EmptyClipboard
SetClipboardData
OpenClipboard
GetCursorInfo
PostMessageA
SendMessageA
keybd_event
SetForegroundWindow
GetWindowThreadProcessId
WindowFromPoint
GetAsyncKeyState
GetSystemMenu
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
SetWindowLongA
GetWindowTextA
GetWindowLongA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
GetClipboardData
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
EnableMenuItem
GetCursorPos
SetCursorPos
ReleaseCapture

advapi32

LookupPrivilegeValueA
QueryServiceStatusEx
OpenProcessToken
OpenSCManagerA
CloseServiceHandle
AdjustTokenPrivileges
OpenServiceA

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Close_dir
_Open_dir
_Read_dir
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_To_wide
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Thrd_sleep
_Xtime_get_ticks
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

vcruntime140

__std_type_info_compare
__C_specific_handler
memset
_CxxThrowException
__std_exception_destroy
strstr
__std_terminate
__CxxFrameHandler3
__std_exception_copy
memcmp
memcpy
memmove
memchr

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfwprintf_s
_set_fmode
ftell
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fputc
__acrt_iob_func
fflush
fwrite
fclose
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fseek

api-ms-win-crt-string-l1-1-0

_stricmp
toupper
isprint
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
_set_new_mode
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_initialize_narrow_environment
_seh_filter_exe
_set_app_type
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_errno
exit
_invalid_parameter_noinfo_noreturn
_wassert
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

atof
strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

fmodf
floorf
acosf
sqrtf
logf
atan2f
log2
ceilf
sinf
powf
__setusermatherr
cosf
ceil

api-ms-win-crt-filesystem-l1-1-0

_lock_file
remove
_unlock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Externals Client Updated/Obscure.exe
.exe windows x64

c1bfa4f2fb433253319f9886408f907d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

WideCharToMultiByte
GlobalUnlock
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
WriteProcessMemory
SetPriorityClass
GetCurrentProcess
Module32Next
Module32First
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
CloseHandle
CreateThread
LeaveCriticalSection
GlobalLock
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalFree
GlobalAlloc
GetConsoleWindow
ReadProcessMemory
EnterCriticalSection

user32

SetClipboardData
GetClipboardData
EmptyClipboard
GetWindowThreadProcessId
DispatchMessageA
DestroyWindow
SetWindowPos
PostMessageA
ShowWindow
GetAsyncKeyState
DefWindowProcA
CreateWindowExA
TranslateMessage
SendMessageA
PeekMessageA
UnregisterClassA
PostQuitMessage
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
CloseClipboard
OpenClipboard
IsChild
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
ScreenToClient
GetCapture
ClientToScreen
GetForegroundWindow

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_3

ord2
ord4

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Xtime_get_ticks
_Thrd_detach
_Query_perf_counter
_Thrd_sleep
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
__std_terminate
strstr
memcpy
memcmp
memmove
memchr

api-ms-win-crt-stdio-l1-1-0

fflush
ftell
fclose
fseek
_wfopen
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
_set_fmode
__acrt_iob_func
__p__commode
fwrite

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
_initialize_onexit_table
__p___argc
_register_onexit_function
_exit
exit
_initterm_e
_beginthreadex
_initterm
_crt_atexit
_get_initial_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_cexit
_seh_filter_exe
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

api-ms-win-crt-math-l1-1-0

sinf
powf
sqrtf
acosf
atan2f
__setusermatherr
log
ceilf
fmodf
cosf
floorf
logf
pow

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Externals Client Updated/axv2.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 781KB - Virtual size: 780KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Externals Client Updated/encephalon.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Externals Client Updated/epic.exe
.exe windows x64

a08599a345be82fd3b030fa5c3b87d5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

winmm

PlaySoundA

kernel32

QueryPerformanceCounter
WriteProcessMemory
OpenProcess
CloseHandle
CreateThread
ReadProcessMemory
GetModuleHandleA
GetConsoleWindow
GetModuleFileNameA
Process32First
GetCurrentProcess
TerminateProcess
CreateToolhelp32Snapshot
GetLastError
Process32Next
CreateProcessA
VirtualQueryEx
GetThreadTimes
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
HeapReAlloc
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetProcAddress
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
SetUnhandledExceptionFilter
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
RtlUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
Sleep
LocalFree
FormatMessageA
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetCurrentThread
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

GetKeyState
SetClipboardData
GetClipboardData
GetKeyNameTextA
MapVirtualKeyA
DestroyWindow
ShowWindow
DefWindowProcA
CreateWindowExA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetMessageA
DispatchMessageA
PostMessageA
CallNextHookEx
WindowFromPoint
GetAsyncKeyState
GetCursorInfo
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage
FindWindowA
SendInput
EmptyClipboard
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_4

ord4
ord2

Sections

.text
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Externals Client Updated/ettelen.exe
.exe windows x86

0053c267cb4b15b76fe1ea0bb2dfba42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

kernel32

GlobalLock
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
Sleep
CreateThread
CreateProcessW
OpenProcess
GetTickCount
ReadProcessMemory
WriteProcessMemory
GetModuleFileNameW
GetModuleHandleW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
GlobalAlloc
CreateEventW
GetProcAddress
GetCurrentThreadId
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GlobalUnlock
VirtualQuery
WaitForSingleObjectEx
FreeLibrary
EnterCriticalSection

user32

SendInput
UpdateWindow
FindWindowW
ShowWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetAsyncKeyState
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsChild
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
GetWindowThreadProcessId
PostQuitMessage
DefWindowProcW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
ScreenToClient
ClientToScreen

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

xinput1_4

ord2
ord4

vcruntime140d

__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_except_handler4_common
memcmp
__CxxFrameHandler3
strstr
memset
memmove
memcpy
memchr

ucrtbased

pow
exit
srand
rand
__stdio_common_vswprintf
_time64
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_CrtDbgReportW
_CrtDbgReport
_except1
_seh_filter_exe
_set_app_type
__setusermatherr
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_set_fmode
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_free_dbg
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_controlfp_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
atan2
atof
floor
ceil
sqrt
sin
cos
acos
toupper
fmod
fabs
qsort
malloc
free
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
_wassert
strncpy
strlen
strcmp
fwrite

Sections

.textbss
Size: - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 778KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Externals Client Updated/hypnotic.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 975KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Externals Client Updated/icetea.exe
.exe windows x64

47d3c83fef3237b69b3ad220edbea196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3d9

Direct3DCreate9

kernel32

Process32Next
CloseHandle
DeleteCriticalSection
CreateProcessA
GetExitCodeProcess
SetConsoleCtrlHandler
WriteProcessMemory
GetConsoleScreenBufferInfo
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
CreateMutexA
GetModuleHandleA
GetSystemDirectoryA
LoadLibraryA
Beep
GetProcAddress
ReadProcessMemory
GetConsoleWindow
GetTickCount
VirtualQueryEx
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetLastError
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
FormatMessageA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
Process32First
GetStdHandle
InitializeCriticalSectionEx
GetVolumeInformationA
OpenProcess
CreateToolhelp32Snapshot
GetCurrentProcessId

user32

GetWindowThreadProcessId
GetSystemMenu
DispatchMessageA
GetWindowRect
DestroyWindow
GetDC
keybd_event
PostMessageA
DeleteMenu
ShowWindow
GetAsyncKeyState
GetWindowTextA
MapVirtualKeyA
DefWindowProcA
CreateWindowExA
TranslateMessage
SendMessageA
PeekMessageA
GetWindowTextLengthA
FindWindowA
RegisterClassExA
UpdateWindow
ReleaseDC
UnregisterClassA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
GetClipboardData
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData

gdi32

SelectObject
DeleteDC
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetDIBits

advapi32

OpenProcessToken
OpenServiceA
QueryServiceStatusEx
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegDeleteValueW
AdjustTokenPrivileges
GetCurrentHwProfileA
CloseServiceHandle
LookupPrivilegeValueA
OpenSCManagerA

msvcp140

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

xinput1_4

ord4
ord2

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
memcmp
memcpy
__std_terminate
strstr
memmove
_CxxThrowException
memset
__C_specific_handler
__current_exception
__std_exception_copy
__std_exception_destroy
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

ungetc
_get_stream_buffer_pointers
ftell
_fseeki64
getchar
__acrt_iob_func
fgetc
__p__commode
__stdio_common_vsscanf
fread
setvbuf
__stdio_common_vsprintf
_wfopen
fwrite
_set_fmode
fgetpos
fseek
fclose
fflush
fsetpos
fputc

api-ms-win-crt-string-l1-1-0

isupper
strcmp
toupper
strncpy

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_crt_atexit
_get_initial_narrow_environment
_initterm
_initterm_e
terminate
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_wassert
_initialize_onexit_table
_beginthreadex
exit
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_cexit
_exit
_Exit

api-ms-win-crt-convert-l1-1-0

atof
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_unlink
_stat64i32
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

ceilf
round
floorf
fmodf
acosf
sinf
log2
cosf
pow
atan2f
sqrtf
ceil
__setusermatherr
powf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Externals Client Updated/itami.exe
.exe windows x64

d76f672ed6f495da4bb83044aeaf8537

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

kernel32

GetModuleFileNameA
Process32First
WriteProcessMemory
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
ReadProcessMemory
VirtualQueryEx
FindFirstFileA
FindNextFileA
FindClose
GetModuleHandleA
FreeConsole
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId

user32

GetClientRect
LoadCursorA
SetCursor
SetCapture
GetWindowThreadProcessId
DispatchMessageA
DestroyWindow
ShowWindow
GetAsyncKeyState
GetWindowTextA
DefWindowProcA
CreateWindowExA
TranslateMessage
SendMessageA
PeekMessageA
UnregisterClassA
GetWindowTextLengthA
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
ReleaseCapture
GetForegroundWindow
CloseClipboard
EmptyClipboard
OpenClipboard
IsChild
GetClipboardData
SetClipboardData
ClientToScreen
GetCursorPos
GetCapture
ScreenToClient
SetCursorPos

advapi32

LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerA
OpenProcessToken
OpenServiceA
QueryServiceStatusEx
AdjustTokenPrivileges

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_4

ord4
ord2

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Random_device@std@@YAIXZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
memmove
memcpy
memcmp
__C_specific_handler
__current_exception_context
__current_exception
__std_type_info_name
__std_type_info_compare
__std_exception_destroy
strstr
__std_terminate
_CxxThrowException
__std_exception_copy
memchr

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
getchar
setvbuf
fgetpos
fsetpos
_fseeki64
fgetc
__stdio_common_vsprintf_s
ftell
fputc
__p__commode
_set_fmode
__acrt_iob_func
ungetc
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fseek
fclose

api-ms-win-crt-string-l1-1-0

isalnum
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

strtoul
atof
strtof

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
exit
_beginthreadex
_crt_atexit
_register_onexit_function
terminate
_set_app_type
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit

api-ms-win-crt-math-l1-1-0

log2f
sinf
ceilf
ceil
acosf
sqrtf
cosf
powf
pow
floorf
fmodf
atan2f
log2
__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Externals Client Updated/koid.exe
.exe windows x64

6b5075b82f10534e3c23be1eaf3d1551

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

ws2_32

getpeername
getsockname
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
htonl
connect
htons
ntohl
getsockopt
closesocket
bind
send
WSAStartup
WSACleanup
WSAGetLastError
recv
__WSAFDIsSet
select
WSASetLastError

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord143
ord211
ord46
ord301

crypt32

CertFreeCertificateContext

d3dcompiler_47

D3DCompile

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForMultipleObjects
RtlVirtualUnwind
ReadFile
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
WaitForSingleObjectEx
FormatMessageA
SetLastError
GetLastError
SleepEx
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
ResetEvent
SetEvent
PeekNamedPipe
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
QueryPerformanceCounter
GetModuleHandleA
GetConsoleWindow
CloseHandle
CreateThread
Process32First
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
WriteProcessMemory
ReadProcessMemory
GetModuleFileNameA
TerminateProcess
GetCurrentProcessId
VirtualQueryEx
GetExitCodeProcess
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
Sleep

user32

GetWindowTextA
GetCursorInfo
PostMessageA
SendMessageA
keybd_event
SetForegroundWindow
GetWindowThreadProcessId
FindWindowA
WindowFromPoint
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
SetClipboardData
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData

advapi32

CloseServiceHandle
OpenServiceA
QueryServiceStatusEx
OpenProcessToken
OpenSCManagerA
LookupPrivilegeValueA
CryptEncrypt
AdjustTokenPrivileges
ControlService
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

msvcp140

_Close_dir
_Open_dir
_Read_dir
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_To_wide
?_Random_device@std@@YAIXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xbad_alloc@std@@YAXXZ

xinput1_4

ord2
ord4

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__std_terminate
__C_specific_handler
__current_exception_context
__current_exception
memchr
memcmp
strrchr
memmove
memset
memcpy
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
strchr
strstr

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vsprintf
fwrite
fseek
fclose
__stdio_common_vsscanf
_wfopen
_lseeki64
_read
_write
_close
_open
fflush
fopen
_get_stream_buffer_pointers
_fseeki64
_set_fmode
__acrt_iob_func
fsetpos
ungetc
setvbuf
ftell
fgetpos
__p__commode
fgetc
fputc

api-ms-win-crt-string-l1-1-0

isprint
_strdup
strncmp
tolower
isalpha
isgraph
islower
strncpy
isupper
isxdigit
strpbrk
isspace
toupper
isalnum
strcmp
isdigit

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
_callnewh
free
realloc

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
atof
strtoll
strtol

api-ms-win-crt-runtime-l1-1-0

strerror
_invalid_parameter_noinfo_noreturn
exit
_beginthreadex
__sys_nerr
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
__p___argc
_seh_filter_exe
_set_app_type
_initterm
_get_initial_narrow_environment
_errno
_initterm_e
_exit

api-ms-win-crt-math-l1-1-0

fmodf
floorf
powf
cosf
sinf
sqrtf
__setusermatherr
ceil
acosf
log2
atan2f
ceilf
pow

api-ms-win-crt-filesystem-l1-1-0

remove
_fstat64
_stat64
_unlock_file
_lock_file
_access

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_mbsnbcpy
_mbschr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 522KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Externals Client Updated/krypton.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 283KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 101KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 449B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 275B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Externals Client Updated/kura.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 145KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 303B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 275B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 467B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Externals Client Updated/null.zip
.zip
Externals Client Updated/pulsive.exe
.exe windows x64

e37dbb086a77cde66419329278c9f35f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

GlobalLock
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

DispatchMessageW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

imm32

ImmSetCompositionWindow

xinput1_3

ord2

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_cexit

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

ǵ%(�26�bU�O7Ӡ�1��@�-E6��,�Ě>Cu2��ٯJ �� Y��j�[8��:!��$qϴ��M��K��ǪL��#V��g{[��3��=i �j��7�q��7CO��8I{2sY�!��U��ʟ>�u=��p��ty0r��W5�@m�w��ߚ��K��,Ȩ��<d&��~��!s�&W��[�_uo��Fۿ�/�[�U�5$X-J�z׸�Ç�lW549�W��th�2C��7�F�m1竓��UD�-�wS�f��ob��~�e�r^��R ��>>�M@̊5��X�Δ' �p��p��Y��A�M.j�\HQ`m\+z��pHY��!�)��fD]�|��QGv<� |W9��d!{Ы8q�\eϽ��؂��!��"��=��P]+�]^W��\�'d�إk/��*��F�''��dW��)�N)N9��z�%b2�{,c�?��(O�Û a��%&�]�.H�u�C'�2��T�ͱҴ!��w�4�%{`Ʋ3��m��@ ��/G�A�8��b�G��Re��>��>��ik��M�6,'s��[��P��|��ܘk1��(�'�P��F��f()ڥF@i��M%W(�f�-b"O2��X7��=K1+�l��m�*Ŵdɼ9I6��+d�Ye⢵L{/��gOJ4P_t��1��<�;�T�>�r=eBB[��c9��4��Z��*l��u�_��yHpC�z^��&�K��#�WPK.��ǜ��fSV��ŗ��ˠ�)�`*� ��x_�^�d��xy̔��U�>.}s?��എ�&1"�m��)�/�D�K��Қ �@ҏe�^z�͎��i��/'�)�I��iE��.��vVb��Lq��dbF��`|Ív8��@��}�� J>�P�dZ\d�Ō�x� �|lr��G-®�V�s0��aM��pX��d�Hi�"��>,�}��¦&� �e>v�b�rJ4u��o�4ģy|Px��a�V��|�7�p��_�R�D�S��B��3�F/��j2�CA8�y��$C��3zϚ��g��i��*P�2Y١��߽Fm�S��m�WGe�t��e�|��f�RAdcL�[��zr��G��TA�F 3��Mb�R��Mt� hƎ�<��`��6G�RF��Y�,=H�0�]P=ɉ��5�9�u{8D��+xu�Pn�Ԇ@�cl��F~��s��Wd�ZrĈP��P;��z��o͝"˳hxp�K�@�[n5/��Pߌ e|�*-��ޓ��XOS�[&p�s�AĶ��I��(��v@Y�O��-��^V��U�2M�N�-��L�-��~� ��o��BGH��J��q+ Sh�٬ 9Ao=f]�@,�O,~�;B�7��I��L�TL��K/z!�Q��sP��n��0�va��m��'@��/C��fOJ��k�6�W��nrR��c ��,��m��5��x��s��vm��q��Xp�_�D��uT�)m�� My�}��\?~��||��P��bb�Ш�ki2%T��{�i�^�a<��?Ϭ��~��v��~�M��I��:W�z�w:�M0o�[�?w��{ �j��#��̼� �Y��5#�e�sQ?�8�%��5�v�j��>��N� �<��n�� ׸��p`-��|T�G�+�^�)�#��p��ۤE�_��j�>��1(r��+s�d/��B�,��~�i��Ӥ�� yp�8�<I��a�tշ�-%�B��6��\?o��j��ᾭ��N&=ԠE-��EZ�D׬��)$b.B��c�np��5 �� i�C�� Fz��#�uŇII&@N�y�4�l��A?v�9E}�#2d9/�Ev&�)�a볧��61��`,wz�d�>� 6�>K�ج�k��̣*/ߛ�e/��k��~C�T��ia�u��j{�~^pFx��}��U��j{�jԥ��r�%�N��:m8t�-��}��܉��1�Ӥ��ۘ��,��|��I�v4�&�N�o�P��\N��V��ѐ{@�m�x��غIW�$/ �n��BCNq�=��w��,��{X�<�N�"3��sO~ �9�ױ9��c�;�|da�X�oGQ��f+�H�S�M(X�ѷ�B��*O�i��-J�Wd�3ډ��b��tW��1��vr7 ~'��#^�JC�*Me��6g�H�H��}�>�L�!��Jb�X��pĊF��&V��B�a�k�4f4�񿴰L��Ň��/�GO9�"y��'o_w�-;Wl`@ܢM��c��~��h*��;��b'^�_��s胠,�� c��&��3[! ؍ k�]�25�{5��Oi�� 7} j�i�N�S��$� @0�ւ��e��X�ک��N��un��~��0��#J�\�0'��5]��0;� ��(I8�D$�z΃&2��R�>��g/��A��tz��x�5+��?�-Q�Fuc D�ŵ�_��w��U�;��>�1f�1�/̸*oh�r\�sk ��7��|T䰻dlO<��nj�c�6�o�N�� D�~�q1Fb�-"�`2�͂�Vu?N�Z;�4�X��!�U$#��L�[,�ޒ`q�eR}��}#A��l[��3�l� o��G��w��}¸��?��< W�-E|��!��V? ��'��O�C�,� ��V}�K1��;��e>�(gA��Aj��I�ϸ��isT��@�=�sg��Q-�

Sections

.text
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Externals Client Updated/pulsive1.0.exe
.exe windows x86

2c89cd5c615eb743461ab77ddb424c71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

kernel32

GlobalLock
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PeekMessageW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

imm32

ImmSetCompositionWindow

xinput1_4

ord4

msvcp140

?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

_wfopen

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_initterm

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

c�wΤJi$�g�u9 �� //�uj!(A>�+��o�yY;}�!��\n�7��$˼�[�d��:��);X�uؙ�Ec,�� W��5U��T��s�xK%}E�p�b��H��)��J{bc��g�hlq��*@;xD+*S� �� d��z��o̩:��p�Z�ā^�$��B�߹��Db�7<J��M��`�#��n�gڼ�(��O�Я�� M��^�t��2]��QF��Z]��Е��>��K��5v�:�2��@EzҮ�gT8r#��z�� r��ː� �A>0$��yz=(��X��\{�Q�z�H�Ѳ ��a�Ns��2?e��I%5ԍ��^@��W�bq��G�I��>��nm*��?C��]�{Ԩ�l��ࢸ'��<�:�؏1MBՎ��jmL^&��8@Wk�4l�p|k/��w�/� g6�p̙t��v�2�m��Y��(��1��;G��w,� Fw��\�ΑcWN��Rfhݞ�c�R�� ,3vJ̃1Լ?��U� _��8O��ˁ�c��+E%��I.L�#$Ⱦ�DN,Z�C�Pzq�f��Aj����B��r�g ��+#@+�j1��%��Ȧ��0��\*Em<7U �e��4i!��|�nt�7��ʯ��xJr��E��p�b��['�2��pfc��l�&'U��@o�[ �!�֦��K'p1ɱ�nӡ��{A-�;�%xc�X��F��7ڰes&�>��b��a4%�D,M� -\Z�XW[C��V�-Rh�.�k&�� B� 09�fE�xe^~a �־ ��hD,��m Xz�� D8�G�#l\"�2^�L��\d�aK +��h�v~��{�a��e*PF�-w�ږ?:�� ԁ;�gTO�ZT�b��A��t$�a_D7{�z��O��ƏŴ\��Z�� }��PHP��Qz�'��y�N�ܷ�=1�V��9 �"��QE��xB]�WI��9�S�J�_�V3(��9��Ǯ�ɐ��N�D,ѯ�8铏<��J��"��C�DX�z�=�h��7�9��|��:TH^*:�x��̔��3�E~��˝�׆�ʥ�ߙ��"��N#޲>p��_�#J%��h��ߧG��/j|2l��WߋD�Ԍ�f�Wx��R��}1ړ��4��QA�cҏx`�8U��c\�� cI��'�@^��ݣm��kp:JAԘ��u��=G'&INL�D��^@I_�"��=�˔ʃR=�fߌ-�*"��l�_��o ׎�kwdt��K��o�mޔ�H7e܅��p�l�A|6��ɭ��j��w`�n5{�с�_��%!��Cw�׵��kiAAB&�3�Ʌ@��N<�v�.ɽ��b�+�|��$0��j�E^0��bbl�?:f Y.��Ω53��u�}k}s�� 2��T/{�՟74Ǩ�e�%DC�潶~��-��!�Q�U��=R$��"��n��eO�~��,��8r �-�� 4��r�@�jÅ�gB��M��7��Ѝ��kR�ܸ�j��:�5��(w��Y�rp��Yxxp4v�R��ʴ�FS��[Z{�U�z1B$��`y�a��y�Y�q{�%#��2l9a��P�Ա�ܽI��,�VӾ�2�c7h#��4��;w^^��+�<��,i��hH�T��!⭎��.��l��O��L�/E�D��qN�Q��y��e�X}2+y�c�v��{��C9��X��6K� I�x �x��lާ��>�%9�R`��'MԳF�i��y��!W�6�TgaV�e*X<��0�ˢ��I}�#7Y�Y>h�Q��8 �/�H��2ʏ�}��8*<�=�]=��q�=H��u}� ��@LU��V�N��+�&\�� >�q _�Z��0��WM(tXz] ��dm>< By#�⿋;~ި�8��|E`qܨ(�z�ӛX��b�Db�;6��.u�"��Ϙ/�RUm�R��/��1d��9��![��5�Wҳ��Ǜ�I,��t��ZO��1gxj�|�d��V�g�?��&g��1 ��1��՝��~�Cj��5/��R��c�>8$$�hZ��¯�^|�!��4��f��L�8��¯_��@�k\�?��~�e��_d��Q��M��^6�߃�)=��$d3�cg��оj�`s�� _%��x��m&�Ҽ��ě|9fw�l}��L��Gwh.��H�E�XA:��U�m�7��n~.�&�t��1��]4/�A4}.��v�o�SwW��X�O�3��R��s(��r��<2��W,ñ9"�=��yeC�s*g��H��H)�j�{��3�*̟@��q��I?��1�+V'0��(l'��ǰqe;��6��Ek��fr�k餱��q��9��z��:#��/{��X�� 4{4'��1��yIn��ã��n�Q��Ʋw�c0��S䗣�<ڀ;�l(��:(=�@|Kk��"8�p�L-K��9�~��cA��n��V�P�ň�w��ׅm��T#��kqS� ��kc�E-ycz��a=�XB_��¦�!�Z {�O�MMt̙9w$��,ܽ��er��]j�sƭ�l$X�ڡ�KD��/�l�LL��ŋ~E\A�S �5-q0ޘQ!*!q�t΋�� ,E�Yr�`}%t`��]\�ի�GxK�,-�$�e��&��9�pV��2P��+MC7T�ƴ�~��p�Ձ:|��3R�E�[��Sі�:��uOj�]\��:N^��5��C��jfU��g��o&�Ҕ�m��/�Z

Sections

.text
Size: - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Externals Client Updated/supremacy.exe
.exe windows x86

a716ee4220f0563f85896dd03f01f1ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

kernel32

OpenProcess
GetTickCount
TerminateProcess
GetModuleFileNameW
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
CreateProcessW
CreateThread
GetModuleHandleW
GetCurrentProcess
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
GetLastError
QueryPerformanceFrequency
GetModuleFileNameA
GetProcAddress
LoadLibraryExA
FormatMessageA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
DeleteCriticalSection
InitializeSListHead
FreeLibrary
SetEvent
ResetEvent

user32

DefWindowProcW
GetWindowThreadProcessId
SendMessageW
FindWindowW
GetKeyState
DestroyWindow
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
PostQuitMessage
GetCapture
ReleaseCapture
SetCursorPos
GetCursorPos
GetAsyncKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
UpdateWindow
ScreenToClient

advapi32

GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_3

ord2
ord4

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__current_exception_context
memset
_except_handler4_common
_CxxThrowException
strrchr
memchr
_setjmp3
longjmp
memcpy
__std_exception_copy
__std_exception_destroy
strchr
strstr
__std_terminate
__CxxFrameHandler3
__current_exception
memmove

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vsprintf
__stdio_common_vswprintf
feof
_wfopen
fgets
ferror
tmpnam
ftell
__p__commode
__acrt_iob_func
fflush
fclose
ungetc
tmpfile
setvbuf
_popen
_pclose
_ftelli64
_fseeki64
clearerr
fopen
__stdio_common_vsscanf
fseek
_set_fmode
fwrite
freopen
getc
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

tolower
strcoll
isdigit
strspn
strpbrk
strncpy
isalnum
isspace
toupper
isalpha
isupper
islower
ispunct
isgraph
iscntrl
isxdigit
strcpy_s
strncmp

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
free
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_seh_filter_exe
_set_app_type
system
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_get_initial_narrow_environment
_initterm
terminate
_initterm_e
__p___argc
__p___argv
_c_exit
abort
_register_thread_local_exe_atexit_callback
strerror
_controlfp_s
_errno
_invalid_parameter_noinfo_noreturn
_cexit
exit
_wassert
_exit

api-ms-win-crt-convert-l1-1-0

strtod
atof

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
strftime
_localtime64
clock
_mktime64
_difftime64

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale
_configthreadlocale

api-ms-win-crt-math-l1-1-0

ldexp
_CItanh
_CIsinh
_libm_sse2_log10_precise
_CIfmod
_libm_sse2_pow_precise
floor
_libm_sse2_log_precise
frexp
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_libm_sse2_exp_precise
ceil
_libm_sse2_acos_precise
_libm_sse2_asin_precise
__setusermatherr
_libm_sse2_cos_precise
_CIcosh
_CIatan2

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

remove
rename

Sections

.text
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c969912d151126ced51c2df75005eee

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

imm32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 290KB - Virtual size: 289KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 308B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

R<Q(b,[u Size: 1.9MB - Virtual size: 1.9MB

.text Size: 50KB - Virtual size: 50KB

.rsrc Size: 4KB - Virtual size: 4KB

Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

eba675b4d287f51402a7cf170e487e73

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dcompiler_47

wintrust

ntdll

kernel32

user32

advapi32

shell32

imm32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 433KB - Virtual size: 433KB

.rdata Size: 433KB - Virtual size: 433KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 488B

.text
Size: 290KB - Virtual size: 289KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 308B

R<Q(b,[u
Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 433KB - Virtual size: 433KB

.rdata
Size: 433KB - Virtual size: 433KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 500B

.text
Size: 270KB - Virtual size: 269KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 264B

.text
Size: - Virtual size: 317KB

.vmp0
Size: - Virtual size: 275KB

.vmp1
Size: 781KB - Virtual size: 780KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: - Virtual size: 1.8MB

.vmp0
Size: - Virtual size: 666KB

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 480KB - Virtual size: 479KB

.rdata
Size: 576KB - Virtual size: 575KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 21KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB