Main-7[.]5-Bypass-ONLINE [28th December][.]zip

Resubmissions

04/01/2023, 05:51

230104-gj64yaeb36 9

04/01/2023, 05:39

230104-gcp7vahc91 9

Sharing

Copy URL Twitter E-mail

General

Target

Main-7.5-Bypass-ONLINE [28th December].zip
Size

260.9MB
MD5

534f967ef1778082d1e106697a8d527b
SHA1

f987baab0b5dbd8ce6688da9ee0f06479f393eae
SHA256

8b9de709437c077ab3f925ced38d7bdc35e22ec2068ab7d93c1f021b8b814371
SHA512

38fc95dcd86b05da93b29875900c2d149cdff1f0b0b3a4ea6c9c8248caa2b45c35e59db356aae19885cbd690cebd66113b6cc87f842aa454f29ef584e716c682
SSDEEP

6291456:w6t+uCO64VPuPi4EysglxgFkmmOFRiA9fCEEZ9Vy/A4okt9BB6:XD4bP4Fw4f7qTyvH6

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/english.dll	acprotect
static1/unpack001/Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path.dll	acprotect
static1/unpack001/Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path2.0.dll	acprotect

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Fonts.exe	upx
static1/unpack001/Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/StartHack.exe	upx
static1/unpack001/Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/StartOldHack.exe	upx
static1/unpack001/Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt8x.exe	upx
static1/unpack001/Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt9.exe	upx
static1/unpack001/Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/timer.exe	upx

Files

Main-7.5-Bypass-ONLINE [28th December].zip
.zip
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/AdbPath64.dll
.dll windows x86

c64cac39044626770353879245ea25e4

Code Sign

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:4b:a8:7a:a5:0c:b9:b1:99:5e:36:94:4b:f9:b3:cf:b5:ba:0b:02:61:7e:07:c2:80:1f:94:c8:92:f9:63:42
Signer

Actual PE Digest

0b:4b:a8:7a:a5:0c:b9:b1:99:5e:36:94:4b:f9:b3:cf:b5:ba:0b:02:61:7e:07:c2:80:1f:94:c8:92:f9:63:42

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

11/09/2020, 10:31
Valid: true

Chain 1

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

e7:3f:26:8f:5a:37:f3:81:9d:dd:0f:24:04:a3:03:5b:f1:84:d1:c2
Signer

Actual PE Digest

e7:3f:26:8f:5a:37:f3:81:9d:dd:0f:24:04:a3:03:5b:f1:84:d1:c2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

11/09/2020, 10:29
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance

kernel32

GetACP
SetLastError
CloseHandle
GetLastError
DeviceIoControl
WriteFile
ReadFile
GetOverlappedResult
CreateFileW
WideCharToMultiByte
Sleep
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetSystemDirectoryW
RaiseException
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetVersionExA
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
OutputDebugStringA
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
GetModuleHandleW
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PBG@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SGPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SG?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SG?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SG?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.53.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.54.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.55.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.56.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.57.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.58.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.59.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.60.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.61.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Fonts.exe
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 452KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1011KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Pathfinder.exe
.exe windows x86

ead364a9564def7dbab3c2916879f461

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

CreateFontA

shell32

ShellExecuteA

version

GetFileVersionInfoA

ole32

CreateStreamOnHGlobal

msvcrt

isxdigit

comctl32

InitializeFlatSB

wininet

InternetGetConnectedState

comdlg32

PageSetupDlgW

winmm

timeGetTime

winspool.drv

SetPrinterW

d3d9

Direct3DCreate9

winhttp

WinHttpWriteData

wtsapi32

WTSSendMessageW

Exports

Exports

TMethodImplementationIntercept
�-��A��,w�z��;騝6�R5��{��*T�U�� z~�he�7�G��n=��\��e ��#�l,��o��إ�.+&�?�ig=�7��Z~{�$� ��K>��+��_:7J�=��o� p1=L��iɌ*(م"p�c��%��r��侥f�I��X>��m��$z] #��bRO��PϢ��b��)V�&�a��S�f/Î��T��dP�ma��a�bU�`[i�I1��2F�߈��^0X��t9�y/��^��E$��9#�N�"Q�~�}��C�'\{�w6%�?0�v5R�22V!p:'�w�� -��X��'��e��IN��g��S�67�$}L|M[�U�*�?4ͩ%/Q�q|��-��D_��J��T�uY� j(�{�;��貱f��5��3w�R;(�]j#�4�})�k��O�0)k$�1�:Oy��9��o��5�"�m?B�� O��%^��i�bF��1��Ip�R��=��9Ƙa��n�t�3��I��#8oPE;�\Sf'��M��>r�ԏ�p�E� -t�p&�1�E�萢��y�+�bl��>J!�׫+0�W��4G�d㛤��5�8�g��y`E%ñ:�hЈ�VVd��e<�5ˁ�8�_�7\�2;��-��u��g��Hj`En�Ң�s�Y��^-$D��̸�|�!l/�3�x�_��h=Gݺ�"��m��eŕ��;1N��|'?�qH�ü��G< �`Y�:�]��/Q��M��9�ժl�_�=x6aYg�L�r�e��copN]�y[��B��˵wn^3�K�;��B}�W:��8��Fy��5��u��K ��2��i�I{f�l�jNHԷ<��R��2Ɛ��9��LC��&� ��r��p\v�r��C�z%�AK�2&t\�.w[¬C��lT��O��bC�8!Y�[�q#AzH��S��SЮ�j]��xG�gf6 �n�y�Q(��Zt��x�qހ�P��$<;px��)�3�~Չ��L5�GD(^��r��u��Nӂ1��'f�}��R�B~�s� \]h}��e2�rJ5��p�^��STȶ=߹��B౟F��$��.�)��y�4�u��,Y.�-y"�ν ��<�gh�.�ˉ�Ec9B��pԊ�i_rO��C[��^�1�9�h�C�:[�r��F��eg��Nl�s��YZ��ȱ��a�Y�\��u��'t@1�d��,��1&��_�t�j;;�X��=�d� -96�� @0"C��E)�u�8yɡc�^s�8��O�ݏ��@`��~�-�o�X�}2<�Y�vBƯ�]j�]�LXiK柬�I󴂫^٘@�VT�gog��M��6l9��Gdb�c�!� V�ˡfX;I j��7W�r�B�x+o�S�P ��75��'�)��'s)�^v!�H^@��/N�� }/�p+�D��5��5?�"TjM�zz*/��v0��~F��NtdQa�O�@��(_ J�]��'��բ�|�V�6��_e�o@��@N�E��V��@��G7=��c@T�3��Y��X]��9��q��F弐L&�睇��a��YgJ��9�7��Z�c��q��@�h�ª��Q-��j��OM��}��eNLtg1� o�FT�ܰ��'�p�Fd:�R�j�u�fEB��C˞�A�F<��0+��Eg��d�N8��e�?J��J��iL�� & 7bb��*c��ŵ��l i�g7�w��"|I[��5� �>6ETF҉'��'Zͭ��rK5��+(��!n_��b�7�9ش�g��(�A��k\��D��K��O�(��W��g@F)��&Y'}�Sn�tJ�e��[J��7?��G/��c��Y��k�s-�r�5:;��TI_��HO��5nj=�9��;QW�&�S�Z��T:��(|�:s.��_0��[Y$�O<�z�t"x� +�4sb�hD/(�N�a�� x5��{8M��l4�D�-f�=c0��;)X��0��/��#�X��P+)>j��U��7�@�IF�e�٘��}��È�;Lڷe��"+s�� $,t��K��!EP��Uj�M�I^ԛ�AZI�p��@S��=/.h��NX�c��́�fK�b"��Yl�]��j��3K^(��+�Z*�B�� p�FP*+]J˫i9$_�@:wl;��d=,+��N�^E��yb3~�}�{��p��eǤ d{0�R�d>R=��5-��[{�߁i�7TS��=�v�aV� N=ԟ[�b��iѲ80 �#N霙��-�8�z��eL�za��rìn�~#S `��>Ŝf��&;�]#�1�M�Xѧ�J3�W�<�r��<X7�f�{��ZM��0Q��I\��E΂"�6a��Y�ȸ�� x:[�k��6��2�,Q�x ��M�)�OX�a7��`˃��:��.��g)g��a'C�~��޿��g�B��-Gۮ��^�� e��_^�kP��WB��PRX��Pg��3^_�BE�Z��L��&��iQ�(o��C��{�_y�d�Gf�j�,G�\'��:k�� qҼ�� k��l%d�<F��}��yǞ��(V�]f\�k��Qc� �:��k�r�?�2w8m)�bg�A&��K}�oJH�h~:�� N��e��%� �,�*$�[V��gM�ى��M ��լY��*Y��Ͳ6�9�X�Q�t,�� 0I;��e30�FW��P�l��\��!�U�c�CJ�bϭ!]�+5s\��|$�i�� c�8}��lF�ll�5�TP��龄�3$�n�

Sections

Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21.3MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo0
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 405KB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo7
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo1
Size: 24.1MB - Virtual size: 24.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Pathfinder_Day.exe
.exe windows x86

ead364a9564def7dbab3c2916879f461

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

CreateFontA

shell32

ShellExecuteA

version

GetFileVersionInfoA

ole32

CreateStreamOnHGlobal

msvcrt

isxdigit

comctl32

InitializeFlatSB

wininet

InternetGetConnectedState

comdlg32

PageSetupDlgW

winmm

timeGetTime

winspool.drv

SetPrinterW

d3d9

Direct3DCreate9

winhttp

WinHttpWriteData

wtsapi32

WTSSendMessageW

Exports

Exports

=l��|F��lN��B�� B+V��%�ُZ��뷝� ��48��ro;O�l�5��JR˥�<B[�U�,9�;�� wrp��Kh6 ��&��P��K1��X'Q�fSu��K�T�$n��{�#p��E��w�|87��ϥ-ر\�a�`:�F��3`�d�`4F�C;!�V�A�ho��O��E�V��$%�PL�ˋ'��U_!oCg��a�K&W�n��Y/Jv�Jg��j?�`s��QnY&X�d�XT��Q9`�v��h�}�h��B�2��Q캍M��<��s��ұ�`:b0��-�+�8��:��-I�l��h>UR��܀�}�9Y��!�H�Е7��[��ʧC0Q�H�XTY+�t�A��%!-�Z�>��g�k�ּY��3E�x��ؙRY�W��%MA�p~R!P�z%j��+��"�{j[��fȍ~�V6�ۜ�a)��e�\H��҃�Q�o��Xc��A��\C��u��.k��3�T�Z��{e��^�l�c��%D\��4�A��iRO��J":��PW?�.@4{:�NJ�FB��E&䟋$��,�$c>Fy ��P��.p/ �j��t�G�!`q��Ƃ��trʸ�˟�ZI�`y��,��y��.�VĆX� )_�\[q�,�K֌�h,,DB�2�� -�Kd}gEt�ϳ��q'�x��V3�l��*��-b_5��f2�LJL��"�?��@��<��>�x�Xd1��L�ʌ�4��2D�E��p��g툱��&<z��⅗�un��:T��0��*i��մ��iC&��T��gć,��)�ȅ��\��j�T #�&]��imMY|��r7w[cl(��Z�(�泟�jQZ��6��r0��Gz�.��ZTK�=�&J��'�\H�b�J=�N]ϛ��s &p�\��_�8޷��ՀK�Zv�é��p��{ l9�r��$_� {˗� v+�̠�`KS��0�Io-mS�b�9�/�b��ȣ�,eI��&�4iȆp��Lx?E�;w�o{� F{�4To�".�M�ȟ�A��9n�iB�4��!�T��u�� |�.��h��Jv`L|v�S�u��D�vM9��N�` k�N�^U�C/��9|l�A��F@ ,��uJ��KR�*��l��k��C�$�G8�[�sV��]�˘�� ۻy�<�0�{��\�|>K�+��Ol|3��`�}g�$�ܐ�H�Ƽ�)�*�`&�R6J��}>��8��KyE�vu ��-�s+�6i�ܸ��ڹ<~��T�J�/�Y��R}��II'�NH^�?a�K�0�x��'��ȿ��԰��߆KY�r&��A��.O�/��8]�v�=�S�T[�1v>~� DG°��AYh�Wf��u��!��-O�5�C@��-�^�i<h��ѾV��A��t�S��.��h��>"��`-�&��ՐW��r��E��vC�2z��61�v�@Z��f]Ѝ��SȒ�� "��}Q�m�K��Fk�&֤�Ν��H=yœ!�_��V�E2d� ��L��Tx�Qq�YǸ�#�+Sg(��Rە'�s�c�Kz��m̠��W��l�� :�9��4�a> E� ?�F�� <G��?��:"�� ?��d��m��%ۦ��i�c~�A�SR)k��gF�͛��͏u�; X�dm&�Ş��;�J�s��;~�ő�� ϟ�gG~�_�ӔBnr��5ۿ?��Mo)��Ӷ��D��M��{�S��(�!��>7&�_vr�2��+j��o"r��[��u��n�8��=�"?Ѽ��y�%��Nǖ_��z0� RFX8RF��s"wއ{cp��Ҫ}� �`w"j��U�Kʫ2�t�v*��K�-��n6G��g��uNC�R+4�fD��k��o��Jh+�.>EV��WqGW�[`�% ��9�*Kv�Q��_?W�&<�jFa��\&!��y��'��1�a��#%5O�K��{��r� QxS�~H�#/f�p��o�� (CI��ϵ��vf��qx�Pܲ��>9©:��Z�Tؓ�y�W��n�C��:��J �DeD�ۋ'�5��։b��+��[X��q�|�9� �.�R��c�1��;�PCʎu&��xA5~I�$��[��Ӗ�IK�S��-��蚕�T�G�"AN��5��䓑6qh��v�&T�`��8��ݠ�Z��G��Ń��D��%<r~��ۯd�{4K�_�Z� Z/.Q�8��iO�@\�z�#.-��G�>�D�e��e��#3�c��h5W��*�P�F��7��K��X׫��jCR�2�ۮLHS�;kY�Gc ��4ce�X��n�!�m$Z�g=W�pi5�c�S��,ʍsd�� H�AҮo[Jn�@��&FՎ@�+��<��S,@ͦ��v_o�Ν�s��aN�6� x��^W��JOJ)f;�f�e~�km��l{��YK&��8��Fo��h18]]|6.\�!�>]\SD��lя&[�W�gĒ�G� ��on��J��_��ď��U�ݿ�P��Z��h ��C�[�$4ĎLX��G��(�U��fA܃q�N�vMͥ��4zTe)�(U �� yc��x+� �]7�)3�/SJe�JGc즯��5.��טvB��:P#26c��V��_�z�C;%��g�!,�d��x�Q�:��_��A}��h��-�]�w��Z*��nj}��C�j��hx*HoH ̿h�X}��>��Jm$`�h��T�S�<;��Y�'��k�^�JL+�Rl�p/\�0PQ��k
TMethodImplementationIntercept

Sections

Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21.3MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo0
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 406KB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo7
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo1
Size: 24.1MB - Virtual size: 24.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Pathfinder_Week.exe
.exe windows x86

ead364a9564def7dbab3c2916879f461

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

CreateFontA

shell32

ShellExecuteA

version

GetFileVersionInfoA

ole32

CreateStreamOnHGlobal

msvcrt

isxdigit

comctl32

InitializeFlatSB

wininet

InternetGetConnectedState

comdlg32

PageSetupDlgW

winmm

timeGetTime

winspool.drv

SetPrinterW

d3d9

Direct3DCreate9

winhttp

WinHttpWriteData

wtsapi32

WTSSendMessageW

Exports

Exports

O7�&)��A� �q��J �Ҵa��@ɸ��G��Gbb6��{�Vnԝe�wJy^Z�قk꺥��J8�%�?o�� C�u�f[p-��1[{*�3.�)��񓳣 a౅�"�o��E��$��\�a��4�5;��SZ+}^'p0�Rc쀯ȭG�&U`��`5��p�h�B� ��z|6pr�]��d+/#M M��3+�tgPAK?��\� B�#i� u�� ށsx��q�� uE�X��l�lk)A��.��m;%�wҮ��$��_Y�!��J��S��d�4N��H��ǌyg�疉ҁ��tk�cm��.�ؔ<`VhF滲٩c��2�<��unh��)��]��5�w֦Ѣ��i��=�R��@x��b'�Þ)=8��|~4�,ԃJ�� kM�۵�p[/W��,ɚ�Hj�T,��G �bkg��X�;h��H7��n��d�<�80x`��o��>#�37-+G��q�EG:8Xp��/r��#Q-��׌li�i�"Q��'�QmA��D4��m��KkР��?�J|[N ,݊s�~)�=�s:�eZk�]�>��+�4�c��0�T>h]��q�;�_">7, �+��S�wF�ϻ-�i�[�C�{�E��"��m��_ǭ[f8$ˣax��Bh��T �w!SB|5.�2JP��=��-��\C��T��MZ��T��I@/a�F�Dm�Hh�pL�P�y�<h��&�%�{r��2�=[��ZfS��k��|=T�Š�H,�R��^� iKhV�� v�<��!R�=<�zƴ:��2�:67q��1��o�"� z��E��Tk r^��K��"�NG�o��^L�9�(} ��Rm@ 2 ��{�{�7��1u��m/�*��T��+�|��O߂3�7��v"�t&�;}D�ĪD��X@鑣�H��@W^��@�~%tܒ��g<�� Zb��g<�a��0TxH��W��"��i��/`�T�x(��;��懧�7͢�t��c�~�Z��m�[i��e;kǑ~aa�[�tG��4�B��V�Z� !z��D��$�3A��#�2��t?1��2�j \��a��;�`\�i�ª�3��:��^��A��.ƥ6^uw�� ީ@��rT#ĉJs�� PǿLQՋ�+M{d��i�Ϊ�<-�U�ǈi�|*�*U��M%�AϞ��l��%*��@eT��F`S{�K��r��<?>A;wg`��c<��4Xo �̀�6��3�sp)�d7N�UB��̔Ը�Еڽv�%=��e|.�~N��q��'�:#� ��"��2�v=<�J��5�Izמ2x��@7�7o�Ͷ�n�H��d�@T�-�#\��<��T�n��9z�v��锆'��@u3< 4sY�Wg=B��Q�� &�!�21�i^�' ��r��_l�(Y��Z,<l��K�[��t�yl��\)q;0؍O��i��h+&��j��i�]�� ̠�j��)��бT�/c��z��/pÍ�,fg��P/|a�I��=�b�� jn=P�m� (�v�o��fͯ�(�@��}��,0�J��'�̡p��(,��׎��\8UNOT�=&��0 ~��Z�g�f�^Aܼ�w�a��=�,��'�9��{NCʹ�9)�]�� *D��%��e��r�}/o��}�|߂9j��aVb`��c�y�qڅ��@�^�`VNl�yo'��E�肠E�/�&R��9d��=]"�Ur ��ڛ�R�w��f/��1��#�� {��G��X��-Y��K+Q��7�@�c. 5, �~(��%��fॶ�?CT�'��}�bgR�Rjٳ~�4Z��O�N�Ĥ=�|2H��qa��s�w��a��[І'�3ӰQ+�[cch#F�|d��*��՞�glK��wŕ�7�P�=��#�^��W�V�d�%$�]q��)Gj��uu{��=vc��S��S��?��.�-��a��)�XצbQ�l�9?Nh�+��0�nP�qR�=�2�>l��8y�W y��DS��`aޠ�+و��B��@��}�/ ߫��|��@��gc�̌Z� �GE�-~��Vj��q&��2c��%+�1v��OQi"��/r�`�`� ��4�vY��Me��k/��h��g�8�;D�j?��Y ��_��fyϒhz��2~�d G�)�d��y��'��w5@��.o5��a�Ρa�]�z�CCR�"3��r鹁%��G|J�u`Ÿ��),F��֔0�3LR^y_��b/8��R��Q�]�Zy�(nI� Ѐ��-z�<��M��&��e�N̋�A�K��T��I��m�� |>+�?��V�͐Uo�S~@ʞ�� f�u� �0�D�v��bk٬w%�F0��[C�0t=�U�C��Ŀ�H/x��?A@��{B��b�-�?��^K7e,�=Hr?�~��YRl�~0ڧ�� :�� ô��[q)��N)T��$�Aw��ȭ{��@J �5�� k�,mI��P��-B.teT��kD��7vK.�֛��x� �Fl�TXkCŤO ��đ1t��f��i�`,��|!Ց��=�!xur�{�+r��n��K�2w�-k��.�jE~��U,��_��t�s7��|�$Z:�J��?��u��ⷚB;�|�aO"��m#��P��ed��qAA�hf�ʧ�]�˯�B��DS|�YI�v 2\�E⌤��/��LL��f{��4�kڔ�*��&�}0��Ga+��5m��!�@{��t(�r��Jvg�$uYcXW2c ��v��eFi.��N3
TMethodImplementationIntercept

Sections

Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21.3MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo0
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 406KB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo7
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo1
Size: 24.1MB - Virtual size: 24.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/adb.exe
.exe windows x86

caa032ebd77577ef7b19d90ec9abfca3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject

kernel32

CloseHandle
CreateEventA
CreateFileA
CreatePipe
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ResetEvent
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_access
_chmod
_getcwd
_getpid
_read
_stat
_strdup
_stricmp
_umask
_unlink
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthread
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_findclose
_findfirst
_findnext
_fullpath
_getch
_iob
_isctype
_mkdir
_onexit
_pctype
_setmode
_stricmp
_strnicmp
_vsnprintf
_wfopen
abort
atexit
atoi
calloc
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
localeconv
localtime
malloc
memchr
memcpy
memmove
memset
perror
qsort
raise
realloc
setvbuf
signal
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strtol
strtoul
time
tolower
vfprintf
wcslen
wcsstr

shell32

SHGetFolderPathA

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

ws2_32

WSACleanup
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
htonl
htons
listen
recv
send
setsockopt
shutdown
socket

adbpath64

AdbCloseHandle
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetEndpointInformation
AdbGetInterfaceName
AdbGetSerialNumber
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbReadEndpointSync
AdbWriteEndpointSync

Sections

.text
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-checktime-l1-0-86.dll
.dll windows x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:15:22:4c:06:66:ab:4f:6c:6a:20:27:bf:ba:50:bb:53:0a:b5:14:91:ba:c3:f2:9c:19:69:67:c8:b1:a0:e5
Signer

Actual PE Digest

d0:15:22:4c:06:66:ab:4f:6c:6a:20:27:bf:ba:50:bb:53:0a:b5:14:91:ba:c3:f2:9c:19:69:67:c8:b1:a0:e5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:59
Valid: false

1b:fa:73:61:47:d7:d3:b3:49:2c:98:7f:b0:99:c8:a0:2f:ac:5f:ad
Signer

Actual PE Digest

1b:fa:73:61:47:d7:d3:b3:49:2c:98:7f:b0:99:c8:a0:2f:ac:5f:ad

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

29/03/2016, 16:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW

Sections

.text
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-digilocked-l1-1-0.dll
.dll windows x86

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:fe:ce:9e:42:e6:90:6b:8a:22:cd:ab:77:fa:f1:85:39:c3:41:36:9b:02:df:a2:02:a3:11:af:ac:0d:1c:5a
Signer

Actual PE Digest

be:fe:ce:9e:42:e6:90:6b:8a:22:cd:ab:77:fa:f1:85:39:c3:41:36:9b:02:df:a2:02:a3:11:af:ac:0d:1c:5a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:59
Valid: false

9e:bf:d2:0a:6e:da:ca:56:02:bb:dd:17:9b:b0:0b:8e:d0:29:59:40
Signer

Actual PE Digest

9e:bf:d2:0a:6e:da:ca:56:02:bb:dd:17:9b:b0:0b:8e:d0:29:59:40

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

29/03/2016, 16:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

InitializeSListHead
InterlockedCompareExchange
InterlockedCompareExchange64
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedFlushSList
InterlockedIncrement
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-errorhandler-l1-1-0.dll
.dll windows x86

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:aa:e1:5b:73:86:88:10:a4:c9:fc:99:d2:f4:1a:3c:29:4a:72:df:05:cc:3b:4d:4e:64:42:48:46:d5:26:7a
Signer

Actual PE Digest

72:aa:e1:5b:73:86:88:10:a4:c9:fc:99:d2:f4:1a:3c:29:4a:72:df:05:cc:3b:4d:4e:64:42:48:46:d5:26:7a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:59
Valid: false

83:8f:c8:68:65:3a:5a:c2:14:50:c1:96:9d:a7:b2:7e:52:f6:e7:03
Signer

Actual PE Digest

83:8f:c8:68:65:3a:5a:c2:14:50:c1:96:9d:a7:b2:7e:52:f6:e7:03

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

29/03/2016, 16:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetErrorMode
GetLastError
RaiseException
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Sections

.text
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-processcores-l1-1-0.dll
.dll windows x86

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:b8:5e:e6:93:07:19:c4:01:5f:6b:c0:2c:60:a5:d2:1d:6a:af:46:b4:a9:ef:83:f1:18:7b:fc:e6:af:31:33
Signer

Actual PE Digest

e0:b8:5e:e6:93:07:19:c4:01:5f:6b:c0:2c:60:a5:d2:1d:6a:af:46:b4:a9:ef:83:f1:18:7b:fc:e6:af:31:33

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:59
Valid: false

2d:78:55:8b:8d:86:66:10:fd:1d:39:0a:77:4d:43:f2:d2:3b:d9:6f
Signer

Actual PE Digest

2d:78:55:8b:8d:86:66:10:fd:1d:39:0a:77:4d:43:f2:d2:3b:d9:6f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

29/03/2016, 16:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CreateProcessA
CreateProcessAsUserW
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateThread
DeleteProcThreadAttributeList
ExitProcess
ExitThread
FlushProcessWriteBuffers
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetPriorityClass
GetProcessId
GetProcessIdOfThread
GetProcessTimes
GetProcessVersion
GetStartupInfoW
GetThreadId
GetThreadPriority
GetThreadPriorityBoost
InitializeProcThreadAttributeList
OpenProcessToken
OpenThread
OpenThreadToken
ProcessIdToSessionId
QueryProcessAffinityUpdateMode
QueueUserAPC
ResumeThread
SetPriorityClass
SetProcessAffinityUpdateMode
SetProcessShutdownParameters
SetThreadPriority
SetThreadPriorityBoost
SetThreadStackGuarantee
SetThreadToken
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UpdateProcThreadAttribute

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-sync-l1-2-0.dll
.dll windows x86

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:fa:68:0e:b2:c9:74:a9:2e:5a:96:16:23:09:81:97:39:f7:a6:93:05:46:18:fb:e9:ff:d2:0b:2d:bb:46:48
Signer

Actual PE Digest

d8:fa:68:0e:b2:c9:74:a9:2e:5a:96:16:23:09:81:97:39:f7:a6:93:05:46:18:fb:e9:ff:d2:0b:2d:bb:46:48

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:59
Valid: false

17:0b:de:6e:a4:b7:5c:e6:ea:8b:f2:4c:73:3c:48:82:3b:6f:be:44
Signer

Actual PE Digest

17:0b:de:6e:a4:b7:5c:e6:ea:8b:f2:4c:73:3c:48:82:3b:6f:be:44

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

29/03/2016, 16:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DeleteSynchronizationBarrier
EnterSynchronizationBarrier
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeSynchronizationBarrier
SignalObjectAndWait
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
WaitOnAddress
WakeAllConditionVariable
WakeByAddressAll
WakeByAddressSingle
WakeConditionVariable

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/cjzc_patch2.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/cjzc_patch4.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/english.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 584KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/helper.exe
.exe windows x86

a2af670719a0f32546f25d33e9c436f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

CreateFontA

shell32

ShellExecuteA

version

GetFileVersionInfoA

path2.0

?IsValidCursorPosition@@YAHHH@Z

ole32

CoInitializeSecurity

wtsapi32

WTSSendMessageW

Exports

Exports

�r��?�d'/�S$Ȥ��gZ2A�Wg�t�DӤ�?c�,~b�W��-��r�t�_�e�?c`A�9��q�EB��o��Z��0�@�a�is&�/��]"|�-`@�bq��*�b1�қ��i�<�5T< #P��@+8��q�,?��3��a��֐��l^��*�oy��q�*F�l;>�ς�%z��:-&-��ϕ�ܫQT��l��(*q�3Kʕ+��:��~�L��<~I^��jQ�-ߣ�{�1��sґ��H��z�.Ÿ9k�5O�u��Zڂs�)��*��䥫�Uc��y�G/D�a��`�&��0�Tc[�)�~��Nr��l��g)�(��pB �3�� }qo�3��e`A��n2c��T��(�"��v�: K��͡5;��&�0)�` �̆+|h�?e�jv�� X�c*��h'z`#٣��d��?)UtELy��ةπt��J��z�]A7@F�`��q�O�%�p�,�A��u�ӏӝ�?�v�i�٬��N�紡�W%q��T��FPM��گ�\�d��NVV�/��$V/4X�D��,#ԩ�l��y*�h/�c�,@�-�1Vޠ�k��'�O�p�[�7�d!nV�؏��4,��(��zh�ޓ��e*m<e��H��bvӽ`8 �,�'n$�s�p��K��5U�/�/�b�,��a�_�~�I��U��H�וg{o��Z�$�2��-�IJ�焥�2,�c�^IXs[�`r8y�LӐIW��|��9�MM6��7�BF�}k��stw�G ��QR�~��ud|zB�Rh�� L@$��f�� w�^�� g(��զ��U.�� T��]�Ȁ��Bآ�|��l!>��@�"��Nq��! � �C�4U��g.�h^��%�� y��<n��"ϕ��i�3*��9��ۦ�P��((��]�>Y��ע�]��M9 5�z�w�8��i��}Nû�|:v��2�ڊ�ęƊ��k��ͷ��ƎӔ��/~9�_\O0� L�J2uz��d��y��b�U�KQf�ӟ- ��.��%KK� ��M��r4�gkL9m�7r]��*��K�*9u�*փ��P�෮��I�:乣�k�#��f(�(>?��X��1�j55Ƹ��dA�@�]pjVl�,ese��0��F��K$?��.��y�@�^W�6L��C��Jfl��Ȏ텁R�_�~�2�� }� ��!�޾��e�\ �[(�z��!cXk#��`�Y�6�E��\2��&chbó��%}��@�r#7䴬��h��ݕ�M([��YcP�Ŏ&�8g�l-}L&A��pɏ��f�}�}�5�OX�X�h3=��2}��Rj�ӷ�+��o��)�W��:)��=��V{^�=��8�� l_!7�}2yc�q��}�e:��]��^��vs�?+ �)��>�$b��L�=u�O��=��u{kf`w�Ym�.�ۂ �w_��R�d��>l��d<G|{�o��<5��dv�;��y��ܝ��`bFR�hʶ%7�o��\�٘��^�|{�ӹ�ɚ�)��b�5�*��ԕT�z(�1*H2'4��R��I�ΠbΜ��_瓟aW=g~ ��=�<E��8c�>�OT�I��<�:��M��'G�ɉ�̦�K�:J��x\�.�N` �|�h0��%F�͊� ��u[�ugu�M\V�4Ñp{�u? W4'o�X�1��U��N* �~JhA�jt{b:�K�K�(.'��]~�_��ZM��c`T&� a�A�kk�>��ɲ��]� ��:�� ]g�n1_��^�V1�M J �tU��Q�%.5�"��&��'��԰��E�ܿ�ց��7�ݥB�$�4��tXރIHT�sc�/p\��M��$��3��S�_z��B��{_��My��N��g|j>o��&̟��EXˮ�懯��Qԟ�AAt1s��,5�[��'��Ģ;��i��ڟ{��j��Xj��?��NGɬ[��D��Y��l�n gXcS�F�҈��J�t��p��N�Z{O=��/ڢ�o�f��X�ϻ\,q�^�`��a�")R�͟�z�3��W]��q�β%X��} ��w��:�Q�10wM��T>�T �$��7�^` c��ʉ�u�z7٫r�E�5�f�-�ꈪ�� ȸ��"��?�1�7��u�;��e<��"��/uYzH�$�4D�J��&��j�F��i��;?sT0��"9�qo)�/ҡ�˾��UD�Մ7��d�@Z��:G��q��kz�OL� ��t+J� ��H��%��d��Ƙ��8�)e&��}�h��Ö"ɱZ ��d��K�x��]�Յ�_1&�4� 7aF�Q�-�!%y��d65��[f�NԷq�f��o�� T#IdZ�}��_�Y/�v��V��"��`��ڄr�D��5N�Ѫ�T�(V�n��Z��/ ��On6-��k�>K0�F�_��(��]AM��׎`#Au;��R��>��L%��4�J�l�򷘌��X<2�r��7��4��*�� ]��Ҵ�[w��l$f@�K��"iw`��r8|f��K�z�ZF�W��#<��a��:|yw1o��`%6�4r��N�f-��@�*�7L~��9�m�aot.�U&y�G��c2�Yv)E+�UX��e�B��Ũ�c��P��6�xr��r�s��xk^b��1 8��#�B��I�-�f��.ޭ�� q�D"�.��r�}(lh�pc��z�M�48�_��&"�2�*ʦ��g��>uH ��

Sections

Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 25KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo0
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 217KB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo7
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path.dll
.dll .ps1 windows x86
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path2.0.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?AllocDup@@YGPA_WPA_W@Z
?BreakOut@@YAXH@Z
?CallocMem@@YGPAXII@Z
?ClearEditLine@@YGXPA_W@Z
?CloseBatchFile@@YAXXZ
?CloseDirSearchHandles@@YAXHPAUFILESEARCH@@@Z
?CompressNTFS@@YAHPA_WH@Z
?ConsoleBreakHandler@@YGHK@Z
?ConsoleScreenBuffer@@YAPAXPAX@Z
?CutEgets@@YAXXZ
?DateTimeDlgProc@@YGHPAUHWND__@@IIJ@Z
?DefaultINI@@YAXPA_W@Z
?DefineStrings@@YGXXZ
?DeleteFromHistory@@YGXPA_W@Z
?DirHistoryStart@@YGPA_WXZ
?DisableInternalCommand@@YAHPA_W@Z
?DisplayPluginNames@@YGHPA_W@Z
?DoRunUpdater@@YGXPA_W@Z
?EnableWow64FsRedirection@@YGXH@Z
?Executables@@3PAPA_WA
?ExitBatchFile@@YAHXZ
?ExpandFunctionsInFileName@@YGHPA_W0@Z
?FFindDlgProc@@YGHPAUHWND__@@IIJ@Z
?GetClipboardLines@@YGHXZ
?GetFilesAndFoldersDialog@@YAHPAUHWND__@@PA_W111I@Z
?GetListSize@@YGHPA_W@Z
?GetProcessNameFromPID@@YGHKPA_W@Z
?GetRange@@YAHPA_WPAURANGES@@H@Z
?GetSearchAttributes@@YAPA_WPA_WPAUFILESEARCH@@@Z
?GetSwitches@@YAHPA_W0PAJHPAUFILESEARCH@@@Z
?HistoryStart@@YGPA_WXZ
?HtmlDecode@@YAPA_WPA_W0@Z
?HtmlEncode@@YAPA_WPA_W0@Z
?IDE_Cmd@@YGHPA_W@Z
?IniClear@@YAXPAUINIFILE@@@Z
?IniLine@@YAHPA_WPAUINIFILE@@HHPAPA_W@Z
?IniParse@@YAHPA_WPAUINIFILE@@I@Z
?IniReset@@YAHPA_WPAUINIFILE@@PAPA_W@Z
?InitListArray@@YAXH@Z
?InitializeGlobalVariables@@YGXXZ
?InitializeIniFile@@YAXXZ
?IsDirectory@@YGHPA_W@Z
?IsValidCursorPosition@@YAHHH@Z
?LCS@@YAPA_WPA_W0@Z
?ListSaveFile@@YAXXZ
?LoadWindowsFunctions@@YGXXZ
?Mklink_Cmd@@YGHPA_W@Z
?MonthCalDlgProc@@YGHPAUHWND__@@IIJ@Z
?MoveExecutionPointer@@YAHH@Z
?NTInternalHelp@@YAHPA_W@Z
?NthArgumentEx@@YGPA_WPA_WH0PAPA_WH@Z
?OpenBatchFile@@YAHXZ
?PluginHelp@@YGHPA_W@Z
?PluginUsage@@YGHPA_W0@Z
?ProcessINI@@YAHPA_W@Z
?QueryCountryInfo@@YAXXZ
?QueryDirectoryTree@@YGHPA_WH@Z
?QueryDiskInfo@@YAHPA_WPAUQDISKINFO@@H@Z
?QueryEnvironmentVariable@@YGHPA_W@Z
?QueryInternalCommandFlags@@YAHPA_W@Z
?QueryIsFileUTF8@@YGHPAX@Z
?QueryIsPipeHandle@@YAHPAX@Z
?QueryIsStreamUTF8@@YGHPAU_iobuf@@@Z
?QueryIsSymbolicLink@@YGHPA_WH@Z
?QueryNTFSInfo@@YAEHPAUQDISKINFO@@@Z
?QueryOSVersion@@YAXPAU_OSVERSIONINFOEXW@@@Z
?QueryPIDCommandLine@@YAHHPA_W@Z
?QueryParentWindow@@YAPAUHWND__@@XZ
?QueryPluginPathname@@YGPA_WPA_W@Z
?QueryPluginVersion@@YGHPA_W0@Z
?QueryUTCTime@@YGPA_WPA_WH@Z
?QueryViewWindow@@YAPAUHWND__@@XZ
?QueryVirtualMemSize@@YGKPAX@Z
?RecorderDlgProc@@YGHPAUHWND__@@IIJ@Z
?RegexReplace@@YAHPA_W00@Z
?RegisterApplicationRestartStub@@YAJPB_WK@Z
?ResetEGets@@YAXHH@Z
?RestoreFromTray@@YAXXZ
?RestoreVDMDirectory@@YAXXZ
?SaveBatchArguments@@YAPA_WPA_W@Z
?SaveIniData@@YAXXZ
?SendDialogWindow@@YAXPAUHWND__@@@Z
?SetDriveString@@YAXPA_W@Z
?SetInternalCommandFlags@@YAHPA_WH@Z
?SetMousePositionFromTCMD@@YGXHH@Z
?SetOSVersion@@YAXXZ
?ShowPrompt@@YAXPA_W@Z
?ShutdownCommandProcessor@@YAXXZ
?Similar@@YAHPA_W0@Z
?SkipWhiteSpace@@YAPA_WPA_W@Z
?StripLeadingCharacters@@YAXPA_W0@Z
?StripQuotes@@YAXPA_W@Z
?StripTrailingCharacters@@YAXPA_W0@Z
?TabComplete@@YAHPA_W0H@Z
?TakeCommandIPC@@YAHPA_W0@Z
?TestCondition@@YAHPA_WH@Z
?TrimCharacters@@YAXPA_W0@Z
?URLDecode@@YAPA_WPA_W0@Z
?URLEncode@@YAPA_WPA_W0@Z
?UTF8ToUnicode@@YGXPADPA_WH@Z
?UnicodeToUTF8@@YGXPA_WPADH@Z
?UnregisterApplicationRestartStub@@YAJXZ
?UpdateEnvironment@@YAXXZ
?UpdaterOptions@@YGHPAUHWND__@@@Z
?UsageStr@@YAHPA_W0@Z
?VBeep_Cmd@@YGHPA_W@Z
?View_Cmd@@YGHPA_W@Z
?VirtualAllocMem@@YGPAXPAI@Z
?VirtualFreeMem@@YGXPAX@Z
?VirtualReallocMem@@YGPAXPAXK@Z
?WrongOS@@YAXXZ
?__Unset@@YAHPA_W0@Z
?_ctoupper@@YAHH@Z
?_is_signed_digit@@YAHH@Z
?_isdigit@@YAH_W@Z
?_isxdigit@@YAH_W@Z
?aColors@@3PAUANSI_COLORS@@A
?aGlobals@@3UGLOBAL_VARIABLES@@A
?aIniFile@@3UINIFILE@@A
?find_file@@YAPA_WHPA_WKPAUFILESEARCH@@0@Z
?scan@@YAPA_WPA_W00@Z
?strend@@YAPA_WPA_W@Z
?wPopSelect@@YAPA_WPAUHWND__@@PAH111PAPA_WHHPA_W33H3@Z
?wcmemset@@YAXPA_W_WH@Z
ASCIIToUnicode
Activate_Cmd
AddCommas
AddQuotes
AddToHistory
AddVariableToList
AddWildcardIfDirectory
Alias_Cmd
AllocMem
AnsiString
AsciiToDouble
Assoc_Cmd
Attrib_Cmd
BDebugger_Cmd
Battext_Cmd
Beep_Cmd
BreakHandler
Break_Cmd
CPUUsage
CallHtmlHelp
Call_Cmd
Cancel_Cmd
Case_Cmd
Cd_Cmd
Cdd_Cmd
CenterWindow
ChangeDirectory
ChangeIcon
Chcp_Cmd
Cls_Cmd
Cmds_Cmd
ColorPrintf
Color_Cmd
Command
CompareFiles
CompareStrings
CopyDescriptions
CopyFilename
CopyFromClipboard
CopyTextToClipboard
CopyToClipboard
Copy_Cmd
CrLf
CreateLink
Date_Cmd
Del_Cmd
Delay_Cmd
Describe_Cmd
DestroyFolder
DirHistory_Cmd
Dir_Cmd
Dirs_Cmd
DoPropertySheet
Do_Cmd
DrawHline_Cmd
DrawVline_Cmd
Drawbox_Cmd
EatKeystrokes
EchoErr_Cmd
Echo_Cmd
EchosErr_Cmd
Echos_Cmd
EjectMedia_Cmd
EnableSignals
EndOfList
Endlocal_Cmd
ErrorMsgBox
EscapeLine
Eset_Cmd
Evaluate
Except_Cmd
Exit_Cmd
ExpandAliases
ExpandVariables
ExtensionPart
External
ExtractFileSummary
Ffind_Cmd
FilenamePart
FindProcess
FindWindowFromPID
FmtMsgBox
For_Cmd
ForceForegroundWindow
FormatDate
FreeMem
Free_Cmd
Ftype_Cmd
FuzzyFindWindow
GetAbsCursorPosition
GetAbsScrRows
GetAlias
GetAttribute
GetClipboardLine
GetColors
GetCursorPosition
GetCursorRange
GetDriveTypeEx
GetExeType
GetFileDialog
GetFileLine
GetFileSize64
GetFolderDialog
GetFolderSize
GetFuzzyDir
GetKeystroke
GetLine
GetLongName
GetMousePosition
GetParentPID
GetParentProcessName
GetRandom
GetRowOffset
GetScrCols
GetScrRows
GetServerNames
GetShareNames
GetShortName
GetTempDirectory
GetToken
GetVariableList
GetWOW64
Global_Cmd
Gosub_Cmd
GotoURL
Goto_Cmd
Help_Cmd
History_Cmd
HoldSignals
If_Cmd
Iff_Cmd
InitPopupFont
InitializeDLL
Inkey_Cmd
Input_Cmd
InsertPathInFilename
IntToAscii
Keybd_Cmd
Keys_Cmd
Keystack_Cmd
LastArgument
List_Cmd
LoadAllPlugins
LoadMedia_Cmd
LoadOnePlugin
Log_Cmd
MakeDirectoryName
MakeFolder
MakeFullName
MakeVLFN
MakeWildcardName
Md_Cmd
Memory_Cmd
Mklnk_Cmd
MouseCursorOff
MouseCursorOn
Msgbox_Cmd
Mv_Cmd
MyFindExecutable
NextArgument
NextHistoryEntry
NextListEntry
NthArgument
OffOn
On_Cmd
Option_Cmd
PDir_Cmd
ParseColors
PathLength
PathPart
Path_Cmd
PauseKeys
Pause_Cmd
Plugin_Cmd
Popd_Cmd
PreviousHistoryEntry
Printf
Priority_Cmd
PromptAliases
Prompt_Cmd
Pushd_Cmd
QPutc
QPuts
Qprintf
QueryCodePage
QueryCurrentDate
QueryCurrentDirectory
QueryCurrentDrive
QueryCurrentTime
QueryDiskLabel
QueryDriveExists
QueryDriveReady
QueryDriveRemote
QueryDriveRemovable
QueryFileOwner
QueryFileSize
QueryFileStreams
QueryIFSType
QueryInputChar
QueryIsANSI
QueryIsAdministrator
QueryIsCDROM
QueryIsCON
QueryIsConsole
QueryIsDelimiter
QueryIsDevice
QueryIsDirectory
QueryIsFile
QueryIsFileOrDirectory
QueryIsFileUnicode
QueryIsGUI
QueryIsJunction
QueryIsLFN
QueryIsNetworkDrive
QueryIsNumeric
QueryIsPluginCommand
QueryIsPluginFeature
QueryIsStreamUnicode
QueryIsTCMD
QueryIsTTY
QueryIsURL
QueryIsVMWare
QueryIsVirtualPC
QueryIsWhiteSpace
QueryKeyWaiting
QueryMemSize
QueryMouseClickWaiting
QueryOptionValue
QueryPluginInfo
QuerySeekSize
QueryTrueName
QueryUnicodeOutput
QueryVolumeInfo
Querybox_Cmd
QuitSendKeys
Quit_Cmd
Rd_Cmd
ReadCellStr
ReadDescriptions
ReallocMem
Reboot_Cmd
RegularExpression
Remark_Cmd
Ren_Cmd
ResolveLink
Ret_Cmd
RewindFile
RunKeystrokePlugin
RunPlugin
RunStartupFiles
SaveDirectory
Scr_Cmd
Scroll
Scrput_Cmd
SearchPaths
SelectFolder
Select_Cmd
SendKeys
SetAbsCursorPosition
SetCodePage
SetColors
SetCursorPosition
SetCursorSize
SetEVariable
SetError_Cmd
SetINIDirective
SetLineColor
SetMousePosition
SetSessionTitle
SetTransparency
Set_Cmd
Setdos_Cmd
Setlocal_Cmd
Shift_Cmd
Shralias_Cmd
Sprintf
Sscanf
Start_Cmd
StripEnclosingQuotes
Switch_Cmd
SysBeep
SysWait
TCFilter_Cmd
TCToolbar_Cmd
Tee_Cmd
Time_Cmd
Timer_Cmd
Title_Cmd
Touch_Cmd
Tree_Cmd
Truename_Cmd
Type_Cmd
Unalias_Cmd
UnicodeToASCII
UniqueFileName
UnloadAllPlugins
UnloadOnePlugin
Unset_Cmd
UpdateTitleAndIcon
VScrput_Cmd
Ver_Cmd
Verify_Cmd
Volume_Cmd
Which_Cmd
WildcardComparison
WindowToClipboard
Window_Cmd
WriteCellStr
WriteChrAtt
WriteDescriptions
WritePrivateProfileInt
WriteStrAtt
WriteTTY
WriteVStrAtt
Y_Cmd
_HashFile
_stristr
egets
error
honk
strins
strlast
tty_yield
wwriteXP

Sections

Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 425KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/Hack.vmp.exe
.exe windows x86

50ac62d30edd8ef1473886d0d2d00975

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetClassNameW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptDestroyKey

shell32

ShellExecuteA

ole32

StringFromGUID2

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

dbghelp

SymCleanup

urlmon

URLDownloadToFileA

wininet

InternetCheckConnectionW

wtsapi32

WTSQueryUserToken
WTSSendMessageW

rpcrt4

RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

strstr

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_initterm

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-stdio-l1-1-0

fgets

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-math-l1-1-0

round

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_time64

normaliz

IdnToAscii

wldap32

ord45

crypt32

CertOpenStore

ws2_32

recvfrom

api-ms-win-crt-string-l1-1-0

_strdup

Exports

Exports

GetDownloadProgress
GetDownloadProgressEx
GetImportState
GetSymbolState
GetVersionA
GetVersionW
InjectA
InjectW
InterruptDownload
InterruptDownloadEx
InterruptInjection
InterruptInjectionEx
RestoreInjectionFunctions
SetRawPrintCallback
StartDownload
ValidateInjectionFunctions
g_LibraryState

Sections

PD/rQ`UX
Size: - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

"6#S#[_5
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

w]4<'b%)
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bX@I9b!Y
Size: - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

"W8r$4.m
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wrwxC1s4
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

`:gcLhPx
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

)nF0-Z2/
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/OldHack.vmp.exe
.exe windows x64

b9c3ebf614f5802a3dfc6b2eef8bff75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

getnameinfo

wldap32

ord32

crypt32

CryptStringToBinaryA

advapi32

RegCreateKeyExW

dwmapi

DwmExtendFrameIntoClientArea

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

ntdll

RtlVirtualUnwind

user32

GetClassNameA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

imm32

ImmSetCompositionWindow

bcrypt

BCryptGenRandom

urlmon

URLDownloadToFileA

userenv

UnloadUserProfile

rpcrt4

UuidToStringA

wtsapi32

WTSSendMessageW

Exports

Exports

�M֒��ԩ�q��$̇�6��$F�)�K��h��@��6��HezKq�&��~�ά/Jhl��cc*�a8�1 X��y?�AR>֐�g��/^~�/��878�zj��Z!<d��^OZ�2,��7|5��o"��,_��l琹�,�)Tٚo�Q�23-�"��m�x~ݼmcYg9��!QSG��Ҥ�[��!��~j0�*]4�^�w&��ʹ;>��z��ð�b��r��y1pq-*z�p��6"E�5��]��A�[2��ib��񞝁+��n덽7��ƀDN�>�uM7R��ނ��z2�JC��B�Χ��wsw{.��g�m��2!��MB�I1��mD��=E��Cm��qX<�쫋�'�Y �nx?~�ZB ��}?��Wax�x�a/1GK�l��}X9�OʡA7k�hm�SSן֧%��6N��a+)]�ݱ}�n��y�$�m$�� <A��k'R�yW�� =J�ho��GZxx�#'ٰ�T��e��3��vS��x��3�� 3�r��'g��n��w�w�� ~c��e��|�� (�ί�H$Y5+�?t�t�l �*k�y�/�>�'��*�}PrzJ�_�{�y!�Nn�Ѷ��"�[F��#�Cl_��O��%?F��l��$,z�孟��5B!�M7 礯��':�p;��B��8�q��T�XU�}v��1^�&4j��%��<U��YLP�~�zSe�<bנ �!gH��ϙ<J��L��O$�/_�a�* �X2��Q��~O��H+|v\�w��N�6�Нq+r-E��o��`b��skˆ��̍wL=,��b,g��]U��0O�k��#��j7��V��j��у3ē��x�9��X��qn��Q�h�0�E�Ss"�5�� IH�Eӛ�g��O��&��HV6j9��jcnn�/~�*��1�U bǝ�N6R�=s��Q�Gt&WRayA��*�tV�P<��xjQ]�ҭQ�͝�֜Y��s�o�ȣ�՛��~�1��_U��BP��#��[vK/;��F��zZBH{^�a�Z1/�Xq�x��j�C�,��3hH*�+�i{�aJ"��$�W�'�hL�w��X-��"��x�-ԭ��^t��6�1{/�`K(�1��@,��K��l�6f� �f��]O�L�M�&��Π��@d�4�5�c��=�k��_>��XtnJ��F��sx��n�[�Q�E+B虑ݼ�� l5�[ *�k��PM��_�d��O��F�5�nM*��z�� [�#N}%��I�}��kl*��E'��p@A�g��)�p�$��z�w��B4�0��q��ct��z�$��[��r�-j`:^^��1�>@��M�{;h��iG t�r�c f�r��kU��h�3��Y��PE��~Q��S+�ʉSq7��QM1�h͎��6�I�q|!��T��/��YO�Q��՝B��޶~��Σ�Z�89��=M��k^��r��sx�P֊��Z��5>kǓ)sƌ:1��%�ތ��э�O��o�w#� �R"�~�;Ku��M��J�T�IP2�P��m��!�c-UF��|E�+��ؠ��u0�0�`6�L=�U3�.�'��I�<�O��fs�2.c2V�IG��/;�M�~��\��OS%��Q�-rT�.�V�nT��Բץ�{+�j��1�\�';�|% ��7)d��O�~sfE�n��Wȩ��\��[�ڐ��Zim�U({-*��~p�޿|�hpJ��>�G��F 3��}�� $��.q[>��*d��nŃ��[_'��T�k]�"t�;��d��.�_�CL6�h��%�'��=��vYPz�<m��7��gA��'�� &C��0�y��4��w�8�.�M��Rm��x�&�M�-�# ��@G�=��5�k��²r�ș��9�|��γ'�J��$��}��%��^/��rl�5sPl��e��IsXyx#٦�� Xa�z ��d�Y{��'��ت�s�kG��I��`�!M!� ;��)�v��>��3��䝋?� ]��$��hn�eh�6��m�5��>N��=�k��_D��y�!f�[��T�c_�6@��_4�1tԧd�߲��V�ޣ��/݉C�/�!ڟWG�.I8v�\a9Q��T��C9�7\�(<��:�T '��!F[��Eq��lx-��<�3/��Ȳ�Y�Dd2�{��EsUi!@�E�� Q�>�~�r֬��{�m~3fi� �4��fx\��r�.��9ꁔ��qߧ�t7|��V�.��W��t��,~��*�pT�-< )��8�Lx��=zZ<|��s^Vj7>�o 2{��Bl��j��m�r��E��V3ۆ3Z��6r�t�{E��9үLw�s�X�i?'G\�޹��'l@!_�{)��P�sW·� �V�6ݘU�5� ��d�#o��Iv$��䇺ņ��?�o��Byl��N�#�c&@�L ��]冼:i��_�0)��pT]c�/��r��x�"sv�Y��F�;d�DS�LB�%`��YF?�/ܯd, ��S�)rR��:�˄��#�a/��kI�/"�W��Ճ�<�!u��(�|��C��/R�ζ&�KC��z��.yR�(d��ĚJ]��i�ۈ��ֵ4�2'.�5V��R_�V{g�J�>y;a��Et�؎��F��8\ ��N(&��of9�лFv��ei�I��0[|��\B�hI � ��9�;�ƹ-�ƾ

Sections

8IfWYwS#
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

pcAEUVu2
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

o%Hy9vqg
Size: - Virtual size: 23.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lq>aF?6s
Size: - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

8#E;'HSu
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

z=r_N_3"
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ne,`lfdG
Size: - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

=B^aoZ0l
Size: 23.1MB - Virtual size: 23.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rL5EW=#P
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/PF.dll
.dll windows x86

6167cd6075165f2aef4ccefc614081b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

freetype

FT_Done_Library

kernel32

CreateToolhelp32Snapshot
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CallWindowProcW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetCurrentObject

advapi32

GetLengthSid

shell32

ShellExecuteA

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

imm32

ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

rpcrt4

UuidToStringA

userenv

UnloadUserProfile

vcruntime140

memset

api-ms-win-crt-runtime-l1-1-0

abort

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-time-l1-1-0

_gmtime64

api-ms-win-crt-string-l1-1-0

strcspn

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-locale-l1-1-0

localeconv

normaliz

IdnToAscii

wldap32

ord32

crypt32

CertEnumCertificatesInStore

ws2_32

getpeername

wtsapi32

WTSSendMessageW

Exports

Exports

FW1CreateFactory
_FW1CreateFactory@8
s��,~N��*�0OҞӻ"*T��dU�Qe��ii��w�C��IN�G��eP7��A <��G�{�D�j~�g�4T��ݳ.��O%�RH�pC��Uы�.a=�� r�..f�5G��&O��ȉK��rL��2q��Y龜��,C�(`�؎�y�Q�� K��|�]�0uEC��h�A�\Z��rg�M��7�5� R� �S�P�A��&A�I�� cR�6��#,PU��N0`>݁C��h�])�5�xO�p;�ܜG}Gkކ��Ra��f�y��E�{�\hq��:|��nN�� E��C?�Z�5��]<I;�0!�Smq��?L�'�߿3߼��a��~�\�N�k%��<��J�&��?� �I��I��-��$Lf{ͭ�8�� ={��Ջ��]�ۉWU��Q{��2 1�$�V��{U�)�dk�z�4l�O��F��v ��\>` z�d�%��Ox]��,��,�7�-�+;�r*��S� [H1|L?wC��Y��,d'�Ü��V�� B/]��D�>��6��X��N�̥��s�g�;��m�� &��>��)�p_o�Օ��cJ�=��(Ҡ��5�#�i�4h��n٠��z!��+D�%}�)��` BYkt|��'��TJ㑓F�_ԭ�M��:��A�J6�P�r�� F�ib:��d��n?� �� #36��~֫�@{��:D`� ��f��DA��U��[C�B5|S��3�'e�>f�ͱe}}K�ֲ�Ο�߮k��?<4P�r��:,TF�� ֗��4ɦ��W��;Y �ƏՓ��H�S �: ,29�D#��^"�QFa��N��O$�N�M'��u��?`��)�zÈo�ѓ�(_�z�I�;��ۓ�N��@��6B|n�UY95��ҋ `�C�<n�:�"��*pFfnd�� A]r��z��1}+�Uj?��Ƨ1��e��p��Ԃ=��]� A뾚\_RB:_>�[RzR�._��H$8m�e�� mHi��p�+��]A�L��Xj�@��H��9�Mը��m�}}��pFӜכ�|��'��%��DP"�÷�teF��b�͓�AӚe#�UBl/݀��ѓD�j78�O��K+��4A i�l��eM < �:r�~�x#sm�o��^��^b��䗚v��b�2_��-�fC3΀щwqx��%��I��A�K}(�A>��4��2�b�] �T��f�>�d� �D^�$kA�G8��k��!ʞ�?FVq�p��pB�J�7p�<��C�Q4�=�ہ��;_��WC�?r�+��m��\�g��[B��'w�Dɻ��dI+&�F�`��Č+ɳҜS��y��U��b��x�M̱�sU�IvdL#C�0x3lb=Pa{��KYk<��'ɭ�鏤&�a�x6��޾$��5��V��8��5o�1n�.b�Y��v�ɜlsF߷w��ֵ��{��$�L��b��M�W��Lj�?m��܇�C��6��=��F�T��B<�71�{�(�13��q֞c�r��ъ��P�g��ȧY�g>�A��Y�"�J��*1g �!��MII�Af��f��w Dؾ��Un�t��GoC[�=��v��Ye�j#��V_<=��$�C��l��KsDs<��)�!Ƹ~�3��=g��E�}��ҍ��XÏ�o��°OG�D��.Ia�� Sէ�e��IY��^"�p/��Q�c�@��(2�O�n�J�aҳ��`F��0�<XN��j��Q��k�ūH�{�q3�t_6@�~��=�ܟ-��c��m2��?�\�4 �[S��)��t��o� VJhl��o%XR�bGˮ['p��%��B��=��k��l1牞�^��h��Bҭ|<�ߪN��Kn��O�� 9�3��)�:��W��Q'd�Qt�� ?��a��8�EE#��y��@�@��#�Qs(an��ُ?��qj��ƴ�e��D ��L�Ə��ɖ�� Vdџ�g�U�9��h$$��*��mzn6_�%�~�͌+os��A�v�̤%�3RlG��p��Y��n��M݁�yL��YX��]��9t`��$�K1�\��5 ��8Y�,.�?�_�� ~�n)��67Uq��h�(��}LMʫ"LW��s�Y߷�~g�p*.Q�I8�Hn�S��@��9�J��t��~G�%�0g�7�~�AQhA�0��lǻ:+ݜW��kY�~~NN�c?��ts��&t9�F�� C�ԩ��`�y6,�XE�YB2��C��2v�B�Yꐵī�aN��䋣i��m.��'p�f%��4�w�~5��1��.�eA�|��k��B�_c��Y�СuUoKr_�rKd�R�Ϳw��. C��P��쵭�ܷǎ�NN[��F�y" ��D��p��j6򖶥�:Tt!ad7.��fm2)75��B#��6j0��O5S/��lQ�� C��(dȋht�/��B��rR_��F�b��6��7 �8�� r,I�G\�jV��,��S��i��۸�2@SP��0�'��B�ƹ�~y��%[o؉��GQ�;�Fmox�\��7�ZGtc}�-�Y��b ({��}��%묫�,�4c��5}�e D5�H �W��[�y��|��ʐcc}��R��N�0�Vn_��G;\��n��H�q�� '��ܯ��n�Y��+�g|�Z��r��E�!�^�`��5�ۖ��k�ӂ"l?m��m�*5��m�/��f��r �77v% ��qi��͘m%�sL}��6/�k��\�R�D0��.��

Sections

A]2[IBbK
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

l2NEjs'3
Size: - Virtual size: 242B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/+DEC0jo
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

MZ0W)xJ\
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kq"ZVINJ
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

@c\c*--k
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

$a30Hz.;
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

y&'hRTwo
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

dMOy\t1w
Size: 1024B - Virtual size: 961B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/StartHack.exe
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/StartOldHack.exe
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt1.exe
.exe windows x86

768d2a1c9fec6851632cce17641ec571

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcscmp
memmove
wcslen
wcscpy
wcscat
sprintf
malloc
free
_wstat
_wcsdup
strcmp
floor
ceil
wcsncmp
fabs
fseek
ftell
fread
memcpy
fclose
pow
??3@YAXPAX@Z
wcsncpy
_wcsicmp
tolower
calloc
_lseeki64
_errno
realloc
abort
_close
_wopen
_setmode
exit
_open_osfhandle
strchr
_strdup
_snprintf
setlocale
strrchr
strncmp
wctomb
_get_osfhandle
_open
toupper
wcschr
mbstowcs
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
RemoveDirectoryW
FindResourceW
LoadResource
SizeofResource
GetCommandLineW
GetTempFileNameW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateThread
TerminateThread
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessW
HeapFree
TerminateProcess
CreateFileW
GetFileSize
ReadFile
DeleteFileW
WriteFile
SetUnhandledExceptionFilter
Sleep
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
HeapReAlloc
TlsAlloc
MulDiv
SetFileAttributesW
MoveFileW
GetCurrentDirectoryW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
GetTempPathW
CreateDirectoryW
SetFilePointer
SetEndOfFile
TlsFree
TlsGetValue
TlsSetValue
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
VirtualAlloc
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
IsValidCodePage
GetACP
GetOEMCP
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

FindWindowW
GetWindowThreadProcessId
ShowWindow
SetWindowPos
SetForegroundWindow
LoadIconW
SendMessageW
IsWindow
GetWindowRect
ClientToScreen
GetSystemMetrics
MoveWindow
MessageBoxW
GetForegroundWindow
IsWindowVisible
GetWindowLongW
IsWindowEnabled
EnableWindow
EnumWindows
DestroyWindow
CreateWindowExW
SetWindowLongW
CallWindowProcW
RemovePropW
DefWindowProcW
GetPropW
GetParent
SetPropW
GetWindow
SetActiveWindow
DestroyIcon
LoadCursorW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
UnregisterClassW
SetTimer
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
GetAncestor
IsDialogMessageW
TranslateMessage
DispatchMessageW
IsZoomed
IsIconic
KillTimer
SetWindowTextW
DefFrameProcW
SetFocus
GetFocus
GetClientRect
FillRect
DestroyAcceleratorTable
SetRect
EnumChildWindows
PostMessageW
GetDC
ReleaseDC
GetKeyState
GetClassNameW
IsChild
RegisterWindowMessageW

gdi32

GetStockObject
DeleteObject
GetDeviceCaps
GetObjectW
CreateBitmap
CreateCompatibleDC
SelectObject
SetPixel
DeleteDC
CreateDIBSection
GetDIBits
BitBlt
GetObjectType
CreateDCW
CreateFontW

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

comctl32

InitCommonControlsEx

ole32

CoInitialize
RevokeDragDrop

shell32

ShellExecuteExW

winmm

timeBeginPeriod

shlwapi

PathQuoteSpacesW
PathRemoveExtensionW
PathAddBackslashW

Sections

.code
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22.6MB - Virtual size: 22.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt10.dll
.7z
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt7.exe
.exe windows x64

f326f88ca83c9aacaa44acfb8884f1d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetShortPathNameW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
GetWindowLongPtrW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

Sections

.code
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt7x.exe
.exe windows x64

f326f88ca83c9aacaa44acfb8884f1d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetShortPathNameW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
GetWindowLongPtrW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

Sections

.code
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt8.dll
.exe windows x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt8x.exe
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt9.exe
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/sqlite64.apx
Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/timer.exe
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c64cac39044626770353879245ea25e4

Code Sign

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0b:4b:a8:7a:a5:0c:b9:b1:99:5e:36:94:4b:f9:b3:cf:b5:ba:0b:02:61:7e:07:c2:80:1f:94:c8:92:f9:63:42Signer

Signature Validations

Verification

11/09/2020, 10:31 Valid: true

Chain 1

e7:3f:26:8f:5a:37:f3:81:9d:dd:0f:24:04:a3:03:5b:f1:84:d1:c2Signer

Signature Validations

Verification

11/09/2020, 10:29 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

setupapi

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 452KB

UPX1 Size: 1011KB - Virtual size: 1012KB

.rsrc Size: 366KB - Virtual size: 368KB

ead364a9564def7dbab3c2916879f461

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

shell32

version

ole32

msvcrt

comctl32

wininet

comdlg32

winmm

winspool.drv

d3d9

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0b:4b:a8:7a:a5:0c:b9:b1:99:5e:36:94:4b:f9:b3:cf:b5:ba:0b:02:61:7e:07:c2:80:1f:94:c8:92:f9:63:42
Signer

11/09/2020, 10:31
Valid: true

e7:3f:26:8f:5a:37:f3:81:9d:dd:0f:24:04:a3:03:5b:f1:84:d1:c2
Signer

11/09/2020, 10:29
Valid: false

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

UPX0
Size: - Virtual size: 452KB

UPX1
Size: 1011KB - Virtual size: 1012KB

.rsrc
Size: 366KB - Virtual size: 368KB

.denuvo0
Size: 185KB - Virtual size: 188KB

.data
Size: 2.7MB - Virtual size: 2.7MB

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.denuvo7
Size: - Virtual size: 3.7MB

.boot
Size: 2.3MB - Virtual size: 2.3MB

.denuvo1
Size: 24.1MB - Virtual size: 24.1MB

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 127KB - Virtual size: 127KB

.denuvo0
Size: 185KB - Virtual size: 188KB

.data
Size: 2.7MB - Virtual size: 2.7MB

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.denuvo7
Size: - Virtual size: 3.9MB