TGX_V3_-_v1[.]7[.]6[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

TGX_V3_-_v1.7.6.zip
Size

45.8MB
MD5

027ba79188fae0bbafdebf239241d319
SHA1

01d845191ba4f03fa07d7ced8a2ef09960208a56
SHA256

98eae1625fb336966e4dbca7c2779493c96d623a6c3f70701938abc88da1d95b
SHA512

af2b23f7399513b06b3d2fcca17e95c2b09524cb560f11bbe90bdcbe1a1bcbc22c286bf519096d1f11e20f6cc984720d049255d51ce117129fa6af20a66fad2f
SSDEEP

786432:MxrSwJ45nBinc2HAAL7cevxLjGGKvBlj9chNFHp4XYUU2OQKplJn94GwmnWTUQiS:MxrSwJ45nBs17vBclIZpgYFplJn91WTP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/TGX V3 - v1.7.6/ZeusInjector.exe	vmprotect
static1/unpack001/TGX V3 - v1.7.6/injector_evon.exe	vmprotect

Files

TGX_V3_-_v1.7.6.zip
.zip
TGX V3 - v1.7.6/Cake.Powershell.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/Cake.Powershell.xml
.xml .js
TGX V3 - v1.7.6/D.dll
.dll windows x86

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitNamedPipeW
GetCurrentProcessId
GetCurrentProcess
PeekNamedPipe
lstrlenW
MultiByteToWideChar
K32GetModuleFileNameExW
GetLastError
CloseHandle
WriteFile
ReadFile
lstrcpyW
CreateFileW
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
SetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
ExitProcess
GetModuleFileNameA
LCMapStringW
DecodePointer
GetStdHandle
GetFileType
GetACP
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetKeyValueW

Exports

Exports

Discord_Initialize
Discord_Respond
Discord_RunCallbacks
Discord_Shutdown
Discord_UpdatePresence

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/DiscordRPC.dll
.dll windows x86

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitNamedPipeW
GetCurrentProcessId
GetCurrentProcess
PeekNamedPipe
lstrlenW
MultiByteToWideChar
K32GetModuleFileNameExW
GetLastError
CloseHandle
WriteFile
ReadFile
lstrcpyW
CreateFileW
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
SetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
ExitProcess
GetModuleFileNameA
LCMapStringW
DecodePointer
GetStdHandle
GetFileType
GetACP
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetKeyValueW

Exports

Exports

Discord_Initialize
Discord_Respond
Discord_RunCallbacks
Discord_Shutdown
Discord_UpdatePresence

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/ElectronDLL.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 512KB - Virtual size: 997KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 426KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

eZE72a
Size: - Virtual size: 15.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/Evon.dll
.dll windows x86

753c76543bdeec9de611821e3bd35f73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
AllocConsole
AreFileApisANSI
CloseHandle
ConnectNamedPipe
CopyFileA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
CreateNamedPipeA
CreateRemoteThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DisableThreadLibraryCalls
DisconnectNamedPipe
EnterCriticalSection
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeConsole
FreeLibrary
GetConsoleMode
GetConsoleWindow
GetCurrentConsoleFontEx
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoEx
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
K32EnumProcessModules
K32GetModuleFileNameExA
K32GetModuleInformation
LeaveCriticalSection
LoadLibraryA
LocalFree
Module32FirstW
Module32NextW
MoveFileExA
MultiByteToWideChar
OpenProcess
PeekNamedPipe
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseSRWLockExclusive
ResetEvent
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentConsoleFontEx
SetEvent
SetFileInformationByHandle
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualAllocEx
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteProcessMemory
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext
GetCurrentHwProfileA

shell32

ShellExecuteA

user32

CallWindowProcA
ClientToScreen
CloseClipboard
CreateWindowExA
DefWindowProcA
DeleteMenu
DestroyWindow
EmptyClipboard
GetCapture
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetForegroundWindow
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
IsChild
LoadCursorA
MapVirtualKeyA
MessageBoxA
MonitorFromPoint
MonitorFromWindow
OpenClipboard
RegisterClassExA
RegisterClipboardFormatA
ReleaseCapture
ReleaseDC
ScreenToClient
SendInput
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetProcessDPIAware
SetWindowLongA
ShowWindow
TrackMouseEvent
UnregisterClassA
keybd_event
mouse_event

dbghelp

StackWalk
SymCleanup
SymFunctionTableAccess
SymGetLineFromAddr
SymGetModuleBase
SymGetSymFromAddr
SymInitialize
UnDecorateSymbolName

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntop
inet_pton
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0facet@locale@std@@IAE@I@Z
??0ios_base@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPBDH@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?fail@ios_base@std@@QBE_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?good@ios_base@std@@QBE_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
_Cnd_destroy_in_situ
_Cnd_do_broadcast_at_thread_exit
_Cnd_init_in_situ
_Cnd_signal
_Cnd_timedwait
_Cnd_wait
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
_Mtx_unlock
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_id
_Thrd_join
_Thrd_sleep
_Tolower
_Toupper
_Xtime_get_ticks

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmEnableBlurBehindWindow
DwmGetColorizationColor
DwmIsCompositionEnabled

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetNameStringA
CertOpenStore
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

wldap32

ord301
ord45
ord22
ord32
ord26
ord30
ord35
ord143
ord200
ord41
ord33
ord27
ord50
ord211
ord60
ord217
ord46
ord79

normaliz

IdnToAscii

vcruntime140

_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
_except_handler3
_except_handler4_common
_purecall
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr
strstr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_close
_fseeki64
_get_stream_buffer_pointers
_lseeki64
_open
_read
_wfopen
_write
fclose
feof
fflush
fgetc
fgetpos
fgets
fopen
fopen_s
fputc
fread
freopen_s
fseek
fsetpos
ftell
fwrite
puts
setvbuf
ungetc

api-ms-win-crt-runtime-l1-1-0

__sys_errlist
__sys_nerr
_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_execute_onexit_table
_getpid
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll
abort
exit
strerror
system
terminate

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat64
_lock_file
_stat64
_unlink
_unlock_file

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc
realloc

api-ms-win-crt-math-l1-1-0

_dsign
_dtest
_fdopen
acos
asin
atan
atan2
ceil
cos
cosh
exp
exp2
floor
fmod
frexp
ldexp
log
log10
log2
modf
pow
round
sin
sinh
sqrt
tan
tanh

api-ms-win-crt-time-l1-1-0

_gmtime64
_localtime64
_time64
strftime

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtod
strtol
strtoll
strtoul
strtoull
wcstombs

api-ms-win-crt-string-l1-1-0

_strdup
isalnum
isalpha
isspace
isupper
strcat
strcmp
strcspn
strlen
strncat
strncmp
strncpy
strnlen
strpbrk
strspn
tolower
toupper
wcslen

api-ms-win-crt-utility-l1-1-0

qsort
rand

Exports

Exports

ensure_injector
injector_call

Sections

.text
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 833KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: - Virtual size: 12B

Africa0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Africa1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Africa2
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/ICSharpCode.AvalonEdit.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/ICSharpCode.AvalonEdit.xml
.xml
TGX V3 - v1.7.6/Newtonsoft.Json.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 12:41

Not After

27/04/2028, 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25/10/2018, 00:00

Not After

29/10/2021, 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10
Signer

Actual PE Digest

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

17/03/2021, 20:03
Valid: true

Chain 1

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/Newtonsoft.Json.xml
.xml
TGX V3 - v1.7.6/Scripts/Aimbot 3.0.txt
.js
TGX V3 - v1.7.6/Scripts/Aimbot.txt
.js
TGX V3 - v1.7.6/Scripts/Alt+Print.txt
TGX V3 - v1.7.6/Scripts/Anti AFK.txt
TGX V3 - v1.7.6/Scripts/Arsenal Kill All.txt
TGX V3 - v1.7.6/Scripts/Arsenal.txt
TGX V3 - v1.7.6/Scripts/ArsenalHitboxExtender.txt
TGX V3 - v1.7.6/Scripts/BRM5 Tp.txt
TGX V3 - v1.7.6/Scripts/Bacon Hub.txt
TGX V3 - v1.7.6/Scripts/BloxBurg.txt
TGX V3 - v1.7.6/Scripts/BloxHunt.txt
TGX V3 - v1.7.6/Scripts/Boys And Girls Hangout Gun.txt
TGX V3 - v1.7.6/Scripts/Btools.txt
TGX V3 - v1.7.6/Scripts/Build And Boat For Treasure.txt
TGX V3 - v1.7.6/Scripts/CBROKillAll.txt
TGX V3 - v1.7.6/Scripts/CC Aimbot V2.txt
TGX V3 - v1.7.6/Scripts/CC Aimbot.txt
.js
TGX V3 - v1.7.6/Scripts/CMD-X.txt
TGX V3 - v1.7.6/Scripts/CTRL+Del.txt
TGX V3 - v1.7.6/Scripts/Click TP Tool.txt
TGX V3 - v1.7.6/Scripts/Coco Hub.txt
TGX V3 - v1.7.6/Scripts/Dark Hub.txt
TGX V3 - v1.7.6/Scripts/Dex Explorer v2.txt
.js
TGX V3 - v1.7.6/Scripts/Dex Explorer.txt
.js
TGX V3 - v1.7.6/Scripts/DexV1.txt
TGX V3 - v1.7.6/Scripts/DexV4.txt
TGX V3 - v1.7.6/Scripts/DivineSisters.txt
TGX V3 - v1.7.6/Scripts/EclipseMM2.txt
TGX V3 - v1.7.6/Scripts/Ez Hub.txt
TGX V3 - v1.7.6/Scripts/FPSBoost.txt
TGX V3 - v1.7.6/Scripts/Fathom Hub.txt
TGX V3 - v1.7.6/Scripts/Flee The Facility.txt
TGX V3 - v1.7.6/Scripts/Full Bright.txt
TGX V3 - v1.7.6/Scripts/Globals Script.txt
TGX V3 - v1.7.6/Scripts/Infinite Jump.txt
TGX V3 - v1.7.6/Scripts/Infinite Yield.txt
TGX V3 - v1.7.6/Scripts/Invisible Fling.txt
TGX V3 - v1.7.6/Scripts/Jailbreak.txt
TGX V3 - v1.7.6/Scripts/Kraken Hub.txt
TGX V3 - v1.7.6/Scripts/LucidityMM2.txt
TGX V3 - v1.7.6/Scripts/MM2.txt
TGX V3 - v1.7.6/Scripts/MM2Autofarm.txt
TGX V3 - v1.7.6/Scripts/Mad City 2.txt
.js
TGX V3 - v1.7.6/Scripts/Mad City GUI.txt
TGX V3 - v1.7.6/Scripts/Mad City.txt
TGX V3 - v1.7.6/Scripts/Mad Emotes.txt
TGX V3 - v1.7.6/Scripts/MeepCity Plus.txt
TGX V3 - v1.7.6/Scripts/MheeHub.txt
TGX V3 - v1.7.6/Scripts/Murder Mystery 2.txt
TGX V3 - v1.7.6/Scripts/NoClip.txt
TGX V3 - v1.7.6/Scripts/NoClipKeybind.txt
TGX V3 - v1.7.6/Scripts/OpFinality.txt
TGX V3 - v1.7.6/Scripts/Ori Hub.txt
TGX V3 - v1.7.6/Scripts/Owl Hub.txt
TGX V3 - v1.7.6/Scripts/OxieHub.txt
TGX V3 - v1.7.6/Scripts/Phantom Forces.txt
TGX V3 - v1.7.6/Scripts/Prison Life [ Admin commands ].txt
TGX V3 - v1.7.6/Scripts/Prison Life.txt
TGX V3 - v1.7.6/Scripts/Prisonware.txt
TGX V3 - v1.7.6/Scripts/Remote Spy.txt
TGX V3 - v1.7.6/Scripts/Reviz Admin.txt
TGX V3 - v1.7.6/Scripts/SharkBite.txt
TGX V3 - v1.7.6/Scripts/Simple BloxBurg Auto Farm.txt
TGX V3 - v1.7.6/Scripts/TopKek V3.txt
.js
TGX V3 - v1.7.6/Scripts/UnitClassifiedGUI.txt
TGX V3 - v1.7.6/Scripts/Walk On Walls.txt
TGX V3 - v1.7.6/Scripts/Walkspeed.txt
TGX V3 - v1.7.6/Scripts/ZyrexHub.txt
TGX V3 - v1.7.6/Scripts/[CTRL] Click TP.txt
TGX V3 - v1.7.6/Scripts/[E] Fly.txt
TGX V3 - v1.7.6/Scripts/[E] NoClip.txt
TGX V3 - v1.7.6/Scripts/oofNotoriety.txt
TGX V3 - v1.7.6/System.Management.Automation.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/TGX.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/WeAreDevs_API.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/Wearedevs.dll
.dll windows x86

1328e8eb450e364cc94d2852aa476210

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

__WSAFDIsSet
WSACleanup
WSAGetLastError
recv
send
closesocket
ioctlsocket
connect
listen
accept
sendto
recvfrom
select
WSACloseEvent
WSACreateEvent
WSASetLastError
WSAStartup
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
bind
inet_addr
getsockname
socket
ntohs
htons
setsockopt
WSAResetEvent
getpeername
getsockopt
WSAIoctl
htonl
gethostname
gethostbyname
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
shutdown
getaddrinfo
freeaddrinfo

dbghelp

SymFunctionTableAccess
SymGetModuleBase
SymGetSymFromAddr
SymGetLineFromAddr
SymCleanup
StackWalk
SymInitialize
UnDecorateSymbolName

kernel32

GetProcAddress
GetCurrentProcessId
GetConsoleWindow
SetConsoleTextAttribute
GetStdHandle
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
GetTickCount64
FormatMessageA
SetEvent
ResetEvent
SetConsoleTitleA
ReadFile
WriteProcessMemory
CreateNamedPipeA
SetConsoleMode
WaitForSingleObject
DisconnectNamedPipe
GetExitCodeThread
GetConsoleMode
DisableThreadLibraryCalls
FreeConsole
Module32FirstW
VirtualAllocEx
ReadProcessMemory
FreeLibrary
CreateRemoteThread
VerifyVersionInfoW
Module32NextW
VirtualFreeEx
AllocConsole
ConnectNamedPipe
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WakeAllConditionVariable
GetLastError
GetEnvironmentVariableA
CreateFileA
GetFileSizeEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
GetModuleHandleW
GetEnvironmentVariableW
GetModuleHandleExW
GetSystemTimeAsFileTime
VirtualFree
GetACP
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
ReadConsoleA
ReadConsoleW
LocalFree
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
Sleep
OpenProcess
GetModuleHandleA
GetCurrentProcess
GetModuleFileNameA
CloseHandle
SetFileInformationByHandle
CreateToolhelp32Snapshot
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
MoveFileExA
IsDebuggerPresent
CreateEventW
InitializeSListHead
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitOnceBeginInitialize
InitOnceComplete
GetFileInformationByHandleEx
AreFileApisANSI
FormatMessageW
SetLastError
GetTickCount
GetSystemDirectoryA
SleepEx
InitializeCriticalSectionEx
GetCurrentThread
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
ShowWindow
RegisterClassExA
UnregisterClassA
CreateWindowExA
DefWindowProcA
GetWindowLongA
MessageBoxW
SetWindowLongA
DestroyWindow
GetWindowRect
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetUserObjectInformationW
GetCursorPos
SetCursorPos
CallWindowProcA
GetProcessWindowStation
ReleaseCapture
GetSystemMenu
MonitorFromPoint
DeleteMenu
keybd_event
GetSystemMetrics
MapVirtualKeyA
mouse_event
SendInput
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect

advapi32

CryptEncrypt
CryptAcquireContextW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
DeregisterEventSource
RegisterEventSourceW
CryptGetHashParam
GetCurrentHwProfileA
CryptReleaseContext
CryptAcquireContextA
ReportEventW

shell32

ShellExecuteA

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Random_device@std@@YAIXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Xbad_function_call@std@@YAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Query_perf_frequency
_Query_perf_counter
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
_Xtime_get_ticks
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Thrd_sleep
_Mtx_unlock
?_Xinvalid_argument@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

vcruntime140

memset
__std_type_info_destroy_list
_CxxThrowException
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
_purecall
strchr
memcpy
memmove
strrchr
memchr
wcsstr
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
free
calloc

api-ms-win-crt-runtime-l1-1-0

abort
_getpid
exit
terminate
_beginthreadex
__sys_nerr
__sys_errlist
_errno
_invalid_parameter_noinfo_noreturn
system
_seh_filter_dll
_initterm_e
_exit
_configure_narrow_argv
_initialize_narrow_environment
_initterm
_cexit
_initialize_onexit_table
raise
strerror_s
_crt_atexit
_execute_onexit_table
_register_onexit_function
signal

api-ms-win-crt-string-l1-1-0

strcat_s
tolower
strcpy_s
strspn
strncpy
strnlen
isdigit
strcmp
_strdup
isalnum
strncpy_s
isspace
strcspn
strpbrk
isupper
strncmp
strncat

api-ms-win-crt-stdio-l1-1-0

ferror
__stdio_common_vswprintf
_setmode
_read
freopen_s
_write
_close
feof
fopen
_open
__stdio_common_vsscanf
fputc
__stdio_common_vsprintf
_wfopen
__acrt_iob_func
fflush
fseek
fclose
ftell
__stdio_common_vsprintf_s
_lseeki64
fgets
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
fgetc
__stdio_common_vfprintf
setvbuf
fgetpos
fwrite
fputs
_fileno

api-ms-win-crt-time-l1-1-0

_gmtime64
_gmtime64_s
strftime
_localtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat64
_lock_file
_unlink
_unlock_file
_stat64
_stat64i32

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-convert-l1-1-0

strtol
atoi
wcstombs
strtoll
strtoul
strtod
strtoull

api-ms-win-crt-math-l1-1-0

_CIatan2
_libm_sse2_cos_precise
_CIcosh
_CIfmod
_libm_sse2_exp_precise
_fdopen
_libm_sse2_log10_precise
_CIsinh
_libm_sse2_atan_precise
_libm_sse2_pow_precise
log2
ldexp
round
_libm_sse2_sin_precise
_dsign
_CItanh
_libm_sse2_sqrt_precise
_dclass
_libm_sse2_log_precise
_libm_sse2_tan_precise
ceil
_libm_sse2_asin_precise
_libm_sse2_acos_precise
floor

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

crypt32

CertDuplicateCertificateContext
CertFreeCertificateChain
CertCloseStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertFindExtension

wldap32

ord211
ord60
ord45
ord32
ord41
ord22
ord26
ord27
ord143
ord46
ord50
ord217
ord33
ord301
ord200
ord30
ord79
ord35

normaliz

IdnToAscii

Exports

Exports

ensure_injector
injector_call

Sections

.text
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Africa0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Africa1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Africa2
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/Zeus.dll
.dll windows x86

753c76543bdeec9de611821e3bd35f73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
AllocConsole
AreFileApisANSI
CloseHandle
ConnectNamedPipe
CopyFileA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
CreateNamedPipeA
CreateRemoteThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DisableThreadLibraryCalls
DisconnectNamedPipe
EnterCriticalSection
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeConsole
FreeLibrary
GetConsoleMode
GetConsoleWindow
GetCurrentConsoleFontEx
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoEx
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
K32EnumProcessModules
K32GetModuleFileNameExA
K32GetModuleInformation
LeaveCriticalSection
LoadLibraryA
LocalFree
Module32FirstW
Module32NextW
MoveFileExA
MultiByteToWideChar
OpenProcess
PeekNamedPipe
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseSRWLockExclusive
ResetEvent
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentConsoleFontEx
SetEvent
SetFileInformationByHandle
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualAllocEx
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteProcessMemory
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext
GetCurrentHwProfileA

shell32

ShellExecuteA

user32

CallWindowProcA
ClientToScreen
CloseClipboard
CreateWindowExA
DefWindowProcA
DeleteMenu
DestroyWindow
EmptyClipboard
GetCapture
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetForegroundWindow
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
IsChild
LoadCursorA
MapVirtualKeyA
MessageBoxA
MonitorFromPoint
MonitorFromWindow
OpenClipboard
RegisterClassExA
RegisterClipboardFormatA
ReleaseCapture
ReleaseDC
ScreenToClient
SendInput
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetProcessDPIAware
SetWindowLongA
ShowWindow
TrackMouseEvent
UnregisterClassA
keybd_event
mouse_event

dbghelp

StackWalk
SymCleanup
SymFunctionTableAccess
SymGetLineFromAddr
SymGetModuleBase
SymGetSymFromAddr
SymInitialize
UnDecorateSymbolName

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntop
inet_pton
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0facet@locale@std@@IAE@I@Z
??0ios_base@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPBDH@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?fail@ios_base@std@@QBE_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?good@ios_base@std@@QBE_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
_Cnd_destroy_in_situ
_Cnd_do_broadcast_at_thread_exit
_Cnd_init_in_situ
_Cnd_signal
_Cnd_timedwait
_Cnd_wait
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
_Mtx_unlock
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_id
_Thrd_join
_Thrd_sleep
_Tolower
_Toupper
_Xtime_get_ticks

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmEnableBlurBehindWindow
DwmGetColorizationColor
DwmIsCompositionEnabled

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetNameStringA
CertOpenStore
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

wldap32

ord301
ord45
ord22
ord32
ord26
ord30
ord35
ord143
ord200
ord41
ord33
ord27
ord50
ord211
ord60
ord217
ord46
ord79

normaliz

IdnToAscii

vcruntime140

_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
_except_handler3
_except_handler4_common
_purecall
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr
strstr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_close
_fseeki64
_get_stream_buffer_pointers
_lseeki64
_open
_read
_wfopen
_write
fclose
feof
fflush
fgetc
fgetpos
fgets
fopen
fopen_s
fputc
fread
freopen_s
fseek
fsetpos
ftell
fwrite
puts
setvbuf
ungetc

api-ms-win-crt-runtime-l1-1-0

__sys_errlist
__sys_nerr
_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_execute_onexit_table
_getpid
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll
abort
exit
strerror
system
terminate

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat64
_lock_file
_stat64
_unlink
_unlock_file

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc
realloc

api-ms-win-crt-math-l1-1-0

_dsign
_dtest
_fdopen
acos
asin
atan
atan2
ceil
cos
cosh
exp
exp2
floor
fmod
frexp
ldexp
log
log10
log2
modf
pow
round
sin
sinh
sqrt
tan
tanh

api-ms-win-crt-time-l1-1-0

_gmtime64
_localtime64
_time64
strftime

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtod
strtol
strtoll
strtoul
strtoull
wcstombs

api-ms-win-crt-string-l1-1-0

_strdup
isalnum
isalpha
isspace
isupper
strcat
strcmp
strcspn
strlen
strncat
strncmp
strncpy
strnlen
strpbrk
strspn
tolower
toupper
wcslen

api-ms-win-crt-utility-l1-1-0

qsort
rand

Exports

Exports

ensure_injector
injector_call

Sections

.text
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 833KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: - Virtual size: 12B

Africa0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Africa1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Africa2
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/ZeusInjector.exe
.exe windows x86

fbc044e8233b0288216876d6de82327d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?_Xlength_error@std@@YAXPBD@Z

shlwapi

PathAddBackslashA

vcruntime140

_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/bin/Multiple ROBLOX.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/bin/RobloxPlayerLauncher.exe
.exe windows x86

d9201d94d3769e7faacff22e6fbbf5a9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:01:21:db:78:25:91:36:59:64:53:4a:96:dc:c2:6e
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/03/2019, 00:00

Not After

20/08/2021, 23:59

Subject

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130953616e204d6174656f,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:99:08:8d:76:7c:ae:b4:63:2a:51:84:a0:47:4a:f9:99:eb:66:a7
Signer

Actual PE Digest

1d:99:08:8d:76:7c:ae:b4:63:2a:51:84:a0:47:4a:f9:99:eb:66:a7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130953616e204d6174656f,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

14/10/2020, 23:19
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpCrackUrl
WinHttpSendRequest
WinHttpReadData
WinHttpWriteData
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpQueryHeaders

kernel32

GetVersionExW
FreeResource
LocalFree
FormatMessageW
FindResourceA
FindResourceExA
VerifyVersionInfoW
GetStdHandle
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThread
CreateProcessW
OpenProcess
GetSystemTime
GetLocalTime
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrlenW
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceW
CopyFileW
SystemTimeToFileTime
GetGeoInfoW
GetUserGeoID
GetUserDefaultLCID
FreeConsole
AttachConsole
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetSystemTimeAsFileTime
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
K32EnumProcesses
K32GetProcessImageFileNameW
GetCommandLineW
GetShortPathNameW
IsDebuggerPresent
GetCurrentProcessId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
IsWow64Process
FlushFileBuffers
GetFileSizeEx
SetFileTime
lstrcpyW
MoveFileW
OpenEventA
SetLastError
CreateSemaphoreW
QueryPerformanceCounter
QueryPerformanceFrequency
FileTimeToSystemTime
GetFileTime
FormatMessageA
GetSystemInfo
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateWaitableTimerA
HeapAlloc
GetTempPathW
SleepEx
CreateThread
GetExitCodeThread
GetVersion
LockFileEx
SetEndOfFile
UnlockFileEx
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetProcessTimes
SuspendThread
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
InitializeCriticalSection
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
SetFilePointerEx
FindFirstFileExW
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitOnceExecuteOnce
HeapDestroy
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitThread
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
RtlUnwind
CreateTimerQueue
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
RaiseException
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
SwitchToThread
EncodePointer
WriteFile
ReadFile
GetFileSize
VerSetConditionMask
GetCurrentThreadId
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetFileAttributesW
CreateFileW
CreateDirectoryW
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapFree
InitializeCriticalSectionEx
SetUnhandledExceptionFilter
HeapReAlloc
DecodePointer
MulDiv
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
GetProcAddress
GetModuleHandleW
OpenEventW
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
CloseHandle
DeleteFileW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetFileType

user32

GetDC
CreateWindowExW
GetWindowRect
MessageBoxW
DefWindowProcW
SendMessageW
InvalidateRect
CallWindowProcW
ShowWindow
GetWindowLongW
SetWindowLongW
RegisterClassW
GetParent
GetWindowTextW
UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
LoadAcceleratorsW
TranslateAcceleratorW
SetWindowTextW
EnumWindows
CharUpperW
GetWindowThreadProcessId
LoadIconW
MessageBoxA
MessageBoxExW
PostQuitMessage
DestroyWindow
GetDlgItem
GetDlgCtrlID
SetTimer
KillTimer
EnableWindow
GetSystemMetrics
DrawTextW
ReleaseDC
AllowSetForegroundWindow
BeginPaint
EndPaint
FillRect
LoadBitmapW
PostMessageW
IsWindowVisible
SetForegroundWindow
CharNextW

gdi32

SetBkMode
SetDCPenColor
SetDCBrushColor
SelectObject
RoundRect
SetTextColor
GetStockObject
CreatePen
GetDeviceCaps
DeleteObject
CreateSolidBrush
CreateFontW
Rectangle

shell32

ShellExecuteW
SHGetFolderPathAndSubDirW
CommandLineToArgvW
Shell_NotifyIconW
Shell_NotifyIconA
ShellExecuteExW
ord165

ole32

CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

advapi32

CryptAcquireContextW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteKeyW
GetUserNameW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateNamedPipeClient
RevertToSelf
SystemFunction036
RegQueryValueExA
GetTokenInformation
RegFlushKey

shlwapi

PathAddBackslashW
HashData
SHDeleteKeyW
StrCmpNW
StrStrW
StrCmpW
PathFileExistsW
PathRemoveExtensionW
SHCopyKeyW
PathAppendW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

sensapi

IsNetworkAlive

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree

wininet

HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
HttpQueryInfoA
InternetWriteFile
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetQueryDataAvailable

ws2_32

connect
closesocket
freeaddrinfo
getaddrinfo
inet_ntoa
htons
WSAGetLastError
WSACleanup
WSAStartup
socket
sendto
send

winmm

timeGetTime
timeSetEvent
timeGetDevCaps
timeBeginPeriod

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/bin/Zeus.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/bin/rbxfpsunlocker.exe
.exe windows x86

45aed3de6b8dd424b7404c35c1a47fd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleTextAttribute
GetStdHandle
GetProcessId
CreateMutexA
Sleep
GetLastError
CloseHandle
ReadProcessMemory
GetExitCodeProcess
Process32First
K32EnumProcessModulesEx
OpenProcess
CreateToolhelp32Snapshot
K32GetModuleFileNameExA
QueryFullProcessImageNameA
Process32Next
GetNativeSystemInfo
K32GetModuleInformation
IsWow64Process
VirtualQueryEx
GetCurrentProcess
SetConsoleTitleA
TerminateThread
FreeConsole
CreateThread
GetConsoleScreenBufferInfo
AllocConsole
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileSizeEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleWindow
WriteProcessMemory
HeapFree
HeapAlloc
WriteFile
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
SetLastError
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
WriteConsoleW

user32

GetWindowTextA
MessageBoxA
EnumWindows
IsWindowVisible
GetSystemMenu
GetMessageA
CheckMenuRadioItem
DispatchMessageA
LoadCursorA
CreatePopupMenu
TrackPopupMenu
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
LoadIconA
AppendMenuA
CheckMenuItem
PostQuitMessage
EnableMenuItem
RegisterClassExA
SetForegroundWindow
GetCursorPos
GetWindowThreadProcessId

gdi32

GetStockObject

shell32

ShellExecuteA
Shell_NotifyIconA

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/bin/tgx.xshd
.xml
TGX V3 - v1.7.6/injector_evon.exe
.exe windows x86

fbc044e8233b0288216876d6de82327d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?_Xlength_error@std@@YAXPBD@Z

shlwapi

PathAddBackslashA

vcruntime140

_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TGX V3 - v1.7.6/krnl.dll
.dll windows x86

00ec22fbc2292b4b37170788fde1f037

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
sendto
recvfrom
listen
htonl
ntohl
WSAIoctl
ntohs
htons
getsockopt
getsockname
getpeername
bind
WSASetLastError
accept
select
WSAStartup
WSACleanup
closesocket
recv
__WSAFDIsSet
send
WSAGetLastError
connect
ioctlsocket
setsockopt
socket
freeaddrinfo
getaddrinfo

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFindCertificateInStore
CertFreeCertificateChain
CertOpenStore

advapi32

CryptDestroyHash
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptHashData
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegGetValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

kernel32

CloseHandle
GetProcAddress
GetCurrentProcessId
VirtualQuery
ReadFile
CreateNamedPipeA
DisconnectNamedPipe
ConnectNamedPipe
SetConsoleTitleA
LoadLibraryA
GlobalAlloc
GlobalLock
GetConsoleWindow
IsBadReadPtr
GlobalUnlock
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
FreeConsole
FillConsoleOutputAttribute
GetSystemWow64DirectoryA
SetConsoleCursorPosition
AllocConsole
MultiByteToWideChar
GlobalFree
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
CreateMutexA
GetLastError
DisableThreadLibraryCalls
CreateThread
RaiseException
FormatMessageA
HeapCreate
HeapFree
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
HeapAlloc
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetEnvironmentStringsW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
VirtualProtect
GetCurrentProcess
GetModuleFileNameA
GetComputerNameA
GetModuleHandleA
GetVolumeInformationA
GetStdHandle
GetThreadContext
FlushFileBuffers
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitOnceBeginInitialize
InitOnceComplete
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
SetConsoleTextAttribute
SetEvent
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
TerminateProcess
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
FreeLibrary
VerifyVersionInfoA
ExpandEnvironmentStringsA
WaitForSingleObjectEx
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SetLastError
CreateFileA
GetFileSizeEx
FindClose
FindNextFileW
LocalFree
GetExitCodeThread
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
RtlUnwind
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetCursorPos
SetClipboardData
mouse_event
GetForegroundWindow
MapVirtualKeyA
GetWindowTextA
EmptyClipboard
CloseClipboard
OpenClipboard
ShowWindow
GetSystemMetrics
keybd_event
SetWindowPos
GetClipboardData
SetCursorPos
GetSystemMenu
EnableMenuItem
DestroyWindow
DefWindowProcA
CreateWindowExA
UnregisterClassA
RegisterClassExA
GetKeyState
LoadCursorA
ScreenToClient
ClientToScreen
IsChild
SetCursor
GetClientRect
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

dbghelp

UnDecorateSymbolName

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

d3dcompiler_47

D3DCompile

xinput1_4

ord2
ord4

wldap32

ord143
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uo2s0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uo2s1
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 26KB - Virtual size: 25KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 12B

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 226KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 226KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 512KB - Virtual size: 997KB

Size: 426KB - Virtual size: 612KB

Size: 1KB - Virtual size: 7KB

Size: 512B - Virtual size: 520B

Size: 30KB - Virtual size: 38KB

.idata Size: 3KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

eZE72a Size: - Virtual size: 15.6MB

.boot Size: 9.7MB - Virtual size: 9.7MB

.data Size: 20KB - Virtual size: 20KB

.text Size: 37KB - Virtual size: 37KB

.reloc Size: 1KB - Virtual size: 4KB

753c76543bdeec9de611821e3bd35f73

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

user32

dbghelp

gdi32

ws2_32

msvcp140

imm32

.text
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 226KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 226KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

.idata
Size: 3KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

eZE72a
Size: - Virtual size: 15.6MB

.boot
Size: 9.7MB - Virtual size: 9.7MB

.data
Size: 20KB - Virtual size: 20KB

.text
Size: 37KB - Virtual size: 37KB

.reloc
Size: 1KB - Virtual size: 4KB

.text
Size: - Virtual size: 2.9MB

.rdata
Size: - Virtual size: 833KB

.data
Size: - Virtual size: 1.0MB

.00cfg
Size: - Virtual size: 8B

.tls
Size: - Virtual size: 9KB

.voltbl
Size: - Virtual size: 12B

Africa0
Size: - Virtual size: 2.0MB

Africa1
Size: 12KB - Virtual size: 12KB

Africa2
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 223B

.text
Size: 596KB - Virtual size: 595KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10
Signer

17/03/2021, 20:03
Valid: true

.text
Size: 675KB - Virtual size: 675KB

.rsrc
Size: 1KB - Virtual size: 1KB