General

Malware Config

Signatures

Files

• MatSploit.rar

  .rar
• BootsTrapperU.exe

  .exe windows x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .|J4`)

  Size: 128KB - Virtual size: 127KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

• DiscordRPC.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  2f:a0:44:2f:06:32:a7:9b:41:c8:a3:56:14:ea:70:3a

  Certificate

  Issuer

  CN={1791EA4B-5C2E-4ED0-9F7E-18430A42F920}

  Not Before

  14-05-2019 08:09

  Not After

  13-05-2020 14:09

  Subject

  CN={1791EA4B-5C2E-4ED0-9F7E-18430A42F920}

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  e7:43:de:4b:d3:a2:96:5a:f7:a8:72:62:d4:9d:f1:ad:cb:9f:8e:e9

  Signer

  Actual PE Digest

  e7:43:de:4b:d3:a2:96:5a:f7:a8:72:62:d4:9d:f1:ad:cb:9f:8e:e9

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN={1791EA4B-5C2E-4ED0-9F7E-18430A42F920}

  01-07-2019 08:14

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 76KB - Virtual size: 76KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 916B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• ICSharpCode.AvalonEdit.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 601KB - Virtual size: 601KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• ICSharpCode.AvalonEdit.xml

  .xml
• MatSploit.exe

  .exe windows x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  [-.H;

  Size: 432KB - Virtual size: 431KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text

  Size: 1.0MB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 117KB - Virtual size: 116KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

• bin/BootstrapperVersion.txt
• bin/MatSploit.dll

  .dll windows x86

  34c2cea2badec3fa6de333889f4dd3b4

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  QueryPerformanceFrequency

  VirtualQuery

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  SendInput

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  advapi32

  CryptEncrypt

  shell32

  ShellExecuteA

  msvcp140

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  d3dcompiler_47

  D3DCompile

  d3d11

  D3D11CreateDeviceAndSwapChain

  imm32

  ImmReleaseContext

  xinput9_1_0

  XInputGetState

  vcruntime140

  longjmp

  api-ms-win-crt-runtime-l1-1-0

  _invalid_parameter_noinfo_noreturn

  api-ms-win-crt-string-l1-1-0

  toupper

  api-ms-win-crt-heap-l1-1-0

  realloc

  api-ms-win-crt-stdio-l1-1-0

  setvbuf

  api-ms-win-crt-math-l1-1-0

  modf

  api-ms-win-crt-filesystem-l1-1-0

  _fstat64

  api-ms-win-crt-convert-l1-1-0

  strtoll

  api-ms-win-crt-utility-l1-1-0

  srand

  api-ms-win-crt-locale-l1-1-0

  localeconv

  api-ms-win-crt-environment-l1-1-0

  getenv

  api-ms-win-crt-time-l1-1-0

  _mktime64

  ws2_32

  select

  crypt32

  CertFreeCertificateChainEngine

  wldap32

  ord27

  normaliz

  IdnToAscii

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  o���Iqc�H
  &+�ҙ��c��g��b��W���@֓n�ƈ9gsGf�De�Y�֫>�q`N�YV�cx���fj@u�!)^%M�bk����p><F�hnʵZ�)�w=܊�`�
  ?d��Q��l��K'\$�7C��p�ڜ<7l�8�橡Ԡ$YQg���DN�~wY��^��1����ǟtQ�+=����) �*�� �Ɖ��������U~�aU����EW���̜���֦&'��wAt m��y�9bsR��%nEgӎ=4�*�����O!�l<�:r�$Il���%F�3~�x�b�2�v�Fn��Y�|�����f#�S@��J^����z��Ӹ/S���z[^�9%��M⊑*��#��E��9'i}o�R�I�]����������-P�c=b�s7Z�� H�<�b�i� ��������ö�gV#t���������`0�G[�ups^��эb&�**��/� ;y,*�9-z!(�B��b<rؼb���y�I�IJ|��1�Oe�i���-���H�^�X�U��y5����*⢰?G�z7��~!��p�ۯ�Vۋ���|��fj�wwO7�g��?��)<�r龞h %҉�1!V?��9�C] �'PF
  ,E����T�&OT�)��1�q�팖�!�4r|V`-� T��‘��-)B�Ǿ<�u|QSk��6h����eU����w���[8��}չ)?���H�!*�T<Ӑ< ����������b�sA��� �����yOn�e�L�����Rcu��8�"�������(�]��}��5#�oj�mP�����n���d���QJ�7lYa2�I[�8c[�����)}�S2�� ��4�U�0 ��@�&���$��N2J��K�����vn�MQ����Oȉ)cf��i�?$�@fj���9n��Lį*e�ǝ�k��Y�7�f��f)p�5ŷJ�Sѯ+Qa�vR��2\`�����Lpւ��(4���;ĸe������6�g �7��0�f�?�އ�����6$��!$x����Ӛ$ۜ��%�?#{�\�yw2%Zc :�ls!�<@���K�2ጣ����+ɬ�A=���~�O0����|�\
  ��m��/�?]��\��;K�.ڋ��(Wo��i���i�|�+�ۣ2�M�C}��� ����q�7��xZ )h�X<��;*�i��j�M�v��m����$�M d�"��z#��%��E)�ش&w&��,R^_S2���X&o}�{���oe��h�'�z�hBU��U�zr���T C`� T���^�m�4����FOO, Q��9��9��Z(�F�H|��Z&��J�cz��%�U'���!u�(0���k�3��c'��'R.U�$��I�Q������qc;w斀:=*��U�z���p$�pՑ����ʬ|H�����g�
  ���X�og��7C@
  �,$�������T�V7�|���^���i�]$%�������V<���v~:�f��1�-�V��YW�������؇cx�p��%�����2��*��?��
  �"��8!����;D�$'8���r�Ie��� ��sR�ëڽ�0v�����Li��㺊#��E��t��������a�M���1_�6�������:+��Q5 ��������T �{T��u�E��t<��8�m��Qx���Bȵc(1�y"Wd��4�4�9�˖���]q����30�� 0�I厇3ߴ�@�
  ;Tc\�s�/����L�F���hn-�z�X��
  ���W"ۃݯ�j�'1%)��_E�o�L2e��s��.�^��3l��P���9(�!���4�T����F��=���i�O�;��'���
  ���f�o?9��(��hjf�h <L��@��:_JAa��ggq�C�n�sLl?��ݑHV]MY N�㞂� �0�f�L5�W�5�0t_��EP<43y2�b�v2rK��� ßW% �F�! WگB�(F
  �[&ǡF,�N�U���i��� v҇�uF��4?�A�@�d�!���ͽ#�G�r�Q�6��/o�;ĥm��J+��ėt<�� 6&%6�KD�]P���a�.G��UR���3�5�g�#������R�E���'�{��n�8�5V�n��)�w�dI�.=ɇ8}���5�nYP�c�8Xz~�_=t��Bz�M�G�@$7���;��F��Zq��(n�C!#g�5�n-*���h�@�r�� C��6s��j�{O�����_JO��� ���~7U��vC14$�v�����E6X�劖����i�J�Q7#U�H+�2��Nݽ�Q�4�afƳb�;ɚ?��S����BW�66� ����P� X�s՜�sI∷������Ѕ�W�1FHY���#��^۝��m�� ��
  S+$"�&P(�T|�vG�^��X� �t$y���_Vq���4��p����h��n�%�.P�"њ/ ���}�%��f�\M)�1.;Vaj��`��dU��J����x�$���:ky�S�%pzGH�*�b��|(Y�������CH�PNNQ&�f�"U��-rkj��4$%�G}'8�Al=��5�$����pW��9����f�"�4Q.Y�H����3C�� H�֎�G9D�^��J��u�_�r��ߋAN�ħm�U�������#Z���#�$�.?���RR1�,�L�+ѩVD��hxR�s(�ên�d� �N�,`��y���eX;�?�-%%2o�O�E8�^�ſ�?�{D�s*C.��$O�^,-#�a�߽T��$������N����j$Y��8ʾ�`yC�����LϤ�2ɸ-+�pe��d'0E]����>�+��X�٘���T&3[1D���PfJ���t^�p�a�S��f�=k�y_�-���w�-d�S7�e�CH�7%�St";^����,u���AX�D+�x�@��� �� ڟ0��]J�G�`Vn��c�mTp�<�۷X��;-X)�v%�Ǹc� ���@ �&�i4MĹ��(@� s2��{� �c�����.nb��pkՎ#�]p����h���!q���/0ϵ �4L�VX~���S����ԑx�ͼ~�:[!��ύߘ�k(/�

  Sections

  .text

  Size: - Virtual size: 1.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 214KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 994KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 4.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 6.9MB - Virtual size: 6.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 233B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• bin/UIVersion.txt
• bin/Zeus.exe

  .exe windows x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bin/lua.xshd

  .xml
• bin/rbxfpsunlocker.exe

  .exe windows x64

  8a30acffa5d4e68c6f30f1c14d9a5f09

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  SetConsoleTextAttribute

  GetStdHandle

  GetProcessId

  CreateMutexA

  Sleep

  GetLastError

  CloseHandle

  ReadProcessMemory

  GetExitCodeProcess

  Process32First

  K32EnumProcessModulesEx

  OpenProcess

  CreateToolhelp32Snapshot

  K32GetModuleFileNameExA

  QueryFullProcessImageNameA

  Process32Next

  K32GetModuleInformation

  IsWow64Process

  VirtualQueryEx

  GetCurrentProcess

  SetConsoleTitleA

  TerminateThread

  FreeConsole

  CreateThread

  GetConsoleWindow

  GetConsoleScreenBufferInfo

  WriteConsoleW

  HeapSize

  SetStdHandle

  GetProcessHeap

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  HeapReAlloc

  ReadConsoleW

  ReadFile

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  GetFileSizeEx

  GetFileType

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  AllocConsole

  WriteProcessMemory

  HeapFree

  HeapAlloc

  WriteFile

  GetModuleFileNameW

  GetModuleHandleExW

  CreateFileW

  FindClose

  FindFirstFileExW

  FindNextFileW

  GetFileInformationByHandle

  SetEndOfFile

  SetFilePointerEx

  AreFileApisANSI

  SetLastError

  GetModuleHandleW

  GetProcAddress

  MultiByteToWideChar

  WideCharToMultiByte

  FormatMessageW

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  SwitchToThread

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  EncodePointer

  DecodePointer

  GetCPInfo

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  InitializeSListHead

  RtlUnwindEx

  RtlPcToFileHeader

  RaiseException

  FreeLibrary

  LoadLibraryExW

  ExitProcess

  RtlUnwind

  user32

  GetWindowTextA

  MessageBoxA

  EnumWindows

  IsWindowVisible

  GetSystemMenu

  GetMessageA

  CheckMenuRadioItem

  DispatchMessageA

  LoadCursorA

  CreatePopupMenu

  TrackPopupMenu

  ShowWindow

  DefWindowProcA

  CreateWindowExA

  TranslateMessage

  LoadIconA

  AppendMenuA

  CheckMenuItem

  PostQuitMessage

  EnableMenuItem

  RegisterClassExA

  SetForegroundWindow

  GetCursorPos

  GetWindowThreadProcessId

  gdi32

  GetStockObject

  shell32

  ShellExecuteA

  Shell_NotifyIconA

  wininet

  InternetOpenA

  InternetCloseHandle

  InternetReadFile

  InternetOpenUrlA

  Sections

  .text

  Size: 257KB - Virtual size: 256KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 102KB - Virtual size: 102KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 13KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 148B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 101KB - Virtual size: 100KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bin/version.txt
• bin/workspace/286090429.txt
• librarys/discordrpc.dll

  .dll windows x86

  6310e6aa09f46f952e994ef81548691a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  WaitNamedPipeW

  GetCurrentProcessId

  GetCurrentProcess

  PeekNamedPipe

  lstrlenW

  MultiByteToWideChar

  K32GetModuleFileNameExW

  GetLastError

  CloseHandle

  WriteFile

  ReadFile

  lstrcpyW

  CreateFileW

  DuplicateHandle

  WaitForSingleObjectEx

  Sleep

  GetCurrentThread

  GetCurrentThreadId

  GetExitCodeThread

  QueryPerformanceCounter

  EnterCriticalSection

  LeaveCriticalSection

  TryEnterCriticalSection

  DeleteCriticalSection

  SetLastError

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  GetTickCount

  GetModuleHandleW

  GetProcAddress

  WideCharToMultiByte

  SetEvent

  IsProcessorFeaturePresent

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  TerminateProcess

  InitializeSListHead

  CreateTimerQueue

  SignalObjectAndWait

  SwitchToThread

  CreateThread

  SetThreadPriority

  GetThreadPriority

  GetLogicalProcessorInformation

  CreateTimerQueueTimer

  ChangeTimerQueueTimer

  DeleteTimerQueueTimer

  GetNumaHighestNodeNumber

  GetProcessAffinityMask

  SetThreadAffinityMask

  RegisterWaitForSingleObject

  UnregisterWait

  EncodePointer

  GetThreadTimes

  FreeLibrary

  FreeLibraryAndExitThread

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryExW

  GetVersionExW

  VirtualAlloc

  VirtualFree

  VirtualProtect

  ReleaseSemaphore

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  InterlockedFlushSList

  QueryDepthSList

  UnregisterWaitEx

  LoadLibraryW

  RtlUnwind

  RaiseException

  ExitThread

  GetModuleHandleExW

  HeapAlloc

  HeapFree

  ExitProcess

  GetModuleFileNameA

  LCMapStringW

  DecodePointer

  GetStdHandle

  GetFileType

  GetACP

  GetProcessHeap

  FindClose

  FindFirstFileExA

  FindNextFileA

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  GetStringTypeW

  SetStdHandle

  SetFilePointerEx

  HeapSize

  HeapReAlloc

  WriteConsoleW

  advapi32

  RegQueryValueExW

  RegOpenKeyExW

  RegCreateKeyExW

  RegCloseKey

  RegSetKeyValueW

  Exports

  Exports

  Discord_Initialize

  Discord_Respond

  Discord_RunCallbacks

  Discord_Shutdown

  Discord_UpdatePresence

  Sections

  .text

  Size: 204KB - Virtual size: 204KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 56KB - Virtual size: 55KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 226KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• scripts/LT2.txt

  .js