SirHurt V4[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SirHurt V4.zip
Size

33.4MB
MD5

8ea3c925f8592a5e0e23feeadec0e143
SHA1

024c61f22ea060cbbb3c752f68898084d7c58b48
SHA256

80136d68fa257477d14036bc98826054bb5cac06d6fd9e79dc590cc847c8ba10
SHA512

a998a99e08bdc258e5073e3b15c9de43e96ae7523785748987811d16745bd5b362a614874067d2aa2930e0d7815cfd8741b32b26fc785ba88027bad99cfbb3cf
SSDEEP

786432:XG2+4gguUDyEszzio0YdXbruXLLfvKXNLbC05x+IQhdsL+:29V//bbEWN33xMdsS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 7 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/DCJ.dll	themida
static1/unpack001/SirHurt V4 Bootstrapper.exe	themida
static1/unpack001/SirHurt V4.exe	themida
static1/unpack001/SirHurt V4_New.exe	themida
static1/unpack001/SirHurt.dll	themida
static1/unpack001/SirHurtACI.dll	themida
static1/unpack001/Themes/SirHurtInjector.dll	themida

Files

SirHurt V4.zip
.zip
API.html
.html
DCJ.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 94B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 267B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 650B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
SirHurt V4 Bootstrapper.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 225KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
SirHurt V4.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
SirHurt V4_New.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
SirHurt.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.1MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 169KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 110KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 53KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
SirHurtACI.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
SirHurtInjector.dll
.dll windows x86

e5ef84ac925698279f23c89fe3f514db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

ImageNtHeader

kernel32

FindFirstFileA
VirtualAlloc
TerminateProcess
Thread32Next
GetFullPathNameA
Thread32First
WaitForSingleObject
SuspendThread
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
GetModuleHandleExA
K32GetProcessMemoryInfo
WriteProcessMemory
LoadLibraryA
Process32Next
CloseHandle
VirtualProtectEx
GetProcAddress
VirtualAllocEx
GetFileSize
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
OpenThread
Process32First
GetModuleFileNameA
ReadFile
FormatMessageA
CreateFileA
LocalFree
CreateFileW
AreFileApisANSI
GetLastError
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetFileInformationByHandle

user32

MessageBoxA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetKnownFolderPath

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
_Xtime_get_ticks
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ

urlmon

URLDownloadToFileA

vcruntime140

__std_terminate
__std_exception_copy
__std_type_info_destroy_list
__CxxFrameHandler3
memmove
memset
_CxxThrowException
__std_exception_destroy
memcpy
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

fread
fsetpos
fputc
ungetc
fflush
fclose
setvbuf
fgetpos
fwrite
_get_stream_buffer_pointers
fgetc
_fseeki64

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstombs

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_mkdir
_unlock_file

api-ms-win-crt-string-l1-1-0

_stricmp
_wcsnicmp

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_initterm_e
_initterm
_cexit
_seh_filter_dll
terminate
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Exports

Exports

Inject
InjectAllProcesses
InjectManualMap
InjectProcessId

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/DCJ.dll
.dll windows x86

b2060a812c0a50d6fa6be9610fb8e0aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
Sleep
LoadLibraryA
CreateThread
ReadProcessMemory
FreeLibrary
VirtualQueryEx
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

user32

MessageBoxA
FindWindowA

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

wininet

HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile

vcruntime140

__std_exception_copy
_CxxThrowException
__std_type_info_destroy_list
memset
_except_handler4_common
memchr
memmove
__std_exception_destroy
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/SirHurt.dll
.dll windows x86

68453a52b193ec490d6341bbaa5fe30a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CreateEventA
ExitProcess
GetCurrentProcess
FlushFileBuffers
K32GetProcessImageFileNameA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
GetDynamicTimeZoneInformation
WaitForSingleObject
AreFileApisANSI
FindFirstFileA
HeapCreate
RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
DeleteFileW
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
CreateEventW
VirtualQuery
SetConsoleTitleA
FreeConsole
AllocConsole
GetModuleFileNameA
CreateFileA
GetCurrentProcessId
PeekNamedPipe
CloseHandle
WriteFile
ReadFile
CreateFileW
IsBadReadPtr
GetModuleHandleA
VirtualFree
VirtualAlloc
GlobalMemoryStatusEx
Sleep
GetLastError
GetVolumeInformationA
DisableThreadLibraryCalls
VirtualProtectEx
GetWindowsDirectoryA
VirtualProtect
GetCurrentThreadId
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetFileSizeEx
WaitForMultipleObjects
GetFileType
GetStdHandle
WaitForSingleObjectEx
GetTickCount
ExpandEnvironmentStringsA
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
SetLastError
CreateThread
VerifyVersionInfoW
LoadLibraryA
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc

user32

SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
LoadCursorA
keybd_event
mouse_event
SendInput
MapVirtualKeyA
GetSystemMetrics
GetWindowRect
MessageBoxA
FindWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
DefWindowProcA
PostQuitMessage
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
SetWindowPos
SetFocus
UpdateWindow
GetWindowTextA
GetClientRect
GetForegroundWindow
GetKeyState
UnregisterClassA
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard

gdi32

SetTextColor
CreateFontA
GetStockObject
SetBkColor

advapi32

CryptImportKey
CryptDestroyKey
CryptGenRandom
CryptAcquireContextW
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegGetValueA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
RegSetValueExA
RegCreateKeyExA
CryptEncrypt
CryptDestroyHash
CryptHashData
CryptCreateHash

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

d3dcompiler_47

D3DCompile

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
_Xtime_get_ticks
_Thrd_join
_Thrd_id
_Cnd_destroy_in_situ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_XGetLastError@std@@YAXXZ
?setf@ios_base@std@@QAEHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
_Open_dir
_Read_dir
_Close_dir
_To_byte
_To_wide
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Mtx_trylock
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Winerror_message@std@@YAKKPADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
_Cnd_signal
_Cnd_wait
_Cnd_destroy
_Cnd_init
_Mtx_unlock
_Mtx_lock
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_destroy
_Mtx_init
_Thrd_detach
_Thrd_start
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

wintrust

WinVerifyTrust

urlmon

URLDownloadToFileA

vcruntime140

__RTDynamicCast
wcschr
_setjmp3
longjmp
_CxxThrowException
__std_type_info_name
__std_type_info_compare
__std_exception_destroy
__std_exception_copy
_purecall
strchr
memset
memmove
memcpy
memchr
__CxxFrameHandler3
strstr
__std_terminate
_except_handler4_common
__std_type_info_destroy_list
strrchr

api-ms-win-crt-string-l1-1-0

_strdup
tolower
wcsncmp
isalpha
isspace
isdigit
wcsncpy
_wcsdup
isupper
isalnum
isprint
strncmp
strpbrk
toupper
strncpy
strcspn
wcspbrk
strspn

api-ms-win-crt-stdio-l1-1-0

fopen
__acrt_iob_func
_wfopen
__stdio_common_vsprintf_s
freopen_s
fclose
__stdio_common_vsnprintf_s
fflush
fread
fputs
fseek
ftell
fwrite
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
ungetc
setvbuf
_fseeki64
fsetpos
fputc
fgetpos
fgetc
_get_stream_buffer_pointers
_fsopen
_open
_close
_write
_lseeki64
_read
fgets

api-ms-win-crt-heap-l1-1-0

_aligned_free
malloc
_callnewh
free
calloc
realloc
_aligned_malloc

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_acos_precise
ceil
_finite
_dtest
_ldsign
_dsign
floor
_isnan
_ldtest
_except1

api-ms-win-crt-convert-l1-1-0

strtoul
strtod
strtol
atol
atoi
strtoll

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_errno
exit
_getpid
_seh_filter_dll
terminate
_beginthread
_invalid_parameter_noinfo
__sys_nerr
strerror
strerror_s
_beginthreadex
_initterm
_exit

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_access
_lock_file
_unlock_file
_stat64
_mkdir

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64_s
_gmtime64_s
_localtime64
_gmtime64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertAddCertificateContextToStore
CertCloseStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

ws2_32

WSASetLastError
send
select
__WSAFDIsSet
socket
bind
recv
closesocket
ntohl
htonl
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
WSAGetLastError

wldap32

ord216
ord219
ord46
ord14
ord73
ord208
ord41
ord118
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord145

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Themes/SirHurtInjector.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Inject
InjectAllProcesses
InjectProcessId

Sections

Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Troubleshooting Guide Read_Me.txt
XInput1_4.dll
.dll windows x86

9d4058a503be3e4fedb4a5b9a6f0ca2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
CloseHandle
TerminateProcess
IsProcessorFeaturePresent
GetSystemWow64DirectoryW
GetCurrentProcess
SetUnhandledExceptionFilter
LoadLibraryW
VirtualProtect
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
IsDebuggerPresent

user32

MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

msvcp140

?_Xlength_error@std@@YAXPBD@Z

dbghelp

ImageNtHeader

vcruntime140

_except_handler4_common
__CxxFrameHandler3
memmove
memcpy
__std_type_info_destroy_list
memset
__std_exception_destroy
_CxxThrowException
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
exit
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/OpenSans-SemiBold.ttf
bin/Script 0.lua
bin/Script 0_0.lua
bin/Script 1.lua
bin/Script 2.lua
bin/extensions/test-extension/extension.lua
bin/extensions/test-extension/settings.json
bin/intellisense.json
bin/schemes/Settings.ini.bak
bin/schemes/settings.ini
bin/schemes/settings.json
lua5.1.dll
.dll windows x86

df5ee731556844566bd09eb9e0c19cfb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
FormatMessageA
GetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr80

strtoul
strcoll
strerror
ungetc
strstr
__iob_func
_errno
fopen
fread
fprintf
ferror
freopen
realloc
fclose
getc
feof
free
fputs
fgets
setvbuf
fwrite
ftell
fseek
clearerr
fscanf
tmpfile
_pclose
fflush
_popen
ceil
modf
ldexp
rand
srand
strcspn
_HUGE
_mktime64
_gmtime64
tmpnam
system
remove
clock
strftime
setlocale
_localtime64
getenv
_difftime64
_time64
rename
memchr
ispunct
tolower
isupper
toupper
islower
strpbrk
isxdigit
strrchr
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strncpy
strncat
sprintf
strtod
localeconv
isspace
iscntrl
isdigit
isalpha
isalnum
exit
longjmp
strchr
frexp
_setjmp3
_CIpow
floor
memcpy
_CIexp
_CIlog10
_CIlog
_CIsqrt
_CIfmod
_CIatan2
_CIatan
_CIacos
_CIasin
_CItanh
_CItan
_CIcosh
_CIcos
_CIsinh
_CIsin

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lua51.dll
.dll windows x86

a1b69e6994ef9135a30507dd76a0652e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua5.1

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sirh.dat

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 5KB - Virtual size: 9KB

Size: 1KB - Virtual size: 4KB

Size: 94B - Virtual size: 1KB

Size: 267B - Virtual size: 480B

Size: 650B - Virtual size: 656B

.imports Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: 2.4MB - Virtual size: 2.4MB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 225KB - Virtual size: 272KB

Size: 18KB - Virtual size: 66KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 67KB - Virtual size: 67KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.1MB - Virtual size: 3.1MB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 3.7MB - Virtual size: 3.7MB

Size: 22KB - Virtual size: 34KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 35KB - Virtual size: 35KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.1MB - Virtual size: 3.1MB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 8.6MB - Virtual size: 8.6MB

Size: 512B - Virtual size: 12B

Size: 22KB - Virtual size: 34KB

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 35KB - Virtual size: 35KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 3.0MB - Virtual size: 3.0MB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.1MB - Virtual size: 2.3MB

Size: 169KB - Virtual size: 401KB

Size: 110KB - Virtual size: 515KB

Size: 512B - Virtual size: 736B

Size: 53KB - Virtual size: 87KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 16B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 4KB - Virtual size: 7KB

Size: 1KB - Virtual size: 4KB

Size: 512B - Virtual size: 1KB

Size: 512B - Virtual size: 480B

Size: 1024B - Virtual size: 736B

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 2.3MB - Virtual size: 2.3MB

.imports
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.4MB - Virtual size: 2.4MB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 67KB - Virtual size: 67KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.1MB - Virtual size: 3.1MB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 35KB - Virtual size: 35KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.1MB - Virtual size: 3.1MB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 35KB - Virtual size: 35KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 3.0MB - Virtual size: 3.0MB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 16B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1024B

.gfids
Size: 512B - Virtual size: 68B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 736B