de4651-CodeWalker30_dev44[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

de4651-CodeWalker30_dev44.zip
Size

3.2MB
MD5

c4aaad1da7ee4771ca9bbf0d54a0be4b
SHA1

e52079e5b79c69e83b064a8cc70b15932cd1f0b3
SHA256

115198edd74335f4058b04fe85fc57bcb216f9502cc1f80a6696705a3d9068a9
SHA512

d75d51a5591397cdd5416de33d1cad6712381314a37767283de8a13c578b5afd065af285b1ad74d507f7e007e51823157488b0f8e26e51b53b84253dda748575
SSDEEP

98304:WXzNk8CeAanCByrW2fAM1xOM0W0wFtp/TZBSok5ys:WRkZTtyJn6aFtNTZA1cs

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CodeWalker30_dev44/CodeWalker Error Report Tool.exe
unpack001/CodeWalker30_dev44/CodeWalker Ped Viewer.exe
unpack001/CodeWalker30_dev44/CodeWalker RPF Explorer.exe
unpack001/CodeWalker30_dev44/CodeWalker Vehicle Viewer.exe
unpack001/CodeWalker30_dev44/CodeWalker.Core.dll
unpack001/CodeWalker30_dev44/CodeWalker.WinForms.dll
unpack001/CodeWalker30_dev44/CodeWalker.exe
unpack001/CodeWalker30_dev44/FastColoredTextBox.dll
unpack001/CodeWalker30_dev44/SharpDX.D3DCompiler.dll
unpack001/CodeWalker30_dev44/SharpDX.DXGI.dll
unpack001/CodeWalker30_dev44/SharpDX.Direct2D1.dll
unpack001/CodeWalker30_dev44/SharpDX.Direct3D11.dll
unpack001/CodeWalker30_dev44/SharpDX.Mathematics.dll
unpack001/CodeWalker30_dev44/SharpDX.XAudio2.dll
unpack001/CodeWalker30_dev44/SharpDX.XInput.dll
unpack001/CodeWalker30_dev44/SharpDX.dll

Files

de4651-CodeWalker30_dev44.zip
.zip

Password: yy
CodeWalker30_dev44/CodeWalker Error Report Tool.exe
.exe windows x86

Password: yy

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/CodeWalker Ped Viewer.exe
.exe windows x64

Password: yy

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/CodeWalker RPF Explorer.exe
.exe windows x64

Password: yy

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/CodeWalker Vehicle Viewer.exe
.exe windows x64

Password: yy

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/CodeWalker.Core.dll
.dll windows x86

Password: yy

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/CodeWalker.WinForms.dll
.dll windows x86

Password: yy

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/CodeWalker.exe
.exe windows x64

Password: yy

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/CodeWalker.exe.config
.xml
CodeWalker30_dev44/FastColoredTextBox.dll
.dll windows x86

Password: yy

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/Notice.txt
CodeWalker30_dev44/README.md
CodeWalker30_dev44/Shaders/BasicPS.cso
CodeWalker30_dev44/Shaders/BasicPS_Deferred.cso
CodeWalker30_dev44/Shaders/BasicVS_Box.cso
CodeWalker30_dev44/Shaders/BasicVS_Capsule.cso
CodeWalker30_dev44/Shaders/BasicVS_Cylinder.cso
CodeWalker30_dev44/Shaders/BasicVS_PBBNCCT.cso
CodeWalker30_dev44/Shaders/BasicVS_PBBNCCTTX.cso
CodeWalker30_dev44/Shaders/BasicVS_PBBNCCTX.cso
CodeWalker30_dev44/Shaders/BasicVS_PBBNCT.cso
CodeWalker30_dev44/Shaders/BasicVS_PBBNCTT.cso
CodeWalker30_dev44/Shaders/BasicVS_PBBNCTTT.cso
CodeWalker30_dev44/Shaders/BasicVS_PBBNCTTX.cso
CodeWalker30_dev44/Shaders/BasicVS_PBBNCTX.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCCT.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCCTT.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCCTTT.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCCTTTX.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCCTTX.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCCTX.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCT.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCTT.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCTTT.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCTTTX.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCTTX.cso
CodeWalker30_dev44/Shaders/BasicVS_PNCTX.cso
CodeWalker30_dev44/Shaders/BasicVS_Sphere.cso
CodeWalker30_dev44/Shaders/BoundingBoxVS.cso
CodeWalker30_dev44/Shaders/BoundingSphereVS.cso
CodeWalker30_dev44/Shaders/BoundsPS.cso
CodeWalker30_dev44/Shaders/CablePS.cso
CodeWalker30_dev44/Shaders/CablePS_Deferred.cso
CodeWalker30_dev44/Shaders/CableVS.cso
CodeWalker30_dev44/Shaders/CloudsPS.cso
CodeWalker30_dev44/Shaders/CloudsVS.cso
CodeWalker30_dev44/Shaders/DirLightPS.cso
CodeWalker30_dev44/Shaders/DirLightPS_MS.cso
CodeWalker30_dev44/Shaders/DirLightVS.cso
CodeWalker30_dev44/Shaders/DistantLightsPS.cso
CodeWalker30_dev44/Shaders/DistantLightsVS.cso
CodeWalker30_dev44/Shaders/LightPS.cso
CodeWalker30_dev44/Shaders/LightPS_MS.cso
CodeWalker30_dev44/Shaders/LightVS.cso
CodeWalker30_dev44/Shaders/LodLightsPS.cso
CodeWalker30_dev44/Shaders/LodLightsPS_MS.cso
CodeWalker30_dev44/Shaders/LodLightsVS.cso
CodeWalker30_dev44/Shaders/MarkerPS.cso
CodeWalker30_dev44/Shaders/MarkerVS.cso
CodeWalker30_dev44/Shaders/PPBloomFilterBPHCS.cso
CodeWalker30_dev44/Shaders/PPBloomFilterVCS.cso
CodeWalker30_dev44/Shaders/PPCopyPixelsPS.cso
CodeWalker30_dev44/Shaders/PPFinalPassPS.cso
CodeWalker30_dev44/Shaders/PPFinalPassVS.cso
CodeWalker30_dev44/Shaders/PPLumBlendCS.cso
CodeWalker30_dev44/Shaders/PPReduceTo0DCS.cso
CodeWalker30_dev44/Shaders/PPReduceTo1DCS.cso
CodeWalker30_dev44/Shaders/PPSSAAPS.cso
CodeWalker30_dev44/Shaders/PathBoxPS.cso
CodeWalker30_dev44/Shaders/PathBoxVS.cso
CodeWalker30_dev44/Shaders/PathDynVS.cso
CodeWalker30_dev44/Shaders/PathPS.cso
CodeWalker30_dev44/Shaders/PathVS.cso
CodeWalker30_dev44/Shaders/ShadowPS.cso
CodeWalker30_dev44/Shaders/ShadowVS.cso
CodeWalker30_dev44/Shaders/ShadowVS_Skin.cso
CodeWalker30_dev44/Shaders/SkyMoonPS.cso
CodeWalker30_dev44/Shaders/SkyMoonVS.cso
CodeWalker30_dev44/Shaders/SkySunPS.cso
CodeWalker30_dev44/Shaders/SkySunVS.cso
CodeWalker30_dev44/Shaders/SkydomePS.cso
CodeWalker30_dev44/Shaders/SkydomeVS.cso
CodeWalker30_dev44/Shaders/TerrainPS.cso
CodeWalker30_dev44/Shaders/TerrainPS_Deferred.cso
CodeWalker30_dev44/Shaders/TerrainVS_PNCCT.cso
CodeWalker30_dev44/Shaders/TerrainVS_PNCCTT.cso
CodeWalker30_dev44/Shaders/TerrainVS_PNCCTTTX.cso
CodeWalker30_dev44/Shaders/TerrainVS_PNCCTTX.cso
CodeWalker30_dev44/Shaders/TerrainVS_PNCCTX.cso
CodeWalker30_dev44/Shaders/TerrainVS_PNCTTTX.cso
CodeWalker30_dev44/Shaders/TerrainVS_PNCTTX.cso
CodeWalker30_dev44/Shaders/TreesLodPS.cso
CodeWalker30_dev44/Shaders/TreesLodPS_Deferred.cso
CodeWalker30_dev44/Shaders/TreesLodVS.cso
CodeWalker30_dev44/Shaders/WaterPS.cso
CodeWalker30_dev44/Shaders/WaterPS_Deferred.cso
CodeWalker30_dev44/Shaders/WaterVS_PCT.cso
CodeWalker30_dev44/Shaders/WaterVS_PNCT.cso
CodeWalker30_dev44/Shaders/WaterVS_PNCTX.cso
CodeWalker30_dev44/Shaders/WaterVS_PT.cso
CodeWalker30_dev44/Shaders/WidgetPS.cso
CodeWalker30_dev44/Shaders/WidgetVS.cso
CodeWalker30_dev44/SharpDX.D3DCompiler.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/SharpDX.DXGI.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/SharpDX.Direct2D1.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/SharpDX.Direct3D11.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/SharpDX.Mathematics.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/SharpDX.XAudio2.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/SharpDX.XInput.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/SharpDX.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/WeifenLuo.WinFormsUI.Docking.ThemeVS2015.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:d8:f7:b9:b4:ba:0c:54:4b:b4:8b:87:1c:3b:1c:26
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/07/2018, 00:00

Not After

19/07/2019, 12:00

Subject

CN=Yang Li,O=Yang Li,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:1d:34:61:c3:05:e1:38:3f:25:66:3b:2f:0d:a6:23:03:1c:07:82:98:fb:0b:b4:98:ca:4f:6b:c7:e0:e3:22
Signer

Actual PE Digest

8b:1d:34:61:c3:05:e1:38:3f:25:66:3b:2f:0d:a6:23:03:1c:07:82:98:fb:0b:b4:98:ca:4f:6b:c7:e0:e3:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/WeifenLuo.WinFormsUI.Docking.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

04:d8:f7:b9:b4:ba:0c:54:4b:b4:8b:87:1c:3b:1c:26
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/07/2018, 00:00

Not After

19/07/2019, 12:00

Subject

CN=Yang Li,O=Yang Li,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:01:6c:e4:ac:ce:2d:7e:d7:21:1a:3e:2e:9f:b7:fb:6d:c3:08:d8:23:04:e4:03:f5:d0:54:60:cc:04:ba:a9
Signer

Actual PE Digest

f8:01:6c:e4:ac:ce:2d:7e:d7:21:1a:3e:2e:9f:b7:fb:6d:c3:08:d8:23:04:e4:03:f5:d0:54:60:cc:04:ba:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeWalker30_dev44/icons/icon_glokon_debug_32x32.png
.png
CodeWalker30_dev44/icons/icon_glokon_normal_32x32.png
.png
CodeWalker30_dev44/icons/icon_google_marker_64x64.png
.png

Sharing

General

Malware Config

Signatures

Files

Password: yy

Password: yy

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 22KB - Virtual size: 22KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

Password: yy

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

Password: yy

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

Password: yy

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

Password: yy

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 12B

Password: yy

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 144KB - Virtual size: 143KB

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 512B - Virtual size: 12B

Password: yy

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 18KB - Virtual size: 18KB

Password: yy

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 320KB - Virtual size: 320KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

.text
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 144KB - Virtual size: 143KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 320KB - Virtual size: 320KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 55KB - Virtual size: 54KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 142KB - Virtual size: 142KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 481KB - Virtual size: 481KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 274KB - Virtual size: 273KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 208KB - Virtual size: 207KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 87KB - Virtual size: 87KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 10KB