cositas[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cositas.zip
Size

14.5MB
MD5

77d64db8b4811a79e5a51f69773f93d2
SHA1

eb953b658ada390bb50648de04bd7b7d2f36ae50
SHA256

dc42cedbc01be1d1c274312df0aa8b9ca02f8754011aa1905f15418d873d3621
SHA512

81cbbe09c20bff53a693b9e16fcbd9bb79094aef8571535d2c40ee063a93a5bdb79d1db6e3cb63d32a170b2ea11ab87dce8d30cbca1bc190077d44bc531a2fb0
SSDEEP

196608:O8mYjvoFE2YazqFdQeVUUF/0O9W/RkMTwqLIeO9rq6PO1ZjKBC6YpBSSv8/RRJfX:O8mm010+kMaqPPjobfymLODRfRs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/cositas/Akira.exe	themida

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cositas/Akira.exe
unpack001/cositas/AnyDesk2.exe
unpack001/cositas/AnyDesk_IP_Grabber.exe
unpack001/cositas/Fox.dll
unpack001/cositas/Striker.exe
unpack001/cositas/Vepe (1).exe
unpack001/cositas/Vepe.exe
unpack001/cositas/crim.exe
unpack001/cositas/cure autoclicker.exe
unpack001/cositas/glory.exe
unpack001/cositas/granada.exe
unpack001/cositas/guam clicker.exe
unpack001/cositas/icetea.exe
unpack001/cositas/itami.exe
unpack001/cositas/koid.exe
unpack001/cositas/mfc100deu.dll
unpack001/cositas/vroomclicker (1).exe
unpack001/cositas/vroomclicker.exe

Files

cositas.zip
.zip
cositas/Akira.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 602KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 273KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 289KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 281KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
cositas/AnyDesk2.exe
.exe windows:6 windows x64 arch:x64

ccb4fa18bec40c1c0390cc7de45708ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

WideCharToMultiByte
GlobalUnlock
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
GetModuleHandleW
GetConsoleWindow
GlobalFree
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalAlloc
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalLock
MultiByteToWideChar
InitOnceBeginInitialize
DeleteCriticalSection
InitOnceComplete

user32

DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
PostQuitMessage
UpdateWindow
GetCursorPos
PostMessageA
GetAsyncKeyState
FindWindowA
GetKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
CloseClipboard
OpenClipboard
ScreenToClient

msvcp140

_Mtx_unlock
_Thrd_detach
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Cnd_broadcast
_Mtx_init_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_register_at_thread_exit
_Cnd_destroy_in_situ
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Mtx_destroy_in_situ

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

xinput1_4

ord2
ord4

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
memcmp
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
memcpy
__std_terminate
memmove
_purecall
strstr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf
fseek
fwrite
fflush
__acrt_iob_func
__p__commode
ftell
fclose
fread
__stdio_common_vsscanf
_wfopen

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

__p___argv
__p___argc
_exit
_c_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
exit
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
terminate
system
_beginthreadex
abort
_cexit
_crt_atexit
_wassert
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

powf
atan2f
__setusermatherr
ceilf
acosf
logf
pow
cosf
fmodf
floorf
sqrtf
log
sinf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/AnyDesk_IP_Grabber.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cositas/Fox.dll
.dll windows:6 windows x64 arch:x64

6f192233883ca9d1edc96303d26b0837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetProcAddress
LoadLibraryA
AllocConsole
SetConsoleTextAttribute
SetConsoleTitleA
Sleep
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStdHandle
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

FindWindowA
MessageBoxA
SendMessageW
PostMessageA
GetAsyncKeyState
GetForegroundWindow

advapi32

RegDeleteKeyExA

msvcp140

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xlength_error@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

vcruntime140

__std_type_info_destroy_list
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
memset
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_initterm_e
_initterm
_cexit
_invalid_parameter_noinfo_noreturn
system
_seh_filter_dll

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-stdio-l1-1-0

freopen_s
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/MyeGhost.rar
cositas/Raven B++.zip
cositas/Rise.rar
cositas/SPOILER_dynamicpvp.yml_2 (1).txt
cositas/SPOILER_dynamicpvp.yml_2.txt
cositas/Striker.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cositas/Vepe (1).exe
.exe windows:6 windows x64 arch:x64

adedcd59718a14ac298afe47a2876247

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
SetConsoleTextAttribute
Sleep
SetConsoleTitleA
CloseHandle
CreateThread
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW

user32

GetAsyncKeyState
GetForegroundWindow
PostMessageA
GetKeyState

vcruntime140

memset
__std_exception_destroy
_CxxThrowException
__std_exception_copy
__C_specific_handler

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
_set_fmode
__p__commode
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
exit
terminate
_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback
__p___argc
_cexit
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit
_set_app_type
__p___argv
_seh_filter_exe
_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/Vepe.exe
.exe windows:6 windows x64 arch:x64

adedcd59718a14ac298afe47a2876247

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
SetConsoleTextAttribute
Sleep
SetConsoleTitleA
CloseHandle
CreateThread
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW

user32

GetAsyncKeyState
GetForegroundWindow
PostMessageA
GetKeyState

vcruntime140

memset
__std_exception_destroy
_CxxThrowException
__std_exception_copy
__C_specific_handler

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
_set_fmode
__p__commode
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
exit
terminate
_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback
__p___argc
_cexit
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit
_set_app_type
__p___argv
_seh_filter_exe
_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/crim.exe
.exe windows:6 windows x64 arch:x64

4e62a24f8e280284a25d06ae594e279c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
NtWriteVirtualMemory
NtAllocateVirtualMemory

kernel32

GetCurrentProcess
WaitForSingleObject
GetModuleHandleA
OpenProcess
CloseHandle
GetProcAddress
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
UnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
CreateRemoteThread
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
TerminateProcess

user32

GetWindowTextA
GetWindowThreadProcessId
EnumWindows

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__current_exception_context
memchr
__current_exception
memmove
_CxxThrowException
__C_specific_handler
__std_exception_destroy
memcmp
memcpy
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfprintf
_set_fmode
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_register_onexit_function
_crt_atexit
terminate
_c_exit
_set_app_type
_cexit
_exit
__p___argv
_seh_filter_exe
exit
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_initialize_onexit_table
_get_initial_narrow_environment

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/cure autoclicker.exe
.exe windows:6 windows x64 arch:x64

f7efd9f65fbfc7eeae61411569adb8bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

mouse_event
DispatchMessageA
GetWindowRect
TranslateMessage
GetForegroundWindow
GetCursorInfo
GetAsyncKeyState
PostMessageA
SetClipboardData
GetClipboardData
PeekMessageA
PostQuitMessage
GetDesktopWindow
UpdateWindow
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
GetMonitorInfoA
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor
SetWindowLongW
GetClientRect
UnregisterClassA
RegisterClassExA
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
FindWindowA

kernel32

GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetTimeZoneInformation
OutputDebugStringW
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetEnvironmentStringsW
HeapAlloc
WriteFile
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
ReadFile
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCommandLineW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapFree
Sleep
CreateThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
QueryPerformanceCounter
GetLogicalDrives
GetDriveTypeA
GetTickCount64
FormatMessageA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
CloseHandle
GetLastError
GetFileInformationByHandleEx
LocalFree
InitializeCriticalSectionEx
RtlUnwind
GetSystemTimeAsFileTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetProcessHeap
HeapSize

gdi32

GetDeviceCaps

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3d9

Direct3DCreate9

Sections

.text
Size: 786KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/glory.exe
.exe windows:6 windows x64 arch:x64

8eff60fbd5d64bfe2e7859f4ccffbd25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
GetStdHandle
SetConsoleTextAttribute
Sleep
GetConsoleWindow
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleTitleA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

user32

SendMessageA
GetSystemMenu
GetForegroundWindow
ShowWindow
GetAsyncKeyState
DeleteMenu
FindWindowA

msvcp140

_Thrd_join
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@D@std@@2V0locale@2@A
_Cnd_do_broadcast_at_thread_exit
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Throw_Cpp_error@std@@YAXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
_Thrd_id
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memcpy
__std_exception_destroy
__std_exception_copy
__std_terminate
memmove
memset
__current_exception_context
__current_exception
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_c_exit
_invalid_parameter_noinfo_noreturn
system
_exit
_beginthreadex
_cexit
__p___argv
__p___argc
_initialize_narrow_environment
_configure_narrow_argv
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
exit
_initterm_e
_initterm

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

toupper
isupper

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr
log2
ceil

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/granada.exe
.exe windows:6 windows x64 arch:x64

8ba88572cd4757b47d1a2d589b124345

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
CloseHandle
CreateThread
GetTickCount
GetModuleHandleW
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
GlobalAlloc
WaitForSingleObjectEx
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ResetEvent
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GlobalFree
EnterCriticalSection
RtlVirtualUnwind
GetProcAddress

user32

PeekMessageA
SendMessageA
TranslateMessage
CreateWindowExA
PostQuitMessage
UnhookWindowsHookEx
SetWindowsHookExA
GetAsyncKeyState
ShowWindow
CallNextHookEx
DestroyWindow
DispatchMessageA
GetMessageA
UnregisterClassA
SetClipboardData
FindWindowA
RegisterClassExA
UpdateWindow
SendInput
GetKeyState
LoadCursorA
GetClipboardData
EmptyClipboard
DefWindowProcA
CloseClipboard
OpenClipboard
GetCursorPos
ScreenToClient
SetCursorPos
ReleaseCapture
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

xinput1_4

ord2
ord4

vcruntime140

memcpy
memset
__C_specific_handler
__std_terminate
__CxxFrameHandler3
memmove
memchr
strstr

api-ms-win-crt-stdio-l1-1-0

ftell
__p__commode
_set_fmode
__stdio_common_vsscanf
fread
__acrt_iob_func
_wfopen
fwrite
__stdio_common_vsprintf
__stdio_common_vfprintf
fseek
fclose
fflush

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc

api-ms-win-crt-runtime-l1-1-0

__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_wassert
_exit
exit
terminate
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
__p___argc
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

sqrtf
ceilf
sinf
__setusermatherr
fmodf
cosf
floorf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/guam clicker.exe
.exe windows:6 windows x86 arch:x86

e93da7652f1e9fe9ab924718200d8f6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

wglGetProcAddress

kernel32

TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleW
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsAlloc
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CreateThread
CloseHandle
SetConsoleTitleA
FreeLibrary
GetProcAddress
LoadLibraryA
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
IsDebuggerPresent
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
IsProcessorFeaturePresent

user32

GetWindowLongW
GetActiveWindow
IsIconic
IsWindowVisible
IsZoomed
ScreenToClient
GetCursorPos
SetCursorPos
SetCursor
LoadCursorW
WindowFromPoint
CopyIcon
PtInRect
SetCapture
ReleaseCapture
TrackMouseEvent
DefWindowProcW
GetPropW
RegisterClassExW
LoadImageW
DispatchMessageW
GetRawInputDeviceInfoA
GetRawInputDeviceList
ChangeDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
RegisterDeviceNotificationW
SystemParametersInfoW
BringWindowToTop
SetForegroundWindow
SetFocus
ShowWindow
DestroyIcon
UnregisterClassW
RemovePropW
DestroyWindow
CreateWindowExW
SetPropW
SetWindowPos
GetMessageTime
PeekMessageW
GetAsyncKeyState
SetWindowLongW
GetClientRect
ClientToScreen
ClipCursor
AdjustWindowRectEx
GetDC
GetWindowRect
keybd_event
GetWindowTextA
GetForegroundWindow
GetDesktopWindow
SendInput
GetKeyState
GetMessageA
DispatchMessageA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage
mouse_event
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData

gdi32

SetDeviceGammaRamp
CreateDCW
GetDeviceCaps
DeleteDC
SwapBuffers
SetPixelFormat
DescribePixelFormat

advapi32

RegDeleteValueA
RegOpenKeyExA
RegCloseKey

shell32

DragFinish
DragQueryPoint
DragAcceptFiles
DragQueryFileW

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

_Xtime_get_ticks
_Query_perf_counter
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_frequency
_Thrd_sleep
?_Random_device@std@@YAIXZ

vcruntime140

memchr
memmove
__CxxFrameHandler3
__std_terminate
strstr
memset
memcpy
_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
ftell
fread
fflush
fclose
__p__commode
_set_fmode
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
fwrite
fseek
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

_strdup
strncmp
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

realloc
calloc
_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

_wassert
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
exit
_initterm_e
_invalid_parameter_noinfo_noreturn
_controlfp_s
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_exit
_get_initial_narrow_environment
_initterm

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise
_libm_sse2_cos_precise
ceil
_CIfmod
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
__setusermatherr
_CIsqrt
floor

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/icetea.exe
.exe windows:6 windows x64 arch:x64

47d3c83fef3237b69b3ad220edbea196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3d9

Direct3DCreate9

kernel32

Process32Next
CloseHandle
DeleteCriticalSection
CreateProcessA
GetExitCodeProcess
SetConsoleCtrlHandler
WriteProcessMemory
GetConsoleScreenBufferInfo
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
CreateMutexA
GetModuleHandleA
GetSystemDirectoryA
LoadLibraryA
Beep
GetProcAddress
ReadProcessMemory
GetConsoleWindow
GetTickCount
VirtualQueryEx
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetLastError
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
FormatMessageA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
Process32First
GetStdHandle
InitializeCriticalSectionEx
GetVolumeInformationA
OpenProcess
CreateToolhelp32Snapshot
GetCurrentProcessId

user32

GetWindowThreadProcessId
GetSystemMenu
DispatchMessageA
GetWindowRect
DestroyWindow
GetDC
keybd_event
PostMessageA
DeleteMenu
ShowWindow
GetAsyncKeyState
GetWindowTextA
MapVirtualKeyA
DefWindowProcA
CreateWindowExA
TranslateMessage
SendMessageA
PeekMessageA
GetWindowTextLengthA
FindWindowA
RegisterClassExA
UpdateWindow
ReleaseDC
UnregisterClassA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
GetClipboardData
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData

gdi32

SelectObject
DeleteDC
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetDIBits

advapi32

OpenProcessToken
OpenServiceA
QueryServiceStatusEx
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegDeleteValueW
AdjustTokenPrivileges
GetCurrentHwProfileA
CloseServiceHandle
LookupPrivilegeValueA
OpenSCManagerA

msvcp140

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

xinput1_4

ord4
ord2

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
memcmp
memcpy
__std_terminate
strstr
memmove
_CxxThrowException
memset
__C_specific_handler
__current_exception
__std_exception_copy
__std_exception_destroy
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

ungetc
_get_stream_buffer_pointers
ftell
_fseeki64
getchar
__acrt_iob_func
fgetc
__p__commode
__stdio_common_vsscanf
fread
setvbuf
__stdio_common_vsprintf
_wfopen
fwrite
_set_fmode
fgetpos
fseek
fclose
fflush
fsetpos
fputc

api-ms-win-crt-string-l1-1-0

isupper
strcmp
toupper
strncpy

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_crt_atexit
_get_initial_narrow_environment
_initterm
_initterm_e
terminate
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_wassert
_initialize_onexit_table
_beginthreadex
exit
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_cexit
_exit
_Exit

api-ms-win-crt-convert-l1-1-0

atof
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_unlink
_stat64i32
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

ceilf
round
floorf
fmodf
acosf
sinf
log2
cosf
pow
atan2f
sqrtf
ceil
__setusermatherr
powf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/itami.exe
.exe windows:6 windows x64 arch:x64

d76f672ed6f495da4bb83044aeaf8537

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

kernel32

GetModuleFileNameA
Process32First
WriteProcessMemory
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
ReadProcessMemory
VirtualQueryEx
FindFirstFileA
FindNextFileA
FindClose
GetModuleHandleA
FreeConsole
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId

user32

GetClientRect
LoadCursorA
SetCursor
SetCapture
GetWindowThreadProcessId
DispatchMessageA
DestroyWindow
ShowWindow
GetAsyncKeyState
GetWindowTextA
DefWindowProcA
CreateWindowExA
TranslateMessage
SendMessageA
PeekMessageA
UnregisterClassA
GetWindowTextLengthA
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
ReleaseCapture
GetForegroundWindow
CloseClipboard
EmptyClipboard
OpenClipboard
IsChild
GetClipboardData
SetClipboardData
ClientToScreen
GetCursorPos
GetCapture
ScreenToClient
SetCursorPos

advapi32

LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerA
OpenProcessToken
OpenServiceA
QueryServiceStatusEx
AdjustTokenPrivileges

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_4

ord4
ord2

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Random_device@std@@YAIXZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
memmove
memcpy
memcmp
__C_specific_handler
__current_exception_context
__current_exception
__std_type_info_name
__std_type_info_compare
__std_exception_destroy
strstr
__std_terminate
_CxxThrowException
__std_exception_copy
memchr

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
getchar
setvbuf
fgetpos
fsetpos
_fseeki64
fgetc
__stdio_common_vsprintf_s
ftell
fputc
__p__commode
_set_fmode
__acrt_iob_func
ungetc
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fseek
fclose

api-ms-win-crt-string-l1-1-0

isalnum
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

strtoul
atof
strtof

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
exit
_beginthreadex
_crt_atexit
_register_onexit_function
terminate
_set_app_type
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit

api-ms-win-crt-math-l1-1-0

log2f
sinf
ceilf
ceil
acosf
sqrtf
cosf
powf
pow
floorf
fmodf
atan2f
log2
__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/koid.exe
.exe windows:6 windows x64 arch:x64

6b5075b82f10534e3c23be1eaf3d1551

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

ws2_32

getpeername
getsockname
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
htonl
connect
htons
ntohl
getsockopt
closesocket
bind
send
WSAStartup
WSACleanup
WSAGetLastError
recv
__WSAFDIsSet
select
WSASetLastError

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord143
ord211
ord46
ord301

crypt32

CertFreeCertificateContext

d3dcompiler_47

D3DCompile

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForMultipleObjects
RtlVirtualUnwind
ReadFile
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
WaitForSingleObjectEx
FormatMessageA
SetLastError
GetLastError
SleepEx
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
ResetEvent
SetEvent
PeekNamedPipe
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
QueryPerformanceCounter
GetModuleHandleA
GetConsoleWindow
CloseHandle
CreateThread
Process32First
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
WriteProcessMemory
ReadProcessMemory
GetModuleFileNameA
TerminateProcess
GetCurrentProcessId
VirtualQueryEx
GetExitCodeProcess
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
Sleep

user32

GetWindowTextA
GetCursorInfo
PostMessageA
SendMessageA
keybd_event
SetForegroundWindow
GetWindowThreadProcessId
FindWindowA
WindowFromPoint
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
SetClipboardData
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData

advapi32

CloseServiceHandle
OpenServiceA
QueryServiceStatusEx
OpenProcessToken
OpenSCManagerA
LookupPrivilegeValueA
CryptEncrypt
AdjustTokenPrivileges
ControlService
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

msvcp140

_Close_dir
_Open_dir
_Read_dir
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_To_wide
?_Random_device@std@@YAIXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xbad_alloc@std@@YAXXZ

xinput1_4

ord2
ord4

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__std_terminate
__C_specific_handler
__current_exception_context
__current_exception
memchr
memcmp
strrchr
memmove
memset
memcpy
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
strchr
strstr

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vsprintf
fwrite
fseek
fclose
__stdio_common_vsscanf
_wfopen
_lseeki64
_read
_write
_close
_open
fflush
fopen
_get_stream_buffer_pointers
_fseeki64
_set_fmode
__acrt_iob_func
fsetpos
ungetc
setvbuf
ftell
fgetpos
__p__commode
fgetc
fputc

api-ms-win-crt-string-l1-1-0

isprint
_strdup
strncmp
tolower
isalpha
isgraph
islower
strncpy
isupper
isxdigit
strpbrk
isspace
toupper
isalnum
strcmp
isdigit

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
_callnewh
free
realloc

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
atof
strtoll
strtol

api-ms-win-crt-runtime-l1-1-0

strerror
_invalid_parameter_noinfo_noreturn
exit
_beginthreadex
__sys_nerr
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
__p___argc
_seh_filter_exe
_set_app_type
_initterm
_get_initial_narrow_environment
_errno
_initterm_e
_exit

api-ms-win-crt-math-l1-1-0

fmodf
floorf
powf
cosf
sinf
sqrtf
__setusermatherr
ceil
acosf
log2
atan2f
ceilf
pow

api-ms-win-crt-filesystem-l1-1-0

remove
_fstat64
_stat64
_unlock_file
_lock_file
_access

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_mbsnbcpy
_mbschr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 522KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/labymod.zip
cositas/mfc100deu.dll
.dll windows:6 windows x64 arch:x64

8301def21a10663ab26e02e838e786fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
OpenProcess
Sleep
FillConsoleOutputCharacterW
CloseHandle
CreateThread
FillConsoleOutputAttribute
ReadProcessMemory
GetConsoleWindow
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleTitleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
AllocConsole
WriteProcessMemory
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

GetKeyState
GetWindowThreadProcessId
SendMessageW
SetWindowLongW
GetWindowLongW
FindWindowW
GetAsyncKeyState

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z

vcruntime140

__CxxFrameHandler3
__std_terminate
__C_specific_handler
memset
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

freopen
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_onexit_table
_cexit
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/void_lite.bat
.bat .ps1
cositas/vroomclicker (1).exe
.exe windows:6 windows x64 arch:x64

b570a0f0ccfb525b2c28f58c6273b184

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

winmm

PlaySoundA

kernel32

QueryPerformanceCounter
CreateThread
GetModuleHandleA
GetConsoleWindow
GetConsoleScreenBufferInfo
SetPriorityClass
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
SetConsoleMode
GetConsoleCursorInfo
TerminateProcess
GetConsoleMode
GetLastError
SetConsoleCursorInfo
CloseHandle
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
InitializeSListHead
LocalFree
FormatMessageA

user32

ScreenToClient
GetCapture
EmptyClipboard
SetWindowPos
ClientToScreen
GetKeyNameTextA
SetWindowLongA
GetWindowLongA
MapVirtualKeyA
DestroyWindow
GetWindowTextA
DefWindowProcA
CreateWindowExA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetMessageA
DispatchMessageA
PostMessageA
CallNextHookEx
WindowFromPoint
ShowWindow
GetAsyncKeyState
GetCursorInfo
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage
FindWindowA
SendInput
GetKeyState
LoadCursorA
IsChild
OpenClipboard
GetClipboardData
SetClipboardData
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
CloseClipboard

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_4

ord2
ord4

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Winerror_map@std@@YAHH@Z
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
memmove
memcpy
memcmp
__C_specific_handler
memchr
_CxxThrowException
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
ftell
__acrt_iob_func
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fseek
fclose

api-ms-win-crt-string-l1-1-0

toupper
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
terminate
_crt_atexit
_exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

fmodf
sqrtf
sinf
acosf
cosf
__setusermatherr
powf
floorf
ceilf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cositas/vroomclicker.exe
.exe windows:6 windows x64 arch:x64

b570a0f0ccfb525b2c28f58c6273b184

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

winmm

PlaySoundA

kernel32

QueryPerformanceCounter
CreateThread
GetModuleHandleA
GetConsoleWindow
GetConsoleScreenBufferInfo
SetPriorityClass
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
SetConsoleMode
GetConsoleCursorInfo
TerminateProcess
GetConsoleMode
GetLastError
SetConsoleCursorInfo
CloseHandle
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
InitializeSListHead
LocalFree
FormatMessageA

user32

ScreenToClient
GetCapture
EmptyClipboard
SetWindowPos
ClientToScreen
GetKeyNameTextA
SetWindowLongA
GetWindowLongA
MapVirtualKeyA
DestroyWindow
GetWindowTextA
DefWindowProcA
CreateWindowExA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetMessageA
DispatchMessageA
PostMessageA
CallNextHookEx
WindowFromPoint
ShowWindow
GetAsyncKeyState
GetCursorInfo
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage
FindWindowA
SendInput
GetKeyState
LoadCursorA
IsChild
OpenClipboard
GetClipboardData
SetClipboardData
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
CloseClipboard

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_4

ord2
ord4

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Winerror_map@std@@YAHH@Z
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
memmove
memcpy
memcmp
__C_specific_handler
memchr
_CxxThrowException
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
ftell
__acrt_iob_func
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fseek
fclose

api-ms-win-crt-string-l1-1-0

toupper
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
terminate
_crt_atexit
_exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

fmodf
sqrtf
sinf
acosf
cosf
__setusermatherr
powf
floorf
ceilf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 602KB - Virtual size: 1.3MB

Size: 273KB - Virtual size: 431KB

Size: 289KB - Virtual size: 530KB

Size: 26KB - Virtual size: 46KB

Size: 281KB - Virtual size: 608KB

Size: 1KB - Virtual size: 2KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 274KB - Virtual size: 274KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 16B - Virtual size: 4KB

ccb4fa18bec40c1c0390cc7de45708ba

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

msvcp140

imm32

xinput1_4

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 300KB - Virtual size: 299KB

.rdata Size: 278KB - Virtual size: 278KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 14KB - Virtual size: 14KB

.reloc Size: 1KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

6f192233883ca9d1edc96303d26b0837

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 768B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 80B

Headers

DLL Characteristics

File Characteristics

Sections

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 274KB - Virtual size: 274KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 300KB - Virtual size: 299KB

.rdata
Size: 278KB - Virtual size: 278KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 14KB - Virtual size: 14KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 768B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 80B

.text
Size: 3.5MB - Virtual size: 3.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 540B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 68B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 540B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 68B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 672B

.rsrc
Size: 512B - Virtual size: 480B