21de707e280df8fe0b51df57bb88c20c

Sharing

Copy URL Twitter E-mail

General

Target

21de707e280df8fe0b51df57bb88c20c
Size

3.8MB
MD5

21de707e280df8fe0b51df57bb88c20c
SHA1

edd41a1d868c7d533b6d4d0d7c3a5d88be493944
SHA256

8fc49b054d76e9ccd570a631e06eaf74b936ac722a56791c124d798be698c5df
SHA512

f9086e29fb924f3b15fc608d6291a32219fa62b9b8e8fa438349d1e04473dd6c2223606511b8b03f63b3eafefaaefd352faad1e97addb6022a4bd62396d949db
SSDEEP

98304:4EXP73qvlNasxbNOXhxAM2+Zt+Q6nZ48kNvk3ocy0em6fKozKU+:4ED3qvlNaUORxAMxZVb8z1y0vu+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/CE5.6.1/CE5.6.1/Cheat Engine.exe	upx

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CE5.6.1/CE5.6.1/CEHook.dll
unpack001/CE5.6.1/CE5.6.1/Cheat Engine.exe
unpack002/out.upx
unpack001/CE5.6.1/CE5.6.1/EmptyDLL.dll
unpack001/CE5.6.1/CE5.6.1/EmptyProcess.exe
unpack001/CE5.6.1/CE5.6.1/Kernelmoduleunloader.exe
unpack001/CE5.6.1/CE5.6.1/Plugins/DebugEventLog/DebugEventLog.dll
unpack001/CE5.6.1/CE5.6.1/Plugins/example-c/example-c.dll
unpack001/CE5.6.1/CE5.6.1/Plugins/example-delphi/exampleplugin.dll
unpack001/CE5.6.1/CE5.6.1/Systemcallretriever.exe
unpack001/CE5.6.1/CE5.6.1/Tutorial.exe
unpack001/CE5.6.1/CE5.6.1/allochook.dll
unpack001/CE5.6.1/CE5.6.1/ceregreset.exe
unpack001/CE5.6.1/CE5.6.1/dbk32.dll
unpack001/CE5.6.1/CE5.6.1/dbk32.sys
unpack001/CE5.6.1/CE5.6.1/dxhook.dll
unpack001/CE5.6.1/CE5.6.1/is-9CANO.tmp
unpack001/CE5.6.1/CE5.6.1/speedhack.dll
unpack001/CE5.6.1/CE5.6.1/systemcallsignal.exe
unpack001/CE5.6.1/CE5.6.1/ucc12.dll
unpack001/CE5.6.1/CE5.6.1/undercdll.dll

Files

21de707e280df8fe0b51df57bb88c20c
.rar
CE5.6.1/CE5.6.1/Black.bmp
CE5.6.1/CE5.6.1/CEHook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

About
IHWCI
MyHook
MyTimerHook
seth

Sections

CODE
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/Cheat Engine.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/CheatEngine.chm
.chm
CE5.6.1/CE5.6.1/EmptyDLL.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/EmptyProcess.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/Kernelmoduleunloader.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/LockedString.bmp
CE5.6.1/CE5.6.1/Locktexture.bmp
CE5.6.1/CE5.6.1/OpenCandy/OCSetupHlp.dll
.dll windows:5 windows x86 arch:x86

778dea84cc0fbb95213648a19d9866c3

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

73:81:06:0e:d4:60:b9:9e:62:a9:23:47:bb:b8:4d:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

15/03/2010, 00:00

Not After

15/03/2011, 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84
Signer

Actual PE Digest

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
CreateEventA
WaitForMultipleObjects
SetEvent
DuplicateHandle
lstrlenA
CompareStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
GetModuleHandleA
GetTimeZoneInformation
FlushFileBuffers
CreateFileA
GetFileAttributesA
CreateProcessA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetFileAttributesW
CreateProcessW
GetExitCodeProcess
LoadLibraryA
GetExitCodeThread
GetFullPathNameW
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
ReadFile
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualAlloc
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
SetHandleCount
IsValidCodePage
TerminateThread
ExpandEnvironmentStringsA
FormatMessageA
WideCharToMultiByte
RemoveDirectoryW
ExitProcess
SleepEx
GetUserDefaultUILanguage
GetLocaleInfoW
LockResource
LoadResource
SizeofResource
FreeLibrary
FindResourceW
DeleteFileW
WriteFile
SetFilePointer
CreateFileW
GetTempPathW
GetLastError
CreateMutexW
CloseHandle
ReleaseMutex
GetModuleFileNameW
CreateDirectoryW
GetShortPathNameW
WaitForSingleObject
GetCurrentThreadId
Sleep
GetSystemDirectoryW
VirtualQuery
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetVersionExW
GetSystemInfo
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResumeThread
ReleaseSemaphore
OpenProcess
LoadLibraryW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetVersion
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
GetFileTime
InitializeCriticalSection
GlobalFree
EnterCriticalSection
GetTempFileNameW
LeaveCriticalSection
InterlockedDecrement
FindResourceA
GetProcessHeap
HeapAlloc
HeapFree
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
TerminateProcess

msimg32

AlphaBlend

user32

DrawFocusRect
CreateWindowExW
InvalidateRect
ReleaseCapture
SetCapture
PostMessageW
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuW
DestroyMenu
PeekMessageW
EndPaint
BeginPaint
CallWindowProcW
GetSysColorBrush
GetCursor
SetFocus
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuItemInfoW
LoadIconW
LoadImageW
GetClientRect
GetSystemMetrics
EnableMenuItem
CallNextHookEx
UnhookWindowsHookEx
GetDesktopWindow
GetForegroundWindow
MessageBoxW
SetWindowsHookExW
ScreenToClient
ReleaseDC
GetDC
SetForegroundWindow
PostQuitMessage
LoadCursorW
SetCursor
ClientToScreen
IsWindowVisible
SetWindowPos
EnableWindow
ShowWindow
DialogBoxParamW
CreateDialogParamW
DestroyWindow
GetWindowLongW
SetWindowLongW
EndDialog
GetDlgItem
SendMessageW
MoveWindow
GetParent
GetWindowRect
ChildWindowFromPoint

gdi32

CreateDIBSection
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
GetStockObject
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
GdiFlush

advapi32

RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetUserNameW
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

secur32

GetUserNameExW

urlmon

URLDownloadToFileW

wininet

InternetGetConnectedStateExW
InternetQueryOptionW

psapi

GetProcessImageFileNameW
EnumProcesses

ws2_32

inet_ntoa
htons
gethostbyname
WSASetLastError
socket
inet_addr
__WSAFDIsSet
select
send
ioctlsocket
getsockname
bind
getsockopt
setsockopt
getprotobyname
connect
WSACleanup
recv
WSAGetLastError
closesocket
ntohs
WSAStartup

winmm

timeGetTime

Exports

Exports

DownloadMgr2Init
MainLoop
OCCheckForInfo
OCCheckForLink
OCCleanupProduct
OCDeleteSelf
OCDetach
OCDisplay
OCExecuteOffer
OCGetBannerInfo
OCGetLinkPlacementX
OCGetLinkPlacementY
OCGetMsg
OCGetOfferState
OCGetOfferType
OCInit2A
OCInit2W
OCInitA
OCInitW
OCInnoAdjust
OCInnoRestore
OCInstallShieldAdjust
OCNSISAdjust
OCRunDialog
OCSetOfferData
OCSetOfferLocation
OCShutdown
OCSignalProductFailed
OCSignalProductInstalled
OCSignalProductUnInstalled
_DLMgr2Check@16
_Display@16
_DownloadMgr2RecycleOffer@12
_MgrCheck@16
_MgrExec@16

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/OpenCandy/OpenCandy_Why_Is_This_Here.txt
CE5.6.1/CE5.6.1/Plugins/DebugEventLog/DebugEventLog.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DisablePlugin
GetVersion
InitializePlugin

Sections

CODE
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/Plugins/DebugEventLog/src/DebugEventLog.cfg
CE5.6.1/CE5.6.1/Plugins/DebugEventLog/src/DebugEventLog.dpr
CE5.6.1/CE5.6.1/Plugins/DebugEventLog/src/DebugEventLog.res
CE5.6.1/CE5.6.1/Plugins/DebugEventLog/src/exportimplementation.pas
.js
CE5.6.1/CE5.6.1/Plugins/DebugEventLog/src/frmEventLogUnit.dfm
CE5.6.1/CE5.6.1/Plugins/DebugEventLog/src/frmEventLogUnit.pas
CE5.6.1/CE5.6.1/Plugins/cepluginsdk.h
CE5.6.1/CE5.6.1/Plugins/cepluginsdk.pas
.js
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/cepe.cfg
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/cepe.dof
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/cepe.dpr
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/cepe.res
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/filterform.dfm
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/filterform.pas
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/hexedit.pas
.js
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/mainunit.dfm
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/mainunit.pas
.js
CE5.6.1/CE5.6.1/Plugins/example packet editor/inject/src/packetfilter.pas
.js
CE5.6.1/CE5.6.1/Plugins/example packet editor/src/Unit1.pas
CE5.6.1/CE5.6.1/Plugins/example packet editor/src/injector.pas
CE5.6.1/CE5.6.1/Plugins/example packet editor/src/packeteditor.cfg
CE5.6.1/CE5.6.1/Plugins/example packet editor/src/packeteditor.dof
CE5.6.1/CE5.6.1/Plugins/example packet editor/src/packeteditor.dpr
CE5.6.1/CE5.6.1/Plugins/example packet editor/src/packeteditor.res
CE5.6.1/CE5.6.1/Plugins/example-c/example-c.c
CE5.6.1/CE5.6.1/Plugins/example-c/example-c.def
CE5.6.1/CE5.6.1/Plugins/example-c/example-c.dll
.dll windows:5 windows x86 arch:x86

6d3891a00ff708b6aa5d9eeb447aee4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

GetConsoleCP
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA
CloseHandle
FlushFileBuffers

Exports

Exports

DisablePlugin
GetVersion
InitializePlugin

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/Plugins/example-c/example-c.sln
CE5.6.1/CE5.6.1/Plugins/example-c/example-c.vcproj
.xml
CE5.6.1/CE5.6.1/Plugins/example-delphi/Unit1.pas
.js
CE5.6.1/CE5.6.1/Plugins/example-delphi/exampleplugin.cfg
CE5.6.1/CE5.6.1/Plugins/example-delphi/exampleplugin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DisablePlugin
GetVersion
InitializePlugin

Sections

CODE
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/Plugins/example-delphi/exampleplugin.dof
CE5.6.1/CE5.6.1/Plugins/example-delphi/exampleplugin.dpr
CE5.6.1/CE5.6.1/Plugins/example-delphi/exampleplugin.res
CE5.6.1/CE5.6.1/Systemcallretriever.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/TextureString.bmp
CE5.6.1/CE5.6.1/Tutorial.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/UnLockedString.bmp
CE5.6.1/CE5.6.1/allochook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CEHasHandledItEvent
CEInitializationFinished
CeAllocateVirtualMemory
CeFreeVirtualMemory
CeInitializeAllocHook
CeRtlAllocateHeap
CeRtlDestroyHeap
CeRtlFreeHeap
HasSetupDataEvent
HookEventData
NtAllocateVirtualMemoryOrig
NtFreeVirtualMemoryOrig
RtlAllocateHeapOrig
RtlDestroyHeapOrig
RtlFreeHeapOrig

Sections

CODE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/ceregreset.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/cheat engine.ico
CE5.6.1/CE5.6.1/commonmodulelist.txt
CE5.6.1/CE5.6.1/dbghelp.dll
.dll windows:6 windows x86 arch:x86

fa6b094f828920cf8999743ff0004319

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

Actual PE Digest

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapFree
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
HeapCreate
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/dbk32.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CreateRemoteAPC
DBKDebug_ContinueDebugEvent
DBKDebug_GD_SetBreakpoint
DBKDebug_GetDebuggerState
DBKDebug_SetDebuggerState
DBKDebug_SetGlobalDebugState
DBKDebug_StartDebugging
DBKDebug_StopDebugging
DBKDebug_WaitForDebugEvent
DBKResumeProcess
DBKResumeThread
DBKSuspendProcess
DBKSuspendThread
GetCR0
GetCR3
GetCR4
GetDebugportOffset
GetGDT
GetIDTCurrentThread
GetIDTs
GetKProcAddress
GetKProcAddress64
GetLoadedState
GetPEProcess
GetPEThread
GetPhysicalAddress
GetProcessNameFromID
GetProcessNameFromPEProcess
GetProcessnameOffset
GetSDT
GetSDTEntry
GetSDTShadow
GetSSDTEntry
GetThreadListEntryOffset
GetThreadsProcessOffset
IsValidHandle
KernelAlloc
KernelAlloc64
LaunchDBVM
MakeWritable
NOP
OP
OT
RPM
RPM64
ReadPhysicalMemory
StartProcessWatch
UserdefinedInterruptHook
VAE
VQE
WPM
WPM64
WaitForProcessListData
WritePhysicalMemory
dbvm_block_interrupts
dbvm_changeselectors
dbvm_raise_privilege
dbvm_read_physical_memory
dbvm_redirect_interrupt1
dbvm_restore_interrupts
dbvm_version
dbvm_write_physical_memory
executeKernelCode
isDriverLoaded

Sections

CODE
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/dbk32.sys
.sys windows:6 windows x86 arch:x86

c6661637aad7cdd802a2a725e57ed39d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ExFreePoolWithTag
ZwQueryValueKey
RtlInitUnicodeString
ExAllocatePool
ZwOpenKey
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
IofCompleteRequest
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
KeQueryActiveProcessors
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
KeGetCurrentThread
ObReferenceObjectByHandle
KeDetachProcess
ZwAllocateVirtualMemory
KeAttachProcess
PsSetCreateThreadNotifyRoutine
KeUnstackDetachProcess
MmGetPhysicalAddress
KeStackAttachProcess
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
ObfDereferenceObject
IoCreateDevice
ObOpenObjectByPointer
PsProcessType
PsLookupProcessByProcessId
memset
memcpy
RtlAssert
PsLookupThreadByThreadId
KeWaitForSingleObject
KeReleaseSemaphore
KeClearEvent
KeSetEvent
KeInitializeSemaphore
IoQueueWorkItem
ExAllocatePoolWithTag
KeInitializeEvent
_allmul
PsGetCurrentThreadId
PsGetCurrentProcessId
MmAllocateContiguousMemory
ZwWaitForSingleObject
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
KeTickCount
KeBugCheckEx
IoCreateSymbolicLink
IoDeleteDevice
IoAllocateWorkItem
ZwOpenThread
DbgPrint
RtlUnwind

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/dbk64.sys
.sys windows:6 windows x64 arch:x64

62d9d9d4f95469f643fe01bb5389e4a5

Code Sign

55:35:a2:b0:da:e4:d7:5c:be:49:7d:27:56:84:94:75
Certificate

Issuer

CN=Dark Byte's stuff

Not Before

25/06/2010, 13:15

Not After

31/12/2039, 23:59

Subject

CN=Dark Byte's stuff

Extended Key Usages

ExtKeyUsageCodeSigning

63:a4:07:5a:ef:f7:5b:46:c4:7e:81:20:92:21:63:ee:ae:8e:f2:50
Signer

Actual PE Digest

63:a4:07:5a:ef:f7:5b:46:c4:7e:81:20:92:21:63:ee:ae:8e:f2:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
PsSetCreateProcessNotifyRoutine
ZwQueryValueKey
ExAllocatePool
IoAllocateWorkItem
ZwClose
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
ZwOpenKey
KeQueryActiveProcessors
PsProcessType
PsLookupProcessByProcessId
KeInitializeApc
ZwMapViewOfSection
KeInsertQueueApc
PsSetCreateThreadNotifyRoutine
KeReleaseSpinLock
ZwOpenThread
KeUnstackDetachProcess
KeDetachProcess
KeDelayExecutionThread
MmGetPhysicalAddress
ZwUnmapViewOfSection
ObReferenceObjectByHandle
KeAttachProcess
ObfDereferenceObject
ZwOpenSection
ObOpenObjectByPointer
KeStackAttachProcess
ZwAllocateVirtualMemory
KeAcquireSpinLockRaiseToDpc
PsLookupThreadByThreadId
KeWaitForSingleObject
KeReleaseSemaphore
KeClearEvent
KeSetEvent
KeInitializeEvent
PsGetCurrentThreadId
PsGetCurrentProcessId
ZwReadFile
ZwWaitForSingleObject
ZwCreateFile
ZwQueryInformationFile
MmAllocateContiguousMemory
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/dxhook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

InitializeDirectX_Hook

Sections

CODE
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/example scripts/changeregtest.CEC
CE5.6.1/CE5.6.1/example scripts/gettime.CEC
CE5.6.1/CE5.6.1/example scripts/sleepcall.CEC
CE5.6.1/CE5.6.1/example scripts/step10.CEC
CE5.6.1/CE5.6.1/example scripts/testscript.CEC
CE5.6.1/CE5.6.1/example scripts/timermess.CEC
CE5.6.1/CE5.6.1/include/_end_shared.h
CE5.6.1/CE5.6.1/include/_shared_lib.h
CE5.6.1/CE5.6.1/include/algorithm
CE5.6.1/CE5.6.1/include/assert.h
CE5.6.1/CE5.6.1/include/cctype
CE5.6.1/CE5.6.1/include/classlib.h
CE5.6.1/CE5.6.1/include/cmath
CE5.6.1/CE5.6.1/include/cstdarg.txt
CE5.6.1/CE5.6.1/include/cstdio
CE5.6.1/CE5.6.1/include/cstdlib
CE5.6.1/CE5.6.1/include/cstring
CE5.6.1/CE5.6.1/include/for_each.h
CE5.6.1/CE5.6.1/include/foreach2.h
CE5.6.1/CE5.6.1/include/fstream
CE5.6.1/CE5.6.1/include/fstream.h
CE5.6.1/CE5.6.1/include/glib.h
CE5.6.1/CE5.6.1/include/header.cpp
CE5.6.1/CE5.6.1/include/io.h
CE5.6.1/CE5.6.1/include/iostream
CE5.6.1/CE5.6.1/include/iostream.h
CE5.6.1/CE5.6.1/include/list
CE5.6.1/CE5.6.1/include/list.new
CE5.6.1/CE5.6.1/include/listx
CE5.6.1/CE5.6.1/include/malloc.h
CE5.6.1/CE5.6.1/include/map
CE5.6.1/CE5.6.1/include/math.h
CE5.6.1/CE5.6.1/include/new-stdlib.h
CE5.6.1/CE5.6.1/include/old-string
CE5.6.1/CE5.6.1/include/regexp.h
CE5.6.1/CE5.6.1/include/rx++.h
CE5.6.1/CE5.6.1/include/self.imp
CE5.6.1/CE5.6.1/include/sstream
CE5.6.1/CE5.6.1/include/stdarg.h
CE5.6.1/CE5.6.1/include/stddef.h
CE5.6.1/CE5.6.1/include/stdio.h
CE5.6.1/CE5.6.1/include/stdlib.h
CE5.6.1/CE5.6.1/include/string
CE5.6.1/CE5.6.1/include/string.h
CE5.6.1/CE5.6.1/include/strstrea.h
CE5.6.1/CE5.6.1/include/strstream.h
CE5.6.1/CE5.6.1/include/test-stdarg.uc
CE5.6.1/CE5.6.1/include/time.h
CE5.6.1/CE5.6.1/include/turtle.h
CE5.6.1/CE5.6.1/include/uc_except.h
CE5.6.1/CE5.6.1/include/uc_save.h
CE5.6.1/CE5.6.1/include/uc_timer.h
CE5.6.1/CE5.6.1/include/ucri.h
CE5.6.1/CE5.6.1/include/vector
CE5.6.1/CE5.6.1/include/winbase.h
CE5.6.1/CE5.6.1/include/windows.h
CE5.6.1/CE5.6.1/include/wininet.h
CE5.6.1/CE5.6.1/include/winuser.h
CE5.6.1/CE5.6.1/include/yawl.h
CE5.6.1/CE5.6.1/is-9CANO.tmp
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

InitializeDirectX_Hook

Sections

CODE
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/movementtexture.bmp
CE5.6.1/CE5.6.1/speedhack.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

InitializeSpeedhack
realGetTickCount
realQueryPerformanceCounter
speedhackversion_GetTickCount
speedhackversion_QueryPerformanceCounter

Sections

CODE
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/systemcallsignal.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/targettexture.bmp
CE5.6.1/CE5.6.1/ucc12.dll
.dll windows:4 windows x86 arch:x86

fd9edacf655544d91c52702fd1b8b0c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
OpenFile
LoadLibraryA
FreeLibrary
GetProcAddress
GetModuleHandleA
WaitForSingleObject
Sleep
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
RtlUnwind
RaiseException
GetLastError
MoveFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetFileAttributesA
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
CloseHandle
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
FlushFileBuffers
WriteFile
ReadFile
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
SetEndOfFile
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetCurrentDirectoryA

Exports

Exports

??0FBlock@@QAE@PAUInstruction@@H@Z
??0XClass@@QAE@ABV0@@Z
??0XClass@@QAE@PAVNamedTable@@@Z
??0XEntry@@QAE@PAUEntry@@@Z
??0XFunction@@QAE@PAVFunction@@@Z
??0XModule@@QAE@PAVModule@@@Z
??0XNTable@@QAE@ABV0@@Z
??0XNTable@@QAE@PAVNamedTable@@@Z
??0XTemplateFun@@QAE@PAVTemplateEntry@@@Z
??0XTrace@@QAE@ABV0@@Z
??0XTrace@@QAE@_N@Z
??0XType@@QAE@PAVType@@@Z
??4FBlock@@QAEAAU0@ABU0@@Z
??4XClass@@QAEAAV0@ABV0@@Z
??4XEntry@@QAEAAV0@ABV0@@Z
??4XFunction@@QAEAAV0@ABV0@@Z
??4XModule@@QAEAAV0@ABV0@@Z
??4XNTable@@QAEAAV0@ABV0@@Z
??4XTemplateFun@@QAEAAV0@ABV0@@Z
??4XTrace@@QAEAAV0@ABV0@@Z
??4XType@@QAEAAV0@ABV0@@Z
??_7XClass@@6B@
??_7XNTable@@6B@
??_7XTrace@@6B@
??_FFBlock@@QAEXXZ
??_FXEntry@@QAEXXZ
??_FXFunction@@QAEXXZ
??_FXTrace@@QAEXXZ
?addr_mode@XEntry@@QAEHXZ
?args@XFunction@@QAEAAV?$listx@PAVXType@@@@XZ
?as_class@XType@@QBEPAVXClass@@XZ
?as_str@XFunction@@QAEXAAVstring@@@Z
?as_str@XType@@QBEPADXZ
?base_class@XClass@@QAEPAV1@XZ
?base_entry@XEntry@@QAEPAV1@XZ
?class_obj@XClass@@QAEPAVClass@@XZ
?classes@XModule@@QAEAAV?$listx@PAVXClass@@@@XZ
?clone@XEntry@@QAEPAV1@XZ
?create@FBlock@@SAPAU1@PAUEntry@@PAVClass@@@Z
?create@XClass@@QAEPAXXZ
?create@XNTable@@QAEPAVXEntry@@PADPAVXType@@@Z
?data@XEntry@@QAEHXZ
?dispose_of_entries@XNTable@@SAXAAV?$listx@PAVXEntry@@@@@Z
?do_enter@XTrace@@QAE_NXZ
?do_leave@XTrace@@QAE_NXZ
?enter@XTrace@@UAEXPAUXExecState@@@Z
?entry@XEntry@@QAEPAXXZ
?eval@XFunction@@QAEHPAX00@Z
?fblock@XFunction@@QAEPAXXZ
?filename@XModule@@QAEPADXZ
?finalize@FBlock@@QAEXH@Z
?from_fb@XFunction@@SAPAV1@PAX@Z
?from_id@XModule@@SAPAV1@H@Z
?from_name@XModule@@SAPAV1@PAD@Z
?from_str@XType@@SAPAV1@PAD@Z
?fun@XFunction@@QAEPAXXZ
?function@XEntry@@QAEPAVXFunction@@H@Z
?functions@XModule@@QAEAAV?$listx@PAVXFunction@@@@XZ
?functions@XNTable@@QAEAAV?$listx@PAVXFunction@@@@H@Z
?get_args@XFunction@@QAEXPAV?$listx@PAVXType@@@@PAV?$listx@Vstring@@@@@Z
?get_class_of@XClass@@SAPAV1@PAX@Z
?get_functions@XNTable@@QAEXAAV?$listx@PAVXFunction@@@@HPAD@Z
?get_template@XClass@@QAEPAVXTemplateFun@@XZ
?get_trace@XFunction@@QAEPAVXTrace@@XZ
?get_variables@XNTable@@QAEXAAV?$listx@PAVXEntry@@@@HPAD@Z
?has_VMT@XClass@@QAE_NXZ
?inherits_from@XClass@@QAEHPAV1@@Z
?instantiate@XTemplateFun@@QAEPAXABV?$listx@PAVXType@@@@@Z
?ip_to_line@XFunction@@QAEHPAX@Z
?is_array@XType@@QBE_NXZ
?is_bool@XType@@QBE_NXZ
?is_char@XType@@QBE_NXZ
?is_class@XType@@QBE_NXZ
?is_const@XType@@QBE_NXZ
?is_double@XType@@QBE_NXZ
?is_float@XType@@QBE_NXZ
?is_function@XType@@QBE_NXZ
?is_int@XType@@QBE_NXZ
?is_long@XType@@QBE_NXZ
?is_namespace@XType@@QBE_NXZ
?is_number@XType@@QBE_NXZ
?is_object@XType@@QBE_NXZ
?is_pointer@XType@@QBE_NXZ
?is_reference@XType@@QBE_NXZ
?is_short@XType@@QBE_NXZ
?is_signature@XType@@QBE_NXZ
?is_single@XType@@QBE_NXZ
?is_unsigned@XType@@QBE_NXZ
?is_void@XType@@QBE_NXZ
?leave@XTrace@@UAEXPAUXExecState@@@Z
?lists@XModule@@SAAAV?$listx@PAVXModule@@@@XZ
?lookup@XNTable@@UAEPAVXEntry@@PAD_N@Z
?lookup_class@XNTable@@QAEPAVXClass@@PAD_N@Z
?lookup_local@XFunction@@QAEPAVXEntry@@PAD@Z
?lookup_template@XNTable@@QAEPAVXTemplateFun@@PAD_N@Z
?match_instantiate@XTemplateFun@@QAEPAXABV?$listx@PAVXType@@@@@Z
?module@XFunction@@QAEHXZ
?name@XEntry@@QAEPADXZ
?name@XFunction@@QAEPADXZ
?name@XNTable@@QAEPADXZ
?name@XTemplateFun@@QAEPADXZ
?native_addr@FBlock@@QAEPAXXZ
?nfun@XEntry@@QAEHXZ
?no_template_parms@XClass@@QAEHXZ
?offset@XNTable@@QAEHPAX@Z
?pcode@XFunction@@QAEPAUXInstruction@@XZ
?pointer_depth@XType@@QBEHXZ
?ptr@XEntry@@QAEPAXPAX@Z
?ret_type@XFunction@@QAEPAVXType@@XZ
?set_class_of@XClass@@QAEXPAX@Z
?set_data@XEntry@@QAEXH@Z
?set_on_entry@XTrace@@QAEX_N@Z
?set_on_exit@XTrace@@QAEX_N@Z
?set_ptr@XEntry@@QAEXPAX0@Z
?set_trace@XFunction@@QAEXPAVXTrace@@@Z
?set_tracing@XFunction@@SAX_N@Z
?size@XEntry@@QAEHXZ
?size@XType@@QBEHXZ
?str_to_val@XEntry@@QAEXPADPAX@Z
?str_to_val@XType@@QAEXPADPAX@Z
?table@XNTable@@QAEPAVNamedTable@@XZ
?template_parm@XClass@@QAEPAVXType@@H@Z
?type@XEntry@@QAEPAVXType@@XZ
?type@XType@@QAEPAVType@@XZ
?typelist@XType@@SAAAV?$listx@PAVXType@@@@PAV1@ZZ
?uc_global@@YAPAVXNTable@@XZ
?uc_std@@YAPAVXNTable@@XZ
?uc_ucri_init@@YAXXZ
?ucri_instruction_counter@@YAPAK_N@Z
?val_as_str@XEntry@@QAEXAAVstring@@PAX@Z
?val_as_str@XType@@QBEXAAVstring@@PAX@Z
?variables@XNTable@@QAEAAV?$listx@PAVXEntry@@@@H@Z
?where@XFunction@@QAEHAAVstring@@@Z
_uc_compile@8
_uc_compile_fn@8
_uc_error@8
_uc_error_pos@4
_uc_eval@12
_uc_eval_exp@12
_uc_eval_method@16
_uc_exec@4
_uc_finis@0
_uc_import@8
_uc_include@4
_uc_init@8
_uc_init_ref@12
_uc_interactive_loop@0
_uc_load@4
_uc_main@8
_uc_main_window@0
_uc_result@8
_uc_run@0
_uc_set_quote@8
uc_eval_args
uc_eval_method_args

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/undercdll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

underc_executescript
underc_geterror

Sections

CODE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 111B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/CE5.6.1/vmdisk.img
.vbs
CE5.6.1/CE5.6.1/上万款无毒好玩的游戏.url
.url
CE5.6.1/CE5.6.1/汉化说明.txt
CE5.6.1/CE5.6.1/游戏说明.txt
CE5.6.1/silentoi_29065018_11.exe
.exe windows:4 windows x86 arch:x86

d30fe54f4a689cd12d29ad515f39a53f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:2f:33:e4:18:2e:6a:fd:d9:82:d1:5c:66:3e:98:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/05/2012, 00:00

Not After

18/07/2014, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsURLA
PathIsURLW
PathFileExistsW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW

wininet

InternetOpenW
HttpOpenRequestW
InternetCrackUrlW
HttpAddRequestHeadersW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetSetOptionW

kernel32

TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
CreateFileA
SetEndOfFile
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetSystemDefaultLCID
WriteFile
GetCommandLineW
SetLastError
CreateMutexW
GetLastError
CloseHandle
GetModuleHandleW
GetTempPathW
CreateFileW
RaiseException
MultiByteToWideChar
FindResourceW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
SizeofResource
LockResource
LoadResource
FindResourceExW
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
CreateEventW
CreateSemaphoreW
ExitProcess
SetEvent
WaitForMultipleObjects
GetExitCodeThread
TerminateThread
Sleep
lstrlenW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVersionExW
DeleteFileW
GetFileSize
GetSystemInfo
MoveFileExW
EnumResourceNamesW
WriteConsoleA
SetFilePointer
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
ReadFile
GetCPInfo
GetOEMCP
GetModuleHandleA
IsValidCodePage
ReleaseSemaphore
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStartupInfoW
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
HeapCreate

user32

CreateWindowExW
CharNextW
IsWindow
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
SendMessageW
PostQuitMessage
KillTimer
SetTimer
CallWindowProcW
GetWindowLongW
PostMessageW
SetWindowLongW
UnregisterClassA
LoadCursorW
GetClassInfoExW
RegisterClassExW

advapi32

RegCloseKey
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW

ole32

CoCreateGuid
CoUninitialize
CoInitialize

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CE5.6.1/运行程序.bat

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 435KB - Virtual size: 435KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 137B

.reloc Size: 31KB - Virtual size: 31KB

.rsrc Size: 21KB - Virtual size: 21KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.3MB

UPX1 Size: 1.0MB - Virtual size: 1.1MB

.rsrc Size: 80KB - Virtual size: 84KB

Headers

File Characteristics

Sections

CODE Size: 2.1MB - Virtual size: 2.1MB

DATA Size: 30KB - Virtual size: 29KB

BSS Size: - Virtual size: 14KB

.idata Size: 12KB - Virtual size: 12KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 133KB - Virtual size: 133KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

Headers

File Characteristics

Sections

CODE Size: 9KB - Virtual size: 9KB

DATA Size: 512B - Virtual size: 176B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 834B

.reloc Size: 1024B - Virtual size: 752B

.rsrc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

CODE Size: 27KB - Virtual size: 27KB

DATA Size: 1024B - Virtual size: 1020B

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Sections

CODE Size: 76KB - Virtual size: 76KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 7KB - Virtual size: 7KB

778dea84cc0fbb95213648a19d9866c3

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

73:81:06:0e:d4:60:b9:9e:62:a9:23:47:bb:b8:4d:48Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

CODE
Size: 435KB - Virtual size: 435KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 137B

.reloc
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 21KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 2.3MB

UPX1
Size: 1.0MB - Virtual size: 1.1MB

.rsrc
Size: 80KB - Virtual size: 84KB

CODE
Size: 2.1MB - Virtual size: 2.1MB

DATA
Size: 30KB - Virtual size: 29KB

BSS
Size: - Virtual size: 14KB

.idata
Size: 12KB - Virtual size: 12KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 133KB - Virtual size: 133KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

CODE
Size: 9KB - Virtual size: 9KB

DATA
Size: 512B - Virtual size: 176B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 834B

.reloc
Size: 1024B - Virtual size: 752B

.rsrc
Size: 512B - Virtual size: 512B

CODE
Size: 27KB - Virtual size: 27KB

DATA
Size: 1024B - Virtual size: 1020B

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

CODE
Size: 76KB - Virtual size: 76KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 7KB - Virtual size: 7KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

73:81:06:0e:d4:60:b9:9e:62:a9:23:47:bb:b8:4d:48
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84
Signer

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 19KB - Virtual size: 19KB

CODE
Size: 399KB - Virtual size: 399KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 130B

.reloc
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB

CODE
Size: 303KB - Virtual size: 302KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 130B

.reloc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 20KB - Virtual size: 20KB