Roobet Crash Predictor[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Roobet Crash Predictor.zip
Size

18.3MB
MD5

34cb07139802f0284067f277e5ff71ca
SHA1

1d4f9e6054d460ac55408c8637a331fd03f15a02
SHA256

f3efe758cba84eda9d85d87a5def30aaaef10fa1d21cbbacc8c411d84975c440
SHA512

4280da1536306a026ef5d758492a228262bfcd625addb35c9f5bbeaef5e2621b4aa3afec86a66d88e0976f060a4c3e4c4d11eb3436fdb3b3ced423036a8eb1ab
SSDEEP

393216:wjLeBB92Oi2dEEjdGlp5dUwn1lC7itQYmsVcnHW6HiPuj:4en6YEadGp5/1lC7it0sVu3iWj

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Roobet Crash Predictor/Predictorv5.2/Scripts/pip.exe
unpack001/Roobet Crash Predictor/Predictorv5.2/Scripts/pip2.7.exe
unpack001/Roobet Crash Predictor/Predictorv5.2/Scripts/pip2.exe
unpack001/Roobet Crash Predictor/Predictorv5.2/StartPredictor.exe

Files

Roobet Crash Predictor.zip
.zip

Password: aaa
Roobet Crash Predictor/Predictorv5.2/AntiCrash Sound(1).dll
Roobet Crash Predictor/Predictorv5.2/Data/Ankama Helsa.dll
.dll windows:5 windows x64 arch:x64

Password: aaa

7dc4e88ecfd19902affbb9227b6eab03

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:e3:30:09:2d:11:6f:63:8c:ed:ad:c2:1b:6b:db:72:fc:26:b7:66:18:4b:83:fb:c0:f6:e6:ee:be:b2:78:99
Signer

Actual PE Digest

80:e3:30:09:2d:11:6f:63:8c:ed:ad:c2:1b:6b:db:72:fc:26:b7:66:18:4b:83:fb:c0:f6:e6:ee:be:b2:78:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\agent\_work\89\s\x64\Release DLL\autoruns64.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_ReplaceIcon
ImageList_Add

crypt32

CertGetNameStringW
CryptDecodeObject
CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertDuplicateCertificateContext

wintrust

CryptCATAdminCalcHashFromFileHandle

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenKey
NtCreateKey
RtlUnwind

kernel32

GetFullPathNameW
IsWow64Process
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
GetCurrentThread
SetThreadPriority
EnterCriticalSection
GetSystemWindowsDirectoryW
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateThread
GetExitCodeThread
GetModuleHandleExW
ExitProcess
TlsFree
EncodePointer
InterlockedFlushSList
OutputDebugStringW
WideCharToMultiByte
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibraryAndExitThread
GetModuleFileNameA
GetACP
LCMapStringW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetStringTypeW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
TlsSetValue
TlsAlloc
lstrlenW
FormatMessageA
GetFileTime
WriteFile
GetFileSize
FindFirstFileExA
InitializeCriticalSection
GetSystemWow64DirectoryW
SetErrorMode
ExitThread
GetCurrentProcess
OpenProcess
GetLongPathNameW
GetVersion
TlsGetValue
GetCommandLineW
GetStdHandle
GetFileType
LocalFree
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
MulDiv
ReadFile
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateFileW
FindClose
Sleep
GetLastError
GetProcAddress
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSizeEx
GetVersionExW
LoadLibraryExW
SetLastError
ReadConsoleW
SetEndOfFile
GetConsoleMode
SetEvent
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
WriteConsoleW
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA

user32

LoadStringW
PostMessageW
DestroyIcon
InsertMenuW
GetSubMenu
CheckMenuItem
GetMenu
LoadCursorW
SendMessageW
MessageBoxW
DeleteMenu
LoadIconW

gdi32

DeleteObject
GetDeviceCaps
DeleteDC
CreateCompatibleDC

advapi32

FreeSid
QueryServiceConfig2W
GetServiceDisplayNameW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
OpenServiceW
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RevertToSelf
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenSCManagerW

shell32

SHGetFileInfoW
ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx

oleaut32

SysFreeString
VariantClear
SysStringLen
SysAllocStringByteLen
VariantInit
VariantChangeType
SysAllocString

shlwapi

ord176
UrlUnescapeW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable

Exports

Exports

AutorunScan

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Roobet Crash Predictor/Predictorv5.2/Data/Sounds.dll
.dll windows:5 windows x64 arch:x64

Password: aaa

7dc4e88ecfd19902affbb9227b6eab03

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:e3:30:09:2d:11:6f:63:8c:ed:ad:c2:1b:6b:db:72:fc:26:b7:66:18:4b:83:fb:c0:f6:e6:ee:be:b2:78:99
Signer

Actual PE Digest

80:e3:30:09:2d:11:6f:63:8c:ed:ad:c2:1b:6b:db:72:fc:26:b7:66:18:4b:83:fb:c0:f6:e6:ee:be:b2:78:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\agent\_work\89\s\x64\Release DLL\autoruns64.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_ReplaceIcon
ImageList_Add

crypt32

CertGetNameStringW
CryptDecodeObject
CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertDuplicateCertificateContext

wintrust

CryptCATAdminCalcHashFromFileHandle

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenKey
NtCreateKey
RtlUnwind

kernel32

GetFullPathNameW
IsWow64Process
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
GetCurrentThread
SetThreadPriority
EnterCriticalSection
GetSystemWindowsDirectoryW
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateThread
GetExitCodeThread
GetModuleHandleExW
ExitProcess
TlsFree
EncodePointer
InterlockedFlushSList
OutputDebugStringW
WideCharToMultiByte
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibraryAndExitThread
GetModuleFileNameA
GetACP
LCMapStringW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetStringTypeW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
TlsSetValue
TlsAlloc
lstrlenW
FormatMessageA
GetFileTime
WriteFile
GetFileSize
FindFirstFileExA
InitializeCriticalSection
GetSystemWow64DirectoryW
SetErrorMode
ExitThread
GetCurrentProcess
OpenProcess
GetLongPathNameW
GetVersion
TlsGetValue
GetCommandLineW
GetStdHandle
GetFileType
LocalFree
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
MulDiv
ReadFile
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateFileW
FindClose
Sleep
GetLastError
GetProcAddress
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSizeEx
GetVersionExW
LoadLibraryExW
SetLastError
ReadConsoleW
SetEndOfFile
GetConsoleMode
SetEvent
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
WriteConsoleW
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA

user32

LoadStringW
PostMessageW
DestroyIcon
InsertMenuW
GetSubMenu
CheckMenuItem
GetMenu
LoadCursorW
SendMessageW
MessageBoxW
DeleteMenu
LoadIconW

gdi32

DeleteObject
GetDeviceCaps
DeleteDC
CreateCompatibleDC

advapi32

FreeSid
QueryServiceConfig2W
GetServiceDisplayNameW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
OpenServiceW
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RevertToSelf
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenSCManagerW

shell32

SHGetFileInfoW
ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx

oleaut32

SysFreeString
VariantClear
SysStringLen
SysAllocStringByteLen
VariantInit
VariantChangeType
SysAllocString

shlwapi

ord176
UrlUnescapeW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable

Exports

Exports

AutorunScan

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Roobet Crash Predictor/Predictorv5.2/READ BEFORE OPEN IMPORTANT !.txt
Roobet Crash Predictor/Predictorv5.2/Scripts/pip.exe
.exe windows:5 windows x86 arch:x86

Password: aaa

c0836f8c0abbd1cdc763f32368a477c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Vinay\Projects\simple_launcher\dist\t32.pdb

Imports

kernel32

ExitProcess
GetCommandLineW
SearchPathW
SetInformationJobObject
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GenerateConsoleCtrlEvent
AssignProcessToJobObject
GetExitCodeProcess
GetModuleFileNameW
QueryInformationJobObject
MultiByteToWideChar
CreateJobObjectA
GetStdHandle
GetLastError
SetConsoleCtrlHandler
DuplicateHandle
CloseHandle
HeapSize
GetProcessHeap
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
RtlUnwind
HeapCreate
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
WriteFile
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
Sleep
LCMapStringW
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
LoadLibraryW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
IsProcessorFeaturePresent
CompareStringW
SetEnvironmentVariableW
SetEndOfFile
WriteConsoleW

shlwapi

StrStrIW

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Roobet Crash Predictor/Predictorv5.2/Scripts/pip2.7.exe
.exe windows:5 windows x86 arch:x86

Password: aaa

c0836f8c0abbd1cdc763f32368a477c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Vinay\Projects\simple_launcher\dist\t32.pdb

Imports

kernel32

ExitProcess
GetCommandLineW
SearchPathW
SetInformationJobObject
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GenerateConsoleCtrlEvent
AssignProcessToJobObject
GetExitCodeProcess
GetModuleFileNameW
QueryInformationJobObject
MultiByteToWideChar
CreateJobObjectA
GetStdHandle
GetLastError
SetConsoleCtrlHandler
DuplicateHandle
CloseHandle
HeapSize
GetProcessHeap
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
RtlUnwind
HeapCreate
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
WriteFile
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
Sleep
LCMapStringW
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
LoadLibraryW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
IsProcessorFeaturePresent
CompareStringW
SetEnvironmentVariableW
SetEndOfFile
WriteConsoleW

shlwapi

StrStrIW

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Roobet Crash Predictor/Predictorv5.2/Scripts/pip2.exe
.exe windows:5 windows x86 arch:x86

Password: aaa

c0836f8c0abbd1cdc763f32368a477c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Vinay\Projects\simple_launcher\dist\t32.pdb

Imports

kernel32

ExitProcess
GetCommandLineW
SearchPathW
SetInformationJobObject
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GenerateConsoleCtrlEvent
AssignProcessToJobObject
GetExitCodeProcess
GetModuleFileNameW
QueryInformationJobObject
MultiByteToWideChar
CreateJobObjectA
GetStdHandle
GetLastError
SetConsoleCtrlHandler
DuplicateHandle
CloseHandle
HeapSize
GetProcessHeap
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
RtlUnwind
HeapCreate
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
WriteFile
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
Sleep
LCMapStringW
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
LoadLibraryW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
IsProcessorFeaturePresent
CompareStringW
SetEnvironmentVariableW
SetEndOfFile
WriteConsoleW

shlwapi

StrStrIW

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Roobet Crash Predictor/Predictorv5.2/StartPredictor.exe
.exe windows:6 windows x86 arch:x86

Password: aaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

LiCwyFdp
Size: 71KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1ofOCNsh
Size: 136KB - Virtual size: 804KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LYrYgSbR
Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MpVXTPw1
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NNVOr8nI
Size: 1.5MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eS42qGoZ
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zZ2KO9eX
Size: 2.0MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

o8fVZTl6
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2FtTz3K5
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Roobet Crash Predictor/Predictorv5.2/VC_redist.x86.exe
.exe windows:5 windows x86 arch:x86

Password: aaa

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:01:58:ca:31:d3:14:b5:8b:59:b4:00:00:00:00:01:58
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/12/2019, 01:13

Not After

17/03/2021, 01:13

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:4D2F-E3DD-BEEF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:39

Not After

03/03/2021, 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:39

Not After

03/03/2021, 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:73:1d:4a:2a:70:29:a1:ad:a3:a4:95:87:e0:8c:79:8e:9a:1c:b6:94:ef:bb:5f:17:7a:f4:95:74:4e:2a:6a
Signer

Actual PE Digest

40:73:1d:4a:2a:70:29:a1:ad:a3:a4:95:87:e0:8c:79:8e:9a:1c:b6:94:ef:bb:5f:17:7a:f4:95:74:4e:2a:6a

Digest Algorithm

sha256

PE Digest Matches

true

98:1e:0e:aa:88:66:45:8a:e6:d7:0a:e1:7a:4e:c7:0f:ea:09:c2:38
Signer

Actual PE Digest

98:1e:0e:aa:88:66:45:8a:e6:d7:0a:e1:7a:4e:c7:0f:ea:09:c2:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Roobet Crash Predictor/Predictorv5.2/include/Python-ast.h
Roobet Crash Predictor/Predictorv5.2/include/Python.h
Roobet Crash Predictor/Predictorv5.2/include/boolobject.h
Roobet Crash Predictor/Predictorv5.2/include/bufferobject.h
Roobet Crash Predictor/Predictorv5.2/include/bytearrayobject.h
Roobet Crash Predictor/Predictorv5.2/include/bytes_methods.h
Roobet Crash Predictor/Predictorv5.2/include/bytesobject.h
Roobet Crash Predictor/Predictorv5.2/include/cStringIO.h
Roobet Crash Predictor/Predictorv5.2/include/cellobject.h
Roobet Crash Predictor/Predictorv5.2/include/ceval.h
Roobet Crash Predictor/Predictorv5.2/include/classobject.h
Roobet Crash Predictor/Predictorv5.2/include/cobject.h
Roobet Crash Predictor/Predictorv5.2/include/code.h
Roobet Crash Predictor/Predictorv5.2/include/codecs.h
Roobet Crash Predictor/Predictorv5.2/include/compile.h
Roobet Crash Predictor/Predictorv5.2/include/complexobject.h
Roobet Crash Predictor/Predictorv5.2/include/datetime.h
Roobet Crash Predictor/Predictorv5.2/include/descrobject.h
.vbs
Roobet Crash Predictor/Predictorv5.2/include/dictobject.h
Roobet Crash Predictor/Predictorv5.2/include/longintrepr.h
Roobet Crash Predictor/Predictorv5.2/include/longobject.h
Roobet Crash Predictor/Predictorv5.2/include/marshal.h
Roobet Crash Predictor/Predictorv5.2/include/memoryobject.h
Roobet Crash Predictor/Predictorv5.2/include/metagrammar.h
Roobet Crash Predictor/Predictorv5.2/include/methodobject.h
Roobet Crash Predictor/Predictorv5.2/include/modsupport.h
Roobet Crash Predictor/Predictorv5.2/include/moduleobject.h
Roobet Crash Predictor/Predictorv5.2/include/node.h
Roobet Crash Predictor/Predictorv5.2/include/object.h
Roobet Crash Predictor/Predictorv5.2/include/objimpl.h
Roobet Crash Predictor/Predictorv5.2/include/opcode.h
Roobet Crash Predictor/Predictorv5.2/include/osdefs.h
Roobet Crash Predictor/Predictorv5.2/include/parsetok.h
Roobet Crash Predictor/Predictorv5.2/include/patchlevel.h
Roobet Crash Predictor/Predictorv5.2/include/pgen.h
Roobet Crash Predictor/Predictorv5.2/include/pgenheaders.h
Roobet Crash Predictor/Predictorv5.2/include/py_curses.h
Roobet Crash Predictor/Predictorv5.2/include/pyarena.h
Roobet Crash Predictor/Predictorv5.2/include/pycapsule.h
Roobet Crash Predictor/Predictorv5.2/include/pyconfig.h
Roobet Crash Predictor/Predictorv5.2/include/pyctype.h
Roobet Crash Predictor/Predictorv5.2/include/pydebug.h
Roobet Crash Predictor/Predictorv5.2/include/pyerrors.h
Roobet Crash Predictor/Predictorv5.2/include/pyexpat.h
Roobet Crash Predictor/Predictorv5.2/include/pyfpe.h
Roobet Crash Predictor/Predictorv5.2/include/pygetopt.h
Roobet Crash Predictor/Predictorv5.2/include/pymacconfig.h
Roobet Crash Predictor/Predictorv5.2/include/pymactoolbox.h
Roobet Crash Predictor/Predictorv5.2/include/pymath.h
Roobet Crash Predictor/Predictorv5.2/include/pymem.h
Roobet Crash Predictor/Predictorv5.2/include/pyport.h
Roobet Crash Predictor/Predictorv5.2/include/pystate.h
Roobet Crash Predictor/Predictorv5.2/include/pystrcmp.h
Roobet Crash Predictor/Predictorv5.2/include/pystrtod.h
Roobet Crash Predictor/Predictorv5.2/include/pythonrun.h
Roobet Crash Predictor/Predictorv5.2/include/pythread.h
Roobet Crash Predictor/Predictorv5.2/include/rangeobject.h
Roobet Crash Predictor/Predictorv5.2/include/setobject.h
Roobet Crash Predictor/Predictorv5.2/include/sliceobject.h
Roobet Crash Predictor/Predictorv5.2/include/stringobject.h
Roobet Crash Predictor/Predictorv5.2/include/structmember.h
Roobet Crash Predictor/Predictorv5.2/include/structseq.h
Roobet Crash Predictor/Predictorv5.2/include/symtable.h
Roobet Crash Predictor/Predictorv5.2/include/sysmodule.h
Roobet Crash Predictor/Predictorv5.2/include/timefuncs.h
Roobet Crash Predictor/Predictorv5.2/include/token.h
Roobet Crash Predictor/Predictorv5.2/include/traceback.h
Roobet Crash Predictor/Predictorv5.2/include/tupleobject.h
Roobet Crash Predictor/Predictorv5.2/include/ucnhash.h
Roobet Crash Predictor/Predictorv5.2/include/unicodeobject.h
Roobet Crash Predictor/Predictorv5.2/include/warnings.h
Roobet Crash Predictor/Predictorv5.2/include/weakrefobject.h
Roobet Crash Predictor/Predictorv5.2/versioncheck/README.txt
Roobet Crash Predictor/Predictorv5.2/versioncheck/_checkversion.py
Roobet Crash Predictor/Predictorv5.2/versioncheck/checkversions.py
Roobet Crash Predictor/Predictorv5.2/versioncheck/pyversioncheck.py

Sharing

General

Malware Config

Signatures

Files

Password: aaa

Password: aaa

7dc4e88ecfd19902affbb9227b6eab03

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

80:e3:30:09:2d:11:6f:63:8c:ed:ad:c2:1b:6b:db:72:fc:26:b7:66:18:4b:83:fb:c0:f6:e6:ee:be:b2:78:99Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

crypt32

wintrust

ntdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 415KB

.rdata Size: 173KB - Virtual size: 173KB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 2KB - Virtual size: 1KB

Password: aaa

7dc4e88ecfd19902affbb9227b6eab03

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

80:e3:30:09:2d:11:6f:63:8c:ed:ad:c2:1b:6b:db:72:fc:26:b7:66:18:4b:83:fb:c0:f6:e6:ee:be:b2:78:99Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

crypt32

wintrust

ntdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 415KB

.rdata Size: 173KB - Virtual size: 173KB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 2KB - Virtual size: 1KB

Password: aaa

c0836f8c0abbd1cdc763f32368a477c5

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

80:e3:30:09:2d:11:6f:63:8c:ed:ad:c2:1b:6b:db:72:fc:26:b7:66:18:4b:83:fb:c0:f6:e6:ee:be:b2:78:99
Signer

.text
Size: 416KB - Virtual size: 415KB

.rdata
Size: 173KB - Virtual size: 173KB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

80:e3:30:09:2d:11:6f:63:8c:ed:ad:c2:1b:6b:db:72:fc:26:b7:66:18:4b:83:fb:c0:f6:e6:ee:be:b2:78:99
Signer

.text
Size: 416KB - Virtual size: 415KB

.rdata
Size: 173KB - Virtual size: 173KB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 4KB - Virtual size: 3KB

LiCwyFdp
Size: 71KB - Virtual size: 144KB

1ofOCNsh
Size: 136KB - Virtual size: 804KB

LYrYgSbR
Size: 32KB - Virtual size: 64KB

MpVXTPw1
Size: 1024B - Virtual size: 8KB

NNVOr8nI
Size: 1.5MB - Virtual size: 1.7MB

eS42qGoZ
Size: 512B - Virtual size: 4KB

zZ2KO9eX
Size: 2.0MB - Virtual size: 2.2MB

o8fVZTl6
Size: 298KB - Virtual size: 300KB

2FtTz3K5
Size: - Virtual size: 4KB

33:00:00:01:58:ca:31:d3:14:b5:8b:59:b4:00:00:00:00:01:58
Certificate

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate