C:\root\newdump\dump\matrixfree spoofer\x64\Release\Protections.pdb
General
-
Target
spoofer loader.rar
-
Size
68.7MB
-
MD5
7d77a9770ce514d9d7aedefc9075cec4
-
SHA1
83b4bc3723eb72ddc388b6a78cf72f9fc5119b7f
-
SHA256
6ab74f064966bf8e315450ac40ef0e4b44b67c23897f2d70543ba6291cf069b1
-
SHA512
97b387a814d853c558a3fcbb342da3414b80d1e38a8b3da481268e3cfc86c11aa2efe9ed89486e025911e1aa54e59403078fafa0f45efb6843d34b1b0ee90224
-
SSDEEP
1572864:QRlnBVyVZMzBL9MvbLE8ZwO9xYNYxyf1diYRFiz+DPuWf:QRlnPmsRMTLdiO7YN8yfTiAiqDnf
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/x64/Release/Matrix V2.exe themida -
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/x64/Release/Matrix V2.exe unpack001/x64/Release/Protections.exe unpack001/x64/Release/Themida Full Activated.exe unpack001/x64/Release/matrix_test.exe
Files
-
spoofer loader.rar.rar
-
Protections.sln
-
refo_v2/auth.hpp
-
refo_v2/encryption/xor.h
-
refo_v2/hex_64.lib
-
refo_v2/libcurl.lib
-
refo_v2/library_x64.lib
-
refo_v2/main/main.cpp
-
refo_v2/mapper/intel_driver.cpp
-
refo_v2/mapper/intel_driver.hpp.js
-
refo_v2/mapper/intel_driver_resource.hpp
-
refo_v2/mapper/kdmapper.cpp
-
refo_v2/mapper/kdmapper.hpp
-
refo_v2/mapper/nt.hpp
-
refo_v2/mapper/portable_executable.cpp
-
refo_v2/mapper/portable_executable.hpp
-
refo_v2/mapper/service.cpp
-
refo_v2/mapper/service.hpp
-
refo_v2/mapper/utils.cpp
-
refo_v2/mapper/utils.hpp
-
refo_v2/misc/lazy.h
-
refo_v2/protect/anti_debugger.h
-
refo_v2/protect/antidump.h
-
refo_v2/refo_v2.vcxproj.xml
-
refo_v2/refo_v2.vcxproj.filters
-
refo_v2/refo_v2.vcxproj.user
-
refo_v2/skStr.h
-
refo_v2/utils/print/print.cpp
-
refo_v2/utils/print/print.h
-
refo_v2/x64/Release/Protections.exe.recipe
-
refo_v2/x64/Release/Protections.iobj
-
refo_v2/x64/Release/Protections.ipdb
-
refo_v2/x64/Release/Protections.tlog/CL.command.1.tlog
-
refo_v2/x64/Release/Protections.tlog/CL.read.1.tlog
-
refo_v2/x64/Release/Protections.tlog/CL.write.1.tlog
-
refo_v2/x64/Release/Protections.tlog/Cl.items.tlog
-
refo_v2/x64/Release/Protections.tlog/Protections.lastbuildstate
-
refo_v2/x64/Release/Protections.tlog/link.command.1.tlog
-
refo_v2/x64/Release/Protections.tlog/link.read.1.tlog
-
refo_v2/x64/Release/Protections.tlog/link.write.1.tlog
-
refo_v2/x64/Release/intel_driver.obj
-
refo_v2/x64/Release/kdmapper.obj
-
refo_v2/x64/Release/main.obj
-
refo_v2/x64/Release/portable_executable.obj
-
refo_v2/x64/Release/print.obj
-
refo_v2/x64/Release/protectmain.obj
-
refo_v2/x64/Release/refo_v2.exe.recipe
-
refo_v2/x64/Release/refo_v2.log
-
refo_v2/x64/Release/refo_v2.tlog/CL.command.1.tlog
-
refo_v2/x64/Release/refo_v2.tlog/CL.read.1.tlog
-
refo_v2/x64/Release/refo_v2.tlog/CL.write.1.tlog
-
refo_v2/x64/Release/refo_v2.tlog/link.command.1.tlog
-
refo_v2/x64/Release/refo_v2.tlog/link.read.1.tlog
-
refo_v2/x64/Release/refo_v2.tlog/link.write.1.tlog
-
refo_v2/x64/Release/refo_v2.tlog/refo_v2.lastbuildstate
-
refo_v2/x64/Release/service.obj
-
refo_v2/x64/Release/utils.obj
-
refo_v2/x64/Release/vc143.pdb
-
x64/Release/Matrix V2.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 232KB - Virtual size: 460KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 58KB - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 11KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.5MB - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
-
x64/Release/Protections.exe.exe windows:6 windows x64 arch:x64
bf8d7bf9cef9e264af6433e6c83108a4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
DeleteCriticalSection
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetProcessHeap
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
MultiByteToWideChar
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
HeapDestroy
GetConsoleWindow
VirtualFree
DeviceIoControl
VirtualAlloc
CreateFileW
GetCurrentThreadId
SetLastError
CreateThread
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetTempPathW
GetCurrentProcessId
GetProcAddress
CloseHandle
LoadLibraryA
GetModuleHandleA
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
HeapAlloc
HeapReAlloc
GetLastError
Sleep
HeapSize
InitializeCriticalSectionEx
SetConsoleWindowInfo
GetStdHandle
SetConsoleScreenBufferSize
SetConsoleTitleA
HeapFree
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentProcess
user32
GetWindowRect
MoveWindow
MessageBoxA
advapi32
CryptHashData
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
CryptCreateHash
RegSetKeyValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyW
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
msvcp140
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1_Lockit@std@@QEAA@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0_Lockit@std@@QEAA@H@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
ntdll
RtlInitUnicodeString
VerSetConditionMask
NtQuerySystemInformation
normaliz
IdnToAscii
wldap32
ord45
ord50
ord211
ord46
ord41
ord22
ord26
ord27
ord32
ord217
ord35
ord79
ord30
ord200
ord301
ord60
ord143
ord33
crypt32
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore
ws2_32
WSAGetLastError
bind
connect
getpeername
recv
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
closesocket
send
getsockname
select
rpcrt4
UuidToStringA
UuidCreate
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
strchr
strrchr
strstr
memmove
__current_exception_context
__C_specific_handler
memset
memcpy
memcmp
memchr
_CxxThrowException
__std_terminate
__std_exception_copy
__current_exception
__std_exception_destroy
api-ms-win-crt-runtime-l1-1-0
__p___argc
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
system
_errno
_initterm_e
_initialize_onexit_table
_initialize_narrow_environment
_beginthreadex
abort
exit
_initterm
_get_initial_narrow_environment
_set_app_type
strerror
__sys_nerr
_configure_narrow_argv
terminate
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_exe
_invalid_parameter_noinfo
_getpid
__p___argv
_exit
_resetstkoflw
_cexit
api-ms-win-crt-heap-l1-1-0
_callnewh
calloc
_set_new_mode
free
malloc
realloc
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64
api-ms-win-crt-stdio-l1-1-0
fputs
fopen
_lseeki64
fputc
feof
fseek
ftell
fflush
fclose
fgetc
_set_fmode
fwrite
__stdio_common_vsscanf
_open
__stdio_common_vsprintf
_popen
_pclose
fgets
_close
_write
_read
fgetpos
__p__commode
__stdio_common_vfprintf
__acrt_iob_func
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
api-ms-win-crt-utility-l1-1-0
srand
rand
qsort
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_stat64
_fstat64
_wremove
_unlink
_access
_unlock_file
api-ms-win-crt-string-l1-1-0
_strdup
strcmp
strncpy
tolower
strpbrk
_stricmp
strncmp
strcspn
isupper
strspn
api-ms-win-crt-convert-l1-1-0
atoi
strtoull
strtoll
strtol
strtod
strtoul
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
localeconv
api-ms-win-crt-math-l1-1-0
_dclass
__setusermatherr
shell32
ShellExecuteA
Sections
.text Size: 461KB - Virtual size: 460KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 152KB - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/Release/Protections.pdb
-
x64/Release/Themida Full Activated.exe.exe windows:6 windows x86 arch:x86
e569e6f445d32ba23766ad67d1e3787f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale
comctl32
InitCommonControls
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
user32
CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW
oleaut32
SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate
netapi32
NetWkstaGetInfo
NetApiBufferFree
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW
Exports
Exports
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Sections
.text Size: 718KB - Virtual size: 718KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 27KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 154B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 93B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 258KB - Virtual size: 257KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
x64/Release/matrix_test.exe.exe windows:6 windows x64 arch:x64
82c8db7383b63830d652e90436d7b71f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\nottm\OneDrive\Desktop\HWID-Spoofer-main\x64\Release\Protections.pdb
Imports
kernel32
EnterCriticalSection
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
FormatMessageA
DeleteCriticalSection
WaitForSingleObjectEx
MultiByteToWideChar
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
LocalFree
GetProcessHeap
VirtualFree
DeviceIoControl
VirtualAlloc
CreateFileW
GetCurrentThreadId
GetModuleHandleA
SetLastError
CreateThread
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetTempPathW
GetCurrentProcessId
GetProcAddress
GetTickCount
CloseHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
HeapDestroy
HeapAlloc
HeapReAlloc
GetLastError
Sleep
HeapSize
InitializeCriticalSectionEx
SetConsoleWindowInfo
GetStdHandle
SetConsoleScreenBufferSize
SetConsoleTitleA
HeapFree
MoveFileExA
GetModuleFileNameA
GetCurrentProcess
user32
MessageBoxA
advapi32
CryptDestroyKey
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
CryptDestroyHash
RegSetKeyValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyW
CryptImportKey
CryptEncrypt
msvcp140
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??1_Lockit@std@@QEAA@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
ntdll
VerSetConditionMask
RtlInitUnicodeString
NtQuerySystemInformation
normaliz
IdnToAscii
wldap32
ord41
ord22
ord211
ord46
ord26
ord27
ord45
ord33
ord35
ord79
ord217
ord200
ord301
ord50
ord32
ord60
ord143
ord30
crypt32
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertCloseStore
ws2_32
connect
getpeername
getsockname
WSAGetLastError
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
send
recv
closesocket
bind
getsockopt
getaddrinfo
rpcrt4
RpcStringFreeA
UuidCreate
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
strchr
strrchr
strstr
__C_specific_handler
memmove
__current_exception_context
__std_exception_destroy
memset
memchr
_CxxThrowException
memcmp
memcpy
__std_exception_copy
__current_exception
__std_terminate
api-ms-win-crt-runtime-l1-1-0
__p___argc
abort
_c_exit
_register_thread_local_exe_atexit_callback
exit
_cexit
_exit
terminate
_initterm_e
_crt_atexit
_initterm
strerror
_register_onexit_function
__sys_nerr
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
_initialize_narrow_environment
system
_configure_narrow_argv
_beginthreadex
_set_app_type
_getpid
__p___argv
_invalid_parameter_noinfo
_errno
_resetstkoflw
_seh_filter_exe
api-ms-win-crt-stdio-l1-1-0
fopen
fgetpos
setvbuf
__stdio_common_vsscanf
fwrite
feof
fseek
fputs
_open
_close
_write
_read
__p__commode
__stdio_common_vsprintf
_popen
_pclose
fgets
_set_fmode
ftell
fclose
fflush
_lseeki64
__stdio_common_vfprintf
__acrt_iob_func
ungetc
fsetpos
fread
fputc
_fseeki64
_get_stream_buffer_pointers
fgetc
api-ms-win-crt-heap-l1-1-0
free
_callnewh
calloc
malloc
_set_new_mode
realloc
api-ms-win-crt-filesystem-l1-1-0
_stat64
_unlink
_wremove
_fstat64
_lock_file
_access
remove
_unlock_file
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64
api-ms-win-crt-utility-l1-1-0
qsort
rand
srand
api-ms-win-crt-string-l1-1-0
strpbrk
_stricmp
strcmp
strncpy
strcspn
strncmp
strspn
isupper
tolower
_strdup
api-ms-win-crt-convert-l1-1-0
strtoul
atoi
strtoull
strtoll
strtol
strtod
api-ms-win-crt-locale-l1-1-0
localeconv
_configthreadlocale
api-ms-win-crt-math-l1-1-0
_dclass
__setusermatherr
shell32
ShellExecuteA
Sections
.text Size: 457KB - Virtual size: 457KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 152KB - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ