for recroom[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

for recroom.zip
Size

14.8MB
MD5

0313420f4915c2b1dbfd5002dd8e5c7e
SHA1

a816a88742a70483c9aecdece89203df0d60b31a
SHA256

853c39c243e57887fc90e46b90d0986b32439774c48f00bf66b9ac5835789c91
SHA512

aea663609a06588a5c84e18643c7cd9944afb6b68d1ab718aa9e949320e68d24f9e8c5ae7a19842cabfc2374dde9eac555c75518cc0bea3612f7a6aa864c7470
SSDEEP

196608:IvpMZdnrBhl67m3X1DXe/BVOZYC1vkvRk89kqWkvTTkFM:IxOdnHVXxXrSC1svq8+qtv0FM

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/for recroom/injector/Inj_1.exe	themida

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.4 V2/WinDivert.dll
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.4 V2/clumsy.exe
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/WinDivert.dll
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/bofas_clumsy.exe
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/bofas_clumsy.exe.1.bak
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/bofas_clumsy.exe.bak
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/clumsy.exe.bak
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.6 RED/WinDivert.dll
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.6 RED/clumsy.exe
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/clumsy 0.6 v2/WinDivert.dll
unpack001/for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/clumsy 0.6 v2/clumsy 0.6 v2.exe
unpack001/for recroom/Time Stop/ProjectCherry.exe
unpack001/for recroom/injector/Inj_1.exe
unpack001/for recroom/mod menu - skidware/Exodus.dll

Files

for recroom.zip
.zip
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.4 V2/WinDivert.dll
.dll windows:4 windows x64 arch:x64

4b5b0fb09f29ed8e5306bbb27b5ae668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW

kernel32

CloseHandle
CreateEventW
CreateFileW
DeviceIoControl
GetLastError
GetModuleFileNameW
GetOverlappedResult
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

msvcrt

isalnum
isspace
isxdigit
strcmp
tolower

Exports

Exports

DivertClose
DivertGetParam
DivertHelperCalcChecksums
DivertHelperParseIPv4Address
DivertHelperParseIPv6Address
DivertHelperParsePacket
DivertOpen
DivertRecv
DivertSend
DivertSetParam
WinDivertClose
WinDivertDllEntry
WinDivertGetParam
WinDivertHelperCalcChecksums
WinDivertHelperParseIPv4Address
WinDivertHelperParseIPv6Address
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertRecvEx
WinDivertSend
WinDivertSendEx
WinDivertSetParam

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.4 V2/clumsy.exe
.exe windows:4 windows x64 arch:x64

5d9c5772d914b87ab12e184aaa7a18de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
InitCommonControlsEx
LBItemFromPt
MakeDragList

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

Arc
BeginPath
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontA
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EndPath
ExcludeClipRect
FillPath
GetDeviceCaps
GetEnhMetaFileBits
GetMetaFileBitsEx
GetObjectA
GetObjectType
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
MaskBlt
PatBlt
Pie
Polygon
Polyline
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetPixelV
SetTextAlign
SetTextColor
TextOutA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCPInfoExA
GetCommandLineA
GetComputerNameA
GetConsoleWindow
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDefaultUILanguage
GetSystemInfo
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LocalFree
MulDiv
MultiByteToWideChar
ReleaseMutex
SetCurrentDirectoryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_setjmp
_time64
_unlock
_vsnprintf
abort
atof
atoi
calloc
exit
fclose
fopen
fprintf
fputc
fread
free
fwrite
getenv
isalnum
isalpha
isspace
localeconv
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
realloc
rand
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
tolower
toupper
vfprintf
wcslen

ole32

CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryPoint
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

user32

BeginPaint
CallNextHookEx
CallWindowProcA
CheckMenuItem
CheckMenuRadioItem
ClientToScreen
CloseClipboard
CreateIconIndirect
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DragDetect
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
EnumDisplayMonitors
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetMenuInfo
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMessageA
GetMessageExtraInfo
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InsertMenuItemA
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapVirtualKeyA
MessageBoxA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendInput
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetRect
SetScrollInfo
SetScrollPos
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

windivert

WinDivertClose
WinDivertHelperCalcChecksums
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
WinDivertSetParam

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.4 V2/config.txt
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/Settings.png
.png
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/WinDivert.dll
.dll windows:4 windows x64 arch:x64

4b5b0fb09f29ed8e5306bbb27b5ae668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW

kernel32

CloseHandle
CreateEventW
CreateFileW
DeviceIoControl
GetLastError
GetModuleFileNameW
GetOverlappedResult
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

msvcrt

isalnum
isspace
isxdigit
strcmp
tolower

Exports

Exports

DivertClose
DivertGetParam
DivertHelperCalcChecksums
DivertHelperParseIPv4Address
DivertHelperParseIPv6Address
DivertHelperParsePacket
DivertOpen
DivertRecv
DivertSend
DivertSetParam
WinDivertClose
WinDivertDllEntry
WinDivertGetParam
WinDivertHelperCalcChecksums
WinDivertHelperParseIPv4Address
WinDivertHelperParseIPv6Address
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertRecvEx
WinDivertSend
WinDivertSendEx
WinDivertSetParam

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/bofas_clumsy.exe
.exe windows:4 windows x64 arch:x64

5d9c5772d914b87ab12e184aaa7a18de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
InitCommonControlsEx
LBItemFromPt
MakeDragList

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

Arc
BeginPath
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontA
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EndPath
ExcludeClipRect
FillPath
GetDeviceCaps
GetEnhMetaFileBits
GetMetaFileBitsEx
GetObjectA
GetObjectType
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
MaskBlt
PatBlt
Pie
Polygon
Polyline
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetPixelV
SetTextAlign
SetTextColor
TextOutA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCPInfoExA
GetCommandLineA
GetComputerNameA
GetConsoleWindow
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDefaultUILanguage
GetSystemInfo
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LocalFree
MulDiv
MultiByteToWideChar
ReleaseMutex
SetCurrentDirectoryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_setjmp
_time64
_unlock
_vsnprintf
abort
atof
atoi
calloc
exit
fclose
fopen
fprintf
fputc
fread
free
fwrite
getenv
isalnum
isalpha
isspace
localeconv
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
realloc
rand
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
tolower
toupper
vfprintf
wcslen

ole32

CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryPoint
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

user32

BeginPaint
CallNextHookEx
CallWindowProcA
CheckMenuItem
CheckMenuRadioItem
ClientToScreen
CloseClipboard
CreateIconIndirect
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DragDetect
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
EnumDisplayMonitors
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetMenuInfo
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMessageA
GetMessageExtraInfo
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InsertMenuItemA
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapVirtualKeyA
MessageBoxA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendInput
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetRect
SetScrollInfo
SetScrollPos
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

windivert

WinDivertClose
WinDivertHelperCalcChecksums
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
WinDivertSetParam

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/bofas_clumsy.exe.1.bak
.exe windows:4 windows x64 arch:x64

5d9c5772d914b87ab12e184aaa7a18de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
InitCommonControlsEx
LBItemFromPt
MakeDragList

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

Arc
BeginPath
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontA
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EndPath
ExcludeClipRect
FillPath
GetDeviceCaps
GetEnhMetaFileBits
GetMetaFileBitsEx
GetObjectA
GetObjectType
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
MaskBlt
PatBlt
Pie
Polygon
Polyline
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetPixelV
SetTextAlign
SetTextColor
TextOutA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCPInfoExA
GetCommandLineA
GetComputerNameA
GetConsoleWindow
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDefaultUILanguage
GetSystemInfo
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LocalFree
MulDiv
MultiByteToWideChar
ReleaseMutex
SetCurrentDirectoryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_setjmp
_time64
_unlock
_vsnprintf
abort
atof
atoi
calloc
exit
fclose
fopen
fprintf
fputc
fread
free
fwrite
getenv
isalnum
isalpha
isspace
localeconv
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
realloc
rand
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
tolower
toupper
vfprintf
wcslen

ole32

CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryPoint
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

user32

BeginPaint
CallNextHookEx
CallWindowProcA
CheckMenuItem
CheckMenuRadioItem
ClientToScreen
CloseClipboard
CreateIconIndirect
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DragDetect
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
EnumDisplayMonitors
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetMenuInfo
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMessageA
GetMessageExtraInfo
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InsertMenuItemA
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapVirtualKeyA
MessageBoxA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendInput
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetRect
SetScrollInfo
SetScrollPos
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

windivert

WinDivertClose
WinDivertHelperCalcChecksums
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
WinDivertSetParam

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/bofas_clumsy.exe.bak
.exe windows:4 windows x64 arch:x64

5d9c5772d914b87ab12e184aaa7a18de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
InitCommonControlsEx
LBItemFromPt
MakeDragList

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

Arc
BeginPath
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontA
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EndPath
ExcludeClipRect
FillPath
GetDeviceCaps
GetEnhMetaFileBits
GetMetaFileBitsEx
GetObjectA
GetObjectType
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
MaskBlt
PatBlt
Pie
Polygon
Polyline
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetPixelV
SetTextAlign
SetTextColor
TextOutA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCPInfoExA
GetCommandLineA
GetComputerNameA
GetConsoleWindow
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDefaultUILanguage
GetSystemInfo
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LocalFree
MulDiv
MultiByteToWideChar
ReleaseMutex
SetCurrentDirectoryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_setjmp
_time64
_unlock
_vsnprintf
abort
atof
atoi
calloc
exit
fclose
fopen
fprintf
fputc
fread
free
fwrite
getenv
isalnum
isalpha
isspace
localeconv
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
realloc
rand
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
tolower
toupper
vfprintf
wcslen

ole32

CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryPoint
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

user32

BeginPaint
CallNextHookEx
CallWindowProcA
CheckMenuItem
CheckMenuRadioItem
ClientToScreen
CloseClipboard
CreateIconIndirect
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DragDetect
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
EnumDisplayMonitors
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetMenuInfo
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMessageA
GetMessageExtraInfo
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InsertMenuItemA
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapVirtualKeyA
MessageBoxA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendInput
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetRect
SetScrollInfo
SetScrollPos
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

windivert

WinDivertClose
WinDivertHelperCalcChecksums
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
WinDivertSetParam

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.5/clumsy.exe.bak
.exe windows:4 windows x64 arch:x64

5d9c5772d914b87ab12e184aaa7a18de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
InitCommonControlsEx
LBItemFromPt
MakeDragList

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

Arc
BeginPath
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontA
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EndPath
ExcludeClipRect
FillPath
GetDeviceCaps
GetEnhMetaFileBits
GetMetaFileBitsEx
GetObjectA
GetObjectType
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
MaskBlt
PatBlt
Pie
Polygon
Polyline
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetPixelV
SetTextAlign
SetTextColor
TextOutA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCPInfoExA
GetCommandLineA
GetComputerNameA
GetConsoleWindow
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDefaultUILanguage
GetSystemInfo
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LocalFree
MulDiv
MultiByteToWideChar
ReleaseMutex
SetCurrentDirectoryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_setjmp
_time64
_unlock
_vsnprintf
abort
atof
atoi
calloc
exit
fclose
fopen
fprintf
fputc
fread
free
fwrite
getenv
isalnum
isalpha
isspace
localeconv
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
realloc
rand
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
tolower
toupper
vfprintf
wcslen

ole32

CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryPoint
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

user32

BeginPaint
CallNextHookEx
CallWindowProcA
CheckMenuItem
CheckMenuRadioItem
ClientToScreen
CloseClipboard
CreateIconIndirect
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DragDetect
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
EnumDisplayMonitors
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetMenuInfo
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMessageA
GetMessageExtraInfo
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InsertMenuItemA
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapVirtualKeyA
MessageBoxA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendInput
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetRect
SetScrollInfo
SetScrollPos
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

windivert

WinDivertClose
WinDivertHelperCalcChecksums
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
WinDivertSetParam

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.6 RED/Settings.png
.png
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.6 RED/WinDivert.dll
.dll windows:4 windows x64 arch:x64

4b5b0fb09f29ed8e5306bbb27b5ae668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW

kernel32

CloseHandle
CreateEventW
CreateFileW
DeviceIoControl
GetLastError
GetModuleFileNameW
GetOverlappedResult
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

msvcrt

isalnum
isspace
isxdigit
strcmp
tolower

Exports

Exports

DivertClose
DivertGetParam
DivertHelperCalcChecksums
DivertHelperParseIPv4Address
DivertHelperParseIPv6Address
DivertHelperParsePacket
DivertOpen
DivertRecv
DivertSend
DivertSetParam
WinDivertClose
WinDivertDllEntry
WinDivertGetParam
WinDivertHelperCalcChecksums
WinDivertHelperParseIPv4Address
WinDivertHelperParseIPv6Address
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertRecvEx
WinDivertSend
WinDivertSendEx
WinDivertSetParam

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.6 RED/clumsy.exe
.exe windows:4 windows x64 arch:x64

185792a557de20fafe786e4247cdc85b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
InitCommonControlsEx
LBItemFromPt
MakeDragList

comdlg32

ChooseColorW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

gdi32

Arc
BeginPath
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreateFontW
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EndPath
ExcludeClipRect
FillPath
GetDeviceCaps
GetEnhMetaFileBits
GetMetaFileBitsEx
GetObjectType
GetObjectW
GetStockObject
GetTextExtentPoint32W
GetTextMetricsW
MaskBlt
PatBlt
Pie
Polygon
Polyline
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetPixelV
SetTextAlign
SetTextColor
TextOutW

kernel32

CloseHandle
CompareStringW
CreateFileW
CreateMutexA
CreateMutexW
CreateThread
DeleteCriticalSection
EnterCriticalSection
FormatMessageW
FreeLibrary
GetCPInfoExA
GetCPInfoExW
GetCommandLineW
GetComputerNameA
GetConsoleWindow
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemDefaultUILanguage
GetSystemInfo
GetTickCount
GetVersionExA
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsWow64Process
LeaveCriticalSection
LoadLibraryW
LocalFree
MulDiv
MultiByteToWideChar
ReleaseMutex
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler
lstrcpyW
lstrcpynW
lstrlenW

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_setjmp
_time64
_unlock
_vscprintf
_vsnprintf
abort
atoi
calloc
clock
exit
fclose
fopen
fprintf
fputc
fputs
fread
free
fseek
fwrite
getenv
isalnum
isalpha
isspace
localeconv
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
qsort
realloc
rand
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
tolower
vfprintf
wcslen

ole32

CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconW

user32

BeginPaint
CallNextHookEx
CallWindowProcW
CheckMenuItem
CheckMenuRadioItem
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CreateIconIndirect
CreateMDIWindowW
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DragDetect
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
EnumDisplayMonitors
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoW
GetClientRect
GetClipboardData
GetClipboardFormatNameW
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetMenuInfo
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMessageExtraInfo
GetMessageW
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowInfo
GetWindowLongPtrW
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
InflateRect
InsertMenuItemW
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconA
LoadImageW
MapVirtualKeyA
MapVirtualKeyW
MessageBoxA
MessageBoxIndirectW
MessageBoxW
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendInput
SendMessageA
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoW
SetParent
SetRect
SetScrollInfo
SetScrollPos
SetTimer
SetWindowLongPtrW
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UpdateLayeredWindow
VkKeyScanA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

windivert

WinDivertClose
WinDivertHelperCalcChecksums
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
WinDivertSetParam

Sections

.text
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/Clumsy 0.6 RED/config.txt
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/clumsy 0.6 v2/Settings1.png
.png
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/clumsy 0.6 v2/Settings2.png
.png
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/clumsy 0.6 v2/Settings3.png
.png
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/clumsy 0.6 v2/UPDATES.txt
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/clumsy 0.6 v2/WinDivert.dll
.dll windows:4 windows x64 arch:x64

4b5b0fb09f29ed8e5306bbb27b5ae668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW

kernel32

CloseHandle
CreateEventW
CreateFileW
DeviceIoControl
GetLastError
GetModuleFileNameW
GetOverlappedResult
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

msvcrt

isalnum
isspace
isxdigit
strcmp
tolower

Exports

Exports

DivertClose
DivertGetParam
DivertHelperCalcChecksums
DivertHelperParseIPv4Address
DivertHelperParseIPv6Address
DivertHelperParsePacket
DivertOpen
DivertRecv
DivertSend
DivertSetParam
WinDivertClose
WinDivertDllEntry
WinDivertGetParam
WinDivertHelperCalcChecksums
WinDivertHelperParseIPv4Address
WinDivertHelperParseIPv6Address
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertRecvEx
WinDivertSend
WinDivertSendEx
WinDivertSetParam

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/clumsy 0.6 v2/clumsy 0.6 v2.exe
.exe windows:4 windows x64 arch:x64

d99552e1506ab1c6d2df5479d2cb78c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
InitCommonControlsEx
LBItemFromPt
MakeDragList

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

Arc
BeginPath
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontA
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EndPath
ExcludeClipRect
FillPath
GetDeviceCaps
GetEnhMetaFileBits
GetMetaFileBitsEx
GetObjectA
GetObjectType
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
MaskBlt
PatBlt
Pie
Polygon
Polyline
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetPixelV
SetTextAlign
SetTextColor
TextOutA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCPInfoExA
GetCommandLineA
GetComputerNameA
GetConsoleWindow
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDefaultUILanguage
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
ReleaseMutex
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryA
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

__argc
__argv
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_initterm
_lock
_onexit
_setjmp
_time64
_unlock
_vsnprintf
abort
atof
atoi
calloc
exit
fclose
fopen
fprintf
fputc
fread
free
fwrite
getenv
isalnum
isalpha
isspace
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
rand
realloc
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strrchr
strstr
strtok
tolower
toupper
vfprintf
wcslen

ole32

CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryPoint
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

user32

BeginPaint
CallNextHookEx
CallWindowProcA
CheckMenuItem
CheckMenuRadioItem
ClientToScreen
CloseClipboard
CreateIconIndirect
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DragDetect
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
EnumDisplayMonitors
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetMenuInfo
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMessageA
GetMessageExtraInfo
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InsertMenuItemA
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapVirtualKeyA
MessageBoxA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendInput
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetRect
SetScrollInfo
SetScrollPos
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

windivert

WinDivertClose
WinDivertHelperCalcChecksums
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend
WinDivertSetParam

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 339KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 891B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/Anti Kick And Anti Ban/Clumsy .4v2 .5 .6v2 .6Red/clumsy 0.6 v2/config.txt
for recroom/Anti Kick And Anti Ban/README.txt
for recroom/Anti Kick And Anti Ban/image.png
.png
for recroom/README.txt
for recroom/Time Stop/ProjectCherry.exe
.exe windows:4 windows x86 arch:x86

6011984d7c1f1b97a34d7517a498bff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateMutexA
CreateProcessA
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatusEx
LoadResource
LocalFree
LockResource
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_findclose
_findfirst
_findnext
_iob
_itoa
_onexit
_open
_read
_setmode
_stat
atexit
atoi
fclose
fopen
fprintf
fwrite
memset
printf
puts
signal
strcat
strchr
strcmp
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok

shell32

ShellExecuteA

user32

CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
for recroom/Time Stop/README.txt
for recroom/discord servers.txt
for recroom/injector/Inj_1.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 107KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 73KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 188B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 275B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
for recroom/injector/README.txt
for recroom/mod menu - skidware/Exodus.dll
.dll windows:6 windows x64 arch:x64

632e626c6dfa530e180d873330763b6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\dev\Documents\GitHub\Exodus\x64\Release\Exodus.pdb

Imports

kernel32

QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GlobalUnlock
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
FreeLibrary
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GlobalLock
GlobalFree
QueryPerformanceFrequency
GlobalAlloc
DisableThreadLibraryCalls
ReleaseSRWLockExclusive

user32

CallWindowProcA
SetWindowLongPtrA
DestroyWindow
DefWindowProcA
CreateWindowExA
GetAsyncKeyState
RegisterClassExA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
SetClipboardData
GetClipboardData
UnregisterClassA
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

d3dcompiler_47

D3DCompile

xinput1_4

ord4
ord2

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memchr
memcpy
memmove
__std_type_info_destroy_list
memcmp

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
calloc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_cexit
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_configure_narrow_argv
_beginthreadex
_initialize_onexit_table
_initialize_narrow_environment
terminate
_initterm

api-ms-win-crt-stdio-l1-1-0

fclose
ftell
fseek
fwrite
__stdio_common_vsprintf
fflush
__stdio_common_vsscanf
fread
_wfopen

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

sqrtf
ceilf
sinf
cosf
floorf
fmodf

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
for recroom/mod menu - skidware/README.txt

Sharing

General

Malware Config

Signatures

Files

4b5b0fb09f29ed8e5306bbb27b5ae668

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 992B

.rdata Size: 1024B - Virtual size: 1024B

.pdata Size: 512B - Virtual size: 360B

.xdata Size: 512B - Virtual size: 288B

.bss Size: - Virtual size: 16B

.edata Size: 1024B - Virtual size: 730B

.idata Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 132B

5d9c5772d914b87ab12e184aaa7a18de

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msvcrt

ole32

shell32

user32

winmm

windivert

Sections

.text Size: 371KB - Virtual size: 371KB

.data Size: 17KB - Virtual size: 17KB

.rdata Size: 43KB - Virtual size: 42KB

.pdata Size: 2KB - Virtual size: 2KB

.xdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 340KB

.idata Size: 13KB - Virtual size: 12KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 363KB - Virtual size: 363KB

.reloc Size: 2KB - Virtual size: 1KB

/4 Size: 3KB - Virtual size: 2KB

/19 Size: 153KB - Virtual size: 152KB

/31 Size: 23KB - Virtual size: 22KB

/45 Size: 46KB - Virtual size: 45KB

/57 Size: 16KB - Virtual size: 15KB

/70 Size: 5KB - Virtual size: 4KB

/81 Size: 92KB - Virtual size: 92KB

/92 Size: 7KB - Virtual size: 7KB

4b5b0fb09f29ed8e5306bbb27b5ae668

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 992B

.rdata Size: 1024B - Virtual size: 1024B

.pdata Size: 512B - Virtual size: 360B

.xdata Size: 512B - Virtual size: 288B

.bss Size: - Virtual size: 16B

.edata Size: 1024B - Virtual size: 730B

.idata Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 132B

5d9c5772d914b87ab12e184aaa7a18de

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 992B

.rdata
Size: 1024B - Virtual size: 1024B

.pdata
Size: 512B - Virtual size: 360B

.xdata
Size: 512B - Virtual size: 288B

.bss
Size: - Virtual size: 16B

.edata
Size: 1024B - Virtual size: 730B

.idata
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 132B

.text
Size: 371KB - Virtual size: 371KB

.data
Size: 17KB - Virtual size: 17KB

.rdata
Size: 43KB - Virtual size: 42KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 340KB

.idata
Size: 13KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: 2KB - Virtual size: 1KB

/4
Size: 3KB - Virtual size: 2KB

/19
Size: 153KB - Virtual size: 152KB

/31
Size: 23KB - Virtual size: 22KB

/45
Size: 46KB - Virtual size: 45KB

/57
Size: 16KB - Virtual size: 15KB

/70
Size: 5KB - Virtual size: 4KB

/81
Size: 92KB - Virtual size: 92KB

/92
Size: 7KB - Virtual size: 7KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 992B

.rdata
Size: 1024B - Virtual size: 1024B

.pdata
Size: 512B - Virtual size: 360B

.xdata
Size: 512B - Virtual size: 288B

.bss
Size: - Virtual size: 16B

.edata
Size: 1024B - Virtual size: 730B

.idata
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 132B

.text
Size: 371KB - Virtual size: 371KB

.data
Size: 17KB - Virtual size: 17KB

.rdata
Size: 43KB - Virtual size: 42KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 340KB

.idata
Size: 13KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 295KB - Virtual size: 294KB

.reloc
Size: 2KB - Virtual size: 1KB

/4
Size: 3KB - Virtual size: 2KB

/19
Size: 153KB - Virtual size: 152KB

/31
Size: 23KB - Virtual size: 22KB

/45
Size: 46KB - Virtual size: 45KB

/57
Size: 16KB - Virtual size: 15KB

/70
Size: 5KB - Virtual size: 4KB

/81
Size: 92KB - Virtual size: 92KB

/92
Size: 7KB - Virtual size: 7KB

.text
Size: 371KB - Virtual size: 371KB

.data
Size: 17KB - Virtual size: 17KB

.rdata
Size: 43KB - Virtual size: 42KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 340KB

.idata
Size: 13KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: 2KB - Virtual size: 1KB

/4
Size: 3KB - Virtual size: 2KB

/19
Size: 153KB - Virtual size: 152KB

/31
Size: 23KB - Virtual size: 22KB

/45
Size: 46KB - Virtual size: 45KB

/57
Size: 16KB - Virtual size: 15KB

/70
Size: 5KB - Virtual size: 4KB

/81
Size: 92KB - Virtual size: 92KB