Extracted

• Napalm Loader.zip

  .zip
• Napalm Loader.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 227KB - Virtual size: 226KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• README.txt
• checksum.txt
• napalm_hook.dll

  .dll windows:6 windows x64 arch:x64

  a57f2aa5993346a006190896c1afb4da

  
  

  Code Sign

  43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  02-09-2011 00:00

  Not After

  01-09-2014 23:59

  Subject

  CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  61:19:93:e4:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  22-02-2011 19:25

  Not After

  22-02-2021 19:35

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  45:03:0f:0f:75:ea:2b:40:4a:34:29:c9:94:64:d0:eb:81:77:91:ca

  Signer

  Actual PE Digest

  45:03:0f:0f:75:ea:2b:40:4a:34:29:c9:94:64:d0:eb:81:77:91:ca

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  C:\Users\Epexx\Downloads\R6-Chams-with-ingame-menu--master\copy - Copy\x64\Release\d3d11hook.pdb

  Imports

  kernel32

  QueryPerformanceCounter

  VirtualFree

  VirtualAlloc

  GetSystemInfo

  VirtualQuery

  HeapCreate

  VirtualProtect

  HeapFree

  GetCurrentProcess

  Thread32Next

  Thread32First

  GetCurrentThreadId

  SuspendThread

  ResumeThread

  CreateToolhelp32Snapshot

  Sleep

  HeapReAlloc

  CloseHandle

  HeapAlloc

  HeapDestroy

  GetThreadContext

  GetCurrentProcessId

  GetModuleHandleW

  FlushInstructionCache

  SetThreadContext

  OpenThread

  GlobalUnlock

  GetModuleFileNameA

  GetModuleHandleA

  DisableThreadLibraryCalls

  CreateThread

  MultiByteToWideChar

  InitializeSListHead

  GetSystemTimeAsFileTime

  IsDebuggerPresent

  IsProcessorFeaturePresent

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  CreateEventW

  WaitForSingleObjectEx

  ResetEvent

  SetEvent

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  EnterCriticalSection

  WideCharToMultiByte

  GlobalLock

  GlobalFree

  GetProcAddress

  QueryPerformanceFrequency

  LoadLibraryA

  GlobalAlloc

  user32

  GetSystemMetrics

  GetAsyncKeyState

  CallWindowProcA

  MessageBoxA

  DefWindowProcA

  CreateWindowExA

  GetWindowLongPtrA

  SetWindowLongPtrA

  RegisterClassExA

  GetKeyState

  LoadCursorA

  ReleaseCapture

  SetCursorPos

  GetCursorPos

  OpenClipboard

  CloseClipboard

  EmptyClipboard

  GetClipboardData

  SetClipboardData

  GetClientRect

  SetCursor

  SetCapture

  GetForegroundWindow

  IsChild

  ScreenToClient

  ClientToScreen

  GetCapture

  imm32

  ImmReleaseContext

  ImmGetContext

  ImmSetCompositionWindow

  d3dcompiler_47

  D3DCompile

  msvcp140

  ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

  ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ

  ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ?always_noconv@codecvt_base@std@@QEBA_NXZ

  ??Bid@locale@std@@QEAA_KXZ

  ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z

  ??1_Lockit@std@@QEAA@XZ

  ??0_Lockit@std@@QEAA@H@Z

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ?uncaught_exception@std@@YA_NXZ

  ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

  ?id@?$ctype@D@std@@2V0locale@2@A

  ?_Xlength_error@std@@YAXPEBD@Z

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

  ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

  ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

  ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

  ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

  ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

  ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

  ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

  ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

  d3d11

  D3D11CreateDeviceAndSwapChain

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  memcpy

  __std_type_info_destroy_list

  __std_exception_destroy

  _CxxThrowException

  memset

  __C_specific_handler

  __current_exception_context

  memmove

  __std_terminate

  memcmp

  strstr

  memchr

  __std_exception_copy

  __current_exception

  api-ms-win-crt-stdio-l1-1-0

  ftell

  _get_stream_buffer_pointers

  fflush

  fclose

  _fseeki64

  fsetpos

  ungetc

  fseek

  setvbuf

  fgetpos

  fwrite

  fgetc

  __stdio_common_vsprintf_s

  _wfopen

  __stdio_common_vsprintf

  fputc

  fread

  __stdio_common_vsscanf

  api-ms-win-crt-string-l1-1-0

  strcmp

  strcpy_s

  strncpy

  strcat_s

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-heap-l1-1-0

  _callnewh

  free

  malloc

  api-ms-win-crt-convert-l1-1-0

  atof

  api-ms-win-crt-filesystem-l1-1-0

  _lock_file

  _unlock_file

  api-ms-win-crt-runtime-l1-1-0

  _cexit

  _initterm

  _initterm_e

  terminate

  _seh_filter_dll

  _configure_narrow_argv

  _crt_atexit

  _execute_onexit_table

  _register_onexit_function

  _initialize_narrow_environment

  _initialize_onexit_table

  _invalid_parameter_noinfo_noreturn

  api-ms-win-crt-math-l1-1-0

  acosf

  atan2f

  ceilf

  cosf

  fmodf

  floorf

  powf

  sinf

  sqrtf

  logf

  Sections

  .text

  Size: 263KB - Virtual size: 263KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 56KB - Virtual size: 56KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 312B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ