dcrat | c158eab31c5a8fd2da093fd5130f1ec8

Sharing

Copy URL

Twitter E-mail

General

Target

c158eab31c5a8fd2da093fd5130f1ec8
Size

25.7MB
MD5

c158eab31c5a8fd2da093fd5130f1ec8
SHA1

b26bf14a694095e86cd63bf66049c37d87e6e0a4
SHA256

67e68d1933e87f680f063203e7e243c33deba2dfdbcd2bb08e9205d3fff26fb8
SHA512

abbfeaf563b6cdd45b45f51d29100f9c26f84f8505c5895b42d209ffb20abf8ff43cfa02938b46f732386724de0a7c0e7fd89bef0ed7adaebadb82cfd0f8bf52
SSDEEP

786432:IsgLJYkWSW5gzVVh3cwBJJe9Fcik92l8fNkgAy:IjASW5g7h3JJ+FcjbfWgAy

Score

10^/10

rat dcrat echelon

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

Processes:

resource	yara_rule
static1/unpack001/2222-main/Build.exe	dcrat

Dcrat family
dcrat

Detects Echelon Stealer payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/2222-main/mySThe.exe	family_echelon
static1/unpack001/2222-main/sheyhST.exe	family_echelon

Echelon family
echelon

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/2222-main/Build.exe
unpack001/2222-main/NanoSense.dll
unpack001/2222-main/OTC.dll
unpack001/2222-main/OTC2.dll
unpack001/2222-main/aurora.dll
unpack001/2222-main/fatality.dll
unpack001/2222-main/gan.exe
unpack001/2222-main/mySThe.exe
unpack001/2222-main/myporno.exe
unpack001/2222-main/pandora.dll
unpack001/2222-main/pass.exe
unpack001/2222-main/petya.exe
unpack001/2222-main/sheyhST.exe
unpack001/2222-main/stpastio.exe
unpack001/2222-main/test.exe
unpack001/2222-main/token.exe
unpack001/2222-main/ximay.exe

Files

c158eab31c5a8fd2da093fd5130f1ec8
.zip
2222-main/Build.exe
.exe windows:5 windows x86 arch:x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/NanoSense.dll
.dll windows:6 windows x86 arch:x86

34f983f36f4d8203a057fc665d889c2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\rafik\Desktop\csgo\Coding\Nanosense\Release\NanoSense.pdb

Imports

kernel32

VirtualAlloc
LoadLibraryA
GetNativeSystemInfo
HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
IsBadReadPtr
CreateThread
GetModuleHandleA
GetSystemInfo
GetTickCount
MultiByteToWideChar
lstrcmpA
GetCurrentProcess
WriteConsoleA
OutputDebugStringA
GetCurrentProcessId
GetModuleHandleW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
Beep
VirtualQuery
FormatMessageA
InitializeSListHead
GetSystemTimeAsFileTime
SetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetLastError
CloseHandle
AreFileApisANSI
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
VirtualFree
HeapFree
GetCurrentThreadId
VirtualProtect
LocalFree

user32

GetClipboardData
FlashWindowEx
EmptyClipboard
CloseClipboard
GetAsyncKeyState
SetClipboardData
SetWindowLongA
CallWindowProcA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
OpenClipboard
ReleaseCapture
SetCursorPos
GetCursorPos

shell32

SHGetFolderPathA

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcp140

?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
_Xtime_get_ticks
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sungetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140

__current_exception
__current_exception_context
_CxxThrowException
memset
_except_handler4_common
__std_type_info_destroy_list
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memchr
memcmp
_purecall
memcpy
memmove
strstr

api-ms-win-crt-stdio-l1-1-0

fclose
__stdio_common_vsscanf
_wfopen
__stdio_common_vfprintf
fseek
fgetc
ftell
__stdio_common_vsnprintf_s
fflush
__stdio_common_vsprintf
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fputc

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
realloc

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

strcpy_s
_stricmp
strncpy
strncmp

api-ms-win-crt-runtime-l1-1-0

terminate
_seh_filter_dll
_errno
_configure_narrow_argv
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

ceil
floor
_fdclass
_dclass
_libm_sse2_pow_precise
_libm_sse2_sin_precise
roundf
fminf
_libm_sse2_asin_precise
_dsign
_libm_sse2_exp_precise
_CIfmod
_libm_sse2_atan_precise
fmaxf
_CIatan2
_libm_sse2_sqrt_precise
_libm_sse2_cos_precise

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s
_localtime64
_time64

api-ms-win-crt-convert-l1-1-0

strtoul
mbstowcs
atof
mbstowcs_s
strtoull
atoi
strtoll
strtod

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

Exports

Exports

?runtime_basis@@3IA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/OTC.dll
.dll windows:6 windows x86 arch:x86

ebebcc504f1ce302539b750e002c57fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateThread
GetProcAddress
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
GetModuleHandleW
DisableThreadLibraryCalls
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
EnterCriticalSection

user32

GetWindowLongW
FindWindowA

gdi32

AddFontMemResourceEx

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

strstr
__std_exception_copy
memcpy
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__std_exception_destroy
__CxxFrameHandler3
memmove
memset

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

isdigit
tolower

api-ms-win-crt-runtime-l1-1-0

_initterm
_execute_onexit_table
_register_onexit_function
_seh_filter_dll
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_cexit
_crt_atexit
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-convert-l1-1-0

strtoul
atoi

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/OTC2.dll
.dll windows:6 windows x86 arch:x86

b84aafd12d03c11da673be4eb5a77b52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
lstrlenW
CreateFileW
ReadFile
WriteFile
CloseHandle
GetLastError
PeekNamedPipe
WaitNamedPipeW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
VirtualProtect
FlushInstructionCache
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceFrequency
GetCurrentProcessId
SetEvent
CreateEventA
WaitForSingleObject
CreateThread
ExitProcess
OutputDebugStringA
DebugBreak
IsDebuggerPresent
K32GetModuleInformation
IsProcessorFeaturePresent
QueryPerformanceCounter
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WideCharToMultiByte
LoadLibraryA
GetProcAddress
SetLastError
GetModuleHandleA
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
VirtualAlloc
TerminateProcess

user32

GetCapture
SetCapture
ReleaseCapture
SetWindowLongW
EnumWindows
GetWindowThreadProcessId
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CallWindowProcA
IsChild
GetKeyState
GetForegroundWindow
GetAsyncKeyState
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
EmptyClipboard
LoadCursorA

comdlg32

GetOpenFileNameA

advapi32

RegSetKeyValueA
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
GetUserNameA
RegCreateKeyA
RegOpenKeyA
RegCloseKey
RegGetValueA
RegSetValueExW
RegDeleteKeyA

shell32

ShellExecuteA

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Xlength_error@std@@YAXPBD@Z
_Thrd_start
?_Throw_Cpp_error@std@@YAXH@Z
_Xtime_get_ticks
_Thrd_join
_Thrd_id
_Mtx_init
_Mtx_destroy
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_current_owns
_Mtx_lock
_Mtx_unlock
_Cnd_init
_Cnd_destroy
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_timedwait
_Cnd_broadcast
_Cnd_signal
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?uncaught_exception@std@@YA_NXZ

concrt140

?_Internal_clear@_Concurrent_vector_base_v4@details@Concurrency@@IAEIP6AXPAXI@Z@Z
?_Internal_push_back@_Concurrent_vector_base_v4@details@Concurrency@@IAEPAXIAAI@Z
?_Internal_capacity@_Concurrent_vector_base_v4@details@Concurrency@@IBEIXZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IAE@XZ
?_Internal_copy@_Concurrent_vector_base_v4@details@Concurrency@@IAEXABV123@IP6AXPAXPBXI@Z@Z
?_Segment_index_of@_Concurrent_vector_base_v4@details@Concurrency@@KAII@Z

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

vcruntime140

__std_type_info_destroy_list
memcpy
_except_handler4_common
memset
_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memmove
memcmp
strstr
memchr
__std_terminate
__current_exception
__current_exception_context

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initterm_e
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
_invalid_parameter_noinfo_noreturn
terminate

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
ftell
fwrite
__stdio_common_vsprintf
__stdio_common_vfprintf
__acrt_iob_func
_wfopen
fclose
fseek
fflush
__stdio_common_vsscanf
fread

api-ms-win-crt-math-l1-1-0

_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
log2
floor

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 960KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/aurora.dll
.dll windows:6 windows x86 arch:x86

8b403f6a4086897dace4df2f3360dbc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
FindNextFileA
GetFullPathNameA
FindClose
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetFileType
WriteFile
GetLastError
MultiByteToWideChar
CreateThread
DeleteFiber
CreateFiber
WideCharToMultiByte
ConvertFiberToThread
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GlobalUnlock
GlobalLock
GlobalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
K32EnumProcessModules
Module32NextW
Module32FirstW
K32GetModuleBaseNameA
CreateToolhelp32Snapshot
GetCurrentProcessId
SetStdHandle
FreeConsole
ReadConsoleA
ConvertThreadToFiber
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleW
SetLastError
GetSystemTime
SystemTimeToFileTime
FreeLibrary
InitializeCriticalSectionEx
SleepEx
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
FormatMessageA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
SetConsoleMode
WriteConsoleA
GetStdHandle
TerminateProcess
MulDiv
K32GetModuleInformation
Sleep
DeleteCriticalSection
InitializeCriticalSection
VirtualQuery
GetModuleHandleW
GetProcAddress
CloseHandle
GetCurrentProcess
VirtualProtect
GetModuleHandleA
GetTickCount
GetPrivateProfileStringA
CreateDirectoryA
SwitchToFiber
WritePrivateProfileStringA
FindFirstFileW
FindNextFileW
InitializeCriticalSectionAndSpinCount

user32

MessageBoxA
FlashWindowEx
SetCursorPos
GetClientRect
SetCursor
FillRect
ClientToScreen
SetClipboardData
CallWindowProcW
EmptyClipboard
CloseClipboard
OpenClipboard
GetKeyState
LoadCursorW
SetRect
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
SetWindowLongW
GetClipboardData

gdi32

ExtTextOutW
SetMapMode
CreateFontA
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateBrushIndirect
GetDeviceCaps
GetTextMetricsW
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkColor
DeleteObject

advapi32

CryptAcquireContextA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegQueryValueExA
RegOpenKeyExA
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptHashData
CryptGetHashParam

shell32

ShellExecuteW

msvcp140

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
_Mtx_trylock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1_Lockit@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

ws2_32

connect
recv
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
send
getaddrinfo
select
closesocket
htons
WSAStartup
WSACleanup
getsockname
gethostname
htonl
ntohl
socket
sendto
recvfrom
getsockopt
ntohs
WSASetLastError
WSAIoctl
getpeername
__WSAFDIsSet
listen
bind
accept

d3dx9_43

D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileInMemoryEx

winmm

PlaySoundA

imm32

ImmSetCompositionWindow
ImmGetContext

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertCloseStore

wldap32

ord211
ord50
ord46
ord301
ord143
ord60
ord200
ord30
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79

normaliz

IdnToAscii

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
__current_exception
wcsstr
strrchr
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
strstr
strchr
_CxxThrowException
memcpy
memmove
memset
memchr
__RTDynamicCast

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise
ceil
_libm_sse2_acos_precise
_dsign
_fdclass
_libm_sse2_atan_precise
_CIfmod
_CIatan2
fminf
fmaxf
_dclass
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_pow_precise
floor

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
atof
atoi
strtoull
_strtoi64
strtod
_strtoui64
strtoll

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-runtime-l1-1-0

_errno
raise
terminate
_exit
_initterm_e
_initterm
_cexit
_crt_atexit
strerror_s
_execute_onexit_table
abort
_register_onexit_function
_initialize_onexit_table
__sys_nerr
_beginthreadex
_getpid
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
signal
strerror
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

feof
_close
_read
_write
_lseeki64
__stdio_common_vswprintf
__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vfprintf
_wfopen
__stdio_common_vsnprintf_s
fseek
fopen
fputs
ftell
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vsscanf
fwrite
__stdio_common_vsprintf_s
fgetc
fclose
fflush
fputc
ferror
_setmode
_fileno
fgets
_open

api-ms-win-crt-utility-l1-1-0

qsort
rand
ldiv

api-ms-win-crt-heap-l1-1-0

malloc
realloc
calloc
_callnewh
free

api-ms-win-crt-string-l1-1-0

isxdigit
_strnicmp
strcspn
strspn
towlower
strcat_s
isgraph
isupper
strcmp
isalnum
isalpha
_strdup
strncpy
strncmp
islower
_stricmp
tolower
strcpy_s
strpbrk
isspace
isdigit
isprint

api-ms-win-crt-filesystem-l1-1-0

_lock_file
remove
_fstat64
_unlock_file
_stat64
_stat64i32

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.9MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/fatality.dll
.dll windows:6 windows x86 arch:x86

da1edb4708da523a1057a7cda8279f2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
LoadLibraryA
K32GetModuleInformation
CreateToolhelp32Snapshot
Process32First
Process32Next
IsDebuggerPresent
DebugBreak
OutputDebugStringA
ExitProcess
CreateThread
Sleep
TerminateProcess
OpenProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeSListHead

msvcp140

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?uncaught_exception@std@@YA_NXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

vcruntime140

memset
_except_handler4_common
__current_exception_context
memmove
memcmp
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcpy
__std_type_info_destroy_list
__current_exception

api-ms-win-crt-string-l1-1-0

strlen
strcmp

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/gan.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\1\Desktop\Lucky cracked dragonia\Lucky.exe (cleaned dragonia)\Lucky.exe cleaned by Dragonia\obj\Release\Lucky Execute.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/mySThe.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\1\Desktop\source code\Elechon Stealer[modded by CoderVir] Update[2]\obj\x64\Release\CoderVir Stealer Love Lolz.guru.pdb

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2222-main/myporno.exe
.exe windows:4 windows x86 arch:x86

94400fe3e62cd2376124312fe435b8e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
SendMessageA
RegisterClassExA
PostQuitMessage
MessageBoxA
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

GetModuleHandleA
HeapAlloc
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
WriteFile
SizeofResource
SetFileAttributesA
RtlMoveMemory
LockResource
LoadResource
LoadLibraryA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleFileNameA
GlobalFree
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
HeapFree

shlwapi

PathFindFileNameA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2222-main/pandora.dll
.dll windows:6 windows x86 arch:x86

a7e5819df0acdb663fc62833a8ef745f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\nelfo\source\repos\PE Loader\Release\PE Loader.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
K32GetModuleInformation
GetCurrentProcess
AllocConsole
VirtualAlloc
GetModuleHandleA
CreateThread
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?setf@ios_base@std@@QAEHHH@Z
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

vcruntime140

memset
memcmp
memcpy
__CxxFrameHandler3
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
freopen

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 742KB - Virtual size: 742KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.PE
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2222-main/pass.exe
.exe windows:4 windows x86 arch:x86

94400fe3e62cd2376124312fe435b8e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
SendMessageA
RegisterClassExA
PostQuitMessage
MessageBoxA
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

GetModuleHandleA
HeapAlloc
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
WriteFile
SizeofResource
SetFileAttributesA
RtlMoveMemory
LockResource
LoadResource
LoadLibraryA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleFileNameA
GlobalFree
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
HeapFree

shlwapi

PathFindFileNameA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 856KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2222-main/petya.exe
.exe windows:5 windows x86 arch:x86

1a63922d5931d1bb8ca5188313f78eaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GoogleCrashHandler_unsigned.pdb

Imports

kernel32

GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateSemaphoreW
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
CreateDirectoryW
DeleteFileW
GetCurrentThread
WaitForMultipleObjects
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
DuplicateHandle
ReleaseMutex
GetEnvironmentVariableW
lstrcmpiW
VirtualQuery
GetTempPathW
GetLocalTime
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcmpW
lstrlenW
SetFilePointer
CreateMutexW
InitializeCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
GetFileAttributesExW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
MoveFileExW
GetFileTime
ReadFile
DeviceIoControl
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
ReadProcessMemory
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
DebugActiveProcess
GetThreadContext
DebugActiveProcessStop
VirtualQueryEx
GetProcessId
GetSystemInfo
ContinueDebugEvent
WaitForDebugEvent
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
GetCommandLineW
EncodePointer
LeaveCriticalSection
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
RtlCaptureContext
ReleaseSemaphore
EnterCriticalSection
OutputDebugStringW
DeleteCriticalSection
DecodePointer
HeapSize
GetProcAddress
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetModuleHandleW
HeapFree
IsDebuggerPresent
GetUserDefaultLangID
GetSystemDefaultLangID
GetComputerNameExW
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
UnregisterWait
GetProcessTimes
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualProtect
VirtualAlloc
HeapAlloc
RemoveDirectoryW
HeapReAlloc

user32

SetClipboardData
EmptyClipboard
OpenClipboard
GetProcessWindowStation
CloseDesktop
CloseClipboard
CharUpperW
CharLowerW
PostThreadMessageW
DispatchMessageW
GetMessageW
PeekMessageW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
SetThreadDesktop
CreateWindowStationW
CloseWindowStation
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
wvsprintfW
wsprintfW
MessageBoxW

advapi32

GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetAce
MakeSelfRelativeSD
GetSecurityDescriptorLength
EqualSid
SetNamedSecurityInfoW
ConvertStringSidToSidW
OpenThreadToken
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorSacl
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
SetTokenInformation

ole32

CoCreateGuid
StringFromGUID2

shell32

SHGetFolderPathW

netapi32

NetApiBufferFree
NetWkstaGetInfo

rpcrt4

UuidCreate

shlwapi

PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathCanonicalizeW
PathIsRelativeW
SHQueryValueExW
PathAppendW

userenv

UnloadUserProfile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/sheyhST.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\1\Desktop\source code\Elechon Stealer[modded by CoderVir] Update[2]\obj\x64\Release\CoderVir Stealer Love Lolz.guru.pdb

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2222-main/stpastio.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\1\Desktop\Lucky cracked dragonia\Lucky.exe (cleaned dragonia)\Lucky.exe cleaned by Dragonia\obj\Release\Lucky Execute.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/test.exe
.exe windows:4 windows x86 arch:x86

0818438d729451edf8c455424695687b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncmp
memmove
strncpy
_strnicmp
strlen
strcmp
strcpy
strcat
sprintf
fabs
ceil
malloc
floor
free
fclose
memcpy
_stricmp
tolower

kernel32

GetModuleHandleA
HeapCreate
GetCommandLineA
RemoveDirectoryA
GetTempFileNameA
GetShortPathNameA
HeapDestroy
ExitProcess
FindResourceA
LoadResource
SizeofResource
HeapAlloc
HeapFree
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
PeekNamedPipe
GetExitCodeProcess
TerminateProcess
SetUnhandledExceptionFilter
GetVersionExA
HeapReAlloc
SetLastError
TlsAlloc
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTempPathA
SetFileAttributesA
DeleteFileA
CreateDirectoryA
WriteFile
CreateFileA
SetFilePointer
ReadFile
DeleteCriticalSection

user32

MessageBoxA
SendMessageA
PostMessageA
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongA
GetForegroundWindow
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetDC
GetWindowTextLengthA
GetWindowTextA
SetRect
DrawTextA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
CreateWindowExA
CallWindowProcA
SetWindowLongA
SetFocus
RedrawWindow
RemovePropA
DefWindowProcA
SetPropA
GetParent
GetPropA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetFocus
GetClientRect
FillRect
EnumChildWindows
DefFrameProcA
GetWindowRect
IsChild
GetClassNameA
GetKeyState
DestroyIcon
RegisterWindowMessageA

gdi32

GetStockObject
SelectObject
SetBkColor
SetTextColor
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
BitBlt
CreateBitmap
SetPixel

comctl32

InitCommonControlsEx

ole32

CoInitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExA

winmm

timeBeginPeriod

shlwapi

PathRemoveArgsA
PathGetArgsA
PathAddBackslashA
PathQuoteSpacesA

Sections

.code
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2222-main/token.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2222-main/ximay.exe
.exe windows:4 windows x86 arch:x86

94400fe3e62cd2376124312fe435b8e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
SendMessageA
RegisterClassExA
PostQuitMessage
MessageBoxA
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

GetModuleHandleA
HeapAlloc
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
WriteFile
SizeofResource
SetFileAttributesA
RtlMoveMemory
LockResource
LoadResource
LoadLibraryA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleFileNameA
GlobalFree
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
HeapFree

shlwapi

PathFindFileNameA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdiplus

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 141KB

.didat Size: 512B - Virtual size: 392B

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 9KB - Virtual size: 8KB

34f983f36f4d8203a057fc665d889c2f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

oleaut32

msvcp140

d3dx9_43

imm32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 604KB - Virtual size: 603KB

.data Size: 109KB - Virtual size: 2.3MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 43KB - Virtual size: 42KB

ebebcc504f1ce302539b750e002c57fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 8.5MB - Virtual size: 8.5MB

.reloc Size: 2KB - Virtual size: 2KB

b84aafd12d03c11da673be4eb5a77b52

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 141KB

.didat
Size: 512B - Virtual size: 392B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 604KB - Virtual size: 603KB

.data
Size: 109KB - Virtual size: 2.3MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 43KB - Virtual size: 42KB

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 8.5MB - Virtual size: 8.5MB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 406KB - Virtual size: 405KB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 960KB - Virtual size: 1.1MB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 4.9MB - Virtual size: 10.3MB

.rsrc
Size: 229KB - Virtual size: 229KB

.reloc
Size: 200KB - Virtual size: 200KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 108KB - Virtual size: 109KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB