reducethelag_v3[.]1[.]62-installer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

reducethelag_v3.1.62-installer.exe
Size

879KB
MD5

416843a8351ac960a300fe0dec5bfffc
SHA1

ea37d06ae0985de15cd35554d5b8c757cc9b5b1e
SHA256

85b5f0d22781da1b665a6438ec6413cd7d42ce7444b8c749d6c96553e04d39ae
SHA512

4cc5b08036bc0c104e6080b1cd17ada79532929b0be203f3807d9309e0e807eb20a4dc0221b07f89701388562392e1f85aee00a3985a9984b9c2e4537a6f54b5
SSDEEP

24576:koVBAw+P7fB0SqzI1e2Ms2qGvgrOpF5FI:n+P7ehzSFnGYybI

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	upx

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
reducethelag_v3.1.62-installer.exe
unpack001/$PLUGINSDIR/SimpleFC.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/EasyHook.dll
unpack001/EasyHook32.dll
unpack001/EasyHook64.dll
unpack001/reducethelag_v3_64bit_helper.exe
unpack001/reducethelag_v3_service.exe
unpack001/reducethelagv332.dll
unpack001/reducethelagv364.dll
unpack001/reducethelagv364_loader.dll
unpack001/uninstall.exe
unpack003/$PLUGINSDIR/SimpleFC.dll
unpack003/$PLUGINSDIR/nsExec.dll
unpack001/url_helper.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

reducethelag_v3.1.62-installer.exe
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleFC.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AddApplication
AddPort
AdvAddRule
AdvExistsRule
AdvRemoveRule
AllowDisallowExceptionsNotAllowed
AllowDisallowIcmpInboundEchoRequest
AllowDisallowIcmpInboundMaskRequest
AllowDisallowIcmpInboundRouterRequest
AllowDisallowIcmpInboundTimestampRequest
AllowDisallowIcmpOutboundDestinationUnreachable
AllowDisallowIcmpOutboundPacketTooBig
AllowDisallowIcmpOutboundParameterProblem
AllowDisallowIcmpOutboundSourceQuench
AllowDisallowIcmpOutboundTimeExceeded
AllowDisallowIcmpRedirect
AreExceptionsNotAllowed
AreNotificationsEnabled
EnableDisableApplication
EnableDisableFirewall
EnableDisableNotifications
EnableDisablePort
IsApplicationAdded
IsApplicationEnabled
IsFirewallEnabled
IsFirewallServiceRunning
IsIcmpTypeAllowed
IsPortAdded
IsPortEnabled
RemoveApplication
RemovePort
RestoreDefaults
StartStopFirewallService

Sections

CODE
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
SetWindowLongA
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

46f8b6973f33717335c0f6d8087de67b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GetVersion
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyHook.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\EasyHook\obj\netfx3.5-Release\EasyHook.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyHook32.dll
.dll windows:6 windows x86 arch:x86

0c2609288fcba4a8350c2130643a83bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\Build\netfx3.5-Release\x86\EasyHook32.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
CreateEventW
CreateToolhelp32Snapshot
DuplicateHandle
TlsAlloc
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
GetCurrentProcessId
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
InterlockedExchange
GetVersionExW
VirtualQuery
SetStdHandle
OutputDebugStringW
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
WriteConsoleW
SetEndOfFile
WriteProcessMemory
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemAlloc
CoTaskMemFree

shlwapi

PathQuoteSpacesW

Exports

Exports

?GetRemoteModuleExportDirectory@@YGHPAXPAUHINSTANCE__@@PAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS@@@Z
_DbgAttachDebugger@0
_DbgDetachDebugger@0
_DbgGetProcessIdByHandle@8
_DbgGetThreadIdByHandle@8
_DbgHandleToObjectName@16
_DbgIsAvailable@0
_DbgIsEnabled@0
_GacCreateContext@0
_GacInstallAssembly@16
_GacReleaseContext@4
_GacUninstallAssembly@16
_HookCompleteInjection@4
_LhBarrierBeginStackTrace@4
_LhBarrierCallStackTrace@12
_LhBarrierEndStackTrace@4
_LhBarrierGetAddressOfReturnAddress@4
_LhBarrierGetCallback@4
_LhBarrierGetCallingModule@4
_LhBarrierGetReturnAddress@4
_LhBarrierPointerToModule@8
_LhEnumModules@12
_LhGetHookBypassAddress@8
_LhInstallHook@16
_LhIsThreadIntercepted@12
_LhSetExclusiveACL@12
_LhSetGlobalExclusiveACL@8
_LhSetGlobalInclusiveACL@8
_LhSetInclusiveACL@12
_LhUninstallAllHooks@0
_LhUninstallHook@4
_LhUpdateModuleInformation@0
_LhWaitForPendingRemovals@0
_ReleaseTestFuncHookResults@8
_RhCreateAndInject@36
_RhCreateStealthRemoteThread@16
_RhGetProcessToken@8
_RhInjectLibrary@28
_RhInstallDriver@8
_RhInstallSupportDriver@0
_RhIsAdministrator@0
_RhIsX64Process@8
_RhIsX64System@0
_RhWakeUpProcess@0
_RtlCreateSuspendedProcess@20
_RtlGetLastError@0
_RtlGetLastErrorString@0
_RtlGetLastErrorStringCopy@0
_RtlInstallService@12
_TestFuncHooks@24

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyHook64.dll
.dll windows:6 windows x64 arch:x64

4d117d78b1518e2a9eee4e20c8ed50c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\Build\netfx3.5-Release\x64\EasyHook64.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
LoadLibraryW
GetCurrentProcessId
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
TlsAlloc
CreateToolhelp32Snapshot
DuplicateHandle
WriteProcessMemory
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
GetVersionExW
SetEndOfFile
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
CreateEventW
RtlPcToFileHeader
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
RtlUnwindEx
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemFree
CoTaskMemAlloc

shlwapi

PathQuoteSpacesW

Exports

Exports

?GetRemoteModuleExportDirectory@@YAHPEAXPEAUHINSTANCE__@@PEAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS64@@@Z
DbgAttachDebugger
DbgDetachDebugger
DbgGetProcessIdByHandle
DbgGetThreadIdByHandle
DbgHandleToObjectName
DbgIsAvailable
DbgIsEnabled
GacCreateContext
GacInstallAssembly
GacReleaseContext
GacUninstallAssembly
HookCompleteInjection
LhBarrierBeginStackTrace
LhBarrierCallStackTrace
LhBarrierEndStackTrace
LhBarrierGetAddressOfReturnAddress
LhBarrierGetCallback
LhBarrierGetCallingModule
LhBarrierGetReturnAddress
LhBarrierPointerToModule
LhEnumModules
LhGetHookBypassAddress
LhInstallHook
LhIsThreadIntercepted
LhSetExclusiveACL
LhSetGlobalExclusiveACL
LhSetGlobalInclusiveACL
LhSetInclusiveACL
LhUninstallAllHooks
LhUninstallHook
LhUpdateModuleInformation
LhWaitForPendingRemovals
ReleaseTestFuncHookResults
RhCreateAndInject
RhCreateStealthRemoteThread
RhGetProcessToken
RhInjectLibrary
RhInstallDriver
RhInstallSupportDriver
RhIsAdministrator
RhIsX64Process
RhIsX64System
RhWakeUpProcess
RtlCreateSuspendedProcess
RtlGetLastError
RtlGetLastErrorString
RtlGetLastErrorStringCopy
RtlInstallService
TestFuncHooks

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reducethelag_v3_64bit_helper.exe
.exe windows:5 windows x64 arch:x64

6b4f00f33b247c0e21e388c528c6b89e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Andrew\Google Drive\reducethelag\hook\reducethelag_v3\Release\reducethelag_v3_64bit_helper.pdb

Imports

ws2_32

__WSAFDIsSet
select
closesocket
WSAGetLastError
recv
accept
listen
ntohs
getsockname
bind
inet_addr
socket
WSAStartup

kernel32

CloseHandle
GetSystemTime
GetCurrentThreadId
GetCurrentProcessId
GetLastError
SetLastError
GetModuleFileNameA
Sleep
CreateProcessA
ProcessIdToSessionId
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateThread
GetProcAddress
GetModuleHandleA
GetModuleHandleW
LoadLibraryW
VirtualAllocEx
WriteProcessMemory
WaitForSingleObject
Module32FirstW
Module32NextW
CreateRemoteThread
GetExitCodeThread
VirtualFreeEx
GetFileAttributesW
FormatMessageW
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW
SetFilePointerEx
HeapSize
WriteConsoleW
SetEndOfFile
ReadFile
ReadConsoleW
LoadLibraryA
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThread
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
DecodePointer
SetEvent
EncodePointer
GetThreadTimes
FreeLibrary
LoadLibraryExW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
MultiByteToWideChar
GetModuleHandleExW
HeapAlloc
HeapFree
GetStdHandle
WriteFile
WideCharToMultiByte
ExitProcess
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
GetFileType
HeapReAlloc
GetStringTypeW
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW

advapi32

CreateProcessAsUserA
ControlService
CloseServiceHandle
StartServiceA
OpenServiceA
OpenSCManagerA
GetUserNameA
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken

easyhook64

RhInjectLibrary

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reducethelag_v3_service.exe
.exe windows:5 windows x86 arch:x86

aebd924b626f555e81210c5a0c5a2fbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Andrew\Google Drive\reducethelag\hook\reducethelag_v3\Release\reducethelag_v3_service.pdb

Imports

wsock32

gethostname
setsockopt
WSAStartup
sendto
gethostbyaddr
getservbyport
inet_addr
htonl
getservbyname
gethostbyname
WSASetLastError
__WSAFDIsSet
select
WSAGetLastError
accept
listen
ntohs
getsockname
bind
htons
ioctlsocket
closesocket
recv
send
connect
socket
recvfrom

ws2_32

WSAIoctl
freeaddrinfo
getaddrinfo

psapi

GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses
DeleteIPAddress
AddIPAddress
GetIpAddrTable

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

GetEnvironmentStringsW
CreateThread
CloseHandle
GetSystemTime
GetLastError
SetLastError
InterlockedDecrement
LocalFree
FormatMessageW
HeapAlloc
GetProcessHeap
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
Sleep
GetFileAttributesA
DeleteFileA
CreateProcessA
GetCurrentProcess
WTSGetActiveConsoleSessionId
GetModuleHandleA
FreeEnvironmentStringsW
GetVersionExW
CreateToolhelp32Snapshot
Process32NextW
OpenProcess
GetLogicalDriveStringsA
SetEnvironmentVariableA
GetBinaryTypeA
GetBinaryTypeW
GetModuleHandleW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
GetFileAttributesW
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
CreatePipe
GetExitCodeProcess
PeekNamedPipe
ReadFile
MoveFileA
ProcessIdToSessionId
GetCurrentProcessId
Process32FirstW
GetModuleFileNameA
SetStdHandle
FlushFileBuffers
GetConsoleCP
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
GetThreadTimes
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileAttributesExW
EnumSystemLocalesW
GetUserDefaultLCID
QueryDosDeviceA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
DuplicateHandle
GetCurrentThread
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LoadLibraryExW
RaiseException
RtlUnwind
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapReAlloc
GetFileType
IsValidLocale

advapi32

CloseServiceHandle
SetSecurityDescriptorDacl
CreateProcessAsUserA
SetTokenInformation
SetNamedSecurityInfoA
SetEntriesInAclW
ConvertStringSidToSidA
GetNamedSecurityInfoA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherW
ControlService
StartServiceA
OpenSCManagerA
DeleteService
OpenServiceA
InitializeSecurityDescriptor
ChangeServiceConfig2W
CreateServiceA
OpenSCManagerW
GetTokenInformation
CreateProcessAsUserW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetUserNameA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

easyhook32

_RhInjectLibrary@28
_RtlGetLastErrorString@0

imagehlp

MapFileAndCheckSumA

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reducethelagv332.dll
.dll windows:5 windows x86 arch:x86

57403f6acd88d807c18940b821fcf62e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Andrew\Google Drive\reducethelag\hook\reducethelag_v3\Release\reducethelagv332.pdb

Imports

wsock32

ntohs
inet_addr
recvfrom
WSAAsyncGetHostByName
htons
sendto
inet_ntoa
ioctlsocket
WSAGetLastError
getpeername
WSASetLastError
gethostbyname
closesocket
bind
listen
accept
setsockopt
WSAStartup
__WSAFDIsSet
select
getsockname
send
socket
connect
recv
getsockopt

ws2_32

getnameinfo
WSAIoctl
WSAStringToAddressA
WSASend
WSACreateEvent
freeaddrinfo
WSASendTo
WSAConnect
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
getaddrinfo
WSASetEvent
WSAGetOverlappedResult
WSARecvFrom
WSARecv
WSASocketA

wininet

HttpOpenRequestA
InternetConnectA

imagehlp

SymInitialize
SymFromAddr

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
RtlCaptureStackBackTrace
GetOverlappedResult
GetSystemTime
CloseHandle
CreateFileA
SetFilePointer
WriteFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
FreeLibrary
CreateProcessW
GetProcAddress
DecodePointer
LoadLibraryA
Sleep
GetModuleHandleA
GetCurrentThreadId
EncodePointer
GetProcessId
OpenThread
GetCurrentProcessId
CreateThread
GetModuleHandleExA
ResumeThread
GetCurrentProcess
GetModuleFileNameA
CreateProcessA
GetLastError
InitializeSListHead
UnhandledExceptionFilter

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
_Xtime_get_ticks
_Thrd_sleep

easyhook32

_RhWakeUpProcess@0
_LhBarrierEndStackTrace@4
_LhInstallHook@16
_RtlGetLastError@0
_LhSetExclusiveACL@12
_RtlGetLastErrorString@0
_RhInjectLibrary@28
_LhBarrierBeginStackTrace@4

vcruntime140

memcpy
__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
strrchr
strchr
strstr
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

_stricmp
strncpy
tolower
strncat
strncmp
strtok

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
free
_callnewh

api-ms-win-crt-stdio-l1-1-0

fopen
__acrt_iob_func
fclose
__stdio_common_vfprintf
__stdio_common_vsprintf

api-ms-win-crt-convert-l1-1-0

atoi
mbstowcs

api-ms-win-crt-time-l1-1-0

_difftime64
_time64

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
_initterm_e
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
terminate

api-ms-win-crt-math-l1-1-0

_except1
ceil

Exports

Exports

_NativeInjectionEntryPoint@4
alternative_entry

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reducethelagv364.dll
.dll windows:6 windows x64 arch:x64

fed69aa87736cf6690bd6c45fe7be844

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Andrew\Google Drive\reducethelag\hook\reducethelag_v3\Release\reducethelagv364.pdb

Imports

wsock32

ntohs
inet_addr
recvfrom
getsockopt
WSAAsyncGetHostByName
ioctlsocket
WSASetLastError
gethostbyname
WSAGetLastError
closesocket
bind
listen
accept
htons
sendto
inet_ntoa
setsockopt
WSAStartup
__WSAFDIsSet
select
getsockname
send
socket
connect
recv
getpeername

ws2_32

freeaddrinfo
WSARecv
WSAWaitForMultipleEvents
WSAResetEvent
getaddrinfo
WSASendTo
WSASetEvent
WSACreateEvent
WSAGetOverlappedResult
WSAConnect
WSARecvFrom
WSASend
WSAStringToAddressA
WSAIoctl
WSACloseEvent
WSASocketA
getnameinfo

wininet

HttpOpenRequestA
InternetConnectA

imagehlp

SymFromAddr
SymInitialize

kernel32

GetModuleHandleW
GetStartupInfoW
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter
OpenThread
RtlCaptureStackBackTrace
GetOverlappedResult
GetSystemTime
CloseHandle
CreateFileA
SetFilePointer
WriteFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
FreeLibrary
CreateProcessW
GetProcAddress
DecodePointer
LoadLibraryA
Sleep
GetModuleHandleA
GetCurrentThreadId
EncodePointer
GetProcessId
RtlCaptureContext
GetCurrentProcessId
CreateThread
GetModuleHandleExA
ResumeThread
GetCurrentProcess
GetModuleFileNameA
InitializeSListHead
GetLastError
CreateProcessA

msvcp140

_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
_Thrd_sleep

easyhook64

RhWakeUpProcess
LhBarrierEndStackTrace
LhInstallHook
RtlGetLastError
LhSetExclusiveACL
RtlGetLastErrorString
RhInjectLibrary
LhBarrierBeginStackTrace

vcruntime140

__CxxFrameHandler3
strchr
strrchr
__C_specific_handler
memcpy
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__std_type_info_destroy_list
strstr

api-ms-win-crt-string-l1-1-0

_stricmp
strncat
strncpy
tolower
strncmp
strcmp
strtok

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
fclose
fopen
__stdio_common_vsprintf

api-ms-win-crt-convert-l1-1-0

atoi
mbstowcs

api-ms-win-crt-time-l1-1-0

_time64
_difftime64

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
_initterm_e
terminate
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-math-l1-1-0

ceil

Exports

Exports

NativeInjectionEntryPoint
alternative_entry

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reducethelagv364_loader.dll
.dll windows:6 windows x64 arch:x64

6a7a9320b192defd1276e46fc40807c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Andrew\Google Drive\reducethelag\hook\reducethelag_v3\Release\reducethelagv364_loader.pdb

Imports

ws2_32

__WSAFDIsSet
closesocket
gethostbyname
select
WSAStartup
send
socket
connect
htons
WSAGetLastError

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
GetCurrentThreadId
GetLastError
GetCurrentProcessId
GetSystemTime
GetModuleFileNameA
LoadLibraryA
CreateThread
GetProcAddress
IsDebuggerPresent

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

vcruntime140

__std_type_info_destroy_list
memset
__C_specific_handler
strrchr
strstr
memcpy

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc

api-ms-win-crt-stdio-l1-1-0

fputs
__stdio_common_vsprintf
fclose
__acrt_iob_func
fopen
__stdio_common_vfprintf

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table
_initialize_narrow_environment

Exports

Exports

DebugProc
rtl_load_dll
rtl_unload_dll

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HKT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleFC.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AddApplication
AddPort
AdvAddRule
AdvExistsRule
AdvRemoveRule
AllowDisallowExceptionsNotAllowed
AllowDisallowIcmpInboundEchoRequest
AllowDisallowIcmpInboundMaskRequest
AllowDisallowIcmpInboundRouterRequest
AllowDisallowIcmpInboundTimestampRequest
AllowDisallowIcmpOutboundDestinationUnreachable
AllowDisallowIcmpOutboundPacketTooBig
AllowDisallowIcmpOutboundParameterProblem
AllowDisallowIcmpOutboundSourceQuench
AllowDisallowIcmpOutboundTimeExceeded
AllowDisallowIcmpRedirect
AreExceptionsNotAllowed
AreNotificationsEnabled
EnableDisableApplication
EnableDisableFirewall
EnableDisableNotifications
EnableDisablePort
IsApplicationAdded
IsApplicationEnabled
IsFirewallEnabled
IsFirewallServiceRunning
IsIcmpTypeAllowed
IsPortAdded
IsPortEnabled
RemoveApplication
RemovePort
RestoreDefaults
StartStopFirewallService

Sections

CODE
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

46f8b6973f33717335c0f6d8087de67b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GetVersion
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
url_helper.exe
.exe windows:5 windows x86 arch:x86

853065638009b2eb22aceed334949cef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Andrew\Google Drive\reducethelag\hook\reducethelag_v3\Release\url_helper.pdb

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

vcruntime140

memset
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__p__commode
_set_fmode
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
__p___argc
_initialize_onexit_table
_c_exit
_exit
_crt_atexit
_controlfp_s
terminate
exit
_cexit
_register_onexit_function
_initterm_e
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_set_app_type
_seh_filter_exe
_initterm

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 148KB - Virtual size: 148KB

DATA Size: 3KB - Virtual size: 2KB

BSS Size: - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.rsrc Size: 7KB - Virtual size: 7KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 3KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 912B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 3KB - Virtual size: 3KB

CODE
Size: 148KB - Virtual size: 148KB

DATA
Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 144B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 628B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 458B

.text
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 78KB - Virtual size: 98KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB