vanta[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

vanta.rar
Size

11.1MB
MD5

f74975d7058b7aca7f012267e7a051bf
SHA1

21b9e63a3cd01ff1f43e5f251d63772d18bde6bc
SHA256

ed0d06600261ca8d38795327291be69b5cf207f40f3e3b8953f0009a9e384342
SHA512

f7e5c8314d3169d015b4cbd12f383ea4e52b445a05ec9255bc9e78d2a21bfd03f4993705df05449d43e4d629b2be516d7dc5dcf23428b19ca1cd702bf2f5b343
SSDEEP

196608:DiyUR1PQ/pk5ruWwg6pndpQlZlMmHyYtUY+8Vws1ZeB/OgtQfqJhhW8w:Div9QBk5q3pglZ6kUY+8C1/5toqJhhxw

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/x64/Release/GeforceNOW.exe
unpack001/x64/Release/mapper.exe

Files

vanta.rar
.rar
Selfed.sln
Selfed/.gitignore
Selfed/D3DX/d3dx11.lib
Selfed/D3DX/d3dx9.h
Selfed/D3DX/d3dx9.lib
Selfed/D3DX/d3dx9anim.h
Selfed/D3DX/d3dx9core.h
Selfed/D3DX/d3dx9effect.h
Selfed/D3DX/d3dx9math.h
Selfed/D3DX/d3dx9math.inl
Selfed/D3DX/d3dx9mesh.h
Selfed/D3DX/d3dx9shader.h
Selfed/D3DX/d3dx9shape.h
Selfed/D3DX/d3dx9tex.h
Selfed/D3DX/d3dx9xof.h
Selfed/Makefile.am
Selfed/OVERLAY.h
Selfed/RCa22384
Selfed/SKD.h
Selfed/Selfed.rc
Selfed/Selfed.vcxproj
.xml
Selfed/Selfed.vcxproj.filters
Selfed/Selfed.vcxproj.user
Selfed/Selfed1.aps
Selfed/Selfed1.rc
Selfed/aimkey.h
Selfed/auth.h
Selfed/blowfish.obj
Selfed/cache.h
Selfed/controlelr.h
Selfed/defs.h
Selfed/draw.h
Selfed/driver.hpp
Selfed/esp.hpp
Selfed/grdv/binary/bytes.h
Selfed/grdv/binary/dropper.h
Selfed/grdv/global.h
Selfed/grdv/hde/hde64.c
Selfed/grdv/hde/hde64.h
Selfed/grdv/hde/table64.h
Selfed/grdv/utils/ntdll.h
Selfed/imgui/GLFW/glfw3.h
Selfed/imgui/GLFW/glfw3native.h
Selfed/imgui/ImGui MISC/animations.h
Selfed/imgui/ImGui MISC/notify.h
Selfed/imgui/custom.cpp
Selfed/imgui/custom.hpp
Selfed/imgui/imconfig.h
Selfed/imgui/imgui.cpp
Selfed/imgui/imgui.h
Selfed/imgui/imgui.natvis
.xml
Selfed/imgui/imgui_draw.cpp
Selfed/imgui/imgui_impl_android.h
Selfed/imgui/imgui_impl_dx9.cpp
Selfed/imgui/imgui_impl_dx9.h
Selfed/imgui/imgui_impl_win32.cpp
Selfed/imgui/imgui_impl_win32.h
Selfed/imgui/imgui_internal.h
Selfed/imgui/imgui_tables.cpp
Selfed/imgui/imgui_tricks.cpp
Selfed/imgui/imgui_tricks.hpp
Selfed/imgui/imgui_widgets.cpp
Selfed/imgui/imstb_rectpack.h
Selfed/imgui/imstb_textedit.h
Selfed/imgui/imstb_truetype.h
Selfed/imgui/vulkan/generate_spv.sh
.sh linux
Selfed/imgui/vulkan/glsl_shader.frag
Selfed/imgui/vulkan/glsl_shader.vert
Selfed/imports.h
Selfed/keygen64.lib
Selfed/libcurl.lib
Selfed/library_x64.lib
Selfed/main.cpp
Selfed/main.h
Selfed/mouse.hpp
Selfed/obsidium64.lib
Selfed/protect/SDK/keygen64.dll
.dll windows:6 windows x64 arch:x64

749e98e56844c5a066e829cd37b6dee6

Code Sign

f3:bd:80:d8:bf:c9:ce:d7:21:49:ba:d0:a7:a2:5b:cc
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-11-2020 00:00

Not After

19-11-2022 23:59

Subject

CN=Martin Tofall,O=Martin Tofall,POSTALCODE=33175,STREET=Paul-Fürstenberg-Straße 14,L=Bad Lippspringe,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:84:ae:1e:98:03:fd:9b:5a:bf:9c:2c:2b:25:d6:d3:6a:5b:0d:d4:ec:86:8e:43:a2:fc:cf:b2:77:1f:3a:c2
Signer

Actual PE Digest

60:84:ae:1e:98:03:fd:9b:5a:bf:9c:2c:2b:25:d6:d3:6a:5b:0d:d4:ec:86:8e:43:a2:fc:cf:b2:77:1f:3a:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

setupapi

CM_Get_Parent

version

GetFileVersionInfoW

kernel32

GetTimeFormatW
GetModuleHandleA

user32

DestroyIcon
CreateWindowExW

advapi32

CryptGenRandom
RegisterEventSourceW

shell32

SHGetFileInfoW
ShellAboutW

ole32

StringFromGUID2

shlwapi

StrCmpLogicalW

Exports

Exports

CompareSystemIds
CompareSystemIdsW
ConvertLicenseLongToBin
ConvertLicenseLongToStr
GenerateAppCertificate
GenerateLicenseLong
GenerateLicenseLongW
GenerateLicenseShort
GenerateLicenseShortW
GenerateServerConfiguration
GenerateSignature
GenerateSignatureFromFile
GenerateSignatureFromFileW
GenerateSignatureW
GetLicenseHash
VerifyLicenseLong
VerifyLicenseLongW
VerifyLicenseShort
VerifyLicenseShortW
VerifySignature
VerifySignatureFromFile
VerifySignatureFromFileW
VerifySignatureW

Sections

.text
Size: - Virtual size: 955KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

.data
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Selfed/protect/SDK/keygen64.h
Selfed/protect/SDK/obsidium.h
Selfed/protect/SDK/obsidium64.a
Selfed/protect/SDK/obsidium64.def
Selfed/protect/SDK/obsidium64.dll
.dll windows:6 windows x64 arch:x64

d7abc9f08ea9c7772ea0a9736b2816f4

Code Sign

f3:bd:80:d8:bf:c9:ce:d7:21:49:ba:d0:a7:a2:5b:cc
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-11-2020 00:00

Not After

19-11-2022 23:59

Subject

CN=Martin Tofall,O=Martin Tofall,POSTALCODE=33175,STREET=Paul-Fürstenberg-Straße 14,L=Bad Lippspringe,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:14:85:03:59:d1:71:a7:0c:75:2e:e1:3f:9c:fe:94:1c:df:fd:c1:a9:44:ff:c3:06:e0:3a:0c:19:d0:d7:62
Signer

Actual PE Digest

1f:14:85:03:59:d1:71:a7:0c:75:2e:e1:3f:9c:fe:94:1c:df:fd:c1:a9:44:ff:c3:06:e0:3a:0c:19:d0:d7:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleExW
GetModuleHandleA

shell32

PathMakeUniqueName

advapi32

GetUserNameA

user32

PeekMessageA

Exports

Exports

obsBlacklistLicenses
obsConvertLicenseToBinary
obsConvertLicenseToString
obsDecTrialCounter
obsDeleteLicenseData
obsDeleteTrialData
obsDisableLicense
obsEncDecData
obsGetActiveLicensingSystem
obsGetCustomValue
obsGetExpirationDate
obsGetInitialTrialCounter
obsGetInitialTrialDays
obsGetInitialTrialRuns
obsGetInstanceCount
obsGetLicenseCreation
obsGetLicenseData
obsGetLicenseExpiration
obsGetLicenseHash
obsGetLicenseInfo
obsGetLicenseInfoEx
obsGetLicenseInfoExW
obsGetLicenseInfoW
obsGetLicenseStatus
obsGetLicenseSystemId
obsGetProtectionDate
obsGetSystemId
obsGetTrialCounter
obsGetTrialDays
obsGetTrialEndDate
obsGetTrialIdentifier
obsGetTrialRuns
obsIsLicensed
obsIsProtected
obsIsVm
obsNetLicConnect
obsNetLicDisconnect
obsNetLicGetAppCertId
obsNetLicGetAppCertName
obsNetLicGetAppCertUserData
obsNetLicRegisterCallback
obsReloadLicense
obsReprotectString
obsSecureString
obsSecureStringW
obsSetExternalKey
obsSetLicense
obsSetLicenseShort
obsSetLicenseShortW
obsSetLicenseW
obsStoreLicense
obsStoreLicenseShort
obsStoreLicenseShortW
obsStoreLicenseW
obsUsbDecrypt
obsUsbEncrypt
obsUsbEnumDevices
obsUsbExecute
obsUsbGetDeviceId
obsUsbGetLicenseDeviceId
obsUsbReadData
obsUsbRegisterCallback
obsUsbWriteData
obsVerifyLicense
obsVerifyLicenseShort
obsVerifyLicenseShortW
obsVerifySignatureData
obsVerifySignatureFile
obsVerifySignatureFileW

Sections

.reloc
Size: - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

.pexe
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Selfed/protect/SDK/obsidium64.h
Selfed/protect/SDK/obsidiumlib.obj
Selfed/protect/antiDbg.h
Selfed/protect/anti_vm.h
Selfed/protect/auth.hpp
Selfed/protect/blowfish/blowfish.cpp
Selfed/protect/blowfish/blowfish.h
Selfed/protect/lazy.h
Selfed/protect/obfuscator.hpp
Selfed/protect/process.h
Selfed/protect/skCrypt.h
Selfed/protect/xorstr.h
Selfed/resource.h
Selfed/resource1.h
Selfed/settings.h
Selfed/shit.h
Selfed/spoofer.h
Selfed/test menu.h
Selfed/x64/Release/Geforce Now.exe.recipe
Selfed/x64/Release/GeforceNOW.Build.CppClean.log
Selfed/x64/Release/GeforceNOW.exe.recipe
Selfed/x64/Release/GeforceNOW.iobj
Selfed/x64/Release/GeforceNOW.ipdb
Selfed/x64/Release/Selfed.exe.recipe
Selfed/x64/Release/Selfed.log
Selfed/x64/Release/Selfed.tlog/CL.command.1.tlog
Selfed/x64/Release/Selfed.tlog/CL.read.1.tlog
Selfed/x64/Release/Selfed.tlog/CL.write.1.tlog
Selfed/x64/Release/Selfed.tlog/Cl.items.tlog
Selfed/x64/Release/Selfed.tlog/Selfed.lastbuildstate
Selfed/x64/Release/Selfed.tlog/link.command.1.tlog
Selfed/x64/Release/Selfed.tlog/link.read.1.tlog
Selfed/x64/Release/Selfed.tlog/link.write.1.tlog
Selfed/x64/Release/Selfed.tlog/rc.command.1.tlog
Selfed/x64/Release/Selfed.tlog/rc.read.1.tlog
Selfed/x64/Release/Selfed.tlog/rc.write.1.tlog
Selfed/x64/Release/Selfed1.res
Selfed/x64/Release/blowfish.obj
Selfed/x64/Release/driver.obj
Selfed/x64/Release/imgui.obj
Selfed/x64/Release/imgui_draw.obj
Selfed/x64/Release/imgui_impl_dx9.obj
Selfed/x64/Release/imgui_impl_win32.obj
Selfed/x64/Release/imgui_tables.obj
Selfed/x64/Release/imgui_widgets.obj
Selfed/x64/Release/main.obj
Selfed/x64/Release/vc143.pdb
Selfed/xor.hpp
x64/Release/GeforceNOW.exe
.exe windows:6 windows x64 arch:x64

14f77dfd22a58c72c97ecf622d70c38e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\codys\Downloads\vanta\vanta\x64\Release\GeforceNOW.pdb

Imports

d3d9

Direct3DCreate9Ex

kernel32

GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
FindClose
HeapSize
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
OutputDebugStringW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetFileAttributesA
GetTickCount
lstrcmpiA
GetConsoleWindow
GetLastError
Sleep
CreateToolhelp32Snapshot
CreateFileW
SetConsoleWindowInfo
TerminateProcess
VirtualAlloc
DeviceIoControl
GetStdHandle
SetConsoleScreenBufferSize
GetCurrentProcess
SetConsoleTitleA
VirtualFree
GetConsoleScreenBufferInfo
VirtualProtect
Process32First
Beep
CreateThread
ReadFile
QueryPerformanceCounter
CloseHandle
Process32Next
FindFirstFileW
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GlobalAlloc
GlobalFree
UnhandledExceptionFilter
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA

user32

GetForegroundWindow
ClientToScreen
ScreenToClient
LoadCursorA
GetKeyState
GetAsyncKeyState
SendInput
SetForegroundWindow
FindWindowA
SetCursorPos
GetDesktopWindow
GetClientRect
TranslateMessage
MessageBoxA
SetWindowLongA
ShowWindow
SetCursor
GetClipboardData
SetClipboardData
GetCursorPos
OpenClipboard
GetSystemMetrics
DestroyWindow
GetWindowRect
DispatchMessageA
EmptyClipboard
PeekMessageA
CloseClipboard

advapi32

CryptEncrypt
CryptGenRandom
CryptAcquireContextA
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptReleaseContext

shell32

ShellExecuteA
Shell_NotifyIconA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

msvcp140

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Query_perf_counter
_Thrd_detach
_Xtime_get_ticks
_Mtx_unlock
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

xinput1_4

ord2

normaliz

IdnToAscii

wldap32

ord32
ord33
ord35
ord79
ord30
ord217
ord26
ord22
ord143
ord41
ord50
ord45
ord60
ord211
ord46
ord27
ord200
ord301

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

ws2_32

ioctlsocket
__WSAFDIsSet
select
getaddrinfo
send
recv
freeaddrinfo
closesocket
recvfrom
sendto
gethostname
ntohl
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
listen
ntohs
htonl
setsockopt
accept

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
strrchr
strchr
memset
memmove
memcpy
memchr
_CxxThrowException
__C_specific_handler
__std_exception_copy
__std_exception_destroy
__std_terminate
__current_exception_context
memcmp
strstr

api-ms-win-crt-stdio-l1-1-0

fputc
ftell
__stdio_common_vsprintf
__acrt_iob_func
fflush
feof
fputs
_open
fclose
fopen
fseek
_write
_read
__p__commode
_lseeki64
_set_fmode
_popen
_wfopen
fgets
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
__stdio_common_vfprintf
__stdio_common_vsscanf
setvbuf
fgetpos
_close
__stdio_common_vsnprintf_s
_pclose
fgetc
fwrite
fread

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

isupper
strncpy
strpbrk
strcmp
_strdup
strncmp
strcspn
strspn
tolower

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
_set_new_mode
calloc
_callnewh

api-ms-win-crt-convert-l1-1-0

atof
strtod
strtoull
strtol
strtoul
strtoll
atoi

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_errno
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
strerror
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_getpid
__sys_nerr
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
system
_resetstkoflw
exit
abort
terminate

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_stat64
_access
_unlock_file
_unlink
_fstat64
_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

api-ms-win-crt-math-l1-1-0

sqrtf
sqrt
atan2f
atan2
sinf
asin
pow
acosf
_dclass
tanf
fmodf
ceilf
powf
__setusermatherr
cosf

Sections

.text
Size: 802KB - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/GeforceNOW.pdb
x64/Release/mapper.exe
.exe windows:6 windows x64 arch:x64

87877434cc5ccb8c3f984e3dd6b73bb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\bizzy\Downloads\kdmapper\kdmapper-master\x64\Debug\kdmapper.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
DeviceIoControl
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcessId
HeapDestroy
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetTempPathW
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
SetLastError
GetLastError
CloseHandle
DecodePointer
GetCurrentThreadId
CreateFileW
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringW
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
GetModuleHandleW
AreFileApisANSI
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
FreeLibrary

user32

UnregisterClassW

advapi32

RegSetKeyValueW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
RegDeleteTreeW

msvcp140d

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0_Lockit@std@@QEAA@H@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140d

__std_type_info_destroy_list
__C_specific_handler_noexcept
__current_exception_context
__current_exception
memcmp
__C_specific_handler
__std_exception_destroy
__std_exception_copy
memset
memmove
memcpy
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
_CxxThrowException
__vcrt_LoadLibraryExW

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
_set_fmode
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_set_app_type
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_callnewh
_recalloc
_errno
_invalid_parameter_noinfo
terminate
_seh_filter_exe
_malloc_dbg
_free_dbg
system
_wcsicmp
_unlock_file
_lock_file
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_wremove
_CrtDbgReportW
_CrtDbgReport
_calloc_dbg
rand
srand
malloc
free
strlen
_stricmp
wcslen
wcscpy_s
_invalid_parameter
_cexit
_crt_at_quick_exit
_crt_atexit
___lc_codepage_func
_execute_onexit_table
_time64

Sections

.textbss
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/racballs.sys
.sys windows:10 windows x64 arch:x64

dab06766af6787054a656ec789a0ae81

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10-11-2021 00:00

Not After

09-11-2024 23:59

Subject

CN=Hangil IT Co.\, Ltd,O=Hangil IT Co.\, Ltd,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:6b:16:07:bc:67:3c:07:db:ae:2f:bb:c3:11:05:58:52:75:1a:8c
Signer

Actual PE Digest

fe:6b:16:07:bc:67:3c:07:db:ae:2f:bb:c3:11:05:58:52:75:1a:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Racmaster32\Desktop\SkarDriver-Ioctl-main\x64\Release\racballs.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlGetVersion
ExAllocatePool
ExAllocatePoolWithTag
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmCopyMemory
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

749e98e56844c5a066e829cd37b6dee6

Code Sign

f3:bd:80:d8:bf:c9:ce:d7:21:49:ba:d0:a7:a2:5b:ccCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

60:84:ae:1e:98:03:fd:9b:5a:bf:9c:2c:2b:25:d6:d3:6a:5b:0d:d4:ec:86:8e:43:a2:fc:cf:b2:77:1f:3a:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

version

kernel32

user32

advapi32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 955KB

.rsrc Size: - Virtual size: 194KB

.rdata Size: - Virtual size: 41KB

.reloc Size: - Virtual size: 52KB

.data Size: - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 1KB

.rdata Size: 97KB - Virtual size: 96KB

d7abc9f08ea9c7772ea0a9736b2816f4

Code Sign

f3:bd:80:d8:bf:c9:ce:d7:21:49:ba:d0:a7:a2:5b:ccCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

1f:14:85:03:59:d1:71:a7:0c:75:2e:e1:3f:9c:fe:94:1c:df:fd:c1:a9:44:ff:c3:06:e0:3a:0c:19:d0:d7:62Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

advapi32

user32

Exports

Exports

Sections

.reloc Size: - Virtual size: 174KB

.rsrc Size: - Virtual size: 77KB

.text Size: - Virtual size: 138KB

.text Size: - Virtual size: 12KB

f3:bd:80:d8:bf:c9:ce:d7:21:49:ba:d0:a7:a2:5b:cc
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

60:84:ae:1e:98:03:fd:9b:5a:bf:9c:2c:2b:25:d6:d3:6a:5b:0d:d4:ec:86:8e:43:a2:fc:cf:b2:77:1f:3a:c2
Signer

.text
Size: - Virtual size: 955KB

.rsrc
Size: - Virtual size: 194KB

.rdata
Size: - Virtual size: 41KB

.reloc
Size: - Virtual size: 52KB

.data
Size: - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 1KB

.rdata
Size: 97KB - Virtual size: 96KB

f3:bd:80:d8:bf:c9:ce:d7:21:49:ba:d0:a7:a2:5b:cc
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

1f:14:85:03:59:d1:71:a7:0c:75:2e:e1:3f:9c:fe:94:1c:df:fd:c1:a9:44:ff:c3:06:e0:3a:0c:19:d0:d7:62
Signer

.reloc
Size: - Virtual size: 174KB

.rsrc
Size: - Virtual size: 77KB

.text
Size: - Virtual size: 138KB

.text
Size: - Virtual size: 12KB

.pexe
Size: - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.data
Size: 97KB - Virtual size: 97KB

.text
Size: 802KB - Virtual size: 802KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 28KB - Virtual size: 35KB

.pdata
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 159KB

.text
Size: 359KB - Virtual size: 359KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 2KB - Virtual size: 15KB

.pdata
Size: 27KB - Virtual size: 27KB

.idata
Size: 16KB - Virtual size: 16KB

.msvcjmc
Size: 2KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B