d44e946439362a5c6ed37c292c1e7818

Sharing

Copy URL

Twitter E-mail

General

Target

d44e946439362a5c6ed37c292c1e7818
Size

6.4MB
MD5

d44e946439362a5c6ed37c292c1e7818
SHA1

0bb3bc295096630b412dbbf8561349042de70e85
SHA256

0e01936d97159c8da1f0dcd0ff018e84dc873b355bbfbd4c1aa2011bcaa64ac1
SHA512

e72fe7261401ab725bf2472c9ef22c3150f39cae5b32107181a0e82154e63da2bc54fb0bc5cebe50774ff9b4bcf5ce07fa0938f59ded0c2b8b305fbaab8e9f7e
SSDEEP

196608:u82VG1y34liiPBTFxXZo/28KpDl3p50zyYwc:5AG1iIBjXZoXKzp5GyG

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rld.mp3/MaxPayne3.exe
unpack001/rld.mp3/binkw32.dll
unpack001/rld.mp3/gsrld.dll

Files

d44e946439362a5c6ed37c292c1e7818
.rar
rld.mp3/MaxPayne3.exe
.exe windows:5 windows x86 arch:x86

4fb58ae5317e3a93d76c673cd0ec8070

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\payne\build\dev\MaxPayne3.pdb

Imports

kernel32

CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetErrorMode
ResetEvent
CompareStringW
SetEnvironmentVariableA
CreateFileW
RtlUnwind
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
RaiseException
GetConsoleMode
GetConsoleCP
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
SetHandleCount
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
PeekNamedPipe
GetFileInformationByHandle
SetUnhandledExceptionFilter
GetModuleHandleExA
GetVersionExA
InterlockedIncrement
InterlockedDecrement
GetLastError
MultiByteToWideChar
lstrlenA
CloseHandle
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetDiskFreeSpaceExA
GetProcAddress
FreeLibrary
LoadLibraryA
GetUserDefaultUILanguage
WideCharToMultiByte
GlobalMemoryStatusEx
GetNativeSystemInfo
CreateDirectoryA
SwitchToThread
InterlockedExchangeAdd
InterlockedExchange
FoldStringW
SetThreadPriority
GetThreadPriority
OpenThread
GetProcessAffinityMask
GetCurrentProcess
TerminateProcess
QueryPerformanceFrequency
WaitForMultipleObjects
CreateEventA
Sleep
OpenFile
ExitProcess
VirtualAlloc
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
CreateMutexA
ReleaseMutex
GetSystemInfo
ResumeThread
ExitThread
GetCurrentThread
GetCurrentThreadId
CreateThread
QueryPerformanceCounter
GetModuleHandleA
SetEvent
InterlockedCompareExchange
WriteFile
CreateFileA
DeleteFileA
FindClose
FindFirstFileA
LocalFree
FormatMessageA
SetFilePointer
SetFilePointerEx
ReadFile
GetFileSizeEx
SetFileTime
GetFileAttributesA
SetFileAttributesA
FindNextFileA
SetEndOfFile
MoveFileA
RemoveDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
LoadLibraryW
SetThreadExecutionState
GetVersion
OutputDebugStringA
LoadLibraryExA
CreateProcessA
GetOverlappedResult
GetTickCount
GetTempPathA
InitializeCriticalSection
EnterCriticalSection
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead
GetModuleFileNameA
GetModuleHandleW
GetCommandLineA
GetStartupInfoA
GetDriveTypeA
GetFullPathNameA
GetSystemTimeAsFileTime
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameW

binkw32

_BinkSetMemory@8
_BinkSetSoundTrack@8
_BinkDoFrameAsyncWait@8
_BinkPause@8
_BinkWait@4
_BinkSetSpeakerVolumes@20
_BinkGetRealtime@12
_BinkControlBackgroundIO@8
_BinkSetVolume@12
_BinkSetFrameRate@8
_BinkFreeGlobals@0
_BinkOpenXAudio2@4
_BinkSetSoundSystem@8
_BinkRequestStopAsyncThread@4
_BinkWaitStopAsyncThread@4
_BinkStartAsyncThread@8
_BinkSetIOSize@4
_BinkOpen@8
_BinkGetFrameBuffersInfo@8
_BinkRegisterFrameBuffers@8
_BinkClose@4
_BinkGetKeyFrame@12
_BinkGoto@12
_BinkDoFrame@4
_BinkNextFrame@4
_BinkShouldSkip@4
_BinkDoFrameAsync@12
_BinkGetError@0

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

rpcrt4

UuidCreateSequential

dsound

ord6
ord8
ord3
ord9
ord1

psapi

GetPerformanceInfo
EnumProcessModules
GetModuleFileNameExA

ws2_32

shutdown
htonl
inet_ntoa
recvfrom
ntohl
WSAStartup
WSACleanup
getsockname
accept
sendto
setsockopt
select
htons
ntohs
WSAGetLastError
send
recv
ioctlsocket
closesocket
gethostbyname
inet_addr
gethostname
connect
socket
listen
bind
__WSAFDIsSet

d3dcompiler_43

D3DReflect

dinput8

DirectInput8Create

user32

GetParent
GetSystemMetrics
DestroyWindow
UnregisterClassA
MapWindowPoints
SetWindowLongA
SetForegroundWindow
SetWindowPos
GetMonitorInfoA
IsWindowUnicode
SendMessageA
GetForegroundWindow
DefWindowProcW
SetWindowPlacement
ReleaseCapture
SetCapture
GetWindowPlacement
GetWindowLongA
IsWindowVisible
PostMessageA
DispatchMessageA
PeekMessageA
TranslateMessage
LoadIconA
LoadCursorA
RegisterClassA
GetDC
ReleaseDC
SetRect
AdjustWindowRect
CreateWindowExA
UpdateWindow
SetFocus
GetClientRect
GetCursorPos
SystemParametersInfoA
ToUnicodeEx
MapVirtualKeyExA
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
GetKeyboardLayout
GetKeyboardType
GetWindowThreadProcessId
GetGUIThreadInfo
GetKeyState
GetKeyboardState
CharLowerBuffA
MessageBoxW
ShowWindow
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDesktopWindow
ShowCursor
ClipCursor
GetWindowRect

gdi32

ExtEscape
CreateDCA
DeleteDC
GetStockObject
GetDeviceCaps

advapi32

RegEnumKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

ole32

CoSetProxyBlanket
CoInitialize
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun

oleaut32

GetErrorInfo
VariantInit
VariantClear
SysFreeString
SysAllocString

Sections

.rld0
Size: 13.6MB - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rld2
Size: 4.1MB - Virtual size: 270.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rld3
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.OQntEF
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rld.mp3/binkw32.dll
.dll windows:5 windows x86 arch:x86

a9dbeed0559439e5d94d85ea22ea38f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\bink\build\binkw32.pdb

Imports

user32

GetTopWindow
GetWindowLongA
GetActiveWindow
GetWindowThreadProcessId
GetWindow
EndPaint
ClientToScreen
DestroyWindow
SetCursor
ScreenToClient
GetWindowRect
IsIconic
GetClientRect
BeginPaint
GetDC
ShowCursor
UnregisterClassA
CreateWindowExA
PeekMessageA
ReleaseDC
DefWindowProcA
GetCursorPos
GetSystemMetrics
IsWindowVisible
ChangeDisplaySettingsA
GetClassLongA
RegisterClassA
MessageBoxA

gdi32

CreateDIBSection
GetDeviceCaps
StretchBlt
GetDIBits
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
GetPixel
DeleteDC

kernel32

EnterCriticalSection
RaiseException
ReleaseSemaphore
SetThreadPriority
CreateSemaphoreA
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThread
WaitForSingleObject
SetUnhandledExceptionFilter
TlsGetValue
HeapCreate
HeapFree
GetThreadPriority
CreateMutexA
DeleteCriticalSection
SetThreadAffinityMask
ReleaseMutex
TlsAlloc
ResumeThread
CreateThread
LocalAlloc
TlsSetValue
SetFilePointer
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleFileNameA
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
Sleep
GetSystemInfo
GetCurrentProcessId
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetEnvironmentVariableA
QueryPerformanceFrequency
CreateFileA
InterlockedExchange
ReadFile
GetLastError
CloseHandle
TerminateProcess
GetCurrentProcess
DisableThreadLibraryCalls
HeapAlloc

winmm

waveOutSetVolume
waveOutReset
waveOutRestart
waveOutPause
waveOutWrite
waveOutClose
timeGetTime
timeEndPeriod
timeBeginPeriod
waveOutPrepareHeader
waveOutOpen
waveOutUnprepareHeader

ole32

CoCreateInstance
CoInitializeEx

Exports

Exports

_BinkBufferBlit@12
_BinkBufferCheckWinPos@12
_BinkBufferClear@8
_BinkBufferClose@4
_BinkBufferGetDescription@4
_BinkBufferGetError@0
_BinkBufferLock@4
_BinkBufferOpen@16
_BinkBufferSetDirectDraw@8
_BinkBufferSetHWND@8
_BinkBufferSetOffset@12
_BinkBufferSetResolution@12
_BinkBufferSetScale@12
_BinkBufferUnlock@4
_BinkCheckCursor@20
_BinkClose@4
_BinkCloseTrack@4
_BinkControlBackgroundIO@8
_BinkControlPlatformFeatures@8
_BinkCopyToBuffer@28
_BinkCopyToBufferRect@44
_BinkDDSurfaceType@4
_BinkDX8SurfaceType@4
_BinkDX9SurfaceType@4
_BinkDoFrame@4
_BinkDoFrameAsync@12
_BinkDoFrameAsyncWait@8
_BinkDoFramePlane@8
_BinkFreeGlobals@0
_BinkGetError@0
_BinkGetFrameBuffersInfo@8
_BinkGetKeyFrame@12
_BinkGetPalette@4
_BinkGetPlatformInfo@8
_BinkGetRealtime@12
_BinkGetRects@8
_BinkGetSummary@8
_BinkGetTrackData@8
_BinkGetTrackID@8
_BinkGetTrackMaxSize@8
_BinkGetTrackType@8
_BinkGoto@12
_BinkIsSoftwareCursor@8
_BinkLogoAddress@0
_BinkNextFrame@4
_BinkOpen@8
_BinkOpenDirectSound@4
_BinkOpenMiles@4
_BinkOpenTrack@8
_BinkOpenWaveOut@4
_BinkOpenWithOptions@12
_BinkOpenXAudio2@4
_BinkPause@8
_BinkRegisterFrameBuffers@8
_BinkRequestStopAsyncThread@4
_BinkRestoreCursor@4
_BinkService@4
_BinkSetError@4
_BinkSetFileOffset@8
_BinkSetFrameRate@8
_BinkSetIO@4
_BinkSetIOSize@4
_BinkSetMemory@8
_BinkSetPan@12
_BinkSetSimulate@4
_BinkSetSoundOnOff@8
_BinkSetSoundSystem@8
_BinkSetSoundTrack@8
_BinkSetSpeakerVolumes@20
_BinkSetVideoOnOff@8
_BinkSetVolume@12
_BinkSetWillLoop@8
_BinkShouldSkip@4
_BinkStartAsyncThread@8
_BinkWait@4
_BinkWaitStopAsyncThread@4
_RADTimerRead@0

Sections

.rld0
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld1
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld2
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld5
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld6
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld7
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld8
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rld9
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rld10
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rld11
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rld12
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rld13
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rld14
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rld15
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/Clouds.xml
.xml
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/CoverData.xml
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/MAPAREA.IPL
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/SpatialData.xml
.xml
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/anim.list
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/audOcclusionPaths.dat
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/cascade_shadows.dat
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/checkpoints.xml
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/images.txt
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/minimap.xml
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/networkleveldata.xml
.xml
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/occl.ipl
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/pedgrp.dat
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/popcycle.dat
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/sev_pesdata.xml
.xml
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/shorelines.dat
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/streamhelpers.dat
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/v_cemet.dat
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/weather.dat
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/worldblanket.dat
rld.mp3/dlc/cemetery_pack/common/data/levels/v_cemet/zonebind.dat
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/interiors/v_mauzneint.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_1stcem.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_doors.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_funhmei.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_mauzne.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_rotgdn.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_script.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_snip01.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_sniper.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_veg.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/props/mp_p_veg2.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/timecycle/timecycle.xml
.xml
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_bg_nw.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_bg_nw.wpl
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_funhme.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_funhme.wpl
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_mauapr.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_mauapr.wpl
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_mauzne.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_mauzne.wpl
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_rotgdn.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_rotgdn.wpl
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_sniper.ide
rld.mp3/dlc/cemetery_pack/platform/levels/v_cemet/v_sniper.wpl
rld.mp3/dlc/cemetery_pack/rsetup.xml
rld.mp3/dlc/cemetery_pack/setup.xml
rld.mp3/dlc/cemetery_pack/unlocking_rules_cemetery_pack.xml
rld.mp3/dlc/cemetery_pack/unlocks_cemetery_pack.xml
rld.mp3/dlc/content.xml
.xml
rld.mp3/dlc/deadly_force_pack/rsetup.xml
rld.mp3/dlc/deadly_force_pack/setup.xml
rld.mp3/dlc/deadly_force_pack/unlocking_rules_deadly_force.xml
rld.mp3/dlc/deadly_force_pack/unlocks_deadly_force.xml
rld.mp3/dlc/gorilla_warfare/rsetup.xml
rld.mp3/dlc/gorilla_warfare/setup.xml
rld.mp3/dlc/gorilla_warfare/unlocking_rules_lo_item_bundle.xml
rld.mp3/dlc/gorilla_warfare/unlocks_lo_item_bundle.xml
rld.mp3/dlc/max_payne_1_pack/rsetup.xml
rld.mp3/dlc/max_payne_1_pack/setup.xml
rld.mp3/dlc/max_payne_1_pack/unlocking_rules_max_payne_1.xml
rld.mp3/dlc/max_payne_1_pack/unlocks_max_payne_1.xml
rld.mp3/dlc/pill_bottle_pack/rsetup.xml
rld.mp3/dlc/pill_bottle_pack/setup.xml
rld.mp3/dlc/pill_bottle_pack/unlocking_rules_pill_bottle.xml
rld.mp3/dlc/pill_bottle_pack/unlocks_pill_bottle.xml
rld.mp3/dlc/silent_killer_pack/rsetup.xml
rld.mp3/dlc/silent_killer_pack/setup.xml
rld.mp3/dlc/silent_killer_pack/unlocking_rules_silent_killer.xml
rld.mp3/dlc/silent_killer_pack/unlocks_silent_killer.xml
rld.mp3/dlc/special_ed_pack/rsetup.xml
rld.mp3/dlc/special_ed_pack/setup.xml
rld.mp3/dlc/special_ed_pack/unlocking_rules_special_edition.xml
rld.mp3/dlc/special_ed_pack/unlocks_special_edition.xml
rld.mp3/gsrld.dll
.dll windows:5 windows x86 arch:x86

6ebdea122e4556376f303dc5fa678bf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcmpA
MultiByteToWideChar
lstrcmpiA
LoadLibraryA
lstrcmpiW
ExitProcess
HeapCreate
GetModuleHandleA
VirtualProtect
GetProcAddress

user32

MessageBoxA
wsprintfA

oleaut32

SysAllocString

Exports

Exports

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 813B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RLD0
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RLD1
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rld.mp3/profiles/010FE371/Titles/Max Payne 3/achievements.dat
rld.mp3/profiles/010FE371/profile.dat
rld.mp3/profiles/autosignin.dat
rld.mp3/reloaded.nfo

Sharing

General

Malware Config

Signatures

Files

4fb58ae5317e3a93d76c673cd0ec8070

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

binkw32

winmm

rpcrt4

dsound

psapi

ws2_32

d3dcompiler_43

dinput8

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.rld0 Size: 13.6MB - Virtual size: 13.6MB

.rld1 Size: 2.0MB - Virtual size: 2.0MB

.rld2 Size: 4.1MB - Virtual size: 270.1MB

.rld3 Size: 28KB - Virtual size: 27KB

.rsrc Size: 205KB - Virtual size: 204KB

.reloc Size: 1.6MB - Virtual size: 1.6MB

.OQntEF Size: 1024B - Virtual size: 722B

a9dbeed0559439e5d94d85ea22ea38f2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

kernel32

winmm

ole32

Exports

Exports

Sections

.rld0 Size: 6KB - Virtual size: 6KB

.rld1 Size: 512B - Virtual size: 432B

.rld2 Size: 2KB - Virtual size: 2KB

.rld3 Size: 2KB - Virtual size: 2KB

.rld4 Size: 4KB - Virtual size: 4KB

.rld5 Size: 5KB - Virtual size: 4KB

.rld6 Size: 113KB - Virtual size: 112KB

.rld7 Size: 2KB - Virtual size: 2KB

.rld8 Size: - Virtual size: 34KB

.rld9 Size: 6KB - Virtual size: 6KB

.rld10 Size: 15KB - Virtual size: 14KB

.rld11 Size: 21KB - Virtual size: 21KB

.rld12 Size: 12KB - Virtual size: 11KB

.rld13 Size: 512B - Virtual size: 56B

.rld14 Size: 512B - Virtual size: 159B

.rsrc Size: 19KB - Virtual size: 19KB

.rld15 Size: 7KB - Virtual size: 6KB

6ebdea122e4556376f303dc5fa678bf1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 813B

.data Size: 1024B - Virtual size: 972B

.RLD0 Size: 1024B - Virtual size: 850B

.rld0
Size: 13.6MB - Virtual size: 13.6MB

.rld1
Size: 2.0MB - Virtual size: 2.0MB

.rld2
Size: 4.1MB - Virtual size: 270.1MB

.rld3
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 205KB - Virtual size: 204KB

.reloc
Size: 1.6MB - Virtual size: 1.6MB

.OQntEF
Size: 1024B - Virtual size: 722B

.rld0
Size: 6KB - Virtual size: 6KB

.rld1
Size: 512B - Virtual size: 432B

.rld2
Size: 2KB - Virtual size: 2KB

.rld3
Size: 2KB - Virtual size: 2KB

.rld4
Size: 4KB - Virtual size: 4KB

.rld5
Size: 5KB - Virtual size: 4KB

.rld6
Size: 113KB - Virtual size: 112KB

.rld7
Size: 2KB - Virtual size: 2KB

.rld8
Size: - Virtual size: 34KB

.rld9
Size: 6KB - Virtual size: 6KB

.rld10
Size: 15KB - Virtual size: 14KB

.rld11
Size: 21KB - Virtual size: 21KB

.rld12
Size: 12KB - Virtual size: 11KB

.rld13
Size: 512B - Virtual size: 56B

.rld14
Size: 512B - Virtual size: 159B

.rsrc
Size: 19KB - Virtual size: 19KB

.rld15
Size: 7KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 813B

.data
Size: 1024B - Virtual size: 972B

.RLD0
Size: 1024B - Virtual size: 850B

.RLD1
Size: 142KB - Virtual size: 141KB

.reloc
Size: 1KB - Virtual size: 1KB