ninjaripper1[.]7[.]1_with_new_script[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

ninjaripper1.7.1_with_new_script.7z
Size

3.7MB
MD5

cc454eb1fdcc4776afdd344ac45a524b
SHA1

8fc424b2addb5cd6b26772ddb6837dc2b1f09976
SHA256

19fb1f20d4f435a35056380bb07f3736467b1f30a0c727fb9c6a754897782d55
SHA512

ad54dde73675cfad09b4ab787386170637783870077fadef89c4f768975e888e3dbe042698cb7ea055b69c5a86d89893c72dae2ebdebd0de4f664b1b6e2baf3e
SSDEEP

98304:TH8PGkQDWBXlVvLsmtLMb0tHr9CSbBdz2Zc67NoecBXFZcRZ:TcPGkQDa7vL3s0tHr9tBdqZDCX7cv

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ripdump.exe
unpack001/x64/NinjaRipper.exe
unpack001/x64/d3dwrap.dll
unpack001/x64/injhelper.exe
unpack001/x64/intruder.dll
unpack001/x86/NinjaRipper.exe
unpack001/x86/d3dwrap.dll
unpack001/x86/d3dx8d.dll
unpack001/x86/injhelper.exe
unpack001/x86/intruder.dll

Files

ninjaripper1.7.1_with_new_script.7z
.7z
help_en.txt
help_ru.txt
ripdump.exe
.exe windows:5 windows x86 arch:x86

8dd76c317bb6b2c49934537d12c9050f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\NinjaRipperSrc_x64\bin\ripdump.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetModuleHandleA
HeapReAlloc
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
EnterCriticalSection
GetProcAddress
CloseHandle
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetCurrentThreadId
Sleep
OutputDebugStringW
CreateFileW
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
IsDebuggerPresent
GetStdHandle
GetFileType
GetStartupInfoW
SetLastError
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
ReadFile
ReadConsoleW
GetProcessHeap
GetModuleFileNameA
GetModuleFileNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
SetFilePointerEx
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
LoadLibraryExW

user32

MessageBoxA

comdlg32

GetOpenFileNameA

shell32

ShellExecuteA

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/3dmax_GIMS_importer/EvoGIMS_manualinstall.rar
.rar
GIMS/MP3/Files/00_Core.mse
GIMS/MP3/Files/01_DB.mse
GIMS/MP3/Files/02_TypeLibrary.mse
GIMS/MP3/Files/03_MAXFactory.mse
GIMS/MP3/Files/99_GUI.mse
GIMS/MP3/Files/ChangeLog.GCF
GIMS/MP3/Files/English.GIP
GIMS/MP3/Files/System.cfg
GIMS/NR/Files/00_Core.mse
GIMS/NR/Files/01_DB.mse
GIMS/NR/Files/02_TypeLibrary.mse
GIMS/NR/Files/03_MAXFactory.mse
GIMS/NR/Files/99_GUI.mse
GIMS/NR/Files/ChangeLog.GCF
GIMS/NR/Files/English.GIP
GIMS/NR/Files/System.cfg
GIMS/Shared/Files/00_Core.mse
GIMS/Shared/Files/01_DB.mse
GIMS/Shared/Files/02_TypeLibrary.mse
GIMS/Shared/Files/03_MAXFactory.mse
GIMS/Shared/Files/99_GUI.mse
GIMS/Shared/Files/ChangeLog.GCF
GIMS/Shared/Files/English.GIP
GIMS/Shared/Files/Export.png
.png
GIMS/Shared/Files/IProgressBar.gif
.gif
GIMS/Shared/Files/IProgressRing.gif
.gif
GIMS/Shared/Files/I_PluginMesh.mse
GIMS/Shared/Files/I_V_ChildFlagsUI.mse
GIMS/Shared/Files/I_V_oFBone.mse
GIMS/Shared/Files/I_V_oFLight.mse
GIMS/Shared/Files/I_V_oFModel.mse
GIMS/Shared/Files/Open.png
.png
GIMS/Shared/Files/RadioMark.png
.png
GIMS/Shared/Files/RadioOff.png
.png
GIMS/Shared/Files/RadioOn.png
.png
GIMS/Shared/Files/System.cfg
GIMS/Shared/Files/addfile.png
.png
GIMS/Shared/Files/back.png
.png
GIMS/Shared/Files/cacheclear.png
.png
GIMS/Shared/Files/cancel.png
.png
GIMS/Shared/Files/checked.png
.png
GIMS/Shared/Files/checkmark.png
.png
GIMS/Shared/Files/copy.png
.png
GIMS/Shared/Files/copylinked.png
.png
GIMS/Shared/Files/deletelink.png
.png
GIMS/Shared/Files/down.png
.png
GIMS/Shared/Files/edit.png
.png
GIMS/Shared/Files/error.png
.png
GIMS/Shared/Files/files.png
.png
GIMS/Shared/Files/forum.png
.png
GIMS/Shared/Files/helper.png
.png
GIMS/Shared/Files/home.png
.png
GIMS/Shared/Files/import.png
.png
GIMS/Shared/Files/info.png
.png
GIMS/Shared/Files/listadd.png
.png
GIMS/Shared/Files/materials.png
.png
GIMS/Shared/Files/ok.png
.png
GIMS/Shared/Files/resource.png
.png
GIMS/Shared/Files/save.png
.png
GIMS/Shared/Files/search.png
.png
GIMS/Shared/Files/settings.png
.png
GIMS/Shared/Files/switchleft.png
.png
GIMS/Shared/Files/switchmarkleft.png
.png
GIMS/Shared/Files/switchmarkright.png
.png
GIMS/Shared/Files/switchright.png
.png
GIMS/Shared/Files/tools.png
.png
GIMS/Shared/Files/unchecked.png
.png
GIMS/Shared/Files/up.png
.png
GIMS/Shared/Files/update.png
.png
GIMS/Shared/Files/upload.png
.png
GIMS/Shared/Files/world.png
.png
GIMS/V/Files/00_Core.mse
GIMS/V/Files/01_DB.mse
GIMS/V/Files/02_TypeLibrary.mse
GIMS/V/Files/03_MAXFactory.mse
GIMS/V/Files/99_GUI.mse
GIMS/V/Files/BoneDataCRCs.GCF
GIMS/V/Files/ChangeLog.GCF
GIMS/V/Files/English.GIP
GIMS/V/Files/System.cfg
MANUAL_INSTALL_NOTES.txt
scripts/startup/GIMS.ccf
scripts/startup/GIMS.mse
scripts/startup/GIMS_GUI/delete_active.png
.png
scripts/startup/GIMS_GUI/delete_disable.png
.png
scripts/startup/GIMS_GUI/delete_enable.png
.png
scripts/startup/GIMS_GUI/download_active.png
.png
scripts/startup/GIMS_GUI/download_disable.png
.png
scripts/startup/GIMS_GUI/download_enable.png
.png
scripts/startup/GIMS_GUI/launch_active.png
.png
scripts/startup/GIMS_GUI/launch_disable.png
.png
scripts/startup/GIMS_GUI/launch_enable.png
.png
tools/3dmax_GIMS_importer/EvoGIMS_manualinstall_v2.zip
.zip
GIMS/Debug Mode/00_Core.ms
GIMS/Debug Mode/01_DB.ms
GIMS/Debug Mode/02_TypeLibrary.ms
GIMS/Debug Mode/03_MAXFactory.ms
GIMS/Debug Mode/99_GUI.ms
GIMS/Debug Mode/desktop.ini
GIMS/EULA
GIMS/MP3/Files/00_Core.ms
GIMS/MP3/Files/01_DB.ms
GIMS/MP3/Files/02_TypeLibrary.ms
GIMS/MP3/Files/03_MAXFactory.ms
GIMS/MP3/Files/99_GUI.ms
GIMS/MP3/Files/ChangeLog.GCF
GIMS/MP3/Files/English.GIP
GIMS/MP3/Files/System.cfg
GIMS/MP3/Files/desktop.ini
GIMS/MP3/desktop.ini
GIMS/MaterialData/desktop.ini
GIMS/MaterialData/materialfx.dat
GIMS/MaterialData/materials.dat
GIMS/NR/Backup/desktop.ini
GIMS/NR/Cache/Default.GSF
GIMS/NR/Cache/Modified.GSF
GIMS/NR/Cache/Resources/desktop.ini
GIMS/NR/Cache/Rules.GSF
GIMS/NR/Cache/desktop.ini
GIMS/NR/Download/desktop.ini
GIMS/NR/Files/00_Core.ms
GIMS/NR/Files/01_DB.ms
GIMS/NR/Files/02_TypeLibrary.ms
GIMS/NR/Files/03_MAXFactory.ms
GIMS/NR/Files/99_GUI.ms
GIMS/NR/Files/ChangeLog.GCF
GIMS/NR/Files/English.GIP
GIMS/NR/Files/System.cfg
GIMS/NR/Files/desktop.ini
GIMS/NR/desktop.ini
GIMS/Shared/Backup/ErrorStream.txt
GIMS/Shared/Backup/desktop.ini
GIMS/Shared/Cache/Resources/desktop.ini
GIMS/Shared/Cache/Rules.GSF
GIMS/Shared/Cache/desktop.ini
GIMS/Shared/Download/desktop.ini
GIMS/Shared/Files/00_Core.ms
.vbs
GIMS/Shared/Files/01_DB.ms
GIMS/Shared/Files/02_TypeLibrary.ms
GIMS/Shared/Files/03_MAXFactory.ms
GIMS/Shared/Files/99_GUI.ms
.ps1
GIMS/Shared/Files/ChangeLog.GCF
GIMS/Shared/Files/English.GIP
GIMS/Shared/Files/Export.png
.png
GIMS/Shared/Files/IProgressBar.gif
.gif
GIMS/Shared/Files/IProgressRing.gif
.gif
GIMS/Shared/Files/I_PluginMesh.ms
GIMS/Shared/Files/I_V_ChildFlagsUI.ms
GIMS/Shared/Files/I_V_oFBone.ms
GIMS/Shared/Files/I_V_oFLight.ms
GIMS/Shared/Files/I_V_oFModel.ms
GIMS/Shared/Files/Open.png
.png
GIMS/Shared/Files/RadioMark.png
.png
GIMS/Shared/Files/RadioOff.png
.png
GIMS/Shared/Files/RadioOn.png
.png
GIMS/Shared/Files/System.cfg
GIMS/Shared/Files/addfile.png
.png
GIMS/Shared/Files/back.png
.png
GIMS/Shared/Files/cacheclear.png
.png
GIMS/Shared/Files/cancel.png
.png
GIMS/Shared/Files/checked.png
.png
GIMS/Shared/Files/checkmark.png
.png
GIMS/Shared/Files/copy.png
.png
GIMS/Shared/Files/copylinked.png
.png
GIMS/Shared/Files/deletelink.png
.png
GIMS/Shared/Files/desktop.ini
GIMS/Shared/Files/down.png
.png
GIMS/Shared/Files/edit.png
.png
GIMS/Shared/Files/error.png
.png
GIMS/Shared/Files/files.png
.png
GIMS/Shared/Files/forum.png
.png
GIMS/Shared/Files/helper.png
.png
GIMS/Shared/Files/home.png
.png
GIMS/Shared/Files/import.png
.png
GIMS/Shared/Files/info.png
.png
GIMS/Shared/Files/listadd.png
.png
GIMS/Shared/Files/materials.png
.png
GIMS/Shared/Files/ok.png
.png
GIMS/Shared/Files/resource.png
.png
GIMS/Shared/Files/save.png
.png
GIMS/Shared/Files/search.png
.png
GIMS/Shared/Files/settings.png
.png
GIMS/Shared/Files/switchleft.png
.png
GIMS/Shared/Files/switchmarkleft.png
.png
GIMS/Shared/Files/switchmarkright.png
.png
GIMS/Shared/Files/switchright.png
.png
GIMS/Shared/Files/tools.png
.png
GIMS/Shared/Files/unchecked.png
.png
GIMS/Shared/Files/up.png
.png
GIMS/Shared/Files/update.png
.png
GIMS/Shared/Files/upload.png
.png
GIMS/Shared/Files/world.png
.png
GIMS/Shared/desktop.ini
GIMS/UUID
GIMS/V/Backup/desktop.ini
GIMS/V/Cache/ObjectNames.Cache
GIMS/V/Cache/Resources/desktop.ini
GIMS/V/Cache/ShaderManager.9BB61CFD3558406C1C8FC1E4B0330C53.Shaders
GIMS/V/Cache/TextureNames.Cache
GIMS/V/Cache/desktop.ini
GIMS/V/Cache/materialfx.B0F28AFCFE3E3F362CB94F42AE1D902C.MtlColors
GIMS/V/Cache/materials.5F66945F19F5FEB48D0A5B64E3A2666E.Mtls
GIMS/V/Download/desktop.ini
GIMS/V/Files/00_Core.ms
GIMS/V/Files/01_DB.ms
GIMS/V/Files/02_TypeLibrary.ms
GIMS/V/Files/03_MAXFactory.ms
GIMS/V/Files/99_GUI.ms
GIMS/V/Files/BoneDataCRCs.GCF
GIMS/V/Files/ChangeLog.GCF
GIMS/V/Files/Debug/00_Core.ms
GIMS/V/Files/Debug/01_DB.ms
GIMS/V/Files/Debug/02_TypeLibrary.ms
GIMS/V/Files/Debug/03_MAXFactory.ms
GIMS/V/Files/Debug/99_GUI.ms
GIMS/V/Files/Debug/desktop.ini
GIMS/V/Files/English.GIP
GIMS/V/Files/System.cfg
GIMS/V/Files/desktop.ini
GIMS/V/desktop.ini
GIMS/desktop.ini
MANUAL_INSTALL_NOTES v1.txt
Readme.txt
scripts/Startup/GIMS.ccf
scripts/Startup/GIMS.ms
.vbs
scripts/Startup/GIMS_GUI/delete_active.png
.png
scripts/Startup/GIMS_GUI/delete_disable.png
.png
scripts/Startup/GIMS_GUI/delete_enable.png
.png
scripts/Startup/GIMS_GUI/desktop.ini
scripts/Startup/GIMS_GUI/download_active.png
.png
scripts/Startup/GIMS_GUI/download_disable.png
.png
scripts/Startup/GIMS_GUI/download_enable.png
.png
scripts/Startup/GIMS_GUI/launch_active.png
.png
scripts/Startup/GIMS_GUI/launch_disable.png
.png
scripts/Startup/GIMS_GUI/launch_enable.png
.png
scripts/Startup/desktop.ini
scripts/desktop.ini
tools/3dmax_GIMS_importer/EvoGIMS_webinstall.rar
.rar
WEB_INSTALL_NOTES.txt
scripts/startup/GIMS.ccf
scripts/startup/GIMS.mse
scripts/startup/GIMS_GUI/delete_active.png
.png
scripts/startup/GIMS_GUI/delete_disable.png
.png
scripts/startup/GIMS_GUI/delete_enable.png
.png
scripts/startup/GIMS_GUI/download_active.png
.png
scripts/startup/GIMS_GUI/download_disable.png
.png
scripts/startup/GIMS_GUI/download_enable.png
.png
scripts/startup/GIMS_GUI/launch_active.png
.png
scripts/startup/GIMS_GUI/launch_disable.png
.png
scripts/startup/GIMS_GUI/launch_enable.png
.png
tools/3dmax_GIMS_importer/ShowEGIMSPath.ms
tools/3dmax_GIMS_importer/nrImp_3Dmr.zip
.zip
nrImpScript_3Dmr.ms
nrImpTool_3Dmr.ms
tools/3dmax_maxscript_importer/ninja_importerb7_cl69.ms
tools/3dmax_maxscript_importer/ninja_ripper_1.3.ms
tools/3dmax_maxscript_importer/readme_for_ninja_importerb7_cl69.txt
tools/3dmax_maxscript_importer_sf/ninja_importerb8_sf.ms
tools/blender_ninjaripper_importer/blender-import-ninjaripper-master.zip
.zip
blender-import-ninjaripper-master/LICENSE
blender-import-ninjaripper-master/README.md
blender-import-ninjaripper-master/import-ninja.py
tools/noesis_importer/fmt_ninjaripper_rip.py
tools/noesis_importer/ninjaripper_noesis_modified_by_blackninja.zip
.zip
fmt_ninjaripper_rip.py
ripconf.json
whats_new.txt
x64/NinjaRipper.exe
.exe windows:5 windows x64 arch:x64

ace365d08f7f8496397efd34e2b2b0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\NinjaRipperSrc_x64\bin\x64\NinjaRipper.pdb

Imports

kernel32

CopyFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
GetCommandLineW
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
GetCurrentThreadId
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileW
WriteFile
FindFirstFileW
FindClose
GetModuleFileNameW
CreateProcessW
GetProcAddress
GetModuleHandleW
lstrlenW
lstrcatW
lstrcpyW
CloseHandle
WaitForSingleObject
QueueUserAPC
ResumeThread
WriteProcessMemory
GetLastError
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetBinaryTypeW
SetLastError
IsDebuggerPresent
HeapSize
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
VirtualAllocEx
TlsFree
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
IsProcessorFeaturePresent
HeapAlloc
HeapFree
FlushFileBuffers

user32

GetDlgItemInt
SetDlgItemInt
SetWindowTextW
SendDlgItemMessageW
IsDlgButtonChecked
GetDlgItemTextW
SetDlgItemTextW
DialogBoxParamW
GetDlgItem
SendMessageW
LoadIconW
LoadCursorW
ClipCursor
MessageBoxW
GetWindowRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
EndDialog
CloseWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage

gdi32

TextOutW
SetTextColor
SetBkMode
GetTextExtentPoint32W
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject

comdlg32

GetOpenFileNameW

advapi32

RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
ShellExecuteA
SHGetFolderPathW

comctl32

InitCommonControlsEx

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/d3dwrap.dll
.dll windows:5 windows x64 arch:x64

1c84a20773b1e2b0a4fb121f2504225c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessW
OpenProcess
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
GetModuleHandleW
GetProcAddress
GetBinaryTypeW
lstrcpyW
ResumeThread
lstrlenW
GetModuleFileNameW
GetSystemDirectoryW
LoadLibraryW
ExitProcess
DisableThreadLibraryCalls
FlushFileBuffers
WriteConsoleW
CreateRemoteThread
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
QueueUserAPC
WaitForSingleObject
GetLastError
lstrcatW
CloseHandle
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
HeapAlloc
HeapFree
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
WriteFile
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
GetStringTypeW
SetStdHandle
CreateFileW

user32

MessageBoxW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW

Exports

Exports

CreateDXGIFactory
CreateDXGIFactory1
D3D11CreateDevice
D3D11CreateDeviceAndSwapChain
D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
Direct3DCreate8
Direct3DCreate9
Direct3DCreate9Ex
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawCreateEx
DirectDrawEnumerateA
DirectDrawEnumerateExA
DirectDrawEnumerateExW
DirectDrawEnumerateW

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/injhelper.exe
.exe windows:5 windows x64 arch:x64

3318e5d9366a9fdf08d4ff04b0a95324

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\NinjaRipperSrc_x64\bin\x64\injhelper.pdb

Imports

kernel32

lstrlenW
GetLastError
GetProcAddress
QueueUserAPC
VirtualAllocEx
CloseHandle
TerminateProcess
lstrcpyW
GetModuleFileNameW
GetCommandLineW
OpenThread
ReadFile
SetEndOfFile
OpenProcess
GetModuleHandleW
GetCurrentProcess
WriteProcessMemory
OutputDebugStringW
GetStringTypeW
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
RtlUnwindEx
HeapFree
HeapAlloc
RtlPcToFileHeader
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
GetStdHandle
GetFileType
GetStartupInfoW
SetLastError
GetCurrentThreadId
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
HeapReAlloc
LCMapStringW
CreateFileW
SetStdHandle
WriteConsoleW
ReadConsoleW

user32

MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

CommandLineToArgvW

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/intruder.dll
.dll windows:5 windows x64 arch:x64

c537ab3f2b297897fa39fd2eb19133de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\NinjaRipperSrc_x64\bin\x64\intruder.pdb

Imports

kernel32

QueueUserAPC
TerminateProcess
GetExitCodeProcess
CreateRemoteThread
ResumeThread
CreateProcessW
OpenProcess
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
GetModuleHandleW
GetBinaryTypeW
lstrcpyW
lstrcatW
lstrlenW
GetModuleFileNameW
FindClose
FindFirstFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
LoadLibraryA
CreateDirectoryW
ExitProcess
GetLocalTime
GetSystemDirectoryW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
WaitForSingleObject
GetVersionExA
DisableThreadLibraryCalls
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetBinaryTypeA
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
HeapFree
Thread32First
HeapDestroy
HeapCreate
Thread32Next
FlushInstructionCache
OpenThread
VirtualProtect
CreateToolhelp32Snapshot
SuspendThread
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
ReadFile
SetFilePointerEx
WriteFile
ReadConsoleW
SetEndOfFile
GetStringTypeW
GetLastError
GetProcAddress
GetCurrentThreadId
CreateFileW
GetCurrentProcessId
GetCurrentProcess
CloseHandle
OutputDebugStringW
lstrlenA
WriteConsoleW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
EnumSystemLocalesW
GetUserDefaultLCID
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
GetCommandLineA
IsProcessorFeaturePresent
GetModuleHandleExW
HeapSize
SetLastError
IsDebuggerPresent
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
GetStartupInfoW
GetTimeZoneInformation
GetProcessHeap
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
SetEnvironmentVariableA

user32

MessageBoxW
GetAsyncKeyState

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW

Sections

.text
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/NinjaRipper.exe
.exe windows:5 windows x86 arch:x86

212059a9079d3ca3b52dbf8bd9f2e45b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\NinjaRipperSrc_x64\bin\x86\NinjaRipper.pdb

Imports

kernel32

CopyFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
GetCommandLineW
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
GetCurrentThreadId
SetLastError
IsDebuggerPresent
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileW
WriteFile
FindFirstFileW
FindClose
GetProcAddress
GetModuleFileNameW
CreateProcessW
GetModuleHandleW
lstrlenW
lstrcatW
lstrcpyW
CloseHandle
WaitForSingleObject
QueueUserAPC
ResumeThread
WriteProcessMemory
GetLastError
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetBinaryTypeW
HeapSize
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
HeapFree
HeapAlloc
VirtualAllocEx
TlsFree
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
FlushFileBuffers

user32

GetDlgItemInt
SetDlgItemInt
SetWindowTextW
SendDlgItemMessageW
IsDlgButtonChecked
GetDlgItemTextW
SetDlgItemTextW
DialogBoxParamW
GetParent
SetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
ClientToScreen
SetCursor
RemovePropW
GetPropW
SetPropW
SetCapture
GetCapture
GetDlgItem
SendMessageW
LoadIconW
LoadCursorW
ClipCursor
MessageBoxW
GetWindowRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
EndDialog
CloseWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
CallWindowProcW

gdi32

TextOutW
GetObjectW
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W

comdlg32

GetOpenFileNameW

advapi32

RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
ShellExecuteA
SHGetFolderPathW

comctl32

InitCommonControlsEx

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/d3dwrap.dll
.dll windows:5 windows x86 arch:x86

3444dfefea99909a9181af58c0cc5c27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessW
OpenProcess
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
GetModuleHandleW
GetProcAddress
GetBinaryTypeW
lstrcpyW
ResumeThread
lstrlenW
GetModuleFileNameW
GetSystemDirectoryW
LoadLibraryW
ExitProcess
DisableThreadLibraryCalls
FlushFileBuffers
WriteConsoleW
CreateRemoteThread
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
QueueUserAPC
WaitForSingleObject
GetLastError
lstrcatW
CloseHandle
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
HeapAlloc
HeapFree
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
WriteFile
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
GetStringTypeW
SetStdHandle
CreateFileW

user32

MessageBoxW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW

Exports

Exports

CreateDXGIFactory
CreateDXGIFactory1
D3D11CreateDevice
D3D11CreateDeviceAndSwapChain
D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
Direct3DCreate8
Direct3DCreate9
Direct3DCreate9Ex
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawCreateEx
DirectDrawEnumerateA
DirectDrawEnumerateExA
DirectDrawEnumerateExW
DirectDrawEnumerateW

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/d3dx8d.dll
.dll windows:5 windows x86 arch:x86

c19a8753bbfb8558cc3b0cd978b86986

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

isalnum
isspace
sscanf
free
_strdup
_finite
_ftol
_stricmp
isxdigit
tolower
_CIacos
isalpha
isdigit
setlocale
atoi
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv
_initterm
exit
floor
_CIpow
_setjmp3
longjmp
wcslen
calloc
realloc
malloc
ceil
_controlfp
qsort
sprintf
_isnan
_vsnprintf
__CxxFrameHandler
??2@YAPAXI@Z
_snprintf
??3@YAXPAX@Z

user32

MessageBoxA
DrawTextW
DrawTextA

gdi32

GetGlyphOutlineW
GetGlyphOutlineA
GetOutlineTextMetricsA
GetCurrentObject
CreateCompatibleDC
CreateDIBSection
SetBkMode
SetBkColor
SetTextColor
SelectObject
DeleteDC
CreateFontIndirectA
DeleteObject
GetObjectA

kernel32

MultiByteToWideChar
DisableThreadLibraryCalls
IsDBCSLeadByte
GetTempPathA
GetTempFileNameA
ReadFile
DeleteFileA
WriteFile
GetEnvironmentVariableA
InterlockedDecrement
HeapValidate
InterlockedIncrement
IsProcessorFeaturePresent
FatalAppExitA
GetProfileIntA
OutputDebugStringA
FindResourceW
FindResourceA
SizeofResource
LoadResource
LockResource
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetProcessHeap
HeapFree
UnmapViewOfFile
CloseHandle
GetVersionExA
CreateFileW
CreateFileA
CreateFileMappingA
MapViewOfFile
GetFileSize
GetLastError
FormatMessageA
LocalFree
DebugBreak
WideCharToMultiByte

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCpuOptimizations
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceW
D3DXCreateFont
D3DXCreateFontIndirect
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreatePMeshFromStream
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinMesh
D3DXCreateSkinMeshFVF
D3DXCreateSkinMeshFromMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDeclaratorFromFVF
D3DXFVFFromDeclarator
D3DXFillCubeTexture
D3DXFillTexture
D3DXFillVolumeTexture
D3DXFilterTexture
D3DXFresnelTerm
D3DXGeneratePMesh
D3DXGetErrorStringA
D3DXGetErrorStringW
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromX
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXMatrixfDeterminant
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXSaveMeshToX
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXValidMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformCoord
D3DXVec2TransformNormal
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3Transform
D3DXVec3TransformCoord
D3DXVec3TransformNormal
D3DXVec3Unproject
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXWeldVertices

Sections

.text
Size: 585KB - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/injhelper.exe
.exe windows:5 windows x86 arch:x86

5c160b8ad773e7428cb2066bbdce9dc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\NinjaRipperSrc_x64\bin\x86\injhelper.pdb

Imports

kernel32

lstrlenW
GetLastError
GetProcAddress
QueueUserAPC
VirtualAllocEx
CloseHandle
TerminateProcess
lstrcpyW
GetModuleFileNameW
GetCommandLineW
OpenThread
ReadFile
SetEndOfFile
OpenProcess
GetModuleHandleW
GetCurrentProcess
WriteProcessMemory
OutputDebugStringW
GetStringTypeW
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapFree
RaiseException
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
GetStdHandle
GetFileType
GetStartupInfoW
SetLastError
GetCurrentThreadId
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
HeapReAlloc
LCMapStringW
CreateFileW
SetStdHandle
WriteConsoleW
ReadConsoleW

user32

MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

CommandLineToArgvW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/intruder.dll
.dll windows:5 windows x86 arch:x86

6a5f9237dabef4ebfc7aa5d7f1355600

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\NinjaRipperSrc_x64\bin\x86\intruder.pdb

Imports

kernel32

QueueUserAPC
TerminateProcess
GetExitCodeProcess
CreateRemoteThread
ResumeThread
CreateProcessW
OpenProcess
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
GetModuleHandleW
GetBinaryTypeW
lstrcpyW
lstrcatW
lstrlenW
GetModuleFileNameW
FindClose
FindFirstFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
LoadLibraryA
CreateDirectoryW
ExitProcess
GetLocalTime
GetSystemDirectoryW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
WaitForSingleObject
GetVersionExA
DisableThreadLibraryCalls
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetBinaryTypeA
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
HeapFree
Thread32First
HeapDestroy
HeapCreate
Thread32Next
FlushInstructionCache
OpenThread
VirtualProtect
CreateToolhelp32Snapshot
SuspendThread
VirtualQuery
VirtualFree
VirtualAlloc
ReadFile
SetFilePointerEx
WriteFile
ReadConsoleW
SetEndOfFile
GetStringTypeW
GetLastError
CreateFileW
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
OutputDebugStringW
lstrlenA
WriteConsoleW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
EnumSystemLocalesW
GetUserDefaultLCID
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
IsProcessorFeaturePresent
GetModuleHandleExW
HeapSize
SetLastError
IsDebuggerPresent
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
GetStartupInfoW
GetTimeZoneInformation
GetProcessHeap
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
SetEnvironmentVariableA

user32

MessageBoxW
GetAsyncKeyState

advapi32

AdjustTokenPrivileges
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dd76c317bb6b2c49934537d12c9050f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

comdlg32

shell32

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

ace365d08f7f8496397efd34e2b2b0c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 7KB - Virtual size: 208KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 419KB - Virtual size: 419KB

.reloc Size: 2KB - Virtual size: 2KB

1c84a20773b1e2b0a4fb121f2504225c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

3318e5d9366a9fdf08d4ff04b0a95324

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

c537ab3f2b297897fa39fd2eb19133de

Headers

DLL Characteristics

File Characteristics

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 7KB - Virtual size: 208KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 419KB - Virtual size: 419KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 589KB - Virtual size: 589KB

.rdata
Size: 286KB - Virtual size: 286KB

.data
Size: 98KB - Virtual size: 109KB

.pdata
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 5KB - Virtual size: 205KB

.rsrc
Size: 419KB - Virtual size: 419KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 585KB - Virtual size: 585KB

.data
Size: 67KB - Virtual size: 76KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 19KB - Virtual size: 19KB