cheat[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

cheat.zip
Size

1.2MB
MD5

78111d48001abce19b244a0e3a3ba946
SHA1

02638055467328d473a238508b50fe7c55dfa6ba
SHA256

266a1aa46afd9ca1615b0a3e3455578732f0042c9093e0182796cb2e8fd9c359
SHA512

3ae088d987d27f823b1382f184f55ebb759f6bf1844b6c9c07da41d13b5c365f9a9eb499a0e774196c97c05f79a7e21d4586f9a32b1992662221a0ef2cb58c5b
SSDEEP

24576:ksiGOLCWjjfu0oVS0O/tzrZE5e2/MydaUrCwij8WYbpcCer:ksT4jSZS0O/lrAbB959bpcCy

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cheat/libcurl-d.dll
unpack001/cheat/libcurl.dll
unpack001/cheat/loader.exe
unpack001/cheat/zlib1.dll
unpack001/cheat/zlibd1.dll

Files

cheat.zip
.zip
cheat/libcurl-d.dll
.dll windows:6 windows x86 arch:x86

996d13a354c075f49fe285149c629371

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\loh\buildtrees\curl\x86-windows-dbg\lib\libcurl-d.pdb

Imports

ws2_32

freeaddrinfo
bind
connect
getpeername
getsockname
getsockopt
htons
getaddrinfo
sendto
recvfrom
WSACleanup
WSAStartup
select
__WSAFDIsSet
ntohl
htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
socket
send
recv
closesocket
accept
listen
WSAGetLastError
ntohs
setsockopt
WSASetLastError
WSAIoctl
inet_pton
inet_ntop
gethostname

zlibd1

inflateEnd
inflateInit_
inflateInit2_
inflate
zlibVersion

advapi32

CryptImportKey
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextW

crypt32

PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptDecodeObjectEx
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindCertificateInStore

bcrypt

BCryptGenRandom

kernel32

CloseHandle
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
SleepEx
GetFileSizeEx
CreateFileW
VerifyVersionInfoW
WaitForSingleObjectEx
VerSetConditionMask
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetEnvironmentVariableA
VirtualQuery
Sleep
MoveFileExW
GetCurrentProcessId
GetLastError
SetLastError
FormatMessageW
QueryPerformanceFrequency
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryW

vcruntime140d

memset
memmove
strchr
memchr
strrchr
memcmp
wcschr
memcpy
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
strstr

ucrtbased

strcmp
strcpy
strcspn
__acrt_iob_func
qsort
feof
fgets
strncpy
fwrite
_waccess
_wopen
_wfopen
_wstat64
free
malloc
wcslen
wcsncpy
_beginthreadex
realloc
calloc
_wcsdup
_fstat64
strncmp
fread
fseek
strftime
fclose
fflush
fputc
__stdio_common_vsprintf
atoi
_gmtime64
strpbrk
__sys_errlist
__sys_nerr
wcstombs
strtoll
wcscpy
wcspbrk
strspn
setvbuf
wcsncmp
ftell
_CrtDbgReport
_CrtDbgReportW
_except1
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
_initterm_e
strcpy_s
strcat_s
__stdio_common_vsprintf_s
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_unlink
_strdup
_close
_fdopen
_read
_write
strlen
_errno
_time64
getenv
strtoul
strtol
_wassert
__stdio_common_vsscanf
fputs
_lseeki64

Exports

Exports

curl_dbg_accept
curl_dbg_calloc
curl_dbg_fclose
curl_dbg_fdopen
curl_dbg_fopen
curl_dbg_free
curl_dbg_log
curl_dbg_malloc
curl_dbg_mark_sclose
curl_dbg_memdebug
curl_dbg_memlimit
curl_dbg_realloc
curl_dbg_recv
curl_dbg_sclose
curl_dbg_send
curl_dbg_socket
curl_dbg_strdup
curl_dbg_wcsdup
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_perform_ev
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 283KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cheat/libcurl.dll
.dll windows:6 windows x86 arch:x86

3bcd24ccf12f1a0a584192cef5a8a6e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\loh\buildtrees\curl\x86-windows-rel\lib\libcurl.pdb

Imports

ws2_32

__WSAFDIsSet
htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
select
accept
gethostname
freeaddrinfo
getaddrinfo
inet_ntop
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
WSAStartup
WSACleanup
recvfrom
sendto
recv
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
listen
closesocket
htons
ntohs

zlib1

inflate
inflateInit2_
inflateInit_
zlibVersion
inflateEnd

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryW
PFXImportCertStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain

bcrypt

BCryptGenRandom

kernel32

FormatMessageW
SetLastError
GetLastError
GetCurrentProcessId
MoveFileExW
Sleep
GetEnvironmentVariableA
AcquireSRWLockExclusive
QueryPerformanceFrequency
WaitForSingleObjectEx
CloseHandle
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
SleepEx
DeleteCriticalSection
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
GetModuleHandleA
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
ReleaseSRWLockExclusive
VerSetConditionMask
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection

vcruntime140

__std_type_info_destroy_list
strstr
wcschr
memchr
strrchr
strchr
memmove
memset
memcpy
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_write
_read
__stdio_common_vsprintf
_close
ftell
fputc
feof
__stdio_common_vsscanf
fseek
fread
_wfopen
_lseeki64
fgets
fputs
fwrite
_wopen
fclose
fflush

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
atoi
wcstombs
strtoll

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_time64

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_beginthreadex
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table
_initialize_narrow_environment
__sys_nerr
__sys_errlist
_errno

api-ms-win-crt-string-l1-1-0

wcsncmp
strspn
wcspbrk
strcspn
_strdup
strncmp
strpbrk
_wcsdup
strncpy
wcsncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_unlink
_waccess
_fstat64
_wstat64

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
free

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cheat/loader.exe
.exe windows:6 windows x86 arch:x86

37c8f187c213b46ceabfb48521487a6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ikals\OneDrive\Рабочий стол\программирование\govnoloader\Release\DirectX9ImGuiDesktopApp.pdb

Imports

d3d9

Direct3DCreate9

kernel32

LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
WriteProcessMemory
WaitForSingleObject
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
LoadLibraryW
VirtualAllocEx
WideCharToMultiByte
CreateRemoteThread
GlobalAlloc
lstrcmpW
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
GlobalUnlock
GlobalLock
GlobalFree
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
VirtualFreeEx
SetUnhandledExceptionFilter

user32

ShowWindow
SetWindowPos
DestroyWindow
GetWindowRect
DispatchMessageA
DefWindowProcA
SetClipboardData
RegisterClassExA
UpdateWindow
GetKeyState
CreateWindowExA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
SetLayeredWindowAttributes
PostQuitMessage
GetDesktopWindow
PeekMessageA
UnregisterClassA
LoadCursorA
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
ReleaseCapture
SetCursorPos
TranslateMessage

advapi32

GetCurrentHwProfileA

libcurl

curl_easy_init
curl_easy_perform
curl_easy_cleanup
curl_easy_setopt

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

xinput1_3

ord2
ord4

msvcp140

_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
_Xtime_get_ticks
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

_CxxThrowException
__current_exception_context
memmove
memcpy
memchr
_except_handler4_common
__std_exception_destroy
strstr
__std_terminate
__CxxFrameHandler3
__std_exception_copy
__current_exception
memset

api-ms-win-crt-stdio-l1-1-0

ftell
__acrt_iob_func
fflush
__stdio_common_vfprintf
__p__commode
fclose
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fseek

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_wassert
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
exit
_controlfp_s
_invalid_parameter_noinfo_noreturn
terminate
_crt_atexit
_configure_narrow_argv
_set_app_type
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

ceil
_libm_sse2_acos_precise
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
floor
_libm_sse2_cos_precise
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 723KB - Virtual size: 722KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cheat/zlib1.dll
.dll windows:6 windows x86 arch:x86

9f31a4a1ad30ea434fc9edb2b671d02e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\loh\buildtrees\zlib\x86-windows-rel\zlib.pdb

Imports

vcruntime140

__std_type_info_destroy_list
memmove
memchr
memset
_except_handler4_common
memcpy

api-ms-win-crt-stdio-l1-1-0

_wopen
_write
_read
_close
__stdio_common_vsprintf
_open
_lseeki64

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
_execute_onexit_table
_errno
strerror
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

kernel32

InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
UnhandledExceptionFilter
DisableThreadLibraryCalls
GetSystemTimeAsFileTime

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine_gen
crc32_combine_op
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cheat/zlibd1.dll
.dll windows:6 windows x86 arch:x86

133193cec3cadf7feb8244f40d2a2463

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\loh\buildtrees\zlib\x86-windows-dbg\zlibd.pdb

Imports

vcruntime140d

__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
_except_handler4_common
__current_exception_context
__current_exception
__std_type_info_destroy_list
memmove
memchr
memset
__vcrt_LoadLibraryExW
memcpy

ucrtbased

terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_open
_close
_read
_write
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
__stdio_common_vsprintf_s
strcat_s
strcpy_s
_initterm_e
_initterm
_CrtDbgReportW
_CrtDbgReport
strerror
_errno
_lseeki64
_wopen
wcstombs
malloc
free
strlen
__stdio_common_vsprintf
_crt_at_quick_exit

kernel32

GetLastError
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetProcAddress
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
UnhandledExceptionFilter
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine_gen
crc32_combine_op
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

996d13a354c075f49fe285149c629371

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

zlibd1

advapi32

crypt32

bcrypt

kernel32

vcruntime140d

ucrtbased

Exports

Exports

Sections

.text Size: 814KB - Virtual size: 813KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 283KB - Virtual size: 284KB

.idata Size: 7KB - Virtual size: 6KB

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 29KB

3bcd24ccf12f1a0a584192cef5a8a6e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

zlib1

advapi32

crypt32

bcrypt

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 347KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

37c8f187c213b46ceabfb48521487a6b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

advapi32

libcurl

imm32

xinput1_3

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

.text
Size: 814KB - Virtual size: 813KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 283KB - Virtual size: 284KB

.idata
Size: 7KB - Virtual size: 6KB

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 29KB

.text
Size: 348KB - Virtual size: 347KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB

.text
Size: 155KB - Virtual size: 154KB

.rdata
Size: 723KB - Virtual size: 722KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 908B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 2KB

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB