MultiHack v1[.]6[.]zip

Resubmissions

28/04/2024, 18:27

240428-w3z73adh25 5

28/04/2024, 18:26

240428-w3lpnsdg98 5

Sharing

Copy URL Twitter E-mail

General

Target

MultiHack v1.6.zip
Size

1.8MB
MD5

6c721ae8fa4e2a314c62e18c84fd469f
SHA1

2e72f8d7f3bd8e987ca9adaea81627ae0039c82c
SHA256

5f0bdbbe6afc047d3b51825217deb562c638c09ec73911ec3b621bb916d630f0
SHA512

d37548ade57fd0aca8eabb315b2ded5c1bc37c370255f77ff6bc33f29c651f8bdddd8de92ab31644d9d8149762e73adbc1b023273310d717335166480abedd67
SSDEEP

49152:fRb9QwJgUMPvtbEiUxFg4CUhzp6vDODcSuMb:fRJJJhKvtbEiUxFgFUbNV

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MultiHack v1.6/Loader.exe
unpack001/MultiHack v1.6/Plugins/AutoUpdate.dll
unpack001/MultiHack v1.6/Plugins/InControlNative.dll
unpack001/MultiHack v1.6/Plugins/WindowsVoice.dll
unpack001/MultiHack v1.6/Plugins/XInputInterface64.dll
unpack001/MultiHack v1.6/lua.dll
unpack001/MultiHack v1.6/spel64.dll

Files

MultiHack v1.6.zip
.zip

Password: 1212
MultiHack v1.6/Loader.exe
.exe windows:6 windows x86 arch:x86

Password: 1212

cdeb934de86508839c03da752239bd9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FreeConsole
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
ReadConsoleW
HeapSize
WriteConsoleW

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bsS
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiHack v1.6/Plugins/AutoUpdate.dll
.dll windows:6 windows x64 arch:x64

Password: 1212

7625123f8a50d6fb5d936ada4cfeae50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

T:\src\piper\google3\gyp-out\win-ninja\prod_x64\audioplugingvrunity.dll.pdb

Imports

kernel32

CloseHandle
SetEvent
WaitForSingleObject
CreateEventA
GetCurrentThreadId
IsDebuggerPresent
QueryPerformanceCounter
Sleep
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
GetLastError
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapSize
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
ReadConsoleW
CreateFileW

Exports

Exports

CreateSoundfield
CreateSource
DestroySoundfield
DestroySource
Initialize
SetListenerGain
SetRoomProperties
SetSourceBypassRoomEffects
SetSourceDirectivity
SetSourceListenerDirectivity
SetSourceOcclusionIntensity
Shutdown
UnityGetAudioEffectDefinitions

Sections

.text
Size: 887KB - Virtual size: 887KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiHack v1.6/Plugins/InControlNative.dll
.dll windows:6 windows x64 arch:x64

Password: 1212

055dc12745a24a0774feab1febcc37fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Patrick\Dropbox\Projects\InControlNative\Windows\Build\x86_64\Release\InControlNative.pdb

Imports

kernel32

GetLastError
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
LoadLibraryW
GetProcAddress
HeapSize
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
CreateFileW
InitializeCriticalSectionEx
HeapFree
CreateThread
Sleep
FreeLibrary
WaitForSingleObject
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
WideCharToMultiByte
SetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlPcToFileHeader
RtlUnwindEx
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
GetACP
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

GetForegroundWindow

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString

dinput8

DirectInput8Create

hid

HidD_GetSerialNumberString
HidD_GetManufacturerString
HidD_GetAttributes
HidD_GetProductString

shlwapi

StrCmpW

Exports

Exports

InControl_GetDeviceEvents
InControl_GetDeviceInfo
InControl_GetDeviceState
InControl_GetVersionInfo
InControl_Init
InControl_SetHapticState
InControl_SetLightColor
InControl_SetLightFlash
InControl_Stop

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiHack v1.6/Plugins/WindowsVoice.dll
.dll windows:6 windows x64 arch:x64

Password: 1212

565b868082779a5e858ec799f2a24b2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\Unity\NativeLibs\libs\WindowsVoice.pdb

Imports

kernel32

FormatMessageA
Sleep
lstrcmpW
MultiByteToWideChar
LocalFree
WriteConsoleW
SetStdHandle
GetStringTypeW
LoadLibraryW
CloseHandle
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
GetModuleHandleW
GetProcAddress
CreateSemaphoreW
GetLastError
CreateThread
ExitThread
LoadLibraryExW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
HeapFree
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapSize
HeapAlloc
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
HeapReAlloc
WriteFile
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LCMapStringW
CreateFileW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

Exports

Exports

addToSpeechQueue
destroySpeech
initSpeech

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiHack v1.6/Plugins/XInputInterface64.dll
.dll windows:5 windows x64 arch:x64

Password: 1212

a723ea733a3acf51641eec5a0765a593

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetProcAddress
LoadLibraryA
EncodePointer
DecodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
HeapSize
GetModuleHandleW
ExitProcess
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapFree
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
CloseHandle
WriteConsoleW
SetStdHandle
CreateFileW

Exports

Exports

XInputGamePadGetState
XInputGamePadSetState

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiHack v1.6/Plugins/audio_options.txt
MultiHack v1.6/Plugins/bonus_maps_manifest.txt
MultiHack v1.6/Plugins/bugreporter_defaults.txt
MultiHack v1.6/Plugins/chapterbackgrounds.txt
MultiHack v1.6/Plugins/clientmenu.txt
MultiHack v1.6/Plugins/damagecutout.txt
MultiHack v1.6/Plugins/gameuianimations.txt
MultiHack v1.6/Plugins/hud_textures.txt
MultiHack v1.6/Plugins/hudanimations.txt
MultiHack v1.6/Plugins/instructor_lessons.txt
MultiHack v1.6/Plugins/mod_lessons.txt
MultiHack v1.6/Plugins/motion_controller_move_options.txt
MultiHack v1.6/Plugins/motion_controller_options.txt
MultiHack v1.6/Plugins/mouse_keyboard_options.txt
MultiHack v1.6/Plugins/openvr_api.dll
.dll windows:5 windows x64 arch:x64

Password: 1212

31bbd0df7ba26fa65bfbb1233606dd5b

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2015, 00:00

Not After

03/10/2018, 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:e1:c5:c9:a0:a0:0c:0c:b9:e8:4a:b1:1a:22:05:12:43:17:48:26
Signer

Actual PE Digest

d0:e1:c5:c9:a0:a0:0c:0c:b9:e8:4a:b1:1a:22:05:12:43:17:48:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\steamvr_rel_win64\build\src\openvr_api\Retailopenvr_api\win64\2017\openvr_api.pdb

Imports

kernel32

GetModuleFileNameW
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryExA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetLastError
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
MultiByteToWideChar
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
GetCurrentProcess
TerminateProcess
ReadFile
GetDriveTypeW
GetFullPathNameW
GetCurrentDirectoryW
CreateFileW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapAlloc
HeapFree
HeapReAlloc
GetCurrentThread
GetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
WriteFile
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetACP
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
HeapSize
SetEndOfFile
CreateThread
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue

shell32

SHGetFolderPathW

Exports

Exports

LiquidVR
VRCompositorSystemInternal
VRControlPanel
VRDashboardManager
VRInput
VROculusDirect
VROverlayView
VRPaths
VRRenderModelsInternal
VRTrackedCameraInternal
VRVirtualDisplay
VR_GetGenericInterface
VR_GetInitToken
VR_GetStringForHmdError
VR_GetVRInitErrorAsEnglishDescription
VR_GetVRInitErrorAsSymbol
VR_InitInternal
VR_InitInternal2
VR_IsHmdPresent
VR_IsInterfaceVersionValid
VR_IsRuntimeInstalled
VR_RuntimePath
VR_ShutdownInternal

Sections

.text
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiHack v1.6/Plugins/radialmenu.txt
MultiHack v1.6/Plugins/sentences.txt
MultiHack v1.6/Plugins/serverbrowsergametypes.txt
MultiHack v1.6/lua.dll
.dll windows:6 windows x64 arch:x64

Password: 1212

56203b2bac2bab924e77400d5fb1a89e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
LoadLibraryExA
GetLastError
GetProcAddress
FreeLibrary
FormatMessageA
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
longjmp
strchr
strstr
strrchr
__intrinsic_setjmp
memcpy
memcmp
memchr
memset

api-ms-win-crt-stdio-l1-1-0

getc
fclose
fflush
__acrt_iob_func
feof
fread
__stdio_common_vfprintf
fopen
fwrite
fgets
ferror
freopen
clearerr
tmpnam
__stdio_common_vsprintf
_pclose
tmpfile
_fseeki64
_ftelli64
setvbuf
ungetc
_popen

api-ms-win-crt-heap-l1-1-0

realloc
free

api-ms-win-crt-string-l1-1-0

isgraph
isxdigit
strpbrk
isupper
tolower
isalpha
isdigit
strspn
iscntrl
isalnum
toupper
ispunct
strncmp
islower
isspace
strcoll

api-ms-win-crt-runtime-l1-1-0

abort
strerror
_errno
system
_cexit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
exit
_execute_onexit_table

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_mktime64
clock
_difftime64
_time64
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-math-l1-1-0

cos
sin
log10
sqrt
ldexp
ceil
log
fmod
floor
atan2
asin
pow
exp
frexp
acos
tan

api-ms-win-crt-filesystem-l1-1-0

remove
rename

Exports

Exports

luaL_addgsub
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_buffinitsize
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_checkversion_
luaL_error
luaL_execresult
luaL_fileresult
luaL_getmetafield
luaL_getsubtable
luaL_gsub
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffsize
luaL_pushresult
luaL_pushresultsize
luaL_ref
luaL_requiref
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_tolstring
luaL_traceback
luaL_typeerror
luaL_unref
luaL_where
lua_absindex
lua_arith
lua_atpanic
lua_callk
lua_checkstack
lua_close
lua_closeslot
lua_compare
lua_concat
lua_copy
lua_createtable
lua_dump
lua_error
lua_gc
lua_getallocf
lua_getfield
lua_getglobal
lua_gethook
lua_gethookcount
lua_gethookmask
lua_geti
lua_getinfo
lua_getiuservalue
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_iscfunction
lua_isinteger
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_len
lua_load
lua_newstate
lua_newthread
lua_newuserdatauv
lua_next
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawgetp
lua_rawlen
lua_rawset
lua_rawseti
lua_rawsetp
lua_resetthread
lua_resume
lua_rotate
lua_setallocf
lua_setcstacklimit
lua_setfield
lua_setglobal
lua_sethook
lua_seti
lua_setiuservalue
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_setwarnf
lua_status
lua_stringtonumber
lua_toboolean
lua_tocfunction
lua_toclose
lua_tointegerx
lua_tolstring
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_warning
lua_xmove
lua_yieldk
luaopen_base
luaopen_coroutine
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table
luaopen_utf8

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiHack v1.6/lua.md
.js
MultiHack v1.6/spel64.dll
.dll windows:6 windows x64 arch:x64

Password: 1212

2e7b0100a9237666ee729368d7009231

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualFree
VirtualAlloc
GetProcessId
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
LoadLibraryA
CloseHandle
GetThreadContext
GetProcAddress
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
SetThreadContext
OpenThread
GetCurrentProcess
CreateRemoteThread
WaitForSingleObject
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memset
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
fputc
fwrite
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fgetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_cexit
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_seh_filter_dll
_execute_onexit_table
_initterm_e
_initterm
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

free_library
free_library_ex
hijack_first_thread
hijack_thread
load_library
load_library_ex

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 1212

Password: 1212

cdeb934de86508839c03da752239bd9f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 134KB - Virtual size: 134KB

.bss Size: 1KB - Virtual size: 1KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 4KB - Virtual size: 7KB

.bsS Size: 316KB - Virtual size: 315KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

Password: 1212

7625123f8a50d6fb5d936ada4cfeae50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 887KB - Virtual size: 887KB

.rdata Size: 233KB - Virtual size: 233KB

.data Size: 18KB - Virtual size: 26KB

.pdata Size: 39KB - Virtual size: 38KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

Password: 1212

055dc12745a24a0774feab1febcc37fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

dinput8

hid

shlwapi

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 12KB - Virtual size: 18KB

.pdata Size: 16KB - Virtual size: 16KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

Password: 1212

565b868082779a5e858ec799f2a24b2e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 72KB - Virtual size: 72KB

.text
Size: 134KB - Virtual size: 134KB

.bss
Size: 1KB - Virtual size: 1KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 4KB - Virtual size: 7KB

.bsS
Size: 316KB - Virtual size: 315KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 887KB - Virtual size: 887KB

.rdata
Size: 233KB - Virtual size: 233KB

.data
Size: 18KB - Virtual size: 26KB

.pdata
Size: 39KB - Virtual size: 38KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 12KB - Virtual size: 18KB

.pdata
Size: 16KB - Virtual size: 16KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 12KB - Virtual size: 38KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 744B

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

d0:e1:c5:c9:a0:a0:0c:0c:b9:e8:4a:b1:1a:22:05:12:43:17:48:26
Signer

.text
Size: 365KB - Virtual size: 365KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 10KB - Virtual size: 17KB

.pdata
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 5KB - Virtual size: 4KB