r77 | 163c65dc199555b52df87f41c10cd44c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

163c65dc199555b52df87f41c10cd44c_JaffaCakes118
Size

1.9MB
MD5

163c65dc199555b52df87f41c10cd44c
SHA1

a40e1501bf187b90796ac9e06f8d67392ce2a80b
SHA256

6e83e0c682d0323703eb728f80cf43c0d88c8d06af7021176b7d7e1762ba78b1
SHA512

cc4e8c317779177bc906f972b6b9d51ba80e01390f6775b32b7da7d690fa3f5f69042856dd2272abcd0e0d55d568b21830e612874f1f57b32b58727b49281e61
SSDEEP

49152:fP4RcrR2BaZfjwJcLG2memkvADts+soY12cna:0cd2aEJcHApzZca

Score

10^/10

upx r77

Malware Config

Signatures

R77 family
r77

r77 rootkit payload 2 IoCs

Detects the payload of the r77 rootkit.

resource	yara_rule
static1/unpack001/Deceit ЧИТ/Cheat/DeceitHack_v4.dll	r77_payload
static1/unpack001/Deceit ЧИТ/Cheat/DrankDad.dll	r77_payload

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Deceit ЧИТ/GH Injector - x64.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Deceit ЧИТ/Cheat/Cyberdeceit.dll
unpack001/Deceit ЧИТ/Cheat/DRANKDAD V2.dll
unpack001/Deceit ЧИТ/Cheat/DRANKDAD V2_[unknowncheats.me]_.dll
unpack001/Deceit ЧИТ/Cheat/DeceitHack_v4.dll
unpack001/Deceit ЧИТ/Cheat/Deceit_[unknowncheats.me]_ (1).dll
unpack001/Deceit ЧИТ/Cheat/Deceit_[unknowncheats.me]_.dll
unpack001/Deceit ЧИТ/Cheat/DrankDad.dll
unpack001/Deceit ЧИТ/Cheat/DrunkDad (1).exe
unpack001/Deceit ЧИТ/GH Injector - x64.dll
unpack001/Deceit ЧИТ/GH Injector - x64.exe
unpack002/out.upx

Files

163c65dc199555b52df87f41c10cd44c_JaffaCakes118
.rar
Deceit ЧИТ/1333777.jpg
.jpg
Deceit ЧИТ/Cheat/Cyberdeceit.dll
.dll windows:6 windows x64 arch:x64

d05913b4c89a69fc9be03aeeaa3d3440

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\source\D3D11-Wallhack-master\x64\Release\CyberDeceit.pdb

Imports

kernel32

GetModuleFileNameA
WriteProcessMemory
VirtualProtect
GetModuleHandleA
OpenProcess
Sleep
K32GetModuleFileNameExA
DisableThreadLibraryCalls
GetCurrentThread
CloseHandle
CreateThread
ReadProcessMemory
K32EnumProcessModules
GetTickCount
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
QueryPerformanceCounter
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
SuspendThread
ResumeThread
QueryPerformanceFrequency
GlobalUnlock
GlobalFree
GlobalLock
WaitForSingleObjectEx
GlobalAlloc
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
EnterCriticalSection

user32

CreateWindowExA
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
GetForegroundWindow
ClientToScreen
ScreenToClient
LoadCursorA
GetKeyState
GetWindowThreadProcessId
GetAsyncKeyState
CallWindowProcA
MessageBoxA
DefWindowProcA
RegisterClassExA
GetWindowLongPtrA
SetWindowLongPtrA
FindWindowA
SetClipboardData

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

d3dcompiler_47

D3DCompile

msvcp140

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140

memmove
memchr
strstr
__std_exception_destroy
__std_exception_copy
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
memset
_CxxThrowException
memcpy
__CxxFrameHandler3
__std_type_info_destroy_list
__std_terminate

api-ms-win-crt-stdio-l1-1-0

fseek
__stdio_common_vsprintf_s
fputc
fgetpos
_get_stream_buffer_pointers
_fseeki64
setvbuf
__stdio_common_vsscanf
fread
ungetc
__stdio_common_vsprintf
_wfopen
fwrite
fsetpos
ftell
__stdio_common_vfprintf
fgetc
fclose
fflush
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strcmp
isprint
strcat_s
strncpy
strcpy_s

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_invalid_parameter_noinfo_noreturn
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_errno
terminate
_seh_filter_dll
_initterm_e
_invalid_parameter_noinfo

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

floorf
ceilf
cosf
fmodf
sqrtf
sinf
powf
pow

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/Cheat/DRANKDAD V2.dll
.dll windows:6 windows x64 arch:x64

ff3562468dc567fce4c336fa9f41c65f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Twent\source\repos\DrankDadForFree\x64\Release\DRANKDAD.pdb

Imports

kernel32

GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
DisableThreadLibraryCalls
Process32Next
CloseHandle
CreateThread
ReadProcessMemory
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
LoadLibraryA
GetProcAddress
DeleteCriticalSection
FreeLibrary
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
HeapFree
GetCurrentProcess
Module32First
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Module32Next
VirtualProtect
lstrcmpA
WriteProcessMemory
Process32First
Thread32Next
GetModuleFileNameA

user32

SetWindowLongPtrA
CallWindowProcA
SetRect
GetWindowThreadProcessId
GetAsyncKeyState
MessageBoxA
DefWindowProcA
CreateWindowExA
GetWindowLongPtrA
FindWindowA
RegisterClassExA
GetCursorPos
FillRect

gdi32

DeleteObject
GetObjectA
CreateSolidBrush
GetCurrentObject

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

msvcp140

_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z

vcruntime140

__C_specific_handler
memmove
memcpy
memcmp
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
memset
_CxxThrowException
__std_type_info_destroy_list
_purecall

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
exit
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

sqrtf
ceilf
floorf

Exports

Exports

FW1CreateFactory

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/Cheat/DRANKDAD V2_[unknowncheats.me]_.dll
.dll windows:6 windows x64 arch:x64

ff3562468dc567fce4c336fa9f41c65f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Twent\source\repos\DrankDadForFree\x64\Release\DRANKDAD.pdb

Imports

kernel32

GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
DisableThreadLibraryCalls
Process32Next
CloseHandle
CreateThread
ReadProcessMemory
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
LoadLibraryA
GetProcAddress
DeleteCriticalSection
FreeLibrary
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
HeapFree
GetCurrentProcess
Module32First
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Module32Next
VirtualProtect
lstrcmpA
WriteProcessMemory
Process32First
Thread32Next
GetModuleFileNameA

user32

SetWindowLongPtrA
CallWindowProcA
SetRect
GetWindowThreadProcessId
GetAsyncKeyState
MessageBoxA
DefWindowProcA
CreateWindowExA
GetWindowLongPtrA
FindWindowA
RegisterClassExA
GetCursorPos
FillRect

gdi32

DeleteObject
GetObjectA
CreateSolidBrush
GetCurrentObject

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

msvcp140

_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z

vcruntime140

__C_specific_handler
memmove
memcpy
memcmp
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
memset
_CxxThrowException
__std_type_info_destroy_list
_purecall

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
exit
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

sqrtf
ceilf
floorf

Exports

Exports

FW1CreateFactory

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/Cheat/Deceit.ini
Deceit ЧИТ/Cheat/DeceitHack_v4.dll
.dll windows:6 windows x64 arch:x64

c8519eafc25c5f6641e4409f0efbbad2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Twent\Desktop\DeceitInternal - Copy\D3D11Hook\x64\Release\D3D11Hook.pdb

Imports

kernel32

GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
DisableThreadLibraryCalls
Process32Next
CloseHandle
CreateThread
ReadProcessMemory
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
LoadLibraryA
GetProcAddress
DeleteCriticalSection
FreeLibrary
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Module32First
GetCurrentThreadId
SuspendThread
ResumeThread
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Module32Next
GetModuleFileNameA
VirtualProtect
WriteProcessMemory
lstrcmpA
Process32First
Thread32First

user32

GetWindowThreadProcessId
MessageBoxA
CreateWindowExA
GetWindowLongPtrA
FindWindowA
RegisterClassExA
DefWindowProcA
FillRect
SetRect
GetAsyncKeyState

gdi32

DeleteObject
CreateSolidBrush
GetObjectA
GetCurrentObject

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140

__std_type_info_destroy_list
memmove
memcpy
__CxxFrameHandler3
__std_terminate
_CxxThrowException
__std_exception_destroy
_purecall
__std_exception_copy
__C_specific_handler
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-math-l1-1-0

floorf
sqrtf
ceilf

Exports

Exports

FW1CreateFactory

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/Cheat/Deceit_[unknowncheats.me]_ (1).dll
.dll windows:6 windows x64 arch:x64

3b9d21caa0394658f772bef9489e9a3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\SuXxeed\Desktop\DeceitHack - forall\Framework-master\x64\Release\Deceit.pdb

Imports

kernel32

Module32Next
Module32First
lstrcmpA
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32Next
CloseHandle
ReadProcessMemory
WriteProcessMemory
GetStdHandle
CreateThread
RtlLookupFunctionEntry
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlCaptureContext
InitializeSListHead
RtlVirtualUnwind
Process32First

user32

GetWindowRect
LoadCursorA
ShowWindow
GetWindowLongA
CreateWindowExA
SetLayeredWindowAttributes
LoadIconA
RegisterClassExA
DispatchMessageA
GetAsyncKeyState
FindWindowA
MoveWindow
GetForegroundWindow
GetWindowThreadProcessId
PostQuitMessage
DefWindowProcA
TranslateMessage
PeekMessageA

gdi32

CreateSolidBrush

dwmapi

DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9Ex

d3dx9_43

D3DXCreateLine
D3DXCreateFontA

vcruntime140

__C_specific_handler
memset
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_execute_onexit_table
_initterm
_cexit
_crt_atexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
exit
_invalid_parameter_noinfo_noreturn
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-math-l1-1-0

sqrtf

api-ms-win-crt-string-l1-1-0

strcmp

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/Cheat/Deceit_[unknowncheats.me]_.dll
.dll windows:6 windows x64 arch:x64

000a5d0a54d8b65b77e16287d7215a61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\manno\Desktop\DeceitHack\Framework-master\x64\Release\Deceit.pdb

Imports

kernel32

Module32Next
Module32First
lstrcmpA
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32Next
CloseHandle
ReadProcessMemory
GetStdHandle
CreateThread
WriteProcessMemory
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
Process32First
TerminateProcess

user32

LoadCursorA
GetWindowRect
ShowWindow
GetWindowLongA
CreateWindowExA
SetLayeredWindowAttributes
FindWindowA
GetForegroundWindow
MoveWindow
LoadIconA
RegisterClassExA
DispatchMessageA
GetAsyncKeyState
DefWindowProcA
TranslateMessage
PeekMessageA
PostQuitMessage
GetWindowThreadProcessId

gdi32

CreateSolidBrush

dwmapi

DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9Ex

d3dx9_43

D3DXCreateFontA
D3DXCreateLine

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlAdjustPrivilege
RtlVirtualUnwind
NtRaiseHardError

vcruntime140

__C_specific_handler
memset
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_seh_filter_dll
_cexit
_initterm
_initterm_e
exit
_crt_atexit
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-math-l1-1-0

sqrtf

api-ms-win-crt-string-l1-1-0

strcmp

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/Cheat/DrankDad.dll
.dll windows:6 windows x64 arch:x64

c8519eafc25c5f6641e4409f0efbbad2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Twent\Desktop\DeceitInternal - Copy\D3D11Hook\x64\Release\D3D11Hook.pdb

Imports

kernel32

GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
DisableThreadLibraryCalls
Process32Next
CloseHandle
CreateThread
ReadProcessMemory
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
LoadLibraryA
GetProcAddress
DeleteCriticalSection
FreeLibrary
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Module32First
GetCurrentThreadId
SuspendThread
ResumeThread
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Module32Next
GetModuleFileNameA
VirtualProtect
WriteProcessMemory
lstrcmpA
Process32First
Thread32First

user32

GetWindowThreadProcessId
MessageBoxA
CreateWindowExA
GetWindowLongPtrA
FindWindowA
RegisterClassExA
DefWindowProcA
FillRect
SetRect
GetAsyncKeyState

gdi32

DeleteObject
CreateSolidBrush
GetObjectA
GetCurrentObject

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140

__std_type_info_destroy_list
memmove
memcpy
__CxxFrameHandler3
__std_terminate
_CxxThrowException
__std_exception_destroy
_purecall
__std_exception_copy
__C_specific_handler
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-math-l1-1-0

floorf
sqrtf
ceilf

Exports

Exports

FW1CreateFactory

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/Cheat/DrunkDad (1).exe
.exe windows:6 windows x64 arch:x64

156c487c068a1b1f0f29d3f33a8bbab8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Twent\Desktop\DeceitExternalOverlay\DeceitExternalOverlay\x64\Release\DeceitExternalOverlay.pdb

Imports

kernel32

WriteProcessMemory
Module32Next
Module32First
lstrcmpA
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
ReadProcessMemory
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcess
Process32First
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
TerminateProcess
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep

user32

GetWindowRect
LoadCursorA
ShowWindow
GetWindowLongA
MoveWindow
SetLayeredWindowAttributes
LoadIconA
RegisterClassExA
GetWindowThreadProcessId
GetAsyncKeyState
GetForegroundWindow
FindWindowA
DispatchMessageA
DefWindowProcA
TranslateMessage
PeekMessageA
PostQuitMessage
CreateWindowExA

gdi32

CreateSolidBrush

dwmapi

DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9Ex

d3dx9_43

D3DXCreateFontA
D3DXCreateLine

vcruntime140

__C_specific_handler
memset

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
__p___argv
__p___argc
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_seh_filter_exe
_set_app_type
_cexit
_configure_narrow_argv
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
_set_fmode
__stdio_common_vsprintf
__p__commode

api-ms-win-crt-math-l1-1-0

sqrtf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/GH Injector - x64.dll
.dll windows:6 windows x64 arch:x64

4269d9f4fc5129def70d1dfac5155bfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\konra\Desktop\GH Injector 3.0\GH Injector Library\Release\x64\GH Injector - x64.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
Module32Next
Module32First
CreateToolhelp32Snapshot
GetLastError
LoadLibraryA
ReadProcessMemory
WriteProcessMemory
VirtualFree
GetHandleInformation
VirtualAlloc
GetTempPathW
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
CopyFileW
VirtualFreeEx
GetTickCount
DisableThreadLibraryCalls
IsWow64Process
GetCurrentThreadId
SuspendThread
ResumeThread
GetExitCodeThread
CloseHandle
DeleteFileW
QueueUserAPC
GetThreadContext
SetThreadContext
OpenThread
GetExitCodeProcess
Wow64SetThreadContext
Wow64GetThreadContext
Wow64SuspendThread
CreateProcessW
GetFileAttributesW
Module32FirstW
GetCurrentProcessId
Module32NextW
RtlLookupFunctionEntry
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
OpenProcess
DuplicateHandle
GetProcessId
Sleep
GetCurrentProcess
RtlCaptureContext

user32

GetWindowThreadProcessId
IsWindowVisible
SetWindowsHookExA
UnhookWindowsHookEx
EnumWindows
SendMessageA
GetClassNameW
SetForegroundWindow
GetWindowTextW

advapi32

CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
OpenProcessToken

msvcp140

??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1_Lockit@std@@QEAA@XZ

wtsapi32

WTSQueryUserToken

vcruntime140

memset
memmove
__std_type_info_destroy_list
_CxxThrowException
__C_specific_handler
__std_exception_copy
__std_exception_destroy
strchr
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-convert-l1-1-0

atoi
mbstowcs_s

api-ms-win-crt-stdio-l1-1-0

fgetwc
ungetwc
fputwc
setvbuf
__stdio_common_vswprintf
fputc
_get_stream_buffer_pointers
fflush
fclose
_fseeki64
fgetc
fread
fsetpos
fwrite
ungetc
fgetpos

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_wrename
_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64_s
wcsftime
_time64

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

InjectA
InjectW

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/GH Injector - x64.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 378KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Deceit ЧИТ/GH Injector Config.ini
Deceit ЧИТ/Новая папка/Новый текстовый документ.txt

Sharing

General

Malware Config

Signatures

Files

d05913b4c89a69fc9be03aeeaa3d3440

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

imm32

d3dcompiler_47

msvcp140

d3d11

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 206KB - Virtual size: 206KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 9KB - Virtual size: 9KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 60B

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

ff3562468dc567fce4c336fa9f41c65f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

d3dcompiler_47

d3d11

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1024B - Virtual size: 736B

ff3562468dc567fce4c336fa9f41c65f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

d3dcompiler_47

d3d11

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

.text
Size: 206KB - Virtual size: 206KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 9KB - Virtual size: 9KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 60B

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1024B - Virtual size: 736B

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1024B - Virtual size: 736B

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 680B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 660B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 32B