D:\pc backup\desktop\General Ceat Shit\Personal Projects\garrysmod-2020\bin\garrysmod.pdb
Static task
static1
1 signatures
General
-
Target
Memoriam.dll
-
Size
2.4MB
-
MD5
19e245e68038e42dd2dee9f2d9552848
-
SHA1
44254100bc9f2a0347f45888ff1f72406ed0f29a
-
SHA256
2ad0af03c173315ba84e0f9da1dc20d402a0d871dc557d893fc1eaa4eb367d94
-
SHA512
fcbdafb2a62824b737fafdbaf4e4f4712099edd3e4a3d4bb111a656aa040ac8e2d8ba8f518470fba12d20978dbabdc8022390c982ddf5d2f6d0b9d3749939bad
-
SSDEEP
24576:FO3CTTKALNq27Uv9LOaYlPYWmaxfImp+D0HLAU7TEbrGCn1Y+PnnUh0lhSMXl/Zq:F6CTTW27Uv/YlPVm0p7HLJqvvnZ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Memoriam.dll
Files
-
Memoriam.dll.dll windows:6 windows x64 arch:x64
92e763979f0ed7a4a2f0b5f92c77e392
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
SetLastError
GetModuleHandleW
lstrcmpiW
GetCurrentProcess
CreateThread
CreateFileA
GetFileSizeEx
ReadFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
CloseHandle
GetWindowsDirectoryA
GetProcAddress
GetModuleHandleA
QueryPerformanceFrequency
LoadLibraryA
SuspendThread
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcessId
OpenThread
MapViewOfFile
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
UnmapViewOfFile
CreateFileMappingA
ResumeThread
GetCurrentThreadId
GetLastError
HeapCreate
K32GetModuleInformation
GetCurrentThread
user32
SetClipboardData
GetClipboardData
EmptyClipboard
TrackMouseEvent
GetKeyState
GetCapture
SetCapture
LoadCursorA
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursorPos
SetCursor
CloseClipboard
ClientToScreen
ScreenToClient
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
MessageBoxW
GetForegroundWindow
MapVirtualKeyA
GetKeyNameTextA
SetWindowLongPtrA
CallWindowProcA
MessageBoxA
GetCursorPos
OpenClipboard
advapi32
RegEnumValueA
RegCloseKey
RegOpenKeyExA
msvcp140
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xbad_function_call@std@@YAXXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
imm32
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
vcruntime140
__current_exception
__current_exception_context
longjmp
__intrinsic_setjmp
__std_type_info_destroy_list
__C_specific_handler
memchr
memmove
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
strrchr
_CxxThrowException
memcmp
strstr
memset
memcpy
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
_errno
exit
abort
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_wassert
_execute_onexit_table
_crt_atexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
terminate
_cexit
api-ms-win-crt-math-l1-1-0
tanf
_dsign
remainderf
acosf
atan2f
floor
cosf
roundf
pow
floorf
ceilf
_ldsign
sinf
sqrtf
fminf
asin
atanf
fmodf
ceil
_fdsign
_ldclass
_fdclass
_dclass
ldexp
api-ms-win-crt-stdio-l1-1-0
ungetc
fwrite
ftell
fseek
fread
__stdio_common_vsscanf
fgetc
_wfopen
ferror
__stdio_common_vsprintf
feof
__stdio_common_vfprintf
__acrt_iob_func
fclose
setvbuf
_fseeki64
fsetpos
fputc
fgetpos
fflush
_get_stream_buffer_pointers
api-ms-win-crt-string-l1-1-0
toupper
isspace
strncmp
strcmp
_strnicmp
strncpy
api-ms-win-crt-heap-l1-1-0
free
_callnewh
calloc
malloc
realloc
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
atoi
atof
strtod
strtoull
strtol
strtoll
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ