Mad[.]Father[.]v11[.]07[.]2020[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Mad.Father.v11.07.2020.zip
Size

129.3MB
MD5

e5137d37537667e9511bcd2b867cfcb2
SHA1

963acc67c74e0efa6044befa1edb23b8c817cebb
SHA256

83b1cf864bc6c51f8bb092ddfe9710b993a0df3bd61d9aa7e6ca9fb72d495bbc
SHA512

49fabad14e83effe24dcd4f72856847eacb2b0b7f0eeb43ddee4bea568a8e33cde6dbaf9ec6053472e840926c637052c846839798c169dee0368815b6b7e5a64
SSDEEP

3145728:EIRpaq5jPwOz5cvbzzs52OaSxfS47xsCSuK/Ykp+ZCXCi3JAiSA:EIWq5zwJbk52Zqh1s9d/YkUZCXCi5AiJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Config.exe
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Game.exe
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/GuruguruSMF4.dll
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/LAUNCHER.exe
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/LAUNCHER_x64.exe
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu.dll
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEFirewall.dll
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEFirewall64.dll
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/x64/SSEOverlay.dll
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/x86/SSEOverlay.dll
unpack001/Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu64.dll

Files

Mad.Father.v11.07.2020.zip
.zip
Mad.Father.v11.07.2020/HOW TO RUN GAME!!.txt
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Config.exe
.exe windows:4 windows x86 arch:x86

891c3588c50fdb74500d7a3a638a31b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\（◆開発用ディレクトリ）\[▼作業用]プログラム\RPGコンフィグプログラムOld+\Release\RPGコンフィグプログラム.pdb

Imports

kernel32

GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
VirtualAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
VirtualProtect
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedIncrement
FormatMessageA
LocalFree
InterlockedDecrement
MulDiv
SetLastError
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
lstrcpynA
WritePrivateProfileStringA
GlobalUnlock
GlobalFree
FreeResource
CloseHandle
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
UnhandledExceptionFilter
GetVersionExA

user32

DestroyMenu
GetSysColorBrush
LoadCursorA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetCapture
MessageBoxA
GetSystemMetrics
DrawIcon
SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
PostMessageA
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
wsprintfA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetForegroundWindow
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA

gdi32

GetDeviceCaps
GetStockObject
DeleteDC
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
SetViewportOrgEx

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Data.wolf
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Game.exe
.exe windows:4 windows x86 arch:x86

f502805c50a3ebd755fb4d2489a72f9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\（◆開発用ディレクトリ）\[▼作業用]プログラム\RPGドライブプログラム - 20171023_SteamKit_ver2.21版\Rpgドライブプログラム\Release\Game.pdb

Imports

shlwapi

PathIsDirectoryA

kernel32

GetExitCodeThread
GetDiskFreeSpaceExA
lstrlenA
CreateFileA
GetLastError
WriteFile
FlushFileBuffers
Sleep
DeleteCriticalSection
RaiseException
GetFileAttributesA
CloseHandle
OutputDebugStringA
RemoveDirectoryA
CopyFileA
DeleteFileA
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcpyA
GetModuleFileNameA
GetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SetCurrentDirectoryA
CreateDirectoryA
GetTickCount
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
InitializeCriticalSection
GetEnvironmentStringsW
ReleaseSemaphore
CreateSemaphoreA
lstrcpynW
MulDiv
lstrcpyW
lstrcmpW
GetThreadPriority
WaitForMultipleObjects
lstrlenW
FindNextFileW
FindFirstFileW
GetFileSize
GetTempFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
ResumeThread
SuspendThread
SetThreadPriority
GetProcessHeap
GetLocalTime
GlobalMemoryStatus
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetModuleHandleA
TerminateProcess
GetCurrentProcess
MoveFileA
MultiByteToWideChar
ExitThread
GetCurrentThreadId
CreateThread
GetDriveTypeA
GetFullPathNameA
GetStartupInfoA
GetCommandLineA
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetTimeZoneInformation
UnhandledExceptionFilter
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
SetStdHandle
VirtualProtect
GetSystemInfo
SetEndOfFile
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedIncrement
InterlockedDecrement
ResetEvent
WaitForSingleObject
CreateEventA
SetEvent
CreateFileW
DeleteFileW
GetTempPathW
GlobalSize
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExW
OutputDebugStringW

user32

ShowWindow
SetWindowPos
SetFocus
CreateDialogParamA
SendDlgItemMessageA
GetScrollPos
GetDlgItem
DestroyWindow
CloseClipboard
SetClipboardData
EmptyClipboard
MessageBoxA
GetWindowRect
GetDC
SetMenu
SetWindowTextW
SetClassLongW
LoadIconW
SystemParametersInfoW
UpdateWindow
SetWindowRgn
SendMessageW
GetMenuItemInfoW
GetMenuItemCount
PostMessageW
ShowCursor
SetCursorPos
MessageBoxW
GetClientRect
FillRect
ChangeDisplaySettingsA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetActiveWindow
AdjustWindowRectEx
SetWindowLongW
DrawMenuBar
MoveWindow
DefWindowProcW
SetCursor
PostQuitMessage
EndPaint
BeginPaint
DestroyMenu
BringWindowToTop
RegisterClassExW
LoadCursorW
GetWindowLongW
FindWindowW
UnregisterClassW
UnhookWindowsHookEx
GetDesktopWindow
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
PeekMessageW
KillTimer
GetMonitorInfoW
EnumDisplaySettingsW
GetKeyboardState
PostThreadMessageA
GetQueueStatus
RegisterWindowMessageA
MsgWaitForMultipleObjects
ReleaseDC
GetCursorPos
MonitorFromPoint
EnumDisplayMonitors
GetMonitorInfoA
CharNextA
ClientToScreen
ClipCursor
SendMessageA
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard

gdi32

AddFontResourceExA
RemoveFontResourceExA
DeleteObject
CombineRgn
CreateRectRgn
GetObjectA
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
GetStockObject
CreateSolidBrush
SetDIBitsToDevice
StretchDIBits
CreateDCW
Rectangle
GetGlyphOutlineW
GetTextMetricsA
CreateFontW
SetBkMode
SetBkColor
SetTextColor
GetCharacterPlacementW
TextOutW
GetTextExtentPoint32W
EnumFontFamiliesExW
GetDeviceCaps

shell32

DragQueryFileA
DragQueryFileW
DragFinish
DragAcceptFiles
ShellExecuteA

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

winmm

timeGetTime

steam_api

SteamUtils
SteamAPI_RunCallbacks
SteamController
SteamClient
SteamAPI_Init
SteamAPI_RestartAppIfNecessary
SteamAPI_RegisterCallback
SteamUserStats
SteamUser
SteamAPI_UnregisterCallback

ole32

CoCreateInstance

oleaut32

SysFreeString

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/Game.ini
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/GuruguruSMF4.dll
.dll windows:4 windows x86 arch:x86

b600469a29e3d62b811b9ea4936cd290

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

midiOutShortMsg
midiOutUnprepareHeader
midiOutLongMsg
midiOutPrepareHeader
midiOutClose
midiOutOpen
timeKillEvent
timeEndPeriod
timeSetEvent
timeBeginPeriod
timeGetTime

kernel32

InterlockedDecrement
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
CreateFileW
GetLastError
WideCharToMultiByte
CreateFileA
GetFileSize
CloseHandle
ReadFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetExitCodeThread
TerminateThread
WaitForSingleObject
CreateThread
SetThreadPriority
ResumeThread
GetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

Exports

Exports

GGS4AddDlsA
GGS4AddDlsW
GGS4AddListFromFileA
GGS4AddListFromFileW
GGS4AddListFromMemory
GGS4ClearList
GGS4CloseDevice
GGS4DeleteListItem
GGS4EnumList
GGS4GetPlayerStatus
GGS4GetSmfInformation
GGS4OpenDevice
GGS4Pause
GGS4Play
GGS4Restart
GGS4SetMasterPitch
GGS4SetMasterTempo
GGS4SetMasterVolume
GGS4Stop

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/LAUNCHER.exe
.exe windows:5 windows x86 arch:x86

0af9925d510541540a84a0f3211351ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Developments\Games\SmartSteamEmu\Release\SmartSteamLoader.pdb

Imports

kernel32

GetPrivateProfileIntW
GetPrivateProfileStringW
FindFirstFileW
FindClose
GetCommandLineW
GetModuleFileNameW
GetCurrentDirectoryW
GetPrivateProfileSectionNamesW
GetCurrentProcessId
OpenProcess
CreateThread
CreateProcessW
ResumeThread
WaitForSingleObject
GetExitCodeThread
Sleep
MultiByteToWideChar
GetLastError
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
WideCharToMultiByte
OpenFileMappingA
CreateSemaphoreW
SetEvent
CreateEventA
MapViewOfFile
CreateFileMappingA
CloseHandle
GetCurrentProcess
UnmapViewOfFile

user32

TranslateMessage
SendMessageW
PostQuitMessage
DestroyWindow
DispatchMessageW
CreateDialogParamW
IsDialogMessageW
GetMessageW
ShowWindow
MoveWindow
GetDesktopWindow
GetWindowRect
MessageBoxW

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA

shell32

CommandLineToArgvW

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

psapi

GetModuleFileNameExW

wintrust

WinVerifyTrust

msvcr100

memset
_CxxThrowException
memcpy
_wcsicmp
_controlfp_s
__CxxFrameHandler3
??3@YAXPAX@Z
memmove
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_wputenv
_vswprintf_c_l
tolower
_wtoi
fopen_s
fread
fclose
atoi
sprintf_s
memchr
??_V@YAXPAX@Z
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/LAUNCHER_x64.exe
.exe windows:5 windows x64 arch:x64

903779526007e11b7ce5986ad4a6fbad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamLoader_x64.pdb

Imports

kernel32

GetPrivateProfileIntW
GetPrivateProfileStringW
FindFirstFileW
FindClose
GetCommandLineW
GetModuleFileNameW
GetCurrentDirectoryW
GetPrivateProfileSectionNamesW
GetCurrentProcessId
OpenProcess
CreateThread
CreateProcessW
ResumeThread
WaitForSingleObject
GetExitCodeThread
Sleep
MultiByteToWideChar
GetLastError
DecodePointer
EncodePointer
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
WideCharToMultiByte
OpenFileMappingA
CreateSemaphoreW
SetEvent
CreateEventA
MapViewOfFile
CreateFileMappingA
CloseHandle
GetCurrentProcess
UnmapViewOfFile

user32

TranslateMessage
SendMessageW
PostQuitMessage
DestroyWindow
DispatchMessageW
CreateDialogParamW
IsDialogMessageW
GetMessageW
ShowWindow
MoveWindow
GetDesktopWindow
GetWindowRect
MessageBoxW

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA

shell32

CommandLineToArgvW

msvcp100

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

psapi

GetModuleFileNameExW

wintrust

WinVerifyTrust

msvcr100

_wcsicmp
memset
memcmp
_CxxThrowException
memcpy
__CxxFrameHandler3
??3@YAXPEAX@Z
memmove
??0exception@std@@QEAA@AEBV01@@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??2@YAPEAX_K@Z
_wputenv
_vswprintf_c_l
tolower
_wtoi
fopen_s
fread
fclose
atoi
sprintf_s
memchr
??_V@YAXPEAX@Z
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu.dll
.dll windows:5 windows x86 arch:x86

611b567a99ac191fb212bbac9d4effde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Developments\Games\SmartSteamEmu\Release\SmartSteamEmu.pdb

Imports

kernel32

CloseHandle
CreateThread
GetModuleFileNameW
GetTickCount
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
TerminateThread
CreateEventW
WaitForSingleObject
TryEnterCriticalSection
SetEvent
GetCurrentThread
Sleep
InterlockedExchange
ResumeThread
SuspendThread
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileW
ReadFile
GetCurrentProcessId
GetCurrentThreadId
WaitForMultipleObjects
CreateFileA
WriteFile
FindClose
GetFileSize
MoveFileW
GetExitCodeThread
InterlockedExchangeAdd
ExpandEnvironmentStringsW
CreateDirectoryW
FindFirstFileW
FindNextFileW
DeleteFileW
ResetEvent
GetSystemPowerStatus
GetProcAddress
LoadLibraryW
FormatMessageA
GetLastError
LocalFree
FreeLibrary
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetComputerNameW
WritePrivateProfileStringW
CopyFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
WideCharToMultiByte
MultiByteToWideChar
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
FlushFileBuffers
SetFilePointer
GetModuleHandleExW
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetSystemDirectoryW
CreateProcessW
DeviceIoControl
GetVersionExW
GetWindowsDirectoryA
CompareStringW
GetCurrentProcess
FlushInstructionCache
VirtualProtect
VirtualQuery
GetModuleHandleW
WriteConsoleW
InitializeSListHead
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleFileNameA
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetProcessHeap
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapSize
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoW
SetHandleCount
HeapDestroy
HeapCreate
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStringTypeW
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
GetThreadTimes
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
SwitchToThread
InitializeCriticalSectionAndSpinCount
TlsGetValue
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetFullPathNameA
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
CreateDirectoryA
HeapAlloc
HeapFree
GetEnvironmentVariableA
lstrcmpW
SignalObjectAndWait
GetThreadPriority
GetPriorityClass
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjectsEx
CancelWaitableTimer
GetVersionExA
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
EncodePointer
DecodePointer
ExitProcess
CreateEventA
WaitForSingleObjectEx
SetThreadPriority
LoadLibraryA
VerifyVersionInfoA
VerSetConditionMask
SetLastError
SleepEx
PeekNamedPipe

user32

GetAsyncKeyState
GetForegroundWindow
GetWindowThreadProcessId

advapi32

CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
GetUserNameW
GetCurrentHwProfileA
RegCloseKey
RegQueryValueExW
CryptGetHashParam

shell32

SHGetFolderPathW

ws2_32

getsockopt
__WSAFDIsSet
setsockopt
accept
listen
WSACleanup
WSAStartup
gethostname
WSAGetLastError
ntohs
bind
getsockname
select
htons
connect
gethostbyname
ioctlsocket
closesocket
recv
recvfrom
send
sendto
socket
inet_addr
inet_ntoa
ntohl
htonl
WSAIoctl
WSASetLastError
getpeername
freeaddrinfo
getaddrinfo

secur32

GetUserNameExW

wldap32

ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord26
ord50
ord60
ord143
ord211
ord22
ord30

normaliz

IdnToAscii

winmm

waveOutWrite
waveInAddBuffer
waveInUnprepareHeader
waveOutUnprepareHeader
waveInClose
waveOutClose
waveOutGetDevCapsA
waveOutMessage
waveInGetDevCapsA
waveInMessage
waveOutOpen
waveOutGetPosition
waveInOpen
waveInReset
timeEndPeriod
timeBeginPeriod
timeGetTime
waveOutReset
waveOutPrepareHeader
waveInPrepareHeader
waveInGetNumDevs
waveOutGetNumDevs
waveOutRestart
waveInStart
waveOutGetErrorTextA
waveOutPause
waveInGetErrorTextA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInterfaceRegKey
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfaceAlias

ole32

CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitializeEx
PropVariantClear
CoCreateInstance
CoInitialize

Exports

Exports

Breakpad_SetSteamID
Breakpad_SteamMiniDumpInit
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
GetHSteamPipe
GetHSteamUser
GetSSeApi
InitSSE
MySteamAPI_RegisterCallResult
MySteamAPI_RegisterCallback
MySteamAPI_UnregisterCallResult
MySteamAPI_UnregisterCallback
SSECreateProcess
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamAppList
SteamApps
SteamCheckAppOwnership
SteamCleanup
SteamClient
SteamController
SteamController_GetControllerState
SteamController_Init
SteamController_SetOverrideMode
SteamController_Shutdown
SteamController_TriggerHapticPulse
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUGC
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamGetLocalClientVersion
SteamGetVersion
SteamHTMLSurface
SteamHTTP
SteamInventory
SteamIsAppSubscribed
SteamIsLoggedIn
SteamIsSubscribed
SteamLogin
SteamLogout
SteamMatchmaking
SteamMatchmakingServers
SteamMusic
SteamMusicRemote
SteamNetworking
SteamRemoteStorage
SteamShutdownEngine
SteamShutdownSteamBridgeInterface
SteamStartEngine
SteamStartEngineEx
SteamStartup
SteamUGC
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
SteamVideo
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_GetHSteamUserCurrent
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_RegisterInterfaceFuncs
Steam_ReleaseUser
Steam_RunCallbacks
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
g_pSteamClientGameServer

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 611KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu.ini
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu.txt
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/218620/inventory.bin
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/218620/item_schema.bin
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/620/items.bin
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/730/items.bin
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/Readme.txt
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Common/avatar.png
.png
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEFirewall.dll
.dll windows:5 windows x86 arch:x86

88c007a4f14454037af77cae807a8470

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Developments\Games\SmartSteamEmu\Release\SSEFirewall.pdb

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
GetModuleHandleA
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

__dllonexit
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
free
_unlock
??2@YAPAXI@Z
??3@YAXPAX@Z
atoi
memmove
sprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_malloc_crt
_onexit
__clean_type_info_names_internal
_lock
_encoded_null
memcpy
_CxxThrowException
__CxxFrameHandler3

Exports

Exports

SmartInit
SmartReady
SmartShutdown
SmartUnready

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEFirewall.ini
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEFirewall64.dll
.dll windows:5 windows x64 arch:x64

421195b07e7f26b612ab093f071ce863

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Developments\Games\SmartSteamEmu\x64\Release\SSEFirewall64.pdb

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
GetModuleHandleA
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

msvcp100

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

msvcr100

_initterm_e
free
_encoded_null
_amsg_exit
__CppXcptFilter
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
__dllonexit
__C_specific_handler
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
atoi
memmove
sprintf_s
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBD@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
_malloc_crt
_onexit
_unlock
_lock
_initterm
memcpy
_CxxThrowException
__CxxFrameHandler3

Exports

Exports

SmartInit
SmartReady
SmartShutdown
SmartUnready

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEOverlay.ini
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEOverlay/Language.ini
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEOverlay/message.wav
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/SSEOverlay/screenshot.wav
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/x64/SSEOverlay.dll
.dll windows:6 windows x64 arch:x64

6ad9ecb86416cc1d11192b10e531cbd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Developments\Games\SSEOverlay\x64\Release\SSEOverlay.pdb

Imports

kernel32

GetTickCount
GetSystemDirectoryA
LoadLibraryA
GetCurrentThreadId
MulDiv
GlobalLock
GlobalUnlock
GetFileSize
WriteFile
ReadFile
CreateFileW
CloseHandle
GetModuleFileNameW
GetCurrentProcessId
CreateThread
TerminateThread
Sleep
MoveFileW
WriteConsoleW
SetStdHandle
FlushFileBuffers
TryEnterCriticalSection
GetConsoleMode
GetConsoleCP
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetLastError
LoadLibraryW
DeleteCriticalSection
SetFilePointerEx
InitializeCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapSize
GetModuleHandleExW
ExitProcess
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
DuplicateHandle
GetCurrentProcess
GetCurrentThread
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
GetCPInfo
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsProcessorFeaturePresent
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
ExitThread
LoadLibraryExW
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
SetEnvironmentVariableA

user32

SetRect
FillRect
GetForegroundWindow
GetClientRect
DefWindowProcW
CreateWindowExW
IsWindow
GetDesktopWindow
LoadIconW
RegisterClassExW
LoadCursorW
UnregisterClassW
DestroyWindow
WindowFromDC
OpenClipboard
SetCursor
ScreenToClient
GetClipCursor
ShowCursor
GetCursorInfo
GetActiveWindow
GetCursor
GetWindowThreadProcessId
GetKeyboardState
ToUnicode
CloseClipboard
GetClipboardData

gdi32

GetTextMetricsW
SelectObject
CreateFontW
GetStockObject
GetObjectW
GetCurrentObject
CreateSolidBrush
DeleteObject
GetTextExtentPoint32W

winmm

waveOutUnprepareHeader
mmioClose
mmioAscend
waveOutOpen
mmioDescend
waveOutWrite
waveOutClose
waveOutPrepareHeader
mmioOpenW
mmioStringToFOURCCA
mmioRead

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

SmartCallbackFilter
SmartInit
SmartRunFrame
SmartShutdown

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu/Plugins/x86/SSEOverlay.dll
.dll windows:6 windows x86 arch:x86

8214cd50309e2a0ce88e4ac58d1bd74c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Developments\Games\SSEOverlay\Release\SSEOverlay.pdb

Imports

kernel32

GetTickCount
GetSystemDirectoryA
LoadLibraryA
GetCurrentThreadId
MulDiv
GlobalLock
GlobalUnlock
GetFileSize
WriteFile
ReadFile
CreateFileW
CloseHandle
GetModuleFileNameW
GetCurrentProcessId
CreateThread
TerminateThread
Sleep
MoveFileW
WriteConsoleW
SetStdHandle
FlushFileBuffers
TryEnterCriticalSection
GetConsoleMode
GetConsoleCP
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetLastError
LoadLibraryW
DeleteCriticalSection
SetFilePointerEx
InitializeCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapSize
GetModuleHandleExW
ExitProcess
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
DuplicateHandle
GetCurrentProcess
GetCurrentThread
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
GetCPInfo
GetCommandLineA
RaiseException
RtlUnwind
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
ExitThread
LoadLibraryExW
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
SetEnvironmentVariableA

user32

SetRect
FillRect
GetForegroundWindow
GetClientRect
DefWindowProcW
CreateWindowExW
IsWindow
GetDesktopWindow
LoadIconW
RegisterClassExW
LoadCursorW
UnregisterClassW
DestroyWindow
WindowFromDC
OpenClipboard
SetCursor
ScreenToClient
GetClipCursor
ShowCursor
GetCursorInfo
GetActiveWindow
GetCursor
GetWindowThreadProcessId
GetKeyboardState
ToUnicode
CloseClipboard
GetClipboardData

gdi32

GetTextMetricsW
SelectObject
CreateFontW
GetStockObject
GetObjectW
GetCurrentObject
CreateSolidBrush
DeleteObject
GetTextExtentPoint32W

winmm

waveOutUnprepareHeader
mmioClose
mmioAscend
waveOutOpen
mmioDescend
waveOutWrite
waveOutClose
waveOutPrepareHeader
mmioOpenW
mmioStringToFOURCCA
mmioRead

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

SmartCallbackFilter
SmartInit
SmartRunFrame
SmartShutdown

Sections

.text
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/SmartSteamEmu64.dll
.dll windows:5 windows x64 arch:x64

5317b1a6241c23b239a3c8e5d48cdb82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamEmu64.pdb

Imports

kernel32

CloseHandle
CreateThread
GetModuleFileNameW
GetTickCount
TerminateThread
CreateEventW
WaitForSingleObject
TryEnterCriticalSection
SetEvent
GetCurrentThread
Sleep
ResumeThread
SuspendThread
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileW
ReadFile
GetCurrentProcessId
GetCurrentThreadId
WaitForMultipleObjects
CreateFileA
WriteFile
FindClose
GetFileSize
MoveFileW
GetExitCodeThread
ExpandEnvironmentStringsW
CreateDirectoryW
FindFirstFileW
FindNextFileW
DeleteFileW
ResetEvent
GetSystemPowerStatus
GetProcAddress
LoadLibraryW
FormatMessageA
GetLastError
LocalFree
FreeLibrary
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetComputerNameW
WritePrivateProfileStringW
CopyFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
WideCharToMultiByte
MultiByteToWideChar
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
FlushFileBuffers
SetFilePointer
GetModuleHandleExW
GetModuleHandleA
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
CreateProcessW
DeviceIoControl
GetVersionExW
GetWindowsDirectoryA
GetVersion
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
GetCurrentProcess
FlushInstructionCache
VirtualProtect
VirtualQuery
GetModuleHandleW
IsDebuggerPresent
UnhandledExceptionFilter
CompareStringW
WriteConsoleW
InitializeSListHead
TlsFree
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleFileNameA
TerminateProcess
GetStringTypeW
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetProcessHeap
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapSize
FlsAlloc
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoW
SetHandleCount
GetFileInformationByHandle
FindFirstFileExA
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
InitializeCriticalSection
HeapDestroy
GetDriveTypeA
GetThreadTimes
SwitchToThread
InitializeCriticalSectionAndSpinCount
TlsGetValue
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
GetCommandLineA
FlsSetValue
GetTimeFormatA
GetDateFormatA
GetFullPathNameA
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
CreateDirectoryA
HeapAlloc
HeapFree
GetEnvironmentVariableA
lstrcmpW
SignalObjectAndWait
GetThreadPriority
GetPriorityClass
CreateWaitableTimerA
EncodePointer
DecodePointer
ExitProcess
CreateEventA
WaitForSingleObjectEx
SetThreadPriority
LoadLibraryA
VerifyVersionInfoA
VerSetConditionMask
SetLastError
SleepEx
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
GetVersionExA
CancelWaitableTimer
WaitForMultipleObjectsEx
SetWaitableTimer
HeapCreate

user32

GetForegroundWindow
GetAsyncKeyState
GetWindowThreadProcessId

advapi32

CryptGetHashParam
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
GetUserNameW
GetCurrentHwProfileA
RegCloseKey
RegQueryValueExW
CryptDestroyHash

shell32

SHGetFolderPathW

ws2_32

getaddrinfo
freeaddrinfo
getpeername
WSASetLastError
WSAIoctl
__WSAFDIsSet
getsockopt
setsockopt
accept
listen
WSACleanup
WSAStartup
gethostname
WSAGetLastError
ntohs
bind
getsockname
select
htons
connect
gethostbyname
ioctlsocket
closesocket
recv
recvfrom
send
sendto
socket
inet_addr
inet_ntoa
ntohl
htonl

secur32

GetUserNameExW

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

normaliz

IdnToAscii

winmm

waveInAddBuffer
waveInUnprepareHeader
waveOutUnprepareHeader
waveInClose
waveInPrepareHeader
waveOutGetDevCapsA
waveOutMessage
waveInGetDevCapsA
waveInMessage
waveOutWrite
waveOutGetErrorTextA
waveInOpen
waveInGetErrorTextA
timeEndPeriod
timeBeginPeriod
timeGetTime
waveOutGetNumDevs
waveInGetNumDevs
waveOutGetPosition
waveOutRestart
waveInStart
waveOutPause
waveInReset
waveOutReset
waveOutOpen
waveOutPrepareHeader
waveOutClose

setupapi

SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInterfaceRegKey
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

ole32

CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitializeEx
PropVariantClear
CoCreateInstance
CoInitialize

Exports

Exports

Breakpad_SetSteamID
Breakpad_SteamMiniDumpInit
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
GetHSteamPipe
GetHSteamUser
GetSSeApi
InitSSE
MySteamAPI_RegisterCallResult
MySteamAPI_RegisterCallback
MySteamAPI_UnregisterCallResult
MySteamAPI_UnregisterCallback
SSECreateProcess
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamAppList
SteamApps
SteamCheckAppOwnership
SteamCleanup
SteamClient
SteamController
SteamController_GetControllerState
SteamController_Init
SteamController_SetOverrideMode
SteamController_Shutdown
SteamController_TriggerHapticPulse
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUGC
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamGetLocalClientVersion
SteamGetVersion
SteamHTMLSurface
SteamHTTP
SteamInventory
SteamIsAppSubscribed
SteamIsLoggedIn
SteamIsSubscribed
SteamLogin
SteamLogout
SteamMatchmaking
SteamMatchmakingServers
SteamMusic
SteamMusicRemote
SteamNetworking
SteamRemoteStorage
SteamShutdownEngine
SteamShutdownSteamBridgeInterface
SteamStartEngine
SteamStartEngineEx
SteamStartup
SteamUGC
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
SteamVideo
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_GetHSteamUserCurrent
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_RegisterInterfaceFuncs
Steam_ReleaseUser
Steam_RunCallbacks
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
g_pSteamClientGameServer

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/kurobara-gothic-medium.ttf
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/steam_api.dll
.dll windows:5 windows x86 arch:x86

4b75e8f71ef7ec9d7921abd4eaff587d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-09-2012 00:00

Not After

23-11-2015 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:3a:16:33:53:9d:ef:ce:47:08:d3:27:a4:94:41:7f:6f:61:10:55
Signer

Actual PE Digest

71:3a:16:33:53:9d:ef:ce:47:08:d3:27:a4:94:41:7f:6f:61:10:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildslave\steam_rel_client_win32\build\src\steam_api\Release\steam_api.pdb

Imports

kernel32

CloseHandle
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
GetCommandLineA
CreateMutexA
OpenProcess
GetModuleFileNameA
GetModuleHandleA
OutputDebugStringA
GetEnvironmentVariableA
SetEnvironmentVariableA
WaitForSingleObject
ReleaseMutex
GetExitCodeProcess
GetProcAddress
GetProcessHeap
SetEndOfFile
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
HeapCreate
HeapDestroy
ExitProcess
IsProcessorFeaturePresent
Sleep
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
CreateFileA
LCMapStringW
GetStringTypeW
WriteConsoleW
SetFilePointer
CreateFileW

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamController
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTTP
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamScreenshots
SteamUGC
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/Mad.Father.v11.07.2020/steam_appid.txt
Mad.Father.v11.07.2020/STEAMUNLOCKED » Free Steam Games Pre-installed for PC.url
Mad.Father.v11.07.2020/_Redist/dotNetFx40_Full_setup.exe
.exe windows:5 windows x86 arch:x86

02483cd76378259a50b7b66146b45f06

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d6:d5:21:44:87:a4:87:f6:84:c8:27:2e:90:f4:8d:98:d2:12:c9:41
Signer

Actual PE Digest

d6:d5:21:44:87:a4:87:f6:84:c8:27:2e:90:f4:8d:98:d2:12:c9:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

boxstub.pdb

Imports

advapi32

CryptGenRandom
CryptReleaseContext
DecryptFileW
CryptAcquireContextA

kernel32

Sleep
WaitForSingleObject
GetExitCodeProcess
CloseHandle
SetFileAttributesW
InitializeCriticalSection
CreateEventA
CreateThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetCommandLineW
CreateProcessW
CompareStringW
LocalFree
QueryDosDeviceW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetDriveTypeW
CreateFileW
DeviceIoControl
SetErrorMode
CreateDirectoryW
RemoveDirectoryW
MoveFileExW
LoadLibraryW
GetProcAddress
GetSystemDirectoryW
GetVersion
GetLastError
SetEnvironmentVariableW
ExitThread
GetTickCount
GetEnvironmentVariableW
GetModuleHandleW
lstrlenW
WaitForMultipleObjects
ResetEvent
GetSystemInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetEndOfFile
DuplicateHandle
ReadFile
SetFilePointerEx
GlobalFree
GlobalAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
LCMapStringW
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetStringTypeW
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileA
GetLocalTime
GetComputerNameW
lstrlenA
FormatMessageW
GetSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
DeleteFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentDirectoryW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
RaiseException

comctl32

ord17

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW

shlwapi

PathRemoveExtensionW

user32

MessageBoxW
GetTopWindow
GetWindowThreadProcessId
GetWindow
SendMessageA
PostMessageW
SendMessageW
DialogBoxParamA
GetDlgItem
SetWindowTextW
EndDialog
PostQuitMessage
DialogBoxParamW
SetWindowLongW
GetWindowLongW
LoadStringW
CharUpperW

cabinet

ord22
ord23
ord20

oleaut32

SysAllocString
VariantClear

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

?dwPlaceholder@@3PAEA
_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boxld01
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/_Redist/dxwebsetup.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:b8:85:36:04:6e:46:6d:2f:58:b3:18:fd:18:43:f0:b8:4b:28:d3
Signer

Actual PE Digest

47:b8:85:36:04:6e:46:6d:2f:58:b3:18:fd:18:43:f0:b8:4b:28:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/_Redist/oalinst.exe
.exe windows:4 windows x86 arch:x86

1ff011c2e13ea492fe69b2fbfc802083

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:33:6d:83:6a:19:e2:44:ff:0e:52:88:2e:b5:b1:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-06-2006 00:00

Not After

14-07-2009 23:59

Subject

CN=Creative Labs Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=CLI,O=Creative Labs Inc,L=Milpitas,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:34:e3:72:3d:d1:2b:57:d7:86:46:9b:d8:78:2f:92:cf:2d:5d:4f
Signer

Actual PE Digest

cb:34:e3:72:3d:d1:2b:57:d7:86:46:9b:d8:78:2f:92:cf:2d:5d:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cbs\build\ec922632-90cb-1015-8202-b7f05167b5ef\in\CTSDK\AL_Installer\Release\oalinst.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetFileAttributesA
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LoadResource
FindResourceA
ReadFile
SetEndOfFile
GetLocaleInfoW
HeapSize
IsValidCodePage
IsValidLocale
DeleteFileA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
SetStdHandle
InterlockedExchange
RemoveDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
CopyFileA
GetTempFileNameA
LockResource
MoveFileExA
GetTimeZoneInformation
CompareStringA
CompareStringW
EnumSystemLocalesA
VirtualAlloc
GetLastError
HeapFree
HeapAlloc
MoveFileA
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetEnvironmentVariableA
HeapReAlloc
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
LCMapStringA
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
SetConsoleCtrlHandler
FreeLibrary

user32

LoadCursorA
RegisterClassExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
PostQuitMessage
LoadIconA
SetClassLongA
LoadImageA
CreateWindowExA
SendMessageA
BeginPaint
GetClientRect
MoveWindow
DrawTextA
EndPaint
DefWindowProcA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/_Redist/vcredist_2015-2019_x64.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:01:34:22:1e:7e:49:2a:ac:da:6a:00:00:00:00:01:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-10-2019 18:17

Not After

03-01-2021 18:17

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:E041-4BEE-FA7E,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:cd:00:d9:81:97:db:3f:fb:fb:3f:54:d1:0a:0d:d4:f4:56:29:a6:03:63:86:3f:a0:b1:71:7e:4c:43:8a:da
Signer

Actual PE Digest

b4:cd:00:d9:81:97:db:3f:fb:fb:3f:54:d1:0a:0d:d4:f4:56:29:a6:03:63:86:3f:a0:b1:71:7e:4c:43:8a:da

Digest Algorithm

sha256

PE Digest Matches

true

77:97:6d:62:92:5a:37:44:2f:5d:c5:b0:8d:43:91:09:56:54:b2:48
Signer

Actual PE Digest

77:97:6d:62:92:5a:37:44:2f:5d:c5:b0:8d:43:91:09:56:54:b2:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/_Redist/vcredist_2015-2019_x86.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:01:2a:30:bf:85:c5:0e:b1:e2:8c:00:00:00:00:01:2a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-09-2019 20:40

Not After

04-12-2020 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:7D2E-3782-B0F7,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:6d:60:08:04:c6:65:c7:f8:0a:78:74:29:9a:a4:ab:9d:42:b8:ba:0c:df:95:ee:75:8a:64:a4:2f:71:a6:46
Signer

Actual PE Digest

74:6d:60:08:04:c6:65:c7:f8:0a:78:74:29:9a:a4:ab:9d:42:b8:ba:0c:df:95:ee:75:8a:64:a4:2f:71:a6:46

Digest Algorithm

sha256

PE Digest Matches

true

0b:05:b3:51:e7:d2:3f:ce:ad:94:9d:75:ac:64:9a:ad:21:01:73:2c
Signer

Actual PE Digest

0b:05:b3:51:e7:d2:3f:ce:ad:94:9d:75:ac:64:9a:ad:21:01:73:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/_Redist/vcredist_x64.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:67:e2:97:28:63:cf:54:51:e3:36:ce:0a:1f:4f:ce:6e:3a:bc:30
Signer

Actual PE Digest

b7:67:e2:97:28:63:cf:54:51:e3:36:ce:0a:1f:4f:ce:6e:3a:bc:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/_Redist/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d
Signer

Actual PE Digest

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.8MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Mad.Father.v11.07.2020/_Redist/xnafx40_redist.msi
.msi

Sharing

General

Malware Config

Signatures

Files

891c3588c50fdb74500d7a3a638a31b2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 24KB - Virtual size: 20KB

f502805c50a3ebd755fb4d2489a72f9d

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

shell32

wininet

winmm

steam_api

ole32

oleaut32

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 604KB - Virtual size: 603KB

.data Size: 2.5MB - Virtual size: 7.8MB

.rsrc Size: 8KB - Virtual size: 5KB

b600469a29e3d62b811b9ea4936cd290

Headers

File Characteristics

Imports

winmm

kernel32

ole32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 12KB - Virtual size: 9KB

0af9925d510541540a84a0f3211351ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp100

psapi

wintrust

msvcr100

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 64KB - Virtual size: 64KB

.rsrc Size: 87KB - Virtual size: 87KB

.reloc Size: 10KB - Virtual size: 10KB

903779526007e11b7ce5986ad4a6fbad

Headers

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 24KB - Virtual size: 20KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 604KB - Virtual size: 603KB

.data
Size: 2.5MB - Virtual size: 7.8MB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 87KB - Virtual size: 87KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 82KB - Virtual size: 84KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 87KB - Virtual size: 87KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 611KB - Virtual size: 610KB

.data
Size: 160KB - Virtual size: 181KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 306KB - Virtual size: 305KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1004B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB