C:\Users\user236264\Desktop\cheat\cheat\ya\v1\222\yes\output\build\kronos.pdb
General
-
Target
Loader.rar
-
Size
4.0MB
-
MD5
4c9e99ed99cdf11208fe82becc9c3c23
-
SHA1
a60f47e330d25737fc637b85223249001766e775
-
SHA256
dc583f2b93269018aaec7b934ceca20ac47313a38fb0896579265dc15fee0636
-
SHA512
21230dc6e012b4a06ab54f93b75a8c9ea2d2a80e8a6394ab5308c3502f33eb6529d60fc86b7a57127c2dcee2f4a0ea44b984ac0073269eb1cb69678795c2f35e
-
SSDEEP
98304:JtO1z17WDikAXdEfvOQzDcmEC66lRBjcDys8Ruv5std+:JE1hw9o3IVTKbyd+
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Loader/newshat/Mapper/map.exe themida -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Loader/newshat/Loader.exe unpack001/Loader/newshat/Mapper/map.exe
Files
-
Loader.rar.rar
-
Loader/newshat/Loader.exe.exe windows:6 windows x64 arch:x64
5a475f2fa016142a10ebe27e52f89f12
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
CreateToolhelp32Snapshot
CreateFileA
Process32Next
GetConsoleWindow
lstrcmpiA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
FreeConsole
ExitProcess
Process32First
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LocalFree
GetLocaleInfoEx
CreateDirectoryW
FindClose
Sleep
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
CloseHandle
LoadLibraryA
GetCurrentProcessId
GetModuleHandleA
VirtualAlloc
DeviceIoControl
VirtualFree
FormatMessageA
FreeLibrary
GetProcAddress
GetLastError
CreateFileW
LoadLibraryExA
FindFirstFileW
GetModuleFileNameA
user32
SendInput
GetCursorPos
GetForegroundWindow
GetAsyncKeyState
ScreenToClient
MessageBoxA
UpdateWindow
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetCursorPos
GetKeyState
FindWindowA
ShowWindow
MoveWindow
RegisterClassExA
DispatchMessageA
ReleaseCapture
SetProcessDPIAware
GetClientRect
SetCursor
PostQuitMessage
UnregisterClassA
PeekMessageA
LoadIconA
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
MonitorFromWindow
LoadCursorA
GetMonitorInfoA
SetWindowDisplayAffinity
SetWindowLongA
GetCapture
GetSystemMetrics
DestroyWindow
GetWindowRect
ClientToScreen
TrackMouseEvent
SetCapture
gdi32
CreateSolidBrush
advapi32
OpenProcessToken
RegQueryValueExA
RegCloseKey
GetUserNameW
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
shell32
SHGetFolderPathW
ShellExecuteA
msvcp140
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Query_perf_frequency
_Query_perf_counter
_Thrd_detach
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?good@ios_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Xtime_get_ticks
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xbad_alloc@std@@YAXXZ
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
NtQuerySystemInformation
dbghelp
ImageRvaToVa
ImageNtHeader
ImageDirectoryEntryToData
d3d11
D3D11CreateDeviceAndSwapChain
imm32
ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
d3dcompiler_47
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
vcruntime140_1
__CxxFrameHandler4
vcruntime140
strrchr
__intrinsic_setjmp
memmove
memcmp
memchr
memset
_CxxThrowException
__current_exception_context
__current_exception
memcpy
__std_exception_destroy
__C_specific_handler
longjmp
strchr
strstr
__std_terminate
_purecall
__std_exception_copy
api-ms-win-crt-heap-l1-1-0
realloc
free
_callnewh
malloc
_set_new_mode
api-ms-win-crt-math-l1-1-0
exp
floor
fmod
atan2f
fmodf
tan
log
log10
sqrtf
pow
powf
frexp
atan2
asin
acosf
cosf
cos
acos
ceilf
__setusermatherr
llround
ceil
sin
sinf
ldexp
sqrt
roundf
_dsign
api-ms-win-crt-string-l1-1-0
isspace
strncpy
_stricmp
strpbrk
toupper
strcoll
isxdigit
islower
strncmp
isgraph
isupper
isdigit
strspn
tolower
isalnum
isblank
isalpha
iscntrl
strcmp
ispunct
api-ms-win-crt-runtime-l1-1-0
strerror
_invalid_parameter_noinfo_noreturn
_errno
_beginthreadex
abort
exit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
perror
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__p___argv
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
system
__p___argc
api-ms-win-crt-stdio-l1-1-0
fgetc
fgetpos
ferror
fopen
__p__commode
fsetpos
__stdio_common_vsscanf
__acrt_iob_func
fputc
fflush
_wfopen
fclose
getc
__stdio_common_vfprintf
freopen
feof
fread
fseek
fwrite
fgets
ftell
clearerr
tmpnam
_set_fmode
_pclose
tmpfile
setvbuf
_popen
ungetc
_get_stream_buffer_pointers
__stdio_common_vsprintf
_ftelli64
_fseeki64
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
setlocale
localeconv
___lc_codepage_func
api-ms-win-crt-time-l1-1-0
_gmtime64
strftime
_difftime64
_mktime64
_localtime64
clock
_time64
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-convert-l1-1-0
strtoull
atof
strtod
strtoll
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
rename
remove
api-ms-win-crt-utility-l1-1-0
qsort
rand
Sections
.text Size: 797KB - Virtual size: 797KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 181KB - Virtual size: 180KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 303KB - Virtual size: 309KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Loader/newshat/Mapper/map.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 21KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 21KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 3KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 274B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 159B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 5.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
-
Loader/newshat/lua.dll.dll windows:5 windows x64 arch:x64
779703c2d47ce86829a9221b077786f6
Code Sign
01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before19/09/2018, 00:00Not After28/01/2028, 12:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before28/07/2020, 00:00Not After18/03/2029, 00:00SubjectCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:38:81:1f:dd:43:0a:77:db:5b:3c:c2Certificate
IssuerCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BENot Before13/04/2021, 18:52Not After04/07/2022, 16:21SubjectSERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before28/07/2020, 00:00Not After28/07/2030, 00:00SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before27/05/2021, 09:55Not After28/06/2032, 09:55SubjectCN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before20/02/2019, 00:00Not After18/03/2029, 10:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:21:58:53:08:a2Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before18/03/2009, 10:00Not After18/03/2029, 10:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before19/09/2018, 00:00Not After28/01/2028, 12:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before28/07/2020, 00:00Not After18/03/2029, 00:00SubjectCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:38:81:1f:dd:43:0a:77:db:5b:3c:c2Certificate
IssuerCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BENot Before13/04/2021, 18:52Not After04/07/2022, 16:21SubjectSERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before28/07/2020, 00:00Not After28/07/2030, 00:00SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before27/05/2021, 09:55Not After28/06/2032, 09:55SubjectCN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before20/02/2019, 00:00Not After18/03/2029, 10:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:21:58:53:08:a2Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before18/03/2009, 10:00Not After18/03/2029, 10:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
81:24:f5:6e:29:14:f8:4e:f1:41:77:d6:d5:6f:d1:de:1e:6f:c9:aa:eb:80:59:e4:25:e8:0a:a4:2e:7e:d4:28Signer
Actual PE Digest81:24:f5:6e:29:14:f8:4e:f1:41:77:d6:d5:6f:d1:de:1e:6f:c9:aa:eb:80:59:e4:25:e8:0a:a4:2e:7e:d4:28Digest Algorithmsha256PE Digest Matchestrue63:38:84:cf:4a:92:39:93:31:3d:d1:94:0f:fe:b6:98:63:14:7b:89Signer
Actual PE Digest63:38:84:cf:4a:92:39:93:31:3d:d1:94:0f:fe:b6:98:63:14:7b:89Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\git\cheat-engine\Cheat Engine\bin\lua53-64.pdb
Imports
kernel32
GetModuleFileNameA
LoadLibraryExA
GetLastError
GetProcAddress
FreeLibrary
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlPcToFileHeader
CloseHandle
DuplicateHandle
CreateProcessA
GetTempPathW
ReadFile
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetACP
ReadConsoleW
WaitForSingleObject
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
CreateFileW
SetFilePointerEx
GetStringTypeW
DeleteFileW
GetTimeZoneInformation
MoveFileExW
GetCPInfo
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
WriteConsoleW
HeapSize
SetEndOfFile
RtlUnwind
Exports
Exports
?luaL_buffinit@@YAXPEAUlua_State@@PEAUluaL_Buffer@@@Z
?luaL_openlib@@YAXPEAUlua_State@@PEBDPEBUluaL_Reg@@H@Z
?luaL_pushmodule@@YAXPEAUlua_State@@PEBDH@Z
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinitsize
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_checkversion_
luaL_error
luaL_execresult
luaL_fileresult
luaL_getmetafield
luaL_getsubtable
luaL_gsub
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffsize
luaL_pushresult
luaL_pushresultsize
luaL_ref
luaL_requiref
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_tolstring
luaL_traceback
luaL_unref
luaL_where
lua_absindex
lua_arith
lua_atpanic
lua_callk
lua_checkstack
lua_close
lua_compare
lua_concat
lua_copy
lua_createtable
lua_dump
lua_error
lua_gc
lua_getallocf
lua_getfield
lua_getglobal
lua_gethook
lua_gethookcount
lua_gethookmask
lua_geti
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_getuservalue
lua_iscfunction
lua_isinteger
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_len
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawgetp
lua_rawlen
lua_rawset
lua_rawseti
lua_rawsetp
lua_resume
lua_rotate
lua_setallocf
lua_setfield
lua_setglobal
lua_sethook
lua_seti
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_setuservalue
lua_status
lua_stringtonumber
lua_toboolean
lua_tocfunction
lua_tointegerx
lua_tolstring
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yieldk
luaopen_base
luaopen_bit32
luaopen_coroutine
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table
luaopen_utf8
Sections
.text Size: 374KB - Virtual size: 374KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Loader/newshat/orbit/configs/dont_del.txt
-
Loader/newshat/orbit/logs/01.txt
-
Loader/newshat/orbit/logs/02.txt
-
Loader/newshat/readme.txt