693d17d65f30a823baf8b77fb2101f0e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

693d17d65f30a823baf8b77fb2101f0e_JaffaCakes118
Size

552KB
MD5

693d17d65f30a823baf8b77fb2101f0e
SHA1

4d60fca21466766ac4240fb25b1429eeb9a32417
SHA256

8fe71fbb3d8e60f42a4199c7c667c61bfcfe3bdaece1fb6b92f5aec85313359d
SHA512

b883be75f79a8227f81dd1c43a8c54049af65042b8194d30f0d6a61f2e0e0ffc2ee04b17f94350275b1bf79ef4327e69cf622b19c80c2e9a2f969429e66ffeed
SSDEEP

12288:loHQrL+svSJwZVff7i3CDRE+Ai8WUPQugh+I9gG1RF9XvCnJ1wQqs8Lm8:lcML/v3ZNf7i3CYg4G1M+28

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/《刺客信条：枭雄》PC版全版本通用破解补丁/Crack/uplay_r1_loader64.dll	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/《刺客信条：枭雄》PC版全版本通用破解补丁/Crack/uplay_r1_loader64.dll

Files

693d17d65f30a823baf8b77fb2101f0e_JaffaCakes118
.rar
《刺客信条：枭雄》PC版全版本通用破解补丁/Crack/bink2w64.dll
.dll windows:5 windows x64 arch:x64

4bbdfe827c9eb3462b4ff4b1bfeb1717

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1a:24:12:05:89:01:d5:97:1a:e6:57:24:bc:38:44:e5
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

07-07-2015 00:00

Not After

15-07-2016 23:59

Subject

CN=UBISOFT ENTERTAINMENT INC.,O=UBISOFT ENTERTAINMENT INC.,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\bink\build\bink2w64.pdb

Imports

user32

GetWindow
ChangeDisplaySettingsA
IsWindowVisible
GetSystemMetrics
GetCursorPos
DefWindowProcA
ReleaseDC
PeekMessageA
CreateWindowExA
UnregisterClassA
ShowCursor
GetDC
BeginPaint
GetClassLongPtrA
GetClientRect
IsIconic
GetWindowLongPtrA
GetTopWindow
GetWindowLongA
GetDesktopWindow
GetActiveWindow
GetWindowThreadProcessId
RegisterClassA
EndPaint
ClientToScreen
DestroyWindow
SetCursor
ScreenToClient
GetWindowRect

gdi32

CreateDIBSection
GetDeviceCaps
StretchBlt
GetDIBits
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
GetPixel
DeleteDC

kernel32

GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
RtlUnwindEx
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
LocalAlloc
WriteFile
ResumeThread
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
Sleep
GetSystemInfo
GetCurrentProcessId
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetEnvironmentVariableA
QueryPerformanceFrequency
CreateFileA
SetFilePointer
ReadFile
CloseHandle
HeapAlloc
HeapFree
HeapCreate
SetUnhandledExceptionFilter
WaitForSingleObject
GetCurrentThread
InitializeCriticalSection
LeaveCriticalSection
CreateSemaphoreA
SetThreadPriority
ReleaseSemaphore
RaiseException
EnterCriticalSection
OpenThread
GetThreadPriority
CreateMutexA
DeleteCriticalSection
GetCurrentThreadId
SetThreadAffinityMask
ReleaseMutex
CreateThread
HeapDestroy
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetModuleHandleW
FlsAlloc
GetLastError
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError

winmm

waveOutPrepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutSetVolume
waveOutReset
waveOutRestart
waveOutPause
waveOutWrite
waveOutClose
timeGetTime
timeEndPeriod
timeBeginPeriod

ole32

CoInitializeEx
CoCreateInstance

Exports

Exports

BinkBufferBlit
BinkBufferCheckWinPos
BinkBufferClear
BinkBufferClose
BinkBufferGetDescription
BinkBufferGetError
BinkBufferLock
BinkBufferOpen
BinkBufferSetDirectDraw
BinkBufferSetHWND
BinkBufferSetOffset
BinkBufferSetResolution
BinkBufferSetScale
BinkBufferUnlock
BinkCheckCursor
BinkClose
BinkCloseTrack
BinkControlBackgroundIO
BinkControlPlatformFeatures
BinkCopyToBuffer
BinkCopyToBufferRect
BinkDDSurfaceType
BinkDX9SurfaceType
BinkDoFrame
BinkDoFrameAsync
BinkDoFrameAsyncMulti
BinkDoFrameAsyncWait
BinkDoFramePlane
BinkFreeGlobals
BinkGetError
BinkGetFrameBuffersInfo
BinkGetGPUDataBuffersInfo
BinkGetKeyFrame
BinkGetPalette
BinkGetPlatformInfo
BinkGetRealtime
BinkGetRects
BinkGetSummary
BinkGetTrackData
BinkGetTrackID
BinkGetTrackMaxSize
BinkGetTrackType
BinkGoto
BinkIsSoftwareCursor
BinkLogoAddress
BinkNextFrame
BinkOpen
BinkOpenDirectSound
BinkOpenMiles
BinkOpenTrack
BinkOpenWaveOut
BinkOpenWithOptions
BinkOpenXAudio2
BinkPause
BinkRegisterFrameBuffers
BinkRegisterGPUDataBuffers
BinkRequestStopAsyncThread
BinkRestoreCursor
BinkService
BinkSetError
BinkSetFileOffset
BinkSetFrameRate
BinkSetIO
BinkSetIOSize
BinkSetMemory
BinkSetOSFileCallbacks
BinkSetPan
BinkSetSimulate
BinkSetSoundOnOff
BinkSetSoundSystem
BinkSetSoundSystem2
BinkSetSoundTrack
BinkSetSpeakerVolumes
BinkSetVideoOnOff
BinkSetVolume
BinkSetWillLoop
BinkShouldSkip
BinkStartAsyncThread
BinkUseTelemetry
BinkUseTmLite
BinkWait
BinkWaitStopAsyncThread
RADTimerRead

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK16
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKP8
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
《刺客信条：枭雄》PC版全版本通用破解补丁/Crack/save3dmgames/saves.ini
《刺客信条：枭雄》PC版全版本通用破解补丁/Crack/uplay_r1_loader64.3dm
.dll windows:5 windows x64 arch:x64

d578b4a85fdc7e3909a9df8132eb4213

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1a:24:12:05:89:01:d5:97:1a:e6:57:24:bc:38:44:e5
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

07-07-2015 00:00

Not After

15-07-2016 23:59

Subject

CN=UBISOFT ENTERTAINMENT INC.,O=UBISOFT ENTERTAINMENT INC.,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins_BUILDS\builds\uplay-pc-client-10.0-installer-live\working_directory\RelWithDebInfo\uplay_r1_loader64.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
GetCurrentThreadId
GetLastError
HeapFree
FatalAppExitA
GetCPInfo
HeapAlloc
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
GetModuleHandleW
CreateSemaphoreW
IsProcessorFeaturePresent
GetDateFormatW
GetTimeFormatW
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetCurrentThread
IsDebuggerPresent
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
WriteFile
GetModuleFileNameW
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
CloseHandle
SetEnvironmentVariableA
LoadLibraryW
GetProcAddress
CompareStringW
FreeLibrary
SetErrorMode
GetFileSizeEx
SetEndOfFile
FindClose
GetFileTime
SetFileTime
GetTempFileNameW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
GetVolumePathNameW
InitializeCriticalSection
TryEnterCriticalSection
CreateMutexW
GetFullPathNameW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
FileTimeToSystemTime
GetDriveTypeW
GetFullPathNameA
ReadFile
ReadConsoleW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

Exports

Exports

UPLAY_ACH_EarnAchievement
UPLAY_ACH_GetAchievementImage
UPLAY_ACH_GetAchievements
UPLAY_ACH_ReleaseAchievementImage
UPLAY_ACH_ReleaseAchievementList
UPLAY_ACH_Write
UPLAY_AVATAR_Get
UPLAY_AVATAR_Release
UPLAY_CHAT_GetHistory
UPLAY_CHAT_Init
UPLAY_CHAT_ReleaseHistoryList
UPLAY_CHAT_SendMessage
UPLAY_CHAT_SetMessagesRead
UPLAY_FRIENDS_AddToBlackList
UPLAY_FRIENDS_DisableFriendMenuItem
UPLAY_FRIENDS_EnableFriendMenuItem
UPLAY_FRIENDS_GetFriendList
UPLAY_FRIENDS_Init
UPLAY_FRIENDS_InviteToGame
UPLAY_FRIENDS_IsBlackListed
UPLAY_FRIENDS_IsFriend
UPLAY_FRIENDS_RequestFriendship
UPLAY_FRIENDS_ShowFriendSelectionUI
UPLAY_GetLastError
UPLAY_GetNextEvent
UPLAY_GetOverlappedOperationResult
UPLAY_HasOverlappedOperationCompleted
UPLAY_INSTALLER_AreChunksInstalled
UPLAY_INSTALLER_GetChunkIdsFromTag
UPLAY_INSTALLER_GetChunks
UPLAY_INSTALLER_GetLanguageUtf8
UPLAY_INSTALLER_Init
UPLAY_INSTALLER_ReleaseChunkIdList
UPLAY_INSTALLER_UpdateInstallOrder
UPLAY_METADATA_ClearContinuousTag
UPLAY_METADATA_SetContinuousTag
UPLAY_METADATA_SetSingleEventTag
UPLAY_OVERLAY_SetShopUrl
UPLAY_OVERLAY_Show
UPLAY_OVERLAY_ShowShopUrl
UPLAY_PARTY_DisablePartyMemberMenuItem
UPLAY_PARTY_EnablePartyMemberMenuItem
UPLAY_PARTY_GetFullMemberList
UPLAY_PARTY_GetId
UPLAY_PARTY_GetInGameMemberList
UPLAY_PARTY_Init
UPLAY_PARTY_InvitePartyToGame
UPLAY_PARTY_InviteToParty
UPLAY_PARTY_IsInParty
UPLAY_PARTY_IsPartyLeader
UPLAY_PARTY_PromoteToLeader
UPLAY_PARTY_RespondToGameInvite
UPLAY_PARTY_SetGuest
UPLAY_PARTY_SetUserData
UPLAY_PARTY_ShowGameInviteOverlayUI
UPLAY_PeekNextEvent
UPLAY_Quit
UPLAY_SAVE_Close
UPLAY_SAVE_GetSavegames
UPLAY_SAVE_Open
UPLAY_SAVE_Read
UPLAY_SAVE_ReleaseGameList
UPLAY_SAVE_Remove
UPLAY_SAVE_SetName
UPLAY_SAVE_Write
UPLAY_SetLanguage
UPLAY_Start
UPLAY_USER_ClearGameSession
UPLAY_USER_ConsumeItem
UPLAY_USER_GetAccountIdUtf8
UPLAY_USER_GetCdKeyUtf8
UPLAY_USER_GetCdKeys
UPLAY_USER_GetConsumableItems
UPLAY_USER_GetEmailUtf8
UPLAY_USER_GetNameUtf8
UPLAY_USER_GetTicketUtf8
UPLAY_USER_IsConnected
UPLAY_USER_IsInOfflineMode
UPLAY_USER_IsOwned
UPLAY_USER_ReleaseCdKeyList
UPLAY_USER_ReleaseConsumeItemResult
UPLAY_USER_SetGameSession
UPLAY_Update
UPLAY_WIN_GetActions
UPLAY_WIN_GetRewards
UPLAY_WIN_GetUnitBalance
UPLAY_WIN_ReleaseActionList
UPLAY_WIN_ReleaseRewardList
UPLAY_WIN_SetActionsCompleted

Sections

.text
Size: 646KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
《刺客信条：枭雄》PC版全版本通用破解补丁/Crack/uplay_r1_loader64.dll
.dll windows:5 windows x64 arch:x64

058acc25c455e1ba53f3eb0cc3e2b078

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetModuleHandleW
VirtualFree
InitializeCriticalSection
Sleep
LeaveCriticalSection
SetThreadPriority
FlushInstructionCache
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualProtectEx
OpenThread
GetSystemInfo
GetThreadPriority
GetCurrentThreadId
VirtualQuery
GetCurrentProcessId
SuspendThread
ResumeThread
DisableThreadLibraryCalls
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetThreadContext
CloseHandle
GetCurrentThread
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcr100

??_U@YAPEAX_K@Z
sprintf
fopen
fwrite
fclose
??3@YAXPEAX@Z
fseek
ftell
fread
remove
strstr
atoi
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
wcsstr
malloc
free
printf
fflush
__iob_func
memmove
_wassert
_snprintf
memset
memcpy

Exports

Exports

Crack_By_3DMGAME
UPLAY_ACH_EarnAchievement
UPLAY_ACH_GetAchievementImage
UPLAY_ACH_GetAchievements
UPLAY_ACH_ReleaseAchievementImage
UPLAY_ACH_ReleaseAchievementList
UPLAY_ACH_Write
UPLAY_AVATAR_Get
UPLAY_AVATAR_GetAvatarIdForCurrentUser
UPLAY_AVATAR_GetBitmap
UPLAY_AVATAR_Release
UPLAY_CHAT_GetHistory
UPLAY_CHAT_Init
UPLAY_CHAT_ReleaseHistoryList
UPLAY_CHAT_SendMessage
UPLAY_CHAT_SetMessagesRead
UPLAY_ClearGameSession
UPLAY_FRIENDS_AddToBlackList
UPLAY_FRIENDS_DisableFriendMenuItem
UPLAY_FRIENDS_EnableFriendMenuItem
UPLAY_FRIENDS_GetFriendList
UPLAY_FRIENDS_Init
UPLAY_FRIENDS_InviteToGame
UPLAY_FRIENDS_IsBlackListed
UPLAY_FRIENDS_IsFriend
UPLAY_FRIENDS_RequestFriendship
UPLAY_FRIENDS_ShowFriendSelectionUI
UPLAY_GetInstallationError
UPLAY_GetLastError
UPLAY_GetNextEvent
UPLAY_GetOverlappedOperationResult
UPLAY_HasOverlappedOperationCompleted
UPLAY_INSTALLER_AreChunksInstalled
UPLAY_INSTALLER_GetChunkIdsFromTag
UPLAY_INSTALLER_GetChunks
UPLAY_INSTALLER_GetLanguageUtf8
UPLAY_INSTALLER_Init
UPLAY_INSTALLER_ReleaseChunkIdList
UPLAY_INSTALLER_UpdateInstallOrder
UPLAY_Init
UPLAY_METADATA_ClearContinuousTag
UPLAY_METADATA_SetContinuousTag
UPLAY_METADATA_SetSingleEventTag
UPLAY_OVERLAY_SetShopUrl
UPLAY_OVERLAY_Show
UPLAY_OVERLAY_ShowFacebookAuthentication
UPLAY_OVERLAY_ShowShopUrl
UPLAY_PARTY_DisablePartyMemberMenuItem
UPLAY_PARTY_EnablePartyMemberMenuItem
UPLAY_PARTY_GetFullMemberList
UPLAY_PARTY_GetId
UPLAY_PARTY_GetInGameMemberList
UPLAY_PARTY_Init
UPLAY_PARTY_InvitePartyToGame
UPLAY_PARTY_InviteToParty
UPLAY_PARTY_IsInParty
UPLAY_PARTY_IsPartyLeader
UPLAY_PARTY_PromoteToLeader
UPLAY_PARTY_RespondToGameInvite
UPLAY_PARTY_SetGuest
UPLAY_PARTY_SetUserData
UPLAY_PARTY_ShowGameInviteOverlayUI
UPLAY_PRESENCE_SetRichPresenceLine
UPLAY_PRESENCE_SetRichPresencePropertyInt32
UPLAY_PRESENCE_SetRichPresencePropertyString
UPLAY_PeekNextEvent
UPLAY_Quit
UPLAY_Release
UPLAY_SAVE_Close
UPLAY_SAVE_GetSavegames
UPLAY_SAVE_Open
UPLAY_SAVE_Read
UPLAY_SAVE_ReleaseGameList
UPLAY_SAVE_Remove
UPLAY_SAVE_SetName
UPLAY_SAVE_Write
UPLAY_SetGameSession
UPLAY_SetLanguage
UPLAY_SetLocale
UPLAY_Start
UPLAY_StartPlatform
UPLAY_Startup
UPLAY_USER_ClearGameSession
UPLAY_USER_ConsumeItem
UPLAY_USER_GetAccountId
UPLAY_USER_GetAccountIdUtf8
UPLAY_USER_GetCdKeyUtf8
UPLAY_USER_GetCdKeys
UPLAY_USER_GetConsumableItems
UPLAY_USER_GetCredentials
UPLAY_USER_GetEmail
UPLAY_USER_GetEmailUtf8
UPLAY_USER_GetNameUtf8
UPLAY_USER_GetPassword
UPLAY_USER_GetPasswordUtf8
UPLAY_USER_GetTicketUtf8
UPLAY_USER_GetUsername
UPLAY_USER_GetUsernameUtf8
UPLAY_USER_IsConnected
UPLAY_USER_IsInOfflineMode
UPLAY_USER_IsOwned
UPLAY_USER_ReleaseCdKeyList
UPLAY_USER_ReleaseConsumeItemResult
UPLAY_USER_SetGameSession
UPLAY_Update
UPLAY_WIN_GetActions
UPLAY_WIN_GetRewards
UPLAY_WIN_GetUnitBalance
UPLAY_WIN_RefreshActions
UPLAY_WIN_ReleaseActionList
UPLAY_WIN_ReleaseRewardList
UPLAY_WIN_SetActionsCompleted

Sections

.text
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
《刺客信条：枭雄》PC版全版本通用破解补丁/游戏大全.url
.url
《刺客信条：枭雄》PC版全版本通用破解补丁/游戏说明 .txt

Sharing

General

Malware Config

Signatures

Files

4bbdfe827c9eb3462b4ff4b1bfeb1717

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1a:24:12:05:89:01:d5:97:1a:e6:57:24:bc:38:44:e5Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

kernel32

winmm

ole32

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 271KB

BINK16 Size: 2KB - Virtual size: 2KB

BINK32 Size: 3KB - Virtual size: 2KB

BINKP8 Size: 3KB - Virtual size: 2KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 43KB - Virtual size: 69KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 2KB - Virtual size: 1KB

d578b4a85fdc7e3909a9df8132eb4213

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1a:24:12:05:89:01:d5:97:1a:e6:57:24:bc:38:44:e5Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 646KB - Virtual size: 645KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 15KB - Virtual size: 27KB

.pdata Size: 33KB - Virtual size: 33KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 6KB

058acc25c455e1ba53f3eb0cc3e2b078

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1a:24:12:05:89:01:d5:97:1a:e6:57:24:bc:38:44:e5
Certificate

.text
Size: 272KB - Virtual size: 271KB

BINK16
Size: 2KB - Virtual size: 2KB

BINK32
Size: 3KB - Virtual size: 2KB

BINKP8
Size: 3KB - Virtual size: 2KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 43KB - Virtual size: 69KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1a:24:12:05:89:01:d5:97:1a:e6:57:24:bc:38:44:e5
Certificate

.text
Size: 646KB - Virtual size: 645KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 15KB - Virtual size: 27KB

.pdata
Size: 33KB - Virtual size: 33KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: - Virtual size: 65KB

.rdata
Size: - Virtual size: 21KB

.data
Size: - Virtual size: 182KB

.pdata
Size: - Virtual size: 972B

.rsrc
Size: 512B - Virtual size: 436B

.vmp0
Size: - Virtual size: 2KB

.vmp1
Size: - Virtual size: 47KB

.vmp2
Size: 134KB - Virtual size: 133KB

.reloc
Size: 512B - Virtual size: 24B