8496755a9037dd04462254dc704c8cc7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8496755a9037dd04462254dc704c8cc7_JaffaCakes118
Size

5.9MB
MD5

8496755a9037dd04462254dc704c8cc7
SHA1

3b2707b699b5c3d6197e0c6892b1163fea29133e
SHA256

baed23928457411007bcbd47afd1b7010363f628408120377f0fde96842948bf
SHA512

aaef433bc298558e551ed62df360826d628083a8544e601ee3cfd24b30aaa627a43d5636935f18224ec6e275d48802c3087a70a0ea70b5ebebb0a891ec2ee1de
SSDEEP

98304:ypBUq2B5q7s23Fjk8t1T51SYXjbjv9M8aDFAxx7ue194DqNU20Pawy7ttQwP+/uP:ypKq2yP1I8zT5BjbjlM8mcx7uC9BNqSv

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HKShip.exe
unpack001/Launcher.exe
unpack001/buddha.dll
unpack001/steam_api.dll
unpack001/steamclient.dll

Files

8496755a9037dd04462254dc704c8cc7_JaffaCakes118
.rar
13EFB7EA.dat
1E6323E1.dat
2EE3FEA1.dat
3E97A062.dat
576E446C.dat
5AE2D067.dat
613E5E9C.dat
67EE992C.dat
779AC7EF.dat
81F578F0.dat
849D8C70.dat
8C79ECFB.dat
9号下载说明.txt
AC8D6F78.dat
B41D5130.dat
BA29F60B.dat
BCF931BB.dat
C8F81F7D.dat
CD90EBFD.dat
D500D5B5.dat
E58008F5.dat
F3249186.dat
FD1036BD.dat
HKShip.exe
.exe windows:5 windows x86 arch:x86

fc7e043aed73a5a8c8cdfc74f73b793f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ufg\madscience\project\builds\hk_pc\dev\build\Project\int\HK-PC-Ship\HKShip.pdb

Imports

d3d11

D3D11CreateDevice

dinput8

DirectInput8Create

dxgi

CreateDXGIFactory1

xinput1_3

ord3
ord2
ord4

d3dcompiler_43

D3DReflect

binkw32

_BinkOpenDirectSound@4
_BinkSetIOSize@4
_BinkRegisterFrameBuffers@8
_BinkPause@8
_BinkNextFrame@4
_BinkShouldSkip@4
_BinkWait@4
_BinkDoFrame@4
_BinkSetVolume@12
_BinkGoto@12
_BinkClose@4
_BinkControlBackgroundIO@8
_BinkGetRealtime@12
_BinkGetFrameBuffersInfo@8
_BinkGetError@0
_BinkOpen@8
_BinkSetSoundSystem@8

steam_api

SteamAPI_RegisterCallback
SteamClient
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamApps
SteamAPI_RunCallbacks
SteamAPI_Init
SteamAPI_Shutdown
SteamUserStats
SteamAPI_UnregisterCallback
SteamUser
SteamFriends
SteamUtils
SteamAPI_IsSteamRunning
SteamAPI_SetMiniDumpComment
SteamAPI_WriteMiniDump
SteamAPI_RestartAppIfNecessary

advapi32

CryptReleaseContext
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
CryptGenRandom
CryptAcquireContextA
RegQueryValueExW
RegCloseKey

kernel32

CompareStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
UnhandledExceptionFilter
GetStartupInfoA
FindFirstFileW
GetDriveTypeW
RtlUnwind
GetThreadPriority
ExitThread
WaitForMultipleObjectsEx
SleepEx
CreateEventW
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
DebugBreak
HeapReAlloc
LCMapStringA
LCMapStringW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
SetEndOfFile
CompareStringA
HeapAlloc
CloseHandle
GetFileInformationByHandleEx
HeapFree
CreateFileW
GetTickCount
GetFileInformationByHandle
lstrlenW
GetStartupInfoW
CreateSemaphoreA
GetCurrentProcessId
GetModuleHandleA
GetLastError
ReleaseSemaphore
OpenFileById
GetTimeZoneInformation
GetProcessHeap
lstrcmpiW
FileTimeToSystemTime
ExitProcess
UnmapViewOfFile
HeapSize
SetLastError
CreateFileA
InterlockedExchange
GetFullPathNameW
GetConsoleWindow
SizeofResource
GetSystemTime
WriteFile
VirtualQuery
GetCurrentDirectoryW
CreateEventA
GetFullPathNameA
GetComputerNameA
SetEvent
CreateFileMappingA
GetCurrentThreadId
MapViewOfFile
GetModuleHandleExA
RemoveVectoredExceptionHandler
InterlockedCompareExchange
AddVectoredExceptionHandler
SetEnvironmentVariableA
GetProcAddress
GetSystemTimeAsFileTime
GetModuleFileNameA
FindResourceW
GetEnvironmentStringsW
GetCommandLineW
LockResource
WaitForSingleObject
InterlockedExchangeAdd
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
InitializeCriticalSection
LoadLibraryA
DeleteCriticalSection
SetErrorMode
QueryPerformanceCounter
QueryPerformanceFrequency
TlsGetValue
SetThreadPriority
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalMemoryStatusEx
GetVersionExA
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ResetEvent
WaitForMultipleObjects
SetThreadIdealProcessor
CreateThread
TerminateThread
GetExitCodeThread
SetThreadContext
GetThreadContext
GetCurrentThread
Sleep
ReadFile
CreateDirectoryA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetFileAttributesExA
FileTimeToLocalFileTime
SetFileTime
LocalFileTimeToFileTime
SetFileAttributesA
DeleteFileA
MoveFileA
SetFilePointer
GetFileSize
FlushFileBuffers
GetCurrentDirectoryA
SetCurrentDirectoryA
IsDebuggerPresent
SystemTimeToFileTime
GetLocalTime
VirtualAlloc
VirtualFree
VirtualProtect
LocalAlloc
GetStdHandle
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
TerminateProcess
ResumeThread
GetSystemInfo
CreateMutexA
ReleaseMutex
SetThreadAffinityMask
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
InterlockedIncrement
InterlockedDecrement
GetGeoInfoA
GetCommandLineA
TlsAlloc
TlsFree
TlsSetValue
FreeLibrary
RaiseException
GetFileAttributesA
GetModuleHandleW
GetSystemDirectoryW
OpenFileMappingA
GetModuleFileNameW
GetWindowsDirectoryW
HeapCreate
HeapDestroy
OpenEventA
LoadResource

gdi32

DeleteDC
ExtEscape
CreateDCA

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2

oleaut32

SysAllocString
SysFreeString

psapi

GetModuleFileNameExA

shlwapi

SHRegGetUSValueA

user32

GetForegroundWindow
GetWindowLongW
UnhookWindowsHookEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
SetWindowLongW
GetRawInputData
MessageBoxA
ToUnicodeEx
EnumDisplayDevicesA
DefWindowProcA
PostQuitMessage
GetClientRect
ShowWindow
CreateWindowExA
AdjustWindowRectEx
SetRect
RegisterClassExA
LoadCursorA
LoadIconA
MoveWindow
GetWindowRect
DispatchMessageA
TranslateMessage
PeekMessageA
GetKeyState
MapVirtualKeyA
GetAsyncKeyState
ShowCursor
ClipCursor
ClientToScreen
GetCursorInfo
RegisterRawInputDevices
ReleaseCapture
SetCapture
SetCursorPos
GetWindowInfo
TrackMouseEvent
CallWindowProcW
GetKeyboardLayout
CallNextHookEx
SetWindowsHookExA

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime
timeGetDevCaps

wsock32

setsockopt
socket
ioctlsocket
send
shutdown
gethostbyname
bind
inet_addr
htons
WSAAsyncSelect
select
ntohs
__WSAFDIsSet
gethostname
connect
closesocket
recv
WSAGetLastError
inet_ntoa
WSAStartup
WSACleanup
htonl
getsockname
listen
ntohl
accept

iphlpapi

GetAdaptersInfo

ws2_32

WSARecv
WSASend
WSAAccept
WSASocketA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetGetConnectedState

crypt32

CertCloseStore
CertOpenSystemStoreA
CertEnumCertificatesInStore
CertGetNameStringA

Exports

Exports

??1CAkRegisteredObj@@QAE@XZ
?AddBehavioralExtension@SoundEngine@AK@@YA?AW4AKRESULT@@P6AX_N@Z@Z
?AddLanguageChangeObserver@StreamMgr@AK@@YA?AW4AKRESULT@@P6AXQB_WPAX@Z1@Z
?AddPlayerMotionDevice@MotionEngine@AK@@YA?AW4AKRESULT@@EKKPAX@Z
?Break@DynamicSequence@SoundEngine@AK@@YA?AW4AKRESULT@@K@Z
?BypassEnvironment@SoundEngine@AK@@YA?AW4AKRESULT@@K_N@Z
?CancelBankCallbackCookie@SoundEngine@AK@@YAXPAX@Z
?CancelEventCallback@SoundEngine@AK@@YAXK@Z
?CancelEventCallbackCookie@SoundEngine@AK@@YAXPAX@Z
?CheckPoolId@MemoryMgr@AK@@YA?AW4AKRESULT@@J@Z
?ClearBanks@SoundEngine@AK@@YA?AW4AKRESULT@@XZ
?ClearPreparedEvents@SoundEngine@AK@@YA?AW4AKRESULT@@XZ
?Close@DynamicSequence@SoundEngine@AK@@YA?AW4AKRESULT@@K@Z
?Create@StreamMgr@AK@@YAPAVIAkStreamMgr@2@ABUAkStreamMgrSettings@@@Z
?CreateDevice@StreamMgr@AK@@YAKABUAkDeviceSettings@@PAVIAkLowLevelIOHook@12@@Z
?CreatePool@MemoryMgr@AK@@YAJPAXKKKK@Z
?DestroyDevice@StreamMgr@AK@@YA?AW4AKRESULT@@K@Z
?DestroyPool@MemoryMgr@AK@@YA?AW4AKRESULT@@J@Z
?ExecuteActionOnEvent@SoundEngine@AK@@YA?AW4AKRESULT@@KW4AkActionOnEventType@12@IJW4AkCurveInterpolation@@K@Z
?ExecuteActionOnEvent@SoundEngine@AK@@YA?AW4AKRESULT@@PBDW4AkActionOnEventType@12@IJW4AkCurveInterpolation@@K@Z
?ExecuteActionOnEvent@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WW4AkActionOnEventType@12@IJW4AkCurveInterpolation@@K@Z
?Falign@MemoryMgr@AK@@YA?AW4AKRESULT@@JPAX@Z
?Free@MemoryMgr@AK@@YA?AW4AKRESULT@@JPAX@Z
?GetActiveGameObjects@Query@SoundEngine@AK@@YA?AW4AKRESULT@@AAV?$AkArray@IIUArrayPoolDefault@@$0CA@@@@Z
?GetActiveListeners@Query@SoundEngine@AK@@YA?AW4AKRESULT@@IAAK@Z
?GetBlock@MemoryMgr@AK@@YAPAXJ@Z
?GetBlockSize@MemoryMgr@AK@@YAKJ@Z
?GetCurrentLanguage@StreamMgr@AK@@YAPB_WXZ
?GetDefaultDeviceSettings@StreamMgr@AK@@YAXAAUAkDeviceSettings@@@Z
?GetDefaultInitSettings@MusicEngine@AK@@YAXAAUAkMusicSettings@@@Z
?GetDefaultInitSettings@SoundEngine@AK@@YAXAAUAkInitSettings@@@Z
?GetDefaultPlatformInitSettings@SoundEngine@AK@@YAXAAUAkPlatformInitSettings@@@Z
?GetDefaultSettings@StreamMgr@AK@@YAXAAUAkStreamMgrSettings@@@Z
?GetEnvironmentBypass@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KAA_N@Z
?GetEnvironmentVolume@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KAAM@Z
?GetEnvironmentVolumes@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KAAUAkSpeakerVolumes@@@Z
?GetEventIDFromPlayingID@Query@SoundEngine@AK@@YAKK@Z
?GetFileLocationResolver@StreamMgr@AK@@YAPAVIAkFileLocationResolver@12@XZ
?GetGameObjectDryLevelValue@Query@SoundEngine@AK@@YA?AW4AKRESULT@@IAAM@Z
?GetGameObjectEnvironmentsValues@Query@SoundEngine@AK@@YA?AW4AKRESULT@@IPAUAkEnvironmentValue@@AAK@Z
?GetGameObjectFromPlayingID@Query@SoundEngine@AK@@YAIK@Z
?GetIDFromString@SoundEngine@AK@@YAKPBD@Z
?GetIDFromString@SoundEngine@AK@@YAKPB_W@Z
?GetIsGameObjectActive@Query@SoundEngine@AK@@YA_NI@Z
?GetListenerPosition@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KAAUAkListenerPosition@@@Z
?GetListenerSpatialization@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KAA_NAAUAkSpeakerVolumes@@@Z
?GetMaxPools@MemoryMgr@AK@@YAJXZ
?GetMaxRadius@Query@SoundEngine@AK@@YA?AW4AKRESULT@@AAV?$AkArray@UGameObjDst@Query@SoundEngine@AK@@ABU1234@UArrayPoolDefault@@$0CA@@@@Z
?GetMaxRadius@Query@SoundEngine@AK@@YAMI@Z
?GetNumPools@MemoryMgr@AK@@YAJXZ
?GetObjAndAddref@CAkRegistryMgr@@QAEPAVCAkRegisteredObj@@I@Z
?GetObjectObstructionAndOcclusion@Query@SoundEngine@AK@@YA?AW4AKRESULT@@IKAAM0@Z
?GetPanningRule@SoundEngine@AK@@YA?AW4AkPanningRule@@XZ
?GetPlayingIDsFromGameObject@Query@SoundEngine@AK@@YA?AW4AKRESULT@@IAAKPAK@Z
?GetPlayingSegmentInfo@MusicEngine@AK@@YA?AW4AKRESULT@@KAAUAkSegmentInfo@@_N@Z
?GetPoolAttributes@MemoryMgr@AK@@YA?AW4AkMemPoolAttributes@@J@Z
?GetPoolID@StreamMgr@AK@@YAJXZ
?GetPoolMemoryUsed@MemoryMgr@AK@@YAXJAAUPoolMemInfo@12@@Z
?GetPoolName@MemoryMgr@AK@@YAPA_WJ@Z
?GetPoolStats@MemoryMgr@AK@@YA?AW4AKRESULT@@JAAUPoolStats@12@@Z
?GetPosition@Query@SoundEngine@AK@@YA?AW4AKRESULT@@IAAUAkSoundPosition@@@Z
?GetPositioningInfo@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KAAUAkPositioningInfo@@@Z
?GetRTPCValue@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KIAAMAAW4RTPCValue_type@123@@Z
?GetRTPCValue@Query@SoundEngine@AK@@YA?AW4AKRESULT@@PBDIAAMAAW4RTPCValue_type@123@@Z
?GetRTPCValue@Query@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WIAAMAAW4RTPCValue_type@123@@Z
?GetSourcePlayPosition@SoundEngine@AK@@YA?AW4AKRESULT@@KPAJ_N@Z
?GetSpeakerConfiguration@SoundEngine@AK@@YAKXZ
?GetState@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KAAK@Z
?GetState@Query@SoundEngine@AK@@YA?AW4AKRESULT@@PBDAAK@Z
?GetState@Query@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WAAK@Z
?GetSwitch@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KIAAK@Z
?GetSwitch@Query@SoundEngine@AK@@YA?AW4AKRESULT@@PBDIAAK@Z
?GetSwitch@Query@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WIAAK@Z
?GetTimeStamp@Monitor@AK@@YAJXZ
?Init@MusicEngine@AK@@YA?AW4AKRESULT@@PAUAkMusicSettings@@@Z
?Init@SoundEngine@AK@@YA?AW4AKRESULT@@PAUAkInitSettings@@PAUAkPlatformInitSettings@@@Z
?IsInitialized@MemoryMgr@AK@@YA_NXZ
?IsInitialized@SoundEngine@AK@@YA_NXZ
?LoadBank@SoundEngine@AK@@YA?AW4AKRESULT@@KJ@Z
?LoadBank@SoundEngine@AK@@YA?AW4AKRESULT@@KP6AXKW43@JPAX@Z1J@Z
?LoadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PBDJAAK@Z
?LoadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PBDP6AXKW43@JPAX@Z2JAAK@Z
?LoadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PBXKAAK@Z
?LoadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PBXKP6AXKW43@JPAX@Z2AAK@Z
?LoadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WJAAK@Z
?LoadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WP6AXKW43@JPAX@Z2JAAK@Z
?LockPlaylist@DynamicSequence@SoundEngine@AK@@YAPAVPlaylist@123@K@Z
?Malign@MemoryMgr@AK@@YAPAXJIK@Z
?Malloc@MemoryMgr@AK@@YAPAXJI@Z
?Open@DynamicSequence@SoundEngine@AK@@YAKIKP6AXW4AkCallbackType@@PAUAkCallbackInfo@@@ZPAXW4DynamicSequenceType@123@@Z
?Pause@DynamicSequence@SoundEngine@AK@@YA?AW4AKRESULT@@KJW4AkCurveInterpolation@@@Z
?Play@DynamicSequence@SoundEngine@AK@@YA?AW4AKRESULT@@KJW4AkCurveInterpolation@@@Z
?PlaySourcePlugin@SoundEngine@AK@@YAKKKI@Z
?PostCode@Monitor@AK@@YA?AW4AKRESULT@@W4ErrorCode@12@W4ErrorLevel@12@@Z
?PostEvent@SoundEngine@AK@@YAKKIKP6AXW4AkCallbackType@@PAUAkCallbackInfo@@@ZPAXKPAUAkExternalSourceInfo@@K@Z
?PostEvent@SoundEngine@AK@@YAKPBDIKP6AXW4AkCallbackType@@PAUAkCallbackInfo@@@ZPAXKPAUAkExternalSourceInfo@@K@Z
?PostEvent@SoundEngine@AK@@YAKPB_WIKP6AXW4AkCallbackType@@PAUAkCallbackInfo@@@ZPAXKPAUAkExternalSourceInfo@@K@Z
?PostString@Monitor@AK@@YA?AW4AKRESULT@@PBDW4ErrorLevel@12@@Z
?PostString@Monitor@AK@@YA?AW4AKRESULT@@PB_WW4ErrorLevel@12@@Z
?PostTrigger@SoundEngine@AK@@YA?AW4AKRESULT@@KI@Z
?PostTrigger@SoundEngine@AK@@YA?AW4AKRESULT@@PBDI@Z
?PostTrigger@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WI@Z
?PrepareBank@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@KP6AXKW43@JPAX@Z2W4AkBankContent@12@@Z
?PrepareBank@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@KW4AkBankContent@12@@Z
?PrepareBank@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PBDP6AXKW43@JPAX@Z3W4AkBankContent@12@@Z
?PrepareBank@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PBDW4AkBankContent@12@@Z
?PrepareBank@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PB_WP6AXKW43@JPAX@Z3W4AkBankContent@12@@Z
?PrepareBank@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PB_WW4AkBankContent@12@@Z
?PrepareEvent@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PAKK@Z
?PrepareEvent@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PAKKP6AXKW43@JPAX@Z3@Z
?PrepareEvent@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PAPBDK@Z
?PrepareEvent@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PAPBDKP6AXKW43@JPAX@Z3@Z
?PrepareEvent@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PAPB_WK@Z
?PrepareEvent@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@PAPB_WKP6AXKW43@JPAX@Z3@Z
?PrepareGameSyncs@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@W4AkGroupType@@KPAKK@Z
?PrepareGameSyncs@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@W4AkGroupType@@KPAKKP6AXKW43@JPAX@Z4@Z
?PrepareGameSyncs@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@W4AkGroupType@@PBDPAPBDK@Z
?PrepareGameSyncs@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@W4AkGroupType@@PBDPAPBDKP6AXKW43@JPAX@Z5@Z
?PrepareGameSyncs@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@W4AkGroupType@@PB_WPAPB_WK@Z
?PrepareGameSyncs@SoundEngine@AK@@YA?AW4AKRESULT@@W4PreparationType@12@W4AkGroupType@@PB_WPAPB_WKP6AXKW43@JPAX@Z5@Z
?QueryAudioObjectIDs@Query@SoundEngine@AK@@YA?AW4AKRESULT@@KAAKPAUAkObjectInfo@@@Z
?QueryAudioObjectIDs@Query@SoundEngine@AK@@YA?AW4AKRESULT@@PBDAAKPAUAkObjectInfo@@@Z
?QueryAudioObjectIDs@Query@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WAAKPAUAkObjectInfo@@@Z
?RegisterCodec@SoundEngine@AK@@YA?AW4AKRESULT@@KKP6APAVIAkSoftwareCodec@@PAX@Z1@Z
?RegisterGameObj@SoundEngine@AK@@YA?AW4AKRESULT@@I@Z
?RegisterGameObj@SoundEngine@AK@@YA?AW4AKRESULT@@IPBD@Z
?RegisterGlobalCallback@SoundEngine@AK@@YA?AW4AKRESULT@@P6AX_N@Z@Z
?RegisterMotionDevice@MotionEngine@AK@@YAXKKP6APAVIAkPlugin@2@PAVIAkPluginMemAlloc@2@@Z@Z
?RegisterPlugin@SoundEngine@AK@@YA?AW4AKRESULT@@W4AkPluginType@@KKP6APAVIAkPlugin@2@PAVIAkPluginMemAlloc@2@@ZP6APAVIAkPluginParam@2@1@Z@Z
?ReleaseBlock@MemoryMgr@AK@@YA?AW4AKRESULT@@JPAX@Z
?RemoveBehavioralExtension@SoundEngine@AK@@YA?AW4AKRESULT@@P6AX_N@Z@Z
?RemoveLanguageChangeObserver@StreamMgr@AK@@YAXPAX@Z
?RemovePlayerMotionDevice@MotionEngine@AK@@YAXEKK@Z
?RenderAudio@SoundEngine@AK@@YA?AW4AKRESULT@@XZ
?ResetRTPCValue@SoundEngine@AK@@YA?AW4AKRESULT@@KIJW4AkCurveInterpolation@@@Z
?ResetRTPCValue@SoundEngine@AK@@YA?AW4AKRESULT@@PBDIJW4AkCurveInterpolation@@@Z
?ResetRTPCValue@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WIJW4AkCurveInterpolation@@@Z
?ResolveDialogueEvent@DynamicDialogue@SoundEngine@AK@@YAKKPAKKK@Z
?ResolveDialogueEvent@DynamicDialogue@SoundEngine@AK@@YAKPBDPAPBDKK@Z
?ResolveDialogueEvent@DynamicDialogue@SoundEngine@AK@@YAKPB_WPAPB_WKK@Z
?Resume@DynamicSequence@SoundEngine@AK@@YA?AW4AKRESULT@@KJW4AkCurveInterpolation@@@Z
?SeekOnEvent@SoundEngine@AK@@YA?AW4AKRESULT@@KIJ_N@Z
?SeekOnEvent@SoundEngine@AK@@YA?AW4AKRESULT@@KIM_N@Z
?SeekOnEvent@SoundEngine@AK@@YA?AW4AKRESULT@@PBDIJ_N@Z
?SeekOnEvent@SoundEngine@AK@@YA?AW4AKRESULT@@PBDIM_N@Z
?SeekOnEvent@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WIJ_N@Z
?SeekOnEvent@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WIM_N@Z
?SetActiveListeners@SoundEngine@AK@@YA?AW4AKRESULT@@IK@Z
?SetAttenuationScalingFactor@SoundEngine@AK@@YA?AW4AKRESULT@@IM@Z
?SetBankLoadIOSettings@SoundEngine@AK@@YA?AW4AKRESULT@@MD@Z
?SetCurrentLanguage@StreamMgr@AK@@YA?AW4AKRESULT@@PB_W@Z
?SetEffect@SoundEngine@AK@@YA?AW4AKRESULT@@KKK@Z
?SetEnvironmentVolume@SoundEngine@AK@@YA?AW4AKRESULT@@KM@Z
?SetEnvironmentVolumes@SoundEngine@AK@@YA?AW4AKRESULT@@KABUAkSpeakerVolumes@@@Z
?SetFileLocationResolver@StreamMgr@AK@@YAXPAVIAkFileLocationResolver@12@@Z
?SetGameObjectDryLevelValue@SoundEngine@AK@@YA?AW4AKRESULT@@IM@Z
?SetGameObjectEnvironmentsValues@SoundEngine@AK@@YA?AW4AKRESULT@@IPAUAkEnvironmentValue@@K@Z
?SetListenerPipeline@SoundEngine@AK@@YA?AW4AKRESULT@@K_N0@Z
?SetListenerPosition@SoundEngine@AK@@YA?AW4AKRESULT@@ABUAkListenerPosition@@K@Z
?SetListenerScalingFactor@SoundEngine@AK@@YA?AW4AKRESULT@@KM@Z
?SetListenerSpatialization@SoundEngine@AK@@YA?AW4AKRESULT@@K_NPAUAkSpeakerVolumes@@@Z
?SetLocalOutput@Monitor@AK@@YA?AW4AKRESULT@@KP6AXW4ErrorCode@12@PB_WW4ErrorLevel@12@KI@Z@Z
?SetMaxNumVoicesLimit@SoundEngine@AK@@YA?AW4AKRESULT@@G@Z
?SetMonitoring@MemoryMgr@AK@@YA?AW4AKRESULT@@J_N@Z
?SetMultiplePositions@SoundEngine@AK@@YA?AW4AKRESULT@@IPBUAkSoundPosition@@GW4MultiPositionType@12@@Z
?SetObjectObstructionAndOcclusion@SoundEngine@AK@@YA?AW4AKRESULT@@IKMM@Z
?SetPanningRule@SoundEngine@AK@@YA?AW4AKRESULT@@W4AkPanningRule@@@Z
?SetPlayerListener@MotionEngine@AK@@YAXEE@Z
?SetPlayerVolume@MotionEngine@AK@@YAXEM@Z
?SetPoolName@MemoryMgr@AK@@YA?AW4AKRESULT@@JPBD@Z
?SetPoolName@MemoryMgr@AK@@YA?AW4AKRESULT@@JPB_W@Z
?SetPosition@SoundEngine@AK@@YA?AW4AKRESULT@@IABUAkSoundPosition@@K@Z
?SetPositionInternal@SoundEngine@AK@@YA?AW4AKRESULT@@IABUAkSoundPosition@@K@Z
?SetRTPCInternal@CAkRTPCMgr@@QAE?AW4AKRESULT@@KMPAVCAkRegisteredObj@@AAUTransParams@@W4AkValueMeaning@@@Z
?SetRTPCValue@SoundEngine@AK@@YA?AW4AKRESULT@@KMIJW4AkCurveInterpolation@@@Z
?SetRTPCValue@SoundEngine@AK@@YA?AW4AKRESULT@@PBDMIJW4AkCurveInterpolation@@@Z
?SetRTPCValue@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WMIJW4AkCurveInterpolation@@@Z
?SetState@SoundEngine@AK@@YA?AW4AKRESULT@@KK@Z
?SetState@SoundEngine@AK@@YA?AW4AKRESULT@@PBD0@Z
?SetState@SoundEngine@AK@@YA?AW4AKRESULT@@PB_W0@Z
?SetSwitch@SoundEngine@AK@@YA?AW4AKRESULT@@KKI@Z
?SetSwitch@SoundEngine@AK@@YA?AW4AKRESULT@@PBD0I@Z
?SetSwitch@SoundEngine@AK@@YA?AW4AKRESULT@@PB_W0I@Z
?SetVolumeThreshold@SoundEngine@AK@@YA?AW4AKRESULT@@M@Z
?StartOutputCapture@SoundEngine@AK@@YA?AW4AKRESULT@@PB_W@Z
?Stop@DynamicSequence@SoundEngine@AK@@YA?AW4AKRESULT@@KJW4AkCurveInterpolation@@@Z
?StopAll@SoundEngine@AK@@YAXI@Z
?StopOutputCapture@SoundEngine@AK@@YA?AW4AKRESULT@@XZ
?StopPlayingID@SoundEngine@AK@@YAXKJW4AkCurveInterpolation@@@Z
?StopSourcePlugin@SoundEngine@AK@@YA?AW4AKRESULT@@KKK@Z
?Term@MemoryMgr@AK@@YAXXZ
?Term@MusicEngine@AK@@YAXXZ
?Term@SoundEngine@AK@@YAXXZ
?UnloadBank@SoundEngine@AK@@YA?AW4AKRESULT@@KP6AXKW43@JPAX@Z1@Z
?UnloadBank@SoundEngine@AK@@YA?AW4AKRESULT@@KPAJ@Z
?UnloadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PBDP6AXKW43@JPAX@Z2@Z
?UnloadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PBDPAJ@Z
?UnloadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WP6AXKW43@JPAX@Z2@Z
?UnloadBank@SoundEngine@AK@@YA?AW4AKRESULT@@PB_WPAJ@Z
?UnlockPlaylist@DynamicSequence@SoundEngine@AK@@YA?AW4AKRESULT@@K@Z
?UnregisterAllGameObj@SoundEngine@AK@@YA?AW4AKRESULT@@XZ
?UnregisterGameObj@SoundEngine@AK@@YA?AW4AKRESULT@@I@Z
?UnregisterGlobalCallback@SoundEngine@AK@@YA?AW4AKRESULT@@P6AX_N@Z@Z
?g_DefaultPoolId@@3JA
?g_LEngineDefaultPoolId@@3JA
?g_pAssertHook@@3P6AXPBD0H@ZA
?g_pRTPCMgr@@3PAVCAkRTPCMgr@@A
?g_pRegistryMgr@@3PAVCAkRegistryMgr@@A
?m_pStreamMgr@IAkStreamMgr@AK@@1PAV12@A
MFortressDefaultResponseVariant_1_0x1e961a57_ResponseFnPtr_mfort6317_

Sections

.text
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 476KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crsig
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Launcher.exe
.exe windows:5 windows x86 arch:x86

a0f6b7fd1e12881011a9e71e7c042b4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
waveOutGetPosition
waveOutClose

kernel32

FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
FindResourceExW
LoadResource
SizeofResource
LockResource
WaitForSingleObject
CloseHandle
CreateThread
SetThreadPriority
HeapAlloc
HeapCreate
HeapDestroy
Sleep
CreateFileA
ReadFile
SetFilePointer
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
WriteFile
MultiByteToWideChar
GetStringTypeW
RtlUnwind
FindResourceA
EncodePointer
LCMapStringW
WideCharToMultiByte
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
GetLastError
HeapFree
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId

user32

wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetClientRect
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
UpdateWindow
ShowWindow
GetSystemMetrics
CreateWindowExW
RegisterClassExW
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW

gdi32

CreateFontW
CreateDIBSection

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LumaEmu.ini
ValveAPI.dll
.dll windows:4 windows x86 arch:x86

fd892ff33cc2f61d075e68b440622663

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25/11/2009, 00:00

Not After

23/11/2012, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:f2:41:c2:80:6d:9f:6e:a5:f7:d0:47:28:81:30:78:e5:c6:0a:86
Signer

Actual PE Digest

b0:f2:41:c2:80:6d:9f:6e:a5:f7:d0:47:28:81:30:78:e5:c6:0a:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildslave\steam_rel_client_win32\build\src\steam_api\Release\steam_api.pdb

Imports

kernel32

FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
GetExitCodeProcess
OpenProcess
OutputDebugStringA
SetEnvironmentVariableA
LoadLibraryExW
LoadLibraryExA
CloseHandle
GetProcAddress
SetEndOfFile
WriteConsoleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetVersionExA
GetProcessHeap
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetLocaleInfoA
InitializeCriticalSection
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
CompareStringA
CompareStringW
WriteConsoleA
GetConsoleOutputCP

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTTP
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamScreenshots
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
buddha.dll
.dll windows:4 windows x86 arch:x86

4d0ba8ad8dc0896d837e9c3bdbc9da2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AllocConsole
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

SKIDROW

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 585B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.skr0
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.skr1
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steam64.reg
steam86.reg
steam_api.dll
.dll windows:5 windows x86 arch:x86

4cbc5bad8e2065471cf55cdd5a6b9d49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetCurrentDirectoryA
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GetPrivateProfileStringA
GetPrivateProfileIntA
ExitProcess
GetLocalTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

user32

MessageBoxA
GetForegroundWindow

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

msvcr100

fgets
atoi
__CxxFrameHandler3
??2@YAPAXI@Z
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strstr
??3@YAXPAX@Z
memset
strlen
_vsnprintf
fopen
fprintf
fclose
strcpy
strcat
strcpy_s

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartApp
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTTP
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamScreenshots
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steam_appid.txt
steamclient.dll
.dll windows:5 windows x86 arch:x86

c73fbd2631c8cc9b438d87d1e95f7481

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
GetLocalTime
LoadLibraryA
CreatePipe
SetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryA
DuplicateHandle
GetProcAddress
GetCurrentProcessId
DeleteFileA
CreateThread
CreateDirectoryA
SetCurrentDirectoryA
TerminateProcess
InterlockedCompareExchange
GetSystemTimeAsFileTime
CreateEventA
GetPrivateProfileIntA
GetCurrentProcess
CloseHandle
ExitProcess
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
DecodePointer
EncodePointer
FlushInstructionCache
VirtualProtect
SetLastError
UnhandledExceptionFilter

user32

GetForegroundWindow
MessageBoxA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

wininet

DeleteUrlCacheEntryA
InternetCheckConnectionA

urlmon

URLDownloadToFileA

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_vsnprintf
??3@YAXPAX@Z
fgets
fclose
strcat_s
_filelength
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
memchr
fread
_fileno
fwrite
??2@YAPAXI@Z
memset
strcpy_s
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
atoi
isspace
sprintf_s
_stricmp
fprintf
memcpy
fopen
_ultoa
_CxxThrowException
strrchr
__CxxFrameHandler3

Exports

Exports

Breakpad_SetSteamID
Breakpad_SteamMiniDumpInit
Breakpad_SteamSetAppID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
OPENSSL_Applink
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
热血无赖win8补丁热血无赖win8修复补丁下载_v1.8_9号软件下载.url
.url
说明.txt

Sharing

General

Malware Config

Signatures

Files

fc7e043aed73a5a8c8cdfc74f73b793f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

dinput8

dxgi

xinput1_3

d3dcompiler_43

binkw32

steam_api

advapi32

kernel32

gdi32

ole32

oleaut32

psapi

shlwapi

user32

winmm

wsock32

iphlpapi

ws2_32

wininet

crypt32

Exports

Exports

Sections

.text Size: 13.1MB - Virtual size: 13.1MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 476KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 89B

.crsig Size: 4KB - Virtual size: 4KB

.version Size: 512B - Virtual size: 4B

.rsrc Size: 64KB - Virtual size: 64KB

a0f6b7fd1e12881011a9e71e7c042b4b

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 79KB

.rsrc Size: 186KB - Virtual size: 186KB

.reloc Size: 6KB - Virtual size: 5KB

fd892ff33cc2f61d075e68b440622663

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1eCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

b0:f2:41:c2:80:6d:9f:6e:a5:f7:d0:47:28:81:30:78:e5:c6:0a:86Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

.text
Size: 13.1MB - Virtual size: 13.1MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 476KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 89B

.crsig
Size: 4KB - Virtual size: 4KB

.version
Size: 512B - Virtual size: 4B

.rsrc
Size: 64KB - Virtual size: 64KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 79KB

.rsrc
Size: 186KB - Virtual size: 186KB

.reloc
Size: 6KB - Virtual size: 5KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

b0:f2:41:c2:80:6d:9f:6e:a5:f7:d0:47:28:81:30:78:e5:c6:0a:86
Signer

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: - Virtual size: 2KB

.rdata
Size: - Virtual size: 585B

.data
Size: - Virtual size: 4KB

.skr0
Size: - Virtual size: 23KB

.skr1
Size: 56KB - Virtual size: 56KB

.reloc
Size: 512B - Virtual size: 112B

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 26KB - Virtual size: 25KB