49f53b453ab92c5c946f012d33be47784b1de5a01ba7688807bc134be46dc447

Sharing

Copy URL Twitter E-mail

General

Target

49f53b453ab92c5c946f012d33be47784b1de5a01ba7688807bc134be46dc447
Size

9.9MB
MD5

31e9a5daa4ffcb4716c79a9c66a9654b
SHA1

d867675d8a2a228c0f6ccac5c1954a0b04161805
SHA256

49f53b453ab92c5c946f012d33be47784b1de5a01ba7688807bc134be46dc447
SHA512

ef43ca563cb8df7ac1934c1ddc0d2a134452284452406fcb8233a3e327f043c0e29a5fdd9327c11da294548a058fe76129bed17086c7a88e3698323fa5e0d650
SSDEEP

98304:Evn3QX97wro6jNMco2HvtetnzGUrzy97y8ZUzHpEwmz1F6XPUe1:EvgX9cro6jNjo2QBSUrzy97y8ZxwDX1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49f53b453ab92c5c946f012d33be47784b1de5a01ba7688807bc134be46dc447

Files

49f53b453ab92c5c946f012d33be47784b1de5a01ba7688807bc134be46dc447
.exe windows:6 windows x86 arch:x86

afa29c870d71d97596d9e4a45e4ffbee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\NewEvolved\bin\ElementClient1.pdb

Imports

elementskill

?Query@VisibleState@GNET@@SAPBV12@HH@Z
?GetEffect@ElementSkill@GNET@@SAPBDI@Z
?GoblinLearn@ElementSkill@GNET@@SAHIAAUGoblinRequirement@2@H@Z
?Create@ElementSkill@GNET@@SAPAV12@IH@Z
?Destroy@ElementSkill@GNET@@QAEXXZ
?Condition@ElementSkill@GNET@@SAHIAAUUseRequirement@2@H@Z
?GetAbilityPercent@ElementSkill@GNET@@SAHI@Z
?LearnCondition@ElementSkill@GNET@@SAHIAAULearnRequirement@2@H@Z
?PetLearn@ElementSkill@GNET@@SAHIAAUPetRequirement@2@H@Z
?SetLevel@ElementSkill@GNET@@SAHIH@Z
?GetIcon@ElementSkill@GNET@@SAPBDI@Z
?GetComboSkActivated@ElementSkill@GNET@@SAXABUComboSkillState@2@AAV?$vector@U?$pair@IH@std@@V?$allocator@U?$pair@IH@std@@@2@@std@@@Z
?SetAbility@ElementSkill@GNET@@SAHIH@Z
?LoadSkillData@ElementSkill@GNET@@SAXPAX@Z
?GoblinCondition@ElementSkill@GNET@@SAHIAAUGoblinUseRequirement@2@H@Z
?GetName@ElementSkill@GNET@@SAPB_WI@Z
?GetExecuteTime@ElementSkill@GNET@@SAHIH@Z
?GetNativeName@ElementSkill@GNET@@SAPBDI@Z
?GetRequiredBook@ElementSkill@GNET@@SAHIH@Z
?NextSkill@ElementSkill@GNET@@SAII@Z
?GetCommonCoolDown@ElementSkill@GNET@@SAHI@Z
?GetComboSkPreSkill@ElementSkill@GNET@@SAHI@Z
?GetInherentSkills@ElementSkill@GNET@@SAABV?$vector@IV?$allocator@I@std@@@std@@H@Z
?InitStaticData@ElementSkill@GNET@@SAXXZ
?IsMovingSkill@ElementSkill@GNET@@SA_NI@Z
?GetAbility@ElementSkill@GNET@@SAHI@Z
?GetMaxAbility@ElementSkill@GNET@@SAHIH@Z
?IsOverridden@ElementSkill@GNET@@SA_NI@Z
?GetRequiredLevel@ElementSkill@GNET@@SAHIH@Z
?GetRequiredRealmLevel@ElementSkill@GNET@@SAHIH@Z
?GetType@ElementSkill@GNET@@SADI@Z
?IsGoblinSkill@ElementSkill@GNET@@SA_NI@Z
?Query@TeamState@GNET@@SAPBV12@H@Z
?GetRequiredSp@ElementSkill@GNET@@SAHIH@Z
?GetRequiredMoney@ElementSkill@GNET@@SAHIH@Z
?GetVersion@ElementSkill@GNET@@SAHXZ

immwrapper

??0AMImmWrapper@@QAE@XZ
?Stop@AMImmEffect@@QAE_NXZ
?Start@AMImmEffect@@QAE_NXZ
??1AMImmWrapper@@QAE@XZ
?Release@AMImmWrapper@@QAE_NXZ
?Init@AMImmWrapper@@QAE_NPAUHINSTANCE__@@PAUHWND__@@PAD2@Z
?LoadImmEffect@AMImmWrapper@@QAE_NPADPAPAVAMImmEffect@@@Z
?ReleaseImmEffect@AMImmWrapper@@QAE_NAAPAVAMImmEffect@@@Z

ftdriver

?CreateFTManager@@YAPAVIFTManager@@HHH@Z

speedtreert

?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?GetDiscreteLeafLodLevel@CSpeedTreeRT@@QBEGM@Z
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?Authorize@CSpeedTreeRT@@SAXPBD@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
??0CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??3CSpeedTreeRT@@SAXPAX@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?GetTreeSize@CSpeedTreeRT@@QBEXAAM0@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z

d3d9

Direct3DCreate9

d3dx9_43

D3DXLoadSurfaceFromFileInMemory
D3DXAssembleShader
D3DXCreateBuffer
D3DXGetImageInfoFromFileInMemory
D3DXSaveTextureToFileA
D3DXCreateTextureFromFileInMemoryEx
D3DXMatrixPerspectiveFovLH
D3DXSaveSurfaceToFileA
D3DXMatrixOrthoOffCenterLH
D3DXMatrixMultiply
D3DXVec4Transform
D3DXMatrixRotationAxis
D3DXMatrixLookAtLH
D3DXVec3TransformCoord
D3DXMatrixShadow
D3DXGetImageInfoFromFileA
D3DXMatrixInverse
D3DXLoadSurfaceFromSurface
D3DXPlaneTransform

dsound

ord11

wininet

HttpQueryInfoA
InternetOpenUrlW
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetConnectA
InternetReadFile

shlwapi

StrToIntW
PathFileExistsW
PathAppendW
PathFileExistsA
PathFindExtensionA
PathFindFileNameA

winmm

timeGetTime

ws2_32

closesocket
send
socket
ntohs
connect
inet_ntoa
htons
sendto
ioctlsocket
setsockopt
WSACleanup
WSAStartup
gethostbyname
WSAGetLastError
inet_addr
getsockname
recv
select
bind
__WSAFDIsSet

imm32

ImmGetDefaultIMEWnd
ImmGetConversionStatus
ImmGetCandidateListA
ImmGetIMEFileNameA
ImmGetOpenStatus
ImmSetCompositionStringW
ImmSetConversionStatus
ImmGetCompositionStringA
ImmGetCandidateListW
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetProperty
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmGetDescriptionW
ImmNotifyIME
ImmIsIME

ddraw

DirectDrawCreate

zlibwapi

ord2
ord26
ord6
ord7
ord21
ord4
ord46
ord20
ord19

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

glu32

gluNewTess
gluTessVertex
gluTessEndContour
gluTessBeginPolygon
gluTessBeginContour
gluTessCallback
gluTessProperty
gluTessEndPolygon
gluDeleteTess

discord_game_sdk

DiscordCreate

kernel32

LoadLibraryExW
CreateFileMappingW
MapViewOfFile
LocalAlloc
GetWindowsDirectoryA
IsDBCSLeadByte
GetLocaleInfoA
CompareStringA
GetVersionExA
VirtualFree
VirtualAlloc
FormatMessageA
QueryPerformanceCounter
SetFilePointer
QueryPerformanceFrequency
LoadLibraryExA
InterlockedPushEntrySList
InterlockedPopEntrySList
lstrlenW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
IsDBCSLeadByteEx
GlobalSize
GlobalFree
MulDiv
lstrcmpW
lstrcmpiW
QueueUserAPC
FindResourceW
LoadResource
RaiseException
SetLastError
SizeofResource
CreateSemaphoreW
ReleaseSemaphore
OpenFile
SetCurrentDirectoryW
GetPrivateProfileStringA
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
GlobalReAlloc
WinExec
EncodePointer
UnmapViewOfFile
GetPrivateProfileIntA
DuplicateHandle
GetModuleFileNameA
EnterCriticalSection
GetCurrentProcess
GetModuleFileNameW
LeaveCriticalSection
CreateFileW
GetCurrentThreadId
GetLastError
GetCurrentThread
CloseHandle
LoadLibraryW
GetProcAddress
GetCurrentProcessId
FreeLibrary
lstrcpyW
IsBadReadPtr
GetTempPathA
GetTempFileNameA
GetTickCount
GetCommandLineA
GetFileAttributesA
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTickCount64
VirtualProtect
InitializeCriticalSection
WaitForSingleObject
GetModuleHandleA
LoadLibraryA
CreateThread
DeleteCriticalSection
Process32First
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
ReadProcessMemory
VirtualQueryEx
lstrlenA
GetVersionExW
Sleep
GetSystemInfo
GlobalMemoryStatus
HeapFree
HeapAlloc
GetProcessHeap
SystemTimeToFileTime
GetSystemTime
CreateFileA
GetModuleHandleW
FlushInstructionCache
CreateMutexW
ReleaseMutex
IsBadWritePtr
OutputDebugStringW
GlobalAlloc
GlobalLock
WideCharToMultiByte
GlobalUnlock
MultiByteToWideChar
DeleteFileA
InitializeCriticalSectionAndSpinCount
ExitThread
CreateEventW
SetEvent
GetCurrentDirectoryW
DecodePointer
CreateDirectoryA
FindFirstFileA
FindNextFileA
WaitForMultipleObjects
GetExitCodeThread
CopyFileA
ResetEvent
GetLocalTime
GetFileSize
ReadFile
GetCommandLineW
OutputDebugStringA
CreateDirectoryW
ResumeThread
ExitProcess
FindClose
IsDebuggerPresent
WriteFile
CreateNamedPipeW
CreateMutexA
CreateProcessW
ConnectNamedPipe
GetDiskFreeSpaceA
SignalObjectAndWait
SetThreadPriority
SetThreadPriorityBoost
GetCurrentDirectoryA
GetVersion
SetCurrentDirectoryA
SuspendThread

user32

GetWindowTextLengthW
SendMessageA
IntersectRect
SetRect
DestroyCursor
LoadCursorFromFileA
RegisterClipboardFormatW
GetClipboardData
CreateCaret
GetKeyboardLayout
SetCaretPos
IsWindowUnicode
EnumThreadWindows
GetWindowDC
CreateWindowExA
WindowFromDC
GetCaretBlinkTime
PostMessageA
UpdateWindow
SetForegroundWindow
wsprintfW
GetCapture
SetCapture
GetMessageW
CallWindowProcW
GetFocus
DestroyWindow
keybd_event
FillRect
InvalidateRgn
ReleaseCapture
ChangeDisplaySettingsW
DispatchMessageW
PeekMessageW
SetFocus
GetForegroundWindow
TranslateMessage
LoadIconW
SetCursor
GetGUIThreadInfo
BeginPaint
EndPaint
SetWindowTextW
AdjustWindowRectEx
SetWindowLongW
InvalidateRect
GetAsyncKeyState
SetCursorPos
SetActiveWindow
EnumChildWindows
SendMessageW
UnregisterClassW
GetMenuBarInfo
IsWindow
GetWindowLongW
IsWindowVisible
SetWindowPos
ShowWindow
IsWindowEnabled
FindWindowW
GetClassNameW
IsZoomed
IsIconic
CharNextW
GetDlgItem
KillTimer
GetDesktopWindow
GetClassInfoExW
LoadCursorW
RedrawWindow
SetWindowLongA
DestroyAcceleratorTable
IsChild
GetSysColor
CreateAcceleratorTableW
GetWindowTextW
GetActiveWindow
GetClientRect
PostMessageW
ClientToScreen
GetKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
ScreenToClient
GetCursorPos
PostQuitMessage
EnumWindows
GetWindowRect
CallNextHookEx
UnhookWindowsHookEx
IsRectEmpty
SetWindowsHookExW
FindWindowA
PtInRect
GetParent
RegisterWindowMessageW
GetAncestor
GetDC
ReleaseDC
DefWindowProcW
MessageBoxW
CreateWindowExW
GetSystemMetrics
RegisterClassExW
MoveWindow
MessageBoxA
AdjustWindowRect
GetWindowThreadProcessId
GetWindow
GetClassNameA
GetWindowTextA
GetTopWindow
SetTimer

gdi32

GetTextExtentPoint32W
SetMapMode
SetTextColor
SetBkColor
SetTextAlign
ExtTextOutW
TextOutA
CreateCompatibleDC
GetDeviceCaps
DeleteDC
CreateSolidBrush
CreateDIBSection
GetObjectW
CreateFontW
SelectObject
DeleteObject
GetStockObject
BitBlt
GetDIBits
CreateEllipticRgn
GetGlyphOutlineW
CreatePolygonRgn
PtInRegion
CreateFontIndirectW
CreateCompatibleBitmap
EnumFontFamiliesExW

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
OpenThreadToken

shell32

SHGetFolderPathW
ShellExecuteExA
SHOpenFolderAndSelectItems
ShellExecuteA
Shell_NotifyIconW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoGetClassObject
OleUninitialize
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal
OleInitialize
CoTaskMemRealloc
CLSIDFromString
OleLockRunning

oleaut32

VariantInit
LoadTypeLi
OleCreateFontIndirect
VariantCopy
DispCallFunc
SysStringLen
SysAllocStringLen
VarUI4FromStr
SysAllocString
VariantClear
SysFreeString
LoadRegTypeLi

msvcp140

?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Unlink
_Remove_dir
_To_wide
_Close_dir
_Open_dir
_Lstat
_Read_dir
_Stat
_To_byte
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Thrd_join
_Thrd_id
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
_Thrd_hardware_concurrency
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?good@ios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z

concrt140

?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
??1_StructuredTaskCollection@details@Concurrency@@QAE@XZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QBE_NXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
??0_Cancellation_beacon@details@Concurrency@@QAE@XZ
??1_Cancellation_beacon@details@Concurrency@@QAE@XZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QAE_NXZ
?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?Free@Concurrency@@YAXPAX@Z
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ

urlmon

URLDownloadToFileW

vcruntime140

__std_terminate
strstr
strrchr
_purecall
__std_exception_destroy
__std_exception_copy
wcsstr
wcschr
__std_type_info_compare
strchr
__std_type_info_name
longjmp
__current_exception
__current_exception_context
_except_handler4_common
memset
memmove
_CxxThrowException
__CxxFrameHandler3
wcsrchr
__RTDynamicCast
_local_unwind4
_setjmp3
memchr
memcpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
getc
__stdio_common_vswprintf
ferror
_popen
__stdio_common_vfwprintf
fflush
freopen
__stdio_common_vswscanf
__stdio_common_vfscanf
_pclose
_set_fmode
fread
tmpfile
__p__commode
setvbuf
ungetc
rewind
fseek
fputs
fopen
_fileno
ftell
fclose
__stdio_common_vsprintf
fgetwc
fgetws
fwrite
fgets
feof
tmpnam
_wfopen
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf_s
clearerr

api-ms-win-crt-convert-l1-1-0

atof
strtoul
atol
strtod
atoi
_itow
_itoa
_wtoi

api-ms-win-crt-string-l1-1-0

strncmp
wcsncpy_s
wcsncat
iswdigit
strtok
strcspn
_wcsupr
_wcslwr
wcsncmp
isspace
isalpha
_strlwr
isalnum
strcpy_s
_wcsicmp
_strupr
_strnicmp
strpbrk
isupper
strncat
wcscpy_s
wcscat_s
strcat_s
strncpy
tolower
toupper
isxdigit
ispunct
iscntrl
wcsncpy
_stricmp
islower
strcoll
isdigit

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
_controlfp_s
_errno
_invalid_parameter_noinfo
_resetstkoflw
_register_thread_local_exe_atexit_callback
terminate
_c_exit
exit
system
_beginthread
_beginthreadex
_cexit
_exit
_initterm_e
_seh_filter_exe
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
strerror
_register_onexit_function
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_findfirst64i32
_mkdir
_splitpath
_findnext64i32
_access
_findfirst32
_wremove
rename
_findclose
_rmdir
_stat32
_stat64i32
_fstat64i32
remove
_findnext32

api-ms-win-crt-time-l1-1-0

asctime
_time32
_mktime32
_time64
_gmtime32
_localtime32
_localtime64
_difftime64
clock
_mktime64
strftime
_gmtime64

api-ms-win-crt-heap-l1-1-0

_recalloc
_set_new_mode
free
malloc
realloc
calloc

api-ms-win-crt-math-l1-1-0

__libm_sse2_tanf
__libm_sse2_tan
__libm_sse2_sinf
modf
ceil
frexp
ldexp
__libm_sse2_sin
__libm_sse2_powf
__libm_sse2_pow
_CIcosh
_CIfmod
__setusermatherr
_CIsinh
_CItanh
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
_isnan
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_cos
__libm_sse2_log10
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_log

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afa29c870d71d97596d9e4a45e4ffbee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

elementskill

immwrapper

ftdriver

speedtreert

d3d9

d3dx9_43

dsound

wininet

shlwapi

winmm

ws2_32

imm32

ddraw

zlibwapi

version

glu32

discord_game_sdk

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

concrt140

urlmon

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 7.7MB - Virtual size: 7.7MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 274KB - Virtual size: 456KB

_RDATA Size: 156KB - Virtual size: 155KB

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 500KB - Virtual size: 499KB

.text
Size: 7.7MB - Virtual size: 7.7MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 274KB - Virtual size: 456KB

_RDATA
Size: 156KB - Virtual size: 155KB

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 500KB - Virtual size: 499KB