external[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

external.rar
Size

173.9MB
MD5

0ec5f7f27566428d6416801fecc9e1cb
SHA1

14faee514628306a9cbce66057b57fd8a771e5f5
SHA256

9e92dc34d6386a1307cecae9653c1e151e834bdacc0ebbe226cfda256ec929d8
SHA512

2b1d745d0cf915d2f407a556bf841c15d4457b5e430741ca05d1d984477a0541160041e0afb5c7f689f13e84d5b6ffc49445ce94f8d6884c914866cddb3ff44f
SSDEEP

3145728:/CaKufCLb1NkU5H8u/ovQHDY2wCYnZxchbS0MfwR1d80KNkU5H8u+wvQHDY2wCY1:/RKuaX1NhHjwoHDY7D8u0MfIJKNhHjt9

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack002/100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.exe
unpack001/menu swaps/100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.exe
unpack003/Release/34ebbrb4.exe
unpack003/Release/based.exe
unpack003/Release/based.exe
unpack001/x64/Release/34ebbrb4.exe
unpack001/x64/Release/34ebbrb4.exe
unpack001/x64/Release/based.exe
unpack001/x64/Release/based.exe
unpack001/x64/Release/remap.exe

Files

external.rar
.rar
Auth.h
D3DX/d3dx9.h
D3DX/d3dx9.lib
D3DX/d3dx9anim.h
D3DX/d3dx9core.h
D3DX/d3dx9effect.h
D3DX/d3dx9math.h
D3DX/d3dx9math.inl
D3DX/d3dx9mesh.h
D3DX/d3dx9shader.h
D3DX/d3dx9shape.h
D3DX/d3dx9tex.h
D3DX/d3dx9xof.h
Encryption/LazyImporter.h
Encryption/ex.h
Encryption/imports.h
Encryption/xor.hpp
Imgui/animations.h
Imgui/d3d11.lib
Imgui/imconfig.h
Imgui/imgui.cpp
Imgui/imgui.h
Imgui/imgui_draw.cpp
Imgui/imgui_impl_dx11.cpp
Imgui/imgui_impl_dx11.h
Imgui/imgui_impl_win32.cpp
Imgui/imgui_impl_win32.h
Imgui/imgui_internal.h
Imgui/imgui_tables.cpp
Imgui/imgui_widgets.cpp
Imgui/imstb_rectpack.h
Imgui/imstb_textedit.h
Imgui/imstb_truetype.h
Mouse/nt.cpp
Mouse/nt.h
Mouse/ntos.h
Mouse/rzctl.cpp
Mouse/rzctl.h
entry.cpp
ext/x64/Release/DSAPI.obj
ext/x64/Release/based.exe.recipe
ext/x64/Release/based.iobj
ext/x64/Release/based.ipdb
ext/x64/Release/entry.obj
ext/x64/Release/imgui.obj
ext/x64/Release/imgui_draw.obj
ext/x64/Release/imgui_impl_dx11.obj
ext/x64/Release/imgui_impl_win32.obj
ext/x64/Release/imgui_tables.obj
ext/x64/Release/imgui_widgets.obj
ext/x64/Release/nt.obj
ext/x64/Release/rzctl.obj
ext/x64/Release/tlog/CL.command.1.tlog
ext/x64/Release/tlog/CL.read.1.tlog
ext/x64/Release/tlog/CL.write.1.tlog
ext/x64/Release/tlog/Cl.items.tlog
ext/x64/Release/tlog/fortnite base.lastbuildstate
ext/x64/Release/tlog/link.command.1.tlog
ext/x64/Release/tlog/link.read.1.tlog
ext/x64/Release/tlog/link.secondary.1.tlog
ext/x64/Release/tlog/link.write.1.tlog
ext/x64/Release/vc143.pdb
ext/x64/Release/wda_monitor.log
external/x64/Release/DSAPI.obj
external/x64/Release/external.tlog/CL.command.1.tlog
external/x64/Release/external.tlog/external.lastbuildstate
external/x64/Release/imgui.obj
external/x64/Release/imgui_draw.obj
external/x64/Release/imgui_impl_dx11.obj
external/x64/Release/imgui_impl_win32.obj
external/x64/Release/imgui_tables.obj
external/x64/Release/imgui_widgets.obj
external/x64/Release/nt.obj
external/x64/Release/rzctl.obj
external/x64/Release/vc143.pdb
external/x64/Release/wda_monitor.log
kernelmode.h
kk.sys
.sys windows:10 windows x64 arch:x64

9cd3a2254af2c5c16a99addca383bf7f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:21:4c:81:33:95:40:a3:80:4f:ca:65:6f:5a:ea:7d
Certificate

Issuer

CN=Sex Shop SRL,OU=Ownership,O=Sex Shop L45,POSTALCODE=48273,STREET=Rathas G45,L=Berlin,ST=Berlin,C=DE,1.2.840.113549.1.9.1=#0c1961646d696e697374726174696f6e407061727365632e6e6574

Not Before

03/06/2022, 00:00

Not After

04/07/2024, 23:59

Subject

CN=Sex Shop SRL,OU=Ownership,O=Sex Shop L45,POSTALCODE=48273,STREET=Rathas G45,L=Berlin,ST=Berlin,C=DE,1.2.840.113549.1.9.1=#0c1961646d696e697374726174696f6e407061727365632e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d6:d9:9c:4d:73:38:23:96:26:b9:fe:0b:98:2c:92:8f:65:88:3c:40
Signer

Actual PE Digest

d6:d9:9c:4d:73:38:23:96:26:b9:fe:0b:98:2c:92:8f:65:88:3c:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmIsAddressValid
ExAllocatePool
RtlAnsiStringToUnicodeString
ZwQuerySystemInformation
RtlEqualUnicodeString
RtlRandomEx
ObfDereferenceObject
RtlFreeUnicodeString
RtlInitUnicodeString
MmGetPhysicalAddress
strcmp
IoGetDeviceObjectPointer
RtlInitAnsiString
MmGetSystemRoutineAddress
ExFreePoolWithTag
ObReferenceObjectByName
ZwTerminateProcess
MmMapLockedPagesSpecifyCache
IofCompleteRequest
MmAllocateContiguousMemory
IoDriverObjectType
ZwOpenProcess

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
libcurl.lib
library_x64.lib
menu swaps/100$ loader.rar
.rar
100$ loader/backends/imgui_impl_dx11.cpp
100$ loader/backends/imgui_impl_dx11.h
100$ loader/backends/imgui_impl_win32.cpp
100$ loader/backends/imgui_impl_win32.h
100$ loader/color.h
100$ loader/examples/.vs/imgui_examples/FileContentIndex/7569a93e-6d35-42ef-bffb-744eed7eb788.vsidx
100$ loader/examples/.vs/imgui_examples/v17/.suo
100$ loader/examples/.vs/imgui_examples/v17/Browse.VC.db
100$ loader/examples/.vs/imgui_examples/v17/DocumentLayout.json
100$ loader/examples/.vs/imgui_examples/v17/Solution.VC.db
100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/1d03bfb5bd4f071f/MAIN.ipch
100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/44bd8f6df7f24327/IMGUI.ipch
100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/578932969ed4853a/MAIN.ipch
100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/ae12afe37eb2b289/IMGUI_WIDGETS.ipch
100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/CL.command.1.tlog
100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/CL.read.1.tlog
100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/CL.write.1.tlog
100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/Cl.items.tlog
100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/example_win32_directx11.lastbuildstate
100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/link.command.1.tlog
100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/link.read.1.tlog
100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/link.secondary.1.tlog
100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/link.write.1.tlog
100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.exe
.exe windows:6 windows x64 arch:x64

e9eeb53be2f5787e8a5c7a455cde4133

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\1337\Desktop\2\examples\example_win32_directx11\Release\example_win32_directx11.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
Sleep
GetModuleHandleW
GlobalAlloc
MultiByteToWideChar
InitializeSListHead
GlobalUnlock
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
WideCharToMultiByte
GlobalLock
GetCurrentProcessId
GlobalFree
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
GetCurrentThreadId

user32

MessageBoxA
PeekMessageW
PostQuitMessage
ShowWindow
RegisterClassExW
UnregisterClassW
GetSystemMetrics
CreateWindowExW
DestroyWindow
DefWindowProcW
SetClipboardData
UpdateWindow
GetKeyState
GetClipboardData
ScreenToClient
TranslateMessage
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
DispatchMessageW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception_context
__current_exception
strstr
__std_terminate
memset
memmove
memcpy
memcmp
__std_exception_destroy
memchr
__std_exception_copy
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

ftell
__acrt_iob_func
fclose
__p__commode
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fseek
__stdio_common_vfprintf
fflush

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
strcpy_s
strncpy

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_wassert
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
terminate
_set_app_type
_seh_filter_exe
_cexit
_initterm_e
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

cos
roundf
sin
sinf
sqrtf
cosf
ceilf
acosf
fmodf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.exe.recipe
100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.iobj
100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.ipdb
100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.log
100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.pdb
100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.vcxproj.FileListAbsolute.txt
100$ loader/examples/example_win32_directx11/Release/imgui.ini
100$ loader/examples/example_win32_directx11/Release/imgui.obj
100$ loader/examples/example_win32_directx11/Release/imgui_draw.obj
100$ loader/examples/example_win32_directx11/Release/imgui_impl_dx11.obj
100$ loader/examples/example_win32_directx11/Release/imgui_impl_win32.obj
100$ loader/examples/example_win32_directx11/Release/imgui_tables.obj
100$ loader/examples/example_win32_directx11/Release/imgui_widgets.obj
100$ loader/examples/example_win32_directx11/Release/main.obj
100$ loader/examples/example_win32_directx11/Release/vc143.pdb
100$ loader/examples/example_win32_directx11/background.h
100$ loader/examples/example_win32_directx11/example_win32_directx11.vcxproj
100$ loader/examples/example_win32_directx11/example_win32_directx11.vcxproj.filters
100$ loader/examples/example_win32_directx11/example_win32_directx11.vcxproj.user
100$ loader/examples/example_win32_directx11/ico_pack.h
100$ loader/examples/example_win32_directx11/inter.h
100$ loader/examples/example_win32_directx11/main.cpp
100$ loader/examples/example_win32_directx11/main.h
100$ loader/examples/example_win32_directx11/user_circle.h
100$ loader/examples/imgui_examples.sln
100$ loader/imconfig.h
100$ loader/imgui.cpp
100$ loader/imgui.h
100$ loader/imgui_draw.cpp
100$ loader/imgui_internal.h
100$ loader/imgui_settings.h
100$ loader/imgui_tables.cpp
100$ loader/imgui_widgets.cpp
100$ loader/imstb_rectpack.h
100$ loader/imstb_textedit.h
100$ loader/imstb_truetype.h
menu swaps/100$ loader/backends/imgui_impl_dx11.cpp
menu swaps/100$ loader/backends/imgui_impl_dx11.h
menu swaps/100$ loader/backends/imgui_impl_win32.cpp
menu swaps/100$ loader/backends/imgui_impl_win32.h
menu swaps/100$ loader/color.h
menu swaps/100$ loader/examples/.vs/imgui_examples/FileContentIndex/2ac72ba2-8034-461b-bb01-82ce8d9a1f31.vsidx
menu swaps/100$ loader/examples/.vs/imgui_examples/FileContentIndex/390260ad-6575-4a77-a67e-8554f9b8def5.vsidx
menu swaps/100$ loader/examples/.vs/imgui_examples/FileContentIndex/88978e48-beb4-4435-8148-7fe6355705b5.vsidx
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/.suo
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/Browse.VC.db
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/DocumentLayout.json
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/Solution.VC.db
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/1d03bfb5bd4f071f/MAIN.ipch
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/1d150538b2efa049/IMGUI.ipch
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/44bd8f6df7f24327/IMGUI.ipch
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/578932969ed4853a/MAIN.ipch
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/ae12afe37eb2b289/IMGUI_WIDGETS.ipch
menu swaps/100$ loader/examples/.vs/imgui_examples/v17/ipch/AutoPCH/d087befccb8180c0/MAIN.ipch
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/CL.command.1.tlog
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/CL.read.1.tlog
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/CL.write.1.tlog
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/Cl.items.tlog
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/example_win32_directx11.lastbuildstate
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/link.command.1.tlog
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/link.read.1.tlog
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/link.secondary.1.tlog
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_.9F316E83.tlog/link.write.1.tlog
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.exe
.exe windows:6 windows x64 arch:x64

db4dd62775bf2f0722fd5cc88d3b1793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Sage\Desktop\Fc External\New folder\100$ loader\examples\example_win32_directx11\Release\example_win32_directx11.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

kernel32

LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
Sleep
GetModuleHandleW
GlobalAlloc
MultiByteToWideChar
InitializeSListHead
GlobalUnlock
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
WideCharToMultiByte
GlobalLock
GetCurrentProcessId
GlobalFree
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
GetCurrentThreadId

user32

MessageBoxA
PeekMessageW
PostQuitMessage
ShowWindow
RegisterClassExW
UnregisterClassW
GetSystemMetrics
CreateWindowExW
DestroyWindow
DefWindowProcW
SetClipboardData
UpdateWindow
GetKeyState
GetClipboardData
ScreenToClient
TranslateMessage
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
DispatchMessageW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception_context
__current_exception
strstr
__std_terminate
memset
memmove
memcpy
memcmp
__std_exception_destroy
memchr
__std_exception_copy
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

ftell
__acrt_iob_func
fclose
__p__commode
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fseek
__stdio_common_vfprintf
fflush

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
strcpy_s
strncpy

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_wassert
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
terminate
_set_app_type
_seh_filter_exe
_cexit
_initterm_e
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

cos
roundf
sin
sinf
sqrtf
cosf
ceilf
acosf
fmodf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.exe.recipe
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.iobj
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.ipdb
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.log
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.pdb
menu swaps/100$ loader/examples/example_win32_directx11/Release/example_win32_directx11.vcxproj.FileListAbsolute.txt
menu swaps/100$ loader/examples/example_win32_directx11/Release/imgui.ini
menu swaps/100$ loader/examples/example_win32_directx11/Release/imgui.obj
menu swaps/100$ loader/examples/example_win32_directx11/Release/imgui_draw.obj
menu swaps/100$ loader/examples/example_win32_directx11/Release/imgui_impl_dx11.obj
menu swaps/100$ loader/examples/example_win32_directx11/Release/imgui_impl_win32.obj
menu swaps/100$ loader/examples/example_win32_directx11/Release/imgui_tables.obj
menu swaps/100$ loader/examples/example_win32_directx11/Release/imgui_widgets.obj
menu swaps/100$ loader/examples/example_win32_directx11/Release/main.obj
menu swaps/100$ loader/examples/example_win32_directx11/Release/vc143.pdb
menu swaps/100$ loader/examples/example_win32_directx11/background.h
menu swaps/100$ loader/examples/example_win32_directx11/example_win32_directx11.vcxproj
menu swaps/100$ loader/examples/example_win32_directx11/example_win32_directx11.vcxproj.filters
menu swaps/100$ loader/examples/example_win32_directx11/example_win32_directx11.vcxproj.user
menu swaps/100$ loader/examples/example_win32_directx11/ico_pack.h
menu swaps/100$ loader/examples/example_win32_directx11/inter.h
menu swaps/100$ loader/examples/example_win32_directx11/main.cpp
menu swaps/100$ loader/examples/example_win32_directx11/main.h
menu swaps/100$ loader/examples/example_win32_directx11/user_circle.h
menu swaps/100$ loader/examples/imgui_examples.sln
menu swaps/100$ loader/imconfig.h
menu swaps/100$ loader/imgui.cpp
menu swaps/100$ loader/imgui.h
menu swaps/100$ loader/imgui_draw.cpp
menu swaps/100$ loader/imgui_internal.h
menu swaps/100$ loader/imgui_settings.h
menu swaps/100$ loader/imgui_tables.cpp
menu swaps/100$ loader/imgui_widgets.cpp
menu swaps/100$ loader/imstb_rectpack.h
menu swaps/100$ loader/imstb_textedit.h
menu swaps/100$ loader/imstb_truetype.h
other.h
sdk/Classes.h
sdk/Structs.h
updates/DSAPI.cpp
updates/DSAPI.h
wda_monitor.vcxproj
wda_monitor.vcxproj.filters
wda_monitor.vcxproj.user
x64/Release.rar
.rar
Release/34ebbrb4.exe
.exe windows:4 windows x86 arch:x86

8c16c795b57934183422be5f6df7d891

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
ord661
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
ord669
ord593
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord705
__vbaStrFixstr
_CIsin
ord631
ord709
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaGet4
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord714
ord609
__vbaFPException
ord319
__vbaGetOwner3
__vbaUbound
ord535
__vbaFileSeek
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord689
__vbaAryLock
__vbaVarAdd
ord611
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaFpI4
ord616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaCastObj
__vbaR8IntI4
ord650
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Release/based.exe
.exe windows:6 windows x64 arch:x64

9356f58bb9b7437cd7fc99193a16119e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
inet_pton
WSACleanup
closesocket
recv
send
socket
htonl
listen
ioctlsocket
getaddrinfo
freeaddrinfo
ntohl
recvfrom
WSAGetLastError
sendto
gethostname
getnameinfo
shutdown
accept

wldap32

ord143
ord46
ord211
ord60
ord45
ord50
ord41
ord301
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord22

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertOpenStore

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

dwmapi

DwmExtendFrameIntoClientArea

kernel32

ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
TlsFree
GetModuleHandleExW
FormatMessageW
WriteFile
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlVirtualUnwind
SwitchToFiber
DeleteFiber
ReadConsoleW
LoadLibraryW
ConvertFiberToThread
FindClose
FindFirstFileW
FindNextFileW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemTime
SystemTimeToFileTime
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsGetValue
CreateFiber
TlsSetValue
InitializeSListHead
TlsAlloc
ConvertThreadToFiber
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
DeviceIoControl
CreateFileW
CloseHandle
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
Process32First
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
GetLastError
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
CreateFileA
GetFileSizeEx

user32

GetCursorPos
SetCursorPos
GetClientRect
SetCursor
GetForegroundWindow
ClientToScreen
ScreenToClient
LoadCursorA
GetKeyState
SendInput
FindWindowA
mouse_event
EnumDisplaySettingsA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
OpenClipboard

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

ntdll

NtQueryDirectoryObject
NtOpenDirectoryObject
RtlCaptureContext
RtlLookupFunctionEntry
RtlInitUnicodeString
NtClose

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Query_perf_counter
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
_Query_perf_frequency
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
__current_exception_context
__std_exception_copy
strstr
memcpy
__current_exception
memset
__std_exception_destroy
strchr
strrchr
memmove
memcmp
memchr
wcsstr
__C_specific_handler
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fclose
fflush
__stdio_common_vswprintf
__stdio_common_vsscanf
fwrite
__acrt_iob_func
fopen
setbuf
clearerr
_setmode
ftell
_fileno
ferror
feof
__stdio_common_vsprintf
_set_fmode
fread
_wfopen
fputc
fgets
fputs
setvbuf
__p__commode
_lseeki64
__stdio_common_vsprintf_s
_read
_write
_close
_open
fseek

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
calloc
malloc
realloc

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
_beginthreadex
terminate
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
__sys_nerr
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
strerror
signal
strerror_s
_register_onexit_function
_exit
_initialize_onexit_table
raise
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul
strtod
strtoll
strtoull

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcspn
strspn
tolower
isupper
strcmp
strncmp
isspace
strncpy
_strnicmp
_strdup
_stricmp
strpbrk

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_fstat64i32
_stat64i32
_stat64
_access

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

sinf
__setusermatherr
fmodf
cosf
ceilf
sqrtf
acosf
_dclass

Exports

Exports

?init@rzctl@@YA_NXZ
?key_state@rzctl@@YAXFF@Z
?mouse_click@rzctl@@YAXH@Z
?mouse_move@rzctl@@YAXHH_N@Z

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Release/based.exe
.exe windows:6 windows x64 arch:x64

4704460ac058e6b4e914bd65ecb8e49f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
inet_pton
WSACleanup
closesocket
recv
send
socket
htonl
listen
ioctlsocket
getaddrinfo
freeaddrinfo
WSAGetLastError
ntohl
recvfrom
sendto
gethostname
getnameinfo
shutdown
accept

wldap32

ord143
ord46
ord211
ord60
ord45
ord50
ord41
ord301
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord22

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertOpenStore

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

dwmapi

DwmExtendFrameIntoClientArea

kernel32

ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
TlsFree
GetModuleHandleExW
FormatMessageW
WriteFile
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlVirtualUnwind
SwitchToFiber
DeleteFiber
ReadConsoleW
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindNextFileW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemTime
SystemTimeToFileTime
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsGetValue
CreateFiber
TlsSetValue
InitializeSListHead
TlsAlloc
FindFirstFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
DeviceIoControl
CreateFileW
CloseHandle
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
CreateFileA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
GetLastError
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
GetFileSizeEx

user32

GetCursorPos
SetCursorPos
GetClientRect
SetCursor
GetForegroundWindow
ClientToScreen
ScreenToClient
LoadCursorA
GetKeyState
SendInput
FindWindowA
mouse_event
EnumDisplaySettingsA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
OpenClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

ntdll

NtOpenDirectoryObject
NtClose
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
NtQueryDirectoryObject

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Query_perf_counter
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
_Query_perf_frequency
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
__current_exception_context
__std_exception_copy
strstr
memcpy
__current_exception
memset
__std_exception_destroy
strchr
strrchr
memmove
memcmp
memchr
wcsstr
__C_specific_handler
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fseek
__stdio_common_vfprintf
__stdio_common_vswprintf
fflush
setvbuf
fopen
fputc
setbuf
clearerr
_setmode
fwrite
_fileno
ferror
feof
__acrt_iob_func
_set_fmode
ftell
__stdio_common_vsprintf
_wfopen
fgets
__stdio_common_vsscanf
fclose
__p__commode
_lseeki64
fread
_read
_write
_close
_open
fputs
__stdio_common_vsprintf_s

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_callnewh
calloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_c_exit
_beginthreadex
terminate
_errno
_register_thread_local_exe_atexit_callback
__p___argv
__p___argc
__sys_nerr
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
signal
strerror_s
_invalid_parameter_noinfo_noreturn
_exit
_initialize_onexit_table
raise
_initialize_narrow_environment
_configure_narrow_argv
strerror

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atoi
strtod
strtoll
strtoull

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
strcspn
strspn
isupper
tolower
strncpy
strpbrk
isspace
_strnicmp
_strdup
_stricmp

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_fstat64
_stat64i32
_stat64
_access

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

sinf
__setusermatherr
fmodf
cosf
ceilf
acosf
_dclass
sqrtf

Exports

Exports

?init@rzctl@@YA_NXZ
?key_state@rzctl@@YAXFF@Z
?mouse_click@rzctl@@YAXH@Z
?mouse_move@rzctl@@YAXHH_N@Z

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Release/wd32ewv.sys
.sys windows:10 windows x64 arch:x64

48aab8b485505e39221c6ac40909a9cb

Code Sign

67:73:8d:d1:39:c8:f4:be:4c:1b:a4:ae:df:f4:2c:44
Certificate

Issuer

CN=Apple Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Apple Inc.,L=Cupertino,ST=California,C=US

Not Before

18/02/2024, 19:28

Not After

20/03/2026, 04:59

Subject

CN=Apple Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:b7:a7:02:22:62:9d:1a:e0:e4:bc:f3:59:9c:a3:c6:e5:4f:d7:1a:fb:9d:03:fc:a9:77:74:79:02:cd:40:c6
Signer

Actual PE Digest

3f:b7:a7:02:22:62:9d:1a:e0:e4:bc:f3:59:9c:a3:c6:e5:4f:d7:1a:fb:9d:03:fc:a9:77:74:79:02:cd:40:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Sage\Desktop\Vmp\kernel mode\build\driver\driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlGetVersion
ExAllocatePool
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmCopyMemory
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/34ebbrb4.exe
.exe windows:4 windows x86 arch:x86

8c16c795b57934183422be5f6df7d891

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
ord661
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
ord669
ord593
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord705
__vbaStrFixstr
_CIsin
ord631
ord709
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaGet4
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord714
ord609
__vbaFPException
ord319
__vbaGetOwner3
__vbaUbound
ord535
__vbaFileSeek
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord689
__vbaAryLock
__vbaVarAdd
ord611
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaFpI4
ord616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaCastObj
__vbaR8IntI4
ord650
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x64/Release/34ebbrb4.exe
.exe windows:6 windows x64 arch:x64

01414c92e9f3e8521a4976e6e90d776a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Sage\Desktop\RTCore64_Vulnerability-main\x64\Release\RTCore64_Vulnerability.pdb

Imports

kernel32

GetCurrentThreadId
GetModuleHandleA
OpenProcess
GetLastError
CreateFileA
LoadLibraryA
DeleteFileA
CloseHandle
GetProcAddress
GetCurrentProcessId
CreateFileW
DeviceIoControl
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetUnhandledExceptionFilter
GetTempPathW
FormatMessageA
GetLocaleInfoEx
VirtualAlloc
VirtualFree
SetLastError
GetFileAttributesExA
CreateDirectoryA
GetModuleFileNameA
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree

user32

GetShellWindow
GetWindowThreadProcessId

advapi32

RegCloseKey
RegDeleteTreeW
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW

ole32

StringFromGUID2

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1_Lockit@std@@QEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

dbghelp

SymLoadModuleEx
SymUnloadModule64
SymFromName
SymSetOptions
SymInitialize
SymCleanup

urlmon

URLDownloadToFileA

shlwapi

PathRemoveFileSpecA
PathFileExistsA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_terminate
__current_exception_context
memmove
memcmp
memcpy
wcsstr
__current_exception
__C_specific_handler
memset

api-ms-win-crt-convert-l1-1-0

_itoa_s
wcstombs_s

api-ms-win-crt-stdio-l1-1-0

fread
fsetpos
_get_stream_buffer_pointers
ungetc
_set_fmode
fputc
fflush
setvbuf
fgetpos
__stdio_common_vsprintf
fwrite
_fseeki64
fclose
fgetc
__p__commode

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wremove
_unlock_file

api-ms-win-crt-string-l1-1-0

_stricmp
_wcsicmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_initterm
__p___wargv
_get_initial_wide_environment
_initialize_wide_environment
terminate
_configure_wide_argv
__p___argc
_set_app_type
_seh_filter_exe
_cexit
_initterm_e
_crt_atexit
_exit
_c_exit
_register_onexit_function
abort
exit
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/based.exe
.exe windows:4 windows x86 arch:x86

8c16c795b57934183422be5f6df7d891

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
ord661
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
ord669
ord593
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord705
__vbaStrFixstr
_CIsin
ord631
ord709
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaGet4
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord714
ord609
__vbaFPException
ord319
__vbaGetOwner3
__vbaUbound
ord535
__vbaFileSeek
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord689
__vbaAryLock
__vbaVarAdd
ord611
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaFpI4
ord616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaCastObj
__vbaR8IntI4
ord650
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x64/Release/based.exe
.exe windows:6 windows x64 arch:x64

80ba47abab5f44d3c29e1002d8faa059

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

sendto
gethostname
getnameinfo
recvfrom
ntohl
freeaddrinfo
getaddrinfo
ioctlsocket
listen
htonl
socket
send
recv
closesocket
accept
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
inet_pton
WSAGetLastError
shutdown

wldap32

ord200
ord30
ord79
ord35
ord301
ord33
ord32
ord26
ord27
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertOpenStore

advapi32

OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash

dwmapi

DwmExtendFrameIntoClientArea

kernel32

GetModuleFileNameW
QueryFullProcessImageNameW
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
InitializeSListHead
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
DeviceIoControl
CreateFileW
CloseHandle
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
Process32First
CreateToolhelp32Snapshot
Sleep
Process32Next
lstrcmpiA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
UnmapViewOfFile
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
GetLastError
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
CreateFileA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
FormatMessageW
WriteFile
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlVirtualUnwind
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
GetFileAttributesExW
MapViewOfFile
CreateFileMappingW
VirtualProtect
CreateThread
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
GetModuleFileNameA
HeapAlloc
HeapDestroy
DeleteCriticalSection
AreFileApisANSI
GetFileInformationByHandleEx
OutputDebugStringW
GetFileSizeEx

user32

EnumDisplaySettingsA
mouse_event
FindWindowA
SendInput
GetKeyState
LoadCursorA
GetUserObjectInformationW
ScreenToClient
ClientToScreen
GetForegroundWindow
GetProcessWindowStation
MessageBoxW
EmptyClipboard
MessageBoxA
SetCursor
GetClientRect
SetCursorPos
GetCursorPos
OpenClipboard
SetClipboardData
GetClipboardData
CloseClipboard

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
NtQueryDirectoryObject
NtClose
RtlInitUnicodeString
NtOpenDirectoryObject

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_counter
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?good@ios_base@std@@QEBA_NXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

bcrypt

BCryptGenRandom

shlwapi

PathFindFileNameW

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
strstr
memcpy
memset
strchr
strrchr
__std_exception_destroy
memcmp
memchr
wcsstr
__std_terminate
__C_specific_handler
__current_exception
__current_exception_context
memmove
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

feof
_pclose
_popen
_fseeki64
fsetpos
ferror
fgetc
_lseeki64
_get_stream_buffer_pointers
setvbuf
ungetc
__stdio_common_vsscanf
fgetpos
fgets
fputc
fopen
_open
__stdio_common_vswprintf
_close
_write
__stdio_common_vsprintf
_read
__p__commode
fputs
setbuf
ftell
clearerr
_set_fmode
_fileno
__acrt_iob_func
__stdio_common_vsprintf_s
fread
_wfopen
fwrite
fflush
fclose
__stdio_common_vfprintf
fseek
_setmode

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_set_new_mode
free
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_cexit
_get_initial_narrow_environment
_initterm
_initterm_e
exit
__p___argc
__p___argv
_c_exit
_crt_atexit
signal
terminate
_register_onexit_function
strerror_s
strerror
_exit
_errno
_initialize_onexit_table
abort
_initialize_narrow_environment
_configure_narrow_argv
raise
_resetstkoflw
_invalid_parameter_noinfo
_beginthreadex
system
__sys_nerr
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_register_thread_local_exe_atexit_callback

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
strtol
strtoul
strtod
strtoull

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
___lc_codepage_func

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
_stricmp
_strdup
tolower
strpbrk
_strnicmp
strcmp
strcspn
strspn
isupper
strncpy
isspace

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_gmtime64
_time64
_localtime64
strftime

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_unlock_file
_fstat64i32
_lock_file
_access
_stat64
_fstat64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_dclass
cosf
acosf
ceilf
sinf
fmodf
sqrtf
__setusermatherr

shell32

ShellExecuteA

Exports

Exports

?init@rzctl@@YA_NXZ
?key_state@rzctl@@YAXFF@Z
?mouse_click@rzctl@@YAXH@Z
?mouse_move@rzctl@@YAXHH_N@Z

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 730KB - Virtual size: 729KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/based.exp
x64/Release/based.lib
x64/Release/imgui.ini
x64/Release/remap.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bird
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x64/Release/symbols/989cdceeded4d88dfe5d6ed06c4df7db.pdb
x64/Release/symbols/989cdceeded4d88dfe5d6ed06c4df7db.pdb.md5
x64/Release/wd32ewv.sys
.sys windows:10 windows x64 arch:x64

48aab8b485505e39221c6ac40909a9cb

Code Sign

67:73:8d:d1:39:c8:f4:be:4c:1b:a4:ae:df:f4:2c:44
Certificate

Issuer

CN=Apple Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Apple Inc.,L=Cupertino,ST=California,C=US

Not Before

18/02/2024, 19:28

Not After

20/03/2026, 04:59

Subject

CN=Apple Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:b7:a7:02:22:62:9d:1a:e0:e4:bc:f3:59:9c:a3:c6:e5:4f:d7:1a:fb:9d:03:fc:a9:77:74:79:02:cd:40:c6
Signer

Actual PE Digest

3f:b7:a7:02:22:62:9d:1a:e0:e4:bc:f3:59:9c:a3:c6:e5:4f:d7:1a:fb:9d:03:fc:a9:77:74:79:02:cd:40:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Sage\Desktop\Vmp\kernel mode\build\driver\driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlGetVersion
ExAllocatePool
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmCopyMemory
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cd3a2254af2c5c16a99addca383bf7f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e3:21:4c:81:33:95:40:a3:80:4f:ca:65:6f:5a:ea:7dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

d6:d9:9c:4d:73:38:23:96:26:b9:fe:0b:98:2c:92:8f:65:88:3c:40Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 828B

.data Size: 10KB - Virtual size: 9KB

.pdata Size: 512B - Virtual size: 264B

INIT Size: 1024B - Virtual size: 746B

e9eeb53be2f5787e8a5c7a455cde4133

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

kernel32

user32

msvcp140

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 306KB - Virtual size: 306KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 308KB - Virtual size: 312KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 980B

db4dd62775bf2f0722fd5cc88d3b1793

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_47

kernel32

user32

msvcp140

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e3:21:4c:81:33:95:40:a3:80:4f:ca:65:6f:5a:ea:7d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

d6:d9:9c:4d:73:38:23:96:26:b9:fe:0b:98:2c:92:8f:65:88:3c:40
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 828B

.data
Size: 10KB - Virtual size: 9KB

.pdata
Size: 512B - Virtual size: 264B

INIT
Size: 1024B - Virtual size: 746B

.text
Size: 306KB - Virtual size: 306KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 308KB - Virtual size: 312KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 980B

.text
Size: 306KB - Virtual size: 306KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 308KB - Virtual size: 312KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 980B

.text
Size: 104KB - Virtual size: 100KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 710KB - Virtual size: 710KB

.data
Size: 24KB - Virtual size: 45KB

.pdata
Size: 92KB - Virtual size: 92KB

_RDATA
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 25KB - Virtual size: 25KB