37468e22e35b252aa3affedd6b320ccff4521348c57df086f55118b5ceb55fec

Sharing

Copy URL Twitter E-mail

General

Target

37468e22e35b252aa3affedd6b320ccff4521348c57df086f55118b5ceb55fec
Size

1.6MB
MD5

d84135db9acb746d696784f578021782
SHA1

74518726145c10a75597aae3047cf847dea3fcb0
SHA256

37468e22e35b252aa3affedd6b320ccff4521348c57df086f55118b5ceb55fec
SHA512

2670191105d6df87a5a5295dfabf6f7a52c8db6a614ee20405b161df566ba4568e3b945f28e92978d0a17f5a478c2e8a22e3818af2adea12cd60ace06ef02305
SSDEEP

49152:4cx/yeNN3BX/s+6BRXeNNsgzgf2/odEteNNw:bp/6LWh8Eh

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/R3nzSkin.dll
unpack002/R3nzSkin_Injector.exe
unpack001/R3nzSkin/R3nzSkin/R3nzSkin/R3nzSkin.dll
unpack001/R3nzSkin/R3nzSkin/R3nzSkin/R3nzSkin_Injector.exe
unpack001/R3nzSkin/R3nzSkin/R3nzSkin_Injector_v3.2.3.exe
unpack003/R3nzSkin.dll
unpack003/R3nzSkin_Injector.exe
unpack001/R3nzSkin/R3nzSkin_Injector_v3.2.3.exe

Files

37468e22e35b252aa3affedd6b320ccff4521348c57df086f55118b5ceb55fec
.zip
ChinaServer.zip
.zip
R3nzSkin.dll
.dll windows:6 windows x86 arch:x86

c8eb49cd7b6f53c017ff19916f80190f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetModuleHandleW
VirtualQuery
GetCurrentThread
CloseHandle
ExitProcess
FormatMessageA
QueryPerformanceFrequency
GetLastError
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
InitOnceComplete
InitOnceBeginInitialize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalLock
GlobalFree
GetProcAddress
GlobalAlloc
AreFileApisANSI
MultiByteToWideChar
LocalFree

user32

EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetClipboardData
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetClipboardData
SetCursorPos
GetForegroundWindow
CallWindowProcW
SetWindowLongW
MessageBoxA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

vcruntime140

memmove
memcpy
memchr
__CxxFrameHandler3
__std_exception_destroy
__std_terminate
strstr
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
memset
__std_type_info_destroy_list
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

fgetpos
ungetc
__stdio_common_vsprintf
fsetpos
fwrite
fread
_fseeki64
ftell
fgetc
setvbuf
fclose
fseek
fflush
__stdio_common_vsscanf
_get_stream_buffer_pointers
fputc
_wfopen

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

_dclass
_dsign
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
ceil
_libm_sse2_acos_precise
_libm_sse2_cos_precise

api-ms-win-crt-convert-l1-1-0

strtoull
strtod
strtoll
strtoul

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
abort
_initterm_e
_initterm
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit
_errno
terminate

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3nzSkin_Injector.exe
.exe windows:6 windows x86 arch:x86

686bd5ef0532394e081ea8a85ff591cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Xlength_error@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
?always_noconv@codecvt_base@std@@QBE_NXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Lockit@std@@QAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
_Thrd_sleep

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
terminate
abort
_beginthreadex

vcruntime140

__current_exception_context
__CxxDetectRethrow
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__FrameUnwindFilter
__current_exception
__CxxUnregisterExceptionObject
memmove
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
WaitForSingleObject
GetProcAddress
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetProcessTimes
SystemTimeToFileTime
GetSystemTime
GetCurrentDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
K32GetModuleBaseNameW
K32EnumProcessModules
GetModuleHandleW
GetCurrentProcess
OpenProcess

user32

MessageBoxW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

ntdll

NtCreateThreadEx

api-ms-win-crt-stdio-l1-1-0

setvbuf
fsetpos
fgetpos
_fseeki64
fread
fgetc
ungetc
fputc
fwrite
_get_stream_buffer_pointers
fflush
fclose

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3nzSkin/.DS_Store
R3nzSkin/R3nzSkin/.DS_Store
R3nzSkin/R3nzSkin/R3nzSkin/.DS_Store
R3nzSkin/R3nzSkin/R3nzSkin/R3nzSkin.dll
.dll windows:6 windows x64 arch:x64

1d3ae125c9fa70b475946ee6ae658c12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetModuleHandleW
VirtualQuery
DisableThreadLibraryCalls
GetCurrentThread
CloseHandle
ExitProcess
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetProcAddress
IsValidCodePage
HeapReAlloc
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
QueryPerformanceFrequency
GlobalUnlock
FlsAlloc
HeapAlloc
HeapFree
GetConsoleMode
WideCharToMultiByte
GlobalLock
GlobalAlloc
GlobalFree
GetACP
MultiByteToWideChar
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetFileType
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
Sleep
InitOnceComplete
InitOnceBeginInitialize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
WakeAllConditionVariable
SleepConditionVariableSRW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
RtlUnwind

user32

CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
OpenClipboard
CallWindowProcW
SetWindowLongPtrW
GetAsyncKeyState
SetWindowLongW
MessageBoxA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

Sections

.text
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3nzSkin/R3nzSkin/R3nzSkin/R3nzSkin_Injector.exe
.exe windows:6 windows x64 arch:x64

2024c777d3a5520875560d33b67cf40b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Thrd_sleep
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Xtime_get_ticks
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Strcoll
_Strxfrm
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Query_perf_counter
_Query_perf_frequency
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Incref@facet@locale@std@@UEAAXXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_cexit
_beginthreadex
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fwrite
fputc
ungetc
fgetc
_fseeki64
fgetpos
fsetpos
setvbuf
fread
fclose
fflush

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte

vcruntime140

memcpy
__std_exception_destroy
__std_exception_copy
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
memmove
__FrameUnwindFilter
__current_exception
__current_exception_context
_CxxThrowException
strchr

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

mscoree

_CorExeMain

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3nzSkin/R3nzSkin/R3nzSkin_Injector_v3.2.3.exe
.exe windows:6 windows x64 arch:x64

2024c777d3a5520875560d33b67cf40b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Thrd_sleep
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Xtime_get_ticks
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Strcoll
_Strxfrm
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Query_perf_counter
_Query_perf_frequency
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Incref@facet@locale@std@@UEAAXXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_cexit
_beginthreadex
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fwrite
fputc
ungetc
fgetc
_fseeki64
fgetpos
fsetpos
setvbuf
fread
fclose
fflush

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte

vcruntime140

memcpy
__std_exception_destroy
__std_exception_copy
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
memmove
__FrameUnwindFilter
__current_exception
__current_exception_context
_CxxThrowException
strchr

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

mscoree

_CorExeMain

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3nzSkin/R3nzSkin/R3nzSkin_v3.2.3.zip
.zip
R3nzSkin.dll
.dll windows:6 windows x64 arch:x64

1d3ae125c9fa70b475946ee6ae658c12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetModuleHandleW
VirtualQuery
DisableThreadLibraryCalls
GetCurrentThread
CloseHandle
ExitProcess
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetProcAddress
IsValidCodePage
HeapReAlloc
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
QueryPerformanceFrequency
GlobalUnlock
FlsAlloc
HeapAlloc
HeapFree
GetConsoleMode
WideCharToMultiByte
GlobalLock
GlobalAlloc
GlobalFree
GetACP
MultiByteToWideChar
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetFileType
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
Sleep
InitOnceComplete
InitOnceBeginInitialize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
WakeAllConditionVariable
SleepConditionVariableSRW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
RtlUnwind

user32

CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
OpenClipboard
CallWindowProcW
SetWindowLongPtrW
GetAsyncKeyState
SetWindowLongW
MessageBoxA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

Sections

.text
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3nzSkin_Injector.exe
.exe windows:6 windows x64 arch:x64

2024c777d3a5520875560d33b67cf40b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Thrd_sleep
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Xtime_get_ticks
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Strcoll
_Strxfrm
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Query_perf_counter
_Query_perf_frequency
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Incref@facet@locale@std@@UEAAXXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_cexit
_beginthreadex
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fwrite
fputc
ungetc
fgetc
_fseeki64
fgetpos
fsetpos
setvbuf
fread
fclose
fflush

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte

vcruntime140

memcpy
__std_exception_destroy
__std_exception_copy
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
memmove
__FrameUnwindFilter
__current_exception
__current_exception_context
_CxxThrowException
strchr

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

mscoree

_CorExeMain

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3nzSkin/R3nzSkin_Injector_v3.2.3.exe
.exe windows:6 windows x64 arch:x64

2024c777d3a5520875560d33b67cf40b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Thrd_sleep
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Xtime_get_ticks
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Strcoll
_Strxfrm
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Query_perf_counter
_Query_perf_frequency
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Incref@facet@locale@std@@UEAAXXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_cexit
_beginthreadex
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fwrite
fputc
ungetc
fgetc
_fseeki64
fgetpos
fsetpos
setvbuf
fread
fclose
fflush

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte

vcruntime140

memcpy
__std_exception_destroy
__std_exception_copy
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
memmove
__FrameUnwindFilter
__current_exception
__current_exception_context
_CxxThrowException
strchr

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

mscoree

_CorExeMain

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOSX/._ChinaServer.zip
__MACOSX/._R3nzSkin
__MACOSX/R3nzSkin/._.DS_Store
__MACOSX/R3nzSkin/._R3nzSkin
__MACOSX/R3nzSkin/._R3nzSkin_Injector_v3.2.3.exe
__MACOSX/R3nzSkin/R3nzSkin/._.DS_Store
__MACOSX/R3nzSkin/R3nzSkin/._R3nzSkin
__MACOSX/R3nzSkin/R3nzSkin/._R3nzSkin_Injector_v3.2.3.exe
__MACOSX/R3nzSkin/R3nzSkin/._R3nzSkin_v3.2.3.zip
__MACOSX/R3nzSkin/R3nzSkin/R3nzSkin/._.DS_Store
__MACOSX/R3nzSkin/R3nzSkin/R3nzSkin/._R3nzSkin.dll
__MACOSX/R3nzSkin/R3nzSkin/R3nzSkin/._R3nzSkin_Injector.exe

Sharing

General

Malware Config

Signatures

Files

c8eb49cd7b6f53c017ff19916f80190f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

msvcp140

imm32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 278KB - Virtual size: 277KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 2KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

686bd5ef0532394e081ea8a85ff591cc

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

vcruntime140

kernel32

user32

advapi32

ntdll

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

mscoree

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 1024B - Virtual size: 688B

1d3ae125c9fa70b475946ee6ae658c12

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

imm32

d3dcompiler_47

Sections

.text Size: 563KB - Virtual size: 563KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 5KB - Virtual size: 17KB

.pdata Size: 25KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 3KB - Virtual size: 2KB

2024c777d3a5520875560d33b67cf40b

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

.text
Size: 278KB - Virtual size: 277KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 2KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 1024B - Virtual size: 688B

.text
Size: 563KB - Virtual size: 563KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 91KB - Virtual size: 91KB

.nep
Size: 1024B - Virtual size: 656B

.rdata
Size: 193KB - Virtual size: 192KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 512B - Virtual size: 168B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 1024B - Virtual size: 680B

.text
Size: 91KB - Virtual size: 91KB

.nep
Size: 1024B - Virtual size: 656B

.rdata
Size: 193KB - Virtual size: 192KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 512B - Virtual size: 168B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 1024B - Virtual size: 680B

.text
Size: 563KB - Virtual size: 563KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 3KB - Virtual size: 2KB