CPFilters.pdb
Static task
static1
1 signatures
General
-
Target
FF Stealer Steam cafe.rar
-
Size
1.0MB
-
MD5
f30997e995c276d7b673b2bf23f7cd2f
-
SHA1
d9bf6dd9834735e30e1394bde579244772848b9c
-
SHA256
8b0b4bad484b75ef1d4b8f3850b2e11139b113f781179110474902d20c215e28
-
SHA512
fe9e82fda2d99e946ecd5cbac489dc6cb1b2178f7aec9ea2252acf32d26bbb8329e7aba6a45e8bec24cf6e20b7a4c82f43ea349a81d10e307deafc26496f910e
-
SSDEEP
24576:t7hxEqkdqT05Ymbil2WiQRaRQivYd9MfPcKa/UfBM+MPF3:t7hiqT0Il2zQwyivk9MfPcKoYgF3
Score
3/10
Malware Config
Signatures
-
Unsigned PE 9 IoCs
Checks for missing Authenticode signature.
resource unpack001/FF Stealer Steam cafe/FF Stealer Steam cafe/CPFilters.dll unpack001/FF Stealer Steam cafe/FF Stealer Steam cafe/FF Stealer Steam.exe unpack001/FF Stealer Steam cafe/FF Stealer Steam cafe/Stub.exe unpack001/FF Stealer Steam cafe/FF Stealer Steam cafe/npnul32.dll unpack001/FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/Ionic.Zip.dll unpack001/FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/Jint.dll unpack001/FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/Launcher.exe unpack001/FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/Stub.exe unpack001/FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/ffs.exe
Files
-
FF Stealer Steam cafe.rar.rar
-
FF Stealer Steam cafe/FF Stealer Steam cafe/CPFilters.dll.dll regsvr32 windows:10 windows x64 arch:x64
7afea2ed1708d746b6cb468206853322
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
_wtol
tolower
_CxxThrowException
wcschr
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
__CxxFrameHandler3
_onexit
_wcsnicmp
realloc
_XcptFilter
??1type_info@@UEAA@XZ
memcpy
memset
memcmp
_wcsicmp
memmove
sscanf_s
wcsncmp
isupper
wcsstr
swscanf
_beginthreadex
_endthread
swprintf_s
iswxdigit
swscanf_s
srand
wcsncpy_s
strnlen
strcat_s
wcstoul
wcscat_s
strncpy_s
wcsnlen
_time32
time
rand
??0exception@@QEAA@XZ
_vsnwprintf_s
_callnewh
malloc
free
__C_specific_handler
_vsnwprintf
memmove_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
memcpy_s
wcspbrk
wcscmp
ntdll
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetPersistedStateLocation
RtlCaptureContext
advapi32
RegDeleteKeyW
CryptAcquireContextA
TraceMessage
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptGenRandom
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
crypt32
CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy
kernel32
DebugBreak
LocalAlloc
GlobalAlloc
GlobalFree
GetVersion
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetProcessHeap
HeapAlloc
FreeEnvironmentStringsW
DeviceIoControl
GetDiskFreeSpaceW
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
GetSystemTime
GetGeoInfoA
IsDebuggerPresent
RaiseException
WriteFile
ReadFile
lstrlenW
SetFilePointer
GlobalLock
GetFileSize
GlobalUnlock
CompareStringW
lstrlenA
FreeEnvironmentStringsA
TerminateProcess
ExpandEnvironmentStringsW
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DecodeSystemPointer
Sleep
OutputDebugStringW
EncodeSystemPointer
DeleteCriticalSection
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
ResumeThread
GetLastError
RaiseFailFastException
GetCurrentThread
CloseHandle
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetVersionExW
GetModuleFileNameA
MultiByteToWideChar
lstrcmpW
CreateEventW
ResetEvent
GetCurrentThreadId
SetEvent
CreateThread
GetTickCount
SetThreadPriority
lstrcmpiW
CompareFileTime
GetSystemTimeAsFileTime
WideCharToMultiByte
GetLocalTime
SystemTimeToFileTime
GetSystemFirmwareTable
LocalFree
GetTickCount64
GetModuleHandleExW
CreateFileW
ole32
CoFileTimeNow
PropVariantClear
CLSIDFromString
PropVariantCopy
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoTaskMemFree
oleaut32
SafeArrayGetUBound
SafeArrayDestroy
VariantCopy
VariantChangeType
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit
SafeArrayCreate
SysStringByteLen
slc
SLGetWindowsInformationDWORD
winmm
timeGetTime
wintrust
CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperProvDataFromStateData
mfplat
MFCreateCollection
ws2_32
htonl
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UpdatePlayready
Sections
.text Size: 637KB - Virtual size: 636KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 186KB - Virtual size: 185KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FF Stealer Steam cafe/FF Stealer Steam cafe/FF Stealer Steam.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FF Stealer Steam cafe/FF Stealer Steam cafe/Stub.exe.exe windows:4 windows x86 arch:x86
492a06c008c5934c0d79b22ed115d11f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaAryMove
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaGetFxStr4
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
_CIsin
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaGet4
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaUbound
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord570
ord648
__vbaVar2Vec
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
ord616
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaCastObj
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
FF Stealer Steam cafe/FF Stealer Steam cafe/npnul32.dll.dll windows:4 windows x86 arch:x86
0fd9166414b5501757f98738cd675bbc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
e:\builds\moz2_slave\rel-192-xr-w32-bld\build\obj-firefox\modules\plugin\default\windows\npnul32.pdb
Imports
kernel32
GetLocaleInfoA
MultiByteToWideChar
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
WriteFile
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
lstrcmpiA
lstrcatA
lstrcmpA
lstrlenA
LoadLibraryA
lstrcpyA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
user32
GetDC
SendMessageA
ReleaseDC
MessageBoxA
SetWindowTextA
SetDlgItemTextA
GetDlgItem
EnableWindow
GetWindowRect
SetWindowPos
ScreenToClient
SetForegroundWindow
IsWindow
CreateWindowExA
ShowWindow
RegisterClassA
GetWindowLongA
DefWindowProcA
SetWindowLongA
CreateDialogParamA
BeginPaint
GetClientRect
DrawIcon
GetSysColor
DrawIconEx
EndPaint
DrawTextA
InvalidateRect
UpdateWindow
wsprintfA
DestroyWindow
DestroyIcon
LoadIconA
LoadStringA
UnregisterClassA
gdi32
Polyline
DeleteObject
GetStockObject
SelectObject
GetTextExtentPoint32A
LPtoDP
SetBkMode
SetTextColor
CreatePen
advapi32
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
Exports
Exports
NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown
Sections
.text Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/Ionic.Zip.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 478KB - Virtual size: 477KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/Jint.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\projects\jint\Jint\obj\Release\net451\Jint.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 668B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/LICENCE.dat.zip
-
FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/Launcher.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/Stub.exe.exe windows:4 windows x86 arch:x86
492a06c008c5934c0d79b22ed115d11f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaAryMove
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaGetFxStr4
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
_CIsin
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaGet4
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaUbound
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord570
ord648
__vbaVar2Vec
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
ord616
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaCastObj
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/designmode.css
-
FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/ffs.exe.exe windows:4 windows x86 arch:x86
dcfc4dd6526a5e7f95c6fa7885d0019f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_CIcos
_adj_fptan
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaPutOwner3
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVar2Vec
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
__vbaPutFxStr4
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 84KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
FF Stealer Steam cafe/FF Stealer Steam cafe/opengl32/security-prefs.js
-
FF Stealer Steam cafe/FF Stealer Steam cafe/verifier.exe.exe windows:10 windows x64 arch:x64
764666dda4c898a2706331fb42d3893d
Code Sign
33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before03/07/2018, 20:45Not After26/07/2019, 20:45SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8Signer
Actual PE Digestd9:91:76:61:e9:01:04:f3:ba:3b:c1:15:2f:57:3d:0b:00:af:62:5b:38:67:44:92:5e:ea:60:f7:18:af:35:b8Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
verifier.pdb
Imports
msvcrt
memcmp
__wgetmainargs
_XcptFilter
_amsg_exit
__set_app_type
_wsetlocale
?terminate@@YAXXZ
_commode
_fmode
swprintf_s
wcscat_s
_wfullpath
wcschr
_wcsicmp
memcpy
wcsrchr
wcscpy_s
_ltow_s
_ultow_s
wcsstr
_vsnwprintf
memmove
__C_specific_handler
wcsnlen
exit
_initterm
_exit
memcpy_s
wcstok_s
malloc
free
wcsncat_s
bsearch
wcsncmp
_cexit
_wcsnicmp
__setusermatherr
memset
api-ms-win-devices-config-l1-1-1
CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetTickCount
GetSystemDirectoryW
GetVersionExW
api-ms-win-core-file-l1-1-0
CreateFileW
GetFileAttributesW
GetFileType
WriteFile
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-processenvironment-l1-1-0
SetStdHandle
GetStdHandle
ExpandEnvironmentStringsW
SearchPathW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-console-l1-1-0
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
ntdll
RtlCheckRegistryKey
RtlWriteRegistryValue
RtlAllocateHeap
RtlGetPersistedStateLocation
DbgPrint
NtQuerySystemInformation
RtlStringFromGUID
NtClose
NtDelayExecution
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlCreateRegistryKey
RtlEqualUnicodeString
RtlNtStatusToDosError
RtlAppendUnicodeToString
RtlQueryRegistryValuesEx
RtlDeleteRegistryValue
RtlCreateUnicodeString
RtlRandomEx
RtlSetAllBits
RtlCopyUnicodeString
RtlTestBit
RtlInitUnicodeString
NtSetSystemInformation
RtlUnicodeStringToInteger
NtQueryInformationToken
NtOpenProcessToken
NtAdjustPrivilegesToken
RtlSetBit
RtlInitializeBitMap
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlFreeHeap
api-ms-win-core-version-l1-1-1
GetFileVersionInfoW
GetFileVersionInfoSizeW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-security-lsalookup-ansi-l2-1-0
LookupPrivilegeValueA
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
api-ms-win-security-base-l1-1-0
AdjustTokenPrivileges
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegSetKeySecurity
RegQueryValueExW
api-ms-win-core-localization-l1-2-0
FormatMessageW
GetLocaleInfoW
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
FindResourceExW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
LoadResource
FreeLibrary
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-localization-obsolete-l1-2-0
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
api-ms-win-core-memory-l1-1-0
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Sections
.text Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ