megahack-v6[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

megahack-v6.zip
Size

10.4MB
MD5

5deaf35f062f91cdc05e2e9484bd5103
SHA1

bf7ba4e3296afdbe4c0c484726cd038e70c7ff60
SHA256

8c0ca8399ce2e1a138b1c730831d2a34dc4f85439fd358030d99bf991ec4d542
SHA512

f9a0d619ca7b3cc43e6a26ec697c46611ada1089f4107ab9811283c489e327a028d1f7f92a666e5ff17f62b288f277f306b648cd6f9ccd896d410c6c193691de
SSDEEP

196608:ZfCj9fu48xIKz07jARlsniQXMUfy/cGcumY9ztiJQeeGawn5b7knDcHhUtqUFrQx:ZfCdu4GN07jzni8cmkztOeGaMRoDsOtY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/tBot.dll	themida

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ToastedMarshmellow.dll
unpack001/pthreadVCE2.dll
unpack001/pthreadVCE2.dll.bak
unpack001/tBot.dll

Files

megahack-v6.zip
.zip
D3DCompiler_43.dll
.dll windows:6 windows x86 arch:x86

6ba7b0e4e74a8eea96dca4fffc88b859

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fb
Signer

Actual PE Digest

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_43.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
_initterm
_XcptFilter
_CxxThrowException
memset
memcpy
isxdigit
atof
setlocale
_strdup
_mbstrlen
modf
isalnum
_isnan
ceil
_finite
strrchr
_clearfp
_controlfp
_strnicmp
_fpclass
_purecall
strncmp
isspace
strstr
getenv
_stricmp
memmove
qsort
isalpha
toupper
atoi
isdigit
tolower
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
_vsnprintf
_errno
__CxxFrameHandler
floor
_CIfmod
_CItanh
_CItan
_CIsinh
_CIsin
_CIlog
_CIpow
_CIexp
_CIsqrt
_CIcosh
_CIcos
_CIatan2
_CIatan
_CIasin
_CIacos

gdi32

DeleteObject

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
UnmapViewOfFile
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
GetLastError
SetUnhandledExceptionFilter
WideCharToMultiByte
GetFullPathNameA
HeapCreate
OutputDebugStringA
LoadLibraryA
GetModuleHandleA
lstrcmpiA
TlsFree
TlsGetValue
HeapDestroy
TlsSetValue
InterlockedExchange
TlsAlloc
Sleep
InterlockedCompareExchange
FreeLibrary
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
DisableThreadLibraryCalls
MultiByteToWideChar
GetVersion

Exports

Exports

D3DAssemble
D3DCompile
D3DCompressShaders
D3DCreateBlob
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DPreprocess
D3DReflect
D3DReturnFailure1
D3DStripShader
DebugSetMute

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GDHM-mod/bypass.json
GDHM-mod/core.json
GDHM-mod/creator.json
GDHM-mod/global.json
GDHM-mod/player.json
Geometrize2GD.py/gd_object.py
Geometrize2GD.py/gd_object_dict.py
Geometrize2GD.py/gd_pipe.py
Geometrize2GD.py/main.py
Geometrize2GD.py/pipe_name.config
Geometrize2GD.py/requirements/install.bat
Geometrize2GD.py/requirements/requirements.txt
Geometrize2GD.py/sample.json
ToastedMarshmellow.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?main_unload@@YAXXZ

Sections

Size: 973KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 162KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 76B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 9B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.1MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 63KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
licenses/LICENSE_CappucinoSDK.txt
licenses/LICENSE_Kazmath.txt
licenses/LICENSE_bada_pthread.txt
licenses/LICENSE_cocos2d-x.txt
licenses/LICENSE_cocosdenshion.txt
licenses/LICENSE_cpp-httplib.txt
licenses/LICENSE_curl.txt
licenses/LICENSE_detours.txt
licenses/LICENSE_discord-rpc.txt
licenses/LICENSE_gdrpc.txt
licenses/LICENSE_imgui.txt
licenses/LICENSE_jsoncpp.txt
licenses/LICENSE_jsonhpp.txt
licenses/LICENSE_kiero.txt
licenses/LICENSE_libmem.txt
licenses/LICENSE_minhook.txt
licenses/LICENSE_openssl.txt
licenses/LICENSE_spdlog.txt
licenses/LICENSE_toml11.txt
licenses/LICENSE_zlib.txt
pthreadVCE2.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tmdll
Size: 160B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pthreadVCE2.dll.bak
.dll windows:4 windows x86 arch:x86

3cb670276d26003b3e60cc547afc3c3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_ftime
_beginthreadex
malloc
exit
_errno
_CxxThrowException
__CxxFrameHandler
_endthreadex
?set_terminate@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

TlsGetValue
CloseHandle
SetLastError
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
SetThreadPriority
LoadLibraryA
WaitForMultipleObjects
GetCurrentThreadId
GetCurrentThread
DuplicateHandle
GetThreadPriority
InterlockedExchangeAdd
CreateEventA
FreeLibrary
GetProcAddress
SuspendThread
ResumeThread
TlsFree
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
TlsSetValue
SetEvent
GetProcessAffinityMask
GetCurrentProcess
GetLastError
Sleep
WaitForSingleObject
SetThreadContext
InterlockedDecrement
ResetEvent
GetThreadContext

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tBot.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?get_current_frame@bot@@YAIXZ
?get_delta@bot@@YAMXZ
?get_enable_background_noise@bot@@YA_NXZ
?get_enable_click@bot@@YA_NXZ
?get_enable_pickup_macro@bot@@YA_NXZ
?get_extra_version@bot@@YAIXZ
?get_fps@bot@@YAMXZ
?get_frame_advance@bot@@YA_NXZ
?get_frame_queue@bot@@YAIXZ
?get_full_save@bot@@YA_NXZ
?get_is_donator@bot@@YA_NXZ
?get_is_external@bot@@YA_NXZ
?get_is_premium@bot@@YA_NXZ
?get_pickup_macro_click@bot@@YAHXZ
?get_pickup_macro_player_1_id@bot@@YAHXZ
?get_pickup_macro_player_2_id@bot@@YAHXZ
?get_pickup_macro_release@bot@@YAHXZ
?get_practice_fix@bot@@YA_NXZ
?get_replay@bot@@YA_NXZ
?get_save_path@bot@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?get_sequence_macro@bot@@YA_NXZ
?get_sequence_macro_index@bot@@YAIXZ
?get_sequence_macro_random@bot@@YA_NXZ
?get_show_timeline@bot@@YA_NXZ
?get_toggle_bot@bot@@YA_NXZ
?get_toggle_clean_macro@bot@@YA_NXZ
?get_toggle_frame_counter@bot@@YA_NXZ
?get_version@bot@@YAIXZ
?init_MinHook@bot@@YAXXZ
?init_hook@bot@@YAXXZ
?load@bot@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?load_click_config@bot@@YA_NXZ
?reset_all@bot@@YAXXZ
?save@bot@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?save_click_config@bot@@YA_NXZ
?set_current_frame@bot@@YAXI@Z
?set_enable_background_noise@bot@@YAX_N@Z
?set_enable_click@bot@@YAX_N@Z
?set_enable_pickup_macro@bot@@YAX_N@Z
?set_extra_version@bot@@YAXI@Z
?set_fps@bot@@YAXM@Z
?set_frame_advance@bot@@YAX_N@Z
?set_frame_queue@bot@@YAXI@Z
?set_full_save@bot@@YAX_N@Z
?set_is_donator@bot@@YAX_N@Z
?set_is_external@bot@@YAX_N@Z
?set_is_premium@bot@@YAX_N@Z
?set_pickup_macro_click@bot@@YAXH@Z
?set_pickup_macro_player_1_id@bot@@YAXH@Z
?set_pickup_macro_player_2_id@bot@@YAXH@Z
?set_pickup_macro_release@bot@@YAXH@Z
?set_practice_fix@bot@@YAX_N@Z
?set_replay@bot@@YAX_N@Z
?set_save_path@bot@@YAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?set_sequence_macro@bot@@YAX_N@Z
?set_sequence_macro_index@bot@@YAXI@Z
?set_sequence_macro_random@bot@@YAX_N@Z
?set_show_timeline@bot@@YAX_N@Z
?set_toggle_bot@bot@@YAX_N@Z
?set_toggle_clean_macro@bot@@YAX_N@Z
?set_toggle_frame_counter@bot@@YAX_N@Z
?set_version@bot@@YAXI@Z
?toggle_sequence_macro@bot@@YAX_N@Z

Sections

Size: 1.1MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 68KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 82KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 55KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ba7b0e4e74a8eea96dca4fffc88b859

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

gdi32

kernel32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 56KB - Virtual size: 55KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 973KB - Virtual size: 2.0MB

Size: 162KB - Virtual size: 390KB

Size: 8KB - Virtual size: 303KB

Size: 76B - Virtual size: 140B

Size: 1KB - Virtual size: 4KB

Size: 9B - Virtual size: 12B

Size: 2.1MB - Virtual size: 2.8MB

Size: 63KB - Virtual size: 94KB

.exports Size: 512B - Virtual size: 4KB

.imports Size: 1KB - Virtual size: 4KB

.tls Size: 5KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 4KB

.themida Size: - Virtual size: 4.1MB

.boot Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 16B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 48KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.tmdll Size: 160B - Virtual size: 76KB

3cb670276d26003b3e60cc547afc3c3e

Headers

File Characteristics

Imports

msvcrt

wsock32

kernel32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 6KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fb
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 56KB - Virtual size: 55KB

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 1KB - Virtual size: 4KB

.tls
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 4KB

.themida
Size: - Virtual size: 4.1MB

.boot
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 48KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.tmdll
Size: 160B - Virtual size: 76KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB

.exports
Size: 3KB - Virtual size: 4KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 4.1MB

.boot
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB