ScyllaHide_2023-03-24_13-03[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ScyllaHide_2023-03-24_13-03.zip
Size

3.6MB
MD5

138bffc8d10d42fc5c43194f632dfac8
SHA1

9f1769eb39f971e2fb72c539dbc76788982ad14b
SHA256

edeb0dd203fd1ef38e1404e8a1bd001e05c50b6096e49533f546d13ffdcb7404
SHA512

248777f1bd83f9ec55526bb095e85bc0f64c87c0cb4959c091dc7a9008369a5ba2864ac4230b40590438e86bc84e70b549c01cb9524d3c0c86dd3bc335c2b962
SSDEEP

49152:ulEmJq1Npwyw7ORE9A6719b39zG8kpnen3+QdovDpS3Hsu2LMQkG1INLt1XgNVxF:MlD84p9pFuM3bgEHs37kGq1QfroY

Score

5^/10

pdf link

Malware Config

Signatures

Malformed data in PDF
A PDF can contain malformed data to evade detection
pdf

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/ScyllaHide.pdf	pdf_with_link_action

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Generic/HookLibraryx64.dll
unpack001/Generic/HookLibraryx86.dll
unpack001/Generic/ScyllaHideGenericPluginx64.dll
unpack001/Generic/ScyllaHideGenericPluginx86.dll
unpack001/HookLibraryx64.dll
unpack001/HookLibraryx86.dll
unpack001/IDA/HookLibraryx64.dll
unpack001/IDA/HookLibraryx86.dll
unpack001/InjectorCLIx64.exe
unpack001/InjectorCLIx86.exe
unpack001/Olly1/HookLibraryx86.dll
unpack001/Olly1/ScyllaHideOlly1Plugin.dll
unpack001/Olly2/HookLibraryx86.dll
unpack001/Olly2/ScyllaHideOlly2Plugin.dll
unpack001/ScyllaTest_x64.exe
unpack001/ScyllaTest_x86.exe
unpack001/TitanEngine/HookLibraryx64.dll
unpack001/TitanEngine/HookLibraryx86.dll
unpack001/TitanEngine/ScyllaHideTEPluginx64.dll
unpack001/TitanEngine/ScyllaHideTEPluginx86.dll
unpack001/x64dbg/x32/plugins/HookLibraryx86.dll
unpack001/x64dbg/x32/plugins/ScyllaHideX64DBGPlugin.dp32
unpack001/x64dbg/x64/plugins/HookLibraryx64.dll
unpack001/x64dbg/x64/plugins/ScyllaHideX64DBGPlugin.dp64

Files

ScyllaHide_2023-03-24_13-03.zip
.zip
Generic/HookLibraryx64.dll
.dll windows:5 windows x64 arch:x64

97136c0502974f94b43e5b04b92ec824

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlAdjustPrivilege
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generic/HookLibraryx86.dll
.dll windows:5 windows x86 arch:x86

d7161982b712dc0e7485387462ec634e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generic/ScyllaHideGenericPluginx64.dll
.dll windows:5 windows x64 arch:x64

a49bb401f65f9d91a664dd3541ca809e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ScyllaHideGenericPluginx64.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
NtProtectVirtualMemory
LdrFindResource_U
NtResumeThread
RtlFreeHeap
NtClose
RtlImageNtHeader
NtQueryInformationProcess
NtSuspendThread
NtQuerySystemInformation
RtlAllocateHeap
NtOpenThread
RtlUnwind

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WriteProcessMemory
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
GetModuleHandleW
VirtualFreeEx
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
ReadFile
SetEnvironmentVariableW
OpenProcess
CloseHandle
GetFileSize
GetCurrentProcessId
FreeLibrary
GetCurrentProcess
IsWow64Process
LoadLibraryExW
lstrlenW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WriteFile
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
FlsFree
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW
CreateFileW
QueryPerformanceCounter
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RaiseException
InterlockedFlushSList
GetLastError
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
GetFileSizeEx
SetEndOfFile

user32

MessageBoxW
MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

psapi

GetModuleFileNameExW
EnumProcessModules

Exports

Exports

ScyllaHideDebugLoop
ScyllaHideInit
ScyllaHideReset

Sections

.text
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generic/ScyllaHideGenericPluginx86.dll
.dll windows:5 windows x86 arch:x86

cd82b852a8e0e80e0beac280c508e9db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ScyllaHideGenericPluginx86.pdb

Imports

ntdll

RtlUnwind
NtOpenThread
RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
NtProtectVirtualMemory
LdrFindResource_U
NtResumeThread
RtlFreeHeap
NtClose
NtQueryInformationProcess
NtSuspendThread
NtQuerySystemInformation
RtlAllocateHeap
RtlImageNtHeader

kernel32

SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WriteProcessMemory
VirtualProtectEx
GetProcAddress
ReadProcessMemory
GetModuleHandleW
VirtualFreeEx
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
VirtualAllocEx
ReadFile
GetCurrentProcess
GetProcessHeap
CreateFileW
OpenProcess
CloseHandle
GetFileSize
GetCurrentProcessId
FreeLibrary
GetNativeSystemInfo
IsWow64Process
LoadLibraryExW
lstrlenW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WriteFile
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapSize
SetStdHandle
WriteConsoleW
SetEndOfFile
QueryPerformanceCounter
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RaiseException
InterlockedFlushSList
GetLastError
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx

user32

MessageBoxA
MessageBoxW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

psapi

GetModuleFileNameExW
EnumProcessModules

Exports

Exports

ScyllaHideDebugLoop
ScyllaHideInit
ScyllaHideReset

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Generic/scylla_hide.ini
HookLibraryx64.dll
.dll windows:5 windows x64 arch:x64

97136c0502974f94b43e5b04b92ec824

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlAdjustPrivilege
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookLibraryx86.dll
.dll windows:5 windows x86 arch:x86

d7161982b712dc0e7485387462ec634e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDA/HookLibraryx64.dll
.dll windows:5 windows x64 arch:x64

97136c0502974f94b43e5b04b92ec824

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlAdjustPrivilege
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDA/HookLibraryx86.dll
.dll windows:5 windows x86 arch:x86

d7161982b712dc0e7485387462ec634e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDA/scylla_hide.ini
InjectorCLIx64.exe
.exe windows:5 windows x64 arch:x64

3f1c94815be1cb4fe27ba5f2942cde40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

InjectorCLIx64.pdb

Imports

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlUnwindEx
RtlLookupFunctionEntry
NtOpenThread
RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
NtProtectVirtualMemory
LdrFindResource_U
NtResumeThread
RtlFreeHeap
NtClose
RtlImageNtHeader
NtQueryInformationProcess
NtSuspendThread
NtQuerySystemInformation
RtlAllocateHeap
RtlPcToFileHeader
RtlUnwind

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
GetConsoleMode
SetEndOfFile
ReadFile
WriteProcessMemory
CreateFileW
OpenProcess
CloseHandle
VirtualProtectEx
GetProcAddress
VirtualAllocEx
GetFileSize
GetCurrentProcessId
GetModuleHandleW
FreeLibrary
SetEnvironmentVariableW
VirtualFreeEx
ReadProcessMemory
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
GetCurrentProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
IsWow64Process
LoadLibraryExW
lstrlenW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WriteFile
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
GetFileType
EnumSystemLocalesW
GetProcessHeap
SetStdHandle
HeapSize
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
WriteConsoleW
FlsAlloc
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RaiseException
GetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree

user32

MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InjectorCLIx86.exe
.exe windows:5 windows x86 arch:x86

df8cebfea8539b497d79614caffb36b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

InjectorCLIx86.pdb

Imports

ntdll

RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
NtProtectVirtualMemory
LdrFindResource_U
NtResumeThread
RtlFreeHeap
NtClose
RtlImageNtHeader
NtQueryInformationProcess
NtSuspendThread
NtQuerySystemInformation
RtlAllocateHeap
RtlUnwind
NtOpenThread

kernel32

GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
ReadFile
WriteProcessMemory
GetCurrentProcess
CreateFileW
GetModuleHandleA
OpenProcess
CloseHandle
VirtualProtectEx
GetProcAddress
VirtualAllocEx
GetFileSize
GetCurrentProcessId
FreeEnvironmentStringsW
FreeLibrary
VirtualFreeEx
ReadProcessMemory
VirtualFree
VirtualAlloc
LoadLibraryA
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetNativeSystemInfo
IsWow64Process
LoadLibraryExW
lstrlenW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WriteFile
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
GetProcessHeap
SetEnvironmentVariableW
SetStdHandle
GetModuleHandleW
SetEndOfFile
IsValidLocale
GetTimeFormatW
HeapSize
GetDateFormatW
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RaiseException
GetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree

user32

MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Olly1/HookLibraryx86.dll
.dll windows:5 windows x86 arch:x86

d7161982b712dc0e7485387462ec634e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Olly1/ScyllaHideOlly1Plugin.dll
.dll windows:5 windows x86 arch:x86

2b9fc3906a04dbabb16d6f47223eef7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ScyllaHideOlly1Plugin.pdb

Imports

ntdll

RtlUnwind
NtOpenThread
RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
NtProtectVirtualMemory
LdrFindResource_U
NtResumeThread
RtlFreeHeap
NtClose
NtSetInformationThread
NtQueryInformationProcess
NtSuspendThread
NtQuerySystemInformation
RtlAllocateHeap
RtlImageNtHeader

kernel32

GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WriteProcessMemory
VirtualProtectEx
GetProcAddress
ReadProcessMemory
GetModuleHandleW
VirtualFreeEx
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
VirtualAllocEx
VirtualProtect
OpenProcess
CloseHandle
ContinueDebugEvent
ReadFile
GetCurrentProcess
SetThreadPriority
WaitForSingleObject
CreateFileW
ResumeThread
GetExitCodeThread
LoadLibraryW
GetFileSize
GetCurrentProcessId
FreeLibrary
CreateRemoteThread
GetFileSizeEx
IsBadCodePtr
CreateToolhelp32Snapshot
Sleep
CreateThread
Module32FirstW
Module32NextW
SuspendThread
GetThreadContext
ExitProcess
SetThreadContext
OpenThread
DebugSetProcessKillOnExit
GetNativeSystemInfo
IsWow64Process
LoadLibraryExW
WritePrivateProfileStringW
lstrlenW
GetModuleFileNameW
GetEnvironmentStringsW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WriteFile
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleHandleExW
GetLastError
InterlockedFlushSList
RaiseException
TerminateProcess
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetUserDefaultLCID
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleW
FreeEnvironmentStringsW
GetProcessHeap
SetEnvironmentVariableW
HeapSize
SetStdHandle
WriteConsoleW
SetEndOfFile
GetFileAttributesW
WideCharToMultiByte
EnumSystemLocalesW

user32

DialogBoxParamW
CallWindowProcW
wsprintfA
GetDlgItemTextA
SetDlgItemTextA
GetWindowTextLengthW
GetWindowLongW
GetMessageW
DefWindowProcW
DestroyWindow
SetWindowPos
CreateWindowExW
SendMessageW
GetSystemMetrics
SetWindowLongW
SetWindowTextW
DispatchMessageW
RegisterClassW
TranslateMessage
GetClientRect
CheckDlgButton
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
UpdateWindow
EnableWindow
GetWindowThreadProcessId
GetWindowRect
MessageBoxW
EndDialog
WindowFromPoint
ShowWindow
IsWindow
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
LoadBitmapW
LoadCursorW
SetCapture
SetCursor
wsprintfW
GetDlgItem
GetParent
ReleaseCapture
SetCursorPos
GetCursorPos
GetWindowTextW
MessageBoxA
UnregisterClassW
IsDlgButtonChecked

gdi32

CreateFontIndirectW
GetStockObject

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

psapi

EnumProcessModules
GetModuleFileNameExW

ollydbg.exe

ord79
ord23
ord88
ord2
ord117
ord78
ord170
ord45
ord179
ord180
ord85
ord73
ord71
ord35
ord74

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Olly1/scylla_hide.ini
Olly2/HookLibraryx86.dll
.dll windows:5 windows x86 arch:x86

d7161982b712dc0e7485387462ec634e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Olly2/ScyllaHideOlly2Plugin.dll
.dll windows:5 windows x86 arch:x86

8a94d77f5fd47de39634a2ff44249521

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ScyllaHideOlly2Plugin.pdb

Imports

ntdll

NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtSuspendThread
NtQueryInformationProcess
NtSetInformationThread
NtClose
RtlFreeHeap
NtResumeThread
LdrFindResource_U
RtlUnwind
NtProtectVirtualMemory
RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
RtlImageNtHeader

kernel32

GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WriteProcessMemory
VirtualProtectEx
GetProcAddress
ReadProcessMemory
GetModuleHandleW
VirtualFreeEx
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
VirtualAllocEx
VirtualProtect
OpenProcess
CloseHandle
ContinueDebugEvent
ReadFile
GetCurrentProcess
SetThreadPriority
WaitForSingleObject
CreateFileW
ResumeThread
GetExitCodeThread
LoadLibraryW
GetFileSize
GetCurrentProcessId
FreeLibrary
CreateRemoteThread
lstrlenW
SuspendThread
GetNativeSystemInfo
IsWow64Process
LoadLibraryExW
WritePrivateProfileStringW
GetModuleFileNameW
GetFileAttributesW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetEnvironmentStringsW
WriteFile
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetLastError
InterlockedFlushSList
RaiseException
TerminateProcess
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetFileSizeEx
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleW
FreeEnvironmentStringsW
GetProcessHeap
SetEnvironmentVariableW
HeapSize
SetStdHandle
WriteConsoleW
SetEndOfFile
SetFilePointerEx
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP

user32

DialogBoxParamW
GetWindowLongW
GetMessageW
DefWindowProcW
DestroyWindow
SetWindowPos
CreateWindowExW
SendMessageW
GetSystemMetrics
UnregisterClassW
SetWindowTextW
DispatchMessageW
RegisterClassW
IsDlgButtonChecked
TranslateMessage
GetClientRect
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetWindowTextLengthW
GetWindowThreadProcessId
GetWindowRect
MessageBoxW
EndDialog
WindowFromPoint
ShowWindow
IsWindow
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
LoadBitmapW
LoadCursorW
SetCapture
SetCursor
wsprintfW
GetDlgItem
GetParent
ReleaseCapture
SetCursorPos
GetCursorPos
GetWindowTextW
MessageBoxA
UpdateWindow
CheckDlgButton

gdi32

CreateFontIndirectW
GetStockObject

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

psapi

EnumProcessModules
GetModuleFileNameExW

ollydbg.exe

Getstring
Resumeallthreads
Setstatus
thread
hwollymain
Message
Error
Suspendallthreads
Addtolist

Exports

Exports

ODBG2_Plugininit
ODBG2_Pluginmainloop
ODBG2_Pluginmenu
ODBG2_Pluginquery
ODBG2_Pluginreset

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Olly2/scylla_hide.ini
ScyllaHide.pdf
.pdf
ScyllaTest_x64.exe
.exe windows:5 windows x64 arch:x64

7f795694d246ce32823ea210156ca928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ScyllaTest_x64.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlGetVersion
NtMapViewOfSection
NtWaitForSingleObject
NtCreateFile
NtQueryObject
NtUnmapViewOfSection
NtCreateDebugObject
RtlFreeHeap
NtSetEvent
NtCreateEvent
NtClose
NtQueryInformationProcess
NtQuerySystemInformation
NtCreateSection
RtlAllocateHeap

kernel32

SetEndOfFile
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
CreateFileW
CloseHandle
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
WriteConsoleW
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetLastError
SetConsoleTextAttribute
GetCurrentProcess
OutputDebugStringA
DuplicateHandle
GetLastError
RaiseException
FreeConsole
ReadFile
AllocConsole
SetConsoleTitleW
IsDebuggerPresent
CheckRemoteDebuggerPresent
IsWow64Process
GetModuleFileNameW
FormatMessageW
GetProcAddress
LocalFree
GetModuleHandleW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
TlsSetValue
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
HeapReAlloc
TlsFree
GetSystemTimeAsFileTime
GetStringTypeW
LCMapStringW
GetCPInfo
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetFileType
ReadConsoleW

user32

MessageBoxW

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScyllaTest_x86.exe
.exe windows:5 windows x86 arch:x86

7d0561246d3cc7a52a4273241796c218

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ScyllaTest_x86.pdb

Imports

ntdll

RtlUnwind
NtCreateSection
RtlGetVersion
NtMapViewOfSection
NtWaitForSingleObject
NtCreateFile
NtQueryObject
NtUnmapViewOfSection
NtCreateDebugObject
RtlFreeHeap
NtSetEvent
NtCreateEvent
NtClose
NtQueryInformationProcess
NtQuerySystemInformation
RtlAllocateHeap

kernel32

ReadConsoleW
ReadFile
SetEndOfFile
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
CreateFileW
CloseHandle
GetProcessHeap
SetStdHandle
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetLastError
SetConsoleTextAttribute
GetCurrentProcess
OutputDebugStringA
DuplicateHandle
GetLastError
RaiseException
FreeConsole
WriteConsoleW
AllocConsole
SetConsoleTitleW
IsDebuggerPresent
CheckRemoteDebuggerPresent
IsWow64Process
ReadProcessMemory
GetModuleFileNameW
FormatMessageW
GetProcAddress
LocalFree
GetModuleHandleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
WideCharToMultiByte
TlsSetValue
IsValidCodePage
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
VirtualQuery
TlsFree
GetSystemTimeAsFileTime
GetStringTypeW
LCMapStringW
GetCPInfo
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
GetFileType
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW

user32

MessageBoxW

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TitanEngine/HookLibraryx64.dll
.dll windows:5 windows x64 arch:x64

97136c0502974f94b43e5b04b92ec824

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlAdjustPrivilege
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TitanEngine/HookLibraryx86.dll
.dll windows:5 windows x86 arch:x86

d7161982b712dc0e7485387462ec634e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TitanEngine/ScyllaHideTEPluginx64.dll
.dll windows:5 windows x64 arch:x64

a49bb401f65f9d91a664dd3541ca809e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ScyllaHideTEPluginx64.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
NtProtectVirtualMemory
LdrFindResource_U
NtResumeThread
RtlFreeHeap
NtClose
RtlImageNtHeader
NtQueryInformationProcess
NtSuspendThread
NtQuerySystemInformation
RtlAllocateHeap
NtOpenThread
RtlUnwind

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WriteProcessMemory
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
GetModuleHandleW
VirtualFreeEx
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
ReadFile
SetEnvironmentVariableW
OpenProcess
CloseHandle
GetFileSize
GetCurrentProcessId
FreeLibrary
GetCurrentProcess
IsWow64Process
LoadLibraryExW
lstrlenW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WriteFile
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
FlsFree
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW
CreateFileW
QueryPerformanceCounter
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RaiseException
InterlockedFlushSList
GetLastError
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
GetFileSizeEx
SetEndOfFile

user32

MessageBoxW
MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

psapi

GetModuleFileNameExW
EnumProcessModules

Exports

Exports

TitanDebuggingCallBack
TitanRegisterPlugin

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TitanEngine/ScyllaHideTEPluginx86.dll
.dll windows:5 windows x86 arch:x86

cd82b852a8e0e80e0beac280c508e9db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ScyllaHideTEPluginx86.pdb

Imports

ntdll

RtlUnwind
NtOpenThread
RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
NtProtectVirtualMemory
LdrFindResource_U
NtResumeThread
RtlFreeHeap
NtClose
NtQueryInformationProcess
NtSuspendThread
NtQuerySystemInformation
RtlAllocateHeap
RtlImageNtHeader

kernel32

SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WriteProcessMemory
VirtualProtectEx
GetProcAddress
ReadProcessMemory
GetModuleHandleW
VirtualFreeEx
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
VirtualAllocEx
ReadFile
GetCurrentProcess
GetProcessHeap
CreateFileW
OpenProcess
CloseHandle
GetFileSize
GetCurrentProcessId
FreeLibrary
GetNativeSystemInfo
IsWow64Process
LoadLibraryExW
lstrlenW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WriteFile
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapSize
SetStdHandle
WriteConsoleW
SetEndOfFile
QueryPerformanceCounter
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RaiseException
InterlockedFlushSList
GetLastError
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx

user32

MessageBoxA
MessageBoxW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

psapi

GetModuleFileNameExW
EnumProcessModules

Exports

Exports

TitanDebuggingCallBack
TitanRegisterPlugin

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TitanEngine/scylla_hide.ini
scylla_hide.ini
x64dbg/x32/plugins/HookLibraryx86.dll
.dll windows:5 windows x86 arch:x86

d7161982b712dc0e7485387462ec634e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64dbg/x32/plugins/ScyllaHideX64DBGPlugin.dp32
.dll windows:5 windows x86 arch:x86

fb952d0dfd3a58ebe976344ef3b7d41f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ScyllaHideX64DBGPlugin.pdb

Imports

ntdll

NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtSuspendThread
NtQueryInformationProcess
NtSetInformationThread
NtClose
RtlFreeHeap
NtResumeThread
LdrFindResource_U
RtlUnwind
NtProtectVirtualMemory
RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
RtlImageNtHeader

kernel32

GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WriteProcessMemory
VirtualProtectEx
GetProcAddress
ReadProcessMemory
GetModuleHandleW
VirtualFreeEx
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
VirtualAllocEx
OpenProcess
CloseHandle
ReadFile
GetCurrentProcess
SetThreadPriority
WaitForSingleObject
CreateFileW
ResumeThread
GetExitCodeThread
LoadLibraryW
GetFileSize
GetCurrentProcessId
FreeLibrary
CreateRemoteThread
SizeofResource
LockResource
LoadResource
FindResourceW
GetNativeSystemInfo
IsWow64Process
LoadLibraryExW
WriteFile
WritePrivateProfileStringW
lstrlenW
GetModuleFileNameW
GetFileAttributesW
GetPrivateProfileSectionNamesW
GetEnvironmentStringsW
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetLastError
InterlockedFlushSList
RaiseException
TerminateProcess
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetFileSizeEx
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
QueryPerformanceCounter
SetFilePointerEx
ReadConsoleW
FreeEnvironmentStringsW
GetProcessHeap
SetEnvironmentVariableW
HeapSize
SetStdHandle
WriteConsoleW
SetEndOfFile
GetPrivateProfileStringW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode

user32

wsprintfA
DialogBoxParamW
GetWindowLongW
GetMessageW
DefWindowProcW
DestroyWindow
SetWindowPos
CreateWindowExW
SendMessageW
GetSystemMetrics
UnregisterClassW
SetWindowTextW
DispatchMessageW
RegisterClassW
IsDlgButtonChecked
TranslateMessage
GetClientRect
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetWindowThreadProcessId
GetWindowRect
MessageBoxW
EndDialog
WindowFromPoint
ShowWindow
IsWindow
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
LoadBitmapW
LoadCursorW
SetCapture
SetCursor
wsprintfW
GetDlgItem
GetParent
ReleaseCapture
SetCursorPos
GetCursorPos
GetWindowTextW
MessageBoxA
UpdateWindow
CheckDlgButton

gdi32

CreateFontIndirectW
GetStockObject

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

psapi

EnumProcessModules
GetModuleFileNameExW

x32dbg

_plugin_logprintf
_plugin_menuaddseparator
_plugin_menuaddentry
_plugin_menuseticon
_plugin_menuadd
_plugin_registercallback

x32bridge

DbgCmdExec
GuiGetLineWindow

Exports

Exports

pluginit
plugsetup

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64dbg/x32/plugins/scylla_hide.ini
x64dbg/x64/plugins/HookLibraryx64.dll
.dll windows:5 windows x64 arch:x64

97136c0502974f94b43e5b04b92ec824

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
RtlAllocateHeap
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlAdjustPrivilege
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtCreateFile
NtTerminateProcess
LdrDisableThreadCalloutsForDll
memcpy
memcmp
memset

Exports

Exports

HookDllData
HookedGetLocalTime
HookedGetSystemTime
HookedGetTickCount
HookedGetTickCount64
HookedKiUserExceptionDispatcher
HookedNativeCallInternal
HookedNtClose
HookedNtContinue
HookedNtCreateSection
HookedNtCreateThread
HookedNtCreateThreadEx
HookedNtDuplicateObject
HookedNtGetContextThread
HookedNtMapViewOfSection
HookedNtOpenFile
HookedNtQueryInformationProcess
HookedNtQueryObject
HookedNtQueryPerformanceCounter
HookedNtQuerySystemInformation
HookedNtQuerySystemTime
HookedNtResumeThread
HookedNtSetContextThread
HookedNtSetDebugFilterState
HookedNtSetInformationProcess
HookedNtSetInformationThread
HookedNtUserBlockInput
HookedNtUserBuildHwndList
HookedNtUserBuildHwndList_Eight
HookedNtUserFindWindowEx
HookedNtUserGetForegroundWindow
HookedNtUserQueryWindow
HookedNtYieldExecution
HookedOutputDebugStringA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64dbg/x64/plugins/ScyllaHideX64DBGPlugin.dp64
.dll windows:5 windows x64 arch:x64

46da6f84526cae22f6c293375323ffcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ScyllaHideX64DBGPlugin.pdb

Imports

ntdll

NtOpenThread
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlInitAnsiString
RtlEqualString
RtlGetVersion
LdrAccessResource
DbgPrint
NtWriteVirtualMemory
NtProtectVirtualMemory
LdrFindResource_U
NtResumeThread
RtlFreeHeap
NtClose
RtlImageNtHeader
NtSetInformationThread
NtQueryInformationProcess
NtSuspendThread
NtQuerySystemInformation
RtlAllocateHeap
RtlLookupFunctionEntry
RtlUnwind

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WriteProcessMemory
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
GetModuleHandleW
VirtualFreeEx
VirtualFree
VirtualAlloc
GetModuleHandleA
LoadLibraryA
OpenProcess
CloseHandle
ReadFile
SetThreadPriority
WaitForSingleObject
CreateFileW
ResumeThread
GetExitCodeThread
LoadLibraryW
GetFileSize
GetCurrentProcessId
FreeLibrary
CreateRemoteThread
SizeofResource
LockResource
LoadResource
FindResourceW
GetCurrentProcess
IsWow64Process
LoadLibraryExW
WriteFile
WritePrivateProfileStringW
lstrlenW
GetModuleFileNameW
GetFileAttributesW
GetPrivateProfileSectionNamesW
HeapReAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetLastError
InterlockedFlushSList
RaiseException
TerminateProcess
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
GetOEMCP
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetStringTypeW
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetPrivateProfileStringW
MultiByteToWideChar
QueryPerformanceCounter
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA

user32

GetCursorPos
GetWindowTextW
MessageBoxA
WindowFromPoint
SetCursorPos
ReleaseCapture
wsprintfA
DialogBoxParamW
GetMessageW
DestroyWindow
SetWindowPos
CreateWindowExW
SendMessageW
GetSystemMetrics
UnregisterClassW
SetWindowTextW
GetWindowLongPtrW
DispatchMessageW
RegisterClassW
IsDlgButtonChecked
TranslateMessage
GetClientRect
CheckDlgButton
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
UpdateWindow
GetWindowThreadProcessId
GetWindowRect
MessageBoxW
EndDialog
DefWindowProcW
ShowWindow
IsWindow
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
LoadBitmapW
LoadCursorW
SetCapture
SetCursor
wsprintfW
GetDlgItem
GetParent

gdi32

GetStockObject
CreateFontIndirectW

comdlg32

GetOpenFileNameW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

psapi

GetModuleFileNameExW
EnumProcessModules

x64dbg

_plugin_menuaddseparator
_plugin_menuadd
_plugin_registercallback
_plugin_logprintf
_plugin_menuseticon
_plugin_menuaddentry

x64bridge

GuiGetLineWindow
DbgCmdExec

Exports

Exports

pluginit
plugsetup

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64dbg/x64/plugins/scylla_hide.ini

Sharing

General

Malware Config

Signatures

Files

97136c0502974f94b43e5b04b92ec824

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 7KB

.pdata Size: 1024B - Virtual size: 624B

.reloc Size: 512B - Virtual size: 104B

d7161982b712dc0e7485387462ec634e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 624B

a49bb401f65f9d91a664dd3541ca809e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

advapi32

psapi

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 444KB

.rdata Size: 216KB - Virtual size: 216KB

.data Size: 21KB - Virtual size: 29KB

.pdata Size: 18KB - Virtual size: 17KB

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 7KB - Virtual size: 6KB

cd82b852a8e0e80e0beac280c508e9db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

advapi32

psapi

Exports

Exports

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 175KB - Virtual size: 174KB

.data Size: 20KB - Virtual size: 25KB

.reloc Size: 20KB - Virtual size: 20KB

97136c0502974f94b43e5b04b92ec824

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 624B

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 624B

.text
Size: 444KB - Virtual size: 444KB

.rdata
Size: 216KB - Virtual size: 216KB

.data
Size: 21KB - Virtual size: 29KB

.pdata
Size: 18KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 175KB - Virtual size: 174KB

.data
Size: 20KB - Virtual size: 25KB

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 624B

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 624B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 624B

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 624B

.text
Size: 439KB - Virtual size: 439KB

.rdata
Size: 216KB - Virtual size: 215KB

.data
Size: 21KB - Virtual size: 29KB

.pdata
Size: 17KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 73KB - Virtual size: 72KB

.reloc
Size: 7KB - Virtual size: 6KB