42e693d65cfc38b7cf576957c70522fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42e693d65cfc38b7cf576957c70522fd_JaffaCakes118
Size

4.1MB
MD5

42e693d65cfc38b7cf576957c70522fd
SHA1

76cf3be4c88ca8c8245b58865a05696689fc81d4
SHA256

7798962e754817843d9d5894f7c946f66eee8469a347cc055a5b1dd57f9bda96
SHA512

8061af4f199bdd9beecc455d9e4a92d3a761115852e7b9546e84bebae5d64c04519ed641d6c17e1334f4c6ea3623dd64f7b2ddac5b7d2e2cd7536b18bfd041b9
SSDEEP

98304:bQHI0eGHCpscxutbu8xXBihplnDxUOnfREjn1:ECGipsud8lshpliOfRgn1

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Diamond Gold Edition Ultimatum v5/CEHook.dll
unpack001/Diamond Gold Edition Ultimatum v5/Diamond Gold Edition Ultimatum v5.exe
unpack001/Diamond Gold Edition Ultimatum v5/Diamond.dll
unpack001/Diamond Gold Edition Ultimatum v5/Hook.dll
unpack001/Diamond Gold Edition Ultimatum v5/Invisible.dll
unpack001/Diamond Gold Edition Ultimatum v5/Kernelmoduleunloader.exe
unpack001/Diamond Gold Edition Ultimatum v5/Systemcallretriever.exe
unpack001/Diamond Gold Edition Ultimatum v5/allochook.dll
unpack001/Diamond Gold Edition Ultimatum v5/asius.dll
unpack001/Diamond Gold Edition Ultimatum v5/asius.sys
unpack001/Diamond Gold Edition Ultimatum v5/dxhook.dll
unpack001/Diamond Gold Edition Ultimatum v5/emptydll.dll
unpack001/Diamond Gold Edition Ultimatum v5/emptyprocess.exe
unpack001/Diamond Gold Edition Ultimatum v5/speedhack.dll
unpack001/Diamond Gold Edition Ultimatum v5/systemcallsignal.exe
unpack001/Diamond Gold Edition Ultimatum v5/ucc12.dll
unpack001/Diamond Gold Edition Ultimatum v5/undercdll.dll

Files

42e693d65cfc38b7cf576957c70522fd_JaffaCakes118
.7z
Diamond Gold Edition Ultimatum v5/.idata
Diamond Gold Edition Ultimatum v5/.rdata
Diamond Gold Edition Ultimatum v5/.reloc
Diamond Gold Edition Ultimatum v5/.rsrc
Diamond Gold Edition Ultimatum v5/ADDRESSESFIRST.TMP
Diamond Gold Edition Ultimatum v5/CEHook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

About
IHWCI
MyHook
MyTimerHook
seth

Sections

CODE
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/CODE
Diamond Gold Edition Ultimatum v5/DATA
Diamond Gold Edition Ultimatum v5/Diamond Gold Edition Ultimatum v5.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/Diamond.dll
.dll windows:5 windows x86 arch:x86

311ea5a451f4ebd52e08563c9a899cde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\WallHack with Menu\WallHack with Menu\D3D Menu Base\Diamond.pdb

Imports

kernel32

GetCurrentProcess
Sleep
ReadProcessMemory
ExitThread
DisableThreadLibraryCalls
GetModuleHandleA
VirtualProtect
CreateThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

user32

GetAsyncKeyState
MessageBeep
GetSystemMetrics

d3dx9_43

D3DXCreateLine
D3DXCreateFontA
D3DXMatrixMultiply
D3DXVec4Transform

msvcr90

_except_handler4_common
_onexit
sprintf
malloc
clock
strftime
_localtime64
_time64
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
__CxxFrameHandler3

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/Diamond.txt
Diamond Gold Edition Ultimatum v5/Hook.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 621KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Diamond Gold Edition Ultimatum v5/Invisible.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

HideProcess

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 71B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/Kernelmoduleunloader.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Diamond Gold Edition Ultimatum v5/MEMORYFIRST.TMP
Diamond Gold Edition Ultimatum v5/ON.wav
Diamond Gold Edition Ultimatum v5/Sconfig.ini
Diamond Gold Edition Ultimatum v5/Systemcallretriever.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Diamond Gold Edition Ultimatum v5/allochook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CEHasHandledItEvent
CEInitializationFinished
CeAllocateVirtualMemory
CeFreeVirtualMemory
CeInitializeAllocHook
CeRtlAllocateHeap
CeRtlDestroyHeap
CeRtlFreeHeap
HasSetupDataEvent
HookEventData
NtAllocateVirtualMemoryOrig
NtFreeVirtualMemoryOrig
RtlAllocateHeapOrig
RtlDestroyHeapOrig
RtlFreeHeapOrig

Sections

CODE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/asius.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CreateRemoteAPC
DBKDebug_ContinueDebugEvent
DBKDebug_GD_SetBreakpoint
DBKDebug_GetDebuggerState
DBKDebug_SetDebuggerState
DBKDebug_SetGlobalDebugState
DBKDebug_StartDebugging
DBKDebug_StopDebugging
DBKDebug_WaitForDebugEvent
DBKResumeProcess
DBKResumeThread
DBKSuspendProcess
DBKSuspendThread
GetCR0
GetCR3
GetCR4
GetDebugportOffset
GetGDT
GetIDTCurrentThread
GetIDTs
GetKProcAddress
GetKProcAddress64
GetLoadedState
GetPEProcess
GetPEThread
GetPhysicalAddress
GetProcessNameFromID
GetProcessNameFromPEProcess
GetProcessnameOffset
GetSDT
GetSDTEntry
GetSDTShadow
GetSSDTEntry
GetThreadListEntryOffset
GetThreadsProcessOffset
IsValidHandle
KernelAlloc
KernelAlloc64
LaunchDBVM
MakeWritable
ReadPhysicalMemory
StartProcessWatch
UserdefinedInterruptHook
WaitForProcessListData
WritePhysicalMemory
asiusae
asiuse
asiusm
asiusm64
asiusop
asiusp
asiust
asiusw
asiusw64
dbvm_block_interrupts
dbvm_changeselectors
dbvm_raise_privilege
dbvm_read_physical_memory
dbvm_redirect_interrupt1
dbvm_restore_interrupts
dbvm_version
dbvm_write_physical_memory
executeKernelCode
isDriverLoaded

Sections

CODE
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/asius.sys
.sys windows:6 windows x86 arch:x86

0bffabb56691dd1c30998e3c3810b0ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\diamon~1.0\dbkker~1\objfre_win7_x86\i386\asius.pdb

Imports

ntoskrnl.exe

PsSetCreateProcessNotifyRoutine
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
IoAllocateWorkItem
IoCreateSymbolicLink
IoCreateDevice
ZwQueryValueKey
ExAllocatePool
ZwOpenKey
RtlAppendUnicodeToString
KeQueryActiveProcessors
KeGetCurrentThread
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
ZwOpenThread
KeDetachProcess
ZwAllocateVirtualMemory
KeAttachProcess
PsSetCreateThreadNotifyRoutine
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
MmGetPhysicalAddress
KeUnstackDetachProcess
KeStackAttachProcess
IoDeleteDevice
ObOpenObjectByPointer
PsProcessType
ObfDereferenceObject
PsLookupProcessByProcessId
memset
memcpy
PsLookupThreadByThreadId
KeWaitForSingleObject
KeReleaseSemaphore
KeClearEvent
KeSetEvent
KeInitializeEvent
_allmul
PsGetCurrentThreadId
PsGetCurrentProcessId
MmAllocateContiguousMemory
ZwWaitForSingleObject
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
KeTickCount
KeBugCheckEx
RtlUnwind
IoDeleteSymbolicLink
ExFreePoolWithTag
IofCompleteRequest
ObReferenceObjectByHandle
DbgPrint

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/dxhook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

InitializeDirectX_Hook

Sections

CODE
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/emptydll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/emptyprocess.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Diamond Gold Edition Ultimatum v5/kerneldata.dat
Diamond Gold Edition Ultimatum v5/speedhack.dll
.dll windows:4 windows x86 arch:x86

2bfa2c7915fabbba159201e9b955ba6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FindResourceA
FindResourceExA
FormatMessageA
FreeLibrary
FreeResource
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetThreadLocale
GetThreadPriority
GetTickCount
GetVersionExA
GetWindowsDirectoryA
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ResetEvent
ResumeThread
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharUpperBuffW
GetSystemMetrics
MessageBoxA

Exports

Exports

InitializeSpeedhack
realGetTickCount
realQueryPerformanceCounter
speedhackversion_GetTickCount
speedhackversion_QueryPerformanceCounter

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 248B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/systemcallsignal.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Diamond Gold Edition Ultimatum v5/ucc12.dll
.dll windows:4 windows x86 arch:x86

fd9edacf655544d91c52702fd1b8b0c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
OpenFile
LoadLibraryA
FreeLibrary
GetProcAddress
GetModuleHandleA
WaitForSingleObject
Sleep
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
RtlUnwind
RaiseException
GetLastError
MoveFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetFileAttributesA
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
CloseHandle
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
FlushFileBuffers
WriteFile
ReadFile
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
SetEndOfFile
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetCurrentDirectoryA

Exports

Exports

??0FBlock@@QAE@PAUInstruction@@H@Z
??0XClass@@QAE@ABV0@@Z
??0XClass@@QAE@PAVNamedTable@@@Z
??0XEntry@@QAE@PAUEntry@@@Z
??0XFunction@@QAE@PAVFunction@@@Z
??0XModule@@QAE@PAVModule@@@Z
??0XNTable@@QAE@ABV0@@Z
??0XNTable@@QAE@PAVNamedTable@@@Z
??0XTemplateFun@@QAE@PAVTemplateEntry@@@Z
??0XTrace@@QAE@ABV0@@Z
??0XTrace@@QAE@_N@Z
??0XType@@QAE@PAVType@@@Z
??4FBlock@@QAEAAU0@ABU0@@Z
??4XClass@@QAEAAV0@ABV0@@Z
??4XEntry@@QAEAAV0@ABV0@@Z
??4XFunction@@QAEAAV0@ABV0@@Z
??4XModule@@QAEAAV0@ABV0@@Z
??4XNTable@@QAEAAV0@ABV0@@Z
??4XTemplateFun@@QAEAAV0@ABV0@@Z
??4XTrace@@QAEAAV0@ABV0@@Z
??4XType@@QAEAAV0@ABV0@@Z
??_7XClass@@6B@
??_7XNTable@@6B@
??_7XTrace@@6B@
??_FFBlock@@QAEXXZ
??_FXEntry@@QAEXXZ
??_FXFunction@@QAEXXZ
??_FXTrace@@QAEXXZ
?addr_mode@XEntry@@QAEHXZ
?args@XFunction@@QAEAAV?$listx@PAVXType@@@@XZ
?as_class@XType@@QBEPAVXClass@@XZ
?as_str@XFunction@@QAEXAAVstring@@@Z
?as_str@XType@@QBEPADXZ
?base_class@XClass@@QAEPAV1@XZ
?base_entry@XEntry@@QAEPAV1@XZ
?class_obj@XClass@@QAEPAVClass@@XZ
?classes@XModule@@QAEAAV?$listx@PAVXClass@@@@XZ
?clone@XEntry@@QAEPAV1@XZ
?create@FBlock@@SAPAU1@PAUEntry@@PAVClass@@@Z
?create@XClass@@QAEPAXXZ
?create@XNTable@@QAEPAVXEntry@@PADPAVXType@@@Z
?data@XEntry@@QAEHXZ
?dispose_of_entries@XNTable@@SAXAAV?$listx@PAVXEntry@@@@@Z
?do_enter@XTrace@@QAE_NXZ
?do_leave@XTrace@@QAE_NXZ
?enter@XTrace@@UAEXPAUXExecState@@@Z
?entry@XEntry@@QAEPAXXZ
?eval@XFunction@@QAEHPAX00@Z
?fblock@XFunction@@QAEPAXXZ
?filename@XModule@@QAEPADXZ
?finalize@FBlock@@QAEXH@Z
?from_fb@XFunction@@SAPAV1@PAX@Z
?from_id@XModule@@SAPAV1@H@Z
?from_name@XModule@@SAPAV1@PAD@Z
?from_str@XType@@SAPAV1@PAD@Z
?fun@XFunction@@QAEPAXXZ
?function@XEntry@@QAEPAVXFunction@@H@Z
?functions@XModule@@QAEAAV?$listx@PAVXFunction@@@@XZ
?functions@XNTable@@QAEAAV?$listx@PAVXFunction@@@@H@Z
?get_args@XFunction@@QAEXPAV?$listx@PAVXType@@@@PAV?$listx@Vstring@@@@@Z
?get_class_of@XClass@@SAPAV1@PAX@Z
?get_functions@XNTable@@QAEXAAV?$listx@PAVXFunction@@@@HPAD@Z
?get_template@XClass@@QAEPAVXTemplateFun@@XZ
?get_trace@XFunction@@QAEPAVXTrace@@XZ
?get_variables@XNTable@@QAEXAAV?$listx@PAVXEntry@@@@HPAD@Z
?has_VMT@XClass@@QAE_NXZ
?inherits_from@XClass@@QAEHPAV1@@Z
?instantiate@XTemplateFun@@QAEPAXABV?$listx@PAVXType@@@@@Z
?ip_to_line@XFunction@@QAEHPAX@Z
?is_array@XType@@QBE_NXZ
?is_bool@XType@@QBE_NXZ
?is_char@XType@@QBE_NXZ
?is_class@XType@@QBE_NXZ
?is_const@XType@@QBE_NXZ
?is_double@XType@@QBE_NXZ
?is_float@XType@@QBE_NXZ
?is_function@XType@@QBE_NXZ
?is_int@XType@@QBE_NXZ
?is_long@XType@@QBE_NXZ
?is_namespace@XType@@QBE_NXZ
?is_number@XType@@QBE_NXZ
?is_object@XType@@QBE_NXZ
?is_pointer@XType@@QBE_NXZ
?is_reference@XType@@QBE_NXZ
?is_short@XType@@QBE_NXZ
?is_signature@XType@@QBE_NXZ
?is_single@XType@@QBE_NXZ
?is_unsigned@XType@@QBE_NXZ
?is_void@XType@@QBE_NXZ
?leave@XTrace@@UAEXPAUXExecState@@@Z
?lists@XModule@@SAAAV?$listx@PAVXModule@@@@XZ
?lookup@XNTable@@UAEPAVXEntry@@PAD_N@Z
?lookup_class@XNTable@@QAEPAVXClass@@PAD_N@Z
?lookup_local@XFunction@@QAEPAVXEntry@@PAD@Z
?lookup_template@XNTable@@QAEPAVXTemplateFun@@PAD_N@Z
?match_instantiate@XTemplateFun@@QAEPAXABV?$listx@PAVXType@@@@@Z
?module@XFunction@@QAEHXZ
?name@XEntry@@QAEPADXZ
?name@XFunction@@QAEPADXZ
?name@XNTable@@QAEPADXZ
?name@XTemplateFun@@QAEPADXZ
?native_addr@FBlock@@QAEPAXXZ
?nfun@XEntry@@QAEHXZ
?no_template_parms@XClass@@QAEHXZ
?offset@XNTable@@QAEHPAX@Z
?pcode@XFunction@@QAEPAUXInstruction@@XZ
?pointer_depth@XType@@QBEHXZ
?ptr@XEntry@@QAEPAXPAX@Z
?ret_type@XFunction@@QAEPAVXType@@XZ
?set_class_of@XClass@@QAEXPAX@Z
?set_data@XEntry@@QAEXH@Z
?set_on_entry@XTrace@@QAEX_N@Z
?set_on_exit@XTrace@@QAEX_N@Z
?set_ptr@XEntry@@QAEXPAX0@Z
?set_trace@XFunction@@QAEXPAVXTrace@@@Z
?set_tracing@XFunction@@SAX_N@Z
?size@XEntry@@QAEHXZ
?size@XType@@QBEHXZ
?str_to_val@XEntry@@QAEXPADPAX@Z
?str_to_val@XType@@QAEXPADPAX@Z
?table@XNTable@@QAEPAVNamedTable@@XZ
?template_parm@XClass@@QAEPAVXType@@H@Z
?type@XEntry@@QAEPAVXType@@XZ
?type@XType@@QAEPAVType@@XZ
?typelist@XType@@SAAAV?$listx@PAVXType@@@@PAV1@ZZ
?uc_global@@YAPAVXNTable@@XZ
?uc_std@@YAPAVXNTable@@XZ
?uc_ucri_init@@YAXXZ
?ucri_instruction_counter@@YAPAK_N@Z
?val_as_str@XEntry@@QAEXAAVstring@@PAX@Z
?val_as_str@XType@@QBEXAAVstring@@PAX@Z
?variables@XNTable@@QAEAAV?$listx@PAVXEntry@@@@H@Z
?where@XFunction@@QAEHAAVstring@@@Z
_uc_compile@8
_uc_compile_fn@8
_uc_error@8
_uc_error_pos@4
_uc_eval@12
_uc_eval_exp@12
_uc_eval_method@16
_uc_exec@4
_uc_finis@0
_uc_import@8
_uc_include@4
_uc_init@8
_uc_init_ref@12
_uc_interactive_loop@0
_uc_load@4
_uc_main@8
_uc_main_window@0
_uc_result@8
_uc_run@0
_uc_set_quote@8
uc_eval_args
uc_eval_method_args

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Diamond Gold Edition Ultimatum v5/undercdll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

underc_executescript
underc_geterror

Sections

CODE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 111B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 435KB - Virtual size: 435KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 137B

.reloc Size: 31KB - Virtual size: 31KB

.rsrc Size: 21KB - Virtual size: 21KB

Headers

File Characteristics

Sections

CODE Size: 2.4MB - Virtual size: 2.4MB

DATA Size: 42KB - Virtual size: 41KB

BSS Size: - Virtual size: 14KB

.idata Size: 13KB - Virtual size: 13KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 146KB - Virtual size: 146KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

311ea5a451f4ebd52e08563c9a899cde

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

d3dx9_43

msvcr90

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 906B

Headers

DLL Characteristics

File Characteristics

Sections

Size: 11KB - Virtual size: 24KB

Size: 2KB - Virtual size: 8KB

Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

Size: - Virtual size: 3.3MB

.data Size: 621KB - Virtual size: 624KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 11KB - Virtual size: 11KB

DATA Size: 512B - Virtual size: 176B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 71B

.reloc Size: 1024B - Virtual size: 980B

.rsrc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

CODE Size: 76KB - Virtual size: 76KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 7KB - Virtual size: 64KB

Headers

CODE
Size: 435KB - Virtual size: 435KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 137B

.reloc
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 21KB - Virtual size: 21KB

CODE
Size: 2.4MB - Virtual size: 2.4MB

DATA
Size: 42KB - Virtual size: 41KB

BSS
Size: - Virtual size: 14KB

.idata
Size: 13KB - Virtual size: 13KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 146KB - Virtual size: 146KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 906B

.rsrc
Size: 2KB - Virtual size: 4KB

.data
Size: 621KB - Virtual size: 624KB

CODE
Size: 11KB - Virtual size: 11KB

DATA
Size: 512B - Virtual size: 176B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 71B

.reloc
Size: 1024B - Virtual size: 980B

.rsrc
Size: 512B - Virtual size: 512B

CODE
Size: 76KB - Virtual size: 76KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 7KB - Virtual size: 64KB

CODE
Size: 366KB - Virtual size: 365KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 159KB - Virtual size: 216KB

CODE
Size: 70KB - Virtual size: 70KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 503B

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB

CODE
Size: 96KB - Virtual size: 95KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 1024B - Virtual size: 796B

.data
Size: 512B - Virtual size: 14KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

CODE
Size: 357KB - Virtual size: 357KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 84B

.reloc
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 20KB - Virtual size: 20KB