ROBLOX EXECUTOR[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ROBLOX EXECUTOR.zip
Size

13.8MB
MD5

770187f013607fbc7cbf81f65d9fb342
SHA1

2bda35137289e4aa0107f8c313a545facf7e9c70
SHA256

97b4583f626bf10fa9702567ef2b0c1fb4720291ef02f131b84a5c473dae439b
SHA512

b78d376692039c51ad2010bc4a567405c7932d15add3dd89807b61caa772f8f7563197307b896073b02928f25772f6dcb7a1152c9653a7f66883ae15cfbac133
SSDEEP

196608:z/WyOahwRAnmftmDGh2eam8Dc2Gehjs7qqz5pP3b8oEdV6Fc4gmyzmSkFR:z/W0wR94JeameVGek/Y0g1ij

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SoftWare V2.1.0.exe
unpack001/SoftWare V2.1.7.exe
unpack001/data/Loader.asi
unpack001/data/protects.dll

Files

ROBLOX EXECUTOR.zip
.zip

Password: new!
App/ActiveXInstallService.admx
App/AddRemovePrograms.admx
App/AppCompat.admx
App/AppXRuntime.admx
.xml
App/AppxPackageManager.admx
App/AttachmentManager.admx
App/AuditSettings.admx
.xml
App/AutoPlay.admx
App/Biometrics.admx
App/Bits.admx
App/CEIPEnable.admx
App/COM.admx
App/CipherSuiteOrder.admx
App/Conf.admx
App/ControlPanel.admx
App/ControlPanelDisplay.admx
App/Cpls.admx
App/CredSsp.admx
App/CredUI.admx
App/CredentialProviders.admx
App/CtrlAltDel.admx
App/DCOM.admx
App/DFS.admx
App/DWM.admx
App/Desktop.admx
App/DeviceCompat.admx
App/DeviceInstallation.admx
App/DeviceSetup.admx
App/DigitalLocker.admx
App/DiskDiagnostic.admx
App/DiskNVCache.admx
App/DiskQuota.admx
App/DistributedLinkTracking.admx
App/DnsClient.admx
App/EAIME.admx
App/EarlyLaunchAM.admx
App/EdgeUI.admx
App/EncryptFilesonMove.admx
App/ErrorReporting.admx
App/EventForwarding.admx
.xml
App/EventLog.admx
App/EventViewer.admx
App/Explorer.admx
App/ExternalBoot.admx
.xml
App/FileHistory.admx
App/FileRecovery.admx
App/FileRevocation.admx
App/FileServerVSSProvider.admx
App/FileSys.admx
.xml
App/FolderRedirection.admx
App/FramePanes.admx
App/GameExplorer.admx
App/Globalization.admx
App/GroupPolicy-Server.admx
App/GroupPolicy.admx
App/GroupPolicyPreferences.admx
App/Help.admx
App/HelpAndSupport.admx
App/ICM.admx
App/IIS.admx
App/InkWatson.admx
App/Kerberos.admx
App/LanmanServer.admx
App/LeakDiagnostic.admx
App/LinkLayerTopologyDiscovery.admx
App/LocationProviderAdm.admx
App/Logon.admx
App/MMC.admx
App/MMCSnapIns2.admx
App/MMCSnapins.admx
App/MSDT.admx
App/MSI.admx
App/MediaCenter.admx
App/MobilePCMobilityCenter.admx
App/MobilePCPresentationSettings.admx
App/Msi-FileRecovery.admx
App/NAPXPQec.admx
App/NCSI.admx
App/Netlogon.admx
App/NetworkConnections.admx
App/NetworkIsolation.admx
App/NetworkProjection.admx
App/OfflineFiles.admx
App/P2P-pnrp.admx
App/ParentalControls.admx
App/PeerToPeerCaching.admx
App/PenTraining.admx
App/PerformanceDiagnostics.admx
App/PerformancePerftrack.admx
App/Power.admx
App/PowerShellExecutionPolicy.admx
App/PreviousVersions.admx
App/Printing.admx
App/Printing2.admx
App/Programs.admx
App/PswdSync.admx
App/QOS.admx
App/RPC.admx
App/RacWmiProv.admx
App/Radar.admx
App/ReAgent.admx
App/Reliability.admx
App/RemoteAssistance.admx
App/RemovableStorage.admx
App/Scripts.admx
App/Securitycenter.admx
App/Sensors.admx
App/ServerManager.admx
App/Servicing.admx
App/SettingSync.admx
App/Setup.admx
App/SharedFolders.admx
App/Sharing.admx
App/Shell-CommandPrompt-RegEditTools.admx
App/ShellWelcomeCenter.admx
App/Sidebar.admx
App/SkyDrive.admx
.xml
App/Smartcard.admx
App/Snis.admx
App/Snmp.admx
App/SoundRec.admx
App/StartMenu.admx
App/SystemRestore.admx
App/TPM.admx
App/TabletPCInputPanel.admx
App/TabletShell.admx
App/TaskScheduler.admx
App/Taskbar.admx
App/TerminalServer-Server.admx
App/TerminalServer.admx
App/Thumbnails.admx
App/TouchInput.admx
App/UserProfiles.admx
App/VolumeEncryption.admx
App/W32Time.admx
App/WCM.admx
App/WDI.admx
App/WPN.admx
App/WinCal.admx
.xml
App/WinInit.admx
App/WinLogon.admx
App/Windows.admx
App/WindowsAnytimeUpgrade.admx
App/WindowsBackup.admx
App/WindowsColorSystem.admx
App/WindowsConnectNow.admx
App/WindowsDefender.admx
App/WindowsExplorer.admx
App/WindowsFileProtection.admx
App/WindowsFirewall.admx
App/WindowsMail.admx
App/WindowsMediaDRM.admx
App/WindowsMediaPlayer.admx
App/WindowsMessenger.admx
App/WindowsProducts.admx
App/WindowsRemoteManagement.admx
App/WindowsRemoteShell.admx
App/WindowsServer.admx
App/WindowsUpdate.admx
App/Winsrv.admx
App/WordWheel.admx
App/WorkFolders-Client.admx
App/WorkplaceJoin.admx
App/en-US/ActiveXInstallService.adml
.xml
App/en-US/AddRemovePrograms.adml
.xml
App/en-US/AppCompat.adml
.xml
App/en-US/AppXRuntime.adml
.xml
App/en-US/AppxPackageManager.adml
.xml
App/en-US/AttachmentManager.adml
.xml
App/en-US/AuditSettings.adml
.xml
App/en-US/AutoPlay.adml
.xml
App/en-US/Biometrics.adml
.xml
App/en-US/Bits.adml
.xml
App/en-US/CEIPEnable.adml
.xml
App/en-US/COM.adml
.xml
App/en-US/CipherSuiteOrder.adml
.xml
App/en-US/Conf.adml
.xml
App/en-US/ControlPanel.adml
.xml
App/en-US/ControlPanelDisplay.adml
.xml
App/en-US/Cpls.adml
.xml
App/en-US/CredSsp.adml
.xml
App/en-US/CredUI.adml
.xml
App/en-US/CredentialProviders.adml
.xml
App/en-US/CtrlAltDel.adml
.xml
App/en-US/DCOM.adml
.xml
App/en-US/DFS.adml
.xml
App/en-US/DWM.adml
.xml
App/en-US/Desktop.adml
.xml
App/en-US/DeviceCompat.adml
.xml
App/en-US/DeviceInstallation.adml
.xml
App/en-US/DeviceSetup.adml
.xml
App/en-US/DigitalLocker.adml
.xml
App/en-US/DiskDiagnostic.adml
.xml
App/en-US/DiskNVCache.adml
.xml
App/en-US/DiskQuota.adml
.xml
App/en-US/DistributedLinkTracking.adml
.xml
App/en-US/DnsClient.adml
.xml
App/en-US/EAIME.adml
.xml
App/en-US/EarlyLaunchAM.adml
App/en-US/EdgeUI.adml
.xml
App/en-US/EncryptFilesonMove.adml
.xml
App/en-US/ErrorReporting.adml
.xml
App/en-US/EventForwarding.adml
.xml
App/en-US/EventLog.adml
.xml
App/en-US/EventViewer.adml
.xml
App/en-US/Explorer.adml
.xml
App/en-US/ExternalBoot.adml
.xml
App/en-US/FileHistory.adml
.xml
App/en-US/FileRecovery.adml
.xml
App/en-US/FileRevocation.adml
.xml
App/en-US/FileServerVSSProvider.adml
.xml
App/en-US/FileSys.adml
.xml
App/en-US/FolderRedirection.adml
.xml
App/en-US/FramePanes.adml
.xml
App/en-US/GameExplorer.adml
.xml
App/en-US/Globalization.adml
.xml
App/en-US/GroupPolicy-Server.adml
.xml
App/en-US/GroupPolicy.adml
.xml
App/en-US/GroupPolicyPreferences.adml
.xml
App/en-US/Help.adml
.xml
App/en-US/HelpAndSupport.adml
.xml
App/en-US/ICM.adml
.xml
App/en-US/IIS.adml
.xml
App/en-US/InetRes.adml
.xml
App/en-US/InkWatson.adml
.xml
App/en-US/KDC.adml
.xml
App/en-US/Kerberos.adml
.xml
App/en-US/LanmanServer.adml
.xml
App/en-US/LeakDiagnostic.adml
.xml
App/en-US/LinkLayerTopologyDiscovery.adml
.xml
App/en-US/LocationProviderAdm.adml
.xml
App/en-US/Logon.adml
.xml
App/en-US/MMC.adml
App/en-US/MMCSnapIns2.adml
App/en-US/MMCSnapins.adml
App/en-US/MSDT.adml
App/en-US/MSI.adml
.xml
App/en-US/MediaCenter.adml
App/en-US/MobilePCMobilityCenter.adml
App/en-US/MobilePCPresentationSettings.adml
App/en-US/Msi-FileRecovery.adml
.xml
App/en-US/NAPXPQec.adml
.xml
App/en-US/NCSI.adml
.xml
App/en-US/Netlogon.adml
.xml
App/en-US/NetworkConnections.adml
.xml
App/en-US/NetworkIsolation.adml
App/en-US/NetworkProjection.adml
.xml
App/en-US/OfflineFiles.adml
.xml
App/en-US/P2P-pnrp.adml
.xml
App/en-US/ParentalControls.adml
.xml
App/en-US/PeerToPeerCaching.adml
.xml
App/en-US/PenTraining.adml
.xml
App/en-US/PerformanceDiagnostics.adml
.xml
App/en-US/PerformancePerftrack.adml
.xml
App/en-US/Power.adml
.xml
App/en-US/PowerShellExecutionPolicy.adml
.xml
App/en-US/PreviousVersions.adml
.xml
App/en-US/Printing.adml
.xml
App/en-US/Printing2.adml
.xml
App/en-US/Programs.adml
.xml
App/en-US/PswdSync.adml
.xml
App/en-US/QOS.adml
.xml
App/en-US/RPC.adml
.xml
App/en-US/RacWmiProv.adml
.xml
App/en-US/Radar.adml
.xml
App/en-US/ReAgent.adml
.xml
App/en-US/Reliability.adml
.xml
App/en-US/RemoteAssistance.adml
.xml
App/en-US/RemovableStorage.adml
.xml
App/en-US/Scripts.adml
.xml
App/en-US/Securitycenter.adml
.xml
App/en-US/Sensors.adml
.xml
App/en-US/ServerManager.adml
.xml
App/en-US/Servicing.adml
.xml
App/en-US/SettingSync.adml
.xml
App/en-US/Setup.adml
.xml
App/en-US/SharedFolders.adml
.xml
App/en-US/Sharing.adml
.xml
App/en-US/Shell-CommandPrompt-RegEditTools.adml
.xml
App/en-US/ShellWelcomeCenter.adml
.xml
App/en-US/Sidebar.adml
.xml
App/en-US/SkyDrive.adml
.xml
App/en-US/Smartcard.adml
.xml
App/en-US/Snis.adml
.xml
App/en-US/Snmp.adml
.xml
App/en-US/SoundRec.adml
.xml
App/en-US/StartMenu.adml
.xml
App/en-US/SystemRestore.adml
.xml
App/en-US/TPM.adml
.xml
App/en-US/TabletPCInputPanel.adml
.xml
App/en-US/TabletShell.adml
.xml
App/en-US/TaskScheduler.adml
.xml
App/en-US/Taskbar.adml
.xml
App/en-US/TerminalServer-Server.adml
.xml
App/en-US/TerminalServer.adml
.xml
App/en-US/Thumbnails.adml
.xml
App/en-US/TouchInput.adml
.xml
App/en-US/UserProfiles.adml
.xml
App/en-US/VolumeEncryption.adml
.xml
App/en-US/W32Time.adml
.xml
App/en-US/WCM.adml
.xml
App/en-US/WDI.adml
.xml
App/en-US/WPN.adml
.xml
App/en-US/WinCal.adml
.xml
App/en-US/WinInit.adml
.xml
App/en-US/WinLogon.adml
.xml
App/en-US/Windows.adml
.xml
App/en-US/WindowsAnytimeUpgrade.adml
.xml
App/en-US/WindowsBackup.adml
.xml
App/en-US/WindowsColorSystem.adml
.xml
App/en-US/WindowsConnectNow.adml
.xml
App/en-US/WindowsDefender.adml
App/en-US/WindowsExplorer.adml
.xml
App/en-US/WindowsFileProtection.adml
.xml
App/en-US/WindowsFirewall.adml
.xml
App/en-US/WindowsMail.adml
.xml
App/en-US/WindowsMediaDRM.adml
.xml
App/en-US/WindowsMediaPlayer.adml
.xml
App/en-US/WindowsMessenger.adml
.xml
App/en-US/WindowsProducts.adml
.xml
App/en-US/WindowsRemoteManagement.adml
.xml
App/en-US/WindowsRemoteShell.adml
.xml
App/en-US/WindowsServer.adml
.xml
App/en-US/WindowsUpdate.adml
.xml
App/en-US/Winsrv.adml
.xml
App/en-US/WordWheel.adml
.xml
App/en-US/WorkFolders-Client.adml
.xml
App/en-US/WorkplaceJoin.adml
.xml
App/en-US/fthsvc.adml
.xml
App/en-US/hotspotauth.adml
.xml
App/en-US/iSCSI.adml
.xml
App/en-US/msched.adml
App/en-US/nca.adml
App/en-US/pca.adml
.xml
App/en-US/sdiageng.adml
.xml
App/en-US/srm-fci.adml
.xml
App/en-US/tcpip.adml
.xml
App/en-US/wlansvc.adml
.xml
App/en-US/wwansvc.adml
.xml
App/fthsvc.admx
App/hotspotauth.admx
App/iSCSI.admx
App/inetres.admx
.xml
App/kdc.admx
App/msched.admx
.xml
App/nca.admx
App/pca.admx
App/sdiageng.admx
App/srm-fci.admx
App/tcpip.admx
.xml
App/wlansvc.admx
App/wwansvc.admx
.xml
Settings.ini
SoftWare V2.1.0.exe
.exe windows:6 windows x86 arch:x86

Password: new!

b28a7df3b3506a3ad155d3f99aa29899

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\g9gi7m8pam\output.pdb

Imports

user32

OffsetRect

kernel32

CompareStringEx
CreateFileW
WaitForSingleObject
GetModuleHandleA
SwitchToFiber
CreateThread
GetProcAddress
VirtualAllocEx
SetConsoleTitleW
RaiseException
RtlCaptureStackBackTrace
GetCurrentThreadId
IsProcessorFeaturePresent
GetLastError
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
CloseHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LocalFree
GetLocaleInfoEx
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
SetFileInformationByHandle
GetTempPathW
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetStringTypeW
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
HeapSize
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
SetConsoleCtrlHandler
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetCurrentThread
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
SetStdHandle

Sections

.text
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftWare V2.1.7.exe
.exe windows:4 windows x86 arch:x86

Password: new!

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/ErrorReport.dll
.dll windows:5 windows x64 arch:x64

Password: new!

d43ebc0254e6de9c3c74fdd8b2c324c5

Code Sign

57:1c:5f:05:7e:b9:03:c6:51:87:11:e1:56:c4:e7:5f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03-04-2020 00:00

Not After

03-05-2023 23:59

Subject

CN=MAGIX Software GmbH,O=MAGIX Software GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:6e:c1:b4:34:89:c8:50:1e:cc:1f:ad:44:fe:3c:b5:95:76:86:9c:7a:55:a9:12:d8:ba:02:88:7b:4a:1f:51
Signer

Actual PE Digest

45:6e:c1:b4:34:89:c8:50:1e:cc:1f:ad:44:fe:3c:b5:95:76:86:9c:7a:55:a9:12:d8:ba:02:88:7b:4a:1f:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Jenkins\workspace\aplugins\sonic3\release\aplugins\1.0\errorreport\obj-x64\ErrorReport.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathFileExistsW

msvcp90

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z

ole32

CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
VariantClear
SysAllocString
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
VariantInit

kernel32

ResetEvent
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
OutputDebugStringW
GetProcessShutdownParameters
SetProcessShutdownParameters
AddVectoredContinueHandler
CreateThread
WaitForMultipleObjects
GetCurrentThreadId
GetExitCodeProcess
lstrlenW
CreateFileMappingW
MapViewOfFile
DeleteCriticalSection
UnmapViewOfFile
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
GetModuleHandleExW
OutputDebugStringA
CloseHandle
WaitForSingleObject
CreateProcessW
TerminateProcess
QueryDosDeviceW
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
CreateDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateEventW
OpenProcess
ReadFile
WriteFile
OpenEventW
SystemTimeToFileTime
GetSystemTime
SetEvent
VirtualQueryEx
GetCurrentProcess
Module32NextW
Module32FirstW
FreeLibrary
GetProcAddress
InitializeCriticalSection
CreateFileW
Sleep
WaitNamedPipeW
TerminateThread
GetCurrentThread
IsDebuggerPresent
SetUnhandledExceptionFilter
RemoveVectoredContinueHandler
DeleteFileW

msvcr90

?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
__crt_debugger_hook
wcschr
wcsrchr
_vswprintf_c_l
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??3@YAXPEAX@Z
__CxxFrameHandler3
??0exception@std@@QEAA@XZ
wcscpy_s
wcscat_s
_snwprintf_s
malloc
memset
_wcsnicmp
_wcsicmp
wcsncpy_s
memcpy
_vsnwprintf_s
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
??2@YAPEAX_K@Z
__C_specific_handler
??_V@YAXPEAX@Z
free
__CppXcptFilter
wcstol
_wcstoi64
wcstod
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
tolower

shell32

SHGetSpecialFolderPathW

psapi

GetProcessImageFileNameW

Exports

Exports

ErrorReport_AddFile
ErrorReport_AddText
ErrorReport_CommonExceptionFilter
ErrorReport_EndTrapBypass
ErrorReport_Initialize
ErrorReport_InitializeNoCrash
ErrorReport_InitializeWithOptions
ErrorReport_InstallFail
ErrorReport_ManagedException
ErrorReport_RemoveFile
ErrorReport_Shutdown
ErrorReport_StartMonitoringProcess
ErrorReport_StartTrapBypass
ErrorReport_StopMonitoringProcess
ErrorReport_UnmanagedException
ErrorReport_UserAbort

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/Loader.asi
.dll windows:5 windows x86 arch:x86

Password: new!

4a2f054959cb8df136c59793c4706eb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\MoonLoader\moonloader-src\MoonLoader\bin\MoonLoader.pdb

Imports

d3dx9_43

D3DXCreateSprite
D3DXMatrixInverse
D3DXCreateTextureFromFileInMemory
D3DXMatrixTransformation2D
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileA

lua51

lua_getinfo
lua_concat
lua_pushthread
lua_replace
lua_insert
lua_atpanic
lua_close
lua_newthread
lua_getstack
lua_status
lua_resume
lua_load
lua_pushfstring
lua_rawset
lua_pushinteger
luaL_openlibs
lua_tointeger
luaL_callmeta
lua_next
lua_pushlightuserdata
lua_topointer
lua_objlen
lua_toboolean
lua_tonumber
lua_typename
lua_isnumber
luaL_unref
luaL_ref
luaL_error
luaL_newmetatable
luaL_getmetafield
lua_error
lua_pcall
lua_call
lua_setmetatable
lua_setfield
lua_settable
lua_getmetatable
lua_newuserdata
lua_createtable
lua_rawgeti
lua_rawget
lua_getfield
lua_pushboolean
lua_pushcclosure
lua_pushstring
lua_pushlstring
lua_pushnumber
lua_pushnil
lua_tothread
lua_touserdata
lua_tolstring
lua_rawequal
lua_type
lua_xmove
lua_checkstack
lua_remove
lua_pushvalue
lua_settop
lua_gettop
luaL_newstate
lua_rawseti
luaL_argerror
lua_gettable
luaL_checklstring

bass

BASS_GetVersion
BASS_ErrorGetCode
BASS_Free
BASS_GetConfig
BASS_ChannelStop
BASS_Set3DFactors
BASS_ChannelGetLength
BASS_ChannelSet3DPosition
BASS_ChannelSet3DAttributes
BASS_ChannelGetAttribute
BASS_ChannelSetAttribute
BASS_ChannelPause
BASS_Init
BASS_ChannelPlay
BASS_ChannelFlags
BASS_ChannelIsActive
BASS_ChannelBytes2Seconds
BASS_StreamFree
BASS_StreamCreateURL
BASS_StreamCreateFile
BASS_Apply3D
BASS_Set3DPosition

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
HeapFree
HeapAlloc
WriteFile
GetACP
DeleteFileW
MoveFileExW
RemoveDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableA
GetFullPathNameW
GetDriveTypeW
ExitThread
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameA
GetFileType
GetStdHandle
RaiseException
RtlUnwind
LoadLibraryW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEvent
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadFile
IsProcessorFeaturePresent
InitializeSListHead
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetUserDefaultLCID
VirtualProtect
VirtualQuery
GetModuleHandleA
GetProcAddress
LoadLibraryA
FreeLibrary
FindFirstFileA
FindNextFileA
Sleep
FlushInstructionCache
GetCurrentProcess
FindClose
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetSystemTimeAsFileTime
GetModuleFileNameW
ExitProcess
GetCurrentThread
GetLastError
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
VirtualAlloc
VirtualFree
VirtualProtectEx
VirtualQueryEx
SetLastError
GetModuleHandleW
LoadLibraryExW
EncodePointer
MultiByteToWideChar
CloseHandle
AreFileApisANSI
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
CreateFileW
CreateDirectoryW
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
GetTickCount
ReadConsoleW
GetTimeZoneInformation
HeapReAlloc
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
IsDebuggerPresent
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
DecodePointer

user32

GetWindowLongA
MapVirtualKeyA
SendInput
VkKeyScanA
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetWindowLongW
GetForegroundWindow
LoadCursorA
GetCursor
SetCursor
ShowCursor
SetWindowLongA
CallWindowProcA
ScreenToClient
GetCursorPos
FillRect
SetWindowLongW
MessageBoxA

gdi32

ExtTextOutA
CreateDIBSection
SetTextAlign
SetTextColor
SetMapMode
SetBkMode
SelectObject
GetTextExtentPoint32A
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontA
CreateCompatibleDC

shell32

SHGetFolderPathA

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/main.scm
data/maxresdefault.jpg
.jpg

Password: new!
data/mchammer_x64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

Password: new!

ce8163474c63d04adf7ad44f68b2c5e2

Code Sign

57:1c:5f:05:7e:b9:03:c6:51:87:11:e1:56:c4:e7:5f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03-04-2020 00:00

Not After

03-05-2023 23:59

Subject

CN=MAGIX Software GmbH,O=MAGIX Software GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

29:33:16:62:3e:89:0a:af:9a:6e:b1:86:ce:87:e5:00:50:1f:cf:b6:97:9c:5c:12:7d:27:08:9f:2f:7b:2a:32
Signer

Actual PE Digest

29:33:16:62:3e:89:0a:af:9a:6e:b1:86:ce:87:e5:00:50:1f:cf:b6:97:9c:5c:12:7d:27:08:9f:2f:7b:2a:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Jenkins\workspace\aplugins\sonic3\release\aplugins\1.0\aplugins\mchammer\obj-x64\mchammer_x64.pdb

Imports

gdiplus

GdipSetSmoothingMode
GdipDrawArcI
GdipCreateFromHDC
GdipSetPenColor
GdipSetPenMode
GdipDeleteGraphics
GdipDeletePen
GdipDrawLine
GdipCreatePen1

msimg32

TransparentBlt

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
timeSetEvent
sndPlaySoundW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoInitialize
CoInitializeEx
CoUninitialize
OleInitialize
OleUninitialize
CoFreeLibrary
CoLoadLibrary
GetHGlobalFromStream
CoFreeUnusedLibraries

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString

msvfw32

DrawDibEnd
DrawDibSetPalette
DrawDibRealize
DrawDibDraw
DrawDibClose
DrawDibOpen

shell32

ShellExecuteW
SHGetFolderPathW

shlwapi

StrStrIW
PathAppendW
StrCpyNW
StrCmpLogicalW

kernel32

WriteProcessMemory
LoadLibraryW
LockResource
LoadResource
FindResourceExW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GetProcAddress
GetLastError
SetLastError
GetModuleFileNameW
GetModuleHandleExW
SizeofResource
FindResourceW
OutputDebugStringA
FreeLibrary
GetUserDefaultUILanguage
lstrlenA
lstrcmpW
WideCharToMultiByte
MultiByteToWideChar
MulDiv
GetLocaleInfoW
GetSystemDefaultLCID
EnumResourceLanguagesW
SetThreadUILanguage
GetModuleHandleW
SetThreadLocale
GetVersionExW
GetCurrentProcess
SetErrorMode
GetNativeSystemInfo
GetNumberFormatW
GetACP
FormatMessageW
GetFileAttributesW
FindClose
FindFirstFileW
LocalAlloc
LocalFree
GetTickCount
LoadLibraryExW
GlobalSize
GetWindowsDirectoryW
IsBadReadPtr
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
OpenProcess
HeapCreate
GetCurrentThreadId
GlobalReAlloc
GetLocalTime
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateFileW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
ReadFile
DeviceIoControl
GetFileSize
GetLongPathNameW
GetFullPathNameW
GetTempPathW
SetFilePointer
GetDiskFreeSpaceExW
CreateDirectoryW
FindNextFileW
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
CopyFileW
GetModuleFileNameA
VirtualQuery
FreeResource
SetEndOfFile
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
SetCurrentDirectoryW
GetCurrentDirectoryW
DuplicateHandle
UnmapViewOfFile
CreateFileMappingW
GetCurrentProcessId
MapViewOfFile
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiW
GlobalHandle
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
LeaveCriticalSection
EnterCriticalSection
ResetEvent
SetEvent
HeapDestroy
ReadProcessMemory
WaitForMultipleObjects
WaitForSingleObject
ReleaseSemaphore
VirtualFree
CreateSemaphoreW
VirtualAlloc
DisableThreadLibraryCalls
SetThreadPriority
GetThreadPriority
GetCurrentThread
CreateThread
lstrcmpiA
GetSystemTime
GetVolumeInformationW
GetDiskFreeSpaceW
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
lstrcpynW
lstrlenW
GetSystemInfo
CreateEventW

advapi32

RegDeleteKeyW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueW
RegEnumValueW

user32

IsIconic
SetForegroundWindow
GetSystemMetrics
RemoveMenu
CheckMenuRadioItem
CheckMenuItem
SetWindowPos
IsWindowEnabled
GetFocus
DrawFocusRect
GrayStringW
DrawTextExW
GetWindowTextW
GetCursor
SetCursor
GetClientRect
BeginPaint
EndPaint
DefWindowProcW
GetMessagePos
GetMessageTime
HideCaret
SetCapture
GetCapture
ReleaseCapture
ShowCaret
ClientToScreen
SetCursorPos
FillRect
CreateCaret
SetCaretPos
GetKeyState
DestroyCaret
UnregisterClassW
RegisterClassW
UpdateWindow
GetParent
GetSysColorBrush
GetSysColor
BringWindowToTop
GetCursorPos
SetFocus
WinHelpW
ScreenToClient
GetWindowTextLengthW
EnumDisplayMonitors
GetMonitorInfoW
GetDesktopWindow
GetLastActivePopup
LoadStringW
LoadMenuW
GetDC
ReleaseDC
SetProcessDefaultLayout
LoadImageW
LoadIconW
DialogBoxIndirectParamW
LoadCursorW
LoadBitmapW
DialogBoxParamW
CreateDialogIndirectParamW
CreateDialogParamW
GetMenuItemInfoW
GetMenuStringW
ModifyMenuW
EnableMenuItem
GetMenuState
DeleteMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
LoadMenuIndirectW
CreateAcceleratorTableW
LoadAcceleratorsW
EndDialog
ShowWindow
SetWindowTextW
KillTimer
SetTimer
IsDlgButtonChecked
GetDlgItemTextW
GetDlgCtrlID
SetDlgItemTextW
GetWindowRect
TrackPopupMenu
DestroyMenu
CreatePopupMenu
AppendMenuW
wsprintfW
SetWindowLongPtrW
GetWindowLongPtrW
EnableWindow
CheckDlgButton
GetDlgItem
SendMessageW
InvalidateRect
IsWindow
PostMessageW
FindWindowW
MapWindowPoints
CreateWindowExW
MonitorFromRect
GetClassInfoW
SystemParametersInfoW
SetWindowPlacement
GetWindowPlacement
GetClassNameW
EnumWindows
SetActiveWindow
CharNextA
CharNextW
DrawTextW
GetSystemMenu
SetWindowsHookExW
MessageBoxW
CallNextHookEx
UnhookWindowsHookEx
EnumDisplaySettingsW
DestroyCursor
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
DestroyWindow
wsprintfA
MoveWindow
SetWindowLongW
GetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
RegisterWindowMessageW
GetQueueStatus
DispatchMessageW
LoadStringA
CharUpperW
GetWindow

gdi32

GetTextCharset
GetDeviceCaps
SetLayout
GetPixel
SetTextAlign
CreatePatternBrush
SaveDC
IntersectClipRect
SetStretchBltMode
StretchBlt
GetLayout
SetBkMode
RestoreDC
CreatePalette
GetTextExtentPointW
SetBrushOrgEx
CreatePen
CreateCompatibleBitmap
Polygon
GetObjectW
ExtTextOutW
CreateDIBitmap
GetClipBox
GetTextFaceW
TextOutW
DeleteDC
CreateDCW
PatBlt
CreateSolidBrush
MaskBlt
BitBlt
SetBkColor
SetTextColor
CreateCompatibleDC
LineTo
GetStockObject
SetDCPenColor
SetDCBrushColor
Rectangle
MoveToEx
CreateBitmapIndirect
GetBkColor
CreateFontW
GetNearestColor
GetDCBrushColor
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
CreateBitmap
DeleteObject

msvcr90

_wtoi
calloc
wcsncat_s
_getmbcp
_mbbtype
free
__C_specific_handler
memmove
_purecall
exp
_hypot
rand
srand
log10
wcstok
pow
sin
cos
sqrt
wcsstr
wcsncpy_s
memcpy
memset
_wtoi64
wcstod
iswxdigit
_vsnwprintf
_swprintf
log10f
ceil
floor
_finite
swscanf_s
_msize
iswdigit
memcmp
_wfsopen
_wfopen_s
fclose
fflush
_vsnwprintf_s
fwprintf_s
swprintf_s
_wrename
_wremove
ftell
isspace
towupper
_wmakepath_s
_wsplitpath_s
ceilf
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__CppXcptFilter
strcpy
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
iswspace
malloc
realloc
toupper
iswalnum
_wtol

errorreport

ErrorReport_EndTrapBypass
ErrorReport_UnmanagedException
ErrorReport_StartTrapBypass

iphlpapi

GetAdaptersInfo

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

Exports

Exports

??0CLog@@QEAA@AEBV0@@Z
??0CLog@@QEAA@XZ
??0CMappingOfSfMemoryToken@@QEAA@AEBU_sfmemorytoken@@K@Z
??0CMonitored_CoInitializeEx@@QEAA@AEBV0@@Z
??0CMonitored_CoInitializeEx@@QEAA@XZ
??0COutOfProcessMemoryToken@@QEAA@AEAU_sfmemorytoken@@KH@Z
??1CLog@@UEAA@XZ
??1CMappingOfSfMemoryToken@@QEAA@XZ
??1COutOfProcessMemoryToken@@QEAA@XZ
??4CLog@@QEAAAEAV0@AEBV0@@Z
??4CMappingOfSfMemoryToken@@QEAAAEAV0@AEBV0@@Z
??4CMonitored_CoInitializeEx@@QEAAAEAV0@AEBV0@@Z
??4COutOfProcessMemoryToken@@QEAAAEAV0@AEBV0@@Z
??_7CLog@@6B@
??_7CMonitored_CoInitializeEx@@6B@
?AddRef@CMonitored_CoInitializeEx@@UEAAKXZ
?Close@CMappingOfSfMemoryToken@@QEAAXXZ
?CoInitialize@CMonitored_CoInitializeEx@@QEAAJPEAX@Z
?CoInitializeEx@CMonitored_CoInitializeEx@@QEAAJPEAXK@Z
?CoUninitialize@CMonitored_CoInitializeEx@@QEAAXXZ
?DataSize@CMappingOfSfMemoryToken@@QEAAJXZ
?Dispose@CMappingOfSfMemoryToken@@QEAAXXZ
?GetLogFileName@CLog@@QEBAPEB_WXZ
?GetMemoryToken@COutOfProcessMemoryToken@@QEAAJAEAU_sfmemorytoken@@@Z
?GetPointer@CMappingOfSfMemoryToken@@QEAAJPEAPEAX@Z
?Init@CLog@@QEAAJPEB_WW4LOGFLAGS@1@HH@Z
?Initialize@CMonitored_CoInitializeEx@@AEAAXXZ
?IsLikelyCursorFilePtr@@YA_NPEBEI@Z
?IsLikelyCursorRESPtr@@YA_NPEBEI@Z
?IsSFLANGSTRINGID@@YA_NPEAUHSFLANG__@@PEB_W@Z
?IsSfGroupCursorPtr@@YA_NPEBEI@Z
?MeterInst_SetSkinDib@@YAXPEAUtSFMETER@@PEAUtagBITMAPINFO@@PEAUtagPOINT@@@Z
?OleInitialize@CMonitored_CoInitializeEx@@QEAAJPEAX@Z
?OleUninitialize@CMonitored_CoInitializeEx@@QEAAXXZ
?OpenFile@CLog@@AEAAJXZ
?Pointer@CMappingOfSfMemoryToken@@QEAAPEAXXZ
?PostInitialize@CMonitored_CoInitializeEx@@UEAAJJKK@Z
?PostUninitialize@CMonitored_CoInitializeEx@@UEAAJK@Z
?PreInitialize@CMonitored_CoInitializeEx@@UEAAJKK@Z
?PreUninitialize@CMonitored_CoInitializeEx@@UEAAJK@Z
?QueryInterface@CMonitored_CoInitializeEx@@UEAAJAEBU_GUID@@PEAPEAX@Z
?Release@CMonitored_CoInitializeEx@@UEAAKXZ
?SFSMPTE_DeccrementByFrame@@YAXPEAU_smpteval@@K@Z
?SFSMPTE_SmpteLikeToNanos@@YA_JNPEAU_smpteval@@@Z
?SfCreateDialogTemplate@@YAPEBUDLGTEMPLATE@@PEAUHSFLANG__@@PEBU_sfdlghdrcreate@@QEBU_sfdlgctrlcreate@@@Z
?SfCreateDialogTemplateEx@@YAPEBUDLGTEMPLATE@@PEAUHSFLANG__@@PEBU_sfdlghdrcreateex@@QEBU_sfdlgctrlcreateex@@PEAG@Z
?SfDialogTemplateFromRCID@@YAJPEAUHSFLANG__@@PEB_WPEAPEBUDLGTEMPLATE@@@Z
?SfErrorHandler_AddErrorTable@@YAJPEAUHSFLANG__@@PEAU_sferror_table_rcid@@I@Z
?SfErrorHandler_AddErrorTable@@YAJPEAU_sferror_table@@I@Z
?SfErrorHandler_DumpHex@@YAIPEADIPEAXI@Z
?SfErrorHandler_DumpHexDWords@@YAIPEADIPEFAKJ@Z
?SfErrorHandler_GetErrorMessage@@YAPEA_W_KJPEB_W@Z
?SfFindDialogTemplateInResPool@@YAPEBUDLGTEMPLATE@@PEBU_SFRESPOOL@@PEAIPEB_WK@Z
?SfFindResourceInResPool@@YAPEAXPEBU_SFRESPOOL@@PEAIPEB_W2KPEAK@Z
?SfFourCCToStringCPU@@YAXHPEA_W@Z
?SfGetDialogSize@@YAHPEAUHSFLANG__@@PEBU_sfdlghdrcreate@@PEAUtagSIZE@@@Z
?SfGetDialogSizeEx@@YAHPEAUHSFLANG__@@PEBU_sfdlghdrcreateex@@PEAUtagSIZE@@@Z
?SfGetString@@YAPEB_WPEAUHSFLANG__@@I@Z
?SfGetString@@YAPEB_WPEAUHSFLANG__@@PEBQEB_W@Z
?SfGetStringSmart@@YAPEB_WPEAUHSFLANG__@@PEB_W@Z
?SfList_ConvertToInPlace@@YAJPEAPEAUtSFLIST@@PEAU1@@Z
?SfLoadString@@YAHPEAUHSFLANG__@@IPEA_WH@Z
?SfLoadString@@YAHPEAUHSFLANG__@@PEBQEB_WPEA_WH@Z
?SfMapDialogTemplate@@YAJPEBUDLGTEMPLATE@@JPEAPEAU_sfdlghdrcreateex@@@Z
?SfMsgBoxSetHook@@YAHP6AH_KPEAUHWND__@@PEB_W2I@ZK@Z
?SfPerfGetCpuClocks@@YA_KXZ
?SfPerfMapHintAlgorithm@@YAHW4SfPerfHintAlgorithm@@@Z
?SfPerfMapStatus@@YAJH@Z
?SfPerfStatusToHRESULT@@YAJW4SfPerfStatus@@@Z
?SfPerf_Initialize@@YAJXZ
?SfPerfsConj_64fc_I@@YAJPEAXH@Z
?SfPerfsDeinterleave_32f@@YAJPEBMHHPEAPEAM@Z
?SfPerfsFFTFree_C_32fc@@YAJPEAX@Z
?SfPerfsFFTFree_R_64f@@YAJPEAX@Z
?SfPerfsFFTFwd_CToC_32fc@@YAJPEBXPEAX0PEAE@Z
?SfPerfsFFTFwd_RToPerm_64f_I@@YAJPEANPEBXPEAE@Z
?SfPerfsFFTGetBufSize_C_32fc@@YAJPEBXPEAH@Z
?SfPerfsFFTGetBufSize_R_64f@@YAJPEAXPEAH@Z
?SfPerfsFFTInitAlloc_C_32fc@@YAJPEAPEAXHHW4SfPerfHintAlgorithm@@@Z
?SfPerfsFFTInitAlloc_R_64f@@YAJPEAPEAXHHW4SfPerfHintAlgorithm@@@Z
?SfPerfsFFTInv_CToC_32fc@@YAJPEBXPEAX0PEAE@Z
?SfPerfsFFTInv_PermToR_64f_I@@YAJPEANPEBXPEAE@Z
?SfPerfsFree@@YAXPEAX@Z
?SfPerfsMalloc_32f@@YAPEAMH@Z
?SfPerfsMalloc_8u@@YAPEAEH@Z
?SfPerfsMinMax_32f@@YAJPEBMHPEAM1@Z
?SfPerfsMinMax_64f@@YAJPEBNHPEAN1@Z
?SfPerfsMul_64fc_I@@YAJPEBXPEAXH@Z
?SfPerfsRandUniform_Direct_32f@@YAJPEAMHMMPEAI@Z
?SfPerfsSqrt_32f@@YAJPEBMPEAMH@Z
?SfResPoolDialogBox@@YA_JPEBU_SFRESPOOL@@PEAUHSFLANG__@@PEB_WPEAUHWND__@@P6A_J3I_K_J@Z5@Z
?SfSpike2_GetUserCompany@@YAJPEB_WPEA_WI@Z
?SfSpike2_GetUserName@@YAJPEB_WPEA_WI@Z
?SfTextToFeetAndFramesToken@@YA_JPEB_WPEBU_sfposfmt@@H@Z
?SfTextToHMSFToken@@YA_JPEB_WPEBU_sfposfmt@@HPEAPEB_W@Z
?Shutdown@CLog@@QEAAXXZ
?UnInitialize@CMonitored_CoInitializeEx@@AEAAXXZ
?Write@CLog@@QEAAJW4LOGFLAGS@1@PEB_WH1ZZ
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
Edit_CursorToEnd
FaderInitialize
FaderInst_DefScrollProc
FaderInst_Deinit
FaderInst_Draw
FaderInst_DrawThumb
FaderInst_GetMinSize
FaderInst_GetSize
FaderInst_Init
FaderInst_IsStereo
FaderInst_Message
FaderInst_Move
FaderInst_SetId
FaderInst_SetOwnerHwnd
FaderInst_SetScrollProc
FaderInst_SetThumbBitmap
FaderInst_SetThumbImageList
FaderTerminate
Fader_DefScrollProc
Internet_BrowseWebPage
Internet_MailFile
Internet_SendFeedback
Internet_SendMail
MeterInitialize
MeterInst_ContextMenu
MeterInst_Deinit
MeterInst_Draw
MeterInst_GetSize
MeterInst_Init
MeterInst_Message
MeterInst_Move
MeterInst_SetOwnerHwnd
MeterTerminate
PlexiglasInitialize
PlexiglasTerminate
SFSMPTE_AddSMPTE
SFSMPTE_FrameCountToSMPTE
SFSMPTE_IncrementByFrame
SFSMPTE_NanoToSMPTE
SFSMPTE_SMPTECompare
SFSMPTE_SMPTEToFrameCount
SFSMPTE_SMPTEToNanos
SFSMPTE_SubtractSMPTE
SFSMPTE_TextToSMPTE
SfActivatePrevAppInstance
SfAddExtensionToPathName
SfAddSlashToPathName
SfAllowCPUSupport
SfAppendToPathName
SfBeep
SfBitmapColorTranslate
SfBltStandardUIGlyph
SfCalcPathEllipsis
SfCalcPathEllipsisEx
SfCalcPathEllipsisExCtl
SfCalcStringEllipsis
SfCalcStringEllipsisFromEnd
SfCanMoveFolder
SfCchPrintF
SfChannelizeStereoName
SfCleanMenu
SfColorrefToText
SfColorrefToTextEx
SfComposeStr
SfComputeWndCenter
SfCopyHandle
SfCreateBitmapMask
SfCreateDialogIndirectParam
SfCreateDialogParam
SfCreateDirectory
SfCreateTempFileAndName
SfCreateTempFileAndNameEx
SfCreateToolbarEmpty
SfCullMenu
SfDWordLongToText
SfDWordLongToTextN
SfDWordToText
SfDWordToTextN
SfDeleteDirectoryTree
SfDeleteFiles
SfDeleteMetric
SfDeleteMetricUsingName
SfDeltaMicrosecEx
SfDeltaMillisecEx
SfDialogBoxIndirectParam
SfDialogBoxParam
SfDirectoryUpOneLevel
SfDisallowCPUSupport
SfDlgDeltaControlMove
SfDlgDeltaControlSize
SfDlgEnableControls
SfDlgGetControlRect
SfDlgInitFont
SfDlgShowControls
SfDlgUndropComboBox
SfDlgWhichRadioButton
SfDllCreateInstance
SfDllCreateInstanceFromFile
SfDoesFileExist
SfDoesMetricExist
SfDosGetDateTime
SfDosGetDateTimeUTC
SfDoubleToText
SfDoubleToTextN
SfDrawEdge
SfDrawOutline
SfDrawStandardUIGlyph
SfEnableAllMenuItems
SfEnumResourceLanguages
SfErrorHandler_ComposeErrorText
SfErrorHandler_DetailsAddString
SfErrorHandler_DetailsInfo
SfErrorHandler_DetailsInit
SfErrorHandler_DetailsSetHyperlink
SfErrorHandler_DumpExceptionRecord
SfErrorHandler_ExceptionFilter
SfErrorHandler_GetContextString
SfErrorHandler_GetHresultString
SfErrorHandler_GetLastError
SfErrorHandler_MsgBox
SfErrorHandler_MsgBoxText
SfErrorHandler_TranslateCommDlgError
SfErrorHandler_TranslateWin32Error
SfExtractResourceToFile
SfFilenameFormat
SfFilenameFormatForCtl
SfFilenameFormatForWidth
SfFilenameLogicalCompare
SfFindResInstance
SfFindResource
SfFindResourceMulti
SfFindSubMenu
SfFixNameForMenu
SfFixWindowPlacement
SfForcePopupRectOntoDesktop
SfForceRectOntoDesktop
SfFormatDecimalNumber
SfFormatDiskFreeSpace
SfFormatFileSize
SfFormatGroupDecimalNumber
SfFormatNumber
SfFourCCToString
SfFreeUIColoredObjects
SfGetAppInstanceCount
SfGetBasePathRelative
SfGetByteSizeText
SfGetByteSizeText2
SfGetByteSizeTextWithSpace
SfGetCPUSupport
SfGetDateTime
SfGetDialogSize
SfGetDialogSizeIndirect
SfGetDialogUnitsForFont
SfGetDirectorySize
SfGetDiskFreeSpace
SfGetDiskTotalSpace
SfGetFileExecutableInfo
SfGetFileNameExtensionPtrA
SfGetFileNameExtensionPtrW
SfGetFileNamePtrA
SfGetFileNamePtrRelative
SfGetFileNamePtrW
SfGetFileNameWithoutPathOrExtension
SfGetFileSizeByName
SfGetFontSize
SfGetFullPathName
SfGetInat
SfGetInatN
SfGetKernelCursorBits
SfGetLabeledStringFixed
SfGetLabeledStringFloat
SfGetLocale
SfGetLongPathName
SfGetMetric
SfGetMetricAny
SfGetMetricBinary
SfGetMetricBinaryEx
SfGetMetricBool
SfGetMetricEx
SfGetMetricMultiStringEx
SfGetMetricStream
SfGetMetricStringEx
SfGetMetricUsingName
SfGetMicrosec
SfGetMicrosecEx
SfGetMillisec
SfGetMillisecEx
SfGetModuleFileName
SfGetModulePath
SfGetMultiByteFromPrintString
SfGetOS
SfGetOSSupport
SfGetPathNameFromFilePath
SfGetPrintFromMultiByteString
SfGetPrintFromWideString
SfGetPrivateProfileColorref
SfGetProcessorCount
SfGetRealClientRect
SfGetRootPathFromFilePath
SfGetSharedComponentsFolder
SfGetSpecialFolderNoVer
SfGetSpecialFolderVer
SfGetSpecialSonyDefaultFolderName
SfGetSpecialSonyFolder
SfGetSubmenuByID
SfGetSysColor
SfGetTempPath
SfGetTempStringBuffer
SfGetTextExtent
SfGetToolbarSize
SfGetUIBrush
SfGetUIColor
SfGetUIColorAbsolute
SfGetUICursor
SfGetUIFont
SfGetUIFontCharset
SfGetUIFontSize
SfGetUIPen
SfGetUIPenWithStyle
SfGetUniqueSubFolder
SfGetWideFromPrintString
SfGetdBStringFixed
SfGetdBStringFloat
SfGrayAllMenuItems
SfGrayMenu
SfGuidFromString
SfGuidToString
SfHMSFToNanoTime
SfHSLtoRGB
SfHelp_ContextHelp
SfHelp_ContextPopupHelp
SfHelp_CreateHelpFilePath
SfHelp_CreateHelpFilePathEX
SfHelp_CreatePluginHelpFilePath
SfHelp_CreateSharedHelpFilePath
SfHelp_CreateUnsharedHelpFilePath
SfHelp_GetHelpFilePath
SfHelp_HitTestToolbar
SfHelp_SetHelpFilePath
SfHexToDWordLongToken
SfHexToDWordLongTokenEx
SfHexToDWordToken
SfHexToDWordTokenEx
SfImageList_LoadImage
SfIsAllMonitorsHighColor
SfIsDirectoryEmpty
SfIsDirectoryEmptyRecursive
SfIsDirectoryWritable
SfIsExplorerFileExtHidden
SfIsFileExecutable
SfIsFileWritable
SfIsHiddenFolderByDefault
SfIsHighColor
SfIsHighColorDisplay
SfIsMatchWildCard
SfIsMouseInControl
SfIsOS64Bit
SfIsPowerUser
SfIsWin95
SfIsWindowCaptionVisible
SfKernel_EarlyInitialize
SfKernel_GetAppKernel
SfKernel_GetAppKernelPathName
SfKernel_LateTerminate
SfKernel_SetSplash
SfKernel_UserPrefChanges
SfLang_ChangeLangInst
SfLang_Close
SfLang_DetectMultiByteCharacters
SfLang_DetectPossibleCodepage
SfLang_DisableProcessMirroring
SfLang_EnableProcessMirroring
SfLang_GetConditionedLCID
SfLang_GetInternationals
SfLang_GetLCID
SfLang_GetLangAbbrev
SfLang_GetLangllCC
SfLang_InstFromLang
SfLang_IsLCIDEnglish
SfLang_IsNameOrderReversed
SfLang_LoadUserLCIDMetric
SfLang_LoadUserLCIDMetricAppReg
SfLang_LocalizeUserName
SfLang_Open
SfLang_SaveUserLCIDMetric
SfLang_SaveUserLCIDMetricAppReg
SfLang_UpdateKernelLCID
SfLang_UpdateThreadLocale
SfLang_UseRTL
SfLineupHookWithMainDialog
SfList_AllocAndInsertItem
SfList_AllocItem
SfList_AllocSize
SfList_ArrayForceItemCount
SfList_CreateExZ
SfList_DeleteList
SfList_Destroy
SfList_FindItemRange
SfList_FindSortedInsertIndexRange
SfList_FindSortedItemRange
SfList_FindSpecificItemRange
SfList_GetCreateOptions
SfList_GetFileAndLine
SfList_GetSortCriteria
SfList_GetThreadOwner
SfList_GetUserData
SfList_GrowAllocated
SfList_HeapSort
SfList_InsertList
SfList_IsList
SfList_IsListFast
SfList_IsValidIndexSlow
SfList_MoveItemsBetweenHeapLists
SfList_MoveRange
SfList_ReAllocItem
SfList_SetThreadOwner
SfList_SetUserData
SfList_ShrinkAllocated
SfList_Sort
SfList_SortTo
SfLoadAccelerators
SfLoadBitmap
SfLoadCulledMenu
SfLoadCursor
SfLoadCursorFromBits
SfLoadCursorFromBitsEx
SfLoadIcon
SfLoadImage
SfLoadKernelCursor
SfLoadMenu
SfLoadResource
SfLoadResourceCustom
SfLoadUIBitmapEx
SfLoadUIColors
SfLoadWindowPlacement
SfLongLongToText
SfLongLongToTextN
SfLongToText
SfLongToTextN
SfMEditPrintF
SfMarker_Create
SfMeasuresAndTicksToText
SfMenuReplaceTokens
SfMessageBox
SfMetricGetName
SfMetric_Close
SfMetric_CloseAndDeleteKey
SfMetric_DeleteAll
SfMetric_DeleteAllHiveAndVersion
SfMetric_DeleteKey
SfMetric_DeleteKeyHiveAndVersion
SfMetric_DeleteUserMetrics
SfMetric_Open
SfMetric_OpenAppVersion
SfMetric_OpenRegHiveAndVersion
SfMetric_OpenSubKey
SfMoveFolder
SfMsgBoxF
SfMsgBoxId
SfMsgBoxNoF
SfMsgBoxSetAppData
SfMsgBoxSetNoUIHook
SfMsgBox_CustomExF
SfMsgBox_CustomExLinkF
SfMsgBox_CustomExNoF
SfMsgBox_CustomF
SfMsgBox_CustomNoF
SfMsgBox_TitledF
SfMsgBox_TitledNoF
SfNVPrintF
SfNanoTimeToHMSF
SfNanoTimeToMeasures
SfNanoTimeToText
SfNanoTimeToTextEx
SfNanoTimeToTextExN
SfNanoTimeToTextFormat
SfNanoTimeToTextFormatN
SfNanoTimeToTextN
SfOSVersionOK
SfOleInit
SfOnlyAllowCPUSupport
SfPrepareName
SfPrintF
SfPrintF_AddToken
SfPrintF_DeleteToken
SfQualifyPath
SfRGBtoHSL
SfReadFile
SfReadIStream
SfRegDeleteKey
SfRegGetSubKeyCount
SfRegisterClass
SfRegisterServer
SfRemoveSlashFromPathNameEnd
SfReplaceBasePathRelative
SfReplaceExtensionOnPathName
SfSaveUIColors

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

sflang_t
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

strings
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

strings2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

strings3
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

strings4
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/protects.dll
.dll windows:4 windows x86 arch:x86

Password: new!

51ff02966290196a04c26ac9d0347d63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3dx9_25

D3DXCreateRenderToSurface

user32

GetWindowRect
MessageBoxW

comctl32

ord17

advapi32

RegQueryValueExA

kernel32

GetCPInfo
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

SelectObject

wsock32

recvfrom

winmm

timeBeginPeriod

psapi

GetProcessMemoryInfo

bass

BASS_StreamGetFilePosition

shell32

ExtractIconA

Sections

.text
Size: 840KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.poop0
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.poop1
Size: 924KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.poop2
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources.pak
vcomp140.dll
.dll windows:6 windows x64 arch:x64

Password: new!

b0dceb96b51d2648c4e665c9ec09b163

Code Sign

33:00:00:01:e2:f1:7d:92:02:0e:49:f8:7f:00:00:00:00:01:e2
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:31

Not After

02-12-2021 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:4d:9a:15:91:5d:9b:49:c6:84:93:9f:70:a4:88:da:bc:33:e6:9b:eb:78:5a:02:74:0d:26:6e:d7:b5:21:23
Signer

Actual PE Digest

6a:4d:9a:15:91:5d:9b:49:c6:84:93:9f:70:a4:88:da:bc:33:e6:9b:eb:78:5a:02:74:0d:26:6e:d7:b5:21:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb

Imports

kernel32

FormatMessageW
OutputDebugStringW
LocalAlloc
LocalFree
GetConsoleWindow
GetConsoleScreenBufferInfo
WriteConsoleW
WideCharToMultiByte
WriteFile
GetLastError
GetCurrentThreadId
HeapFree
GetProcessHeap
UnhandledExceptionFilter
CloseHandle
WaitForSingleObjectEx
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapAlloc
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTickCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
Sleep
SwitchToThread
ExitProcess
GetStdHandle
CreateThread
QueueUserWorkItem
CreateEventW
LoadLibraryExW
FreeLibrary
GetProcAddress
VirtualAlloc
GetModuleHandleW
VirtualProtect
VirtualFree
GetNativeSystemInfo
QueryPerformanceFrequency
GetSystemTimeAdjustment
GetEnvironmentVariableW
lstrlenW
lstrcmpiW
GetStringTypeExW
ResetEvent
GetCurrentProcess
EncodePointer
DecodePointer
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
FindResourceExW
LoadResource
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
RtlUnwindEx
SetLastError
IsDebuggerPresent
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
LCMapStringW
SetFilePointerEx
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
RaiseException
CreateFileW
RtlPcToFileHeader

Exports

Exports

C2VectParallel
_vcomp_atomic_add_i1
_vcomp_atomic_add_i2
_vcomp_atomic_add_i4
_vcomp_atomic_add_i8
_vcomp_atomic_add_r4
_vcomp_atomic_add_r8
_vcomp_atomic_and_i1
_vcomp_atomic_and_i2
_vcomp_atomic_and_i4
_vcomp_atomic_and_i8
_vcomp_atomic_div_i1
_vcomp_atomic_div_i2
_vcomp_atomic_div_i4
_vcomp_atomic_div_i8
_vcomp_atomic_div_r4
_vcomp_atomic_div_r8
_vcomp_atomic_div_ui1
_vcomp_atomic_div_ui2
_vcomp_atomic_div_ui4
_vcomp_atomic_div_ui8
_vcomp_atomic_mul_i1
_vcomp_atomic_mul_i2
_vcomp_atomic_mul_i4
_vcomp_atomic_mul_i8
_vcomp_atomic_mul_r4
_vcomp_atomic_mul_r8
_vcomp_atomic_or_i1
_vcomp_atomic_or_i2
_vcomp_atomic_or_i4
_vcomp_atomic_or_i8
_vcomp_atomic_shl_i1
_vcomp_atomic_shl_i2
_vcomp_atomic_shl_i4
_vcomp_atomic_shl_i8
_vcomp_atomic_shr_i1
_vcomp_atomic_shr_i2
_vcomp_atomic_shr_i4
_vcomp_atomic_shr_i8
_vcomp_atomic_shr_ui1
_vcomp_atomic_shr_ui2
_vcomp_atomic_shr_ui4
_vcomp_atomic_shr_ui8
_vcomp_atomic_sub_i1
_vcomp_atomic_sub_i2
_vcomp_atomic_sub_i4
_vcomp_atomic_sub_i8
_vcomp_atomic_sub_r4
_vcomp_atomic_sub_r8
_vcomp_atomic_xor_i1
_vcomp_atomic_xor_i2
_vcomp_atomic_xor_i4
_vcomp_atomic_xor_i8
_vcomp_barrier
_vcomp_copyprivate_broadcast
_vcomp_copyprivate_receive
_vcomp_enter_critsect
_vcomp_flush
_vcomp_for_dynamic_init
_vcomp_for_dynamic_init_i8
_vcomp_for_dynamic_next
_vcomp_for_dynamic_next_i8
_vcomp_for_static_end
_vcomp_for_static_init
_vcomp_for_static_init_i8
_vcomp_for_static_simple_init
_vcomp_for_static_simple_init_i8
_vcomp_fork
_vcomp_get_thread_num
_vcomp_leave_critsect
_vcomp_master_barrier
_vcomp_master_begin
_vcomp_master_end
_vcomp_ordered_begin
_vcomp_ordered_end
_vcomp_ordered_loop_end
_vcomp_reduction_i1
_vcomp_reduction_i2
_vcomp_reduction_i4
_vcomp_reduction_i8
_vcomp_reduction_r4
_vcomp_reduction_r8
_vcomp_reduction_u1
_vcomp_reduction_u2
_vcomp_reduction_u4
_vcomp_reduction_u8
_vcomp_sections_init
_vcomp_sections_next
_vcomp_set_num_threads
_vcomp_single_begin
_vcomp_single_end
omp_destroy_lock
omp_destroy_nest_lock
omp_get_dynamic
omp_get_max_threads
omp_get_nested
omp_get_num_procs
omp_get_num_threads
omp_get_thread_num
omp_get_wtick
omp_get_wtime
omp_in_parallel
omp_init_lock
omp_init_nest_lock
omp_set_dynamic
omp_set_lock
omp_set_nest_lock
omp_set_nested
omp_set_num_threads
omp_test_lock
omp_test_nest_lock
omp_unset_lock
omp_unset_nest_lock

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcruntime140.dll
.dll windows:6 windows x64 arch:x64

44c3854843f7a3fccdf8ddbbea66f302

Code Sign

33:00:00:01:e2:f1:7d:92:02:0e:49:f8:7f:00:00:00:00:01:e2
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:31

Not After

02-12-2021 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:83:e8:fe:9b:12:41:fc:30:39:3a:38:a0:12:16:d8:7c:73:43:56:72:48:ca:1e:25:f6:f1:cb:95:e8:ff:06
Signer

Actual PE Digest

f7:83:e8:fe:9b:12:41:fc:30:39:3a:38:a0:12:16:d8:7c:73:43:56:72:48:ca:1e:25:f6:f1:cb:95:e8:ff:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

SetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
GetModuleFileNameW

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/49F631DB-450A-4108-8F5C-434AF3FEE6DC.DLL
.dll windows:6 windows x64 arch:x64

488affe452253181da24e5440bce1303

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:87:e0:ec:1d:ff:09:23:30:64:df:b2:7d:53:72:a2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-06-2021 00:00

Not After

19-07-2022 23:59

Subject

CN=Pango Inc.,O=Pango Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:a4:6b:55:90:74:a0:30:16:04:7d:12:91:cb:8d:09:c1:0b:74:85:e6:b3:5d:e7:96:71:93:0f:ab:4e:32:2f
Signer

Actual PE Digest

d7:a4:6b:55:90:74:a0:30:16:04:7d:12:91:cb:8d:09:c1:0b:74:85:e6:b3:5d:e7:96:71:93:0f:ab:4e:32:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\barter\Documents\Sources\AF\HydraBuild\build_x64\Release\afvpn.pdb

Imports

ws2_32

htonl
WSAIoctl
select
WSAGetOverlappedResult
getprotobynumber
getservbyname
WSASend
WSARecv
listen
closesocket
accept
WSACleanup
getsockopt
ioctlsocket
WSASetLastError
send
sendto
recvfrom
connect
shutdown
recv
WSAGetLastError
setsockopt
freeaddrinfo
getaddrinfo
inet_addr
socket
bind
inet_ntop
htons
getsockname
inet_pton
ntohs
ntohl
inet_ntoa
getpeername

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

kernel32

LCMapStringW
CompareStringW
GetDateFormatW
GetModuleFileNameW
GetTimeZoneInformation
FreeLibraryAndExitThread
ResumeThread
SetFilePointerEx
HeapAlloc
HeapFree
GetCurrentDirectoryW
GetFullPathNameW
GetTimeFormatW
HeapReAlloc
GetSystemTimeAsFileTime
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CreateThread
GetCurrentThreadId
ExitThread
ReadFile
WriteFile
GetLastError
DeviceIoControl
GetOverlappedResult
WaitForMultipleObjects
GetTickCount
SetLastError
GetSystemTime
GetConsoleCP
RtlVirtualUnwind
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
GetModuleHandleExW
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
TryEnterCriticalSection
UnmapViewOfFile
LocalAlloc
LocalFree
FormatMessageA
QueryPerformanceFrequency
Sleep
GetVersion
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseSemaphore
CreateSemaphoreA
SwitchToThread
GetModuleHandleA
SetStdHandle
SetConsoleCtrlHandler
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
SetEndOfFile
FlushFileBuffers
GetFileSizeEx
HeapSize
GetCPInfo
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
WriteConsoleW
SystemTimeToFileTime
GetSystemDirectoryA
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
LoadLibraryExW
RaiseException
CreateFileW
GetDriveTypeW

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

shell32

SHGetSpecialFolderPathA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptAcquireContextA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

Exports

Exports

af_get_id_from_nr_ip
af_get_nr_ip_from_id
af_is_non_routable_ip
af_private_marker
hydra_add_client_callback
hydra_bypass_rule_per_ip_get
hydra_bypass_rule_per_ip_set
hydra_client_disconnect_all_rpools
hydra_cmd_request
hydra_cmd_setcb
hydra_config
hydra_current_scanned_conns
hydra_custom_categ_rules_apply
hydra_err_info
hydra_fini
hydra_free
hydra_get_global_session_id
hydra_get_status
hydra_info
hydra_info_cold
hydra_init
hydra_init_with_cert
hydra_log_method_set
hydra_main_loop
hydra_main_loop_run_footer
hydra_main_loop_run_header
hydra_main_loop_run_iteration
hydra_resource_request_categ
hydra_resource_request_count
hydra_resource_request_free
hydra_resource_request_get
hydra_resource_request_new
hydra_resource_request_op
hydra_resource_request_pointer
hydra_resource_request_result_get
hydra_resource_request_set
hydra_resource_request_type
hydra_restart
hydra_running
hydra_sd_cleanup
hydra_sd_compat_config
hydra_sd_compat_fini
hydra_sd_compat_free_conn_info
hydra_sd_compat_get_main_conn_info
hydra_sd_compat_init
hydra_sd_compat_init_with_cert
hydra_sd_compat_restart
hydra_sd_compat_stop
hydra_sd_free_conn_log
hydra_sd_get_conn_log
hydra_sd_get_exports
hydra_sd_init
hydra_sd_start
hydra_sd_stop
hydra_sd_use_custom_config
hydra_set_local_port_chosen_cb
hydra_set_network_type_req_cb
hydra_set_persistent_storage_req_cb
hydra_stats_request
hydra_sticky_conns_set
hydra_stop
hydra_total_scanned_conns
hydra_total_scanned_conns_from_file
hydra_total_scanned_conns_reset
hydra_update_package_info
hydra_version_info

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/afvpn.dll
.dll windows:6 windows x64 arch:x64

488affe452253181da24e5440bce1303

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:87:e0:ec:1d:ff:09:23:30:64:df:b2:7d:53:72:a2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-06-2021 00:00

Not After

19-07-2022 23:59

Subject

CN=Pango Inc.,O=Pango Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:a4:6b:55:90:74:a0:30:16:04:7d:12:91:cb:8d:09:c1:0b:74:85:e6:b3:5d:e7:96:71:93:0f:ab:4e:32:2f
Signer

Actual PE Digest

d7:a4:6b:55:90:74:a0:30:16:04:7d:12:91:cb:8d:09:c1:0b:74:85:e6:b3:5d:e7:96:71:93:0f:ab:4e:32:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\barter\Documents\Sources\AF\HydraBuild\build_x64\Release\afvpn.pdb

Imports

ws2_32

htonl
WSAIoctl
select
WSAGetOverlappedResult
getprotobynumber
getservbyname
WSASend
WSARecv
listen
closesocket
accept
WSACleanup
getsockopt
ioctlsocket
WSASetLastError
send
sendto
recvfrom
connect
shutdown
recv
WSAGetLastError
setsockopt
freeaddrinfo
getaddrinfo
inet_addr
socket
bind
inet_ntop
htons
getsockname
inet_pton
ntohs
ntohl
inet_ntoa
getpeername

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

kernel32

LCMapStringW
CompareStringW
GetDateFormatW
GetModuleFileNameW
GetTimeZoneInformation
FreeLibraryAndExitThread
ResumeThread
SetFilePointerEx
HeapAlloc
HeapFree
GetCurrentDirectoryW
GetFullPathNameW
GetTimeFormatW
HeapReAlloc
GetSystemTimeAsFileTime
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CreateThread
GetCurrentThreadId
ExitThread
ReadFile
WriteFile
GetLastError
DeviceIoControl
GetOverlappedResult
WaitForMultipleObjects
GetTickCount
SetLastError
GetSystemTime
GetConsoleCP
RtlVirtualUnwind
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
GetModuleHandleExW
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
TryEnterCriticalSection
UnmapViewOfFile
LocalAlloc
LocalFree
FormatMessageA
QueryPerformanceFrequency
Sleep
GetVersion
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseSemaphore
CreateSemaphoreA
SwitchToThread
GetModuleHandleA
SetStdHandle
SetConsoleCtrlHandler
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
SetEndOfFile
FlushFileBuffers
GetFileSizeEx
HeapSize
GetCPInfo
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
WriteConsoleW
SystemTimeToFileTime
GetSystemDirectoryA
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
LoadLibraryExW
RaiseException
CreateFileW
GetDriveTypeW

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

shell32

SHGetSpecialFolderPathA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptAcquireContextA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

Exports

Exports

af_get_id_from_nr_ip
af_get_nr_ip_from_id
af_is_non_routable_ip
af_private_marker
hydra_add_client_callback
hydra_bypass_rule_per_ip_get
hydra_bypass_rule_per_ip_set
hydra_client_disconnect_all_rpools
hydra_cmd_request
hydra_cmd_setcb
hydra_config
hydra_current_scanned_conns
hydra_custom_categ_rules_apply
hydra_err_info
hydra_fini
hydra_free
hydra_get_global_session_id
hydra_get_status
hydra_info
hydra_info_cold
hydra_init
hydra_init_with_cert
hydra_log_method_set
hydra_main_loop
hydra_main_loop_run_footer
hydra_main_loop_run_header
hydra_main_loop_run_iteration
hydra_resource_request_categ
hydra_resource_request_count
hydra_resource_request_free
hydra_resource_request_get
hydra_resource_request_new
hydra_resource_request_op
hydra_resource_request_pointer
hydra_resource_request_result_get
hydra_resource_request_set
hydra_resource_request_type
hydra_restart
hydra_running
hydra_sd_cleanup
hydra_sd_compat_config
hydra_sd_compat_fini
hydra_sd_compat_free_conn_info
hydra_sd_compat_get_main_conn_info
hydra_sd_compat_init
hydra_sd_compat_init_with_cert
hydra_sd_compat_restart
hydra_sd_compat_stop
hydra_sd_free_conn_log
hydra_sd_get_conn_log
hydra_sd_get_exports
hydra_sd_init
hydra_sd_start
hydra_sd_stop
hydra_sd_use_custom_config
hydra_set_local_port_chosen_cb
hydra_set_network_type_req_cb
hydra_set_persistent_storage_req_cb
hydra_stats_request
hydra_sticky_conns_set
hydra_stop
hydra_total_scanned_conns
hydra_total_scanned_conns_from_file
hydra_total_scanned_conns_reset
hydra_update_package_info
hydra_version_info

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/nfapi.dll
.dll windows:6 windows x64 arch:x64

821e6cc0f934b88c1fca8826590c624b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:87:e0:ec:1d:ff:09:23:30:64:df:b2:7d:53:72:a2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-06-2021 00:00

Not After

19-07-2022 23:59

Subject

CN=Pango Inc.,O=Pango Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:08:de:0c:ea:bc:ea:e1:c2:51:84:25:3c:54:6c:a0:ae:df:8e:41:23:a0:07:ab:38:9f:70:d8:18:bb:a2:af
Signer

Actual PE Digest

95:08:de:0c:ea:bc:ea:e1:c2:51:84:25:3c:54:6c:a0:ae:df:8e:41:23:a0:07:ab:38:9f:70:d8:18:bb:a2:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\win-nfsdk\nfapi\Release_c_api\x64\nfapi.pdb

Imports

kernel32

CancelIo
GetOverlappedResult
ReadFile
DeviceIoControl
GetProcAddress
GetModuleHandleA
OpenProcess
GetLastError
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
SetLastError
CreateFileA
GetVersionExA
WriteConsoleW
WriteFile
GetTickCount
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetSystemInfo
ResetEvent
CreateEventA
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcessId
EnterCriticalSection
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapFree
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode

advapi32

RegQueryValueExA
DeleteService
RegSetValueExA
QueryServiceStatus
OpenServiceA
StartServiceA
CloseServiceHandle
CreateServiceW
OpenSCManagerA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

psapi

GetModuleFileNameExA
GetModuleFileNameExW

Exports

Exports

nf_addBindingRule
nf_addFlowCtl
nf_addRule
nf_addRuleEx
nf_adjustProcessPriviledges
nf_completeTCPConnectRequest
nf_completeUDPConnectRequest
nf_deleteBindingRules
nf_deleteFlowCtl
nf_deleteRules
nf_free
nf_getConnCount
nf_getDriverType
nf_getFlowCtlStat
nf_getProcessNameA
nf_getProcessNameFromKernel
nf_getProcessNameW
nf_getTCPConnInfo
nf_getTCPStat
nf_getUDPConnInfo
nf_getUDPStat
nf_init
nf_ipPostReceive
nf_ipPostSend
nf_modifyFlowCtl
nf_registerDriver
nf_registerDriverEx
nf_setIPEventHandler
nf_setOptions
nf_setRules
nf_setRulesEx
nf_setTCPFlowCtl
nf_setTCPTimeout
nf_setUDPFlowCtl
nf_tcpClose
nf_tcpDisableFiltering
nf_tcpIsProxy
nf_tcpPostReceive
nf_tcpPostSend
nf_tcpSetConnectionState
nf_tcpSetSockOpt
nf_udpDisableFiltering
nf_udpPostReceive
nf_udpPostSend
nf_udpSetConnectionState
nf_unRegisterDriver

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: new!

Password: new!

b28a7df3b3506a3ad155d3f99aa29899

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

Sections

.text Size: 538KB - Virtual size: 538KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 304KB - Virtual size: 310KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 20KB - Virtual size: 20KB

Password: new!

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 617KB - Virtual size: 616KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: new!

d43ebc0254e6de9c3c74fdd8b2c324c5

Code Sign

57:1c:5f:05:7e:b9:03:c6:51:87:11:e1:56:c4:e7:5fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

45:6e:c1:b4:34:89:c8:50:1e:cc:1f:ad:44:fe:3c:b5:95:76:86:9c:7a:55:a9:12:d8:ba:02:88:7b:4a:1f:51Signer

Headers

File Characteristics

PDB Paths

Imports

version

shlwapi

msvcp90

ole32

oleaut32

kernel32

msvcr90

shell32

psapi

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 270B

Password: new!

4a2f054959cb8df136c59793c4706eb2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx9_43

lua51

.text
Size: 538KB - Virtual size: 538KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 304KB - Virtual size: 310KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 617KB - Virtual size: 616KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

57:1c:5f:05:7e:b9:03:c6:51:87:11:e1:56:c4:e7:5f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

45:6e:c1:b4:34:89:c8:50:1e:cc:1f:ad:44:fe:3c:b5:95:76:86:9c:7a:55:a9:12:d8:ba:02:88:7b:4a:1f:51
Signer

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 270B

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 279KB - Virtual size: 279KB

.data
Size: 32KB - Virtual size: 53KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

_RDATA
Size: 1KB - Virtual size: 1KB

.reloc
Size: 148KB - Virtual size: 148KB

57:1c:5f:05:7e:b9:03:c6:51:87:11:e1:56:c4:e7:5f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

29:33:16:62:3e:89:0a:af:9a:6e:b1:86:ce:87:e5:00:50:1f:cf:b6:97:9c:5c:12:7d:27:08:9f:2f:7b:2a:32
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

RT_CODE
Size: 2KB - Virtual size: 2KB

.rdata
Size: 279KB - Virtual size: 278KB

.data
Size: 64KB - Virtual size: 128KB

.pdata
Size: 44KB - Virtual size: 44KB

sflang_t
Size: 64KB - Virtual size: 64KB

strings
Size: 566KB - Virtual size: 566KB

strings2
Size: 7KB - Virtual size: 7KB

strings3
Size: 9KB - Virtual size: 9KB

strings4
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 125KB - Virtual size: 125KB

.reloc
Size: 30KB - Virtual size: 30KB