Glock[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Glock.zip
Size

6.0MB
MD5

9ed6f6b4297ec45a65e2f3710a7e7160
SHA1

dedd65e26872f818f3b82ac7c6213010d8db8a09
SHA256

f82813b53fe8d5c54c37fe392a00227c1ca706a87f86682d470141a6dc339968
SHA512

698a9f7de9e0fd43c9e10588885cae76f15442c8fece3cc83c1bb6345ef28c0553f6c087f853f37e5304518a181ee5705823f8a873129469c104f21caf44f11c
SSDEEP

98304:S+fbkeTM0CX/wrPZbOso4TiMdbeRKBh1atsBmBuEqBZY3c6Bxp/yT6N9FaGd+4+i:SAVPZysJiMJBhktzqnYXbp/7SH4+JLE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack006/Glock/setup (GLOCK V2).exe	themida

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack006/Glock/setup (GLOCK V1) (OUTDATED, HACTIFY.RU VERSION).exe
unpack006/Glock/setup (GLOCK V1) (OUTDATED, ZELO VERSION).exe
unpack006/Glock/setup (GLOCK V1) (UPDATED).exe
unpack006/Glock/setup (GLOCK V2).exe
unpack006/Glock/setup (GLOCK V2.6).exe
unpack006/Glock/setup (GLOCK V2.7).exe

Files

Glock.zip
.zip
!!! READ ME !!!.txt
Glock.rar
.rar .zip polyglot
Glock.zip
.zip
Glock L.rar
.rar
Glock.rar
.rar
Glock L.rar
.rar
Glock/how to use glock 2.7.txt
Glock/setup (GLOCK V1) (OUTDATED, HACTIFY.RU VERSION).exe
.exe windows:6 windows x86 arch:x86

24342c54a3f9388f9cea99c3643ecd2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\repo\C++\minecraft clickers\users\kirxo\examples\example_glfw_opengl3\Release\example_glfw_opengl3.pdb

Imports

opengl32

wglGetProcAddress

kernel32

QueryPerformanceCounter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetLastError
SetLastError
FormatMessageA
WaitForSingleObjectEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GlobalAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceFrequency
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CreateThread
CloseHandle
GlobalFree
GlobalLock
Sleep
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
FindFirstFileW
GetConsoleScreenBufferInfo
SetConsoleTitleA
InitializeSListHead
GetFullPathNameW
FindNextFileW
SetConsoleScreenBufferSize
GetStdHandle
FindClose
GetModuleHandleW
CreateProcessA
IsDebuggerPresent
GetConsoleWindow

user32

ChangeDisplaySettingsExW
GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplayDevicesW
DispatchMessageW
LoadImageW
EnumDisplaySettingsExW
EnumDisplaySettingsW
RegisterDeviceNotificationW
SystemParametersInfoW
RegisterClassExW
GetPropW
DefWindowProcW
TrackMouseEvent
ReleaseCapture
SetCapture
PtInRect
CopyIcon
WindowFromPoint
LoadCursorW
SetCursor
SetCursorPos
GetCursorPos
ScreenToClient
IsZoomed
IsWindowVisible
IsIconic
GetActiveWindow
GetWindowLongW
SetWindowLongW
BringWindowToTop
SetForegroundWindow
SetFocus
DestroyIcon
UnregisterClassW
RemovePropW
DestroyWindow
CreateWindowExW
SetPropW
SetWindowPos
GetMessageTime
PeekMessageW
GetAsyncKeyState
GetKeyState
GetClientRect
ClientToScreen
ClipCursor
AdjustWindowRectEx
GetDC
MessageBoxA
GetWindowRect
ShowWindow
EnumWindows
GetDesktopWindow
GetWindowTextLengthA
FindWindowA
SendInput
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetMessageA
OpenClipboard
mouse_event
GetForegroundWindow
GetWindowTextA
TranslateMessage
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetWindowTextW

gdi32

SetDeviceGammaRamp
DescribePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceCaps
CreateDCW
DeleteDC

advapi32

CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom

shell32

DragQueryPoint
DragFinish
DragAcceptFiles
DragQueryFileW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

msvcp140

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
?_Xlength_error@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

wldap32

ord33
ord32
ord27
ord26
ord35
ord41
ord45
ord60
ord211
ord46
ord22
ord30
ord143
ord50
ord200
ord301
ord79

crypt32

CertFreeCertificateContext

ws2_32

htonl
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
ntohl

wininet

InternetCloseHandle
InternetReadFile
InternetConnectA
InternetOpenA
FtpOpenFileA

vcruntime140

_except_handler4_common
memchr
strrchr
__CxxFrameHandler3
__std_terminate
strstr
strchr
__std_exception_destroy
__std_exception_copy
memset
memcpy
memmove
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fputs
fopen
__p__commode
_lseeki64
fwrite
_popen
_read
_write
fflush
_open
__stdio_common_vfprintf
fseek
fclose
_pclose
_set_fmode
fputc
fgets
__acrt_iob_func
ftell
_close

api-ms-win-crt-string-l1-1-0

toupper
isdigit
isalnum
isspace
islower
isprint
strncmp
isxdigit
_strdup
tolower
isgraph
strpbrk
isupper
isalpha
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
realloc
calloc
malloc

api-ms-win-crt-runtime-l1-1-0

exit
_invalid_parameter_noinfo_noreturn
perror
__sys_nerr
_beginthreadex
_set_errno
_controlfp_s
system
_wassert
strerror
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
__p___argc
_seh_filter_exe
_set_app_type
_errno
_get_initial_narrow_environment
_initterm
_initterm_e
_exit

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
mbstowcs_s
strtol
atof
strtoul
wcstombs_s

api-ms-win-crt-filesystem-l1-1-0

_stat64
_access
remove
_fstat64

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-math-l1-1-0

floor
__setusermatherr
_CIsqrt
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_cos_precise
ceil
_CIfmod
_libm_sse2_sqrt_precise

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy
_mbspbrk
_mbschr

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Glock/setup (GLOCK V1) (OUTDATED, ZELO VERSION).exe
.exe windows:6 windows x86 arch:x86

24342c54a3f9388f9cea99c3643ecd2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\repo\C++\minecraft clickers\users\kirxo\examples\example_glfw_opengl3\Release\example_glfw_opengl3.pdb

Imports

opengl32

wglGetProcAddress

kernel32

QueryPerformanceCounter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetLastError
SetLastError
FormatMessageA
WaitForSingleObjectEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GlobalAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceFrequency
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CreateThread
CloseHandle
GlobalFree
GlobalLock
Sleep
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
FindFirstFileW
GetConsoleScreenBufferInfo
SetConsoleTitleA
InitializeSListHead
GetFullPathNameW
FindNextFileW
SetConsoleScreenBufferSize
GetStdHandle
FindClose
GetModuleHandleW
CreateProcessA
IsDebuggerPresent
GetConsoleWindow

user32

ChangeDisplaySettingsExW
GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplayDevicesW
DispatchMessageW
LoadImageW
EnumDisplaySettingsExW
EnumDisplaySettingsW
RegisterDeviceNotificationW
SystemParametersInfoW
RegisterClassExW
GetPropW
DefWindowProcW
TrackMouseEvent
ReleaseCapture
SetCapture
PtInRect
CopyIcon
WindowFromPoint
LoadCursorW
SetCursor
SetCursorPos
GetCursorPos
ScreenToClient
IsZoomed
IsWindowVisible
IsIconic
GetActiveWindow
GetWindowLongW
SetWindowLongW
BringWindowToTop
SetForegroundWindow
SetFocus
DestroyIcon
UnregisterClassW
RemovePropW
DestroyWindow
CreateWindowExW
SetPropW
SetWindowPos
GetMessageTime
PeekMessageW
GetAsyncKeyState
GetKeyState
GetClientRect
ClientToScreen
ClipCursor
AdjustWindowRectEx
GetDC
MessageBoxA
GetWindowRect
ShowWindow
EnumWindows
GetDesktopWindow
GetWindowTextLengthA
FindWindowA
SendInput
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetMessageA
OpenClipboard
mouse_event
GetForegroundWindow
GetWindowTextA
TranslateMessage
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetWindowTextW

gdi32

SetDeviceGammaRamp
DescribePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceCaps
CreateDCW
DeleteDC

advapi32

CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom

shell32

DragQueryPoint
DragFinish
DragAcceptFiles
DragQueryFileW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

msvcp140

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
?_Xlength_error@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

wldap32

ord33
ord32
ord27
ord26
ord35
ord41
ord45
ord60
ord211
ord46
ord22
ord30
ord143
ord50
ord200
ord301
ord79

crypt32

CertFreeCertificateContext

ws2_32

htonl
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
ntohl

wininet

InternetCloseHandle
InternetReadFile
InternetConnectA
InternetOpenA
FtpOpenFileA

vcruntime140

_except_handler4_common
memchr
strrchr
__CxxFrameHandler3
__std_terminate
strstr
strchr
__std_exception_destroy
__std_exception_copy
memset
memcpy
memmove
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fputs
fopen
__p__commode
_lseeki64
fwrite
_popen
_read
_write
fflush
_open
__stdio_common_vfprintf
fseek
fclose
_pclose
_set_fmode
fputc
fgets
__acrt_iob_func
ftell
_close

api-ms-win-crt-string-l1-1-0

toupper
isdigit
isalnum
isspace
islower
isprint
strncmp
isxdigit
_strdup
tolower
isgraph
strpbrk
isupper
isalpha
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
realloc
calloc
malloc

api-ms-win-crt-runtime-l1-1-0

exit
_invalid_parameter_noinfo_noreturn
perror
__sys_nerr
_beginthreadex
_set_errno
_controlfp_s
system
_wassert
strerror
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
__p___argc
_seh_filter_exe
_set_app_type
_errno
_get_initial_narrow_environment
_initterm
_initterm_e
_exit

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
mbstowcs_s
strtol
atof
strtoul
wcstombs_s

api-ms-win-crt-filesystem-l1-1-0

_stat64
_access
remove
_fstat64

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-math-l1-1-0

floor
__setusermatherr
_CIsqrt
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_cos_precise
ceil
_CIfmod
_libm_sse2_sqrt_precise

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy
_mbspbrk
_mbschr

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Glock/setup (GLOCK V1) (UPDATED).exe
.exe windows:6 windows x64 arch:x64

b570a0f0ccfb525b2c28f58c6273b184

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\epic\source\repos\autoclicker\x64\Release\autoclicker.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

winmm

PlaySoundA

kernel32

QueryPerformanceCounter
CreateThread
GetModuleHandleA
GetConsoleWindow
GetConsoleScreenBufferInfo
SetPriorityClass
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
SetConsoleMode
GetConsoleCursorInfo
TerminateProcess
GetConsoleMode
GetLastError
SetConsoleCursorInfo
CloseHandle
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
InitializeSListHead
LocalFree
FormatMessageA

user32

ScreenToClient
GetCapture
EmptyClipboard
SetWindowPos
ClientToScreen
GetKeyNameTextA
SetWindowLongA
GetWindowLongA
MapVirtualKeyA
DestroyWindow
GetWindowTextA
DefWindowProcA
CreateWindowExA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetMessageA
DispatchMessageA
PostMessageA
CallNextHookEx
WindowFromPoint
ShowWindow
GetAsyncKeyState
GetCursorInfo
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage
FindWindowA
SendInput
GetKeyState
LoadCursorA
IsChild
OpenClipboard
GetClipboardData
SetClipboardData
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
CloseClipboard

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

xinput1_4

ord2
ord4

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Winerror_map@std@@YAHH@Z
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
memmove
memcpy
memcmp
__C_specific_handler
memchr
_CxxThrowException
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
ftell
__acrt_iob_func
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fseek
fclose

api-ms-win-crt-string-l1-1-0

toupper
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
terminate
_crt_atexit
_exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

fmodf
sqrtf
sinf
acosf
cosf
__setusermatherr
powf
floorf
ceilf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Glock/setup (GLOCK V2).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 505KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: 917KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 581KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Glock/setup (GLOCK V2.6).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Glock/setup (GLOCK V2.7).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24342c54a3f9388f9cea99c3643ecd2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

wldap32

crypt32

ws2_32

wininet

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 223KB - Virtual size: 223KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 469B

.reloc Size: 26KB - Virtual size: 25KB

24342c54a3f9388f9cea99c3643ecd2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

wldap32

crypt32

ws2_32

wininet

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 223KB - Virtual size: 223KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 26KB - Virtual size: 25KB

b570a0f0ccfb525b2c28f58c6273b184

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 223KB - Virtual size: 223KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 469B

.reloc
Size: 26KB - Virtual size: 25KB

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 223KB - Virtual size: 223KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 26KB - Virtual size: 25KB

.text
Size: 219KB - Virtual size: 218KB

.rdata
Size: 392KB - Virtual size: 391KB

.data
Size: 1KB - Virtual size: 8KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 256B

.text
Size: 505KB - Virtual size: 512KB

.themida
Size: 1KB - Virtual size: 8KB

.themida
Size: 917KB - Virtual size: 920KB

.rsrc
Size: 4KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 8KB

.text
Size: 614KB - Virtual size: 613KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 582KB - Virtual size: 582KB

.text
Size: 581KB - Virtual size: 581KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 512B - Virtual size: 78B

.text
Size: 96KB - Virtual size: 96KB

.text
Size: 61KB - Virtual size: 60KB

.text
Size: 61KB - Virtual size: 60KB

.text
Size: 235KB - Virtual size: 234KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4.6MB - Virtual size: 4.6MB

.rsrc
Size: 4KB - Virtual size: 8KB