869afd23569b32a462693ceaae1150db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

869afd23569b32a462693ceaae1150db_JaffaCakes118
Size

274KB
MD5

869afd23569b32a462693ceaae1150db
SHA1

675f96fe676836cf3526541503598f81c477d01c
SHA256

dda9101c2475f7cef181ef66b15bbea4b6d4c7674d87ff4b900d996a442f7fb8
SHA512

6b5bbc94691954b1330e41d850c9a703cc52c7f6380c4477cc4d8c04810adf270319f6dc3cea14cadba08e730b2c77a3a3ccb4550c9a2ddd6d03746c78465f6a
SSDEEP

6144:nwVzUsrrXtQ/R7IdoW9OciqBPCMwNiM5VzYf0fAZs:nwdUs6hdWYNqAiMDccf3

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/emuhaste.exe
unpack001/engine/ards.dll
unpack001/engine/default_mfc.dll
unpack001/engine/ocarina.dll
unpack001/engine/password.dll
unpack001/engine/ps2par_john.dll
unpack001/engine/raw_write.dll

Files

869afd23569b32a462693ceaae1150db_JaffaCakes118
.zip
How_to_MultiLanguage.txt
config/DC_nullDC.ini
config/FC_VirtuaNES.ini
config/GC_Dolphin_final.ini
config/MD_DGEN.ini
config/N64_1964.ini
config/N64_Project64.ini
config/NDS_DeSmuMe.ini
config/NDS_iDeaS.ini
config/NDS_no$gba.ini
config/NDS_no$gba_TRY1.ini
config/PCE_npce010.ini
config/PS2_pcsx2_094.ini
config/PS2_pcsx2_096.ini
config/PS2_pcsx2_098_svnr4809.ini
config/PS2_pcsx2_custom.ini
config/PS_ePSXe_170.ini
config/SFC_SNES9X.ini
config/SS_SSF.ini
config/iDeaS1018.ini
config/no$gba.ini
config/no$gba_realaddr.ini
config/no$gba_v24f.ini
config/no$gba_v25.ini
emuhaste.exe
.exe windows:5 windows x86 arch:x86

63c302b9a64f7dcd350677afe3b78565

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100

ord3409
ord13481
ord13484
ord13482
ord13485
ord13480
ord13483
ord7144
ord11413
ord13181
ord10922
ord14075
ord1732
ord7091
ord11806
ord3618
ord3676
ord8486
ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord11726
ord7510
ord7584
ord1288
ord968
ord1011
ord1244
ord1890
ord1012
ord1483
ord7871
ord1448
ord8465
ord2611
ord1929
ord3390
ord895
ord5857
ord10007
ord11154
ord8227
ord2417
ord12535
ord5534
ord2776
ord3743
ord7862
ord2614
ord3431
ord13280
ord2409
ord5821
ord6076
ord2826
ord12694
ord6131
ord1900
ord2219
ord1982
ord4283
ord3988
ord3354
ord3234
ord3254
ord10030
ord1210
ord788
ord3977
ord12868
ord4785
ord10852
ord6970
ord1313
ord310
ord5858
ord5302
ord8228
ord3744
ord7211
ord12430
ord7206
ord5176
ord5238
ord11067
ord13219
ord9475
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2881
ord2878
ord7349
ord2416
ord14059
ord14061
ord14060
ord14058
ord14062
ord14045
ord13972
ord13973
ord8235
ord11025
ord3395
ord10883
ord13294
ord8070
ord11107
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8305
ord5803
ord11172
ord11180
ord4078
ord7355
ord9449
ord11184
ord11153
ord11787
ord5098
ord9281
ord8304
ord6112
ord888
ord9399
ord6835
ord6678
ord3373
ord3253
ord381
ord316
ord1316
ord946
ord10360
ord8137
ord901
ord5444
ord1296
ord2088

msvcr100

_setmbcp
strstr
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
fclose
__argc
__argv
strtod
isalnum
fwrite
memset
strtol
strtoul
isprint
_ismbblead
_ismbbtrail
malloc
free
fprintf
_fcloseall
strcat_s
_strupr_s
strcpy_s
vsprintf_s
fopen
fread
strncpy
sprintf
__CxxFrameHandler3

kernel32

ReadProcessMemory
DecodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
FreeLibrary
EncodePointer
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
VirtualProtectEx
LoadLibraryA
GetProcAddress
GlobalAlloc
GlobalLock
lstrcpyA
GlobalUnlock
GetModuleHandleA
GetFileAttributesA
GetPrivateProfileStringA
OpenProcess
CloseHandle

user32

SetClipboardData
CloseClipboard
GetAsyncKeyState
MessageBeep
GetSystemMetrics
LoadIconW
SetScrollPos
GetScrollPos
OpenClipboard
KillTimer
SetTimer
GetClientRect
IsIconic
SendMessageA
ModifyMenuA
DrawIcon
EnableWindow
EmptyClipboard

gdi32

CreateSolidBrush

comdlg32

GetSaveFileNameA

shell32

ShellExecuteA

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
engine/ards.dll
.dll windows:5 windows x86 arch:x86

20bfb23fecfd78358ecd31a64f92822a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
CloseHandle
WriteProcessMemory
ReadProcessMemory
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Exports

Exports

CheatEngine
EngineType

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
engine/default_mfc.dll
.dll windows:4 windows x86 arch:x86

0b1708882da0be59992476ee67d41d9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord3922
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord5731
ord2512
ord2554
ord4486
ord6375
ord2976
ord4274
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
OpenProcess
CloseHandle
WriteProcessMemory
ReadProcessMemory
LocalAlloc

Exports

Exports

CheatEngine
EngineType

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
engine/ocarina.dll
.dll windows:5 windows x86 arch:x86

2e168f9fee36c65804acc85d4752ed9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
engine/password.dll
.dll windows:5 windows x86 arch:x86

d4027bdb037c7551ab9a229dbba73136

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
CloseHandle
WriteProcessMemory
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Exports

Exports

CheatEngine
CheatEngine2
EngineType

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
engine/ps2par_john.dll
.dll windows:4 windows x86 arch:x86

6dc0a212ac3901f392529049ba8cc00a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEndOfFile
RtlUnwind
GetCommandLineA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapAlloc
HeapFree
RaiseException
HeapSize
HeapReAlloc
ExitProcess
TerminateProcess
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
GetOEMCP
GetCPInfo
GlobalFlags
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
lstrcmpA
GetLastError
SetLastError
GetVersion
lstrcpynA
GetModuleFileNameA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalAlloc
GlobalReAlloc
GlobalLock
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThreadId
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
OpenProcess
WriteProcessMemory
ReadProcessMemory
SetHandleCount
CloseHandle

comctl32

ord17

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
EnableWindow
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
DispatchMessageA
SetWindowsHookExA
PeekMessageA
SendMessageA
GetKeyState
CallNextHookEx
RegisterWindowMessageA

gdi32

GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SaveDC
SelectObject
SetTextColor
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
RestoreDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
CreateBitmap
GetClipBox
SetBkColor

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

CheatEngine
EngineType

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
engine/raw_write.dll
.dll windows:5 windows x86 arch:x86

d4027bdb037c7551ab9a229dbba73136

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
CloseHandle
WriteProcessMemory
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Exports

Exports

CheatEngine
EngineType

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
engnie_source/ards_source.zip
.zip
ReadMe.txt
StdAfx.cpp
StdAfx.h
UpgradeLog.XML
.xml
ards.cpp
ards.dsp
ards.dsw
ards.ncb
ards.opt
ards.plg
.html
ards.sln
ards.suo
ards.vcproj
.xml
ards.vcproj.miyabi.user.user
.xml
ards.vcxproj
ards.vcxproj.filters
ards.vcxproj.user
function.def
engnie_source/default_mfc_source.zip
.zip
default_mfc/ReadMe.txt
default_mfc/Resource.h
default_mfc/StdAfx.cpp
default_mfc/StdAfx.h
default_mfc/default_mfc.clw
default_mfc/default_mfc.cpp
default_mfc/default_mfc.def
default_mfc/default_mfc.dsp
default_mfc/default_mfc.dsw
default_mfc/default_mfc.h
default_mfc/default_mfc.ncb
default_mfc/default_mfc.opt
default_mfc/default_mfc.plg
.html
default_mfc/default_mfc.rc
default_mfc/function.def
default_mfc/res/default_mfc.rc2
engnie_source/password_source.zip
.zip
ReadMe.txt
StdAfx.cpp
StdAfx.h
function.def
password.cpp
password.dsp
password.dsw
password.ncb
password.opt
password.plg
.html
password.sln
password.suo
password.vcxproj
password.vcxproj.filters
password.vcxproj.user
engnie_source/ps2par_john_source.zip
.zip
ReadMe.txt
Readme_John.txt
StdAfx.cpp
StdAfx.h
function.def
john.cpp
john.h
ps2par.cpp
ps2par.dsp
ps2par.dsw
engnie_source/raw_write_source.zip
.zip
ReadMe.txt
StdAfx.cpp
StdAfx.h
function.def
raw_write.cpp
raw_write.dsp
raw_write.dsw
raw_write.ncb
raw_write.opt
raw_write.plg
.html
raw_write.sln
raw_write.suo
raw_write.vcxproj
raw_write.vcxproj.filters
raw_write.vcxproj.user
engnie_source/\[XR[hɂ.txt
manual/direct.htm
.html
manual/img_01.png
.png
manual/img_02.png
.png
manual/img_03.png
.png
manual/img_04.png
.png
manual/ind_search.htm
.html
manual/mak_engine.htm
.html
manual/makeini.htm
.html
manual/menu.htm
.html
manual/top.htm
.html
manual/use.htm
.html
manual/use_engine.htm
.html
manual/verup.txt
multi_language/ENG/language.ini
multi_language/JPN/language.ini
readme.htm
.html

Sharing

General

Malware Config

Signatures

Files

63c302b9a64f7dcd350677afe3b78565

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 2.0MB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 13KB - Virtual size: 12KB

20bfb23fecfd78358ecd31a64f92822a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 2KB

0b1708882da0be59992476ee67d41d9a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 4KB - Virtual size: 446B

2e168f9fee36c65804acc85d4752ed9f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

d4027bdb037c7551ab9a229dbba73136

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

6dc0a212ac3901f392529049ba8cc00a

Headers

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 2.0MB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 13KB - Virtual size: 12KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 4KB - Virtual size: 446B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 27KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB