54283acf8d597d45c1dccb7114e7811f98bf3bffc19aad915848f1c7417a5665

Sharing

Copy URL Twitter E-mail

General

Target

54283acf8d597d45c1dccb7114e7811f98bf3bffc19aad915848f1c7417a5665
Size

4.0MB
MD5

6f508b1f8dd2f540623a7afebdce1c51
SHA1

0d849087a8d30db00481d0227472799e76be9f88
SHA256

54283acf8d597d45c1dccb7114e7811f98bf3bffc19aad915848f1c7417a5665
SHA512

42af865cc62e07d8260c5ccfdd5ca1f3017afc63fde29af224806d708780f367900bf1e9b2a737b5d8691158ed34c1f5862a0c89126bd764ec501282ec5e29cb
SSDEEP

98304:Ap03Db4Jx2jIF15p15r3bFeHXJ2VEWV+p9icC1lJ3xE4i:A+H+yy5pr8ciWVX911EX

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/content/HeapAdjuster.asi
unpack001/content/LUA.asi
unpack001/content/ModKitLimitExtender.asi
unpack001/content/NoBoundaryLimits.asi
unpack001/content/NoEditorRestrictions.asi
unpack001/content/OpenIV.asi
unpack001/content/PackfileLimitAdjuster.asi
unpack001/content/ScriptHookVDotNet.asi
unpack001/content/ScriptHookVDotNet2.dll
unpack001/content/ScriptHookVDotNet3.dll
unpack001/content/WeaponLimitsAdjuster.asi
unpack001/content/fwBoxStreamerVariable_DecalsLimit-Patch.asi

Files

54283acf8d597d45c1dccb7114e7811f98bf3bffc19aad915848f1c7417a5665
.zip
assembly.xml
.xml
content/HeapAdjuster.asi
.dll windows:6 windows x64 arch:x64

29535471a39b75a3651bf6e23353438f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetPrivateProfileIntA
GetModuleHandleA
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
RtlUnwind

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/HeapAdjuster.ini
content/LUA.asi
.dll windows:6 windows x64 arch:x64

a1fa62d6c5a506e816b49402bbbcc92e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

scripthookv

?scriptRegister@@YAXPEAUHINSTANCE__@@P6AXXZ@Z
?nativeCall@@YAPEA_KXZ
?nativeInit@@YAX_K@Z
?nativePush64@@YAX_K@Z
?scriptWait@@YAXK@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
CreateFileA
GetLastError
CloseHandle
FreeLibrary
FormatMessageA
GetProcAddress
GetModuleFileNameA
LoadLibraryExA
EncodePointer
GetCurrentThreadId

user32

GetAsyncKeyState

msvcr120

_findnext64i32
_findclose
_mkdir
_utime64
_rmdir
_chdir
_fileno
_findfirst64i32
_setmode
ftell
_getcwd
fseek
memmove
__iob_func
printf
fprintf
_purecall
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
feof
strstr
fflush
fopen
fread
ferror
freopen
realloc
fclose
getc
isalnum
isdigit
fwrite
toupper
strspn
strchr
fgets
abort
longjmp
fscanf
tmpfile
_ftelli64
_pclose
ungetc
_fseeki64
_popen
setvbuf
clearerr
memcpy
modf
ldexp
rand
_errno
frexp
_HUGE
strrchr
getenv
strtod
strpbrk
rename
tanh
_gmtime64
tmpnam
system
remove
clock
strftime
setlocale
_localtime64
_difftime64
_time64
exit
isgraph
isspace
memchr
ispunct
tolower
isalpha
isupper
iscntrl
islower
isxdigit
strcoll
_wassert
strncat
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
__CxxFrameHandler3
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
strerror
malloc
_stat64
free
_locking
srand
sprintf
memset
pow
sin
sinh
sqrt
tan
localeconv
_mktime64
_CxxThrowException
_setjmp
acos
asin
atan
atan2
ceil
cos
cosh
exp
floor
fmod
log
log10
memcmp

msvcp120

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/ModKitLimitExtender.asi
.dll windows:6 windows x64 arch:x64

f37b02139c5f4da5e850fb3513430c1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
VirtualProtect
GetCurrentProcess
GetPrivateProfileIntW
FlushInstructionCache
GetSystemInfo
GetProcAddress
CloseHandle
DeleteCriticalSection
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
InitializeCriticalSectionAndSpinCount

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
__std_exception_destroy
__C_specific_handler
memcpy
_CxxThrowException
memset
__std_exception_copy
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_execute_onexit_table
_seh_filter_dll
_initterm_e
_initterm
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/ModKitLimitExtender.toml
content/NoBoundaryLimits.asi
.dll windows:6 windows x64 arch:x64

858b4119c4fea54bf59a156ed9566e18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleHandleA
K32GetModuleInformation
Sleep
GetLocalTime
GetPrivateProfileIntA
GetPrivateProfileStringA
GetWindowsDirectoryA
ReadConsoleW
ReadFile
CreateThread
GetCurrentProcess
VirtualProtect
CloseHandle
SetEndOfFile
HeapSize
GetConsoleMode
GetConsoleOutputCP
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
SwitchToThread
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
CreateToolhelp32Snapshot
Thread32First
Thread32Next
RtlMoveMemory
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetCPInfoExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
IsDebuggerPresent
RaiseException
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
GetProcessHeap
FreeLibrary
GetProcAddress
RtlPcToFileHeader
RtlUnwindEx
RtlUnwind
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileSizeEx
SetFilePointerEx
SetStdHandle
CreateFileW
FlushFileBuffers
WriteFile
WriteConsoleW

user32

MessageBoxA

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/NoBoundaryLimits.ini
content/NoEditorRestrictions.asi
.dll windows:6 windows x64 arch:x64

889219c76ea8f1f44506037799289079

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
FreeLibrary
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetWindowsDirectoryA
SetEndOfFile
ReadConsoleW
ReadFile
HeapSize
SetFilePointerEx
CreateThread
GetCurrentProcess
K32GetModuleInformation
Sleep
GetFileSizeEx
CreateFileW
GetConsoleMode
GetConsoleCP
CloseHandle
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
SwitchToThread
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
CreateToolhelp32Snapshot
Thread32First
Thread32Next
RtlMoveMemory
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
RaiseException
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetLastError
GetProcessHeap
RtlPcToFileHeader
RtlUnwindEx
RtlUnwind
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
WriteFile
WriteConsoleW

user32

CallWindowProcA
MessageBoxA
SetWindowLongPtrA
FindWindowA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/NoEditorRestrictions.ini
content/OpenIV.asi
.dll windows:6 windows x64 arch:x64

eb7ae8154d6ddca45c039a03ccf5d85c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

GetModuleHandleExW
VirtualProtect
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetLocalTime
DeleteCriticalSection
ExitProcess
CreateFileW
GetFileAttributesW
MultiByteToWideChar
GetFileAttributesExW
ReadConsoleW
ReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile

user32

MessageBoxA

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/PackfileLimitAdjuster.asi
.dll windows:6 windows x64 arch:x64

f0797d38dd2cdbd3fe6dca6bf130315c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
K32GetModuleInformation
GetModuleHandleA
GetModuleFileNameA
GetPrivateProfileIntA
GetFileType
VirtualProtect
Sleep
FreeLibrary
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
WriteConsoleW
HeapSize
GetProcAddress
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
CloseHandle
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualFree
WideCharToMultiByte
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
CreateEventW
IsDebuggerPresent
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetLastError
GetProcessHeap
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
SetStdHandle
FlushFileBuffers

user32

MessageBoxA

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/PackfileLimitAdjuster.ini
content/ScriptHookVDotNet.asi
.dll windows:6 windows x64 arch:x64

b6a72676001c529a7e8756792837c2cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\scripthookvdotnet\scripthookvdotnet\bin\Release\ScriptHookVDotNet.pdb

Imports

scripthookv

?scriptWait@@YAXK@Z
?keyboardHandlerUnregister@@YAXP6AXKGEHHHH@Z@Z
?scriptUnregister@@YAXPEAUHINSTANCE__@@@Z
?keyboardHandlerRegister@@YAXP6AXKGEHHHH@Z@Z
?scriptRegister@@YAXPEAUHINSTANCE__@@P6AXXZ@Z

kernel32

QueryPerformanceCounter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
GetCurrentProcessId
CreateEventW
DisableThreadLibraryCalls
CreateThread
SetEvent
CloseHandle
GetCurrentThreadId
WaitForSingleObject
Sleep
TryAcquireSRWLockShared
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
ReleaseSRWLockShared
IsProcessorFeaturePresent
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

GetAsyncKeyState

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z

vcruntime140

__C_specific_handler
__current_exception_context
__current_exception
memset
__std_exception_destroy
__CxxFrameHandler3
__std_exception_copy
__std_type_info_destroy_list
memcpy
__FrameUnwindFilter
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_crt_atexit
_seh_filter_dll
_crt_at_quick_exit
_initterm_e
_initterm
_cexit
terminate
_invalid_parameter_noinfo_noreturn
abort
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

mscoree

_CorDllMain

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/ScriptHookVDotNet.ini
content/ScriptHookVDotNet.pdb
content/ScriptHookVDotNet2.dll
.dll windows:4 windows x64 arch:x64

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

..\..\intermediate\ScriptHookVDotNet2\x64\Release\ScriptHookVDotNet2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 956KB - Virtual size: 955KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/ScriptHookVDotNet2.pdb
content/ScriptHookVDotNet2.xml
.xml
content/ScriptHookVDotNet3.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\scripthookvdotnet\scripthookvdotnet\intermediate\ScriptHookVDotNet3\x64\Release\ScriptHookVDotNet3.pdb

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
content/ScriptHookVDotNet3.pdb
content/ScriptHookVDotNet3.xml
.xml
content/WeaponLimitsAdjuster.asi
.dll windows:6 windows x64 arch:x64

f581fde733e74ce0fe463e1d17138b3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\gtav-WeaponLimitsAdjuster\gtav-WeaponLimitsAdjuster\x64\Release\WeaponLimitsAdjuster.pdb

Imports

kernel32

GetModuleHandleA
VirtualProtect
VirtualAlloc
GetSystemInfo
GetPrivateProfileIntA
VirtualQuery
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
RtlCaptureContext
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__std_exception_destroy
__C_specific_handler
_CxxThrowException
__std_type_info_destroy_list
__std_exception_copy
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_execute_onexit_table
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_cexit
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/WeaponLimitsAdjuster.ini
content/fwBoxStreamerVariable_DecalsLimit-Patch.asi
.dll windows:6 windows x64 arch:x64

a3ead627d547768419b658ff06a464ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetCurrentProcess
FlushInstructionCache
GetPrivateProfileIntA
GetModuleHandleA
LoadLibraryA
GetSystemInfo
GetProcAddress
InitializeCriticalSectionAndSpinCount
CloseHandle
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
DeleteCriticalSection

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
memset
__C_specific_handler
memcpy
_CxxThrowException
memmove
__std_exception_destroy
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_execute_onexit_table
_seh_filter_dll
_initterm_e
_initterm
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/fwBoxStreamerVariable_DecalsLimit-Patch.toml
icon.png
.png

Sharing

General

Malware Config

Signatures

Files

29535471a39b75a3651bf6e23353438f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 8KB - Virtual size: 7KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

a1fa62d6c5a506e816b49402bbbcc92e

Headers

DLL Characteristics

File Characteristics

Imports

scripthookv

kernel32

user32

msvcr120

msvcp120

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 547KB - Virtual size: 547KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 163KB - Virtual size: 162KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1012B

f37b02139c5f4da5e850fb3513430c1d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 816B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 92B

858b4119c4fea54bf59a156ed9566e18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

version

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 209KB - Virtual size: 208KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 13KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 2KB - Virtual size: 2KB

889219c76ea8f1f44506037799289079

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

version

Sections

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 8KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 547KB - Virtual size: 547KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 163KB - Virtual size: 162KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 816B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 92B

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 209KB - Virtual size: 208KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 281KB - Virtual size: 281KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 11KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 180B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 9KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 76KB - Virtual size: 76KB

.nep
Size: 1KB - Virtual size: 1KB

.rdata
Size: 189KB - Virtual size: 188KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 144B

.text
Size: 956KB - Virtual size: 955KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B