ae49802e20eaf69943408b66aa41542b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae49802e20eaf69943408b66aa41542b_JaffaCakes118
Size

1.6MB
MD5

ae49802e20eaf69943408b66aa41542b
SHA1

77b10f4879713a625aecdea8f7ee47d8829ec846
SHA256

df5fe06370334816d64202462895a9cbe80538bf23e248d554d156b4bb432133
SHA512

3ac5b17b136545f9da236b431dd22d367054bf9a0d5563e02d63dcae6ce909e841802e13241eacc1fc9af5e8e491cacbe896e122b8362322af4d87a44cc026bc
SSDEEP

49152:JCdIpkKzvp+M4t2jArHx263Dm3CI7fHSWu:JCupJvp+M48SHxwSI7P7u

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cheat Engine Ultimatum/CEHook.dll
unpack001/Cheat Engine Ultimatum/Cheat Engine Ultimatum.exe
unpack001/Cheat Engine Ultimatum/Kernelmoduleunloader.exe
unpack001/Cheat Engine Ultimatum/Systemcallretriever.exe
unpack001/Cheat Engine Ultimatum/allochook.dll
unpack001/Cheat Engine Ultimatum/dxhook.dll
unpack001/Cheat Engine Ultimatum/emptydll.dll
unpack001/Cheat Engine Ultimatum/emptyprocess.exe
unpack001/Cheat Engine Ultimatum/frost.dll
unpack001/Cheat Engine Ultimatum/frost.sys
unpack001/Cheat Engine Ultimatum/frost32.dll
unpack001/Cheat Engine Ultimatum/frost32.sys
unpack001/Cheat Engine Ultimatum/frost64.sys
unpack001/Cheat Engine Ultimatum/speedhack.dll
unpack001/Cheat Engine Ultimatum/stealth.dll
unpack001/Cheat Engine Ultimatum/systemcallsignal.exe
unpack001/Cheat Engine Ultimatum/ucc12.dll
unpack001/Cheat Engine Ultimatum/undercdll.dll

Files

ae49802e20eaf69943408b66aa41542b_JaffaCakes118
.7z
Cheat Engine Ultimatum/ADDRESSESFIRST.TMP
Cheat Engine Ultimatum/Addresses-10824.TMP
Cheat Engine Ultimatum/Addresses.TMP
Cheat Engine Ultimatum/CEHook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

About
IHWCI
MyHook
MyTimerHook
seth

Sections

CODE
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/Cheat Engine Ultimatum.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/Kernelmoduleunloader.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/Memory-10824.TMP
Cheat Engine Ultimatum/Systemcallretriever.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/allochook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CEHasHandledItEvent
CEInitializationFinished
CeAllocateVirtualMemory
CeFreeVirtualMemory
CeInitializeAllocHook
CeRtlAllocateHeap
CeRtlDestroyHeap
CeRtlFreeHeap
HasSetupDataEvent
HookEventData
NtAllocateVirtualMemoryOrig
NtFreeVirtualMemoryOrig
RtlAllocateHeapOrig
RtlDestroyHeapOrig
RtlFreeHeapOrig

Sections

CODE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/dxhook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

InitializeDirectX_Hook

Sections

CODE
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/emptydll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/emptyprocess.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/frost.dll
.dll windows:4 windows x86 arch:x86

41507753530d76bf751bd1509806ec8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

Exports

Exports

AAA
BBB
CCC
CreateRemoteAPC
DBKDebug_ContinueDebugEvent
DBKDebug_GD_SetBreakpoint
DBKDebug_GetDebuggerState
DBKDebug_SetDebuggerState
DBKDebug_SetGlobalDebugState
DBKDebug_StartDebugging
DBKDebug_StopDebugging
DBKDebug_WaitForDebugEvent
DBKResumeProcess
DBKResumeThread
DBKSuspendProcess
DBKSuspendThread
DDD
EEE
FFF
GGG
GetCR0
GetCR3
GetCR4
GetDebugportOffset
GetGDT
GetIDTCurrentThread
GetIDTs
GetKProcAddress
GetKProcAddress64
GetLoadedState
GetPEProcess
GetPEThread
GetPhysicalAddress
GetProcessNameFromID
GetProcessNameFromPEProcess
GetProcessnameOffset
GetSDT
GetSDTEntry
GetSDTShadow
GetSSDTEntry
GetThreadListEntryOffset
GetThreadsProcessOffset
HHH
III
IsValidHandle
KernelAlloc
KernelAlloc64
LaunchDBVM
MakeWritable
ReadPhysicalMemory
StartProcessWatch
UserdefinedInterruptHook
WaitForProcessListData
WritePhysicalMemory
dbvm_block_interrupts
dbvm_changeselectors
dbvm_raise_privilege
dbvm_read_physical_memory
dbvm_redirect_interrupt1
dbvm_restore_interrupts
dbvm_version
dbvm_write_physical_memory
executeKernelCode
isDriverLoaded

Sections

CODE
Size: 45KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Cheat Engine Ultimatum/frost.sys
.sys windows:6 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 14KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Cheat Engine Ultimatum/frost32.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CreateRemoteAPC
DBKDebug_ContinueDebugEvent
DBKDebug_GD_SetBreakpoint
DBKDebug_GetDebuggerState
DBKDebug_SetDebuggerState
DBKDebug_SetGlobalDebugState
DBKDebug_StartDebugging
DBKDebug_StopDebugging
DBKDebug_WaitForDebugEvent
DBKResumeProcess
DBKResumeThread
DBKSuspendProcess
DBKSuspendThread
GetCR0
GetCR3
GetCR4
GetDebugportOffset
GetGDT
GetIDTCurrentThread
GetIDTs
GetKProcAddress
GetKProcAddress64
GetLoadedState
GetPEProcess
GetPEThread
GetPhysicalAddress
GetProcessNameFromID
GetProcessNameFromPEProcess
GetProcessnameOffset
GetSDT
GetSDTEntry
GetSDTShadow
GetSSDTEntry
GetThreadListEntryOffset
GetThreadsProcessOffset
IsValidHandle
KernelAlloc
KernelAlloc64
LaunchDBVM
MakeWritable
ReadPhysicalMemory
StartProcessWatch
UserdefinedInterruptHook
WaitForProcessListData
WritePhysicalMemory
dbvm_block_interrupts
dbvm_changeselectors
dbvm_raise_privilege
dbvm_read_physical_memory
dbvm_redirect_interrupt1
dbvm_restore_interrupts
dbvm_version
dbvm_write_physical_memory
executeKernelCode
frostnop
frostop
frostot
frostrpm
frostrpm64
frostvae
frostvqe
frostwpm
frostwpm64
isDriverLoaded

Sections

CODE
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/frost32.sys
.sys windows:6 windows x86 arch:x86

0bffabb56691dd1c30998e3c3810b0ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cheate~1\dbkker~1\objfre_win7_x86\i386\frost32.pdb

Imports

ntoskrnl.exe

PsSetCreateProcessNotifyRoutine
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
IoAllocateWorkItem
IoCreateSymbolicLink
IoCreateDevice
ZwQueryValueKey
ExAllocatePool
ZwOpenKey
RtlAppendUnicodeToString
KeQueryActiveProcessors
KeGetCurrentThread
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
ZwOpenThread
KeDetachProcess
ZwAllocateVirtualMemory
KeAttachProcess
PsSetCreateThreadNotifyRoutine
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
MmGetPhysicalAddress
KeUnstackDetachProcess
KeStackAttachProcess
IoDeleteDevice
ObOpenObjectByPointer
PsProcessType
ObfDereferenceObject
PsLookupProcessByProcessId
memset
memcpy
PsLookupThreadByThreadId
KeWaitForSingleObject
KeReleaseSemaphore
KeClearEvent
KeSetEvent
KeInitializeEvent
_allmul
PsGetCurrentThreadId
PsGetCurrentProcessId
MmAllocateContiguousMemory
ZwWaitForSingleObject
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
KeTickCount
KeBugCheckEx
RtlUnwind
IoDeleteSymbolicLink
ExFreePoolWithTag
IofCompleteRequest
ObReferenceObjectByHandle
DbgPrint

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/frost64.sys
.sys windows:6 windows x64 arch:x64

62d9d9d4f95469f643fe01bb5389e4a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\cheate~1\dbkker~1\objfre_win7_amd64\amd64\frost64.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
PsSetCreateProcessNotifyRoutine
ZwQueryValueKey
ExAllocatePool
IoAllocateWorkItem
ZwClose
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
ZwOpenKey
KeQueryActiveProcessors
PsProcessType
PsLookupProcessByProcessId
KeInitializeApc
ZwMapViewOfSection
KeInsertQueueApc
PsSetCreateThreadNotifyRoutine
KeReleaseSpinLock
ZwOpenThread
KeUnstackDetachProcess
KeDetachProcess
KeDelayExecutionThread
MmGetPhysicalAddress
ZwUnmapViewOfSection
ObReferenceObjectByHandle
KeAttachProcess
ObfDereferenceObject
ZwOpenSection
ObOpenObjectByPointer
KeStackAttachProcess
ZwAllocateVirtualMemory
KeAcquireSpinLockRaiseToDpc
PsLookupThreadByThreadId
KeWaitForSingleObject
KeReleaseSemaphore
KeClearEvent
KeSetEvent
KeInitializeEvent
PsGetCurrentThreadId
PsGetCurrentProcessId
ZwReadFile
ZwWaitForSingleObject
ZwCreateFile
ZwQueryInformationFile
MmAllocateContiguousMemory
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/kerneldata.dat
Cheat Engine Ultimatum/speedhack.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

InitializeSpeedhack
realGetTickCount
realQueryPerformanceCounter
speedhackversion_GetTickCount
speedhackversion_QueryPerformanceCounter

Sections

CODE
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/stealth.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

hook

Sections

CODE
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 67B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/systemcallsignal.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/ucc12.dll
.dll windows:4 windows x86 arch:x86

fd9edacf655544d91c52702fd1b8b0c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
OpenFile
LoadLibraryA
FreeLibrary
GetProcAddress
GetModuleHandleA
WaitForSingleObject
Sleep
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
RtlUnwind
RaiseException
GetLastError
MoveFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetFileAttributesA
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
CloseHandle
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
FlushFileBuffers
WriteFile
ReadFile
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
SetEndOfFile
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetCurrentDirectoryA

Exports

Exports

??0FBlock@@QAE@PAUInstruction@@H@Z
??0XClass@@QAE@ABV0@@Z
??0XClass@@QAE@PAVNamedTable@@@Z
??0XEntry@@QAE@PAUEntry@@@Z
??0XFunction@@QAE@PAVFunction@@@Z
??0XModule@@QAE@PAVModule@@@Z
??0XNTable@@QAE@ABV0@@Z
??0XNTable@@QAE@PAVNamedTable@@@Z
??0XTemplateFun@@QAE@PAVTemplateEntry@@@Z
??0XTrace@@QAE@ABV0@@Z
??0XTrace@@QAE@_N@Z
??0XType@@QAE@PAVType@@@Z
??4FBlock@@QAEAAU0@ABU0@@Z
??4XClass@@QAEAAV0@ABV0@@Z
??4XEntry@@QAEAAV0@ABV0@@Z
??4XFunction@@QAEAAV0@ABV0@@Z
??4XModule@@QAEAAV0@ABV0@@Z
??4XNTable@@QAEAAV0@ABV0@@Z
??4XTemplateFun@@QAEAAV0@ABV0@@Z
??4XTrace@@QAEAAV0@ABV0@@Z
??4XType@@QAEAAV0@ABV0@@Z
??_7XClass@@6B@
??_7XNTable@@6B@
??_7XTrace@@6B@
??_FFBlock@@QAEXXZ
??_FXEntry@@QAEXXZ
??_FXFunction@@QAEXXZ
??_FXTrace@@QAEXXZ
?addr_mode@XEntry@@QAEHXZ
?args@XFunction@@QAEAAV?$listx@PAVXType@@@@XZ
?as_class@XType@@QBEPAVXClass@@XZ
?as_str@XFunction@@QAEXAAVstring@@@Z
?as_str@XType@@QBEPADXZ
?base_class@XClass@@QAEPAV1@XZ
?base_entry@XEntry@@QAEPAV1@XZ
?class_obj@XClass@@QAEPAVClass@@XZ
?classes@XModule@@QAEAAV?$listx@PAVXClass@@@@XZ
?clone@XEntry@@QAEPAV1@XZ
?create@FBlock@@SAPAU1@PAUEntry@@PAVClass@@@Z
?create@XClass@@QAEPAXXZ
?create@XNTable@@QAEPAVXEntry@@PADPAVXType@@@Z
?data@XEntry@@QAEHXZ
?dispose_of_entries@XNTable@@SAXAAV?$listx@PAVXEntry@@@@@Z
?do_enter@XTrace@@QAE_NXZ
?do_leave@XTrace@@QAE_NXZ
?enter@XTrace@@UAEXPAUXExecState@@@Z
?entry@XEntry@@QAEPAXXZ
?eval@XFunction@@QAEHPAX00@Z
?fblock@XFunction@@QAEPAXXZ
?filename@XModule@@QAEPADXZ
?finalize@FBlock@@QAEXH@Z
?from_fb@XFunction@@SAPAV1@PAX@Z
?from_id@XModule@@SAPAV1@H@Z
?from_name@XModule@@SAPAV1@PAD@Z
?from_str@XType@@SAPAV1@PAD@Z
?fun@XFunction@@QAEPAXXZ
?function@XEntry@@QAEPAVXFunction@@H@Z
?functions@XModule@@QAEAAV?$listx@PAVXFunction@@@@XZ
?functions@XNTable@@QAEAAV?$listx@PAVXFunction@@@@H@Z
?get_args@XFunction@@QAEXPAV?$listx@PAVXType@@@@PAV?$listx@Vstring@@@@@Z
?get_class_of@XClass@@SAPAV1@PAX@Z
?get_functions@XNTable@@QAEXAAV?$listx@PAVXFunction@@@@HPAD@Z
?get_template@XClass@@QAEPAVXTemplateFun@@XZ
?get_trace@XFunction@@QAEPAVXTrace@@XZ
?get_variables@XNTable@@QAEXAAV?$listx@PAVXEntry@@@@HPAD@Z
?has_VMT@XClass@@QAE_NXZ
?inherits_from@XClass@@QAEHPAV1@@Z
?instantiate@XTemplateFun@@QAEPAXABV?$listx@PAVXType@@@@@Z
?ip_to_line@XFunction@@QAEHPAX@Z
?is_array@XType@@QBE_NXZ
?is_bool@XType@@QBE_NXZ
?is_char@XType@@QBE_NXZ
?is_class@XType@@QBE_NXZ
?is_const@XType@@QBE_NXZ
?is_double@XType@@QBE_NXZ
?is_float@XType@@QBE_NXZ
?is_function@XType@@QBE_NXZ
?is_int@XType@@QBE_NXZ
?is_long@XType@@QBE_NXZ
?is_namespace@XType@@QBE_NXZ
?is_number@XType@@QBE_NXZ
?is_object@XType@@QBE_NXZ
?is_pointer@XType@@QBE_NXZ
?is_reference@XType@@QBE_NXZ
?is_short@XType@@QBE_NXZ
?is_signature@XType@@QBE_NXZ
?is_single@XType@@QBE_NXZ
?is_unsigned@XType@@QBE_NXZ
?is_void@XType@@QBE_NXZ
?leave@XTrace@@UAEXPAUXExecState@@@Z
?lists@XModule@@SAAAV?$listx@PAVXModule@@@@XZ
?lookup@XNTable@@UAEPAVXEntry@@PAD_N@Z
?lookup_class@XNTable@@QAEPAVXClass@@PAD_N@Z
?lookup_local@XFunction@@QAEPAVXEntry@@PAD@Z
?lookup_template@XNTable@@QAEPAVXTemplateFun@@PAD_N@Z
?match_instantiate@XTemplateFun@@QAEPAXABV?$listx@PAVXType@@@@@Z
?module@XFunction@@QAEHXZ
?name@XEntry@@QAEPADXZ
?name@XFunction@@QAEPADXZ
?name@XNTable@@QAEPADXZ
?name@XTemplateFun@@QAEPADXZ
?native_addr@FBlock@@QAEPAXXZ
?nfun@XEntry@@QAEHXZ
?no_template_parms@XClass@@QAEHXZ
?offset@XNTable@@QAEHPAX@Z
?pcode@XFunction@@QAEPAUXInstruction@@XZ
?pointer_depth@XType@@QBEHXZ
?ptr@XEntry@@QAEPAXPAX@Z
?ret_type@XFunction@@QAEPAVXType@@XZ
?set_class_of@XClass@@QAEXPAX@Z
?set_data@XEntry@@QAEXH@Z
?set_on_entry@XTrace@@QAEX_N@Z
?set_on_exit@XTrace@@QAEX_N@Z
?set_ptr@XEntry@@QAEXPAX0@Z
?set_trace@XFunction@@QAEXPAVXTrace@@@Z
?set_tracing@XFunction@@SAX_N@Z
?size@XEntry@@QAEHXZ
?size@XType@@QBEHXZ
?str_to_val@XEntry@@QAEXPADPAX@Z
?str_to_val@XType@@QAEXPADPAX@Z
?table@XNTable@@QAEPAVNamedTable@@XZ
?template_parm@XClass@@QAEPAVXType@@H@Z
?type@XEntry@@QAEPAVXType@@XZ
?type@XType@@QAEPAVType@@XZ
?typelist@XType@@SAAAV?$listx@PAVXType@@@@PAV1@ZZ
?uc_global@@YAPAVXNTable@@XZ
?uc_std@@YAPAVXNTable@@XZ
?uc_ucri_init@@YAXXZ
?ucri_instruction_counter@@YAPAK_N@Z
?val_as_str@XEntry@@QAEXAAVstring@@PAX@Z
?val_as_str@XType@@QBEXAAVstring@@PAX@Z
?variables@XNTable@@QAEAAV?$listx@PAVXEntry@@@@H@Z
?where@XFunction@@QAEHAAVstring@@@Z
_uc_compile@8
_uc_compile_fn@8
_uc_error@8
_uc_error_pos@4
_uc_eval@12
_uc_eval_exp@12
_uc_eval_method@16
_uc_exec@4
_uc_finis@0
_uc_import@8
_uc_include@4
_uc_init@8
_uc_init_ref@12
_uc_interactive_loop@0
_uc_load@4
_uc_main@8
_uc_main_window@0
_uc_result@8
_uc_run@0
_uc_set_quote@8
uc_eval_args
uc_eval_method_args

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Cheat Engine Ultimatum/undercdll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

underc_executescript
underc_geterror

Sections

CODE
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 111B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 435KB - Virtual size: 435KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 137B

.reloc Size: 31KB - Virtual size: 31KB

.rsrc Size: 21KB - Virtual size: 21KB

Headers

File Characteristics

Sections

CODE Size: 2.3MB - Virtual size: 2.3MB

DATA Size: 42KB - Virtual size: 41KB

BSS Size: - Virtual size: 14KB

.idata Size: 13KB - Virtual size: 12KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 145KB - Virtual size: 145KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

Headers

File Characteristics

Sections

CODE Size: 76KB - Virtual size: 76KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 7KB - Virtual size: 7KB

Headers

File Characteristics

Sections

CODE Size: 366KB - Virtual size: 365KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 27KB - Virtual size: 26KB

.rsrc Size: 159KB - Virtual size: 159KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 70KB - Virtual size: 70KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 503B

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 6KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 357KB - Virtual size: 357KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 84B

.reloc Size: 28KB - Virtual size: 27KB

.rsrc Size: 20KB - Virtual size: 20KB

Headers

File Characteristics

Sections

CODE Size: 9KB - Virtual size: 9KB

DATA Size: 512B - Virtual size: 176B

BSS Size: - Virtual size: 1KB

CODE
Size: 435KB - Virtual size: 435KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 137B

.reloc
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 21KB - Virtual size: 21KB

CODE
Size: 2.3MB - Virtual size: 2.3MB

DATA
Size: 42KB - Virtual size: 41KB

BSS
Size: - Virtual size: 14KB

.idata
Size: 13KB - Virtual size: 12KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 145KB - Virtual size: 145KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

CODE
Size: 76KB - Virtual size: 76KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 7KB - Virtual size: 7KB

CODE
Size: 366KB - Virtual size: 365KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 159KB - Virtual size: 159KB

CODE
Size: 70KB - Virtual size: 70KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 503B

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB

CODE
Size: 357KB - Virtual size: 357KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 84B

.reloc
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 20KB - Virtual size: 20KB

CODE
Size: 9KB - Virtual size: 9KB

DATA
Size: 512B - Virtual size: 176B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 834B

.reloc
Size: 1024B - Virtual size: 752B

.rsrc
Size: 512B - Virtual size: 512B

CODE
Size: 27KB - Virtual size: 27KB

DATA
Size: 1024B - Virtual size: 1020B

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

CODE
Size: 45KB - Virtual size: 132KB

.rsrc
Size: 7KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 14KB - Virtual size: 56KB

.rsrc
Size: 2KB - Virtual size: 4KB

CODE
Size: 96KB - Virtual size: 96KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 1024B - Virtual size: 796B

.data
Size: 512B - Virtual size: 14KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB