ArquivosMinecraftMPZyn[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ArquivosMinecraftMPZyn.rar
Size

751KB
MD5

10db3610e357900ef07d895c92e65c3a
SHA1

a5a752b98a377c638242225727d8bb42d49634c8
SHA256

2eed8e55e33844d9a4df62d483ce7ef4461f2131fe099d0e6cb73d0c0b903bc8
SHA512

bde76b667957b68ffe25dcaa6ac4ab8d1165b3d27b5c17534198084682c9d7dfb849626cea01434dd46209765f9684d88c8f1df20e68039ade0f1fdcc23ade42
SSDEEP

12288:aXiL5LRAUMWtCmRHn5o5JI3xELVjWz3ggJ/mDnHefzGUfMuwrZUzGxi+yoASz4:qiL5cm3o5g2g8gJoHefyeSUak1oA64

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/Unlocker.exe
unpack001/Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/UnlockerAssistant.exe
unpack001/Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/UnlockerCOM.dll
unpack001/Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/UnlockerDriver5.sys
unpack001/Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/UnlockerHook.dll
unpack001/Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker64/Unlocker.exe
unpack001/Arquivos Minecraft MPZyn/UnlockerPortable/UnlockerPortable.exe
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/Registry.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/newadvsplash.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/Arquivos Minecraft MPZyn/UnlockerPortable/UnlockerPortable.exe	nsis_installer_1
static1/unpack001/Arquivos Minecraft MPZyn/UnlockerPortable/UnlockerPortable.exe	nsis_installer_2

Files

ArquivosMinecraftMPZyn.rar
.rar
Arquivos Minecraft MPZyn/System32/Windows.ApplicationModel.Store.dll
.dll windows:10 windows x64 arch:x64

13b4861232004ca16623814955cda5b0

Code Sign

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:29

Not After

03/03/2021, 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:85:19:22:f8:21:5f:db:1d:f7:d1:a1:14:40:71:ac:bf:2d:9c:90:0b:05:09:0f:25:74:69:62:6d:7f:5a:f0
Signer

Actual PE Digest

87:85:19:22:f8:21:5f:db:1d:f7:d1:a1:14:40:71:ac:bf:2d:9c:90:0b:05:09:0f:25:74:69:62:6d:7f:5a:f0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.ApplicationModel.Store.pdb

Imports

msvcrt

_callnewh
_wtoi
wcscspn
_wtof
wcstoul
_vsnprintf
_snwprintf_s
_wcstoui64
wcschr
wcsrchr
wcstod
_wcstoi64
_wcsdup
_wtol
toupper
wcsstr
floor
_itow_s
_wcsicmp
memcmp
memcpy
memmove
memset
mbstowcs_s
memmove_s
strcmp
realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
strchr
strrchr
_set_errno
strtol
strncpy_s
wcstombs
sprintf_s
_wcsupr
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
malloc
wcscpy_s
??_V@YAXPEAX@Z
__C_specific_handler
free
_purecall
memcpy_s
_vsnwprintf
wcscmp

ntdll

RtlUpcaseUnicodeChar
NtQueryInformationProcess
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlNtStatusToDosError
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
RtlUnsubscribeWnfStateChangeNotification
EtwEventWriteTransfer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime

combase

ord12
ord14
ord2
ord13
CStdStubBuffer_CountRefs
ord16
CStdStubBuffer_QueryInterface
ord7
ord9
CStdStubBuffer_DebugServerRelease
ord24
CStdStubBuffer_IsIIDSupported
ord15
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
ord23
ord20
ord21
ord17
NdrCStdStubBuffer2_Release
ord8
ord19
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
ord10
CStdStubBuffer2_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_Disconnect
ord6
CStdStubBuffer2_QueryInterface
CStdStubBuffer_AddRef
ord22
ord33
ord34
ord11
CStdStubBuffer2_Connect
ord18
ord32
ord25
ord5

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
FreeResource
LockResource
GetModuleHandleW
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
LoadStringW

api-ms-win-core-localization-l1-2-0

GetGeoInfoW
GetUserDefaultLocaleName
GetUserGeoID
LCMapStringEx
FormatMessageW
GetLocaleInfoEx

api-ms-win-core-processthreads-l1-1-0

GetProcessId
TerminateProcess
OpenThread
GetCurrentProcess
GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcessId
GetProcessIdOfThread
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexExW
InitializeSRWLock
ResetEvent
WaitForSingleObject
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventExW
SetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcBindingFromStringBindingW
UuidFromStringW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
UuidCreate
RpcStringFreeW
NdrClientCall3
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
NdrOleFree
NdrStubCall3
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
NdrOleAllocate

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetTickCount
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
DuplicateTokenEx
GetLengthSid
CopySid
RevertToSelf
AllocateAndInitializeSid
FreeSid
GetTokenInformation

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

GetFileSize
WriteFile
CompareFileTime
DeleteFileA
CreateFileA
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
CreateDirectoryW
ReadFile
DeleteFileW
CreateFileW
FindClose
FindFirstFileA
GetFileInformationByHandle
SetFilePointer

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-file-l1-2-2

GetTempFileNameA
GetTempPathA

cabinet

ord14
ord10
ord13
ord11

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-path-l1-1-0

PathCchAppendEx
PathCchAddExtension

api-ms-win-core-localization-l2-1-0

GetCurrencyFormatEx

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-core-url-l1-1-0

UrlEscapeW

cryptsp

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW
FlushTraceW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCombineA
PathAppendA
PathRemoveFileSpecA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree

api-ms-win-security-capability-l1-1-0

CapabilityCheck

iertutil

ord74
ord85
ord76
ord89

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpReadData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen

webservices

WsCreateReader
WsReadXmlBufferFromBytes
WsSetInputToBuffer
WsMoveReader
WsReadToStartElement
WsGetReaderPosition
WsReadBytes
WsReadStartElement
WsCreateError
WsCreateHeap
WsFreeReader
WsFreeHeap
WsFreeError
WsReadEndAttribute
WsReadStartAttribute
WsFindAttribute
WsReadChars

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/README.TXT
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/Unlocker.exe
.exe windows:4 windows x86 arch:x86

3839cd29c749b008b225b4cae0af64df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_SetBkColor
ImageList_ReplaceIcon

ws2_32

recv
send
connect
htons
gethostbyname
socket
WSAStartup

shlwapi

StrStrA
PathRemoveExtensionW
PathStripPathW
SHDeleteKeyA
StrToIntA
wvnsprintfA
PathStripToRootW
PathIsDirectoryW
PathFindExtensionW
StrStrW
PathSkipRootW
PathRemoveFileSpecW

kernel32

Module32FirstW
GetModuleFileNameW
CreateToolhelp32Snapshot
Module32NextW
CreateThread
ExitProcess
CreateFileA
QueryDosDeviceA
Process32NextW
lstrcmpiW
GetCommandLineW
lstrlenW
lstrcpyA
LocalFree
GetProcAddress
LoadLibraryA
lstrcpyW
GetLongPathNameW
CloseHandle
ReadFile
CreateFileW
WriteFile
GetModuleHandleA
MultiByteToWideChar
GlobalAlloc
GlobalFree
lstrcmpA
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
SetFileAttributesW
GetShortPathNameW
MoveFileW
GetVersionExA
GlobalUnlock
GlobalLock
GlobalReAlloc
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
lstrlenA
MoveFileExW
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
DuplicateHandle
GetCurrentProcess
TerminateProcess
Process32FirstW

user32

DialogBoxParamA
DestroyWindow
DispatchMessageA
TranslateMessage
PeekMessageA
ShowWindow
GetDlgItem
CreateDialogParamA
wsprintfA
CharUpperW
GetDlgItemTextW
UpdateWindow
InvalidateRect
GetSysColor
MoveWindow
GetClientRect
ClientToScreen
CallWindowProcA
DestroyCursor
SetWindowLongA
SetCapture
SetCursor
LoadCursorA
PtInRect
ReleaseCapture
GetSystemMetrics
LoadIconA
DestroyIcon
SetDlgItemTextA
SetDlgItemTextW
SetWindowTextA
PostMessageA
GetWindowRect
GetWindowPlacement
EndDialog
SetWindowPlacement
GetDC
SendMessageA
DrawTextA
MessageBoxA
wsprintfW
SendDlgItemMessageA

gdi32

GetObjectA
CreateFontIndirectA
SelectObject

comdlg32

GetSaveFileNameW

advapi32

SetNamedSecurityInfoW
RegSetValueExW
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
FreeSid
SetEntriesInAclA
AllocateAndInitializeSid
RegSetValueExA

shell32

CommandLineToArgvW
ShellExecuteA
ExtractIconExW
SHCreateDirectoryExW
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/UnlockerAssistant.exe
.exe windows:4 windows x86 arch:x86

a510baa3ecd268c6c6bb7d395fef0aad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shlwapi

StrToIntA
wvnsprintfA

kernel32

lstrcmpA
lstrcmpW
GetCommandLineW
GetModuleFileNameA
GetProcAddress
LoadLibraryA
ExitProcess
lstrlenA
lstrcpyA
GetModuleHandleA

user32

PostQuitMessage
DestroyWindow
PostMessageA
GetWindowTextA
DestroyIcon
DispatchMessageA
TranslateMessage
GetMessageA
GetCursorPos
CreateDialogParamA
RegisterWindowMessageA
EnumWindows
SetForegroundWindow
TrackPopupMenu
DestroyMenu
wsprintfA
MessageBoxA
CreatePopupMenu
LoadIconA
EnableMenuItem
InsertMenuA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

shell32

CommandLineToArgvW
Shell_NotifyIconA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/UnlockerCOM.dll
.dll regsvr32 windows:4 windows x86 arch:x86

cab4339f8b761ab31e628f0fd642a7a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathRemoveFileSpecW

kernel32

lstrcpyA
lstrlenA
GetModuleFileNameA
CloseHandle
lstrlenW
DisableThreadLibraryCalls
CreateFileW
GetModuleFileNameW
GlobalUnlock
lstrcpyW
GlobalLock
GetVersionExA
InterlockedDecrement
lstrcmpA
GlobalFree
GlobalAlloc
InterlockedIncrement
WriteFile

user32

GetMenuItemCount
GetMenuItemID
GetMenuStringA
InsertMenuA
EnableMenuItem
SetMenuItemBitmaps
RegisterClipboardFormatA
GetForegroundWindow
GetClassNameA
SendMessageA
LoadImageA
wsprintfW
wsprintfA
EnumChildWindows

gdi32

DeleteObject

advapi32

RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteExW
SHGetMalloc
DragQueryFileW
DragQueryFileA
SHGetPathFromIDListW
ord25

ole32

ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/UnlockerDriver5.sys
.sys windows:4 windows x86 arch:x86

2a015bf36d12492d1085356809814d9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
ExFreePool
ObQueryNameString
ExAllocatePoolWithTag
ObReferenceObjectByHandle
IoFileObjectType
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

PAGE
Size: 1024B - Virtual size: 689B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker/UnlockerHook.dll
.dll windows:4 windows x86 arch:x86

f4d093db5e466a48d555b9ceadb39dab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathStripPathW
PathRemoveFileSpecW

kernel32

GetModuleHandleA
lstrcpyW
GetModuleFileNameW
GetLastError
lstrcmpA
CloseHandle
WriteProcessMemory
FlushInstructionCache
ReadProcessMemory
GetCurrentProcess
VirtualProtect
GetProcAddress
lstrlenW
lstrcmpiW
DisableThreadLibraryCalls

user32

CallNextHookEx
PostMessageA
UnhookWindowsHookEx
EnumWindows
wsprintfW
SetWindowsHookExA
GetWindowTextA

shell32

ShellExecuteExW

Exports

Exports

HookInstall
HookUninstall

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker64/README.TXT
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker64/Unlocker.exe
.exe windows:4 windows x64 arch:x64

e8f4d104ba03c60ae9f3327e0e3c6f36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Documents and Settings\Cedrick\My Documents\Cedrick\Backup Office\My Sources\Visual Studio Projects\Unlocker\Release64\Unlocker.pdb

Imports

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_SetBkColor
ImageList_ReplaceIcon

ws2_32

recv
send
connect
htons
gethostbyname
socket
WSAStartup

shlwapi

StrStrA
PathRemoveExtensionW
PathStripPathW
SHDeleteKeyA
PathSkipRootW
StrToIntA
PathStripToRootW
PathRemoveFileSpecW
wvnsprintfA
PathFindExtensionW
StrStrW
PathIsDirectoryW

kernel32

Module32FirstW
GetModuleFileNameW
CreateToolhelp32Snapshot
Module32NextW
CreateThread
ExitProcess
CreateFileA
QueryDosDeviceA
Process32NextW
lstrcmpiW
GetCommandLineW
lstrlenW
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
SetFileAttributesW
GetShortPathNameW
lstrcpyW
MoveFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalReAlloc
GlobalAlloc
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetModuleHandleA
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
lstrcpyA
GetProcAddress
WriteProcessMemory
VirtualAllocEx
OpenProcess
LocalFree
LoadLibraryA
ReadFile
lstrcmpA
GetLongPathNameW
CreateFileW
WriteFile
MultiByteToWideChar
GetVersionExA
lstrlenA
MoveFileExW
DuplicateHandle
GetCurrentProcess
TerminateProcess
Process32FirstW

user32

SetWindowTextA
SetDlgItemTextW
SetDlgItemTextA
DestroyIcon
LoadIconA
GetDlgItemTextW
DialogBoxParamA
SendDlgItemMessageA
UpdateWindow
InvalidateRect
PostMessageA
MoveWindow
GetClientRect
ClientToScreen
wsprintfA
CharUpperW
CallWindowProcA
DestroyCursor
SetWindowLongPtrA
SetCapture
SetCursor
LoadCursorA
PtInRect
ReleaseCapture
GetSystemMetrics
GetWindowRect
GetWindowPlacement
EndDialog
SetWindowPlacement
GetDC
DrawTextA
MessageBoxA
CreateDialogParamA
GetDlgItem
SendMessageA
ShowWindow
TranslateMessage
DispatchMessageA
PeekMessageA
DestroyWindow
wsprintfW
GetSysColor

gdi32

GetObjectA
CreateFontIndirectA
SelectObject

comdlg32

GetSaveFileNameW

advapi32

SetNamedSecurityInfoW
RegSetValueExW
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
FreeSid
SetEntriesInAclA
AllocateAndInitializeSid
RegSetValueExA

shell32

CommandLineToArgvW
ShellExecuteA
ExtractIconExW
ShellExecuteExW
SHGetMalloc
SHBrowseForFolderW
SHFileOperationW
SHCreateDirectoryExW
SHGetPathFromIDListW

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker64/UnlockerCOM.dll
.dll regsvr32 windows:4 windows x64 arch:x64

8a91375a81d9a00ca4864dbcc33546b2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:61:c7:1c:9d:3a:68:32:e7:81:55:53:27:42:8b:e5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/06/2010, 00:00

Not After

29/06/2011, 23:59

Subject

CN=Empty Loop,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Empty Loop,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:4f:4b:57:02:db:2a:59:21:ed:a3:86:f6:c8:45:b8:0f:a1:12:bc
Signer

Actual PE Digest

bb:4f:4b:57:02:db:2a:59:21:ed:a3:86:f6:c8:45:b8:0f:a1:12:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathRemoveFileSpecW

kernel32

GetModuleFileNameW
GlobalUnlock
lstrcpyW
GlobalLock
CreateFileW
DisableThreadLibraryCalls
lstrcpyA
lstrlenA
GetModuleFileNameA
lstrlenW
WriteFile
CloseHandle
lstrcmpA
GlobalFree
GlobalAlloc
GetVersionExA

user32

GetMenuItemCount
GetMenuItemID
GetMenuStringA
InsertMenuA
EnableMenuItem
SetMenuItemBitmaps
LoadImageA
wsprintfA
GetForegroundWindow
EnumChildWindows
wsprintfW
GetClassNameA
SendMessageA
RegisterClipboardFormatA

gdi32

DeleteObject

advapi32

RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetPathFromIDListW
ShellExecuteExW
DragQueryFileW
DragQueryFileA
ord25
SHGetMalloc

ole32

ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker64/UnlockerDriver5.sys
.sys windows:4 windows x64 arch:x64

2a015bf36d12492d1085356809814d9d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:61:c7:1c:9d:3a:68:32:e7:81:55:53:27:42:8b:e5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/06/2010, 00:00

Not After

29/06/2011, 23:59

Subject

CN=Empty Loop,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Empty Loop,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:65:01:16:e0:82:cc:41:fe:d0:20:af:a7:0d:72:a2:27:8b:bb:3b
Signer

Actual PE Digest

89:65:01:16:e0:82:cc:41:fe:d0:20:af:a7:0d:72:a2:27:8b:bb:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IofCompleteRequest
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
ExFreePool
ObQueryNameString
ExAllocatePoolWithTag
ObReferenceObjectByHandle
IoFileObjectType
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 299B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/App/Unlocker64/UnlockerInject32.exe
.exe windows:4 windows x86 arch:x86

28c87b74b850b535682af01742c40837

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:61:c7:1c:9d:3a:68:32:e7:81:55:53:27:42:8b:e5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/06/2010, 00:00

Not After

29/06/2011, 23:59

Subject

CN=Empty Loop,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Empty Loop,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:89:c5:a4:36:0b:af:18:15:a8:8d:e5:2c:1f:e3:dd:fd:fc:85:27
Signer

Actual PE Digest

ba:89:c5:a4:36:0b:af:18:15:a8:8d:e5:2c:1f:e3:dd:fd:fc:85:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntW

kernel32

OpenProcess
ExitProcess
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
lstrcpyW
lstrcpyA
GetProcAddress
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
GetCommandLineW
LoadLibraryA
GlobalAlloc
lstrcmpiW

user32

MessageBoxW

shell32

CommandLineToArgvW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Arquivos Minecraft MPZyn/UnlockerPortable/Data/Unlocker64/Unlocker.cfg
Arquivos Minecraft MPZyn/UnlockerPortable/Data/UnlockerPortable.ini
Arquivos Minecraft MPZyn/UnlockerPortable/Other/Source/Unlocker.ico
Arquivos Minecraft MPZyn/UnlockerPortable/Other/Source/_UnlockerPortable.nsi
Arquivos Minecraft MPZyn/UnlockerPortable/Other/Source/_UnlockerPortableInstaller.nsi
Arquivos Minecraft MPZyn/UnlockerPortable/Other/_Include/Installer.bmp
Arquivos Minecraft MPZyn/UnlockerPortable/Other/_Include/Installer.nsh
Arquivos Minecraft MPZyn/UnlockerPortable/Other/_Include/Launcher.nsh
Arquivos Minecraft MPZyn/UnlockerPortable/Other/_Include/Splash.bmp
Arquivos Minecraft MPZyn/UnlockerPortable/UnlockerPortable.exe
.exe windows:5 windows x86 arch:x86

f14aba31075188e8a83ea826ace3eca3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
CompareFileTime
lstrlenA
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrcatA
GetProcAddress
OpenProcess
lstrcpyA
GetVersionExA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
WideCharToMultiByte

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
CheckDlgButton
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharUpperA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
DialogBoxParamA
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 276KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Registry.dll
.dll windows:4 windows x86 arch:x86

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
CreateProcessW
GlobalAlloc
SearchPathA
SearchPathW
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
WriteFile
WideCharToMultiByte
GetWindowsDirectoryW
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree

user32

FindWindowExA
SetWindowTextA
SetWindowTextW
MessageBoxW
GetDlgItem

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStrA
_HexToStrW
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHexA
_StrToHexW
_Unload
_Write
_WriteExtra

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

aaa34d9251e34ceebd6bf5066471d799

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
GetProcAddress
lstrcatA
lstrlenA
lstrcmpiA
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
MultiByteToWideChar
FreeLibrary

user32

wsprintfA

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 915B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/newadvsplash.dll
.dll windows:4 windows x86 arch:x86

2e363db44011ed76701ec6ce62db36f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
CloseHandle
MultiByteToWideChar
lstrcpynA
lstrlenA
GetCurrentThreadId
CreateThread
Sleep
lstrcpyA
lstrcmpiA
GlobalAlloc
GlobalFree
WaitForSingleObject

user32

DefWindowProcA
DestroyWindow
IsWindowVisible
UnregisterClassA
EnumDisplaySettingsA
SendMessageA
wsprintfA
SystemParametersInfoA
BeginPaint
SetWindowPos
LoadCursorA
RegisterClassA
CreateWindowExA
IsWindow
GetMessageA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongA
EndPaint
TranslateMessage
DispatchMessageA
PostMessageA
SetWindowRgn
GetClientRect

gdi32

CombineRgn
GetObjectA
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

oleaut32

OleLoadPicturePath

msvcrt

_lseek
memset
memcmp
_read
memcpy
_close
_open
strtol

Exports

Exports

hwnd
play
show
stop

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/splash.bmp
Arquivos Minecraft MPZyn/UnlockerPortable/UnlockerPortable.ini

Sharing

General

Malware Config

Signatures

Files

13b4861232004ca16623814955cda5b0

Code Sign

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

87:85:19:22:f8:21:5f:db:1d:f7:d1:a1:14:40:71:ac:bf:2d:9c:90:0b:05:09:0f:25:74:69:62:6d:7f:5a:f0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-kernel32-legacy-l1-1-0

combase

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

rpcrt4

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-file-l1-2-2

cabinet

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-core-localization-l2-1-0

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-core-url-l1-1-0

cryptsp

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-security-capability-l1-1-0

iertutil

winhttp

webservices

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 876KB - Virtual size: 875KB

.data Size: 8KB - Virtual size: 14KB

.pdata Size: 41KB - Virtual size: 40KB

.didat Size: 1024B - Virtual size: 888B

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 65KB - Virtual size: 65KB

3839cd29c749b008b225b4cae0af64df

Headers

DLL Characteristics

File Characteristics

Imports

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

87:85:19:22:f8:21:5f:db:1d:f7:d1:a1:14:40:71:ac:bf:2d:9c:90:0b:05:09:0f:25:74:69:62:6d:7f:5a:f0
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 876KB - Virtual size: 875KB

.data
Size: 8KB - Virtual size: 14KB

.pdata
Size: 41KB - Virtual size: 40KB

.didat
Size: 1024B - Virtual size: 888B

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 65KB - Virtual size: 65KB

.text
Size: 87KB - Virtual size: 87KB

.data
Size: 512B - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 476B

PAGE
Size: 1024B - Virtual size: 689B

INIT
Size: 512B - Virtual size: 244B

.rdata
Size: 1024B - Virtual size: 562B

.data
Size: - Virtual size: 8B

.reloc
Size: 512B - Virtual size: 126B