blankgrabber | Hone-Optimizer-2[.]8[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Hone-Optimizer-2.8.zip
Size

11.4MB
MD5

a6b670b05b863acb99905bcc07ce0bb2
SHA1

506ef75e6c00fa93034f834c99b64bb970ac657f
SHA256

2fb388ca335852c8791c6afd1d57e57bcc6e2981eae1b5ca9c359456b593e84e
SHA512

5d38e3979721bea0a8c0cd90bd31e6ebb9ef145d0ce1eb87699a4b28ed44959a45ef5ede096a043d52fc7327fc5b74419e75a7d98e8641becdad8ab486187500
SSDEEP

196608:jCOL9wFLTNHJgOENHY5tfUXUcV1YcRpedfXBZ1Hpl65Vwf0fs79yBx6I:7MTNHJgOHvDcVNLedfRHv65VW0fsB+B

Score

10^/10

upx blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack005/loader-o.pyc	blankgrabber

Blankgrabber family
blankgrabber

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Hone-Optimizer-2.8/Files/Aesthetics/Clear.exe	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hone-Optimizer-2.8/Files/Aesthetics/Clear.exe
unpack001/Hone-Optimizer-2.8/Files/GenshinCfg.exe
unpack001/Hone-Optimizer-2.8/Files/NSudo.exe
unpack001/Hone-Optimizer-2.8/Files/REAL.exe
unpack001/Hone-Optimizer-2.8/Files/RFU.exe
unpack001/Hone-Optimizer-2.8/Files/SetTimerResolutionService.exe
unpack001/Hone-Optimizer-2.8/Files/dccmd.exe
unpack001/Hone-Optimizer-2.8/Files/libiconv2.dll
unpack001/Hone-Optimizer-2.8/Files/libintl3.dll
unpack001/Hone-Optimizer-2.8/Files/nssm.exe
unpack001/Hone-Optimizer-2.8/Files/nvidiaProfileInspector.exe
unpack001/Hone-Optimizer-2.8/Files/regex2.dll
unpack001/Hone-Optimizer-2.8/Files/restart64.exe
unpack001/Hone-Optimizer-2.8/Files/sed.exe
unpack001/Hone-Optimizer-2.8/Hone-Optimizer.exe

Files

Hone-Optimizer-2.8.zip
.zip
Hone-Optimizer-2.8/Files/Aesthetics/Auto/systemtransparency.ini
Hone-Optimizer-2.8/Files/Aesthetics/Clear.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 195KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Hone-Optimizer-2.8/Files/Base_Profile.nip
Hone-Optimizer-2.8/Files/DDU.zip
.zip
DDU.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

a2:43:2c:58:81:d6:5f:6a:71:46:96:3b:2c:43:f5:a4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/03/2021, 00:00

Not After

25/03/2023, 23:59

Subject

CN=Wagnardsoft,O=Wagnardsoft,POSTALCODE=J7N 0W5,STREET=16915 Rue de la Perle,L=Mirabel,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:94:7d:9b:12:80:f6:b1:1d:1d:77:b3:95:1b:f8:d9:e2:de:eb:38:c1:9f:c3:28:b3:6f:5d:ef:58:ef:8f:4d
Signer

Actual PE Digest

a0:94:7d:9b:12:80:f6:b1:1d:1d:77:b3:95:1b:f8:d9:e2:de:eb:38:c1:9f:c3:28:b3:6f:5d:ef:58:ef:8f:4d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ghisl\OneDrive\Documents\Programmation\wpf\display-drivers-uninstaller\display-driver-uninstaller\Display Driver Uninstaller\obj\Release\Display Driver Uninstaller.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Display Driver Uninstaller.pdb
Issues and solutions.txt
Licence.txt
Readme.txt
settings/AMD/classroot.cfg
settings/AMD/clsidleftover.cfg
settings/AMD/driverfiles.cfg
settings/AMD/driverfilesKMAFD.cfg
settings/AMD/driverfilesKMPFD.cfg
settings/AMD/driverfilesKMPFD.cfg.bak
settings/AMD/interface.cfg
settings/AMD/packages.cfg
settings/AMD/services.cfg
settings/INTEL/classroot.cfg
settings/INTEL/clsidleftover.cfg
settings/INTEL/driverfiles.cfg
settings/INTEL/interface.cfg
settings/INTEL/packages.cfg
settings/INTEL/services.cfg
settings/Languages/Arabic.xml
settings/Languages/Bulgarian.xml
settings/Languages/Chinese (Simplified).xml
.xml
settings/Languages/Chinese (Traditional).xml
.xml
settings/Languages/Czech.xml
.xml
settings/Languages/Danish.xml
settings/Languages/Dutch.xml
.xml
settings/Languages/English.xml
settings/Languages/English.xml.bak
settings/Languages/Finnish.xml
settings/Languages/French.xml
settings/Languages/German.xml
.xml
settings/Languages/Greek.xml
settings/Languages/Hebrew.xml
settings/Languages/Hungarian.xml
settings/Languages/Italian.xml
settings/Languages/Japanese.xml
settings/Languages/Korean.xml
settings/Languages/Macedonian (Latin).xml
settings/Languages/Persian.xml
settings/Languages/Polish.xml
settings/Languages/Portuguese.xml
settings/Languages/PortugueseBrazil.xml
settings/Languages/Russian.xml
settings/Languages/Serbian (Cyrilic).xml
settings/Languages/Serbian (Latin).xml
settings/Languages/Slovak.xml
settings/Languages/Slovenian.xml
settings/Languages/Spanish (Spain).xml
settings/Languages/Spanish.xml
settings/Languages/Swedish.xml
settings/Languages/Thai.xml
settings/Languages/Turkish.xml
settings/Languages/Ukrainian.xml
settings/Languages/_For translators - ReadMe.txt
settings/NVIDIA/classroot.cfg
settings/NVIDIA/clsidleftover.cfg
settings/NVIDIA/clsidleftoverGFE.cfg
settings/NVIDIA/driverfiles.cfg
settings/NVIDIA/gfedriverfiles.cfg
settings/NVIDIA/gfedriverfiles.cfg.bak
settings/NVIDIA/gfeservice.cfg
settings/NVIDIA/interface.cfg
settings/NVIDIA/interfaceGFE.cfg
settings/NVIDIA/nvbservice.cfg
settings/NVIDIA/packages.cfg
settings/NVIDIA/services.cfg
settings/REALTEK/classroot.cfg
settings/REALTEK/clsidleftover.cfg
settings/REALTEK/driverfiles.cfg
settings/REALTEK/packages.cfg
settings/REALTEK/services.cfg
Hone-Optimizer-2.8/Files/Driverinstall.bat
Hone-Optimizer-2.8/Files/EmptyStandbyList.exe
.exe windows:6 windows x86 arch:x86

ede74345354aaddd93e9ce5d8e8b1431

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:6c:75:f3:b8:e8:f8:7e:b4:72:02:66:a5:5e:d6:e0:8d:ea:9d:74
Signer

Actual PE Digest

e2:6c:75:f3:b8:e8:f8:7e:b4:72:02:66:a5:5e:d6:e0:8d:ea:9d:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\projects\TestPh\Release\TestPh.pdb

Imports

ntdll

RtlNtStatusToDosError
RtlFindMessage
RtlInterlockedPopEntrySList
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlRaiseStatus
NtReleaseSemaphore
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlCreateHeap
RtlGetVersion
RtlReleasePrivilege
RtlAcquirePrivilege
RtlLengthSecurityDescriptor
RtlAllocateHeap
RtlUpcaseUnicodeChar
NtSetInformationFile
RtlUnwind
NtWaitForSingleObject
NtFreeVirtualMemory
NtSetSystemInformation
NtQuerySystemInformation
NtCreateSemaphore
NtQueryInformationToken
NtOpenProcessToken
RtlFreeHeap
NtWriteFile
NtDeviceIoControlFile
NtClose

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
FindFirstFileExW
FindNextFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
RaiseException
GetStdHandle
WideCharToMultiByte
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetFileType
DecodePointer
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
GetCurrentProcess
SetLastError
TlsGetValue
TlsAlloc
TlsSetValue
GetSystemDefaultLangID
GetUserDefaultLangID
LocalAlloc
GetTickCount
HeapFree
HeapAlloc
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
ExitProcess
GetLastError
WriteFile
CreateFileW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW

advapi32

SystemFunction036

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/FPS/Accurate/240/Amd/FPSAccurate240Amd.cfg
Hone-Optimizer-2.8/Files/FPS/Accurate/240/Intel/FPSAccurate240Intel.cfg
Hone-Optimizer-2.8/Files/FPS/Accurate/240/Nvidia/FPSAccurate240Nvidia.cfg
Hone-Optimizer-2.8/Files/FPS/Accurate/60-120/Amd/FPSAccurate60AMD.cfg
Hone-Optimizer-2.8/Files/FPS/Accurate/60-120/Intel/FPSAccurate60Intel.cfg
Hone-Optimizer-2.8/Files/FPS/Accurate/60-120/Nvidia/FPSAccurate60Nvidia.cfg
Hone-Optimizer-2.8/Files/FPS/Smooth/Amd/FPSSmoothAmd.cfg
Hone-Optimizer-2.8/Files/FPS/Smooth/Intel/FPSSmoothIntel.cfg
Hone-Optimizer-2.8/Files/FPS/Smooth/Nvidia/FPSSmoothNvidia.cfg
Hone-Optimizer-2.8/Files/GenshinCfg.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/Hone.usf
Hone-Optimizer-2.8/Files/HoneCtrlVer
Hone-Optimizer-2.8/Files/HoneMinusBloat/j
Hone-Optimizer-2.8/Files/HoneV2.pow
Hone-Optimizer-2.8/Files/HoneV3.pow
Hone-Optimizer-2.8/Files/Latency_and_Performances_Settings_by_Hone_Team2.nip
Hone-Optimizer-2.8/Files/Minecraft/240-360/Amd/Minecraft240Amd.cfg
Hone-Optimizer-2.8/Files/Minecraft/240-360/Intel/Minecraft240Intel.cfg
Hone-Optimizer-2.8/Files/Minecraft/240-360/Nvidia/Minecraft240Nvidia.cfg
Hone-Optimizer-2.8/Files/Minecraft/480+/Amd/Minecraft480Amd.cfg
Hone-Optimizer-2.8/Files/Minecraft/480+/Intel/Minecraft480Intel.cfg
Hone-Optimizer-2.8/Files/Minecraft/480+/Nvidia/Minecraft480Nvidia.cfg
Hone-Optimizer-2.8/Files/Minecraft/Any/Amd/MinecraftAnyAmd.cfg
Hone-Optimizer-2.8/Files/Minecraft/Any/Intel/MinecraftAnyIntel.cfg
Hone-Optimizer-2.8/Files/Minecraft/Any/Nvidia/MinecraftAnyNvidia.cfg
Hone-Optimizer-2.8/Files/NSudo.exe
.exe windows:6 windows x86 arch:x86

16026b739637a8b250930b6e8e3c054c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\MouriNaruto\NSudoPrivate\Source\Native\Output\Binaries\Release\Win32\NSudoLG.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
CreateEventW
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
FindResourceExW
LoadResource
GetProcAddress
VerSetConditionMask
FreeLibrary
SleepEx
GetFileInformationByHandleEx
QueryPerformanceCounter
LoadLibraryExW
GetModuleHandleExW
ExitProcess
Sleep
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SizeofResource
GetLocalTime
GetCurrentProcessId
ResumeThread
WaitForSingleObjectEx
InitializeCriticalSection
GetCurrentProcess
SetPriorityClass
MulDiv
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
CloseHandle
GetThreadUILanguage
GetLastError
GetCurrentThreadId
GetFileAttributesW
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
SetThreadUILanguage
GetCommandLineW
EnterCriticalSection
SetLastError
HeapFree
ReadFile
VerifyVersionInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount

user32

EndPaint
BeginPaint
DrawIconEx
GetClientRect
GetWindowTextW
LoadIconW
ChangeWindowMessageFilter
DestroyIcon
UnregisterClassW
MonitorFromWindow
GetDC
SendMessageW
EndDialog
SetWindowLongW
DialogBoxParamW
LoadImageW
GetDlgItem
SetWindowTextW

gdi32

DeleteDC
GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation

shell32

DragQueryFileW
DragFinish

ole32

CoInitializeEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken

msvcrt

_initterm_e
_set_fmode
__p__commode
_controlfp_s
_errno
strcpy_s
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
_mbtowc_l
_wcsicmp
__wgetmainargs
strrchr
_msize
_XcptFilter
__set_app_type
malloc
_callnewh
?_set_new_mode@@YAHH@Z
___lc_codepage_func
realloc
_CIlog10
ceil
_clearfp
_except_handler4_common
_amsg_exit
memmove
memset
free
_CxxThrowException
wcsstr
wcsrchr
__CxxFrameHandler3
_initterm
_wcsnicmp
_wcmdln
strncmp
memcpy
?terminate@@YAXXZ

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/REAL.exe
.exe windows:6 windows x64 arch:x64

70137d794c4550c98058e96367f1f181

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
getaddrinfo
WSACleanup
WSAGetLastError
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
htonl
ntohl
socket
recv
send
__WSAFDIsSet
select
WSASetLastError
WSAStartup

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore

wldap32

ord33
ord35
ord30
ord200
ord301
ord41
ord22
ord26
ord27
ord79
ord32
ord50
ord45
ord60
ord211
ord46
ord217
ord143

normaliz

IdnToUnicode
IdnToAscii

kernel32

AreFileApisANSI
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcessId
GetDynamicTimeZoneInformation
AllocConsole
FreeConsole
GetConsoleWindow
CreateDirectoryW
GetFileAttributesW
GetTempPathW
CloseHandle
GetLastError
WaitForSingleObject
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameW
GetModuleHandleExW
GetCurrentThreadId
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
GetProcAddress
Sleep
SleepEx
GetTickCount64
WaitForSingleObjectEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
MultiByteToWideChar
WideCharToMultiByte
RaiseException
HeapAlloc
HeapFree
GetProcessHeap
RtlLookupFunctionEntry
VirtualQuery

user32

SendMessageW
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW

shell32

Shell_NotifyIconW
ShellExecuteExW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

advapi32

CryptImportKey
AccessCheck
DuplicateToken
GetFileSecurityW
MapGenericMask
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
OpenProcessToken
CryptEncrypt

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
_Wcscoll
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
_Xtime_get_ticks
_Thrd_join
_Thrd_id
_Cnd_destroy_in_situ
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
_Wcsxfrm
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Strcoll
_Strxfrm
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

vcruntime140

__C_specific_handler_noexcept
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
__C_specific_handler
strstr
strrchr
strchr
memcmp
memset
memmove
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memchr
memcpy

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
__sys_nerr
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_getpid
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
terminate
_c_exit
_register_thread_local_exe_atexit_callback
strerror
_beginthreadex
_errno
_invalid_parameter_noinfo_noreturn
_register_onexit_function
strerror_s

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
realloc
_set_new_mode
_callnewh

api-ms-win-crt-convert-l1-1-0

strtoull
strtoll
strtol
atoi
strtod
strtoul

api-ms-win-crt-math-l1-1-0

_dsign
_dtest
_ldtest
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_read
_write
_close
_open
fputs
_fseeki64
fseek
fopen
fsetpos
fwrite
fread
__p__commode
setvbuf
fgets
ungetc
__stdio_common_vsprintf
_set_fmode
fputc
fgetpos
fgetc
fflush
__stdio_common_vsscanf
_kbhit
_lseeki64
fclose
freopen_s
_get_stream_buffer_pointers
ftell
__acrt_iob_func
__stdio_common_vsnprintf_s

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_stat64
_fstat64
_access

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s
_time64
_gmtime64_s
_gmtime64

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-string-l1-1-0

strcmp
strcspn
strspn
strncpy
strlen
strncmp
strcpy
wcslen
tolower
isupper
_strdup
strcat_s
strcpy_s
strpbrk

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 805KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/RFU.exe
.exe windows:6 windows x64 arch:x64

ee35319bdd2e1e532856829007e798f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\rbxfpsunlocker\rbxfpsunlocker\x64\Release\rbxfpsunlocker.pdb

Imports

kernel32

GetProcessId
CreateMutexA
DuplicateHandle
OpenProcess
Sleep
GetLastError
CloseHandle
ReadProcessMemory
GetExitCodeProcess
Process32First
CreateToolhelp32Snapshot
QueryFullProcessImageNameA
Process32Next
Module32FirstW
Module32NextW
IsWow64Process
VirtualQueryEx
SetConsoleTitleA
TerminateThread
FreeConsole
CreateThread
GetConsoleWindow
AllocConsole
GetStdHandle
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
SetConsoleTextAttribute
GetCurrentProcess
GetConsoleScreenBufferInfo
WriteConsoleW
WriteProcessMemory
HeapFree
HeapAlloc
GetFileType
SetFilePointerEx
GetFileSizeEx
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
GetProcAddress
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WriteFile
SetEndOfFile

user32

EnumWindows
GetWindowTextA
MessageBoxA
IsWindowVisible
GetSystemMenu
GetMessageA
CheckMenuRadioItem
DispatchMessageA
LoadCursorA
CreatePopupMenu
TrackPopupMenu
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
LoadIconA
AppendMenuA
CheckMenuItem
PostQuitMessage
EnableMenuItem
RegisterClassExA
SetForegroundWindow
GetCursorPos
GetWindowThreadProcessId

gdi32

GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetKnownFolderPath

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

Sections

.text
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/SetTimerResolutionService.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/Settings/Fallout.ini
Hone-Optimizer-2.8/Files/Settings/FalloutPrefs.ini
Hone-Optimizer-2.8/Files/Settings/Hone.veg
Hone-Optimizer-2.8/Files/Settings/Hone.zip
.zip
Hone/controls.json
Hone/general.json
Hone/mods.json
Hone/performance.json
Hone/sound_settings.txt
Hone/staff_mods.json
Hone-Optimizer-2.8/Files/Settings/ProjectProperties17.reg
Hone-Optimizer-2.8/Files/Settings/ProjectProperties18.reg
Hone-Optimizer-2.8/Files/Settings/mastercomfig-disable-pyroland-addon.vpk
Hone-Optimizer-2.8/Files/Settings/mastercomfig-flat-mouse-addon.vpk
Hone-Optimizer-2.8/Files/Settings/mastercomfig-low-preset.vpk
Hone-Optimizer-2.8/Files/Settings/mastercomfig-medium-preset.vpk
Hone-Optimizer-2.8/Files/Settings/mastercomfig-no-soundscapes-addon.vpk
Hone-Optimizer-2.8/Files/Settings/mastercomfig-opengl-addon.vpk
Hone-Optimizer-2.8/Files/Vibrant/Nvidia/VibrantNvidia.cfg
Hone-Optimizer-2.8/Files/dccmd.exe
.exe windows:5 windows x86 arch:x86

3018f4ef42291b43f6b5720041cfe4c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetCommandLineA
CreateProcessA
GetLastError
SetStdHandle
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleW
ExitProcess
HeapFree
HeapSetInformation
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetLocaleInfoW
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
GetUserDefaultLCID
GetLocaleInfoA
CreateFileW

user32

ChangeDisplaySettingsExA
PostMessageA
EnumDisplayDevicesA
EnumDisplaySettingsA

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/libiconv2.dll
.dll windows:4 windows x86 arch:x86

ed8758776691be3ae1f6411e68b51715

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetACP
GetAtomNameA
GetModuleFileNameA
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte

msvcrt

_strdup
__dllonexit
__lc_codepage
__mb_cur_max
_assert
_errno
abort
fflush
free
malloc
memcpy
memset
qsort
sprintf
strchr
strcmp
strcpy
strncmp

Exports

Exports

DllGetVersion
_libiconv_version
aliases2_lookup
aliases_lookup
iconv_canonicalize
libiconv
libiconv_close
libiconv_open
libiconv_relocate
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 883KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 656B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 393B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/libintl3.dll
.dll windows:4 windows x86 arch:x86

11d4cea984db7aee4eb18d2031242a3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libiconv2

libiconv
libiconv_close
libiconv_open
libiconv_set_relocation_prefix

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

AddAtomA
AreFileApisANSI
CloseHandle
CreateDirectoryA
CreateFileA
DeviceIoControl
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetACP
GetAtomNameA
GetCurrentDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadLocale
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationA
HeapAlloc
HeapFree
LoadLibraryA
MultiByteToWideChar
PeekNamedPipe
SearchPathA
SetErrorMode
UnlockFile
lstrcmpiA
lstrcpyA

msvcrt

_chmod
_close
_getpid
_open
_read
_strdup
_stricmp
__dllonexit
__mb_cur_max
_assert
_close
_errno
_fdopen
_filelengthi64
_flsbuf
_get_osfhandle
_getcwd
_iob
_isctype
_open
_pctype
_snprintf
_snwprintf
_stricmp
_vsnprintf
_vsnwprintf
abort
calloc
ctime
fclose
fflush
fgets
fopen
fprintf
fputwc
free
fwrite
getenv
isalpha
malloc
memcpy
printf
realloc
setlocale
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtoul
tolower
toupper
vfprintf
vfwprintf
vsprintf
wcschr

ole32

CoCreateInstance
CoUninitialize
OleInitialize

Exports

Exports

DllGetVersion
_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_language
_nl_find_msg
_nl_free_domain_conv
_nl_init_domain_conv
_nl_language_preferences_default
_nl_load_domain
_nl_locale_name
_nl_locale_name_default
_nl_locale_name_posix
_nl_log_untranslated
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_asprintf
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_fwprintf
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_printf
libintl_relocate
libintl_set_relocation_prefix
libintl_snprintf
libintl_sprintf
libintl_swprintf
libintl_textdomain
libintl_vasnprintf
libintl_vasnwprintf
libintl_vasprintf
libintl_vfprintf
libintl_vfwprintf
libintl_vprintf
libintl_vsnprintf
libintl_vsprintf
libintl_vswprintf
libintl_vwprintf
libintl_wprintf
locale_charset
ngettext
st_flags
textdomain

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Hone-Optimizer-2.8/Files/nssm.exe
.exe windows:5 windows x64 arch:x64

e14388498639688dc750895bc5ef963a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathUnquoteSpacesW
PathFindExtensionW

kernel32

CreateThread
SetHandleInformation
CreatePipe
DuplicateHandle
GetCommandLineW
TlsAlloc
GetProcessTimes
OpenProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GenerateConsoleCtrlEvent
SetConsoleCtrlHandler
GetExitCodeProcess
Process32NextW
Process32FirstW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
DeleteCriticalSection
UnregisterWait
WaitForSingleObject
LeaveCriticalSection
SetWaitableTimer
EnterCriticalSection
ResumeThread
SetProcessAffinityMask
RegisterWaitForSingleObject
GetSystemTimeAsFileTime
CreateWaitableTimerW
InitializeCriticalSection
ReadFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapReAlloc
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetLastError
GetModuleFileNameA
RtlUnwindEx
GetFileInformationByHandle
Sleep
SystemTimeToFileTime
CloseHandle
CompareFileTime
FileTimeToSystemTime
MoveFileW
GetSystemTime
CreateFileW
SetFilePointer
SetEndOfFile
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
GetProcessAffinityMask
FindResourceExW
LoadResource
GetModuleHandleW
LocalFree
TlsGetValue
LocalAlloc
TlsSetValue
GetUserDefaultLangID
FormatMessageW
GetModuleFileNameW
CreateProcessW
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
AllocConsole
SetConsoleTitleW
GetStdHandle
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
GetConsoleWindow
GetCurrentProcessId
FreeConsole
GetProcessHeap
HeapAlloc
GetComputerNameW
HeapFree
GetLastError
GetCurrentThreadId
FlsFree
FlsSetValue
MultiByteToWideChar
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsAlloc

user32

EnumWindows
PostMessageW
GetSystemMetrics
LoadImageW
SetWindowLongPtrW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
GetWindowLongPtrW
SetFocus
ShowWindow
CheckRadioButton
SetWindowPos
SetDlgItemInt
SetDlgItemTextW
SendMessageW
GetDlgItemTextW
GetDlgItem
EnableWindow
GetDlgItemInt
SendDlgItemMessageW
GetWindowRect
GetDesktopWindow
MoveWindow
CreateDialogIndirectParamW
MessageBoxW
MessageBoxIndirectW
GetSystemMenu
EnableMenuItem
GetWindowThreadProcessId
PostThreadMessageW

comdlg32

GetOpenFileNameW

advapi32

CreateServiceW
StartServiceW
ControlService
SetServiceStatus
DeleteService
QueryServiceConfig2W
ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
GetServiceKeyNameW
EnumServicesStatusW
OpenSCManagerW
QueryServiceStatus
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteValueW
IsTextUnicode
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetServiceDisplayNameW
CloseServiceHandle
LsaEnumerateAccountRights
LsaAddAccountRights
FreeSid
LsaLookupSids
LsaClose
LsaLookupNames
LsaFreeMemory
IsValidSid
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
LsaOpenPolicy
LsaNtStatusToWinError
RegisterServiceCtrlHandlerExW

shell32

ShellExecuteExW

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/nvidiaProfileInspector.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/regex2.dll
.dll windows:4 windows x86 arch:x86

034666ac012e8ddbed7c20dac60b4b4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
__mb_cur_max
_assert
_errno
_isctype
_pctype
_stricmp
abort
calloc
fflush
free
getenv
malloc
memcpy
memmove
memset
realloc
strchr
tolower
toupper

Exports

Exports

DllGetVersion
re_comp
re_compile_fastmap
re_compile_pattern
re_exec
re_match
re_match_2
re_search
re_search_2
re_set_registers
re_set_syntax
re_syntax_options
regcomp
regerror
regexec
regfree

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 256B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/restart64.exe
.exe windows:5 windows x64 arch:x64

2a69fe822ced9bf301916c1307e497a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSize
HeapReAlloc
CompareStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
SetStdHandle
GetStringTypeW
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
WriteConsoleW
CreateFileW
IsWow64Process
GetModuleFileNameW
Sleep
CreateProcessW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetStartupInfoW
TerminateProcess
OpenProcess
GetCurrentProcess
QueryPerformanceCounter
GetFileType
SetHandleCount
LCMapStringW
EnterCriticalSection
GetLastError
HeapFree
HeapAlloc
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
DecodePointer
HeapSetInformation
GetVersion
HeapCreate
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FlushFileBuffers

user32

SetWindowPlacement
GetWindowRect
EnumWindows
GetWindowPlacement
SetWindowPos
ShowWindow
IsWindowVisible
SetForegroundWindow
DialogBoxParamW
OpenInputDesktop
FindWindowW
GetClientRect
CloseDesktop
EndDialog
FindWindowExW
MessageBoxW
UnregisterHotKey
RegisterHotKey
GetWindowThreadProcessId
GetShellWindow
PostMessageW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegRenameKey
RegDeleteTreeW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
CreateProcessWithTokenW
OpenProcessToken
RegSetValueExW

setupapi

SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hone-Optimizer-2.8/Files/sed.exe
.exe windows:4 windows x86 arch:x86

17b2d49607bc7137476eef019d4268cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libintl3

libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_ngettext
libintl_sprintf
libintl_textdomain
libintl_vfprintf

regex2

re_compile_pattern
re_search
re_set_syntax

kernel32

CopyFileA
ExitProcess
FlushFileBuffers
GetACP
GetFileSize
GetLastError
GetSystemTimeAsFileTime
MoveFileExA
SetFilePointer
SetUnhandledExceptionFilter
WriteFile

msvcrt

_getpid
_open
_umask
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_access
_assert
_cexit
_chmod
_errno
_fdopen
_filbuf
_filelengthi64
_flsbuf
_fstati64
_get_osfhandle
_iob
_isatty
_isctype
_mkdir
_onexit
_osver
_pclose
_pctype
_popen
_setmode
_stati64
_unlink
abort
atexit
calloc
clearerr
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fread
free
fseek
fsetpos
fwrite
getenv
iswctype
malloc
memchr
memcpy
memmove
memset
realloc
rewind
setlocale
signal
strchr
strcmp
strcpy
strerror
strncmp
strncpy
strrchr
strtoul
toupper
towlower
towupper
ungetc

msvcp60

btowc
mbrtowc
wcrtomb
wctob

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Hone-Optimizer-2.8/Hone-Optimizer.exe
.exe windows:5 windows x64 arch:x64

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
loader-o.pyc
Hone-Optimizer-2.8/LICENSE
Hone-Optimizer-2.8/README.md

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 280KB

UPX1 Size: 195KB - Virtual size: 196KB

.rsrc Size: 30KB - Virtual size: 32KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

a2:43:2c:58:81:d6:5f:6a:71:46:96:3b:2c:43:f5:a4Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

a0:94:7d:9b:12:80:f6:b1:1d:1d:77:b3:95:1b:f8:d9:e2:de:eb:38:c1:9f:c3:28:b3:6f:5d:ef:58:ef:8f:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 12B

ede74345354aaddd93e9ce5d8e8b1431

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

e2:6c:75:f3:b8:e8:f8:7e:b4:72:02:66:a5:5e:d6:e0:8d:ea:9d:74Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 147KB - Virtual size: 146KB

.reloc Size: 512B - Virtual size: 12B

16026b739637a8b250930b6e8e3c054c

Headers

DLL Characteristics

UPX0
Size: - Virtual size: 280KB

UPX1
Size: 195KB - Virtual size: 196KB

.rsrc
Size: 30KB - Virtual size: 32KB

a2:43:2c:58:81:d6:5f:6a:71:46:96:3b:2c:43:f5:a4
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

a0:94:7d:9b:12:80:f6:b1:1d:1d:77:b3:95:1b:f8:d9:e2:de:eb:38:c1:9f:c3:28:b3:6f:5d:ef:58:ef:8f:4d
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

e2:6c:75:f3:b8:e8:f8:7e:b4:72:02:66:a5:5e:d6:e0:8d:ea:9d:74
Signer

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 147KB - Virtual size: 146KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 805KB - Virtual size: 805KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 62KB - Virtual size: 65KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 361KB - Virtual size: 361KB

.rdata
Size: 117KB - Virtual size: 117KB