b44c6df65b2d7634c7d2b3b8829a7418_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b44c6df65b2d7634c7d2b3b8829a7418_JaffaCakes118
Size

1.9MB
MD5

b44c6df65b2d7634c7d2b3b8829a7418
SHA1

f93dfb17a982d31f7748ec3b05728e0a2fa41067
SHA256

b06aa57ded7d5adf78f92496fc95f0751ff1b6528beec45d1caa59795b09f11a
SHA512

cd2d38b3bf2ccb466f87742121f4f5a144be706b2366aa44ab6b2d21b24fc501275eaa5d31bace57c3de4c3f0cdaa0c9a9372fc3ebb93042318bc5974ef6509a
SSDEEP

49152:UOpJWKlSxX/pS6Wvm7w2Q2yNOnXnnIO1r3XSX4KA:UEUKlSJPWvm7VQ2yNWX1rHSXbA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ggsec.dll	upx

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
b44c6df65b2d7634c7d2b3b8829a7418_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/AESocket.dll
unpack001/CS15Hook.dll
unpack001/CommonLib.dll
unpack001/CrashSender.exe
unpack001/FPSHook.dll
unpack001/GarenaSkin.dll
unpack001/GarenaSkin1.dll
unpack001/GarenaSkin2.dll
unpack001/GarenaTVHook.dll
unpack001/GarenaTV_UI.dll
unpack001/Inject.dll
unpack001/L4DSocket.dll
unpack001/PluginKernel.dll
unpack001/SocketHook.dll
unpack001/Update.exe
unpack001/War3Hook.dll
unpack001/YYFileSystem.dll
unpack001/atl71.dll
unpack001/safeapi.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

b44c6df65b2d7634c7d2b3b8829a7418_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
AESocket.dll
.dll windows:4 windows x86 arch:x86

d19de0d004578cc7ea30566b2d8394d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
DisableThreadLibraryCalls
GetCurrentProcess
WaitForSingleObject
SetEvent
CloseHandle
OpenEventW
GetModuleFileNameW
OpenFileMappingA
UnmapViewOfFile
GetLastError
MapViewOfFile
GetCurrentThread
GetTickCount
LoadLibraryW
FreeLibrary
GetProcAddress
ResumeThread
CreateProcessA
CreateProcessW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
WriteFile
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
VirtualProtect
VirtualAlloc
GetCurrentThreadId
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA

ws2_32

bind
recvfrom
WSARecvFrom
sendto
WSASendTo
WSAGetLastError
connect
accept
getpeername
htons
htonl
ntohl
ntohs
getsockopt
gethostbyname
gethostname
WSAIoctl
inet_ntoa

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CS15Hook.dll
.dll windows:4 windows x86 arch:x86

1040fa5da89612fa22cc7ed3c6306dbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
DeleteCriticalSection
EnterCriticalSection
CloseHandle
GetModuleFileNameW
WideCharToMultiByte
OutputDebugStringW
GetLastError
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
GetCurrentThread
FreeLibrary
ResumeThread
CreateProcessA
CreateProcessW
LoadLibraryW
GetProcAddress
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InterlockedCompareExchange
MultiByteToWideChar
VirtualQuery
VirtualProtect
VirtualAlloc
GetCurrentThreadId
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
SetLastError
GetSystemTimeAsFileTime
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
RtlUnwind
RaiseException
GetModuleHandleA
ExitProcess
ReadFile
GetTimeZoneInformation
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA

ws2_32

WSASendTo
WSASetLastError
WSAGetLastError
bind
recvfrom
WSARecvFrom
sendto
connect
WSARecv
send
accept
getpeername
htonl
htons
ntohs
getsockopt
inet_ntoa
gethostbyname
gethostname

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CommonLib.dll
.dll windows:4 windows x86 arch:x86

9763997563cf7d906063a7fbb8c9b1f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

v:\Common\CommonLib\Release\CommonLib.pdb

Imports

kernel32

GetLastError
CreateDirectoryW
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WideCharToMultiByte
CloseHandle
CreateFileW
lstrlenW
lstrcpyW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
LoadLibraryA
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

shlwapi

PathFileExistsW
HashData

Exports

Exports

??0CLocationInfo@Exception@Common@@QAE@ABV012@@Z
??0CLocationInfo@Exception@Common@@QAE@PB_W0H@Z
??0CLocationInfo@Exception@Common@@QAE@XZ
??0CMyBuffer@Buffer@Common@@QAE@XZ
??0CMyStringA@Buffer@Common@@QAE@XZ
??0CMyStringW@Buffer@Common@@QAE@XZ
??0CRunTimeException@Exception@Common@@QAE@ABV012@@Z
??0CRunTimeException@Exception@Common@@QAE@PBVCLocationInfo@12@PBDK@Z
??0CRunTimeException@Exception@Common@@QAE@PBVCLocationInfo@12@PB_WK@Z
??1CLocationInfo@Exception@Common@@QAE@XZ
??1CMyBuffer@Buffer@Common@@QAE@XZ
??1CMyStringA@Buffer@Common@@QAE@XZ
??1CMyStringW@Buffer@Common@@QAE@XZ
??1CRunTimeException@Exception@Common@@QAE@XZ
??4CLocationInfo@Exception@Common@@QAEAAV012@ABV012@@Z
??4CRunTimeException@Exception@Common@@QAEAAV012@ABV012@@Z
?Attach@CMyBuffer@Buffer@Common@@QAEXPBDH@Z
?Attach@CMyStringA@Buffer@Common@@QAEXPBD@Z
?Attach@CMyStringW@Buffer@Common@@QAEXPB_W@Z
?GetAppFolder@Path@Common@@YA?BHPAVCMyStringW@Buffer@2@@Z
?GetDataLength@CMyBuffer@Buffer@Common@@QBEHXZ
?GetErrorCode@CRunTimeException@Exception@Common@@QBEKXZ
?GetErrorMessage@CRunTimeException@Exception@Common@@QBEPB_WXZ
?GetModuleFolder@Path@Common@@YA?BHPAUHINSTANCE__@@PAVCMyStringW@Buffer@2@@Z
?GetSource@CRunTimeException@Exception@Common@@QBEPB_WXZ
?HashData@Data@Common@@YAKPBDHK@Z
?IsDirectoryExists@Path@Common@@YAHPB_W@Z
?IsFileExists@Path@Common@@YAHPB_W@Z
?MakeSureDirectoryPathExists@Path@Common@@YAHPB_W@Z
?ToArray@CMyBuffer@Buffer@Common@@QBEPBDXZ
?ToString@CLocationInfo@Exception@Common@@QBEPB_WXZ
?UnicodeToUtf8@Convert@Common@@YAXPB_WPAVCMyStringA@Buffer@2@@Z
?Utf8ToUnicode@Convert@Common@@YAXPBDPAVCMyStringW@Buffer@2@@Z
?c_str@CMyStringA@Buffer@Common@@QBEPBDXZ
?c_str@CMyStringW@Buffer@Common@@QBEPB_WXZ

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrashSender.exe
.exe windows:5 windows x86 arch:x86

0e0a8fd2d6147edb1c1b0ec22f914366

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoW
InternetSetOptionW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW

kernel32

EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetModuleFileNameW
lstrlenW
GetLastError
InitializeCriticalSection
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
WideCharToMultiByte
GetTickCount
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcess
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointer
ReadFile
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
FlushInstructionCache
DeleteCriticalSection
RaiseException
GetCurrentThreadId
SetLastError
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
HeapSize
HeapReAlloc
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
GetSystemDefaultLCID
GetFileAttributesExW
CreateFileW
CloseHandle
TerminateThread
HeapAlloc
GetProcessHeap
GetVersionExW
GetProcAddress
InterlockedCompareExchange
HeapFree
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
Sleep
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
ExitThread
CreateThread
LCMapStringA

user32

UnregisterClassA
LoadStringW
DefWindowProcW
CreateDialogParamW
GetDlgItem
KillTimer
SetTimer
SetWindowTextW
EndDialog
GetParent
GetWindow
GetWindowRect
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsDialogMessageW
SendMessageW
DialogBoxParamW
PostQuitMessage
GetActiveWindow
GetSystemMetrics
LoadImageW
CharNextW
SetWindowLongW
ShowWindow
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoTaskMemRealloc
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FPSHook.dll
.dll windows:5 windows x86 arch:x86

75461bf87660ee2aff3bd2b6352dbf24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\GG\client_plugins\Release\FPSHook.pdb

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
HeapAlloc
HeapFree
GetModuleHandleW
VirtualFree
GetProcessHeap
LoadLibraryW
Sleep
lstrcatA
SetThreadPriority
lstrcmpiA
GetProcAddress
VirtualAlloc
OpenFileMappingW
VirtualProtect
CloseHandle
ResumeThread
CreateThread
lstrcpyA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetLastError
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
WriteFile
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount

user32

wsprintfA
PostMessageW

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GGICON.ico
Gamecn.dat
Gameen.dat
Gametw.dat
Gamevn.dat
Garena.dat
Garena.exe
.exe windows:4 windows x86 arch:x86

6817e87c8c2ac9726889af89ff6de4fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:df:ab:ea:92:d2:96:12:ea:53:6f:d1:49:bb:3f:ae
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/11/2010, 00:00

Not After

03/11/2011, 23:59

Subject

CN=Garena Online Pte Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Garena Online Pte Ltd,L=Singapore,ST=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:a0:c0:7d:09:d0:a2:54:02:8b:27:5a:d6:5b:1d:97:c4:44:14:26
Signer

Actual PE Digest

a5:a0:c0:7d:09:d0:a2:54:02:8b:27:5a:d6:5b:1d:97:c4:44:14:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\NetworkLib\Garena\platform\old\garena_client\bin\Garena.pdb

Imports

sqlite3

sqlite3_column_type
sqlite3_reset
sqlite3_column_name16
sqlite3_column_text16
sqlite3_bind_text16
sqlite3_changes
sqlite3_step
sqlite3_finalize
sqlite3_prepare16
sqlite3_close
sqlite3_open16
sqlite3_errmsg16
sqlite3_free
sqlite3_column_count
sqlite3_busy_timeout
sqlite3_last_insert_rowid

inject

InjectCode

ggsec

ord3

kernel32

HeapReAlloc
SetFilePointer
SystemTimeToFileTime
GetFileAttributesW
LocalFileTimeToFileTime
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
WriteFile
FileTimeToSystemTime
GetFileInformationByHandle
lstrcmpiA
ExitProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
IsBadReadPtr
SetEnvironmentVariableA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CompareStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
HeapFree
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
HeapCreate
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetVersionExA
GetProcessHeap
HeapAlloc
DuplicateHandle
CreateSemaphoreA
ReleaseSemaphore
lstrcpynW
CreateMutexW
CreateFileMappingA
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetHandleCount
InterlockedIncrement
MulDiv
lstrcmpW
GetLastError
DeleteCriticalSection
CompareStringW
lstrlenW
FlushInstructionCache
GetCurrentProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
lstrcmpiW
SetLastError
WideCharToMultiByte
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrcpyW
MultiByteToWideChar
lstrlenA
ResumeThread
SetThreadPriority
CloseHandle
Sleep
GetTickCount
GetProcAddress
FreeLibrary
LoadLibraryW
GetModuleHandleW
CreateFileW
ReadFile
GetFileSize
GetLocalTime
GetVersionExW
CreateThread
LoadLibraryExW
TerminateProcess
CreateProcessW
SetCurrentDirectoryW
CreateEventA
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeCriticalSection
OpenMutexW
TerminateThread
GetExitCodeThread
GetModuleFileNameW

user32

ScreenToClient
FindWindowW
SetActiveWindow
DrawIconEx
UnregisterClassA
SendMessageW
DestroyWindow
SetWindowLongW
CreateWindowExW
GetWindowLongW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetMenu
SetWindowPos
GetWindowRect
GetClientRect
SetFocus
IsMenu
DestroyIcon
LoadIconW
OffsetRect
ChildWindowFromPoint
IsRectEmpty
SetRect
GetUpdateRect
EnumChildWindows
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetKeyState
RemoveMenu
TrackPopupMenu
GetScrollInfo
SetScrollPos
SetMenuDefaultItem
GetMenuItemInfoW
PostQuitMessage
MessageBoxW
SetMenuItemInfoW
GetWindowDC
GetSystemMetrics
DrawEdge
PostMessageW
CheckMenuItem
GetClassInfoW
RegisterClassW
CopyRect
SetRectEmpty
FindWindowExW
EndPaint
IntersectRect
BringWindowToTop
SwitchToThisWindow
GetForegroundWindow
FlashWindow
EnableWindow
IsZoomed
DestroyCursor
PeekMessageW
TranslateMessage
DispatchMessageW
CheckDlgButton
GetParent
GetMessageW
LoadImageW
GetSysColorBrush
IsDialogMessageW
GetMessagePos
GetActiveWindow
wsprintfW
GetDlgItem
AdjustWindowRectEx
IsWindow
MapWindowPoints
SystemParametersInfoW
GetWindow
DrawTextW
ShowWindow
CharNextW
DefWindowProcW
BeginPaint
PtInRect
GetDC
ReleaseDC
ReleaseCapture
GetCapture
ClientToScreen
SetCapture
UpdateWindow
InvalidateRect
GetDlgCtrlID
CallWindowProcW
SetCursor
GetCursorPos
LoadCursorW
GetClassNameW
CreateDialogParamW
SetForegroundWindow
IsIconic
EndDialog
SetDlgItemTextW
MessageBeep
IsWindowVisible
GetClassInfoExW
RegisterClassExW
RegisterWindowMessageW
GetSysColor
MoveWindow
InvalidateRgn
RedrawWindow
IsChild
FillRect
DialogBoxParamW
KillTimer
SetTimer
GetSubMenu
EnableMenuItem
AppendMenuW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
CreatePopupMenu
GetDesktopWindow
DestroyAcceleratorTable
GetFocus
CreateAcceleratorTableW
GetDlgItemInt
SetDlgItemInt
SetWindowRgn
WindowFromPoint

gdi32

CreateCompatibleBitmap
GetDIBits
CreateDIBitmap
SetPixel
GetPixel
SelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
CreateBitmap
CreatePatternBrush
PatBlt
SetBkColor
ExtTextOutW
CreateDCW
SetViewportOrgEx
Polygon
CreatePen
SetTextColor
SetBkMode
RestoreDC
SaveDC
CreateRectRgn
CombineRgn
GetDeviceCaps
BitBlt
CreateSolidBrush
StretchBlt
CreateCompatibleDC
GetStockObject
CreateFontIndirectW
DeleteDC
GetObjectW
DeleteObject
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

Shell_NotifyIconW
ShellExecuteW

ole32

OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CLSIDFromString
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VarDateFromStr
VarI4FromStr
VarR8FromStr
VarDecFromStr
VarDecCmp
VarUI4FromStr
SafeArrayCreateVector
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreate
OleLoadPicture

shlwapi

PathFindFileNameW
PathRemoveExtensionW

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_Create
ImageList_AddMasked
InitCommonControlsEx
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_GetIcon
ImageList_Add
ImageList_ReplaceIcon
PropertySheetW
_TrackMouseEvent

msimg32

TransparentBlt

pluginkernel

ord1
ord3

commonlib

?IsFileExists@Path@Common@@YAHPB_W@Z
ord6
?MakeSureDirectoryPathExists@Path@Common@@YAHPB_W@Z
?GetErrorMessage@CRunTimeException@Exception@Common@@QBEPB_WXZ
?GetErrorCode@CRunTimeException@Exception@Common@@QBEKXZ
??0CRunTimeException@Exception@Common@@QAE@PBVCLocationInfo@12@PBDK@Z
??1CLocationInfo@Exception@Common@@QAE@XZ
??0CRunTimeException@Exception@Common@@QAE@PBVCLocationInfo@12@PB_WK@Z
??0CLocationInfo@Exception@Common@@QAE@PB_W0H@Z
??1CRunTimeException@Exception@Common@@QAE@XZ
??0CRunTimeException@Exception@Common@@QAE@ABV012@@Z
??1CMyBuffer@Buffer@Common@@QAE@XZ
?ToArray@CMyBuffer@Buffer@Common@@QBEPBDXZ
?GetDataLength@CMyBuffer@Buffer@Common@@QBEHXZ
??0CMyBuffer@Buffer@Common@@QAE@XZ
ord1
?GetSource@CRunTimeException@Exception@Common@@QBEPB_WXZ
ord2
?HashData@Data@Common@@YAKPBDHK@Z

ws2_32

recvfrom
sendto
getpeername
listen
accept
bind
socket
ntohs
getsockname
recv
send
closesocket
connect
inet_addr
gethostname
htonl
inet_ntoa
gethostbyname
htons
WSACleanup
WSAStartup
ntohl
WSAGetLastError

garenaskin1

_InstallSkin@0
_GetColor@4
_GetSkinFont@4
_GetImage@8
_GetGameIcon@12
_UninstallSkin@0
_GetImageFromSkin@4
_SetSkinPath@4
_TrackSkinPopupMenu@20

wininet

InternetReadFile
InternetWriteFile
HttpSendRequestW
HttpSendRequestExW
HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
InternetOpenW
InternetSetOptionW
InternetGetLastResponseInfoW
InternetCrackUrlW
InternetCloseHandle

winmm

sndPlaySoundW

Exports

Exports

AddGame
AddMidPanel
CalcEValue
CanAccess
CurrentRoomDisplaySystemInfo
GGTVNewGame
GetCurrentRoomInfo
GetGamePathByGameId
GetIdByName
GetLocation
GetMyInfo
GetMyUserType
GetRoomType
GetService
GetStringById
GetUILanguage
GetUIObject
GetWnd
LaunchGame
MyMessageBox
NotifyTrayMsg
RegisterUIEvent
SendToMainServer
SendToRoomServer
SendToUser
SetUserGamingStatus
ShowGameSettingDlg
ShowMidPanel

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Garena_A
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GarenaSkin.dll
.dll windows:4 windows x86 arch:x86

7b9c92837b1e3edbe72847ae0983b21c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\TestApp\bin\innerrelease\GarenaSkin.pdb

Imports

kernel32

CloseHandle
LocalFileTimeToFileTime
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
HeapCreate
GetModuleFileNameA
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
SystemTimeToFileTime
GetCurrentDirectoryW
SetFilePointer
lstrcpyW
CreateFileW
ReadFile
WriteFile
EnterCriticalSection
SetLastError
RaiseException
LeaveCriticalSection
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
lstrcmpiW
GetLastError
GlobalFree
GlobalLock
GetProcessHeap
HeapSize
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
GetACP
HeapReAlloc
HeapFree
HeapDestroy
HeapAlloc

user32

LoadCursorW
GetClassInfoExW
RegisterClassExW
CallMsgFilterW
GetMessageW
GetSystemMenu
GetMenuStringW
IsIconic
IsZoomed
GetCursorPos
SetWindowRgn
AdjustWindowRectEx
GetMenu
DrawIconEx
PtInRect
InvalidateRect
PostMessageW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
EnableWindow
GetScrollInfo
SetScrollInfo
ShowWindow
SetRectEmpty
GetClassNameW
GetClientRect
GetComboBoxInfo
DrawIcon
DestroyWindow
GetDC
IsWindow
TrackMouseEvent
SetWindowPos
EndPaint
BeginPaint
GetWindowTextLengthW
GetWindowTextW
GetIconInfo
CopyRect
GetDlgCtrlID
GetParent
CreateWindowExW
ScreenToClient
ReleaseCapture
SetFocus
SetCapture
IsWindowVisible
DrawTextW
GetSystemMetrics
SetRect
GetWindowDC
GetWindowRect
OffsetRect
ReleaseDC
DefWindowProcW
SendMessageW
GetWindowLongW
SetWindowLongW
CallWindowProcW
IsMenu
RegisterWindowMessageW
TrackPopupMenu
UnregisterClassA

gdi32

CombineRgn
CreateRectRgn
CreateDIBitmap
ExcludeClipRect
GetTextMetricsW
CreateSolidBrush
SetTextColor
SetBkMode
RestoreDC
SaveDC
SetViewportOrgEx
ExtCreateRegion
GetPixel
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
BitBlt
CreateFontIndirectW
DeleteObject
StretchBlt

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

Exports

Exports

_GetColor@4
_GetImageFromSkin@4
_InstallSkin@0
_SetSkinPath@4
_TrackSkinPopupMenu@20
_UninstallSkin@0

Sections

.text
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GarenaSkin1.dll
.dll windows:4 windows x86 arch:x86

258919a6008fbb6950d9201d3a038091

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\NetworkLib\Garena\trunk\client_libraries\Bin\GarenaSkin1.pdb

Imports

kernel32

CreateFileW
SetFilePointer
GetCurrentDirectoryW
SystemTimeToFileTime
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
ReadFile
WriteFile
LocalFileTimeToFileTime
CloseHandle
LeaveCriticalSection
EnterCriticalSection
SetLastError
RaiseException
lstrlenW
lstrcmpW
GetCurrentThreadId
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
lstrcmpiW
FlushInstructionCache
VirtualFree
IsProcessorFeaturePresent
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
lstrcpyW
LoadLibraryA
GetProcAddress
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
GetLastError

user32

LoadCursorW
GetClassInfoExW
RegisterClassExW
FillRect
GetMenu
AdjustWindowRectEx
DrawIconEx
PtInRect
InvalidateRect
PostMessageW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
EnableWindow
GetScrollInfo
SetScrollInfo
ShowWindow
SetRectEmpty
GetClientRect
GetComboBoxInfo
CopyRect
GetDlgCtrlID
CreateWindowExW
IsWindow
ReleaseCapture
SetFocus
SetCapture
DestroyWindow
IsWindowVisible
DrawTextW
TrackMouseEvent
DrawIcon
SetWindowPos
EndPaint
GetClassNameW
BeginPaint
GetParent
GetWindowTextLengthW
GetWindowTextW
GetIconInfo
GetSystemMetrics
OffsetRect
ReleaseDC
GetWindowDC
GetWindowRect
GetWindow
GetTopWindow
DefWindowProcW
CallWindowProcW
IsMenu
GetWindowLongW
SetWindowLongW
SendMessageW
GetDC
GetDesktopWindow
RegisterWindowMessageW
TrackPopupMenu
UnregisterClassA
ScreenToClient

gdi32

CreateCompatibleDC
ExcludeClipRect
GetTextMetricsW
CreateSolidBrush
SetViewportOrgEx
SetTextColor
SetBkMode
RestoreDC
SaveDC
StretchBlt
BitBlt
ExtTextOutW
SelectObject
SetBkColor
CreateDIBSection
DeleteDC
CreateCompatibleBitmap
CreateFontIndirectW
DeleteObject
CreateDIBitmap

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

Exports

Exports

_GetColor2@8
_GetColor@4
_GetGameIcon@12
_GetImage@8
_GetImageFromSkin2@8
_GetImageFromSkin@4
_GetSkinFont@4
_InstallSkin2@8
_InstallSkin@0
_RemoveSkin@4
_SetSkinPath@4
_TrackSkinPopupMenu@20
_UninstallSkin2@4
_UninstallSkin@0

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GarenaSkin2.dll
.dll windows:4 windows x86 arch:x86

258919a6008fbb6950d9201d3a038091

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\NetworkLib\Garena\trunk\client_libraries\Bin\GarenaSkin2.pdb

Imports

kernel32

CreateFileW
SetFilePointer
GetCurrentDirectoryW
SystemTimeToFileTime
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
ReadFile
WriteFile
LocalFileTimeToFileTime
CloseHandle
LeaveCriticalSection
EnterCriticalSection
SetLastError
RaiseException
lstrlenW
lstrcmpW
GetCurrentThreadId
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
lstrcmpiW
FlushInstructionCache
VirtualFree
IsProcessorFeaturePresent
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
lstrcpyW
LoadLibraryA
GetProcAddress
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
GetLastError

user32

LoadCursorW
GetClassInfoExW
RegisterClassExW
FillRect
GetMenu
AdjustWindowRectEx
DrawIconEx
PtInRect
InvalidateRect
PostMessageW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
EnableWindow
GetScrollInfo
SetScrollInfo
ShowWindow
SetRectEmpty
GetClientRect
GetComboBoxInfo
CopyRect
GetDlgCtrlID
CreateWindowExW
IsWindow
ReleaseCapture
SetFocus
SetCapture
DestroyWindow
IsWindowVisible
DrawTextW
TrackMouseEvent
DrawIcon
SetWindowPos
EndPaint
GetClassNameW
BeginPaint
GetParent
GetWindowTextLengthW
GetWindowTextW
GetIconInfo
GetSystemMetrics
OffsetRect
ReleaseDC
GetWindowDC
GetWindowRect
GetWindow
GetTopWindow
DefWindowProcW
CallWindowProcW
IsMenu
GetWindowLongW
SetWindowLongW
SendMessageW
GetDC
GetDesktopWindow
RegisterWindowMessageW
TrackPopupMenu
UnregisterClassA
ScreenToClient

gdi32

CreateCompatibleDC
ExcludeClipRect
GetTextMetricsW
CreateSolidBrush
SetViewportOrgEx
SetTextColor
SetBkMode
RestoreDC
SaveDC
StretchBlt
BitBlt
ExtTextOutW
SelectObject
SetBkColor
CreateDIBSection
DeleteDC
CreateCompatibleBitmap
CreateFontIndirectW
DeleteObject
CreateDIBitmap

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

Exports

Exports

_GetColor2@8
_GetColor@4
_GetGameIcon@12
_GetImage@8
_GetImageFromSkin2@8
_GetImageFromSkin@4
_GetSkinFont@4
_InstallSkin2@8
_InstallSkin@0
_RemoveSkin@4
_SetSkinPath@4
_TrackSkinPopupMenu@20
_UninstallSkin2@4
_UninstallSkin@0

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GarenaTV.xml
.xml
GarenaTVHook.dll
.dll windows:4 windows x86 arch:x86

930a3e550691d71e620afa22f1fad2a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\GG\ggtv_app\GarenaTV\release\GarenaTVHook.pdb

Imports

user32

UnhookWindowsHookEx
PostMessageW
GetWindowThreadProcessId
CallNextHookEx
SetWindowsHookExW

kernel32

HeapDestroy
LCMapStringW
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA

Exports

Exports

InstallHook
RemoveHook

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HOOKDAT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GarenaTV_UI.dll
.dll windows:5 windows x86 arch:x86

8b9c32e53642706195bf0a559bae6131

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\GG\client_plugins\Release\GarenaTV_UI.pdb

Imports

kernel32

lstrcmpiA
GetTickCount
FlushFileBuffers
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetModuleHandleA
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
IsValidCodePage
WaitForSingleObject
GetACP
VirtualProtectEx
GetTimeZoneInformation
ExitProcess
HeapSize
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
lstrlenA
RtlUnwind
GetCommandLineA
GetDateFormatA
GetTimeFormatA
CreateThread
GetLastError
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
VirtualAlloc
VirtualFree
GlobalFree
GlobalAlloc
lstrcatW
OpenProcess
Process32NextW
Module32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
lstrlenW
lstrcmpiW
RaiseException
SetLastError
lstrcpyW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetModuleHandleW
FreeLibrary
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSection
Sleep
MultiByteToWideChar
GetProcAddress
LoadLibraryW
CreateFileW
SetEndOfFile
GetFileSize
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapAlloc
GetModuleFileNameW
lstrcmpW
lstrcpynW
lstrcpynA
WriteProcessMemory
GetStdHandle
ReadProcessMemory
TerminateThread
lstrcpyA
lstrcmpA
HeapReAlloc
SetFilePointer
ReadFile
WriteFile
WideCharToMultiByte
GetCPInfo
CloseHandle
HeapFree
GetOEMCP

user32

SetWindowRgn
GetWindowDC
ReleaseDC
DrawTextW
MoveWindow
GetCursorPos
GetClientRect
GetWindowTextLengthW
SendMessageW
ScreenToClient
ClientToScreen
GetParent
GetActiveWindow
GetClassInfoExW
RegisterClassExW
DialogBoxParamW
TrackMouseEvent
CreateDialogParamW
ShowWindow
CallWindowProcW
DefWindowProcW
SetCursor
LoadCursorW
GetWindowLongW
SetWindowLongW
SetWindowPos
SetTimer
InvalidateRect
KillTimer
MessageBoxW
wsprintfW
PostMessageW
RegisterWindowMessageW
InflateRect
CreateWindowExW
SetForegroundWindow
FindWindowW
InvalidateRgn
GetSystemMetrics
DestroyIcon
LoadIconW
EnableWindow
UnregisterClassA
SetLayeredWindowAttributes
RemoveMenu
AppendMenuW
EndDialog
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
AdjustWindowRectEx
CopyRect
SetFocus
wsprintfA
GetWindowTextW
SetWindowTextW
BringWindowToTop
CreatePopupMenu
IsDialogMessageW
GetDlgItem
ReleaseCapture
SetCapture
GetMessagePos
PtInRect
GetWindowRect
GetCapture
DestroyMenu
DestroyWindow

gdi32

CreateCompatibleDC
SelectObject
CreateRoundRectRgn
CreatePolygonRgn
CreatePatternBrush
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
GetDIBits
StretchBlt
BitBlt
GetTextExtentPointW
Polygon
GetStockObject
CreateFontIndirectW
GetObjectW
DeleteObject
CombineRgn
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
CreateFontW

comdlg32

GetOpenFileNameW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

Shell_NotifyIconW
ShellExecuteW

garenatvhook

ord1
ord2

shlwapi

StrToIntA
PathRemoveExtensionW
PathFindFileNameW
StrCmpNIW
StrCSpnA
StrCmpNA
StrCmpNW
StrCmpNIA
PathRemoveFileSpecW
PathFileExistsW

ws2_32

closesocket
recvfrom
sendto
ioctlsocket
connect
htonl
select
WSAGetLastError
htons
ntohs
shutdown
setsockopt
recv
bind
socket
__WSAFDIsSet
send
listen
accept
inet_addr
getpeername
ntohl
gethostbyname

comctl32

ImageList_Create

msimg32

AlphaBlend

wininet

InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW

garenaskin1

_UninstallSkin2@4
_TrackSkinPopupMenu@20
_GetImageFromSkin@4
_GetImageFromSkin2@8
_InstallSkin2@8

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gn.ggz
Inject.dll
.dll windows:4 windows x86 arch:x86

c6fac98baceae40e97f7fe1744c76f5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\InGG\NewClient\Trunk\projects\Inject\Release\Inject.pdb

Imports

kernel32

lstrlenW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

InjectCode

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
L4DSocket.dll
.dll windows:4 windows x86 arch:x86

c5b5a649d9aefe570d326b60f7e7fbf8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
TerminateProcess
GetCurrentProcess
WaitForSingleObject
SetEvent
CloseHandle
OpenEventW
GetModuleFileNameW
GetLastError
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetCurrentThread
LoadLibraryW
FreeLibrary
GetProcAddress
GetTickCount
ResumeThread
CreateProcessA
CreateProcessW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
LoadLibraryA
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode

ws2_32

bind
recvfrom
WSARecvFrom
sendto
WSASendTo
WSAGetLastError
ntohl
ntohs
getsockopt
connect
accept
getpeername
htons
htonl
inet_ntoa
WSAIoctl
gethostbyname
gethostname

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PluginKernel.dll
.dll windows:4 windows x86 arch:x86

0d9ed8a323a24cab42183f7eb588a764

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileW
LoadLibraryW
GetModuleFileNameW
FindClose
FindNextFileW
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
RaiseException
HeapAlloc
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
InitializeCriticalSection
InterlockedExchange
VirtualQuery
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
VirtualProtect
GetSystemInfo
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RecConfig.xml
Skins.xml
.xml
SocketHook.dll
.dll windows:4 windows x86 arch:x86

55cc66bd61551ce6d23f9ee96a62098c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
DisableThreadLibraryCalls
TerminateProcess
WaitForSingleObject
SetEvent
CloseHandle
OpenEventW
GetModuleFileNameW
OpenFileMappingA
UnmapViewOfFile
GetLastError
MapViewOfFile
GetCurrentThread
FreeLibrary
ResumeThread
CreateProcessA
CreateProcessW
LoadLibraryW
GetProcAddress
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA

ws2_32

recvfrom
WSARecvFrom
sendto
WSASendTo
WSASetLastError
WSAGetLastError
connect
accept
getpeername
htons
htonl
ntohl
ntohs
gethostbyname
inet_ntoa
gethostname

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Update.exe
.exe windows:4 windows x86 arch:x86

f0962847e385deaca76394d795fefbae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
CreateDirectoryW
WriteFile
CreateFileW
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
SetFileTime
GetFileSize
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
LoadResource
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
MoveFileExW
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetStringTypeW
GetStringTypeA
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
ResumeThread
TerminateThread
WaitForSingleObject
GetExitCodeThread
WideCharToMultiByte
FindResourceExW
LockResource
GetModuleFileNameW
SizeofResource
MultiByteToWideChar
FreeLibrary
SetLastError
CloseHandle
CompareStringW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
Sleep
InterlockedExchange
InterlockedCompareExchange
GetModuleHandleW
LoadLibraryExW
GetOEMCP
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FindResourceW
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetConsoleCP

user32

SetWindowPos
GetWindowRect
GetCapture
ReleaseCapture
CharNextW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
GetClientRect
ClientToScreen
SetCapture
PtInRect
SetRectEmpty
DestroyWindow
SendMessageW
SetWindowLongW
GetClassInfoW
LoadStringW
wsprintfW
GetSystemMetrics
LoadImageW
LoadBitmapW
PostQuitMessage
GetWindow
SystemParametersInfoW
MapWindowPoints
IsDialogMessageW
GetDlgItem
EnableWindow
PostMessageW
UnregisterClassA
RegisterClassW
MessageBoxW
GetClassNameW
LoadCursorW
CreateDialogParamW
OffsetRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetCursorPos
SetCursor
CallWindowProcW
IsWindow
GetDlgCtrlID
GetParent
SetFocus
InvalidateRect
UpdateWindow
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateWindowExW
GetWindowLongW
DrawTextW

gdi32

GetStockObject
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
CreateFontIndirectW
DeleteDC

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveExtensionW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

TransparentBlt

wininet

InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetCrackUrlW
InternetGetLastResponseInfoW
InternetReadFile
InternetOpenW
InternetConnectW

commonlib

ord1
?ToArray@CMyBuffer@Buffer@Common@@QBEPBDXZ
?GetDataLength@CMyBuffer@Buffer@Common@@QBEHXZ
??0CMyBuffer@Buffer@Common@@QAE@XZ
ord2
??1CMyBuffer@Buffer@Common@@QAE@XZ

garenaskin2

_SetSkinPath@4
_UninstallSkin@0
_InstallSkin@0

Sections

.text
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
War3Hook.dll
.dll windows:4 windows x86 arch:x86

84c6282fff898cc561946a8e7feb0672

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
DisableThreadLibraryCalls
GetCurrentProcess
WaitForSingleObject
SetEvent
CloseHandle
OpenEventW
GetModuleFileNameW
OpenFileMappingA
UnmapViewOfFile
GetLastError
MapViewOfFile
GetCurrentThread
GetTickCount
FreeLibrary
GetProcAddress
ResumeThread
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA

ws2_32

WSASetLastError
WSAGetLastError
recvfrom
WSARecvFrom
sendto
WSASendTo
connect
htons
htonl
ntohl
ntohs
gethostbyname
inet_ntoa
gethostname

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
YYFileSystem.dll
.dll windows:5 windows x86 arch:x86

e07f48095153d0e038099b8d719882cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\InGG\Demo\YYFileSystem\bin\Release\lib\YYFileSystem.pdb

Imports

kernel32

MultiByteToWideChar
GetLastError
HeapAlloc
GetProcessHeap
WideCharToMultiByte
HeapFree
CreateFileW
CloseHandle
GetFileSize
WriteFile
ReadFile
HeapReAlloc
SetFilePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStdHandle
GetModuleFileNameA
LCMapStringA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

pluginkernel

ord2

commonlib

?GetDataLength@CMyBuffer@Buffer@Common@@QBEHXZ
?ToArray@CMyBuffer@Buffer@Common@@QBEPBDXZ
ord1
??1CMyBuffer@Buffer@Common@@QAE@XZ
??0CMyBuffer@Buffer@Common@@QAE@XZ
ord2

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atl71.dll
.dll windows:4 windows x86 arch:x86

a0bd0cbc6c3c1f3095dd9342b630fcb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atl71.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
lstrlenW
lstrcpyW
GetLastError
DisableThreadLibraryCalls
GetVersionExA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
WaitForSingleObject
GlobalAlloc
FindResourceA
MulDiv
lstrcatW
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
lstrcmpW
SetLastError
GlobalFree
GlobalHandle
LockResource
lstrcmpA
GetModuleHandleA
GetTickCount
LocalAlloc
VirtualQuery
HeapFree
GetProcessHeap
InterlockedCompareExchange
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
ExitProcess
HeapSize
DebugBreak
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
lstrlenA
GetModuleFileNameA
RtlUnwind

shlwapi

PathFindExtensionW

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateControlLic
AtlAxCreateControlLicEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlCallTermFunc
AtlComModuleGetClassObject
AtlComModuleRegisterClassObjects
AtlComModuleRegisterServer
AtlComModuleRevokeClassObjects
AtlComModuleUnregisterServer
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateRegistrar
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlLoadTypeLib
AtlMarshalPtrInProc
AtlModuleAddTermFunc
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlRegisterTypeLib
AtlSetErrorInfo
AtlUnRegisterTypeLib
AtlUnadvise
AtlUnmarshalPtr
AtlUpdateRegistryFromResourceD
AtlWaitWithMessageLoop
AtlWinModuleAddCreateWndData
AtlWinModuleExtractCreateWndData
AtlWinModuleInit
AtlWinModuleRegisterClassExA
AtlWinModuleRegisterClassExW
AtlWinModuleRegisterWndClassInfoA
AtlWinModuleRegisterWndClassInfoW
AtlWinModuleTerm

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ggsec.dll
.dll windows:5 windows x86 arch:x86

9b44dbfc651cedc55085735c95d1b184

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:df:ab:ea:92:d2:96:12:ea:53:6f:d1:49:bb:3f:ae
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/11/2010, 00:00

Not After

03/11/2011, 23:59

Subject

CN=Garena Online Pte Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Garena Online Pte Ltd,L=Singapore,ST=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:e3:44:7e:5a:7f:86:a5:58:27:3d:13:28:57:d1:ad:48:37:80:39
Signer

Actual PE Digest

ea:e3:44:7e:5a:7f:86:a5:58:27:3d:13:28:57:d1:ad:48:37:80:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadCodePtr
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shell32

SHGetFolderPathW

wininet

InternetConnectW

Sections

.text
Size: - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hc.xml
.xml
langs.xml
mdata.ggz
.zip
newgame.ggz
.zip
onlinegame.ggz
.zip
roomCN.dat
roomEN.dat
roomTW.dat
safeapi.dll
.dll windows:5 windows x86 arch:x86

cd391c5814cad8d0c3f552d040c36b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\garena\dev\anti-hack\garena_safe\src\bin\freevm\safeapi.pdb

Imports

kernel32

DisableThreadLibraryCalls
GetModuleFileNameW
DeleteFileW
SetFileAttributesW
CreateFileW
CloseHandle
DeviceIoControl
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleHandleW
WriteFile
SetFilePointer
SizeofResource
LockResource
LoadResource
FindResourceW
LocalAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
GetCommandLineA
GetVersionExA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
GetModuleHandleA
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
Sleep
LoadLibraryExA
InitializeCriticalSection
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

Exports

Exports

GetModule

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data0
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 26KB - Virtual size: 25KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 320B

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 518B

d19de0d004578cc7ea30566b2d8394d5

Headers

File Characteristics

Imports

kernel32

ws2_32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 26KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 272KB - Virtual size: 271KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 436B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate