C:\Users\cinex\Desktop\FNRebrans\x64\Mod Hub\ExtinctionSlotted.pdb
Static task
static1
1 signatures
General
-
Target
ExtinctionFN.rar
-
Size
4.7MB
-
MD5
9db2650afbc2fb51130d4651a4a9d024
-
SHA1
3fc324c4a308eddf416617da55e9666bdaa534ed
-
SHA256
28f275aac22b3c4383958f37674af8d6e3005c20dc02f7a792811e1503c17190
-
SHA512
9bcad745d1a6fba3657484558894d7148d7da6e55cdb7a0ef10fdc29e7ef4ebf1a316fbcd1859b4995340784656213a719b3b30ee56dc3ac4280ce3ec11e9382
-
SSDEEP
98304:OHeiojzgAa1NsEp4EuQt8XFtAtGKAkCqTBCiA9KyXu748NC7NBdr5RZMl:2eJjygRQt8VtA0KAk/TAMMVuC7Df0
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/ExtinctionFN/ExtinctionSlotted.exe unpack001/ExtinctionFN/Fixing Driver/FixDriverError.exe
Files
-
ExtinctionFN.rar.rar
-
ExtinctionFN/ExtinctionSlotted.exe.exe windows:6 windows x64 arch:x64
226dd57ec1d18f092a377167e2d04480
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
VerSetConditionMask
kernel32
GetConsoleWindow
FlushConsoleInputBuffer
FindFirstFileW
CloseHandle
Process32FirstW
Process32Next
FindClose
DeleteFileA
Process32NextW
CreateDirectoryW
GetLastError
GlobalAddAtomA
GetCurrentDirectoryW
Sleep
CreateToolhelp32Snapshot
OpenProcess
GetLocaleInfoEx
InitializeSListHead
GetSystemTimeAsFileTime
GetFileAttributesExW
GetTickCount
CreateFileW
TerminateProcess
VirtualAlloc
DeviceIoControl
GetStdHandle
SetConsoleTitleA
SetConsoleTextAttribute
Process32First
MoveFileA
GetModuleFileNameA
GlobalFindAtomA
GetFileInformationByHandleEx
CreateFileMappingW
VirtualProtect
CreateThread
GetCurrentProcess
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
CreateFileA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
QueryFullProcessImageNameW
GetModuleHandleW
GetModuleFileNameW
AreFileApisANSI
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetLocaleInfoA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
MapViewOfFile
UnmapViewOfFile
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
user32
SetCursorPos
GetClientRect
SetCursor
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyboardLayout
ClientToScreen
ScreenToClient
LoadCursorA
GetKeyState
UpdateWindow
RegisterClassExA
SetWindowLongPtrA
GetDesktopWindow
GetWindowLongPtrA
LoadIconA
mouse_event
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
EnumWindows
SetMenu
MoveWindow
GetWindowThreadProcessId
GetWindowRect
SetWindowPos
GetForegroundWindow
GetSystemMetrics
GetClassNameA
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetWindowTextA
GetWindowLongA
MessageBoxA
advapi32
CryptEncrypt
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptImportKey
CryptDestroyKey
OpenProcessToken
imm32
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
d3dcompiler_47
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
msvcp140
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
_Query_perf_frequency
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
wininet
InternetCheckConnectionA
d3d11
D3D11CreateDeviceAndSwapChain
normaliz
IdnToAscii
wldap32
ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
crypt32
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
ws2_32
htonl
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
getaddrinfo
listen
ioctlsocket
__WSAFDIsSet
select
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
shlwapi
PathFindFileNameW
rpcrt4
UuidCreate
UuidToStringA
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_terminate
strstr
__current_exception_context
__current_exception
__C_specific_handler
strrchr
memset
memmove
memcpy
memcmp
memchr
_CxxThrowException
__std_exception_copy
__std_exception_destroy
strchr
api-ms-win-crt-stdio-l1-1-0
__p__commode
fseek
_read
fwrite
_wfopen
__stdio_common_vsprintf
_write
_lseeki64
fread
_close
__stdio_common_vsscanf
fclose
fputc
feof
fputs
fopen
_open
ftell
__stdio_common_vsprintf_s
__acrt_iob_func
fgetc
_popen
_pclose
fgets
_get_stream_buffer_pointers
fflush
_fseeki64
_set_fmode
fsetpos
ungetc
fgetpos
setvbuf
__stdio_common_vfprintf
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
isupper
strncpy
_strdup
strspn
strcspn
strcmp
strncmp
tolower
strpbrk
api-ms-win-crt-heap-l1-1-0
calloc
malloc
_set_new_mode
realloc
_callnewh
free
api-ms-win-crt-convert-l1-1-0
strtol
atoi
strtoull
strtoul
strtoll
strtod
atof
api-ms-win-crt-runtime-l1-1-0
system
_errno
exit
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
strerror
__sys_nerr
abort
_resetstkoflw
_beginthreadex
_getpid
_configure_narrow_argv
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initialize_onexit_table
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_register_onexit_function
api-ms-win-crt-time-l1-1-0
_gmtime64
strftime
_localtime64
clock
_time64
api-ms-win-crt-math-l1-1-0
atan
atan2
atan2f
tanf
__setusermatherr
_isnanf
asin
_dclass
_dsign
ceilf
acosf
cos
cosf
fmodf
powf
sin
sinf
sqrtf
api-ms-win-crt-filesystem-l1-1-0
_lock_file
remove
_stat64
_access
_fstat64
_unlock_file
_unlink
api-ms-win-crt-locale-l1-1-0
localeconv
___lc_codepage_func
_configthreadlocale
api-ms-win-crt-multibyte-l1-1-0
_mbsicmp
api-ms-win-crt-environment-l1-1-0
getenv
shell32
ShellExecuteA
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.5MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ExtinctionFN/Fixing Driver/FixDriverError.exe.exe windows:6 windows x64 arch:x64
5474c14c350c59a2ce58fbbab1fa3c8a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\cinex\Desktop\NebulaPriv\x64\Mod Hub\FixDriverError.pdb
Imports
kernel32
VirtualAlloc
WaitForSingleObject
CreateToolhelp32Snapshot
Sleep
Process32NextW
DeleteFileA
Process32FirstW
CloseHandle
SetConsoleTitleW
GetExitCodeProcess
FormatMessageA
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
InitializeSListHead
GetSystemTimeAsFileTime
AreFileApisANSI
GetLastError
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
LocalFree
shell32
ShellExecuteExA
msvcp140
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
urlmon
URLDownloadToFileA
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_destroy
__std_exception_copy
memmove
_CxxThrowException
__current_exception
__current_exception_context
memcpy
__C_specific_handler
memset
api-ms-win-crt-runtime-l1-1-0
__p___argc
_initterm_e
__p___argv
_get_initial_narrow_environment
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
terminate
exit
abort
_initterm
_invalid_parameter_noinfo_noreturn
system
_exit
api-ms-win-crt-heap-l1-1-0
_callnewh
_set_new_mode
free
malloc
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__stdio_common_vfprintf
__acrt_iob_func
__p__commode
api-ms-win-crt-string-l1-1-0
_wcsicmp
api-ms-win-crt-filesystem-l1-1-0
remove
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 160B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ExtinctionFN/Instructions.txt
-
ExtinctionFN/imgui.ini