36faff6b108b1efbf62ba6423b0d464877b64ce02a279c43c873c2ace499e7cc

Sharing

Copy URL Twitter E-mail

General

Target

36faff6b108b1efbf62ba6423b0d464877b64ce02a279c43c873c2ace499e7cc
Size

2.0MB
MD5

df2596d9f87d42b2386d326e53ce25fb
SHA1

76b641c93eb617621ee3f4ef59f71b582adca376
SHA256

36faff6b108b1efbf62ba6423b0d464877b64ce02a279c43c873c2ace499e7cc
SHA512

1998d8a02a38d934afe5bcf41022543900027c58904b9a1db0b0fd0bcc04883d8862a389e2537d24cf26fe897855da2bb0c6418a7a4580f5bd9a6ce7373d2e94
SSDEEP

49152:R/GDr+o9w5PfMYoreDKiulkSjfeWETisw0VYYjaE1KgP6PTnjH6hz:R/yP9MPfMYJKiYkTeJuaQ96PTnjkz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/PPLauncher.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EasyHook64.dll
unpack001/Launcher
unpack001/PPLauncher.dll
unpack001/PPLauncher.exe
unpack002/out.upx

Files

36faff6b108b1efbf62ba6423b0d464877b64ce02a279c43c873c2ace499e7cc
.zip
EasyHook64.dll
.dll windows:6 windows x64 arch:x64

4d117d78b1518e2a9eee4e20c8ed50c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\Build\netfx4-Release\x64\EasyHook64.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
LoadLibraryW
GetCurrentProcessId
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
TlsAlloc
CreateToolhelp32Snapshot
DuplicateHandle
WriteProcessMemory
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
GetVersionExW
SetEndOfFile
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
CreateEventW
RtlPcToFileHeader
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
RtlUnwindEx
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemFree
CoTaskMemAlloc

shlwapi

PathQuoteSpacesW

Exports

Exports

?GetRemoteModuleExportDirectory@@YAHPEAXPEAUHINSTANCE__@@PEAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS64@@@Z
DbgAttachDebugger
DbgDetachDebugger
DbgGetProcessIdByHandle
DbgGetThreadIdByHandle
DbgHandleToObjectName
DbgIsAvailable
DbgIsEnabled
GacCreateContext
GacInstallAssembly
GacReleaseContext
GacUninstallAssembly
HookCompleteInjection
LhBarrierBeginStackTrace
LhBarrierCallStackTrace
LhBarrierEndStackTrace
LhBarrierGetAddressOfReturnAddress
LhBarrierGetCallback
LhBarrierGetCallingModule
LhBarrierGetReturnAddress
LhBarrierPointerToModule
LhEnumModules
LhGetHookBypassAddress
LhInstallHook
LhIsThreadIntercepted
LhSetExclusiveACL
LhSetGlobalExclusiveACL
LhSetGlobalInclusiveACL
LhSetInclusiveACL
LhUninstallAllHooks
LhUninstallHook
LhUpdateModuleInformation
LhWaitForPendingRemovals
ReleaseTestFuncHookResults
RhCreateAndInject
RhCreateStealthRemoteThread
RhGetProcessToken
RhInjectLibrary
RhInstallDriver
RhInstallSupportDriver
RhIsAdministrator
RhIsX64Process
RhIsX64System
RhWakeUpProcess
RtlCreateSuspendedProcess
RtlGetLastError
RtlGetLastErrorString
RtlGetLastErrorStringCopy
RtlInstallService
TestFuncHooks

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Launcher
.exe windows:5 windows x86 arch:x86

e2bf658cf42e3a17edac9cd19fb39e7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WORK\Projects\Auth\branch\VS_2013\bin\Launcher_web.pdb

Imports

kernel32

LoadResource
SizeofResource
lstrlenA
lstrlenW
TlsAlloc
TlsFree
LoadLibraryA
LoadLibraryW
OutputDebugStringW
FindResourceW
DecodePointer
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
GetCurrentProcessId
ExitProcess
SetUnhandledExceptionFilter
OpenThread
SuspendThread
ResumeThread
MulDiv
GetLocalTime
GetSystemInfo
lstrcmpW
lstrcmpiW
CreateEventW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
CreateProcessW
GetDriveTypeW
SetCurrentDirectoryW
GetDiskFreeSpaceW
CreateFileA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
GetCommandLineW
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetVersionExW
DeleteFileA
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathW
GetTempPathA
GetSystemTime
LockFileEx
UnlockFile
LockFile
CreateDirectoryW
GetCurrentDirectoryW
OutputDebugStringA
Sleep
ResetEvent
SetEvent
FlushConsoleInputBuffer
GlobalMemoryStatus
FindNextFileA
FindFirstFileA
GetModuleHandleA
LocalFree
GetModuleFileNameW
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetFullPathNameA
SetEnvironmentVariableA
WriteConsoleW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetStdHandle
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
GetProcessHeap
GetCurrentThread
GetOEMCP
GetACP
IsValidCodePage
HeapSize
AreFileApisANSI
GetModuleHandleExW
GetTimeZoneInformation
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsSetValue
TlsGetValue
TerminateProcess
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
DebugBreak
PostQueuedCompletionStatus
SetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
FlushInstructionCache
GetProcAddress
FreeLibrary
LockResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetTickCount
CloseHandle
FindClose
SetFilePointer
SetEndOfFile
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
ExitThread
CreateThread
VirtualQuery
VirtualProtect
SetConsoleMode
VirtualAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
ExpandEnvironmentStringsA
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
VerifyVersionInfoA
SleepEx
VerSetConditionMask
FormatMessageA
EncodePointer
GetStringTypeW
SetFileAttributesW
GetWindowsDirectoryW
RemoveDirectoryW
GetExitCodeThread
MoveFileW
CreateSemaphoreW
ReleaseSemaphore
GetFileAttributesExW
GetFileAttributesW
CreateFileW
ReadConsoleW
GetFullPathNameW
VirtualFree
GetLastError

user32

PostMessageW
ReplyMessage
DefWindowProcW
SendMessageW
KillTimer
GetSystemMetrics
GetProcessWindowStation
DispatchMessageW
CallWindowProcW
SetTimer
TranslateMessage
GetMessageW
GetUserObjectInformationW
MessageBoxA
GetActiveWindow
CharNextW
DialogBoxParamW
SetWindowPos
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
GetMenu
SetWindowRgn
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBoxW
MapWindowPoints
GetWindowLongW
ShowWindow
DestroyWindow
wsprintfW
EndDialog
GetClassNameW
GetDesktopWindow
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetWindowTextLengthW
GetWindowTextW
RedrawWindow
InvalidateRgn
ValidateRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
GetDlgItem
MoveWindow
IsChild
RegisterWindowMessageW
SetWindowLongW
GetMonitorInfoW
MonitorFromWindow
LoadStringW
LoadImageW
LoadCursorW
GetWindow
GetWindowThreadProcessId
GetParent

gdi32

DeleteDC
GetBitmapBits
CreateDCA
CombineRgn
TextOutW
GetObjectW
SetTextColor
SetBkMode
SelectObject
Rectangle
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
GetObjectA
CreateSolidBrush
CreatePen
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateRectRgn

advapi32

RegOpenKeyW
CryptGetHashParam
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
ReportEventA
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
RegisterEventSourceA
DeregisterEventSource

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
OleLockRunning
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
CreateStreamOnHGlobal
CoGetClassObject

oleaut32

OleCreateFontIndirect
VarUI4FromStr
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysAllocStringLen

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

wnsprintfW
PathAppendW

ws2_32

WSASetLastError
__WSAFDIsSet
select
recv
send
WSAGetLastError
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
shutdown
WSAStringToAddressW
inet_addr
gethostbyname
WSAStartup
ntohl
bind
WSACleanup

comctl32

InitCommonControlsEx

xmllite

CreateXmlReader

iphlpapi

IcmpCreateFile
IcmpSendEcho2
IcmpCloseHandle
GetAdaptersAddresses

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcessModules
GetModuleInformation

dbghelp

SymSetOptions
SymInitialize
SymLoadModule64
MiniDumpWriteDump
SymGetOptions

wldap32

ord35
ord79
ord33
ord200
ord301
ord32
ord27
ord30
ord26
ord41
ord50
ord60
ord211
ord46
ord143
ord22

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PPLauncher.dll
.dll windows:6 windows x64 arch:x64

23e06c225d4e720959140cfe671619f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\OnlineGames\TeraDebug\PPLauncher.pdb

Imports

easyhook64

LhSetExclusiveACL
LhGetHookBypassAddress
LhInstallHook

kernel32

GetProcAddress
GetModuleHandleW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlCaptureContext

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

Exports

Exports

NativeInjectionEntryPoint

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PPLauncher.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 672KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 404KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.json
sensitive.config

Sharing

General

Malware Config

Signatures

Files

4d117d78b1518e2a9eee4e20c8ed50c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 85KB - Virtual size: 112KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

e2bf658cf42e3a17edac9cd19fb39e7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

shlwapi

ws2_32

comctl32

xmllite

iphlpapi

psapi

dbghelp

wldap32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 489KB - Virtual size: 489KB

.data Size: 55KB - Virtual size: 74KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 105KB - Virtual size: 105KB

23e06c225d4e720959140cfe671619f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

easyhook64

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 504B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 44B

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 672KB

UPX1 Size: 404KB - Virtual size: 408KB

.rsrc Size: 37KB - Virtual size: 40KB

Headers

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 85KB - Virtual size: 112KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 489KB - Virtual size: 489KB

.data
Size: 55KB - Virtual size: 74KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 105KB - Virtual size: 105KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 504B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 44B

UPX0
Size: - Virtual size: 672KB

UPX1
Size: 404KB - Virtual size: 408KB

.rsrc
Size: 37KB - Virtual size: 40KB

.text
Size: 748KB - Virtual size: 748KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 17KB - Virtual size: 26KB

.pdata
Size: 33KB - Virtual size: 32KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 5KB - Virtual size: 4KB