C:\Project\D3xx\trunk\D3XX\d2xxdll\x64\Release\FTD3XX.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
rabbitval_[unknowncheats.me]_.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
FTD3XX.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
Rabbit-Val.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
info.db
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral5
Sample
leechcore.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
vmm.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
rabbitval_[unknowncheats.me]_.zip
-
Size
2.6MB
-
MD5
f5e668f39523022482b4f7494c3856cc
-
SHA1
8cfbd91cd1cf3d63f702d46eaf5ce735c5fc3be3
-
SHA256
cf9cbc6de0934a0d389c9a25b3fcecc070ec7e65e38fb86bd7258d8b0ec44caa
-
SHA512
a28356f8a820542cea2819c2cd78210e34aae8f994fbbcdaffecb0d48c2f031b2a40b270f1c6e325bb02299adb25092a6eb9617ec38c06cacf9c58abd297aef7
-
SSDEEP
49152:YgGe1JeVEUOHmGOS5m8V3fVZFuYOwe9jb7rqjdsLrX7987WZ5XiP4zE:YgNneVEUiHOS5mC3tZFFafqjW587WZx4
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/FTD3XX.dll unpack001/Rabbit-Val.exe
Files
-
rabbitval_[unknowncheats.me]_.zip.zip
-
FTD3XX.dll.dll windows:6 windows x64 arch:x64
6f94f6f6008a841e2ba8090d85ca9d8f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
setupapi
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
kernel32
CreateThread
WriteConsoleW
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
SetFilePointerEx
CreateFileA
CloseHandle
GetLastError
DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
GetOverlappedResult
SetEvent
CreateEventA
WaitForMultipleObjects
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
CreateFileW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
Exports
Exports
FT_AbortPipe
FT_ClearNotificationCallback
FT_ClearStreamPipe
FT_Close
FT_ControlTransfer
FT_Create
FT_CreateDeviceInfoList
FT_CycleDevicePort
FT_EnableGPIO
FT_FlushPipe
FT_GetChipConfiguration
FT_GetConfigurationDescriptor
FT_GetDescriptor
FT_GetDeviceDescriptor
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetDriverVersion
FT_GetFirmwareVersion
FT_GetGPIO
FT_GetInterfaceDescriptor
FT_GetLatencyTimer
FT_GetLibraryVersion
FT_GetOverlappedResult
FT_GetPipeInformation
FT_GetPipeTimeout
FT_GetQueueStatus
FT_GetStringDescriptor
FT_GetSuspendTimeout
FT_GetVIDPID
FT_InitializeD2XXExtension
FT_InitializeOverlapped
FT_IoCtl
FT_IsDevicePath
FT_ListDevices
FT_Open
FT_Purge
FT_Read
FT_ReadGPIO
FT_ReadPipe
FT_ReadPipeEx
FT_ReleaseOverlapped
FT_ResetDevicePort
FT_SetChipConfiguration
FT_SetGPIO
FT_SetGPIOLevel
FT_SetGPIOPull
FT_SetLatencyTimer
FT_SetNotificationCallback
FT_SetPipeTimeout
FT_SetStreamPipe
FT_SetSuspendTimeout
FT_SetUSBParameters
FT_WriteGPIO
FT_WritePipe
FT_WritePipeEx
Sections
.text Size: 285KB - Virtual size: 284KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Rabbit-Val.exe.exe windows:6 windows x64 arch:x64
2099403c40e10362d7c0c2a4f1e0d864
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\tmz\Desktop\rabbit-val\7-27\ImGUI-Advanced-Cheat-Menu-master\x64\Release\Rabbit-Val.pdb
Imports
opengl32
glLoadMatrixf
glTexImage2D
glTexParameteri
glDeleteTextures
glGenTextures
glTexSubImage2D
glClear
glClearColor
glDrawArrays
glPopClientAttrib
glPushClientAttrib
glPopMatrix
glGetError
glGetString
glIsEnabled
wglCreateContext
wglDeleteContext
wglGetProcAddress
wglMakeCurrent
wglShareLists
glFlush
glPushAttrib
glOrtho
glShadeModel
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glGetTexEnviv
glTexCoordPointer
glLoadIdentity
glBlendFunc
glMatrixMode
glDisableClientState
glScissor
glEnable
glVertexPointer
glBindTexture
glPolygonMode
glPopAttrib
glEnableClientState
glViewport
glGetIntegerv
kernel32
FormatMessageA
GetLocaleInfoEx
InitializeSListHead
Sleep
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetTickCount64
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryA
LocalFree
FormatMessageW
GetLastError
GetModuleHandleA
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersion
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
CreateDirectoryW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
WakeAllConditionVariable
CloseHandle
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
user32
DestroyIcon
ChangeDisplaySettingsW
CreateIcon
GetWindowThreadProcessId
SetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ClipCursor
MapWindowPoints
SetCursor
ShowCursor
AdjustWindowRect
GetWindowRect
GetClientRect
SetWindowTextW
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
GetKeyState
SetWindowPos
FlashWindowEx
CreateWindowExW
UnregisterClassW
RegisterClassW
CallWindowProcW
DefWindowProcW
RegisterDeviceNotificationW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
ShowWindow
DestroyWindow
CreateWindowExA
EnumDisplaySettingsW
ScreenToClient
GetWindowLongPtrW
GetCursorPos
SetCursorPos
IsClipboardFormatAvailable
CopyIcon
DestroyCursor
LoadCursorW
MessageBoxA
GetDC
GetSystemMetrics
ReleaseDC
GetAsyncKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
gdi32
SwapBuffers
ChoosePixelFormat
GetDeviceCaps
SetPixelFormat
GetPixelFormat
DescribePixelFormat
advapi32
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
shell32
ShellExecuteA
vmm
VMMDLL_Map_GetModuleFromNameU
VMMDLL_MemReadEx
VMMDLL_PidGetFromName
VMMDLL_Scatter_Clear
VMMDLL_PdbLoad
VMMDLL_ProcessGetInformationAll
VMMDLL_Map_GetModuleFromNameW
VMMDLL_Initialize
VMMDLL_Scatter_ExecuteRead
VMMDLL_Scatter_Read
VMMDLL_Scatter_Initialize
VMMDLL_PdbSymbolAddress
VMMDLL_ConfigSet
VMMDLL_ProcessGetModuleBaseU
VMMDLL_MemFree
VMMDLL_WinReg_QueryValueExU
VMMDLL_Map_GetPool
VMMDLL_Map_GetEATU
VMMDLL_Scatter_Prepare
msvcp140
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?uncaught_exception@std@@YA_NXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?narrow@?$ctype@_W@std@@QEBAD_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Thrd_detach
_Xtime_get_ticks
_Thrd_join
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
imm32
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetContext
ImmAssociateContextEx
vcruntime140_1
__CxxFrameHandler4
vcruntime140
strstr
memchr
__std_exception_copy
_CxxThrowException
_purecall
__current_exception_context
__CxxFrameHandler3
memcpy
__std_exception_destroy
memmove
memset
memcmp
__current_exception
__std_terminate
__C_specific_handler
api-ms-win-crt-heap-l1-1-0
realloc
free
_set_new_mode
_callnewh
malloc
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
exit
_beginthreadex
terminate
_errno
_cexit
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
abort
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strncmp
strncpy
isprint
strcmp
tolower
isdigit
api-ms-win-crt-time-l1-1-0
strftime
_localtime64_s
_time64
api-ms-win-crt-convert-l1-1-0
atoi
strtol
atof
api-ms-win-crt-stdio-l1-1-0
fputc
fflush
feof
fclose
__stdio_common_vsprintf_s
fgetc
__p__commode
_set_fmode
fwrite
__stdio_common_vsprintf
fgetpos
setvbuf
ungetc
__stdio_common_vsscanf
_wfopen
fsetpos
fread
__stdio_common_vfprintf
fseek
__acrt_iob_func
ftell
_get_stream_buffer_pointers
_fseeki64
getchar
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-environment-l1-1-0
getenv_s
api-ms-win-crt-math-l1-1-0
cosf
sinf
sqrtf
pow
tanf
fmodf
ldexp
ceilf
atan2f
acosf
powf
__setusermatherr
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
winmm
joyGetPosEx
timeEndPeriod
timeGetDevCaps
joyGetDevCapsW
timeBeginPeriod
Sections
.text Size: 749KB - Virtual size: 748KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 499KB - Virtual size: 499KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.5MB - Virtual size: 22.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
info.db
-
leechcore.dll.dll windows:6 windows x64 arch:x64
245f8d40de6893b471d1e488cfaf8c43
Code Sign
61:41:98:e7:6e:19:1c:5c:7a:9b:36:24:ae:39:1d:d1Certificate
IssuerCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLNot Before24/11/2023, 06:35Not After23/11/2024, 06:35SubjectCN=Open Source Developer\, Ulf Frisk,O=Open Source Developer,L=Stockholm,C=SE,1.2.840.113549.1.9.1=#0c16756c662e667269736b40756c66667269736b2e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate
IssuerCN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PLNot Before19/05/2021, 05:32Not After18/05/2036, 05:32SubjectCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f2:3e:ef:5f:43:9c:46:2e:86:96:dd:5f:6f:11:93:02:a3:04:d4:14:e9:17:67:f8:cd:83:3d:2a:74:bb:72:21Signer
Actual PE Digestf2:3e:ef:5f:43:9c:46:2e:86:96:dd:5f:6f:11:93:02:a3:04:d4:14:e9:17:67:f8:cd:83:3d:2a:74:bb:72:21Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Github\production\LeechCore\files\lib\leechcore.pdb
Imports
credui
CredUIPromptForWindowsCredentialsW
CredUnPackAuthenticationBufferW
rpcrt4
NdrClientCall3
RpcBindingSetAuthInfoExA
RpcBindingFree
RpcStringFreeA
RpcBindingSetAuthInfoExW
RpcStringBindingComposeA
RpcBindingFromStringBindingA
secur32
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage
LsaConnectUntrusted
setupapi
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
winusb
WinUsb_WritePipe
WinUsb_Free
WinUsb_SetPipePolicy
WinUsb_ReadPipe
WinUsb_Initialize
ws2_32
setsockopt
WSAGetLastError
htons
recvfrom
connect
socket
send
inet_addr
WSAStartup
closesocket
ioctlsocket
kernel32
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetTickCount64
GetModuleFileNameA
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
QueryPerformanceCounter
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
DeleteCriticalSection
Sleep
LoadLibraryA
CloseHandle
CreateThread
SwitchToThread
GetProcAddress
FreeLibrary
ReadFile
DeviceIoControl
GetLastError
CreateFileA
SetFilePointerEx
VirtualFree
VirtualAlloc
CreateFileW
VerSetConditionMask
VerifyVersionInfoW
WriteProcessMemory
GetCurrentProcess
K32GetModuleFileNameExW
OpenProcess
K32EnumProcesses
ReadProcessMemory
K32GetMappedFileNameW
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
CreateEventW
SetEvent
QueryPerformanceFrequency
ResetEvent
IsProcessorFeaturePresent
advapi32
StartServiceA
ControlService
DeleteService
OpenSCManagerA
OpenSCManagerW
CloseServiceHandle
CreateServiceA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceA
ole32
CoTaskMemFree
vcruntime140
memset
memcpy
__C_specific_handler
strstr
__std_type_info_destroy_list
memcmp
wcsstr
api-ms-win-crt-stdio-l1-1-0
fread
fopen_s
fwrite
__stdio_common_vsnwprintf_s
_fseeki64
__stdio_common_vswprintf_s
__stdio_common_vfprintf
fclose
__acrt_iob_func
getchar
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
_ftelli64
api-ms-win-crt-string-l1-1-0
strncat_s
strtok_s
wcsncpy_s
strcpy_s
wcsncat_s
_strnicmp
_wcsicmp
strncpy_s
wcscpy_s
strcat_s
strcmp
_stricmp
api-ms-win-crt-convert-l1-1-0
atoi
_itoa_s
strtoull
api-ms-win-crt-utility-l1-1-0
rand
srand
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_execute_onexit_table
_initterm
_cexit
_initterm_e
_seh_filter_dll
Exports
Exports
LcAllocScatter1
LcAllocScatter2
LcAllocScatter3
LcClose
LcCommand
LcCreate
LcCreateEx
LcDeviceParameterGet
LcDeviceParameterGetNumeric
LcGetOption
LcMemFree
LcMemMap_AddRange
LcMemMap_GetMaxAddress
LcMemMap_IsInitialized
LcRead
LcReadScatter
LcSetOption
LcWrite
LcWriteScatter
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 160B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vmm.dll.dll windows:6 windows x64 arch:x64
0b77eba7e489d82b694bf66be928bc65
Code Sign
14:6e:e2:13:38:1e:4b:f2:fb:2a:42:4d:53:cb:02:e8Certificate
IssuerCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLNot Before21/12/2022, 10:36Not After21/12/2023, 10:36SubjectCN=Open Source Developer\, Ulf Frisk,O=Open Source Developer,L=Stockholm,C=SE,1.2.840.113549.1.9.1=#0c16756c662e667269736b40756c66667269736b2e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate
IssuerCN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PLNot Before19/05/2021, 05:32Not After18/05/2036, 05:32SubjectCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e5:a5:69:30:c2:75:46:8c:cd:38:b5:dc:71:74:da:0c:7d:da:bb:ed:69:c7:28:30:e6:b9:36:a0:f9:18:e4:c0Signer
Actual PE Digeste5:a5:69:30:c2:75:46:8c:cd:38:b5:dc:71:74:da:0c:7d:da:bb:ed:69:c7:28:30:e6:b9:36:a0:f9:18:e4:c0Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Github\production\MemProcFS\files\lib\vmm.pdb
Imports
leechcore
LcRead
LcCreateEx
LcClose
LcSetOption
LcReadScatter
LcAllocScatter1
LcWriteScatter
LcGetOption
LcCommand
LcAllocScatter2
LcMemFree
bcrypt
BCryptCreateHash
BCryptHashData
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptDestroyHash
crypt32
CertFreeCertificateContext
CertCreateCertificateContext
CertGetNameStringW
shlwapi
StrStrIA
ws2_32
inet_ntop
kernel32
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter
LockResource
ResetEvent
LocalAlloc
LocalFree
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetLongPathNameW
WaitForMultipleObjects
CreateEventW
GetTickCount64
SetEvent
GetLocalTime
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceFrequency
GetModuleFileNameA
SizeofResource
FileTimeToSystemTime
FindClose
LoadResource
FindResourceW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
GetStdHandle
ReadConsoleA
SwitchToThread
CreateThread
FindFirstFileA
LoadLibraryExA
FindNextFileA
advapi32
LookupAccountSidA
RegDeleteValueA
IsValidSid
ConvertStringSidToSidA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegGetValueA
ConvertSidToStringSidA
vcruntime140
strstr
__std_type_info_destroy_list
__C_specific_handler
strrchr
memcmp
memcpy
memmove
memset
api-ms-win-crt-string-l1-1-0
_wcsnicmp
_strnicmp
strncmp
strcmp
strcat_s
_stricmp
strcpy_s
strtok_s
strncpy_s
strncat_s
strspn
strnlen
strcspn
toupper
api-ms-win-crt-heap-l1-1-0
free
malloc
_msize
realloc
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_endthreadex
api-ms-win-crt-time-l1-1-0
_localtime64_s
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsnprintf_s
fread
tmpnam_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fwrite
fclose
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsnwprintf_s
fopen_s
_fseeki64
_fsopen
fflush
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
strtoull
strtoul
api-ms-win-crt-filesystem-l1-1-0
remove
_access_s
api-ms-win-crt-math-l1-1-0
floor
log10
Exports
Exports
VMMDLL_Close
VMMDLL_CloseAll
VMMDLL_ConfigGet
VMMDLL_ConfigSet
VMMDLL_ForensicFileAppend
VMMDLL_Initialize
VMMDLL_InitializeEx
VMMDLL_InitializePlugins
VMMDLL_Log
VMMDLL_LogEx
VMMDLL_Map_GetEATU
VMMDLL_Map_GetEATW
VMMDLL_Map_GetHandleU
VMMDLL_Map_GetHandleW
VMMDLL_Map_GetHeap
VMMDLL_Map_GetHeapAlloc
VMMDLL_Map_GetIATU
VMMDLL_Map_GetIATW
VMMDLL_Map_GetModuleFromNameU
VMMDLL_Map_GetModuleFromNameW
VMMDLL_Map_GetModuleU
VMMDLL_Map_GetModuleW
VMMDLL_Map_GetNetU
VMMDLL_Map_GetNetW
VMMDLL_Map_GetPfn
VMMDLL_Map_GetPfnEx
VMMDLL_Map_GetPhysMem
VMMDLL_Map_GetPool
VMMDLL_Map_GetPteU
VMMDLL_Map_GetPteW
VMMDLL_Map_GetServicesU
VMMDLL_Map_GetServicesW
VMMDLL_Map_GetThread
VMMDLL_Map_GetUnloadedModuleU
VMMDLL_Map_GetUnloadedModuleW
VMMDLL_Map_GetUsersU
VMMDLL_Map_GetUsersW
VMMDLL_Map_GetVMU
VMMDLL_Map_GetVMW
VMMDLL_Map_GetVadEx
VMMDLL_Map_GetVadU
VMMDLL_Map_GetVadW
VMMDLL_MemFree
VMMDLL_MemPrefetchPages
VMMDLL_MemRead
VMMDLL_MemReadEx
VMMDLL_MemReadPage
VMMDLL_MemReadScatter
VMMDLL_MemSearch
VMMDLL_MemSize
VMMDLL_MemVirt2Phys
VMMDLL_MemWrite
VMMDLL_MemWriteScatter
VMMDLL_PdbLoad
VMMDLL_PdbSymbolAddress
VMMDLL_PdbSymbolName
VMMDLL_PdbTypeChildOffset
VMMDLL_PdbTypeSize
VMMDLL_PidGetFromName
VMMDLL_PidList
VMMDLL_ProcessGetDirectoriesU
VMMDLL_ProcessGetDirectoriesW
VMMDLL_ProcessGetInformation
VMMDLL_ProcessGetInformationAll
VMMDLL_ProcessGetInformationString
VMMDLL_ProcessGetModuleBaseU
VMMDLL_ProcessGetModuleBaseW
VMMDLL_ProcessGetProcAddressU
VMMDLL_ProcessGetProcAddressW
VMMDLL_ProcessGetSectionsU
VMMDLL_ProcessGetSectionsW
VMMDLL_Scatter_Clear
VMMDLL_Scatter_CloseHandle
VMMDLL_Scatter_Execute
VMMDLL_Scatter_ExecuteRead
VMMDLL_Scatter_Initialize
VMMDLL_Scatter_Prepare
VMMDLL_Scatter_PrepareEx
VMMDLL_Scatter_PrepareWrite
VMMDLL_Scatter_PrepareWriteEx
VMMDLL_Scatter_Read
VMMDLL_UtilFillHexAscii
VMMDLL_UtilVfsReadFile_FromBOOL
VMMDLL_UtilVfsReadFile_FromDWORD
VMMDLL_UtilVfsReadFile_FromPBYTE
VMMDLL_UtilVfsReadFile_FromQWORD
VMMDLL_UtilVfsWriteFile_BOOL
VMMDLL_UtilVfsWriteFile_DWORD
VMMDLL_VfsListBlobU
VMMDLL_VfsListU
VMMDLL_VfsListW
VMMDLL_VfsList_AddDirectory
VMMDLL_VfsList_AddDirectoryW
VMMDLL_VfsList_AddFile
VMMDLL_VfsList_AddFileW
VMMDLL_VfsReadU
VMMDLL_VfsReadW
VMMDLL_VfsWriteU
VMMDLL_VfsWriteW
VMMDLL_VmGetVmmHandle
VMMDLL_VmMemRead
VMMDLL_VmMemReadScatter
VMMDLL_VmMemTranslateGPA
VMMDLL_VmMemWrite
VMMDLL_VmMemWriteScatter
VMMDLL_VmScatterInitialize
VMMDLL_WinGetThunkInfoIATU
VMMDLL_WinGetThunkInfoIATW
VMMDLL_WinReg_EnumKeyExU
VMMDLL_WinReg_EnumKeyExW
VMMDLL_WinReg_EnumValueU
VMMDLL_WinReg_EnumValueW
VMMDLL_WinReg_HiveList
VMMDLL_WinReg_HiveReadEx
VMMDLL_WinReg_HiveWrite
VMMDLL_WinReg_QueryValueExU
VMMDLL_WinReg_QueryValueExW
VMMDLL_YaraSearch
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 277KB - Virtual size: 276KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 74KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 117KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ