Yeniklasr2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Yeniklasr2.zip
Size

32.1MB
MD5

465ae2b1d49f9c883944c4c424599d6a
SHA1

b3d0b931347bc522065e98ecbd6fdd6757445f3f
SHA256

ee8e6cf3f17df2589006356e09729a574c3236781acb26d0662edf2f40bef979
SHA512

f45d5dd1cfe339c8f92531d9e14cf203013f6698c9e8b1c3918145eb3cf4d8a30a7c234b019313217b4fa96dcaace22d0e785b8f91a08d0cbdc46b62d08e8b30
SSDEEP

786432:kh0orG0jQ9h7pDr6AQxJkSNP9YhP2rrFbCKnyxX5tB/+:h0jQL7ExFYP2rrFmDJtk

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/novitec.exe	pyinstaller

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SafeGuard-Lib.dll
unpack001/novitec.exe

Files

Yeniklasr2.zip
.zip
SafeGuard-Lib.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

??0Assembler@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Assembler@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0BaseAssembler@_abi_1_10@asmjit@@QEAA@XZ
??0BaseBuilder@_abi_1_10@asmjit@@QEAA@XZ
??0BaseCompiler@_abi_1_10@asmjit@@QEAA@XZ
??0BaseEmitter@_abi_1_10@asmjit@@QEAA@W4EmitterType@12@@Z
??0Builder@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Builder@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0CodeHolder@_abi_1_10@asmjit@@QEAA@PEBUTemporary@Support@12@@Z
??0Compiler@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Compiler@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0ConstPool@_abi_1_10@asmjit@@QEAA@PEAVZone@12@@Z
??0ErrorHandler@_abi_1_10@asmjit@@QEAA@XZ
??0FileLogger@_abi_1_10@asmjit@@QEAA@PEAU_iobuf@@@Z
??0FuncPass@_abi_1_10@asmjit@@QEAA@PEBD@Z
??0JitAllocator@_abi_1_10@asmjit@@QEAA@PEBUCreateParams@012@@Z
??0JitRuntime@_abi_1_10@asmjit@@QEAA@PEBUCreateParams@JitAllocator@12@@Z
??0Logger@_abi_1_10@asmjit@@QEAA@XZ
??0Pass@_abi_1_10@asmjit@@QEAA@PEBD@Z
??0SDK@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StringLogger@_abi_1_10@asmjit@@QEAA@XZ
??0Target@_abi_1_10@asmjit@@QEAA@XZ
??1Assembler@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Assembler@x86@_abi_1_10@asmjit@@UEAA@XZ
??1BaseAssembler@_abi_1_10@asmjit@@UEAA@XZ
??1BaseBuilder@_abi_1_10@asmjit@@UEAA@XZ
??1BaseCompiler@_abi_1_10@asmjit@@UEAA@XZ
??1BaseEmitter@_abi_1_10@asmjit@@UEAA@XZ
??1Builder@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Builder@x86@_abi_1_10@asmjit@@UEAA@XZ
??1CodeHolder@_abi_1_10@asmjit@@QEAA@XZ
??1Compiler@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Compiler@x86@_abi_1_10@asmjit@@UEAA@XZ
??1ConstPool@_abi_1_10@asmjit@@QEAA@XZ
??1ErrorHandler@_abi_1_10@asmjit@@UEAA@XZ
??1FileLogger@_abi_1_10@asmjit@@UEAA@XZ
??1JitAllocator@_abi_1_10@asmjit@@QEAA@XZ
??1JitRuntime@_abi_1_10@asmjit@@UEAA@XZ
??1Logger@_abi_1_10@asmjit@@UEAA@XZ
??1Pass@_abi_1_10@asmjit@@UEAA@XZ
??1StringLogger@_abi_1_10@asmjit@@UEAA@XZ
??1Target@_abi_1_10@asmjit@@UEAA@XZ
??_FAssembler@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FAssembler@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FBuilder@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FBuilder@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FCodeHolder@_abi_1_10@asmjit@@QEAAXXZ
??_FCompiler@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FCompiler@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FFileLogger@_abi_1_10@asmjit@@QEAAXXZ
??_FJitAllocator@_abi_1_10@asmjit@@QEAAXXZ
??_FJitRuntime@_abi_1_10@asmjit@@QEAAXXZ
?_add@JitRuntime@_abi_1_10@asmjit@@UEAAIPEAPEAXPEAVCodeHolder@23@@Z
?_alloc@Zone@_abi_1_10@asmjit@@QEAAPEAX_K0@Z
?_alloc@ZoneAllocator@_abi_1_10@asmjit@@QEAAPEAX_KAEA_K@Z
?_allocZeroed@ZoneAllocator@_abi_1_10@asmjit@@QEAAPEAX_KAEA_K@Z
?_append@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@_N@Z
?_archTraits@_abi_1_10@asmjit@@3QBUArchTraits@12@B
?_cleanupBlock@ZoneStackBase@_abi_1_10@asmjit@@QEAAXI_K@Z
?_commonInfoTable@InstDB@x86@_abi_1_10@asmjit@@3QBUCommonInfo@1234@B
?_emit@Assembler@a64@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@34@00PEBU534@@Z
?_emit@Assembler@x86@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@34@00PEBU534@@Z
?_emit@BaseBuilder@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@23@00PEBU423@@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAII@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@00000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@0000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@00@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@0@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@@Z
?_emitOpArray@BaseEmitter@_abi_1_10@asmjit@@UEAAIIPEBUOperand_@23@_K@Z
?_grow@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_init@Zone@_abi_1_10@asmjit@@QEAAX_K0PEBUTemporary@Support@23@@Z
?_init@ZoneStackBase@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@_K@Z
?_insert@ZoneHashBase@_abi_1_10@asmjit@@QEAAPEAVZoneHashNode@23@PEAVZoneAllocator@23@PEAV423@@Z
?_instInfoTable@InstDB@a64@_abi_1_10@asmjit@@3QBUInstInfo@1234@B
?_instInfoTable@InstDB@x86@_abi_1_10@asmjit@@3QBUInstInfo@1234@B
?_instSignatureTable@InstDB@x86@_abi_1_10@asmjit@@3QBUInstSignature@1234@B
?_log@FileLogger@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?_log@StringLogger@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?_newConst@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseMem@23@W4ConstPoolScope@23@PEBX_K@Z
?_newReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@AEBV423@PEBD@Z
?_newReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@W4TypeId@23@PEBD@Z
?_newRegFmt@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@AEBV423@PEBDZZ
?_newRegFmt@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@W4TypeId@23@PEBDZZ
?_newStack@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseMem@23@IIPEBD@Z
?_opChar@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@D@Z
?_opChars@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@D_K@Z
?_opFormat@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBDZZ
?_opHex@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBX_KD@Z
?_opNumber@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@_KI1W4StringFormatFlags@23@@Z
?_opSignatureTable@InstDB@x86@_abi_1_10@asmjit@@3QBUOpSignature@1234@B
?_opString@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBD_K@Z
?_opVFormat@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBDPEAD@Z
?_prepareBlock@ZoneStackBase@_abi_1_10@asmjit@@QEAAII_K@Z
?_rehash@ZoneHashBase@_abi_1_10@asmjit@@QEAAXPEAVZoneAllocator@23@I@Z
?_release@JitRuntime@_abi_1_10@asmjit@@UEAAIPEAX@Z
?_releaseDynamic@ZoneAllocator@_abi_1_10@asmjit@@QEAAXPEAX_K@Z
?_remove@ZoneHashBase@_abi_1_10@asmjit@@QEAAPEAVZoneHashNode@23@PEAVZoneAllocator@23@PEAV423@@Z
?_reserve@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_resize@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@II_N@Z
?_resize@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_typeData@TypeUtils@_abi_1_10@asmjit@@3UTypeData@123@B
?_zeroBlock@Zone@_abi_1_10@asmjit@@2UBlock@123@B
?add@ConstPool@_abi_1_10@asmjit@@QEAAIPEBX_KAEA_K@Z
?addAddressToAddressTable@CodeHolder@_abi_1_10@asmjit@@QEAAI_K@Z
?addAfter@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@0@Z
?addBefore@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@0@Z
?addDiagnosticOptions@BaseEmitter@_abi_1_10@asmjit@@QEAAXW4DiagnosticOptions@23@@Z
?addFunc@BaseCompiler@_abi_1_10@asmjit@@QEAAPEAVFuncNode@23@PEAV423@@Z
?addFuncNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncNode@23@AEBUFuncSignature@23@@Z
?addFuncRetNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncRetNode@23@AEBUOperand_@23@1@Z
?addInvokeNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVInvokeNode@23@IAEBUOperand_@23@AEBUFuncSignature@23@@Z
?addNode@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?addPass@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVPass@23@@Z
?align@Assembler@a64@_abi_1_10@asmjit@@UEAAIW4AlignMode@34@I@Z
?align@Assembler@x86@_abi_1_10@asmjit@@UEAAIW4AlignMode@34@I@Z
?align@BaseBuilder@_abi_1_10@asmjit@@UEAAIW4AlignMode@23@I@Z
?alloc@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAPEAX0_K@Z
?alloc@VirtMem@_abi_1_10@asmjit@@YAIPEAPEAX_KW4MemoryFlags@123@@Z
?allocDualMapping@VirtMem@_abi_1_10@asmjit@@YAIPEAUDualMapping@123@_KW4MemoryFlags@123@@Z
?allocZeroed@Zone@_abi_1_10@asmjit@@QEAAPEAX_K0@Z
?assertionFailed@DebugUtils@_abi_1_10@asmjit@@YAXPEBDH0@Z
?assign@String@_abi_1_10@asmjit@@QEAAIPEBD_K@Z
?attach@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?authenticateUser@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?bind@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@@Z
?bind@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@@Z
?bindLabel@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVLabel@23@I_K@Z
?clear@String@_abi_1_10@asmjit@@QEAAIXZ
?clearDiagnosticOptions@BaseEmitter@_abi_1_10@asmjit@@QEAAXW4DiagnosticOptions@23@@Z
?codeSize@CodeHolder@_abi_1_10@asmjit@@QEBA_KXZ
?comment@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?comment@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?commentf@BaseEmitter@_abi_1_10@asmjit@@QEAAIPEBDZZ
?commentv@BaseEmitter@_abi_1_10@asmjit@@QEAAIPEBDPEAD@Z
?copyFlattenedData@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAX_KW4CopySectionFlags@23@@Z
?copyFrom@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@AEBV123@@Z
?copySectionData@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAX_KIW4CopySectionFlags@23@@Z
?debugOutput@DebugUtils@_abi_1_10@asmjit@@YAXPEBD@Z
?deletePass@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVPass@23@@Z
?detach@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?downloadFile@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?dup@Zone@_abi_1_10@asmjit@@QEAAPEAXPEBX_K_N@Z
?embed@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEBX_K@Z
?embed@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEBX_K@Z
?embedConstPool@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@AEBVConstPool@23@@Z
?embedConstPool@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@AEBVConstPool@23@@Z
?embedDataArray@BaseAssembler@_abi_1_10@asmjit@@UEAAIW4TypeId@23@PEBX_K2@Z
?embedDataArray@BaseBuilder@_abi_1_10@asmjit@@UEAAIW4TypeId@23@PEBX_K2@Z
?embedLabel@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@_K@Z
?embedLabel@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@_K@Z
?embedLabelDelta@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@0_K@Z
?embedLabelDelta@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@0_K@Z
?emitAnnotatedJump@BaseCompiler@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@PEAVJumpAnnotation@23@@Z
?emitArgsAssignment@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@AEBVFuncArgsAssignment@23@@Z
?emitEpilog@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@@Z
?emitProlog@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@@Z
?endFunc@BaseCompiler@_abi_1_10@asmjit@@QEAAIXZ
?ensureAddressTableSection@CodeHolder@_abi_1_10@asmjit@@QEAAPEAVSection@23@XZ
?eq@String@_abi_1_10@asmjit@@QEBA_NPEBD_K@Z
?errorAsString@DebugUtils@_abi_1_10@asmjit@@YAPEBDI@Z
?extendSubscription@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?fill@ConstPool@_abi_1_10@asmjit@@QEBAXPEAX@Z
?finalize@BaseEmitter@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Builder@a64@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Builder@x86@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Compiler@a64@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Compiler@x86@_abi_1_10@asmjit@@UEAAIXZ
?finalize@FuncFrame@_abi_1_10@asmjit@@QEAAIXZ
?flatten@CodeHolder@_abi_1_10@asmjit@@QEAAIXZ
?flushInstructionCache@VirtMem@_abi_1_10@asmjit@@YAXPEAX_K@Z
?formatData@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@W4Arch@23@W4TypeId@23@PEBX_K5@Z
?formatDataType@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@W4Arch@23@W4TypeId@23@@Z
?formatFeature@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4Arch@23@I@Z
?formatInstruction@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_K@Z
?formatLabel@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@I@Z
?formatNode@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@PEBVBaseNode@23@@Z
?formatNodeList@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@@Z
?formatNodeList@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@PEBVBaseNode@23@3@Z
?formatOperand@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@AEBUOperand_@23@@Z
?formatRegister@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@W4RegType@23@I@Z
?formatTypeId@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4TypeId@23@@Z
?getFileContent@SDK@@QEAA?AV?$vector@EV?$allocator@E@std@@@std@@XZ
?getTickCount@OSUtils@_abi_1_10@asmjit@@YAIXZ
?getVariable@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$basic_json@Vmap@std@@Vvector@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@_N_J_KNVallocator@2@Uadl_serializer@json_abi_v3_11_3@nlohmann@@V?$vector@EV?$allocator@E@std@@@2@X@json_abi_v3_11_3@nlohmann@@V23@@Z
?growBuffer@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAUCodeBuffer@23@_K@Z
?hardenedRuntimeInfo@VirtMem@_abi_1_10@asmjit@@YA?AUHardenedRuntimeInfo@123@XZ
?host@CpuInfo@_abi_1_10@asmjit@@SAAEBV123@XZ
?info@VirtMem@_abi_1_10@asmjit@@YA?AUInfo@123@XZ
?init@CallConv@_abi_1_10@asmjit@@QEAAIW4CallConvId@23@AEBVEnvironment@23@@Z
?init@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVEnvironment@23@AEBVCpuFeatures@23@_K@Z
?init@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVEnvironment@23@_K@Z
?init@FuncDetail@_abi_1_10@asmjit@@QEAAIAEBUFuncSignature@23@AEBVEnvironment@23@@Z
?init@FuncFrame@_abi_1_10@asmjit@@QEAAIAEBVFuncDetail@23@@Z
?injectDLL@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?instIdToString@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@IAEAVString@23@@Z
?isLabelValid@BaseEmitter@_abi_1_10@asmjit@@QEBA_NI@Z
?isSessionValid@SDK@@QEAA_NXZ
?labelByName@BaseEmitter@_abi_1_10@asmjit@@QEAA?AVLabel@23@PEBD_KI@Z
?labelIdByName@CodeHolder@_abi_1_10@asmjit@@QEAAIPEBD_KI@Z
?labelNodeOf@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelNode@23@I@Z
?logf@Logger@_abi_1_10@asmjit@@QEAAIPEBDZZ
?logv@Logger@_abi_1_10@asmjit@@QEAAIPEBDPEAD@Z
?newAlignNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVAlignNode@23@W4AlignMode@23@I@Z
?newCommentNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVCommentNode@23@PEBD_K@Z
?newConstPoolNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVConstPoolNode@23@@Z
?newEmbedDataNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVEmbedDataNode@23@W4TypeId@23@PEBX_K3@Z
?newFuncNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncNode@23@AEBUFuncSignature@23@@Z
?newFuncRetNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncRetNode@23@AEBUOperand_@23@1@Z
?newInstNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVInstNode@23@IW4InstOptions@23@I@Z
?newInvokeNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVInvokeNode@23@IAEBUOperand_@23@AEBUFuncSignature@23@@Z
?newJumpAnnotation@BaseCompiler@_abi_1_10@asmjit@@QEAAPEAVJumpAnnotation@23@XZ
?newJumpNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVJumpNode@23@IW4InstOptions@23@AEBUOperand_@23@PEAVJumpAnnotation@23@@Z
?newLabel@BaseAssembler@_abi_1_10@asmjit@@UEAA?AVLabel@23@XZ
?newLabel@BaseBuilder@_abi_1_10@asmjit@@UEAA?AVLabel@23@XZ
?newLabelEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelEntry@23@@Z
?newLabelLink@CodeHolder@_abi_1_10@asmjit@@QEAAPEAULabelLink@23@PEAVLabelEntry@23@I_K_JAEBUOffsetFormat@23@@Z
?newLabelNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelNode@23@@Z
?newNamedLabel@BaseAssembler@_abi_1_10@asmjit@@UEAA?AVLabel@23@PEBD_KW4LabelType@23@I@Z
?newNamedLabel@BaseBuilder@_abi_1_10@asmjit@@UEAA?AVLabel@23@PEBD_KW4LabelType@23@I@Z
?newNamedLabelEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelEntry@23@PEBD_KW4LabelType@23@I@Z
?newRelocEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAURelocEntry@23@W4RelocType@23@@Z
?newSection@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVSection@23@PEBD_KW4SectionFlags@23@IH@Z
?newVirtReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVVirtReg@23@W4TypeId@23@UOperandSignature@23@PEBD@Z
?onAttach@Assembler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Assembler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@BaseCompiler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@Builder@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Builder@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Compiler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Compiler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Assembler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Assembler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@BaseCompiler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@Builder@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Builder@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Compiler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Compiler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onSettingsUpdated@BaseEmitter@_abi_1_10@asmjit@@UEAAXXZ
?padEnd@String@_abi_1_10@asmjit@@QEAAI_KD@Z
?passByName@BaseBuilder@_abi_1_10@asmjit@@QEBAPEAVPass@23@PEBD@Z
?prepare@String@_abi_1_10@asmjit@@QEAAPEADW4ModifyOp@123@_K@Z
?protect@VirtMem@_abi_1_10@asmjit@@YAIPEAX_KW4MemoryFlags@123@@Z
?protectJitMemory@VirtMem@_abi_1_10@asmjit@@YAXW4ProtectJitAccess@123@@Z
?query@JitAllocator@_abi_1_10@asmjit@@QEBAIPEAXPEAPEAX1PEA_K@Z
?queryFeatures@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KPEAVCpuFeatures@23@@Z
?queryRWInfo@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KPEAUInstRWInfo@23@@Z
?registerLabelNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVLabelNode@23@@Z
?registerUser@SDK@@QEAAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?release@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAX@Z
?release@VirtMem@_abi_1_10@asmjit@@YAIPEAX_K@Z
?releaseDualMapping@VirtMem@_abi_1_10@asmjit@@YAIPEAUDualMapping@123@_K@Z
?relocateToBase@CodeHolder@_abi_1_10@asmjit@@QEAAI_K@Z
?removeNode@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?removeNodes@BaseBuilder@_abi_1_10@asmjit@@QEAAXPEAVBaseNode@23@0@Z
?rename@BaseCompiler@_abi_1_10@asmjit@@QEAAXAEBVBaseReg@23@PEBDZZ
?reportError@BaseEmitter@_abi_1_10@asmjit@@QEAAIIPEBD@Z
?reserveBuffer@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAUCodeBuffer@23@_K@Z
?reset@CodeHolder@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@ConstPool@_abi_1_10@asmjit@@QEAAXPEAVZone@23@@Z
?reset@JitAllocator@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@String@_abi_1_10@asmjit@@QEAAIXZ
?reset@Zone@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@ZoneAllocator@_abi_1_10@asmjit@@QEAAXPEAVZone@23@@Z
?resolveUnresolvedLinks@CodeHolder@_abi_1_10@asmjit@@QEAAIXZ
?run@FuncPass@_abi_1_10@asmjit@@UEAAIPEAVZone@23@PEAVLogger@23@@Z
?runPasses@BaseBuilder@_abi_1_10@asmjit@@QEAAIXZ
?section@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVSection@23@@Z
?section@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVSection@23@@Z
?sectionByName@CodeHolder@_abi_1_10@asmjit@@QEBAPEAVSection@23@PEBD_K@Z
?sectionNodeOf@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVSectionNode@23@I@Z
?serializeTo@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?setCursor@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?setErrorHandler@BaseEmitter@_abi_1_10@asmjit@@QEAAXPEAVErrorHandler@23@@Z
?setErrorHandler@CodeHolder@_abi_1_10@asmjit@@QEAAXPEAVErrorHandler@23@@Z
?setLogger@BaseEmitter@_abi_1_10@asmjit@@QEAAXPEAVLogger@23@@Z
?setLogger@CodeHolder@_abi_1_10@asmjit@@QEAAXPEAVLogger@23@@Z
?setOffset@BaseAssembler@_abi_1_10@asmjit@@QEAAI_K@Z
?setStackSize@BaseCompiler@_abi_1_10@asmjit@@QEAAIIII@Z
?sformat@Zone@_abi_1_10@asmjit@@QEAAPEADPEBDZZ
?shrink@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAX_K@Z
?stackAlignment@Environment@_abi_1_10@asmjit@@QEBAIXZ
?statistics@JitAllocator@_abi_1_10@asmjit@@QEBA?AUStatistics@123@XZ
?stringToInstId@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@PEBD_K@Z
?timeToReadableString@SDK@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?truncate@String@_abi_1_10@asmjit@@QEAAI_K@Z
?typeIdToRegSignature@ArchUtils@_abi_1_10@asmjit@@YAIW4Arch@23@W4TypeId@23@PEAW4523@PEAUOperandSignature@23@@Z
?updateFuncFrame@FuncArgsAssignment@_abi_1_10@asmjit@@QEBAIAEAVFuncFrame@23@@Z
?updateSectionLinks@BaseBuilder@_abi_1_10@asmjit@@QEAAXXZ
?validate@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KW4ValidationFlags@23@@Z

Sections

Size: 249KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 73KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 14KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.winlice
Size: - Virtual size: 21.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 12.9MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
novitec.exe
.exe windows:6 windows x64 arch:x64

f4c9c1a498787c0542ea3450d847a084

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\SLIGHTSAIOEGU\Desktop\SLIGHTS\x64\Release\SLIGHTS.pdb

Imports

kernel32

GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
WriteProcessMemory
VirtualProtect
SetConsoleTextAttribute
GetCurrentProcess
GetStdHandle
VirtualAlloc
TerminateProcess
WaitForSingleObject
GetModuleHandleA
CreateToolhelp32Snapshot
Sleep
Process32NextW
DeleteFileW
Process32FirstW
HeapReAlloc
GetSystemInfo
LoadLibraryW
CreateThread
HeapAlloc
Module32FirstW
GetWindowsDirectoryW
GetProcAddress
GetProcessHeap
CreateProcessW
SetThreadExecutionState
GetConsoleWindow
Module32NextW
GlobalFree
lstrcmpiW
SetConsoleTitleW
IsDebuggerPresent
GlobalAlloc
WideCharToMultiByte
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindFirstFileW
FindClose
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GlobalLock
MultiByteToWideChar
GetModuleHandleW
GetCurrentProcessId
CloseHandle
GetLastError
CreateFileW
WriteFile

user32

GetWindowLongW
DefWindowProcW
GetWindow
DestroyWindow
IsWindowVisible
SetWindowPos
MessageBoxW
CreateWindowExW
GetSystemMetrics
UnregisterClassW
RegisterClassExW
ShowWindow
GetAsyncKeyState
DispatchMessageW
PeekMessageW
SetWindowDisplayAffinity
GetForegroundWindow
SetLayeredWindowAttributes
TranslateMessage
FindWindowW
SetWindowLongW
PostQuitMessage
FindWindowA
UpdateWindow
GetKeyState
ScreenToClient
GetActiveWindow
GetCapture
ClientToScreen
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW

safeguard-lib

?authenticateUser@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?registerUser@SDK@@QEAAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?isSessionValid@SDK@@QEAA_NXZ
??0SDK@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

msvcp140

_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dx9_43

D3DXCreateTextureFromFileInMemory

dwmapi

DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9Ex

winhttp

WinHttpReadData
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpen
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memmove
memcmp
memchr
__current_exception
__std_exception_copy
__std_exception_destroy
__current_exception_context
__C_specific_handler
_CxxThrowException
memset
strstr
__std_terminate

api-ms-win-crt-runtime-l1-1-0

exit
_c_exit
terminate
abort
__p___argv
__p___argc
_register_thread_local_exe_atexit_callback
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
system
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

isprint
strncpy
strcmp
strcat_s
wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
ungetc
__acrt_iob_func
setvbuf
fgetpos
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vfprintf
_set_fmode
__stdio_common_vsprintf_s
fsetpos
ftell
fflush
fclose
fseek
fputc
fwrite
_wfopen
__stdio_common_vsprintf
__stdio_common_vsscanf
fread
fgetc

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
strftime

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

asinf
acosf
tanf
atanf
fmodf
atan2f
powf
sin
__setusermatherr
sinf
sqrtf
_hypotf
pow
ceilf
cos
cosf
floorf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
rename
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

Exports

Exports

?timeToReadableString@SDK@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z

Sections

.text
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18.9MB - Virtual size: 19.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cstealer.pyc

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 249KB - Virtual size: 498KB

Size: 73KB - Virtual size: 177KB

Size: 14KB - Virtual size: 42KB

Size: 10KB - Virtual size: 17KB

Size: 1KB - Virtual size: 8KB

Size: 512B - Virtual size: 24B

Size: 512B - Virtual size: 248B

Size: 1KB - Virtual size: 2KB

.edata Size: 22KB - Virtual size: 22KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.winlice Size: - Virtual size: 21.9MB

.boot Size: 12.9MB - Virtual size: 12.9MB

.reloc Size: 16B - Virtual size: 4KB

f4c9c1a498787c0542ea3450d847a084

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

safeguard-lib

msvcp140

imm32

d3dx9_43

dwmapi

d3d9

winhttp

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 600KB - Virtual size: 600KB

.rdata Size: 487KB - Virtual size: 486KB

.data Size: 18.9MB - Virtual size: 19.1MB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 536B

.edata
Size: 22KB - Virtual size: 22KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.winlice
Size: - Virtual size: 21.9MB

.boot
Size: 12.9MB - Virtual size: 12.9MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 600KB - Virtual size: 600KB

.rdata
Size: 487KB - Virtual size: 486KB

.data
Size: 18.9MB - Virtual size: 19.1MB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 536B