Grimlite Rev - Amogus[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Grimlite Rev - Amogus.zip
Size

2.2MB
MD5

f48306e3b0d4f1aab7bec9d449ff1e24
SHA1

fa1942c4d6448e8057960b19685031e680353c9a
SHA256

0f91e44ebde09408a9d9d88119dbb0754877ab637f05792cb379a38fb99b622f
SHA512

921390694f45d587b519e7af62d5a91529db5013082de33ac29b19d242d3382152d7d9f54c724e5339a0a1459a322d7694e996f39409de0b8a0c16a60942e865
SSDEEP

49152:SUIENkYaazNZ0tl3OpMVXm3SONG3a3oEd9kmX3wisufxPUtH5ovni+:SUI4asZul+pMVXmVcKYSkm3wfC+tZov7

Score

3^/10

Malware Config

Signatures

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Grimlite Rev - Amogus/Grimoire.exe
unpack001/Grimlite Rev - Amogus/Libs/AxInterop.ShockwaveFlashObjects.dll
unpack001/Grimlite Rev - Amogus/Libs/DarkUI.dll
unpack001/Grimlite Rev - Amogus/Libs/EasyHook.dll
unpack001/Grimlite Rev - Amogus/Libs/EasyHook32.dll
unpack001/Grimlite Rev - Amogus/Libs/EasyHook32Svc.exe
unpack001/Grimlite Rev - Amogus/Libs/EasyHook64.dll
unpack001/Grimlite Rev - Amogus/Libs/EasyHook64Svc.exe
unpack001/Grimlite Rev - Amogus/Libs/EasyLoad32.dll
unpack001/Grimlite Rev - Amogus/Libs/EasyLoad64.dll
unpack001/Grimlite Rev - Amogus/Libs/FlatTabControl.dll
unpack001/Grimlite Rev - Amogus/Libs/HtmlAgilityPack.dll
unpack001/Grimlite Rev - Amogus/Libs/Interop.ShockwaveFlashObjects.dll
unpack001/Grimlite Rev - Amogus/Libs/Unity3.Eyedropper.dll
unpack001/Grimlite Rev - Amogus/Libs/VisualStudioTabControl.dll
unpack001/Grimlite Rev - Amogus/Plugins/ActionClient_2.3.dll
unpack001/Grimlite Rev - Amogus/Plugins/ActionHost_2.3.dll
unpack001/Grimlite Rev - Amogus/Plugins/MaidRemake_5.3.dll
unpack001/Grimlite Rev - Amogus/Plugins/Quest Grabber.dll
unpack001/Grimlite Rev - Amogus/Plugins/SkillCommandPlugin.dll

Files

Grimlite Rev - Amogus.zip
.zip
Grimlite Rev - Amogus/BotClientConfig.cfg
Grimlite Rev - Amogus/Bots/654654654.gbot
Grimlite Rev - Amogus/Bots/802 - Experiment 107 - Elder's Blood Potion (Elders' Blood).gbot
Grimlite Rev - Amogus/Bots/A solemn Favor quest.gbot
Grimlite Rev - Amogus/Bots/Archmage.gbot
Grimlite Rev - Amogus/Bots/Arts_Darkon's_Receipt_Bot.gbot
Grimlite Rev - Amogus/Bots/BONE DUST.gbot
Grimlite Rev - Amogus/Bots/Beast Soul.gbot
Grimlite Rev - Amogus/Bots/BlackSmithing/Lotebi - BlackSmithing - Room Bots.gbot
Grimlite Rev - Amogus/Bots/BlackSmithing/Lotebi - BlackSmithing - Room Private.gbot
Grimlite Rev - Amogus/Bots/BlackSmithing/Lotebi - BlackSmithing - Room Public.gbot
Grimlite Rev - Amogus/Bots/BlackSmithing/Lotebi - Quest 50rep BlackSmithing - Room Private.gbot
Grimlite Rev - Amogus/Bots/Bloom_YokaiRep_Updated_rev.gbot
Grimlite Rev - Amogus/Bots/Breastplate of Awe.gbot
Grimlite Rev - Amogus/Bots/Cape of Awe.gbot
Grimlite Rev - Amogus/Bots/Chaos.gbot
Grimlite Rev - Amogus/Bots/DEMANDING ITEMS OF NULGATH.gbot
Grimlite Rev - Amogus/Bots/Darkon's reciept.gbot
Grimlite Rev - Amogus/Bots/Elemental Master Rep Bot - Arclight 2019.gbot
Grimlite Rev - Amogus/Bots/Emblem of Nulgath Bot.cbot
Grimlite Rev - Amogus/Bots/FAST LEVEL ICESTORMARENA GRIMLITE v1.3.gbot
Grimlite Rev - Amogus/Bots/Folcard_DoomwoodREP_DoomOverlord.gbot
Grimlite Rev - Amogus/Bots/Food_Fishing_Rep.gbot
Grimlite Rev - Amogus/Bots/Gauntlet of Awe.gbot
Grimlite Rev - Amogus/Bots/Gem of Nulgath.cbot
Grimlite Rev - Amogus/Bots/Gold.cbot
Grimlite Rev - Amogus/Bots/Greaves of Awe.gbot
Grimlite Rev - Amogus/Bots/Guards of Wrath.gbot
Grimlite Rev - Amogus/Bots/HedgemazeXPSPAMMER.xml
Grimlite Rev - Amogus/Bots/Helm of Awe.gbot
Grimlite Rev - Amogus/Bots/Jex_FBBlackSmithingRep.gbot
Grimlite Rev - Amogus/Bots/Kaos_Desolate_combat_trophies_modified.gbot
Grimlite Rev - Amogus/Bots/Kaos_Penance_BestWithArmies.gbot
Grimlite Rev - Amogus/Bots/Lotebi - Cleverness + 400Rep.gbot
Grimlite Rev - Amogus/Bots/Lotebi - Persistence 300Rep.gbot
Grimlite Rev - Amogus/Bots/Lotebi - StreamWar - Farm gold - Grimlite Rev 1.3+.gbot
Grimlite Rev - Amogus/Bots/Lotebi - Strenght 200Rep.gbot
Grimlite Rev - Amogus/Bots/Lotebi - StؤؤءئؤئءreamWar - Farm gold - Grimlite Rev 1سس.3+.gbot
Grimlite Rev - Amogus/Bots/Lotebi - Tainted Gems - Room Public.gbot
Grimlite Rev - Amogus/Bots/Magic Dance.gbot
Grimlite Rev - Amogus/Bots/Pauldron of Awe.gbot
Grimlite Rev - Amogus/Bots/Qwack-Chrono Assassin.gbot
Grimlite Rev - Amogus/Bots/Rep Quest.gbot
Grimlite Rev - Amogus/Bots/Roentgenium of Nulgath [GRIMLITE REV].gbot
Grimlite Rev - Amogus/Bots/Roentgenium of Nulgath.gbot
Grimlite Rev - Amogus/Bots/SUPER FAST EXP AND GOLD.gbot
Grimlite Rev - Amogus/Bots/Soul Searching.gbot
Grimlite Rev - Amogus/Bots/Souls of Heresy.gbot
Grimlite Rev - Amogus/Bots/Tainted Gem Bot.cbot
Grimlite Rev - Amogus/Bots/Totem of Nulgath - Voucher Item.gbot
Grimlite Rev - Amogus/Bots/Totem of Nulgath Bot by PeWe.gbot
Grimlite Rev - Amogus/Bots/VHL challenge quest full bot.cbot
Grimlite Rev - Amogus/Bots/VOID HIGHLORD CHAOS GEMRALD.gbot
Grimlite Rev - Amogus/Bots/Vambrace of Awe.gbot
Grimlite Rev - Amogus/Bots/Violence's Gatekeeper.gbot
Grimlite Rev - Amogus/Bots/Void Highlord [Grimlite Rev].gbot
Grimlite Rev - Amogus/Bots/Voucher of nulgath, unidentified 13.cbot
Grimlite Rev - Amogus/Bots/Weeb-Bluu_Necrotic_Sword_of_Doom_Bot.gbot
Grimlite Rev - Amogus/Bots/Weeb_EvilRep_Bot.gbot
Grimlite Rev - Amogus/Bots/Where the Trea-sun Don't Shine.gbot
Grimlite Rev - Amogus/Bots/gddfgdgdfg.gbot
Grimlite Rev - Amogus/Bots/legendary breast.gbot
Grimlite Rev - Amogus/Bots/sdfadfsfadfasfadfafdafasdfads.gbot
Grimlite Rev - Amogus/Bots/v2 Fastest Nulgath (Larvae).gbot
Grimlite Rev - Amogus/Bots/v2 Fastest Totem of Nulgath.gbot
Grimlite Rev - Amogus/Grimoire.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

k$G}1$
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Grimoire.exe.config
Grimlite Rev - Amogus/Libs/AxInterop.ShockwaveFlashObjects.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/DarkUI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\DarkUI\obj\Release\net48\DarkUI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/EasyHook.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\EasyHook\obj\netfx4-Release\EasyHook.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/EasyHook.xml
.js .xml polyglot
Grimlite Rev - Amogus/Libs/EasyHook32.dll
.dll windows:6 windows x86 arch:x86

0c2609288fcba4a8350c2130643a83bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\Build\netfx4-Release\x86\EasyHook32.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
CreateEventW
CreateToolhelp32Snapshot
DuplicateHandle
TlsAlloc
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
GetCurrentProcessId
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
InterlockedExchange
GetVersionExW
VirtualQuery
SetStdHandle
OutputDebugStringW
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
WriteConsoleW
SetEndOfFile
WriteProcessMemory
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemAlloc
CoTaskMemFree

shlwapi

PathQuoteSpacesW

Exports

Exports

?GetRemoteModuleExportDirectory@@YGHPAXPAUHINSTANCE__@@PAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS@@@Z
_DbgAttachDebugger@0
_DbgDetachDebugger@0
_DbgGetProcessIdByHandle@8
_DbgGetThreadIdByHandle@8
_DbgHandleToObjectName@16
_DbgIsAvailable@0
_DbgIsEnabled@0
_GacCreateContext@0
_GacInstallAssembly@16
_GacReleaseContext@4
_GacUninstallAssembly@16
_HookCompleteInjection@4
_LhBarrierBeginStackTrace@4
_LhBarrierCallStackTrace@12
_LhBarrierEndStackTrace@4
_LhBarrierGetAddressOfReturnAddress@4
_LhBarrierGetCallback@4
_LhBarrierGetCallingModule@4
_LhBarrierGetReturnAddress@4
_LhBarrierPointerToModule@8
_LhEnumModules@12
_LhGetHookBypassAddress@8
_LhInstallHook@16
_LhIsThreadIntercepted@12
_LhSetExclusiveACL@12
_LhSetGlobalExclusiveACL@8
_LhSetGlobalInclusiveACL@8
_LhSetInclusiveACL@12
_LhUninstallAllHooks@0
_LhUninstallHook@4
_LhUpdateModuleInformation@0
_LhWaitForPendingRemovals@0
_ReleaseTestFuncHookResults@8
_RhCreateAndInject@36
_RhCreateStealthRemoteThread@16
_RhGetProcessToken@8
_RhInjectLibrary@28
_RhInstallDriver@8
_RhInstallSupportDriver@0
_RhIsAdministrator@0
_RhIsX64Process@8
_RhIsX64System@0
_RhWakeUpProcess@0
_RtlCreateSuspendedProcess@20
_RtlGetLastError@0
_RtlGetLastErrorString@0
_RtlGetLastErrorStringCopy@0
_RtlInstallService@12
_TestFuncHooks@24

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/EasyHook32Svc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\easyhook\EasyHookSvc\obj\x86\netfx4-Release\EasyHookSvc.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/EasyHook64.dll
.dll windows:6 windows x64 arch:x64

4d117d78b1518e2a9eee4e20c8ed50c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\Build\netfx4-Release\x64\EasyHook64.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
LoadLibraryW
GetCurrentProcessId
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
TlsAlloc
CreateToolhelp32Snapshot
DuplicateHandle
WriteProcessMemory
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
GetVersionExW
SetEndOfFile
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
CreateEventW
RtlPcToFileHeader
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
RtlUnwindEx
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemFree
CoTaskMemAlloc

shlwapi

PathQuoteSpacesW

Exports

Exports

?GetRemoteModuleExportDirectory@@YAHPEAXPEAUHINSTANCE__@@PEAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS64@@@Z
DbgAttachDebugger
DbgDetachDebugger
DbgGetProcessIdByHandle
DbgGetThreadIdByHandle
DbgHandleToObjectName
DbgIsAvailable
DbgIsEnabled
GacCreateContext
GacInstallAssembly
GacReleaseContext
GacUninstallAssembly
HookCompleteInjection
LhBarrierBeginStackTrace
LhBarrierCallStackTrace
LhBarrierEndStackTrace
LhBarrierGetAddressOfReturnAddress
LhBarrierGetCallback
LhBarrierGetCallingModule
LhBarrierGetReturnAddress
LhBarrierPointerToModule
LhEnumModules
LhGetHookBypassAddress
LhInstallHook
LhIsThreadIntercepted
LhSetExclusiveACL
LhSetGlobalExclusiveACL
LhSetGlobalInclusiveACL
LhSetInclusiveACL
LhUninstallAllHooks
LhUninstallHook
LhUpdateModuleInformation
LhWaitForPendingRemovals
ReleaseTestFuncHookResults
RhCreateAndInject
RhCreateStealthRemoteThread
RhGetProcessToken
RhInjectLibrary
RhInstallDriver
RhInstallSupportDriver
RhIsAdministrator
RhIsX64Process
RhIsX64System
RhWakeUpProcess
RtlCreateSuspendedProcess
RtlGetLastError
RtlGetLastErrorString
RtlGetLastErrorStringCopy
RtlInstallService
TestFuncHooks

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/EasyHook64Svc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\easyhook\EasyHookSvc\obj\netfx4-Release\EasyHookSvc.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/EasyLoad32.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

Close
Load

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/EasyLoad64.dll
.dll windows:4 windows x64 arch:x64

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

Close
Load

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/FlatTabControl.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\satan\Downloads\FlatTabControl_src\FlatTabControl\obj\Debug\FlatTabControl.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/HtmlAgilityPack.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Repos\HtmlAgilityPack\HtmlAgilityPack.Net45\obj\Release\HtmlAgilityPack.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/HtmlAgilityPack.xml
.xml
Grimlite Rev - Amogus/Libs/Interop.ShockwaveFlashObjects.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 12:41

Not After

27/04/2028, 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25/10/2018, 00:00

Not After

29/10/2021, 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10
Signer

Actual PE Digest

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/Newtonsoft.Json.xml
.xml
Grimlite Rev - Amogus/Libs/PostSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:c0:c8:29:87:21:c4:dc:d3:46:b0:3a:16:af:cb:e5
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/09/2020, 00:00

Not After

04/10/2023, 12:00

Subject

CN=SharpCrafters s.r.o.,O=SharpCrafters s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:26:27:ac:74:76:46:f5:37:c4:36:ae:18:29:1f:db:0f:66:da:40:88:f3:6e:03:66:1a:b4:69:52:d0:d2:a2
Signer

Actual PE Digest

52:26:27:ac:74:76:46:f5:37:c4:36:ae:18:29:1f:db:0f:66:da:40:88:f3:6e:03:66:1a:b4:69:52:d0:d2:a2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\src\PostSharp-610\Public\Core\PostSharp\obj\Release\net45\PostSharp.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/PostSharp.xml
Grimlite Rev - Amogus/Libs/Unity3.Eyedropper.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\satan\Documents\Unity3.Eyedropper\Unity3.Eyedropper\obj\Debug\Unity3.Eyedropper.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/VisualStudioTabControl.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\raiha\Downloads\Compressed\VisualStudioTabControl\VisualStudioTabControl\obj\Release\VisualStudioTabControl.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Libs/VisualStudioTabControl.dll.config
.xml
Grimlite Rev - Amogus/Plugins/ActionClient_2.3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\raiha\Downloads\Compressed\Plugins - Source Code\ActionClient_2.3\ActionClient_2.3\obj\Release\ActionClient_2.3.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Plugins/ActionHost_2.3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\raiha\Downloads\Compressed\Plugins - Source Code\ActionHost_2.3\ActionHost_2.3\obj\Release\ActionHost_2.3.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Plugins/MaidRemake_5.3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\yohan\Documents\Visual Studio\MaidRemakePluginRepo\obj\Debug\MaidRemake_5.3.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 773KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Plugins/Quest Grabber.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\satan\Desktop\Grimoire_3.8Plus\Plugins\projects\questgrabber\obj\Debug\ExampleCommandPlugin.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/Plugins/SkillCommandPlugin.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Vivaldi\Downloads\Grimoire Public\Grimoire\SkillCommandPlugin\obj\Release\SkillCommandPlugin.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Grimlite Rev - Amogus/README.txt
Grimlite Rev - Amogus/grimlite-rev.swf

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

k$G} 1$ Size: 345KB - Virtual size: 345KB

.text Size: 3.8MB - Virtual size: 3.8MB

.rsrc Size: 143KB - Virtual size: 142KB

Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 16KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 278KB - Virtual size: 277KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 48KB - Virtual size: 48KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

0c2609288fcba4a8350c2130643a83bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 78KB - Virtual size: 98KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

4d117d78b1518e2a9eee4e20c8ed50c7

k$G}1$
Size: 345KB - Virtual size: 345KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rsrc
Size: 143KB - Virtual size: 142KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 278KB - Virtual size: 277KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 78KB - Virtual size: 98KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 85KB - Virtual size: 112KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4KB - Virtual size: 4KB

.sdata
Size: 512B - Virtual size: 95B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 4KB - Virtual size: 4KB

.sdata
Size: 512B - Virtual size: 103B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 4KB - Virtual size: 12B