private[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

private.rar
Size

43.5MB
MD5

b3ac1dc0a4cb7b3fe3f27241e209f003
SHA1

414ad172c0d5b01df6e15ecfb0c1383a162c65bd
SHA256

f704d97b43c6b4c4f4e7b0d2383c8c49428f00e843dade2fce0c106e89ccec11
SHA512

b923246c77fe05b7154a3038433195d2efa862630acea8b9c47dc8e5350e5afabdb2c7b7407778dbf45f075d449e1cbf508dc207799c689183297cc0f2153bce
SSDEEP

786432:eqeTNg3oq5IBoPeZzLKBm/Pkc42XTXCfux88tv58MMxCIMMCu8hPStnTvb1z:yTumFhK8/8H2Dyfb8t27xCfzu8ha5z

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dtc ahh driver.sys
unpack001/kdmapper_Release.exe
unpack001/private/FN PRIVATE SOURCE CODE/build/PRIVATE.exe

Files

private.rar
.rar
dtc ahh driver.sys
.sys windows:10 windows x64 arch:x64

fcfb71ea19543c86926a0956ca5d482e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Firez\Documents\GitHub\apex-driver\x64\Release\cheat_driver.pdb

Imports

ntoskrnl.exe

RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
PsGetProcessPeb
RtlEqualUnicodeString
PsLoadedModuleList
ObfDereferenceObject
ObCloseHandle
IoCreateFileEx
RtlInitUnicodeString
ObReferenceObjectByHandleWithTag
MmCopyVirtualMemory
IoGetCurrentProcess
IoFileObjectType
KeStackAttachProcess
PsLookupProcessByProcessId
RtlImageNtHeader
RtlInitAnsiString
_stricmp
ZwDeleteFile
PsGetProcessSectionBaseAddress
ZwOpenFile
CmRegisterCallback
MmFlushImageSection
ZwClose
KeUnstackDetachProcess

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kdmapper_Release.exe
.exe windows:6 windows x64 arch:x64

e7450d08a0608d92a54b7d6bf221a3fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\pluto\Desktop\kdmapper-master\x64\Release\kdmapper_Release.pdb

Imports

kernel32

Sleep
CloseHandle
GetProcAddress
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
GetModuleHandleA
SetUnhandledExceptionFilter
GetTempPathW
FormatMessageA
GetLocaleInfoEx
GetCurrentThreadId
CreateFileW
VirtualAlloc
DeviceIoControl
Process32FirstW
VirtualFree
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
LocalFree

user32

GetShellWindow
GetWindowThreadProcessId

advapi32

RegCloseKey
RegDeleteTreeW
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW

shell32

ShellExecuteA

msvcp140

?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
wcsstr
memcpy
__std_exception_destroy
memmove
memcmp
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
__std_exception_copy
memset

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_fseeki64
fread
fsetpos
_get_stream_buffer_pointers
__p__commode
fputc
setvbuf
fgetpos
fwrite
ungetc
fflush
fgetc
fclose

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file
_wremove

api-ms-win-crt-string-l1-1-0

_wcsicmp
_stricmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
__p___wargv
__p___argc
_invalid_parameter_noinfo_noreturn
_crt_atexit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_onexit_function
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
abort
_exit
terminate
_c_exit

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
private/FN PRIVATE SOURCE CODE/.vs/public/FileContentIndex/51bfcca9-82bb-4d91-9538-30686bab8426.vsidx
private/FN PRIVATE SOURCE CODE/.vs/public/v17/.suo
private/FN PRIVATE SOURCE CODE/.vs/public/v17/Browse.VC.db
private/FN PRIVATE SOURCE CODE/.vs/public/v17/DocumentLayout.json
private/FN PRIVATE SOURCE CODE/.vs/public/v17/Solution.VC.db
private/FN PRIVATE SOURCE CODE/.vs/public/v17/ipch/AutoPCH/47083ef219074ad1/MAIN.ipch
private/FN PRIVATE SOURCE CODE/build/PRIVATE.exe
.exe windows:6 windows x64 arch:x64

9dd3c9595cd4366c57c56cef6b56b6bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\anushaube\Downloads\github\github\build\github.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtCreateFile
RtlInitUnicodeString
NtDeviceIoControlFile

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

DeviceIoControl
lstrcmpiA
CreateToolhelp32Snapshot
Process32First
Process32Next
Sleep
TerminateProcess
CreateThread
OpenProcess
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
Process32FirstW
Process32NextW
GlobalAlloc
GlobalUnlock
CloseHandle
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryA
GetLocaleInfoA
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileW
IsDebuggerPresent
GlobalLock
GetModuleHandleW

user32

GetDesktopWindow
FindWindowA
EnumWindows
LoadCursorA
ScreenToClient
ClientToScreen
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
GetKeyState
GetKeyboardLayout
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
GetWindowLongA
GetCursorPos
GetWindowRect
TranslateMessage
DispatchMessageA
PeekMessageA
DestroyWindow
GetWindowTextA
ShowWindow
SetWindowPos
GetAsyncKeyState
GetSystemMetrics
SetMenu
UpdateWindow
GetClassNameA

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Thrd_detach
_Query_perf_frequency
?width@ios_base@std@@QEAA_J_J@Z
_Query_perf_counter
?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPEBD@Z

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140

memset
strstr
memchr
__C_specific_handler
__current_exception
__current_exception_context
memcmp
_CxxThrowException
memmove
__std_exception_destroy
memcpy
__std_terminate
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

system
terminate
_beginthreadex
_invalid_parameter_noinfo_noreturn
__p___argv
_register_thread_local_exe_atexit_callback
_c_exit
exit
__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_exit
_get_initial_narrow_environment
_initterm
_initterm_e

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

tanf
sqrtf
atan2f
sinf
powf
atan2
cosf
__setusermatherr
asin
pow
logf
log
fminf
ceilf
fmaxf
acosf
fmodf

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fseek
ftell
fwrite
__stdio_common_vfprintf
fflush
fclose
__p__commode
fread
_wfopen
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
__stdio_common_vsscanf
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
private/FN PRIVATE SOURCE CODE/build/imgui.ini
private/FN PRIVATE SOURCE CODE/build/intermediates/direct_io.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/driver.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/github.exe.recipe
private/FN PRIVATE SOURCE CODE/build/intermediates/imgui.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/imgui_demo.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/imgui_draw.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/imgui_impl_dx11.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/imgui_impl_win32.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/imgui_tables.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/imgui_widgets.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/kernel.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/main.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/mouse.obj
private/FN PRIVATE SOURCE CODE/build/intermediates/public.log
private/FN PRIVATE SOURCE CODE/build/intermediates/public.tlog/CL.command.1.tlog
private/FN PRIVATE SOURCE CODE/build/intermediates/public.tlog/CL.read.1.tlog
private/FN PRIVATE SOURCE CODE/build/intermediates/public.tlog/CL.write.1.tlog
private/FN PRIVATE SOURCE CODE/build/intermediates/public.tlog/Cl.items.tlog
private/FN PRIVATE SOURCE CODE/build/intermediates/public.tlog/link.command.1.tlog
private/FN PRIVATE SOURCE CODE/build/intermediates/public.tlog/link.read.1.tlog
private/FN PRIVATE SOURCE CODE/build/intermediates/public.tlog/link.secondary.1.tlog
private/FN PRIVATE SOURCE CODE/build/intermediates/public.tlog/link.write.1.tlog
private/FN PRIVATE SOURCE CODE/build/intermediates/public.tlog/public.lastbuildstate
private/FN PRIVATE SOURCE CODE/build/intermediates/vc143.pdb
private/FN PRIVATE SOURCE CODE/build/private.pdb
private/FN PRIVATE SOURCE CODE/p2c/game/aimbot/aimbot.hpp
private/FN PRIVATE SOURCE CODE/p2c/game/aimbot/mouse/mouse.cpp
private/FN PRIVATE SOURCE CODE/p2c/game/aimbot/mouse/mouse.hpp
private/FN PRIVATE SOURCE CODE/p2c/game/defines.h
private/FN PRIVATE SOURCE CODE/p2c/game/loop.h
private/FN PRIVATE SOURCE CODE/p2c/game/sdk/decrypt/decrypt.hpp
private/FN PRIVATE SOURCE CODE/p2c/game/sdk/offsets.h
private/FN PRIVATE SOURCE CODE/p2c/game/sdk/sdk.h
private/FN PRIVATE SOURCE CODE/p2c/imgui.ini
private/FN PRIVATE SOURCE CODE/p2c/kernel/comms/driver.cpp
private/FN PRIVATE SOURCE CODE/p2c/kernel/comms/driver.hpp
private/FN PRIVATE SOURCE CODE/p2c/kernel/comms/globals/globals.hpp
private/FN PRIVATE SOURCE CODE/p2c/kernel/defs.h
private/FN PRIVATE SOURCE CODE/p2c/kernel/spoof.h
private/FN PRIVATE SOURCE CODE/p2c/main.cpp
private/FN PRIVATE SOURCE CODE/p2c/protection/string/LI_FN.h
private/FN PRIVATE SOURCE CODE/p2c/protection/string/skc.h
private/FN PRIVATE SOURCE CODE/p2c/protection/string/xor.hpp
private/FN PRIVATE SOURCE CODE/p2c/protection/string/xorstr.h
private/FN PRIVATE SOURCE CODE/p2c/public.vcxproj
private/FN PRIVATE SOURCE CODE/p2c/public.vcxproj.filters
private/FN PRIVATE SOURCE CODE/p2c/public.vcxproj.user
private/FN PRIVATE SOURCE CODE/p2c/render/imgui/includes.h
private/FN PRIVATE SOURCE CODE/p2c/render/overlay/notepad.hpp
private/FN PRIVATE SOURCE CODE/p2c/render/render.hpp
private/FN PRIVATE SOURCE CODE/p2c/requirements/includes.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/Gizzard.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/Icons.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imconfig.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui.cpp
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui_demo.cpp
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui_draw.cpp
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui_impl_dx11.cpp
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui_impl_dx11.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui_impl_win32.cpp
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui_impl_win32.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui_internal.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui_tables.cpp
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imgui_widgets.cpp
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imstb_rectpack.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imstb_textedit.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/imstb_truetype.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/intro.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/menu.h
private/FN PRIVATE SOURCE CODE/p2c/requirements/ui/regular.h
private/FN PRIVATE SOURCE CODE/public.sln

Sharing

General

Malware Config

Signatures

Files

fcfb71ea19543c86926a0956ca5d482e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 752B

.data Size: - Virtual size: 16B

.pdata Size: 512B - Virtual size: 84B

INIT Size: 1024B - Virtual size: 816B

e7450d08a0608d92a54b7d6bf221a3fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 264B

9dd3c9595cd4366c57c56cef6b56b6bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

d3d11

d3dcompiler_43

kernel32

user32

msvcp140

imm32

dwmapi

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 308KB - Virtual size: 308KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 159KB - Virtual size: 161KB

.pdata Size: 13KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 572B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 752B

.data
Size: - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 84B

INIT
Size: 1024B - Virtual size: 816B

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 264B

.text
Size: 308KB - Virtual size: 308KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 159KB - Virtual size: 161KB

.pdata
Size: 13KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 572B