discord[.]gg aurafn[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

discord.gg aurafn.rar
Size

1.5MB
MD5

f4ed251a50f681234c8b4f28a070f328
SHA1

dc25c3e8d8d912fc0e97e4642b95176056975375
SHA256

d115cf7832f5dada70884b1784ef828510208a4e979b55fbed9c41078f53dc3d
SHA512

3748cbbb2097b03e54879717fb00a954b2f92068de8daa4b2faadd1739977934d709a13ba5f2e4b38c99258cca737b81fdca117d00eeafb3c5e0fa50a6dd60fb
SSDEEP

24576:GKLLi3IbhVzqfawZFjQ4x1scuBOrcCqntuYasGWx9Hz16HhMtndnojGgh0ToZrki:XNzQajm1t4HntOnWxpz1QMtndnykoZrR

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/discord.gg aurafn/aura.cc.exe
unpack001/discord.gg aurafn/drag .sys onto here.exe
unpack001/discord.gg aurafn/driver.sys

Files

discord.gg aurafn.rar
.rar
discord.gg aurafn/aura.cc.exe
.exe windows:6 windows x64 arch:x64

f1be110d878b41318ee6825dfafa6d32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\huntiez\Desktop\cheat\build\aura.cc.pdb

Imports

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

kernel32

CreateFileA
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleExW
FormatMessageW
WriteFile
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
SetLastError
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
OutputDebugStringW
GlobalAlloc
GlobalUnlock
GlobalLock
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetLastError
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
RtlVirtualUnwind
GetFileType
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
WaitForSingleObjectEx
VerifyVersionInfoA
GlobalFree
GetSystemDirectoryA
SleepEx
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetConsoleTitleW
SetConsoleMode
GetConsoleMode
lstrcmpiW
CreateThread
DeviceIoControl
CloseHandle
Beep
CreateFileW
GetStdHandle
InitializeSListHead

user32

OpenClipboard
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
LoadIconW
GetWindow
GetDesktopWindow
SetWindowLongW
MessageBoxA
GetWindowRect
UpdateWindow
GetSystemMetrics
SendInput
GetAsyncKeyState
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
PeekMessageW
DispatchMessageW
TranslateMessage
LoadCursorW
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetKeyState
GetForegroundWindow
GetClientRect
SetCursorPos

advapi32

CryptGenRandom
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptEnumProvidersW
CryptSignHashW
CryptAcquireContextA

shell32

ShellExecuteW

d3d9

Direct3DCreate9Ex

msvcp140

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exceptions@std@@YAHXZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
?_Throw_Cpp_error@std@@YAXH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

wldap32

ord27
ord32
ord33
ord22
ord41
ord143
ord46
ord35
ord50
ord211
ord60
ord45
ord79
ord30
ord26
ord301
ord200

imm32

ImmGetContext
ImmAssociateContextEx
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

dwmapi

DwmExtendFrameIntoClientArea

bcrypt

BCryptGenRandom

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
wcsstr
strrchr
strchr
memchr
strstr
memset
memmove
memcpy
memcmp
__std_terminate
_CxxThrowException
__std_exception_destroy
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
signal
_initterm_e
_initterm
_get_initial_narrow_environment
strerror_s
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
raise
_beginthreadex
_exit
exit
strerror
__sys_nerr
_errno
system
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_wfopen
fclose
fflush
fread
__acrt_iob_func
__stdio_common_vsprintf
_open
_close
_write
_read
__p__commode
_set_fmode
__stdio_common_vswprintf
__stdio_common_vfprintf
setbuf
clearerr
_setmode
_fileno
ferror
feof
_lseeki64
setvbuf
fgets
fputc
fopen
fputs
__stdio_common_vsprintf_s
__stdio_common_vsscanf
fwrite
ftell
fseek

api-ms-win-crt-convert-l1-1-0

strtod
atoi
strtoull
strtoul
strtol
strtoll
atof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

ceilf
cosf
tanf
sqrtf
acosf
__setusermatherr
sqrt
atan2
atan2f
asin
log
logf
pow
fmodf
sinf
powf

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
tolower
strpbrk
strcspn
strspn
isupper
_stricmp
_strnicmp
strncpy
_strdup
isspace

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
calloc
free
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_fstat64i32
_stat64
_fstat64
_access

api-ms-win-crt-environment-l1-1-0

getenv

crypt32

CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertGetNameStringA

ws2_32

getpeername
getsockname
getsockopt
htons
ntohs
ntohl
bind
connect
WSAIoctl
WSASetLastError
shutdown
WSAStartup
WSACleanup
accept
freeaddrinfo
select
closesocket
__WSAFDIsSet
recv
send
inet_pton
WSAGetLastError
getaddrinfo
ioctlsocket
listen
getnameinfo
htonl
recvfrom
socket
sendto
gethostname
setsockopt

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 711KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 230KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
discord.gg aurafn/drag .sys onto here.exe
.exe windows:6 windows x64 arch:x64

1046895ecc8128cfeb71a6157369ce59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\snipe\Downloads\signed mem kdmapper\kdmapper-master\x64\Release\kdmapper_Release.pdb

Imports

kernel32

Process32NextW
Process32FirstW
SetUnhandledExceptionFilter
Sleep
FormatMessageA
GetLocaleInfoEx
CreateToolhelp32Snapshot
GetCurrentProcessId
GetProcAddress
CloseHandle
GetModuleHandleA
GetCurrentThreadId
CreateFileW
VirtualAlloc
DeviceIoControl
GetTempPathW
VirtualFree
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
LocalFree

user32

GetWindowThreadProcessId
GetShellWindow

advapi32

RegSetKeyValueW
RegCloseKey
RegDeleteTreeW
RegCreateKeyW
RegOpenKeyW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memcpy
__C_specific_handler
__current_exception
wcsstr
__std_exception_copy
__std_exception_destroy
memcmp
__current_exception_context
__std_terminate
memset
memmove

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
_set_fmode
_fseeki64
fread
fsetpos
ungetc
fflush
fclose
setvbuf
fputc
fwrite
fgetpos
__p__commode
fgetc

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_wremove
_lock_file

api-ms-win-crt-string-l1-1-0

_stricmp
_wcsicmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

terminate
_crt_atexit
_register_onexit_function
_cexit
__p___wargv
__p___argc
_invalid_parameter_noinfo_noreturn
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
abort
_register_thread_local_exe_atexit_callback
system
exit
_c_exit

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
discord.gg aurafn/driver.sys
.sys windows:10 windows x64 arch:x64

12c47c90a4b7fc6aa7033af75abbafb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\u8ej\Downloads\v2-payson-ioctl-cheat-driver-main\v2-payson-ioctl-cheat-driver-main\build\DRV\Kernel.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlGetVersion
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmCopyMemory
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1be110d878b41318ee6825dfafa6d32

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx9_43

kernel32

user32

advapi32

shell32

d3d9

msvcp140

wldap32

imm32

dwmapi

bcrypt

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

crypt32

ws2_32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 711KB - Virtual size: 710KB

.data Size: 230KB - Virtual size: 249KB

.pdata Size: 94KB - Virtual size: 93KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 25KB - Virtual size: 25KB

1046895ecc8128cfeb71a6157369ce59

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 264B

12c47c90a4b7fc6aa7033af75abbafb8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 711KB - Virtual size: 710KB

.data
Size: 230KB - Virtual size: 249KB

.pdata
Size: 94KB - Virtual size: 93KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 25KB - Virtual size: 25KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 264B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 560B

.pdata
Size: 512B - Virtual size: 180B

INIT
Size: 512B - Virtual size: 492B

.reloc
Size: 512B - Virtual size: 36B