C:\Users\sonyc\Downloads\driverkm\driverkm\hujdrv\x64\Release\driver.pdb
Overview
overview
7Static
static
3Release.zip
windows7-x64
1Release.zip
windows10-2004-x64
7Setup.txt
windows7-x64
1Setup.txt
windows10-2004-x64
1emu/878321.exe
windows7-x64
1emu/878321.exe
windows10-2004-x64
1emu/KeyAut...or.exe
windows7-x64
1emu/KeyAut...or.exe
windows10-2004-x64
1emu/KeyAut...or.exe
windows7-x64
1emu/KeyAut...or.exe
windows10-2004-x64
1index.html
windows7-x64
3index.html
windows10-2004-x64
3loader3.exe
windows7-x64
1loader3.exe
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
Release.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Release.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Setup.txt
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Setup.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
emu/878321.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
emu/878321.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
emu/KeyAuthEmulator.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
emu/KeyAuthEmulator.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
emu/KeyAuthEmulator.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
emu/KeyAuthEmulator.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
index.html
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
index.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
loader3.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
loader3.exe
Resource
win10v2004-20241007-en
General
-
Target
Release.zip
-
Size
1.1MB
-
MD5
047e1e654f02abeb24f95df4e34231bc
-
SHA1
54df77449d6a833b8459a319ac04e93fd84beab1
-
SHA256
89af23ff21360079b2ee8011aa959c1b4baf7ab09522e74980a6d86c2aa868dd
-
SHA512
7d21689e3df3216c22cf248489ad9faa99a2cf10f9521944be50fae61ace29a5a908480fda3c5511b98ca7c55d93c26e16956036fa5fc28561356d3b777dfdcc
-
SSDEEP
24576:FxVYnMv+gfZLNnOLgr7RSQDexlQxWGo/snKoAj4Ac7nGzglqS/7zafBISC8QE:WnWhZLNOkJSQyPYWHkXE4jbGc1/vaf7F
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource unpack001/emu/675606 unpack001/emu/878321 unpack001/emu/KeyAuthEmulator.dll unpack001/emu/KeyAuthEmulator.exe unpack001/loader3.exe
Files
-
Release.zip.zip
Password: 1
-
Setup.txt
-
emu/675606.sys windows:10 windows x64 arch:x64
696d60ae367d03598f443c104125e83d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
RtlCopyUnicodeString
DbgPrintEx
KeQueryUnbiasedInterruptTime
ExAllocatePool2
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
wcslen
ObInsertObject
ObMakeTemporaryObject
swprintf
ObCreateObject
IoDriverObjectType
PsGetProcessSectionBaseAddress
MmGetVirtualForPhysical
MmCopyMemory
MmGetPhysicalMemoryRanges
ZwClose
ObfDereferenceObject
wdfldr.sys
WdfVersionUnbind
WdfLdrQueryInterface
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass
Sections
.text Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
emu/878321.exe windows:6 windows x64 arch:x64
Password: 1
3f3088291d89cc63e4395c6007182259
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\sonyi\Desktop\RTCore64_Vulnerability-main\RTCore64_Vulnerability-main\x64\Release\RTCore64_Vulnerability.pdb
Imports
kernel32
GetCurrentThreadId
GetModuleHandleA
OpenProcess
GetLastError
CreateFileA
LoadLibraryA
DeleteFileA
CloseHandle
GetProcAddress
GetCurrentProcessId
CreateFileW
DeviceIoControl
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetUnhandledExceptionFilter
GetTempPathW
FormatMessageA
GetLocaleInfoEx
VirtualAlloc
VirtualFree
SetLastError
GetFileAttributesExA
CreateDirectoryA
GetModuleFileNameA
InitializeSListHead
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
LocalFree
user32
GetShellWindow
GetWindowThreadProcessId
advapi32
RegCloseKey
RegDeleteTreeW
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW
ole32
StringFromGUID2
msvcp140
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1_Lockit@std@@QEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
ntdll
RtlInitUnicodeString
NtQuerySystemInformation
dbghelp
SymLoadModuleEx
SymUnloadModule64
SymCleanup
SymSetOptions
SymInitialize
SymFromName
urlmon
URLDownloadToFileA
shlwapi
PathFileExistsA
PathRemoveFileSpecA
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_terminate
wcsstr
__std_exception_destroy
memcpy
_CxxThrowException
__current_exception
memmove
memcmp
__C_specific_handler
memset
__current_exception_context
__std_exception_copy
api-ms-win-crt-convert-l1-1-0
_itoa_s
wcstombs_s
api-ms-win-crt-stdio-l1-1-0
fsetpos
fputc
ungetc
fread
_fseeki64
fflush
__p__commode
setvbuf
fgetpos
__stdio_common_vsprintf
fwrite
_set_fmode
_get_stream_buffer_pointers
fgetc
fclose
api-ms-win-crt-utility-l1-1-0
rand
srand
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_wremove
_lock_file
api-ms-win-crt-string-l1-1-0
_stricmp
_wcsicmp
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-heap-l1-1-0
free
malloc
_callnewh
_set_new_mode
api-ms-win-crt-runtime-l1-1-0
_c_exit
_register_thread_local_exe_atexit_callback
__p___wargv
_initterm
_register_onexit_function
terminate
_get_initial_wide_environment
__p___argc
_initialize_wide_environment
_initialize_onexit_table
_crt_atexit
_configure_wide_argv
_exit
_initterm_e
abort
exit
_cexit
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-environment-l1-1-0
_dupenv_s
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 83KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
emu/KeyAuthEmulator.deps.json
-
emu/KeyAuthEmulator.dll.exe windows:4 windows x86 arch:x86
Password: 1
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Penguin\source\repos\KeyAuthEmulator\obj\Debug\net8.0\KeyAuthEmulator.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
emu/KeyAuthEmulator.exe.exe windows:6 windows x64 arch:x64
Password: 1
6a91eb82bfd19d2706c7d43c46f7064e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
Imports
kernel32
FreeLibrary
LoadLibraryExW
OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
GetModuleHandleW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetWindowsDirectoryW
FindResourceW
GetLastError
ActivateActCtx
FindClose
CreateActCtxW
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
user32
MessageBoxW
shell32
ShellExecuteW
advapi32
RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
abort
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
__p___argc
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
fputwc
__p__commode
_set_fmode
fputws
_wfsopen
fflush
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
setvbuf
api-ms-win-crt-heap-l1-1-0
calloc
_set_new_mode
free
_callnewh
malloc
api-ms-win-crt-string-l1-1-0
toupper
_wcsdup
wcsncmp
wcsnlen
strcpy_s
api-ms-win-crt-convert-l1-1-0
wcstoul
_wtoi
api-ms-win-crt-time-l1-1-0
_gmtime64_s
_time64
wcsftime
api-ms-win-crt-locale-l1-1-0
setlocale
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_lock_locales
_unlock_locales
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
emu/KeyAuthEmulator.runtimeconfig.json
-
emu/secret.txt
-
index.html.html .js polyglot
-
loader3.exe.exe windows:6 windows x64 arch:x64
Password: 1
9f3e94e0a6bee4f32516cf441edc9962
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\sonyc\Downloads\web\web\Release\fortnite.pdb
Imports
d3d11
D3D11CreateDeviceAndSwapChain
dwmapi
DwmExtendFrameIntoClientArea
ntdll
VerSetConditionMask
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
kernel32
Process32NextW
CreateFileW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
VirtualProtect
CreateFileMappingW
MapViewOfFile
GetModuleFileNameA
QueryFullProcessImageNameW
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
GetCurrentThreadId
GetLocaleInfoEx
SetCurrentDirectoryW
CreateToolhelp32Snapshot
SetConsoleTextAttribute
lstrcmpiW
LoadLibraryW
GetCurrentProcess
Sleep
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetStdHandle
CreateFileA
GetFileSizeEx
GetModuleHandleW
MapViewOfFileFromApp
CreateFileMappingFromApp
UnmapViewOfFile
OpenProcess
GetThreadContext
AreFileApisANSI
WakeAllConditionVariable
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
OutputDebugStringW
OpenThread
CreateFile2
IsDebuggerPresent
DebugBreak
OutputDebugStringA
CheckRemoteDebuggerPresent
CloseHandle
GetLastError
GetCurrentThread
CreateThread
Process32FirstW
GlobalAlloc
TerminateProcess
GetCurrentProcessId
user32
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetKeyState
GetForegroundWindow
MessageBoxA
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
LoadCursorW
TranslateMessage
DispatchMessageW
PeekMessageA
DestroyWindow
ShowWindow
SetWindowPos
GetAsyncKeyState
GetSystemMetrics
SetMenu
UpdateWindow
GetWindowRect
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
GetClassNameA
EnumWindows
SetWindowLongW
FindWindowA
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
FindWindowW
ole32
CoCreateInstance
CoInitialize
CoUninitialize
msvcp140
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Random_device@std@@YAIXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$collate@D@std@@2V0locale@2@A
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Strxfrm
_Strcoll
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_signal
_Cnd_broadcast
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Thrd_id
_Thrd_hardware_concurrency
_Thrd_join
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?uncaught_exceptions@std@@YAHXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
imm32
ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow
ImmReleaseContext
d3dcompiler_47
D3DCompile
ws2_32
accept
bind
getaddrinfo
closesocket
ntohl
__WSAFDIsSet
ioctlsocket
gethostname
htonl
WSAIoctl
WSASetLastError
freeaddrinfo
getpeername
getsockname
listen
sendto
htons
getsockopt
getnameinfo
WSAGetLastError
ntohs
recv
select
send
recvfrom
setsockopt
shutdown
socket
connect
WSASocketW
WSAStartup
WSACleanup
normaliz
IdnToAscii
wldap32
ord200
ord30
ord79
ord35
ord33
ord32
ord143
ord217
ord46
ord27
ord26
ord22
ord41
ord211
ord60
ord45
ord50
ord301
crypt32
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCreateCertificateChainEngine
CryptQueryObject
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertGetNameStringA
rpcrt4
UuidCreate
UuidToStringA
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140
__std_terminate
__current_exception_context
__current_exception
strrchr
__C_specific_handler
_CxxThrowException
__std_exception_destroy
__std_exception_copy
strchr
memcmp
memset
memmove
memcpy
memchr
strstr
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-math-l1-1-0
powf
__setusermatherr
ceilf
tanf
sqrt
acosf
atan2
asin
_dclass
sinf
sqrtf
atan2f
cosf
api-ms-win-crt-string-l1-1-0
strncpy
_strdup
strcmp
tolower
isupper
strspn
strcspn
isdigit
strncmp
strpbrk
api-ms-win-crt-stdio-l1-1-0
_lseeki64
_set_fmode
__p__commode
_get_stream_buffer_pointers
fgetc
__stdio_common_vsprintf_s
fgetpos
fputc
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
_read
fsetpos
_fseeki64
setvbuf
__stdio_common_vsnprintf_s
fgets
_pclose
ungetc
_popen
_close
fopen
_write
fputs
_open
feof
api-ms-win-crt-heap-l1-1-0
free
malloc
_callnewh
_set_new_mode
calloc
realloc
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
atoi
strtoull
strtoul
strtoll
strtol
strtod
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
system
_cexit
_crt_atexit
_register_onexit_function
exit
_initialize_onexit_table
_initialize_narrow_environment
_errno
_configure_narrow_argv
_getpid
_invalid_parameter_noinfo_noreturn
_resetstkoflw
_invalid_parameter_noinfo
__sys_nerr
strerror
_beginthreadex
terminate
_c_exit
api-ms-win-crt-filesystem-l1-1-0
_access
_unlink
remove
_lock_file
_fstat64
_access_s
_unlock_file
_stat64
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64
api-ms-win-crt-locale-l1-1-0
localeconv
___lc_codepage_func
_configthreadlocale
shell32
ShellExecuteA
advapi32
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
GetUserNameA
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
Sections
.text Size: 914KB - Virtual size: 914KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 325KB - Virtual size: 324KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 741KB - Virtual size: 750KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 464B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ