darkcomet | Liquid Bounce Launcher[.]zip

Resubmissions

06-02-2025 15:09

250206-sjg1lazqam 10

31-01-2025 12:44

250131-pylqjswkbw 10

Sharing

Copy URL

Twitter E-mail

General

Target

Liquid Bounce Launcher.zip
Size

7.9MB
MD5

a28c839f42ee6bfc334d92b84342a3d0
SHA1

b80d9c1cc293ed9297ab5467a7241360fa88aa8d
SHA256

4c8e398a92df2220c894ae9c29cbdde3f17d9ec8d98ecad1bfefae11689395b4
SHA512

55df91d4b0db3e282e1a0bde9d1b02c9b1d411a3c99b4835a47900f104b42ceb5668ca14723afedfd76bc56158118a0fc0a3108bbca95edd806f8c12c4ead9e6
SSDEEP

196608:wcUA4hSc7Kb+dQQT4KVPzVM143oubYx+S5LlYZjBMNhPT+:DwKb+dQQTbPze43jbYx+JBBMNB+

Score

10^/10

upx guest16 darkcomet

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

j4n6foy.localto.net:2596

Mutex

DC_MUTEX-1R3S01Q

Attributes

gencode
k7nfzKERaShh
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet family
darkcomet

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/LiquidBounce 2025/Liquid Bounce Injector.exe	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LiquidBounce 2025/Liquid Bounce Injector.exe
unpack002/out.upx
unpack001/LiquidBounce 2025/LiquidLauncher_0.4.0_x64.exe
unpack003/$PLUGINSDIR/StartMenu.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack003/$PLUGINSDIR/nsis_tauri_utils.dll
unpack003/liquidlauncher.exe
unpack003/uninstall.exe
unpack004/$PLUGINSDIR/LangDLL.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/nsis_tauri_utils.dll

Files

Liquid Bounce Launcher.zip
.zip
LiquidBounce 2025/Liquid Bounce Injector.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 247KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LiquidBounce 2025/LiquidLauncher_0.4.0_x64.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
FindClose
FindNextFileW
lstrcmpW
GetModuleHandleW
lstrcmpiW
MulDiv
lstrcpynW
GlobalAlloc
lstrcpyW
FindFirstFileW
GlobalFree

user32

GetMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetDlgItem
GetWindowLongW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
SendMessageW
IsDlgButtonChecked
GetWindowTextW
CreateDialogParamW
SetWindowLongW
wsprintfW
ScreenToClient
IsDialogMessageW
CallWindowProcW

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis_tauri_utils.dll
.dll windows:6 windows x86 arch:x86

17cb20871354b907f678c7c220e4ca60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

nsis_tauri_utils.pdb

Imports

kernel32

OpenProcess
ExitProcess
HeapAlloc
CloseHandle
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
HeapFree
TerminateProcess
GetProcessHeap
GlobalFree
InitializeProcThreadAttributeList
GetLastError
UpdateProcThreadAttribute
CreateProcessW
HeapReAlloc
GlobalAlloc
lstrcpyW

advapi32

GetTokenInformation
OpenProcessToken
EqualSid

user32

GetShellWindow
GetWindowThreadProcessId

Exports

Exports

DllMain
FindProcess
FindProcessCurrentUser
KillProcess
KillProcessCurrentUser
RunAsUser
SemverCompare
memcmp
memcpy
memset

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/MicrosoftEdgeWebview2Setup.exe
.exe windows:5 windows x86 arch:x86

7899cb8ba886a0690bdc28d8b481bbd1

Code Sign

33:00:00:03:fd:36:44:39:73:0d:dc:02:28:00:00:00:00:03:fd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-08-2024 19:26

Not After

20-08-2025 19:26

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:57:97:41:81:d1:09:95:4f:1c:10:95:8c:65:4e:63
Certificate

Issuer

CN=EdgeBuild,O=EdgeBuild,L=Redmond,ST=Washington,C=US

Not Before

15-06-2020 23:52

Not After

31-12-2039 23:59

Subject

CN=EdgeBuild,O=EdgeBuild,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

a1:09:b1:1b:33:e0:8d:ae:3f:62:0d:59:ff:72:02:0d:d4:7c:6d:3d:a3:63:5b:f0:2a:a0:03:19:8b:c3:12:ec
Signer

Actual PE Digest

a1:09:b1:1b:33:e0:8d:ae:3f:62:0d:59:ff:72:02:0d:d4:7c:6d:3d:a3:63:5b:f0:2a:a0:03:19:8b:c3:12:ec

Digest Algorithm

sha256

PE Digest Matches

true

a1:09:b1:1b:33:e0:8d:ae:3f:62:0d:59:ff:72:02:0d:d4:7c:6d:3d:a3:63:5b:f0:2a:a0:03:19:8b:c3:12:ec
Signer

Actual PE Digest

a1:09:b1:1b:33:e0:8d:ae:3f:62:0d:59:ff:72:02:0d:d4:7c:6d:3d:a3:63:5b:f0:2a:a0:03:19:8b:c3:12:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
OutputDebugStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
RaiseException
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
VirtualProtect
EncodePointer
LoadLibraryExW
QueryPerformanceCounter
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStringTypeW
CreateDirectoryW
SizeofResource
FindFirstFileW
Wow64DisableWow64FsRedirection
RemoveDirectoryW
GetTempPathW
FormatMessageW
Wow64RevertWow64FsRedirection
GetFileAttributesExW
GetDiskFreeSpaceExW
LockResource
DeleteFileW
FindResourceExW
LoadResource
FindResourceW
HeapDestroy
LocalFree
VerSetConditionMask
CopyFileW
VerifyVersionInfoW
GetTempFileNameW
lstrcmpiW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
CreateThread
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
CreateProcessW
GetExitCodeProcess
ResetEvent
WaitForSingleObjectEx
GetSystemInfo
LoadLibraryExA

advapi32

RegSetValueExA
SetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
RegOpenKeyExW
RegQueryValueExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExW
RegOpenKeyExA
RegDeleteValueA

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx

shell32

SHGetKnownFolderPath
ord680
CommandLineToArgvW
SHGetFolderPathW

user32

CharLowerBuffW
MessageBoxW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
liquidlauncher.exe
.exe windows:6 windows x64 arch:x64

5f6eafdf52706eadc88b48147ffa700c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

liquidlauncher.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

shell32

DragFinish
ShellExecuteW
DragQueryFileW
CommandLineToArgvW
SHCreateItemFromParsingName
ord155
SHAppBarMessage
SHGetKnownFolderPath
ord190
SHOpenFolderAndSelectItems
ShellExecuteExW

ole32

CoSetProxyBlanket
CoInitializeEx
RevokeDragDrop
CoInitializeSecurity
CoInitialize
CoCreateInstance
OleInitialize
RegisterDragDrop
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc

ntdll

NtOpenFile
RtlPcToFileHeader
NtWriteFile
NtQuerySystemInformation
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtQueryInformationProcess
NtCancelIoFileEx
RtlUnwindEx
RtlVirtualUnwind
RtlGetVersion
NtReadFile

kernel32

InitializeSListHead
OutputDebugStringA
FreeLibrary
LoadLibraryExA
LoadLibraryExW
UnregisterWaitEx
GetCommandLineW
GetSystemTimeAsFileTime
GetModuleHandleA
GetProcAddress
EncodePointer
GetSystemInfo
GetNativeSystemInfo
FindClose
SleepConditionVariableSRW
OutputDebugStringW
WakeAllConditionVariable
PostQueuedCompletionStatus
AcquireSRWLockExclusive
LocalFree
GetProcessIoCounters
DeviceIoControl
LoadLibraryA
ReleaseSRWLockExclusive
WaitForSingleObject
RegisterWaitForSingleObject
SetFileAttributesW
IsProcessorFeaturePresent
CreateHardLinkW
SetFilePointerEx
SetFileInformationByHandle
GetSystemTimes
VirtualQueryEx
ReadProcessMemory
OpenProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
CreateWaitableTimerExW
Sleep
SetWaitableTimer
SetFileTime
GetProcessTimes
GetQueuedCompletionStatusEx
GetVolumeInformationW
CreateIoCompletionPort
SetFileCompletionNotificationModes
SetUnhandledExceptionFilter
GetDriveTypeW
TlsAlloc
GetDiskFreeSpaceExW
GetLogicalDrives
RaiseException
GetExitCodeProcess
IsDebuggerPresent
GlobalMemoryStatusEx
GetTickCount64
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
GetProcessHeap
lstrlenW
SetHandleInformation
SetEnvironmentVariableW
CreateSymbolicLinkW
DeleteFileW
HeapAlloc
QueryPerformanceCounter
TerminateProcess
ExitProcess
ReadFileEx
HeapFree
LoadLibraryW
SleepEx
HeapReAlloc
SwitchToThread
GetLastError
GetSystemTimePreciseAsFileTime
GetCurrentThreadId
WriteFileEx
CreateThread
CreateNamedPipeW
DuplicateHandle
GetFileAttributesW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetModuleHandleW
CloseHandle
GetUserDefaultUILanguage
LCIDToLocaleName
CopyFileExW
CompareStringOrdinal
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
TlsFree
CreateDirectoryW
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
WideCharToMultiByte
ReleaseMutex
GetEnvironmentVariableW
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW

user32

GetMenu
SetPropW
SystemParametersInfoW
GetKeyboardState
GetAsyncKeyState
GetKeyState
MapVirtualKeyExW
GetKeyboardLayout
ToUnicodeEx
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SetWindowLongW
GetSystemMenu
ShowCursor
GetClipCursor
ClipCursor
CreateIcon
FindWindowExW
TranslateAcceleratorW
SetWindowRgn
GetParent
IsProcessDPIAware
AdjustWindowRect
SetMenuItemInfoW
TrackPopupMenu
EnableMenuItem
AppendMenuW
DrawMenuBar
InsertMenuW
CreatePopupMenu
DrawIconEx
SetParent
ReleaseDC
GetDC
GetMenuItemInfoW
CreateMenu
DestroyWindow
GetForegroundWindow
SetWindowDisplayAffinity
SendInput
SetForegroundWindow
CheckMenuItem
DrawTextW
GetWindowDC
RegisterTouchWindow
IsWindow
AdjustWindowRectEx
RegisterWindowMessageA
FlashWindowEx
OffsetRect
GetActiveWindow
MapWindowPoints
UpdateWindow
GetMenuBarInfo
PostQuitMessage
InvalidateRect
DestroyMenu
DestroyIcon
SetCursorPos
SendMessageW
LoadCursorW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
GetMonitorInfoW
GetWindowRect
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
SetCursor
CloseTouchInputHandle
GetTouchInputInfo
TrackMouseEvent
SetCapture
ReleaseCapture
FillRect
MonitorFromRect
GetSystemMetrics
ClientToScreen
GetWindowLongW
ScreenToClient
DefWindowProcW
PostMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
PostThreadMessageW
EnableWindow
IsWindowEnabled
MonitorFromPoint
EnumDisplayMonitors
MonitorFromWindow
IsIconic
IsWindowVisible
RedrawWindow
GetCursorPos
EnumChildWindows
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowPos
GetClientRect
RegisterClassExW
RegisterRawInputDevices
GetMessageW
SetWindowLongPtrW
CreateWindowExW
DestroyAcceleratorTable
GetWindowLongPtrW
CreateAcceleratorTableW
RemoveMenu
SetMenu
SystemParametersInfoA
ShowWindow

oleaut32

GetErrorInfo
SysStringLen
VariantClear
SetErrorInfo
SysFreeString
SysAllocString

comctl32

RemoveWindowSubclass
DefSubclassProc
TaskDialogIndirect
SetWindowSubclass

gdi32

CreateSolidBrush
SetTextColor
GetDeviceCaps
BitBlt
CombineRgn
DeleteDC
DeleteObject
CreateRectRgn
SetBkMode
SelectObject
CreateDIBSection
CreateCompatibleDC

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

shlwapi

SHCreateMemStream

advapi32

EventSetInformation
EventWriteTransfer
RegQueryValueExW
RegCloseKey
EventRegister
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
SystemFunction036
RegGetValueW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
EventUnregister

ws2_32

WSAGetLastError
connect
accept
getpeername
WSAIoctl
listen
bind
ioctlsocket
socket
WSASend
send
recv
closesocket
setsockopt
shutdown
WSASocketW
getsockname
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
getsockopt

crypt32

CertFreeCertificateChain
CertDuplicateStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertCloseStore

pdh

PdhRemoveCounter
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery
PdhOpenQueryA
PdhAddEnglishCounterW

bcrypt

BCryptGenRandom

secur32

DeleteSecurityContext
LsaGetLogonSessionData
InitializeSecurityContextW
LsaFreeReturnBuffer
LsaEnumerateLogonSessions
FreeContextBuffer
EncryptMessage
AcquireCredentialsHandleA
DecryptMessage
QueryContextAttributesW
ApplyControlToken
AcceptSecurityContext
FreeCredentialsHandle

psapi

GetModuleFileNameExW
GetPerformanceInfo

iphlpapi

GetAdaptersAddresses
GetIfEntry2
FreeMibTable
GetIfTable2

netapi32

NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree

powrprof

CallNtPowerInformation

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp
strlen
wcsncmp
wcscmp
strcpy_s

api-ms-win-crt-math-l1-1-0

trunc
floor
round
pow
__setusermatherr

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc
calloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_wassert
_configure_narrow_argv
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
_seh_filter_exe
_set_app_type
abort
_register_thread_local_exe_atexit_callback
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

wcstol
_wtoi
_ultow_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
GlobalFree
lstrcpynW
lstrcmpW
GlobalAlloc
MulDiv
GetModuleHandleW
lstrcpyW

user32

DialogBoxParamW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
SetWindowTextW
LoadIconW
ShowWindow
SendMessageW
GetDC

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis_tauri_utils.dll
.dll windows:6 windows x86 arch:x86

17cb20871354b907f678c7c220e4ca60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

nsis_tauri_utils.pdb

Imports

kernel32

OpenProcess
ExitProcess
HeapAlloc
CloseHandle
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
HeapFree
TerminateProcess
GetProcessHeap
GlobalFree
InitializeProcThreadAttributeList
GetLastError
UpdateProcThreadAttribute
CreateProcessW
HeapReAlloc
GlobalAlloc
lstrcpyW

advapi32

GetTokenInformation
OpenProcessToken
EqualSid

user32

GetShellWindow
GetWindowThreadProcessId

Exports

Exports

DllMain
FindProcess
FindProcessCurrentUser
KillProcess
KillProcessCurrentUser
RunAsUser
SemverCompare
memcmp
memcpy
memset

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiquidBounce 2025/Read Me.txt

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 572KB

UPX1 Size: 247KB - Virtual size: 248KB

.rsrc Size: 101KB - Virtual size: 104KB

Headers

File Characteristics

Sections

.text Size: 566KB - Virtual size: 566KB

.itext Size: 6KB - Virtual size: 6KB

.data Size: 15KB - Virtual size: 15KB

.bss Size: - Virtual size: 29KB

.idata Size: 16KB - Virtual size: 16KB

.tls Size: - Virtual size: 56B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 35KB - Virtual size: 34KB

.rsrc Size: 115KB - Virtual size: 114KB

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 192KB

.rsrc Size: 18KB - Virtual size: 17KB

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 578B

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

File Characteristics

UPX0
Size: - Virtual size: 572KB

UPX1
Size: 247KB - Virtual size: 248KB

.rsrc
Size: 101KB - Virtual size: 104KB

.text
Size: 566KB - Virtual size: 566KB

.itext
Size: 6KB - Virtual size: 6KB

.data
Size: 15KB - Virtual size: 15KB

.bss
Size: - Virtual size: 29KB

.idata
Size: 16KB - Virtual size: 16KB

.tls
Size: - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 115KB - Virtual size: 114KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 192KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 578B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: - Virtual size: 9B

.reloc
Size: 512B - Virtual size: 376B

33:00:00:03:fd:36:44:39:73:0d:dc:02:28:00:00:00:00:03:fd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

64:57:97:41:81:d1:09:95:4f:1c:10:95:8c:65:4e:63
Certificate

a1:09:b1:1b:33:e0:8d:ae:3f:62:0d:59:ff:72:02:0d:d4:7c:6d:3d:a3:63:5b:f0:2a:a0:03:19:8b:c3:12:ec
Signer

a1:09:b1:1b:33:e0:8d:ae:3f:62:0d:59:ff:72:02:0d:d4:7c:6d:3d:a3:63:5b:f0:2a:a0:03:19:8b:c3:12:ec
Signer

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 44B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 5KB - Virtual size: 5KB