Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2023-Feb-20 19:11:44 |
Detected languages |
English - United States
|
Debug artifacts |
C:\Users\Corey\Downloads\Fortnite-External-Source-main\Fortnite-External-Source-main\x64\Release\fortnite.pdb
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 8/70 (Scanned on 2023-03-06 21:39:40) |
Symantec:
ML.Attribute.HighConfidence
Elastic: malicious (high confidence) ESET-NOD32: a variant of Win64/GameHack_AGen.HM potentially unsafe APEX: Malicious Cynet: Malicious (score: 100) Rising: PUF.GameHack!8.223 (TFE:5:VelxpbzkYtS) MaxSecure: Trojan.Malware.300983.susgen CrowdStrike: win/malicious_confidence_60% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2023-Feb-20 19:11:44 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x3c400 |
SizeOfInitializedData | 0xfc00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000003C464 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x51000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetProcAddress
FreeLibrary QueryPerformanceCounter VirtualFree VirtualAlloc CreateToolhelp32Snapshot Process32NextW Process32FirstW CloseHandle GetModuleHandleW lstrcmpiW RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter LoadLibraryA GlobalFree TerminateProcess IsProcessorFeaturePresent InitializeCriticalSectionAndSpinCount DeleteCriticalSection CreateEventW IsDebuggerPresent GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead QueryPerformanceFrequency GlobalUnlock WideCharToMultiByte SetUnhandledExceptionFilter GlobalLock GlobalAlloc MultiByteToWideChar GetCurrentProcess |
---|---|
USER32.dll |
DefWindowProcA
PeekMessageW DispatchMessageW GetAsyncKeyState ShowWindow GetSystemMetrics SetWindowPos DestroyWindow GetWindowRect GetWindow SetLayeredWindowAttributes TranslateMessage LoadIconW SetWindowLongW GetDesktopWindow RegisterClassExA UpdateWindow GetKeyState GetClientRect CreateWindowExA SetClipboardData GetClipboardData EmptyClipboard SetCursor LoadCursorW GetForegroundWindow SetCursorPos ClientToScreen ScreenToClient GetCursorPos CloseClipboard OpenClipboard |
d3d9.dll |
Direct3DCreate9Ex
|
IMM32.dll |
ImmSetCompositionWindow
ImmReleaseContext ImmGetContext ImmSetCandidateWindow |
dwmapi.dll |
DwmExtendFrameIntoClientArea
|
VCRUNTIME140_1.dll |
__CxxFrameHandler4
|
VCRUNTIME140.dll |
__std_terminate
memmove memcpy memcmp memchr strstr memset __C_specific_handler __current_exception_context __current_exception |
api-ms-win-crt-stdio-l1-1-0.dll |
_set_fmode
__acrt_iob_func fflush fclose __p__commode fseek __stdio_common_vfprintf __stdio_common_vsscanf fread __stdio_common_vsprintf _wfopen fwrite ftell |
api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
api-ms-win-crt-string-l1-1-0.dll |
strncmp
strcmp strncpy |
api-ms-win-crt-heap-l1-1-0.dll |
free
malloc _set_new_mode |
api-ms-win-crt-convert-l1-1-0.dll |
atof
|
api-ms-win-crt-runtime-l1-1-0.dll |
_c_exit
__p___argv exit terminate _configure_narrow_argv __p___argc _initialize_narrow_environment _initialize_onexit_table _register_thread_local_exe_atexit_callback _exit _initterm_e _initterm _get_initial_narrow_environment _set_app_type _seh_filter_exe _cexit _crt_atexit _register_onexit_function |
api-ms-win-crt-math-l1-1-0.dll |
asin
ceilf cosf fmodf __setusermatherr acosf sinf sqrtf tanf |
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Feb-20 19:11:44 |
Version | 0.0 |
SizeofData | 134 |
AddressOfRawData | 0x44b24 |
PointerToRawData | 0x43324 |
Referenced File | C:\Users\Corey\Downloads\Fortnite-External-Source-main\Fortnite-External-Source-main\x64\Release\fortnite.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Feb-20 19:11:44 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x44bac |
PointerToRawData | 0x433ac |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Feb-20 19:11:44 |
Version | 0.0 |
SizeofData | 816 |
AddressOfRawData | 0x44bc0 |
PointerToRawData | 0x433c0 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Feb-20 19:11:44 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x140044f10 |
---|---|
EndAddressOfRawData | 0x140044f18 |
AddressOfIndex | 0x14004b664 |
AddressOfCallbacks | 0x14003e530 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14004b010 |
XOR Key | 0x45f2e275 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 16 |
Imports (VS2022 Update 3 (17.3.0) compiler 31616) | 4 |
C++ objects (VS2022 Update 3 (17.3.0) compiler 31616) | 27 |
C objects (VS2022 Update 3 (17.3.0) compiler 31616) | 10 |
ASM objects (VS2022 Update 3 (17.3.0) compiler 31616) | 3 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 2 |
Imports (30795) | 11 |
Total imports | 166 |
C++ objects (LTCG) (31631) | 8 |
Resource objects (31631) | 1 |
Linker (31631) | 1 |