Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2014-May-01 17:48:59 |
Detected languages |
English - United States
|
CompanyName | *!ReLOADeD!* |
FileDescription | Steam API |
FileVersion | 3,1,0,0 |
InternalName | steam_api |
LegalCopyright | *!ReLOADeD!* |
OriginalFilename | steam_api |
ProductName | Steam API |
ProductVersion | 3,1,0,0 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | PEiD Signature: | MoleBox v2.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses known Mersenne Twister constants
Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. |
Unusual section name found: .RLD0
Unusual section name found: .RLD1 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
516 bytes of data starting at offset 0xcd800.
The overlay data has an entropy of 7.63306 and is possibly compressed or encrypted. |
Malicious | VirusTotal score: 36/71 (Scanned on 2024-02-16 13:56:29) |
Antiy-AVL:
Trojan/Win32.TSGeneric
Bkav: W32.AIDetectMalware CAT-QuickHeal: PUA.HackTool.S398420 ClamAV: Win.Tool.Gamehack-9886010-0 CrowdStrike: win/grayware_confidence_100% (W) Cylance: unsafe Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS ESET-NOD32: a variant of Win32/HackTool.Crack.CS potentially unsafe Elastic: malicious (high confidence) Emsisoft: Application.GameHack (A) FireEye: Generic.mg.7a7775d4b0b5b708 Fortinet: Riskware/Crack Google: Detected Gridinsoft: Crack.Win32.GameHack.dd!n Ikarus: PUA.HackTool.Steam K7AntiVirus: Hacktool ( 004954941 ) K7GW: Hacktool ( 004954941 ) Lionic: Hacktool.Win32.Crack.3!c Malwarebytes: Generic.Malware.AI.DDS McAfee: Crack-Reloaded Microsoft: HackTool:Win32/Crack!pz Panda: Trj/CI.A Rising: Trojan.Generic@AI.93 (RDMK:EweHHP3hykZu4la6uMuDaw) Sangfor: Trojan.Win32.Save.a SentinelOne: Static AI - Malicious PE Skyhigh: BehavesLike.Win32.Dropper.cc Sophos: Steam (PUA) Symantec: ML.Attribute.HighConfidence Trapmine: malicious.high.ml.score TrendMicro: TROJ_GEN.R002C0PLV23 TrendMicro-HouseCall: TROJ_GEN.R002C0PLV23 Varist: W32/S-7034927e!Eldorado Webroot: Riskware.Gamehack.Gen Xcitium: ApplicUnwnt@#2rx34ibs748yn Yandex: PUP.Crack!8ScGCDdLIzM |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 2014-May-01 17:48:59 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 11.0 |
SizeOfCode | 0x2fa00 |
SizeOfInitializedData | 0x37a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00025B3A (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x31000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xd4000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetModuleHandleA
LoadLibraryA CopyFileA GetProcessTimes GetCurrentProcess GetSystemTimeAsFileTime GetTickCount GetSystemPowerStatus FindClose GetLastError FindNextFileA GetDiskFreeSpaceExA GetFileTime ReadFile CloseHandle IsBadReadPtr WriteConsoleW SetStdHandle SetFileAttributesA DeleteFileA GetFileAttributesA CreateDirectoryA TryEnterCriticalSection LeaveCriticalSection EnterCriticalSection GetCurrentThreadId InitializeCriticalSection GetModuleFileNameA FindFirstFileA VirtualFree GetConsoleMode GetConsoleCP CreateFileA SetEndOfFile SetFilePointerEx WriteFile GetFileSizeEx VirtualAlloc HeapAlloc HeapFree GetProcessHeap HeapDestroy HeapCreate RaiseException WideCharToMultiByte MultiByteToWideChar QueryPerformanceCounter EncodePointer DecodePointer RtlUnwind GetCommandLineA GetStdHandle GetModuleFileNameW IsProcessorFeaturePresent InterlockedDecrement ExitProcess GetModuleHandleExW GetProcAddress HeapSize Sleep IsDebuggerPresent SetLastError InterlockedIncrement GetFileType InitializeCriticalSectionAndSpinCount DeleteCriticalSection GetStartupInfoW GetCurrentProcessId GetEnvironmentStringsW FreeEnvironmentStringsW UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess TlsAlloc TlsGetValue TlsSetValue TlsFree GetModuleHandleW OutputDebugStringW LoadLibraryExW LoadLibraryW LCMapStringW IsValidCodePage GetACP GetOEMCP GetCPInfo HeapReAlloc GetStringTypeW FlushFileBuffers CreateFileW |
---|---|
USER32.dll |
LoadBitmapA
|
GDI32.dll |
DeleteObject
GetBitmapBits |
ADVAPI32.dll |
CryptDestroyHash
CryptHashData CryptCreateHash CryptImportKey CryptDestroyKey CryptReleaseContext CryptAcquireContextA CryptVerifySignatureA |
SHELL32.dll |
SHGetSpecialFolderPathA
|
Ordinal | 1 |
---|---|
Address | 0x16100 |
Ordinal | 2 |
---|---|
Address | 0x3e668 |
Ordinal | 3 |
---|---|
Address | 0x16120 |
Ordinal | 4 |
---|---|
Address | 0x16320 |
Ordinal | 5 |
---|---|
Address | 0x16120 |
Ordinal | 6 |
---|---|
Address | 0x16320 |
Ordinal | 7 |
---|---|
Address | 0x16140 |
Ordinal | 8 |
---|---|
Address | 0x16150 |
Ordinal | 9 |
---|---|
Address | 0x16150 |
Ordinal | 10 |
---|---|
Address | 0x202e0 |
Ordinal | 11 |
---|---|
Address | 0x16160 |
Ordinal | 12 |
---|---|
Address | 0x16180 |
Ordinal | 13 |
---|---|
Address | 0x161a0 |
Ordinal | 14 |
---|---|
Address | 0x161b0 |
Ordinal | 15 |
---|---|
Address | 0x16270 |
Ordinal | 16 |
---|---|
Address | 0x16270 |
Ordinal | 17 |
---|---|
Address | 0x161c0 |
Ordinal | 18 |
---|---|
Address | 0x161e0 |
Ordinal | 19 |
---|---|
Address | 0x161f0 |
Ordinal | 20 |
---|---|
Address | 0x16210 |
Ordinal | 21 |
---|---|
Address | 0x16270 |
Ordinal | 22 |
---|---|
Address | 0x16270 |
Ordinal | 23 |
---|---|
Address | 0x162b0 |
Ordinal | 24 |
---|---|
Address | 0x16230 |
Ordinal | 25 |
---|---|
Address | 0x16240 |
Ordinal | 26 |
---|---|
Address | 0x162f0 |
Ordinal | 27 |
---|---|
Address | 0x16250 |
Ordinal | 28 |
---|---|
Address | 0x161b0 |
Ordinal | 29 |
---|---|
Address | 0x16270 |
Ordinal | 30 |
---|---|
Address | 0x16280 |
Ordinal | 31 |
---|---|
Address | 0x16290 |
Ordinal | 32 |
---|---|
Address | 0x162a0 |
Ordinal | 33 |
---|---|
Address | 0x162b0 |
Ordinal | 34 |
---|---|
Address | 0x162c0 |
Ordinal | 35 |
---|---|
Address | 0x162d0 |
Ordinal | 36 |
---|---|
Address | 0x162e0 |
Ordinal | 37 |
---|---|
Address | 0x162f0 |
Ordinal | 38 |
---|---|
Address | 0x16300 |
Ordinal | 39 |
---|---|
Address | 0x16120 |
Ordinal | 40 |
---|---|
Address | 0x16320 |
Ordinal | 41 |
---|---|
Address | 0x16340 |
Ordinal | 42 |
---|---|
Address | 0x16360 |
Ordinal | 43 |
---|---|
Address | 0x16390 |
Ordinal | 44 |
---|---|
Address | 0x16390 |
Ordinal | 45 |
---|---|
Address | 0x163c0 |
Ordinal | 46 |
---|---|
Address | 0x16270 |
Ordinal | 47 |
---|---|
Address | 0x162c0 |
Ordinal | 48 |
---|---|
Address | 0x163d0 |
Ordinal | 49 |
---|---|
Address | 0x163e0 |
Ordinal | 50 |
---|---|
Address | 0x163f0 |
Ordinal | 51 |
---|---|
Address | 0x162d0 |
Ordinal | 52 |
---|---|
Address | 0x16400 |
Ordinal | 53 |
---|---|
Address | 0x16410 |
Ordinal | 54 |
---|---|
Address | 0x16420 |
Ordinal | 55 |
---|---|
Address | 0x16430 |
Ordinal | 56 |
---|---|
Address | 0x16440 |
Ordinal | 57 |
---|---|
Address | 0x16450 |
Ordinal | 58 |
---|---|
Address | 0x162f0 |
Ordinal | 59 |
---|---|
Address | 0x16320 |
Ordinal | 60 |
---|---|
Address | 0x16270 |
Ordinal | 61 |
---|---|
Address | 0x16460 |
Ordinal | 62 |
---|---|
Address | 0x16490 |
Ordinal | 63 |
---|---|
Address | 0x164b0 |
Ordinal | 64 |
---|---|
Address | 0x16270 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 3.1.0.0 |
ProductVersion | 3.1.0.0 |
FileFlags |
VS_FF_PATCHED
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | *!ReLOADeD!* |
FileDescription | Steam API |
FileVersion (#2) | 3,1,0,0 |
InternalName | steam_api |
LegalCopyright | *!ReLOADeD!* |
OriginalFilename | steam_api |
ProductName | Steam API |
ProductVersion (#2) | 3,1,0,0 |
Resource LangID | English - United States |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1003d150 |
SEHandlerTable | 0 |
SEHandlerCount | 0 |
XOR Key | 0x91b0121 |
---|---|
Unmarked objects | 0 |
ASM objects (50929) | 17 |
C objects (50929) | 103 |
C++ objects (50929) | 37 |
210 (VS2012 UPD3 build 60610) | 9 |
Total imports | 122 |
185 (30716) | 11 |
C++ objects (VS2012 UPD3 build 60610) | 142 |
Exports (VS2012 UPD3 build 60610) | 1 |
Resource objects (VS2012 UPD3 build 60610) | 1 |
Linker (VS2012 UPD3 build 60610) | 1 |