7bf4c44d0f7041fe72e987b4f5a591c0

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Jul-14 12:46:19
Detected languages English - United States
Debug artifacts E:\cheat's\AlNa\Новая папка\Release\AlterNative.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE contains functions most legitimate programs don't use. Functions which can be used for anti-debugging purposes:
  • FindWindowA
Reads the contents of the clipboard:
  • GetClipboardData
Malicious VirusTotal score: 40/72 (Scanned on 2020-06-15 17:44:44) MicroWorld-eScan: Trojan.GenericKD.32415714
FireEye: Generic.mg.7bf4c44d0f7041fe
McAfee: RDN/Generic.fdj
Cylance: Unsafe
Zillya: Trojan.GameHack.Win32.365
Alibaba: HackTool:Win32/Generic.fb85980f
K7GW: Unwanted-Program ( 0053c0c21 )
K7AntiVirus: Unwanted-Program ( 0053c0c21 )
Arcabit: Trojan.Generic.D1EE9FE2
Invincea: heuristic
Symantec: Trojan.Gen.2
APEX: Malicious
Kaspersky: UDS:DangerousObject.Multi.Generic
BitDefender: Trojan.GenericKD.32415714
Rising: Trojan.Tiggre!8.ED98 (CLOUD)
Ad-Aware: Trojan.GenericKD.32415714
Emsisoft: Trojan.GenericKD.32415714 (B)
Comodo: Malware@#ahl2acq9bi4h
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: TROJ_GEN.R002C0PD920
McAfee-GW-Edition: BehavesLike.Win32.Generic.hh
Sophos: Harmony Loader (PUA)
Webroot: W32.Trojan.GenKD
Fortinet: Riskware/GameHack
Antiy-AVL: Trojan/Win32.Wacatac
Endgame: malicious (high confidence)
Microsoft: Trojan:Win32/Occamy.C69
AegisLab: Trojan.Win32.Generic.4!c
ZoneAlarm: UDS:DangerousObject.Multi.Generic
AhnLab-V3: Malware/Win32.RL_Generic.R281282
VBA32: Trojan.Occamy
ALYac: Trojan.GenericKD.32415714
MAX: malware (ai score=94)
ESET-NOD32: a variant of Win32/GameHack.EDA potentially unsafe
TrendMicro-HouseCall: TROJ_GEN.R002C0PD920
Yandex: Riskware.Agent!
SentinelOne: DFI - Malicious PE
eGambit: Trojan.Generic
GData: Trojan.GenericKD.32415714
Panda: Trj/Genetic.gen

Hashes

MD5 7bf4c44d0f7041fe72e987b4f5a591c0
SHA1 dbafbcc19aea20593f51bf1509d7df4ec731191e
SHA256 6986b029e67cc7fed8c38d02c581d01f828cdf51a5e0418ab26c4c0265e858d0
SHA3 ac4798040eed6ec23e24feff6345140dc53ed470215cabed42409157fe7b9bb2
SSDeep 12288:3UTBdz2VeKpQbPcU/gk232BMIb25RlEfvj/y:3Ivee8s//gt2BMj5RGfvG
Imports Hash 79155be4e0a43258323be1f057580844

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2019-Jul-14 12:46:19
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x5ac00
SizeOfInitializedData 0x90e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0005A520 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x5c000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xef000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 822bcee22827aaf7fa56eaa9f7b28a8f
SHA1 e88918c4b784daf2eb18b9f9bf7a68d8e06dbb27
SHA256 47bc31e954e4daa1540c0396eb209ec268358c2ef47978d40c75be481c58a87e
SHA3 c24a441e6ba767059095e0eae62e0c8fa40803c68fe5391127c5b53a2ea481cc
VirtualSize 0x5aa12
VirtualAddress 0x1000
SizeOfRawData 0x5ac00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.5623

.rdata

MD5 16d895e2adb76186ae4e2cb347a3e7ad
SHA1 d9fc6f5e4274e61033df96635574ea4f026b077d
SHA256 d4b9944283fc989a7ab15286c9ef28949653a449f321c81ddbc9730cb709488a
SHA3 c772390a89ee6b7aaa8e7b86b1b34f78d51afb76ec13f34659739141a41de769
VirtualSize 0x21014
VirtualAddress 0x5c000
SizeOfRawData 0x21200
PointerToRawData 0x5b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.97343

.data

MD5 187482e4e42bedec5ab120bf91c3bdb9
SHA1 9b050889c571bb92168fc98712165d1f9d29eae7
SHA256 6e32f9cb947fe2ab92efcab91236b846869cf4d592ae8aa6e38d3c1982720fd0
SHA3 94e38bddabbb64bf17f4e4fdafdfc5304768060747bf2d77194f6ae1ce636fd4
VirtualSize 0x69c94
VirtualAddress 0x7e000
SizeOfRawData 0x1600
PointerToRawData 0x7c200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.5655

.rsrc

MD5 e03bd038af9722ef2da769faead12e5e
SHA1 fc1c07dc9ccd773f70709ccf1eda39b4baa8458b
SHA256 ecb77001802612707f9083387ca8603ec402c8c4d70664cc5a0680e5f2090c73
SHA3 eb82b2023dc43be1f401dac6347b2ee725231942ef869201d11624727b23d07d
VirtualSize 0x1e0
VirtualAddress 0xe8000
SizeOfRawData 0x200
PointerToRawData 0x7d800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71935

.reloc

MD5 223db31130de9a134467c686035811c5
SHA1 6f703450ed6b94b29de39a36d4408dc7e76f457a
SHA256 399d72ae8a0b505c7a5d85218839865c380d3b0c6b7e456c4e4dc4e5afa60213
SHA3 72d97dbe72b9be4f0728207aa3328124e7e46bcaafc49537650e3ce457ab7206
VirtualSize 0x5b90
VirtualAddress 0xe9000
SizeOfRawData 0x5c00
PointerToRawData 0x7da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.80785

Imports

KERNEL32.dll WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcpynA
lstrcmpA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
lstrcpyA
CreateThread
CreateDirectoryA
IsBadReadPtr
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
SetLastError
lstrlenA
VirtualProtect
FlushInstructionCache
GetTickCount
USER32.dll MessageBoxA
GetClientRect
ReleaseCapture
SetCursorPos
SetCursor
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetCursorPos
ClientToScreen
GetCapture
GetActiveWindow
ScreenToClient
LoadCursorA
GetKeyState
FindWindowA
CallWindowProcA
SetWindowLongA
SetCapture
SHELL32.dll SHGetFolderPathA
MSVCP140.dll ?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Xlength_error@std@@YAXPBD@Z
OPENGL32.dll glViewport
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glGenTextures
glVertexPointer
glEnable
glScissor
glDisableClientState
glMatrixMode
glBlendFunc
glLoadIdentity
glTexParameteri
glPopMatrix
glTexImage2D
glColorPointer
glDrawElements
glDisable
glPushMatrix
glPixelStorei
glOrtho
glPushAttrib
glGetIntegerv
glDepthRange
glLineWidth
glClearColor
glTexEnvi
glGetFloatv
glDepthFunc
glTexCoordPointer
IMM32.dll ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
VCRUNTIME140.dll strstr
__CxxFrameHandler3
memmove
__std_terminate
__std_exception_destroy
__std_exception_copy
memchr
memset
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__vcrt_InitializeCriticalSectionEx
memcpy
api-ms-win-crt-runtime-l1-1-0.dll _seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
_initterm
_initterm_e
_invalid_parameter_noinfo
_wassert
_invalid_parameter_noinfo_noreturn
_errno
api-ms-win-crt-math-l1-1-0.dll _CIfmod
_libm_sse2_acos_precise
_libm_sse2_cos_precise
roundf
_libm_sse2_log10_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_except1
_libm_sse2_tan_precise
_dtest
_CIatan2
ceil
_fdtest
floor
_libm_sse2_atan_precise
api-ms-win-crt-convert-l1-1-0.dll atof
atoi
api-ms-win-crt-stdio-l1-1-0.dll __stdio_common_vsprintf_s
fflush
fclose
fgetc
__stdio_common_vsscanf
fread
_wfopen
__stdio_common_vsprintf
fwrite
__stdio_common_vfprintf
fseek
ftell
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fputc
api-ms-win-crt-utility-l1-1-0.dll qsort
srand
rand
api-ms-win-crt-time-l1-1-0.dll _time64
api-ms-win-crt-filesystem-l1-1-0.dll _access
_unlock_file
_lock_file
api-ms-win-crt-string-l1-1-0.dll strncpy
isprint
isspace
_stricmp
toupper
isalpha
api-ms-win-crt-heap-l1-1-0.dll free
_callnewh
malloc
api-ms-win-crt-environment-l1-1-0.dll getenv

Delayed Imports

_ReflectiveLoader@4

Ordinal 1
Address 0x57b00

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Jul-14 12:46:19
Version 0.0
SizeofData 86
AddressOfRawData 0x7aca0
PointerToRawData 0x79ca0
Referenced File E:\cheat's\AlNa\Новая папка\Release\AlterNative.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2019-Jul-14 12:46:19
Version 0.0
SizeofData 20
AddressOfRawData 0x7acf8
PointerToRawData 0x79cf8

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Jul-14 12:46:19
Version 0.0
SizeofData 808
AddressOfRawData 0x7ad0c
PointerToRawData 0x79d0c

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2019-Jul-14 12:46:19
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x1007b044
EndAddressOfRawData 0x1007b04c
AddressOfIndex 0x1007f7dc
AddressOfCallbacks 0x1005c3c8
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0xa0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1007e0b0
SEHandlerTable 0
SEHandlerCount 0

RICH Header

XOR Key 0xafd4a496
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 20
ASM objects (VS2017 v15.?.? build 25930) 10
C objects (VS2017 v15.?.? build 25930) 11
C++ objects (VS2017 v15.?.? build 25930) 22
Imports (VS2017 v15.?.? build 25930) 4
C++ objects (9254) 2
Imports (VS2017 v15.?.? build 25203) 11
Total imports 240
265 (VS2017 v15.6.6 compiler 26131) 33
Exports (VS2017 v15.6.6 compiler 26131) 1
Resource objects (VS2017 v15.6.6 compiler 26131) 1
Linker (VS2017 v15.6.6 compiler 26131) 1

Errors

<-- -->