Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Jul-14 12:46:19 |
Detected languages |
English - United States
|
Debug artifacts |
E:\cheat's\AlNa\Новая папка\Release\AlterNative.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE contains functions most legitimate programs don't use. |
Functions which can be used for anti-debugging purposes:
|
Malicious | VirusTotal score: 40/72 (Scanned on 2020-06-15 17:44:44) |
MicroWorld-eScan:
Trojan.GenericKD.32415714
FireEye: Generic.mg.7bf4c44d0f7041fe McAfee: RDN/Generic.fdj Cylance: Unsafe Zillya: Trojan.GameHack.Win32.365 Alibaba: HackTool:Win32/Generic.fb85980f K7GW: Unwanted-Program ( 0053c0c21 ) K7AntiVirus: Unwanted-Program ( 0053c0c21 ) Arcabit: Trojan.Generic.D1EE9FE2 Invincea: heuristic Symantec: Trojan.Gen.2 APEX: Malicious Kaspersky: UDS:DangerousObject.Multi.Generic BitDefender: Trojan.GenericKD.32415714 Rising: Trojan.Tiggre!8.ED98 (CLOUD) Ad-Aware: Trojan.GenericKD.32415714 Emsisoft: Trojan.GenericKD.32415714 (B) Comodo: Malware@#ahl2acq9bi4h VIPRE: Trojan.Win32.Generic!BT TrendMicro: TROJ_GEN.R002C0PD920 McAfee-GW-Edition: BehavesLike.Win32.Generic.hh Sophos: Harmony Loader (PUA) Webroot: W32.Trojan.GenKD Fortinet: Riskware/GameHack Antiy-AVL: Trojan/Win32.Wacatac Endgame: malicious (high confidence) Microsoft: Trojan:Win32/Occamy.C69 AegisLab: Trojan.Win32.Generic.4!c ZoneAlarm: UDS:DangerousObject.Multi.Generic AhnLab-V3: Malware/Win32.RL_Generic.R281282 VBA32: Trojan.Occamy ALYac: Trojan.GenericKD.32415714 MAX: malware (ai score=94) ESET-NOD32: a variant of Win32/GameHack.EDA potentially unsafe TrendMicro-HouseCall: TROJ_GEN.R002C0PD920 Yandex: Riskware.Agent! SentinelOne: DFI - Malicious PE eGambit: Trojan.Generic GData: Trojan.GenericKD.32415714 Panda: Trj/Genetic.gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x110 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Jul-14 12:46:19 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x5ac00 |
SizeOfInitializedData | 0x90e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0005A520 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5c000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xef000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
WritePrivateProfileStringA
GetPrivateProfileStringA lstrcpynA lstrcmpA GlobalAlloc GlobalFree GlobalLock GlobalUnlock QueryPerformanceFrequency QueryPerformanceCounter Sleep DisableThreadLibraryCalls lstrcpyA CreateThread CreateDirectoryA IsBadReadPtr GetCurrentProcess TerminateProcess GetModuleHandleA GetProcAddress InitializeSListHead GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId IsDebuggerPresent IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetModuleHandleW CreateEventW WaitForSingleObjectEx ResetEvent SetEvent DeleteCriticalSection LeaveCriticalSection EnterCriticalSection CloseHandle SetLastError lstrlenA VirtualProtect FlushInstructionCache GetTickCount |
---|---|
USER32.dll |
MessageBoxA
GetClientRect ReleaseCapture SetCursorPos SetCursor OpenClipboard CloseClipboard EmptyClipboard GetClipboardData SetClipboardData GetCursorPos ClientToScreen GetCapture GetActiveWindow ScreenToClient LoadCursorA GetKeyState FindWindowA CallWindowProcA SetWindowLongA SetCapture |
SHELL32.dll |
SHGetFolderPathA
|
MSVCP140.dll |
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ ??0_Lockit@std@@QAE@H@Z ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ?_BADOFF@std@@3_JB ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ ?always_noconv@codecvt_base@std@@QBE_NXZ ??Bid@locale@std@@QAEIXZ ?_Xlength_error@std@@YAXPBD@Z |
OPENGL32.dll |
glViewport
glEnableClientState glPopAttrib glPolygonMode glBindTexture glGenTextures glVertexPointer glEnable glScissor glDisableClientState glMatrixMode glBlendFunc glLoadIdentity glTexParameteri glPopMatrix glTexImage2D glColorPointer glDrawElements glDisable glPushMatrix glPixelStorei glOrtho glPushAttrib glGetIntegerv glDepthRange glLineWidth glClearColor glTexEnvi glGetFloatv glDepthFunc glTexCoordPointer |
IMM32.dll |
ImmSetCompositionWindow
ImmGetContext ImmReleaseContext |
VCRUNTIME140.dll |
strstr
__CxxFrameHandler3 memmove __std_terminate __std_exception_destroy __std_exception_copy memchr memset __std_type_info_destroy_list _except_handler4_common _CxxThrowException __vcrt_InitializeCriticalSectionEx memcpy |
api-ms-win-crt-runtime-l1-1-0.dll |
_seh_filter_dll
_configure_narrow_argv _initialize_narrow_environment _initialize_onexit_table _register_onexit_function _execute_onexit_table _crt_atexit _cexit terminate _initterm _initterm_e _invalid_parameter_noinfo _wassert _invalid_parameter_noinfo_noreturn _errno |
api-ms-win-crt-math-l1-1-0.dll |
_CIfmod
_libm_sse2_acos_precise _libm_sse2_cos_precise roundf _libm_sse2_log10_precise _libm_sse2_pow_precise _libm_sse2_sin_precise _libm_sse2_sqrt_precise _except1 _libm_sse2_tan_precise _dtest _CIatan2 ceil _fdtest floor _libm_sse2_atan_precise |
api-ms-win-crt-convert-l1-1-0.dll |
atof
atoi |
api-ms-win-crt-stdio-l1-1-0.dll |
__stdio_common_vsprintf_s
fflush fclose fgetc __stdio_common_vsscanf fread _wfopen __stdio_common_vsprintf fwrite __stdio_common_vfprintf fseek ftell _get_stream_buffer_pointers _fseeki64 fsetpos ungetc setvbuf fgetpos fputc |
api-ms-win-crt-utility-l1-1-0.dll |
qsort
srand rand |
api-ms-win-crt-time-l1-1-0.dll |
_time64
|
api-ms-win-crt-filesystem-l1-1-0.dll |
_access
_unlock_file _lock_file |
api-ms-win-crt-string-l1-1-0.dll |
strncpy
isprint isspace _stricmp toupper isalpha |
api-ms-win-crt-heap-l1-1-0.dll |
free
_callnewh malloc |
api-ms-win-crt-environment-l1-1-0.dll |
getenv
|
Ordinal | 1 |
---|---|
Address | 0x57b00 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jul-14 12:46:19 |
Version | 0.0 |
SizeofData | 86 |
AddressOfRawData | 0x7aca0 |
PointerToRawData | 0x79ca0 |
Referenced File | E:\cheat's\AlNa\Новая папка\Release\AlterNative.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jul-14 12:46:19 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x7acf8 |
PointerToRawData | 0x79cf8 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jul-14 12:46:19 |
Version | 0.0 |
SizeofData | 808 |
AddressOfRawData | 0x7ad0c |
PointerToRawData | 0x79d0c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jul-14 12:46:19 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x1007b044 |
---|---|
EndAddressOfRawData | 0x1007b04c |
AddressOfIndex | 0x1007f7dc |
AddressOfCallbacks | 0x1005c3c8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1007e0b0 |
SEHandlerTable | 0 |
SEHandlerCount | 0 |
XOR Key | 0xafd4a496 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 20 |
ASM objects (VS2017 v15.?.? build 25930) | 10 |
C objects (VS2017 v15.?.? build 25930) | 11 |
C++ objects (VS2017 v15.?.? build 25930) | 22 |
Imports (VS2017 v15.?.? build 25930) | 4 |
C++ objects (9254) | 2 |
Imports (VS2017 v15.?.? build 25203) | 11 |
Total imports | 240 |
265 (VS2017 v15.6.6 compiler 26131) | 33 |
Exports (VS2017 v15.6.6 compiler 26131) | 1 |
Resource objects (VS2017 v15.6.6 compiler 26131) | 1 |
Linker (VS2017 v15.6.6 compiler 26131) | 1 |