Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2024-Jun-20 22:30:20 |
Detected languages |
Chinese - PRC
English - United States |
CompanyName | 3DMGAME |
FileDescription | Elden Ring v1.02-v1.12 Plus 35 Trainer |
FileVersion | 1.0.0.0 |
InternalName | Elden Ring v1.02-v1.12 Plus 35 Trainer |
LegalCopyright | FLiNG Copyright (C) 2024 |
OriginalFilename | Elden Ring v1.02-v1.12 Plus 35 Trainer.exe |
ProductName | Elden Ring v1.02-v1.12 Plus 35 Trainer |
ProductVersion | 1.0.982.10 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. |
Resource 117 is possibly compressed or encrypted.
Resource 250 detected as a PE Executable. Resource 101 is possibly compressed or encrypted. |
Malicious | VirusTotal score: 16/72 (Scanned on 2024-12-29 08:05:36) |
APEX:
Malicious
Antiy-AVL: RiskWare/Win64.Gamehack CTX: exe.hacktool.generic ClamAV: Win.Dropper.GameHack-9917263-0 CrowdStrike: win/grayware_confidence_90% (D) Cylance: Unsafe DeepInstinct: MALICIOUS ESET-NOD32: a variant of Win64/GameHack.BT potentially unsafe Elastic: malicious (high confidence) Fortinet: Adware/GameHack Google: Detected Gridinsoft: Hack.Win64.GameHack.cl Malwarebytes: GameHack.Riskware.Agent.DDS MaxSecure: Trojan.Malware.216064600.susgen Paloalto: generic.ml Skyhigh: BehavesLike.Win64.Generic.th |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x128 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2024-Jun-20 22:30:20 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xa4e00 |
SizeOfInitializedData | 0xc8e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000078528 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x171000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetCurrentProcessId
LoadLibraryW GetProcAddress GetLastError CreateFileW WriteFile InitializeCriticalSectionEx DeleteCriticalSection GetModuleHandleW DecodePointer GetModuleFileNameW HeapAlloc HeapFree HeapReAlloc HeapSize GetProcessHeap CreateProcessW GetTickCount GetTempPathW WaitNamedPipeW ReadFile GetModuleHandleA LoadLibraryA GetPrivateProfileStringW Sleep FindResourceW LoadResource SizeofResource LockResource GetFileAttributesW LoadLibraryExW FreeLibrary MultiByteToWideChar WinExec GetCurrentProcess IsWow64Process GetTickCount64 SetLastError ResumeThread WaitForSingleObject GetFileSizeEx LocalFree CreateDirectoryW SetEndOfFile WriteConsoleW SetStdHandle FreeEnvironmentStringsW GetEnvironmentStringsW MapViewOfFile CreateFileMappingW UnmapViewOfFile WritePrivateProfileStringW CloseHandle GetCommandLineW GetCommandLineA FindNextFileW FindFirstFileExW FindClose GetOEMCP GetACP IsValidCodePage EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetLocaleInfoW LCMapStringW FlsFree FlsSetValue FlsGetValue FlsAlloc ReadConsoleW GetConsoleMode GetConsoleOutputCP FlushFileBuffers SetFilePointerEx WideCharToMultiByte GetStringTypeW ReleaseSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive GetCurrentThreadId WaitForSingleObjectEx GetExitCodeThread EnterCriticalSection LeaveCriticalSection EncodePointer CompareStringEx GetCPInfo LCMapStringEx QueryPerformanceCounter WakeAllConditionVariable SleepConditionVariableSRW GetSystemTimeAsFileTime RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW InitializeSListHead OutputDebugStringW RaiseException RtlUnwindEx RtlPcToFileHeader InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree CreateThread ExitThread FreeLibraryAndExitThread GetModuleHandleExW ExitProcess GetStdHandle GetFileType RtlUnwind |
---|---|
USER32.dll |
MessageBoxA
SetProcessDPIAware MessageBoxW |
ADVAPI32.dll |
SetEntriesInAclW
ConvertStringSidToSidW GetNamedSecurityInfoW SetNamedSecurityInfoW |
SHELL32.dll |
SHGetFolderPathW
ShellExecuteW |
ole32.dll |
CoInitializeEx
CoUninitialize |
OLEAUT32.dll |
SysFreeString
SysAllocString VariantInit SafeArrayCreate SafeArrayAccessData SafeArrayUnaccessData |
mscoree.dll |
CLRCreateInstance
CorBindToRuntime |
WININET.dll |
InternetOpenUrlA
InternetOpenA InternetReadFile |
VERSION.dll |
GetFileVersionInfoSizeW
GetFileVersionInfoW VerQueryValueW |
WINMM.dll |
PlaySoundW
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.0 |
ProductVersion | 1.0.0.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
CompanyName | 3DMGAME |
FileDescription | Elden Ring v1.02-v1.12 Plus 35 Trainer |
FileVersion (#2) | 1.0.0.0 |
InternalName | Elden Ring v1.02-v1.12 Plus 35 Trainer |
LegalCopyright | FLiNG Copyright (C) 2024 |
OriginalFilename | Elden Ring v1.02-v1.12 Plus 35 Trainer.exe |
ProductName | Elden Ring v1.02-v1.12 Plus 35 Trainer |
ProductVersion (#2) | 1.0.982.10 |
Resource LangID | Chinese - PRC |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Jun-20 22:30:20 |
Version | 0.0 |
SizeofData | 1048 |
AddressOfRawData | 0xd23a0 |
PointerToRawData | 0xd15a0 |
StartAddressOfRawData | 0x1400d2800 |
---|---|
EndAddressOfRawData | 0x1400d2808 |
AddressOfIndex | 0x1400e1c98 |
AddressOfCallbacks | 0x1400a6708 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1400df0c0 |
XOR Key | 0x64326a1 |
---|---|
Unmarked objects | 0 |
ASM objects (28900) | 5 |
C++ objects (28900) | 179 |
C objects (28900) | 16 |
Unmarked objects (#2) | 1 |
C objects (33218) | 16 |
ASM objects (33218) | 18 |
C++ objects (33218) | 97 |
Imports (VS2008 build 21022) | 2 |
Imports (28900) | 19 |
Total imports | 186 |
C++ objects (VS2022 Update 6 (17.6.4) compiler 32537) | 30 |
C++ objects (LTCG) (33523) | 18 |
Resource objects (33523) | 1 |
151 | 1 |
Linker (33523) | 1 |