cfdc91f2c61b7fa0d1f7abcc54107e83

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Aug-21 11:55:57
Detected languages English - United States
Debug artifacts C:\Users\stan\RiderProjects\PG3DUnlock\x64\Release\PG3DUnlock.pdb

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Possibly launches other programs:
  • ShellExecuteA
 Uses functions commonly found in keyloggers:
  • GetForegroundWindow
  • GetAsyncKeyState
  • MapVirtualKeyW
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Reads the contents of the clipboard:
  • GetClipboardData
Malicious VirusTotal score: 4/72 (Scanned on 2025-09-11 07:17:55) Cynet: Malicious (score: 100)
MaxSecure: Trojan.Malware.300983.susgen
McAfeeD: ti!CF0B07BA95E1
Skyhigh: BehavesLike.Win64.Generic.gh

Hashes

MD5 cfdc91f2c61b7fa0d1f7abcc54107e83
SHA1 194b91876dc471c8a642b27f6c5a4c9f0768de1c
SHA256 cf0b07ba95e14e7f8f3a68a9f191af166fc18a4bf7b6e8657099053592bb13ca
SHA3 7ac1141ade507110d1167cb76dc82af02bcd549b83d99ac1d8fdda534c2a3db1
SSDeep 12288:xJGk8kobpwFAUutvesm4l8A4o5bnIPKAu:xJqt9m42Ax5bnIPKR
Imports Hash 15d89fe79adaf4ab89817c8cf68583e9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2025-Aug-21 11:55:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x52800
SizeOfInitializedData 0x1d000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000051470 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x75000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 24854410ac8c3555cddb4d21fb0cd8f1
SHA1 81fe377f0f633500bc174cf4ecbf5cfb989f29d0
SHA256 b2388667f0e62ebd65825826749a5eb77edc400c1856871951fa320306bd2a9e
SHA3 0622c6f2a158e5c40d1564ca02e03010b8f5ab429334383ab71737d5c8fc1458
VirtualSize 0x52693
VirtualAddress 0x1000
SizeOfRawData 0x52800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.47981

.rdata

MD5 6d3bfe63702e3c06d3f660f7bac2fcab
SHA1 1ecfbb25b3d15a69a7a7ed6503e380b00d7f4e05
SHA256 0669e44c11ee9329b54600e53cede345503aa7ed052b2282e754cbbc09aa7a50
SHA3 5ab14906c097009f9aa7a791b2fea4acf89f8549edaeb2d84c44bce975257f01
VirtualSize 0x14dea
VirtualAddress 0x54000
SizeOfRawData 0x14e00
PointerToRawData 0x52c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.11177

.data

MD5 c74cac0e76af6e826a08ac9098565d75
SHA1 73022602fefa0a3f2569e1a92a08968c61b081b0
SHA256 1c24a2375fd010e3871b41ec48a41a3a1d94953be387fb09fdf0ee55fb2866bb
SHA3 b5242062d4d5e79ff8cfa4a0e6b44e100d2f786998d579868da8e994f58377b3
VirtualSize 0x1210
VirtualAddress 0x69000
SizeOfRawData 0x600
PointerToRawData 0x67a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.20424

.pdata

MD5 280d2593e4de586e9d3aaa770f45f02e
SHA1 61e51c87daf98adb941277178e593b131a266b52
SHA256 44107697b818e545d0190d7333c3cf1f64d0f9aff27b1b411cb4bc091cac147a
SHA3 9fef74009ed3e18be40759fc4a2807783f058d88f925b5812bc8a5f1b67d115f
VirtualSize 0x3f90
VirtualAddress 0x6b000
SizeOfRawData 0x4000
PointerToRawData 0x68000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.76975

.detourc

MD5 058941b0fbbbe20f6599bb05b50f9aab
SHA1 dcce650259683c8bd1858d16318ddf931b69902b
SHA256 a762c173cee5b5973c18a888e92333d3c63ae7200927289e2e863f5feabd76ef
SHA3 1abedea91482445908cf1282a6e2d958e5f34d5533fa872a63c87e6f8c7f34ec
VirtualSize 0x21c0
VirtualAddress 0x6f000
SizeOfRawData 0x2200
PointerToRawData 0x6c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.72557

.detourd

MD5 edda25907019e5cc74c177f6952e5e4b
SHA1 7a4f78401ecb1ae9f682732465ae6077089ebb13
SHA256 67edb63255622d74f26750550ba3dd665fbccf95fd0ab08e4a26ba7d8ac3a162
SHA3 f4a44987a5bb73b0e511a980a6e46723e30252562c97bcd39a080b05991cde7d
VirtualSize 0x18
VirtualAddress 0x72000
SizeOfRawData 0x200
PointerToRawData 0x6e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.116115

.rsrc

MD5 910c6b3897e59ea42e6cad767415b826
SHA1 398a56e075363780803bea5bdf79a2a6e232d1f5
SHA256 4fc364ea185547802883d881c08de8896f392987d4f4881f49aa796b97a6b92d
SHA3 0904747a8be2b594ae0171903f636069aed060467784fc217ddf798d1e88cef8
VirtualSize 0x1e0
VirtualAddress 0x73000
SizeOfRawData 0x200
PointerToRawData 0x6e400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71839

.reloc

MD5 1a92af72311a50cdcbaae84091669dcf
SHA1 d0722a702fc26b3ac627a403bb94ef6ab2d010db
SHA256 3405edb9abd290ca8bf3c9856857bd0d60ea27218fda46fe4a1cf5ce3ce70ae6
SHA3 2c189c0c623c814adda15217dcde033895883a2662d60297af997db508a04726
VirtualSize 0x6c4
VirtualAddress 0x74000
SizeOfRawData 0x800
PointerToRawData 0x6e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.99648

Imports

KERNEL32.dll SuspendThread
AllocConsole
GetConsoleWindow
GetModuleHandleW
GetProcAddress
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WakeAllConditionVariable
ResumeThread
GetThreadContext
SetThreadContext
IsBadReadPtr
VirtualAlloc
GetModuleHandleA
VirtualFree
VirtualQuery
SetLastError
CloseHandle
WaitForSingleObject
CreateEventA
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
GetLocaleInfoA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCurrentThreadId
WideCharToMultiByte
GetCurrentThread
FlushInstructionCache
K32GetModuleInformation
SleepConditionVariableSRW
Sleep
VirtualProtect
GetLastError
GetCurrentProcess
USER32.dll LoadCursorA
SetCursor
SetCursorPos
GetCursorPos
GetForegroundWindow
IsWindowUnicode
ShowCursor
PostQuitMessage
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetMessageExtraInfo
TrackMouseEvent
GetKeyboardLayout
ClientToScreen
GetAsyncKeyState
GetActiveWindow
RegisterClassExW
UnregisterClassW
ScreenToClient
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
MapVirtualKeyW
CallWindowProcW
DefWindowProcW
ShowWindow
EmptyClipboard
OpenClipboard
CloseClipboard
GetClientRect
SetClipboardData
ClipCursor
GetClipboardData
MSVCP140.dll ?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Query_perf_counter
_Thrd_detach
_Thrd_join
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?good@ios_base@std@@QEBA_NXZ
_Mtx_lock
_Mtx_unlock
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Xbad_alloc@std@@YAXXZ
_Query_perf_frequency
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Id_cnt@id@locale@std@@0HA
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
D3DCOMPILER_47.dll D3DCompile
IMM32.dll ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetContext
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __std_terminate
__C_specific_handler
memcpy
memset
__std_exception_copy
__std_exception_destroy
strstr
memchr
memmove
memcmp
_CxxThrowException
__current_exception
__current_exception_context
__std_type_info_destroy_list
api-ms-win-crt-runtime-l1-1-0.dll _initterm
_beginthreadex
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
terminate
_initterm_e
_invalid_parameter_noinfo_noreturn
_cexit
_invoke_watson
api-ms-win-crt-convert-l1-1-0.dll strtol
atof
api-ms-win-crt-stdio-l1-1-0.dll fread
fflush
fclose
_wfopen
freopen_s
fseek
__stdio_common_vsprintf
ftell
__stdio_common_vsscanf
__stdio_common_vfprintf
fwrite
__acrt_iob_func
__stdio_common_vsprintf_s
api-ms-win-crt-heap-l1-1-0.dll _callnewh
calloc
free
malloc
api-ms-win-crt-string-l1-1-0.dll strncmp
strncpy
strcmp
api-ms-win-crt-utility-l1-1-0.dll qsort
api-ms-win-crt-math-l1-1-0.dll sqrtf
fmodf
log
logf
pow
acosf
cosf
ceilf
sinf
powf
SHELL32.dll ShellExecuteA

Delayed Imports

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2025-Aug-21 11:55:57
Version 0.0
SizeofData 90
AddressOfRawData 0x604cc
PointerToRawData 0x5f0cc
Referenced File C:\Users\stan\RiderProjects\PG3DUnlock\x64\Release\PG3DUnlock.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2025-Aug-21 11:55:57
Version 0.0
SizeofData 20
AddressOfRawData 0x60528
PointerToRawData 0x5f128

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Aug-21 11:55:57
Version 0.0
SizeofData 892
AddressOfRawData 0x6053c
PointerToRawData 0x5f13c

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2025-Aug-21 11:55:57
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x1800608d8
EndAddressOfRawData 0x1800608e0
AddressOfIndex 0x1800696ac
AddressOfCallbacks 0x1800547c0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1800690c0

RICH Header

XOR Key 0xdb758e6e
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 14
ASM objects (35207) 4
C objects (35207) 8
C++ objects (35207) 26
Imports (35207) 6
C++ objects (34120) 11
Imports (33140) 15
Total imports 244
C++ objects (LTCG) (35214) 9
Resource objects (35214) 1
Linker (35214) 1

Errors