d4dd8ebb30850fc320061cd61b8ef0a8ce3313eab26b8c9120f7e667b9f126b8

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-May-04 16:38:11
Detected languages English - United States
Debug artifacts C:\Users\mobil\Downloads\FiveM External Base_[unknowncheats.me]_\FiveM External Base\x64\Release\CFramework.pdb

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
  • FindWindowA
 Code injection capabilities (PowerLoader):
  • GetWindowLongA
  • FindWindowA
 Uses functions commonly found in keyloggers:
  • GetAsyncKeyState
  • GetForegroundWindow
 Manipulates other processes:
  • OpenProcess
  • ReadProcessMemory
  • WriteProcessMemory
 Reads the contents of the clipboard:
  • GetClipboardData
Malicious VirusTotal score: 31/69 (Scanned on 2026-06-06 02:33:39) ALYac: Application.Generic.5061333
APEX: Malicious
Antiy-AVL: Trojan/Win32.Agent
Arcabit: Application.Generic.D4D3AD5
BitDefender: Application.Generic.5061333
Bkav: W32.Malware.E2A26148
CTX: exe.trojan.generic
CrowdStrike: win/malicious_confidence_70% (W)
Cylance: Unsafe
DeepInstinct: MALICIOUS
ESET-NOD32: Win64/GameHack.KE potentially unsafe application
Elastic: malicious (high confidence)
Emsisoft: Application.Generic.5061333 (B)
Fortinet: Adware/GameHack
GData: Application.Generic.5061333
Google: Detected
Lionic: Trojan.Win32.Generic.4!c
Malwarebytes: Malware.AI.4264098717
MaxSecure: Trojan.Malware.324995110.susgen
McAfeeD: ti!D4DD8EBB3085
MicroWorld-eScan: Application.Generic.5061333
Microsoft: Trojan:Win32/Kepavll!rfn
Paloalto: generic.ml
Rising: Trojan.Kryptik@AI.95 (RDML:777lVBfsaE65Co4FQvw0GQ)
SentinelOne: Static AI - Suspicious PE
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
TrellixENS: Artemis!31D95CD864BB
TrendMicro-HouseCall: Trojan.Win64.Gen.TL0101E926ZU
VIPRE: Application.Generic.5061333
Varist: W64/ABTrojan.YMHE-2166

Hashes

MD5 31d95cd864bb324769dad795781cf9f8
SHA1 02055cdc102513d976e8dc3b6fe831c735c16acc
SHA256 d4dd8ebb30850fc320061cd61b8ef0a8ce3313eab26b8c9120f7e667b9f126b8
SHA3 47dbe920436d8f9c78749a08089b7d68ea74048c07a878d62f7252339e22d2ab
SSDeep 6144:OooGB4LK1P9sCYYAKnAgHn/0tMOp/WIvF+SHrueRAuYAmnj6TXE60:v6xMAgfTiULqmnj+b
Imports Hash b309e5de92ee57eaa01dc55ee4b90c2b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2026-May-04 16:38:11
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x61400
SizeOfInitializedData 0x18200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000610C4 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x7d000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 acbdab982426a6b2ee0dc5bc52ccb302
SHA1 3210d927074bda457551e26ffefda9c37c0ce361
SHA256 9d003f2771d7600953d056c466137982167905b70b2f7c3ead04fd3a05d16d19
SHA3 170fc8840f92ba6b7422dd5fb3e352b789c0a04563a9206e2fe8ea814bf15bb0
VirtualSize 0x6121c
VirtualAddress 0x1000
SizeOfRawData 0x61400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.5064

.rdata

MD5 2d289a28132dfe6eaf52f960b603cdec
SHA1 222d33e4043caf5a267abc636140fdc8e205a0d9
SHA256 086af38d8108f041f29cc5157430238c21f6d181a49c1a925c0cf4b1582c115e
SHA3 76b92b8e6c1f4ebf1aae46a41259fd5ebb46e0d9b698f429ee7602ab15513fa7
VirtualSize 0x12f20
VirtualAddress 0x63000
SizeOfRawData 0x13000
PointerToRawData 0x61800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.09682

.data

MD5 9f75f43484f24921e4640eb039228d63
SHA1 9f6c211de86218da0f04636e4ba011d699e7eabd
SHA256 63a3f24d82d66d5dff4eda4f82d53010ae3c319dda519e60d311a26d19f39c6b
SHA3 69983258f2e30bcc492f07f5b6d96130106600e63a9376e4253bd0ce835d7653
VirtualSize 0xaa0
VirtualAddress 0x76000
SizeOfRawData 0x400
PointerToRawData 0x74800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.92259

.pdata

MD5 77fc929230dc5f6b44bea825ffeb6bd3
SHA1 aae67a9a4d5fb32a75ac972295ac4b7190dce213
SHA256 afdcf302d4d8302edc0fba5f1523199be961cda2fb1ed937fd6c0a0d634a4e94
SHA3 d3b5ea053f16a04c64d2816ee76b5bea2d65bc022112d7b3d57690c4cee7a8aa
VirtualSize 0x3f90
VirtualAddress 0x77000
SizeOfRawData 0x4000
PointerToRawData 0x74c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.86776

.rsrc

MD5 d87d2d1418f12908b25a23b8f1593395
SHA1 b2ec6d5739cb6379d3bab99cea371227907c395a
SHA256 e6fccc29453d2f7c3b08449101f0b1ac47babe522c0231391244ea1502baf105
SHA3 5542006a3f72d43c32d287d298a741708f06768d623095d768f5dc7cea9f7315
VirtualSize 0x1e0
VirtualAddress 0x7b000
SizeOfRawData 0x200
PointerToRawData 0x78c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71768

.reloc

MD5 4963cb6f0204e35d9b0cc0dbda07595c
SHA1 3dddae6909cb5106ba727e18a49f60d1c1086c61
SHA256 bfa366bfa58cbcaed4a357553688bc3bac16a90de2b3abe7cda13788b4359500
SHA3 99f9194709a6c017dff08b379cd2cc826ab20d65362257fda92531649b0702e1
VirtualSize 0x35c
VirtualAddress 0x7c000
SizeOfRawData 0x400
PointerToRawData 0x78e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.6926

Imports

KERNEL32.dll GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
CreateToolhelp32Snapshot
CloseHandle
Module32Next
OpenProcess
AcquireSRWLockExclusive
WakeAllConditionVariable
MultiByteToWideChar
GlobalUnlock
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
K32GetModuleBaseNameA
ReadProcessMemory
GetModuleHandleA
WideCharToMultiByte
GlobalLock
GlobalFree
RtlCaptureContext
GlobalAlloc
Sleep
SleepConditionVariableSRW
WriteProcessMemory
ReleaseSRWLockExclusive
USER32.dll SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
RegisterClassExA
SetWindowDisplayAffinity
GetWindowLongA
SetWindowLongA
ShowWindow
SetWindowPos
TranslateMessage
DestroyWindow
DispatchMessageA
GetWindowThreadProcessId
GetAsyncKeyState
PeekMessageA
UpdateWindow
SetForegroundWindow
GetKeyState
GetMessageExtraInfo
GetWindowDisplayAffinity
UnregisterClassA
PostQuitMessage
FindWindowA
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
MessageBoxA
GetKeyboardLayout
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
IsWindowUnicode
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
MSVCP140.dll ?_Xlength_error@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
IMM32.dll ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
D3DCOMPILER_47.dll D3DCompile
dwmapi.dll DwmExtendFrameIntoClientArea
d3d11.dll D3D11CreateDeviceAndSwapChain
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll __C_specific_handler
_CxxThrowException
memset
memcpy
memcmp
__current_exception_context
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
memmove
memchr
__current_exception
api-ms-win-crt-runtime-l1-1-0.dll _get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_configure_narrow_argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_invoke_watson
_beginthreadex
_crt_atexit
_set_app_type
terminate
api-ms-win-crt-stdio-l1-1-0.dll ftell
__stdio_common_vsprintf_s
__stdio_common_vfprintf
fflush
fseek
__stdio_common_vsprintf
_wfopen
fwrite
__acrt_iob_func
__p__commode
_set_fmode
fclose
fread
__stdio_common_vsscanf
api-ms-win-crt-utility-l1-1-0.dll qsort
api-ms-win-crt-string-l1-1-0.dll strncpy
strcmp
strncmp
api-ms-win-crt-heap-l1-1-0.dll free
_callnewh
_set_new_mode
malloc
api-ms-win-crt-convert-l1-1-0.dll atof
api-ms-win-crt-math-l1-1-0.dll sinf
sqrtf
powf
acosf
atan2f
logf
ceilf
fmodf
cosf
__setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2026-May-04 16:38:11
Version 0.0
SizeofData 136
AddressOfRawData 0x6db28
PointerToRawData 0x6c328
Referenced File C:\Users\mobil\Downloads\FiveM External Base_[unknowncheats.me]_\FiveM External Base\x64\Release\CFramework.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2026-May-04 16:38:11
Version 0.0
SizeofData 20
AddressOfRawData 0x6dbb0
PointerToRawData 0x6c3b0

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2026-May-04 16:38:11
Version 0.0
SizeofData 892
AddressOfRawData 0x6dbc4
PointerToRawData 0x6c3c4

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2026-May-04 16:38:11
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x14006df60
EndAddressOfRawData 0x14006df68
AddressOfIndex 0x140076898
AddressOfCallbacks 0x140063628
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140076040

RICH Header

XOR Key 0xe8358d7
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 16
ASM objects (35207) 4
C objects (35207) 10
C++ objects (35207) 30
Imports (35207) 6
Imports (33145) 15
Total imports 183
C++ objects (LTCG) (35226) 18
Resource objects (35226) 1
Linker (35226) 1

Errors

Leave a comment

No comments yet.