dab14b84946aa4eacf43b7d7252f8a9a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-Jun-15 08:38:34
Detected languages English - United States
Debug artifacts C:\Users\DarkstaR\Desktop\Writing\Chatpers\Code\GameHackingExamples\bin\Chapter1_MemoryPointers.pdb

Plugin Output

Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
 Code injection capabilities (PowerLoader):
  • GetWindowLongA
  • FindWindowA
 Uses functions commonly found in keyloggers:
  • GetForegroundWindow
  • MapVirtualKeyA
 Can take screenshots:
  • GetDC
  • FindWindowA
  • CreateCompatibleDC
Safe VirusTotal score: 0/61 (Scanned on 2017-04-01 08:30:43) All the AVs think this file is safe.

Hashes

MD5 dab14b84946aa4eacf43b7d7252f8a9a
SHA1 3ba76f279601bf1256e5608e7d3bfcd517df86fe
SHA256 c7ccefda9189da8d1751b3c11b3ad9d0a40fe74a843cefc3ce4a2b5247f08247
SHA3 d34e96403b7830591daaf13c71a75cff60bba7dadb96cef9a2d4b170b418a044
SSDeep 24576:2O4lRLkyOBXzlpV1nmwZHP0SRUTnnPppqa+LyZjf:VvMSecL
Imports Hash 9a4874d18563b7051abdbca6b23ce14c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2016-Jun-15 08:38:34
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0xc8800
SizeOfInitializedData 0x37e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000813AA (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xca000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x10c000
SizeOfHeaders 0x400
Checksum 0x1082f7
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0c679c29a40332dc972ca955965e9a9f
SHA1 6e94f53f8f53c185390f8a1d7264bf304e9d92d8
SHA256 d633e50fc6205fb4095c981fb3aaec13e4c6bf082b902ad5c05141af626124e6
SHA3 f0eb8e08910f997be0773e0b6e1de8be54dd5185da352496308294f9cafe2caf
VirtualSize 0xc867d
VirtualAddress 0x1000
SizeOfRawData 0xc8800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.57601

.rdata

MD5 c0e6852b89ed7d87ef8157c4a3a6e519
SHA1 9ea26ea6855328a01d7ab10b283b76654e828bc1
SHA256 9866d453ad650cf482c37f4819b4bd062719b09a166fe703812de16f088f9646
SHA3 26ef9548cee572bcdd87111de62402c98390ca43b4a9f4965c7f27305c0fdefd
VirtualSize 0x193d0
VirtualAddress 0xca000
SizeOfRawData 0x19400
PointerToRawData 0xc8c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.35707

.data

MD5 ef5494f2887981dd8f696f43218aaacd
SHA1 1ea5b9744ade2af149deb41dfec0231225d40fcc
SHA256 52032389467b03871123d964c477ca764239520f0bfa835b12faa81ea486a3a3
SHA3 cb5d55a3a5ee7457e69b0870ff24b3e3ab5e6dffd02e378bfe5e1cc6ec5362c5
VirtualSize 0x1b2c4
VirtualAddress 0xe4000
SizeOfRawData 0x14a00
PointerToRawData 0xe2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.17521

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0xe9
VirtualAddress 0x100000
SizeOfRawData 0x200
PointerToRawData 0xf6a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 2f10a5124d06cd5c1bb21ecfab37c898
SHA1 1484b8b91e4dfe88262145afd8a27f112a42b939
SHA256 99e8b8db4eeb148345e5ee35f830d369a3b2852e65da374d79ce271ab23fbd01
SHA3 3e62a758fded2f237694015d46039b9883d15d35c5befad89ecbeb842371a9e5
VirtualSize 0x1b4
VirtualAddress 0x101000
SizeOfRawData 0x200
PointerToRawData 0xf6c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.10872

.reloc

MD5 a8dec9f44b6fb444e067e1a77111967e
SHA1 7c998120f738a60fcc3cfbcf56b8baacf1526967
SHA256 718b6eaf2290fbbf60fe1548df1d2bb51256bbda4ae7270dd0b50d5ad2308013
SHA3 ba74a9a57cb36deb6b034c1c1cee22b954c828f6e36e7563fa2258dfcb1f21ac
VirtualSize 0x9a70
VirtualAddress 0x102000
SizeOfRawData 0x9c00
PointerToRawData 0xf6e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.66166

Imports

OPENGL32.dll glOrtho
glGetBooleanv
glLoadIdentity
glMatrixMode
glViewport
wglGetProcAddress
glGetString
wglDeleteContext
glPixelTransferi
glPushMatrix
glRasterPos2f
glDrawPixels
glPopMatrix
glTexSubImage2D
glReadPixels
glGetTexImage
glGenTextures
glGetError
glTexParameteri
glPushClientAttrib
glTexImage2D
glPixelStorei
glPopClientAttrib
glDeleteTextures
glCopyTexSubImage2D
glTranslatef
glMultMatrixf
wglMakeCurrent
glDrawElements
glColor4f
wglCreateContext
wglGetCurrentDC
wglGetCurrentContext
glFlush
glGetIntegerv
glScissor
glEnable
glDisable
glBlendFunc
glClear
glClearColor
glDisableClientState
glDrawArrays
glColorPointer
glVertexPointer
glEnableClientState
glTexCoordPointer
glBindTexture
glLoadMatrixf
WINMM.dll timeBeginPeriod
timeEndPeriod
timeGetTime
SHLWAPI.dll PathFindOnPathA
PSAPI.DLL GetModuleFileNameExA
MSVCR100.dll memcpy
_CIsin
_CIcos
_endthreadex
_beginthreadex
abort
malloc
free
realloc
calloc
tolower
strncat
isspace
strrchr
getenv
memmove
fflush
_errno
__iob_func
wcsrchr
_wfullpath
_findclose
_wfindnext64i32
_wfindfirst64i32
_wstat64i32
_wgetcwd
_wchdir
_wmkdir
_wunlink
_wrmdir
_snwprintf
_wfopen
fgetc
fwrite
ftell
fseek
feof
ferror
clearerr
ungetc
toupper
memchr
_vsnprintf
_beginthread
qsort
strstr
strtol
strchr
strncmp
_CIfmod
ceil
floor
_hypotf
_CIsqrt
_CIasin
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
memset
_time64
atol
??2@YAPAXI@Z
fclose
??3@YAXPAX@Z
fread
fopen
sprintf
_fdopen
_unlink
_close
_open
longjmp
strncpy
_setjmp3
vfprintf
KERNEL32.dll Sleep
GetCommandLineA
GetCurrentProcess
GetTempPathA
GetLastError
LoadLibraryA
InitializeCriticalSection
QueryPerformanceFrequency
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
FormatMessageA
WaitForMultipleObjects
CreateWaitableTimerA
SetWaitableTimer
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
CreateEventA
SetEvent
GetVersionExA
GetFileAttributesW
FreeLibrary
GetProcAddress
QueryPerformanceCounter
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
CloseHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
USER32.dll PostMessageA
DefWindowProcA
TrackMouseEvent
GetRawInputData
GetForegroundWindow
SetCursor
LoadCursorA
EndPaint
GetCapture
GetUpdateRgn
DestroyWindow
RegisterWindowMessageA
RegisterClassA
GetDC
ReleaseDC
ChangeDisplaySettingsA
UpdateWindow
SystemParametersInfoA
GetKeyState
ToUnicode
GetKeyboardState
MapVirtualKeyA
SetCursorPos
ClientToScreen
CreateIconIndirect
MessageBoxW
GetWindowTextLengthA
SendMessageW
SetWindowTextA
GetClientRect
InvalidateRect
PostQuitMessage
IsWindow
TranslateMessage
CreateWindowExW
UnregisterClassA
SetCapture
ReleaseCapture
GetWindowLongA
SetWindowLongA
ShowWindow
GetSystemMenu
DeleteMenu
DrawMenuBar
CreateWindowExA
AdjustWindowRectEx
SetWindowPos
SetForegroundWindow
PeekMessageA
GetMessageA
DispatchMessageA
ChangeDisplaySettingsExA
GetWindowInfo
SendMessageA
GetWindowRect
ClipCursor
FindWindowA
GetSystemMetrics
DestroyIcon
GetWindowThreadProcessId
MoveWindow
PostThreadMessageA
EnumDisplayDevicesA
GetCursorPos
EnumDisplaySettingsA
BeginPaint
GDI32.dll ChoosePixelFormat
CreateRectRgn
SwapBuffers
StretchDIBits
GetRegionData
DescribePixelFormat
SetPixelFormat
CreateCompatibleDC
GetStockObject
CreateFontA
DeleteObject
CreateBitmap
CreateCompatibleBitmap
SelectObject
SetPixel
DeleteDC
COMDLG32.dll GetOpenFileNameA
GetSaveFileNameA
SHELL32.dll SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFolderPathA
ole32.dll CoInitialize
CoUninitialize

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x15a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.79597
MD5 24d3b502e1846356b0263f945ddd5529
SHA1 bac45b86a9c48fc3756a46809c101570d349737d
SHA256 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
SHA3 1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2016-Jun-15 08:38:34
Version 0.0
SizeofData 124
AddressOfRawData 0xe1b38
PointerToRawData 0xe0738
Referenced File C:\Users\DarkstaR\Desktop\Writing\Chatpers\Code\GameHackingExamples\bin\Chapter1_MemoryPointers.pdb

TLS Callbacks

StartAddressOfRawData 0x500000
EndAddressOfRawData 0x5000e8
AddressOfIndex 0x4fe27c
AddressOfCallbacks 0x4ca4c0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x4f6cbc
SEHandlerTable 0x4e1bc0
SEHandlerCount 1

RICH Header

XOR Key 0x36f94ecd
Unmarked objects 0
152 (20115) 4
Imports (VS2010 SP1 build 40219) 2
ASM objects (VS2010 SP1 build 40219) 7
C++ objects (VS2010 SP1 build 40219) 5
C objects (VS2010 SP1 build 40219) 113
Imports (VS2008 SP1 build 30729) 21
Total imports 282
175 (VS2010 SP1 build 40219) 1
Linker (VS2010 SP1 build 40219) 1

Errors

<-- -->