Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Nov-21 04:52:40 |
Detected languages |
English - United States
|
Debug artifacts |
F:\Documents\GitHub\output\csgo-cheat\release\csgo-release.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
Functions which can be used for anti-debugging purposes:
|
Malicious | VirusTotal score: 8/70 (Scanned on 2020-11-24 22:27:33) |
Bkav:
W32.AIDetectVM.malware1
Sangfor: Malware CrowdStrike: win/malicious_confidence_60% (D) APEX: Malicious Cynet: Malicious (score: 100) ESET-NOD32: a variant of Win32/GameHack.EPN potentially unsafe SentinelOne: Static AI - Suspicious PE Qihoo-360: Generic/HEUR/QVM30.2.6937.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-Nov-21 04:52:40 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x47600 |
SizeOfInitializedData | 0xef800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000445EF (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x49000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x13a000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetModuleHandleA
GetProcAddress GetTickCount64 LoadResource LockResource SizeofResource FindResourceA VirtualAlloc VirtualFree VirtualQuery CloseHandle HeapCreate HeapDestroy HeapAlloc HeapReAlloc HeapFree Sleep GetCurrentProcess GetCurrentProcessId GetCurrentThreadId OpenThread SuspendThread ResumeThread GetThreadContext SetThreadContext FlushInstructionCache VirtualProtect GetModuleHandleW CreateToolhelp32Snapshot Thread32First Thread32Next AllocConsole FreeConsole SetConsoleTitleA MultiByteToWideChar GetStdHandle GetVolumeInformationA CreateThread GetSystemInfo DisableThreadLibraryCalls FreeLibraryAndExitThread GetConsoleScreenBufferInfo SetConsoleScreenBufferSize SetConsoleTextAttribute GetConsoleWindow GetSystemTimeAsFileTime QueryPerformanceCounter IsDebuggerPresent IsProcessorFeaturePresent TerminateProcess SetUnhandledExceptionFilter UnhandledExceptionFilter CreateEventW WaitForSingleObjectEx ResetEvent SetEvent DeleteCriticalSection InitializeCriticalSectionAndSpinCount LeaveCriticalSection EnterCriticalSection WideCharToMultiByte SetLastError GetLastError AreFileApisANSI RemoveDirectoryW GetFileInformationByHandle GetFileAttributesExW FindNextFileW FindFirstFileExW FindClose DeleteFileW CreateFileW CreateDirectoryW FormatMessageA LocalFree InitializeSListHead |
---|---|
USER32.dll |
SetWindowLongA
GetWindowLongA MessageBoxA GetWindowRect MoveWindow FindWindowA GetAsyncKeyState GetCursorPos ScreenToClient GetKeyNameTextA |
SHELL32.dll |
SHGetKnownFolderPath
|
ole32.dll |
CoTaskMemFree
|
MSVCP140.dll |
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z ?_Xbad_function_call@std@@YAXXZ ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z _Xtime_get_ticks _Query_perf_counter _Query_perf_frequency _Thrd_sleep ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z ?always_noconv@codecvt_base@std@@QBE_NXZ ?_Winerror_map@std@@YAHH@Z ?_Syserror_map@std@@YAPBDH@Z ?uncaught_exception@std@@YA_NXZ ?id@?$numpunct@D@std@@2V0locale@2@A ?_Incref@facet@locale@std@@UAEXXZ ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z ??1facet@locale@std@@MAE@XZ ??0facet@locale@std@@IAE@I@Z ??Bid@locale@std@@QAEIXZ ?c_str@?$_Yarn@D@std@@QBEPBDXZ ?_Gettrue@_Locinfo@std@@QBEPBDXZ ?_Getfalse@_Locinfo@std@@QBEPBDXZ ??1_Locinfo@std@@QAE@XZ ??0_Locinfo@std@@QAE@PBD@Z ??1_Lockit@std@@QAE@XZ ??0_Lockit@std@@QAE@H@Z ?_Xout_of_range@std@@YAXPBD@Z ?_Xlength_error@std@@YAXPBD@Z ?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ ?_Xbad_alloc@std@@YAXXZ |
WININET.dll |
InternetCloseHandle
InternetReadFile InternetOpenUrlA InternetOpenA |
VCRUNTIME140.dll |
memchr
memcmp __current_exception memmove __CxxFrameHandler3 __std_type_info_compare __std_exception_destroy __std_exception_copy strstr _purecall _CxxThrowException __current_exception_context _except_handler4_common __std_type_info_destroy_list memset __std_terminate memcpy |
api-ms-win-crt-runtime-l1-1-0.dll |
_invalid_parameter_noinfo_noreturn
_errno _initterm_e strerror_s terminate abort _seh_filter_dll _configure_narrow_argv _initialize_narrow_environment _initialize_onexit_table _wassert _initterm _cexit _crt_atexit _execute_onexit_table _register_onexit_function |
api-ms-win-crt-heap-l1-1-0.dll |
free
realloc _callnewh malloc calloc |
api-ms-win-crt-math-l1-1-0.dll |
_fdclass
_ldclass _dclass _fdsign remainderf ceil _libm_sse2_sqrt_precise _dsign _libm_sse2_atan_precise _CIatan2 _libm_sse2_sin_precise _libm_sse2_cos_precise _hypotf _ldsign |
api-ms-win-crt-utility-l1-1-0.dll |
srand
rand |
api-ms-win-crt-time-l1-1-0.dll |
_time64
|
api-ms-win-crt-string-l1-1-0.dll |
toupper
tolower |
api-ms-win-crt-stdio-l1-1-0.dll |
fclose
__stdio_common_vsnprintf_s fwrite __acrt_iob_func fflush fgetc fputc fread fsetpos _fseeki64 setvbuf freopen_s ftell fseek _get_stream_buffer_pointers fopen __stdio_common_vsprintf ungetc fgetpos |
api-ms-win-crt-locale-l1-1-0.dll |
localeconv
___lc_codepage_func |
api-ms-win-crt-convert-l1-1-0.dll |
strtoull
strtoll atoi strtoul mbstowcs_s strtod |
api-ms-win-crt-filesystem-l1-1-0.dll |
_lock_file
remove _unlock_file |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Nov-21 04:52:40 |
Version | 0.0 |
SizeofData | 87 |
AddressOfRawData | 0x523a0 |
PointerToRawData | 0x50da0 |
Referenced File | F:\Documents\GitHub\output\csgo-cheat\release\csgo-release.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Nov-21 04:52:40 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x523f8 |
PointerToRawData | 0x50df8 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Nov-21 04:52:40 |
Version | 0.0 |
SizeofData | 800 |
AddressOfRawData | 0x5240c |
PointerToRawData | 0x50e0c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Nov-21 04:52:40 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x1005273c |
---|---|
EndAddressOfRawData | 0x10052744 |
AddressOfIndex | 0x100641ec |
AddressOfCallbacks | 0x100494d8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xb8 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x100598e4 |
SEHandlerTable | 0x100520a8 |
SEHandlerCount | 190 |
XOR Key | 0xcef659ef |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 20 |
C objects (28920) | 12 |
ASM objects (28920) | 11 |
C++ objects (28920) | 25 |
Imports (28920) | 4 |
262 (26715) | 1 |
Imports (26715) | 11 |
Total imports | 269 |
C objects (29112) | 5 |
C++ objects (29112) | 36 |
Resource objects (29112) | 1 |
151 | 1 |
Linker (29112) | 1 |