fdc2ab10bda8e5962c2d64db4d4f03d5

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2025-Feb-04 12:07:55
Detected languages English - United States
Debug artifacts C:\Users\karag\Desktop\rustapaters\stealseriesOverlay\x64\Release\steelseries_ovrly_hook.pdb
CompanyName Tsuda Kageyu
FileDescription MinHook - The Minimalistic API Hook Library for x64/x86
FileVersion 1.3.3.0
InternalName MinHookD
LegalCopyright Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved.
LegalTrademarks Tsuda Kageyu
ProductName MinHook DLL
ProductVersion 1.3.3.0

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • dearimgui.org
  • http://www.dearimgui.org
  • http://www.dearimgui.org/faq/
  • www.dearimgui.org
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
  • FindWindowA
 Uses functions commonly found in keyloggers:
  • GetAsyncKeyState
  • GetForegroundWindow
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Reads the contents of the clipboard:
  • GetClipboardData
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 fdc2ab10bda8e5962c2d64db4d4f03d5
SHA1 69af493363565799dc8d69cf2e331973aed3db13
SHA256 51a2c22d88b1fd09667d0f8c7a81f77c070ba27d8d95c8149553f8f6aaa2bbc3
SHA3 3f7ce76505c3aa51e8c03cc05d1e816226e9e8b18e3e2e572507ee3c50f1ebb7
SSDeep 12288:bIdu8F3FOcoAaOVDkUPd9LfBjQHYtsR5m9/GQ+anK:bRq3FKAaOXPTLAR5m9/kan
Imports Hash 5d525c58074f2059b7388df80098a0d5

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2025-Feb-04 12:07:55
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x90a00
SizeOfInitializedData 0x2a800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000009050C (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xbf000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b47c9782faecc8202c82568c155b7a3f
SHA1 7091f0a79b23ad350fa23436e1ee62cb1001a887
SHA256 1a4246a5ba4bcd3effe8a55db88c81017b7f39fcb389c2c250f4c8509663053a
SHA3 53b2df5fc169304c0ae97295b650195a1489c2e86160ab0ba78e38ccb5e86a1f
VirtualSize 0x9089e
VirtualAddress 0x1000
SizeOfRawData 0x90a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.44242

.rdata

MD5 f25e60a8bc67d45c39daccdeeacd7f30
SHA1 722df4e39f8fba9fa28a93d9c482599b840d91f7
SHA256 410e71a9eabf7d9d03a786d206fc31aedc0bb34b67d2bff1ca7222f8242fc88f
SHA3 f51f80fd868d13eede9bf16821f68d9548a51f70428a0870275fed3dd9902a28
VirtualSize 0x1e9f4
VirtualAddress 0x92000
SizeOfRawData 0x1ea00
PointerToRawData 0x90e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.99634

.data

MD5 92a55862e8ec52070f420c0897994b8a
SHA1 b06119f8a9d2de6507966990506ffcb1294f4d42
SHA256 cd8a7c5d884cfae23d8c777b2fff402e48cc653a35e73daf82e0c715037ab558
SHA3 0a517892b0e58e920234d39cce2a03bbbc43dd00ae01ad9e31e98f8f1b676170
VirtualSize 0x66c8
VirtualAddress 0xb1000
SizeOfRawData 0x4c00
PointerToRawData 0xaf800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.973656

.pdata

MD5 2c0e2676b0721aed219bb3572f40f4cd
SHA1 e4d4315d69f1a6eb9d9c0e111b6a50845965bc73
SHA256 21a158d87507bf0eec5309173a5885acdd23c711b3dacbec1d35fd9f9ffd10d3
SHA3 32f083ced234d5180e8969911c287b110061c3f3442b2325bfa9e4a475113ca3
VirtualSize 0x4cf8
VirtualAddress 0xb8000
SizeOfRawData 0x4e00
PointerToRawData 0xb4400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.86529

.rsrc

MD5 ff638ab007a664e78895eb5d97733d87
SHA1 aa1fb9c47ed395c84802ed5e310aaebff2bc36c0
SHA256 9f3f53033ba96e8977d765d008d2168271d1f9c955cde5f85076212da4e31012
SHA3 dce400234f8a374c5f4dec7d9bfa809817db8a55e630a1aa234964c91760657c
VirtualSize 0x580
VirtualAddress 0xbd000
SizeOfRawData 0x600
PointerToRawData 0xb9200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.9494

.reloc

MD5 5df6c470235648a65d433835a4b9b35c
SHA1 5a60d27a171674ac4219b96b721795253531bd0f
SHA256 43ba16fa284c8059a12d88fc113accdfaa11fce80fd9f3fa080ea81f1fd5497b
SHA3 c08f7c69af07cf68815ab14cd21e5793a660acd958a153120716a20994474a80
VirtualSize 0x178
VirtualAddress 0xbe000
SizeOfRawData 0x200
PointerToRawData 0xb9800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.16797

Imports

KERNEL32.dll QueryPerformanceCounter
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
WideCharToMultiByte
GetProcAddress
SetThreadContext
OpenThread
GetModuleHandleA
CreateThread
AllocConsole
GlobalLock
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
LoadLibraryA
FlushInstructionCache
GlobalUnlock
GlobalFree
GlobalAlloc
GetModuleHandleW
MultiByteToWideChar
USER32.dll SetCursorPos
SetClipboardData
ShowWindow
GetAsyncKeyState
FindWindowA
GetKeyState
GetClientRect
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
ScreenToClient
ClientToScreen
IsChild
GetCursorPos
GetForegroundWindow
LoadCursorW
SetCursor
IMM32.dll ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
D3DCOMPILER_47.dll D3DCompile
MSVCP140.dll ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
VCRUNTIME140_1.dll __CxxFrameHandler4
VCRUNTIME140.dll _CxxThrowException
__std_exception_copy
memset
__C_specific_handler
__current_exception_context
__current_exception
strchr
strstr
memmove
memcpy
__std_terminate
memcmp
memchr
__std_type_info_destroy_list
__std_exception_destroy
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
fflush
fclose
freopen_s
fseek
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
ftell
api-ms-win-crt-string-l1-1-0.dll strncmp
toupper
strcmp
strncpy
api-ms-win-crt-utility-l1-1-0.dll qsort
api-ms-win-crt-heap-l1-1-0.dll free
calloc
malloc
_callnewh
api-ms-win-crt-convert-l1-1-0.dll atof
api-ms-win-crt-runtime-l1-1-0.dll _initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_initterm_e
api-ms-win-crt-math-l1-1-0.dll pow
log
sqrtf
powf
floorf
cosf
sinf
acosf
atan2f
fmodf
logf
ceilf

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x360
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.51516
MD5 6133d34191b3631158eaf46b84c9f6f4
SHA1 9db4a422c61de5b1881feef5f07578b386594b6d
SHA256 5f0666da060d981d5589902ca714dca703a7f6e1085ed8d28f9f6f4a4394d5c7
SHA3 57dffca21850b5e2d8b6501d45dbbe117f9b98b6cad24630e09fa7c0b151cc22

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.3.3.0
ProductVersion 1.3.3.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName Tsuda Kageyu
FileDescription MinHook - The Minimalistic API Hook Library for x64/x86
FileVersion (#2) 1.3.3.0
InternalName MinHookD
LegalCopyright Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved.
LegalTrademarks Tsuda Kageyu
ProductName MinHook DLL
ProductVersion (#2) 1.3.3.0
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2025-Feb-04 12:07:55
Version 0.0
SizeofData 117
AddressOfRawData 0xa6f98
PointerToRawData 0xa5d98
Referenced File C:\Users\karag\Desktop\rustapaters\stealseriesOverlay\x64\Release\steelseries_ovrly_hook.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2025-Feb-04 12:07:55
Version 0.0
SizeofData 20
AddressOfRawData 0xa7010
PointerToRawData 0xa5e10

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Feb-04 12:07:55
Version 0.0
SizeofData 812
AddressOfRawData 0xa7024
PointerToRawData 0xa5e24

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2025-Feb-04 12:07:55
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x1800a7370
EndAddressOfRawData 0x1800a7378
AddressOfIndex 0x1800b60d0
AddressOfCallbacks 0x180092588
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1800b1010

RICH Header

XOR Key 0x7ed68913
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 14
Imports (VS2022 Update 4 (17.4.2) compiler 31935) 6
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935) 22
C objects (VS2022 Update 4 (17.4.2) compiler 31935) 8
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935) 4
Imports (30795) 13
Total imports 184
C++ objects (LTCG) (VS2022 Update 5 (17.5.0-2) compiler 32215) 14
Resource objects (VS2022 Update 5 (17.5.0-2) compiler 32215) 1
151 1
Linker (VS2022 Update 5 (17.5.0-2) compiler 32215) 1

Errors

<-- -->