| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2024-Feb-17 02:59:13 |
| Detected languages |
English - United States
|
| Debug artifacts |
Q:\C++\Usermode Projects\immunity-gta5\x64\Release\immunity-gta5.pdb
|
| Info | Matching compiler(s): | MASM/TASM - sig1(h) |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
| Malicious | The PE contains functions mostly used by malware. |
Functions which can be used for anti-debugging purposes:
|
| Malicious | VirusTotal score: 5/71 (Scanned on 2024-03-21 08:13:27) |
CrowdStrike:
win/malicious_confidence_90% (D)
Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS McAfee: Artemis!F49C44EE86E3 Skyhigh: Artemis |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 6 |
| TimeDateStamp | 2024-Feb-17 02:59:13 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0xd0000 |
| SizeOfInitializedData | 0x32600 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00000000000CC864 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x180000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x106000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| d3dx11_43.dll |
D3DX11CreateShaderResourceViewFromMemory
|
|---|---|
| KERNEL32.dll |
GlobalLock
GlobalFree QueryPerformanceCounter QueryPerformanceFrequency CreateDirectoryA GetLastError IsThreadAFiber Sleep GetCurrentProcess CreateThread ResumeThread GetThreadContext SetThreadContext GetTickCount64 VirtualProtect FreeLibraryAndExitThread GetModuleHandleA GetProcAddress SwitchToFiber DeleteFiber CreateFiber ConvertThreadToFiber IsBadReadPtr FreeConsole EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionAndSpinCount DeleteCriticalSection SetEvent ResetEvent GlobalUnlock CreateEventW GetModuleHandleW RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent InitializeSListHead IsDebuggerPresent GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime LocalFree FormatMessageA CreateDirectoryW CreateFileW FindClose FindFirstFileExW FindNextFileW GetFileAttributesExW OpenThread FlushInstructionCache GlobalAlloc VirtualFree GetSystemInfo VirtualAlloc WaitForSingleObjectEx VirtualQuery HeapAlloc HeapReAlloc AreFileApisANSI GetFileInformationByHandleEx MultiByteToWideChar WideCharToMultiByte HeapCreate HeapFree Thread32Next Thread32First SuspendThread CreateToolhelp32Snapshot CloseHandle |
| USER32.dll |
GetClipboardData
EmptyClipboard IsChild GetKeyState GetCapture CloseClipboard ReleaseCapture GetForegroundWindow GetClientRect SetCursorPos SetCursor GetCursorPos SetClipboardData OpenClipboard SetCapture ClientToScreen GetWindowInfo SetWindowLongPtrA GetWindowLongPtrA GetAsyncKeyState ScreenToClient DestroyWindow CreateWindowExA RegisterClassExA UnregisterClassA CallWindowProcA DefWindowProcA LoadCursorA |
| SHELL32.dll |
SHGetSpecialFolderLocation
SHGetPathFromIDListA |
| ole32.dll |
CoTaskMemFree
|
| IMM32.dll |
ImmReleaseContext
ImmGetContext ImmSetCompositionWindow |
| D3DCOMPILER_43.dll |
D3DCompile
|
| XINPUT1_3.dll |
#4
#2 |
| MSVCP140.dll |
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??0_Lockit@std@@QEAA@H@Z ??1_Lockit@std@@QEAA@XZ ?_Xinvalid_argument@std@@YAXPEBD@Z ?uncaught_exception@std@@YA_NXZ _Xtime_get_ticks _Query_perf_counter _Query_perf_frequency _Thrd_detach _Thrd_sleep _Cnd_do_broadcast_at_thread_exit ?_Throw_C_error@std@@YAXH@Z ?_Throw_Cpp_error@std@@YAXH@Z ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ ?_Winerror_map@std@@YAHH@Z ??Bid@locale@std@@QEAA_KXZ ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ ?always_noconv@codecvt_base@std@@QEBA_NXZ ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ ?_Xbad_function_call@std@@YAXXZ ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ ?_Xbad_alloc@std@@YAXXZ ?_Xlength_error@std@@YAXPEBD@Z ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z ?_Xout_of_range@std@@YAXPEBD@Z ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ ?_Syserror_map@std@@YAPEBDH@Z ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ |
| d3d11.dll |
D3D11CreateDeviceAndSwapChain
|
| VCRUNTIME140.dll |
__std_terminate
strstr memchr memcpy memmove memset strchr memcmp __std_exception_copy _CxxThrowException __C_specific_handler __current_exception __current_exception_context __std_type_info_destroy_list __std_exception_destroy |
| VCRUNTIME140_1.dll |
__CxxFrameHandler4
|
| api-ms-win-crt-string-l1-1-0.dll |
strcmp
strncpy strcpy_s toupper tolower |
| api-ms-win-crt-stdio-l1-1-0.dll |
fflush
fread _get_stream_buffer_pointers fgetpos __acrt_iob_func fputc fsetpos _fseeki64 setvbuf ungetc __stdio_common_vsprintf_s fseek ftell fgetc fwrite __stdio_common_vfprintf __stdio_common_vsprintf _wfopen __stdio_common_vsscanf fclose |
| api-ms-win-crt-heap-l1-1-0.dll |
malloc
_callnewh free |
| api-ms-win-crt-utility-l1-1-0.dll |
rand
qsort |
| api-ms-win-crt-math-l1-1-0.dll |
floor
pow cos fmodf asinf ceilf floorf _dsign _dclass cosf powf sin sinf sqrtf atan2f acosf |
| api-ms-win-crt-convert-l1-1-0.dll |
strtoul
strtoull strtod atof strtoll strtol |
| api-ms-win-crt-runtime-l1-1-0.dll |
_seh_filter_dll
_configure_narrow_argv _initterm_e _initterm _cexit _crt_atexit _execute_onexit_table _initialize_narrow_environment _register_onexit_function _beginthreadex _initialize_onexit_table terminate _invalid_parameter_noinfo_noreturn _errno |
| api-ms-win-crt-filesystem-l1-1-0.dll |
_unlock_file
_lock_file rename |
| api-ms-win-crt-time-l1-1-0.dll |
_localtime64
strftime _time64 |
| api-ms-win-crt-locale-l1-1-0.dll |
___lc_codepage_func
localeconv |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-Feb-17 02:59:13 |
| Version | 0.0 |
| SizeofData | 93 |
| AddressOfRawData | 0xe6570 |
| PointerToRawData | 0xe5970 |
| Referenced File | Q:\C++\Usermode Projects\immunity-gta5\x64\Release\immunity-gta5.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-Feb-17 02:59:13 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0xe65d0 |
| PointerToRawData | 0xe59d0 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-Feb-17 02:59:13 |
| Version | 0.0 |
| SizeofData | 872 |
| AddressOfRawData | 0xe65e4 |
| PointerToRawData | 0xe59e4 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-Feb-17 02:59:13 |
| Version | 0.0 |
| SizeofData | 0 |
| AddressOfRawData | 0 |
| PointerToRawData | 0 |
| StartAddressOfRawData | 0x1800e6970 |
|---|---|
| EndAddressOfRawData | 0x1800e6978 |
| AddressOfIndex | 0x1800fd230 |
| AddressOfCallbacks | 0x1800d1ab0 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x138 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x1800f6768 |
| XOR Key | 0x3137b6e3 |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 20 |
| C objects (LTCG) (VS2019 Update 11 (16.11.16-17) compiler 30146) | 4 |
| Imports (30034) | 6 |
| Imports (VS2010 build 30319) | 2 |
| C++ objects (30034) | 24 |
| C objects (30034) | 8 |
| ASM objects (30034) | 4 |
| Imports (27412) | 12 |
| Imports (21202) | 7 |
| Total imports | 311 |
| C++ objects (VS2019 Update 11 (16.11.16-17) compiler 30146) | 8 |
| Resource objects (VS2019 Update 11 (16.11.16-17) compiler 30146) | 1 |
| Linker (VS2019 Update 11 (16.11.16-17) compiler 30146) | 1 |