General

Malware Config

Signatures

Files

• Loader.rar

  .rar

  Password: 123

• Loader/AntiCheatDisabler
• Loader/GameCheck/GameInject
• Loader/GameCheck/GameMenu
• Loader/GameCheck/GameStatus
• Loader/GameDetect
• Loader/Launcher.dll

  .dll windows:6 windows x64 arch:x64

  Password: 123

  3706de3acac2c92e06c3693f522ba68e

  
  

  Code Sign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2021 00:00

  Not After

  18-07-2024 23:59

  Subject

  CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  c5:75:0f:62:c3:7f:6f:18:93:5f:b0:60:7a:0f:8f:a4:d8:58:d8:1a

  Signer

  Actual PE Digest

  c5:75:0f:62:c3:7f:6f:18:93:5f:b0:60:7a:0f:8f:a4:d8:58:d8:1a

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  C:\build\output\Unity-Technologies\mono\msvc\build\boehm\x64\bin\Release\mono-2.0-bdwgc.pdb

  Imports

  bcrypt

  BCryptGenRandom

  ws2_32

  WSAGetLastError

  select

  __WSAFDIsSet

  htons

  getnameinfo

  getaddrinfo

  freeaddrinfo

  WSAStartup

  WSASend

  WSASetLastError

  recvfrom

  WSARecv

  sendto

  accept

  send

  socket

  connect

  recv

  ioctlsocket

  bind

  WSAIoctl

  closesocket

  ntohl

  shutdown

  listen

  WSASocketW

  inet_pton

  getpeername

  getsockname

  ntohs

  gethostname

  getsockopt

  htonl

  setsockopt

  WSAWaitForMultipleEvents

  WSACleanup

  getprotobyname

  ole32

  CoInitializeEx

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoCreateFreeThreadedMarshaler

  CoUninitialize

  CoTaskMemFree

  oleaut32

  SysStringLen

  SafeArrayPutElement

  SysFreeString

  SafeArrayGetLBound

  SafeArrayGetUBound

  SafeArrayCreate

  SysAllocStringLen

  SafeArrayDestroy

  SafeArrayPtrOfIndex

  SafeArrayGetDim

  version

  VerQueryValueW

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  advapi32

  CreateProcessWithLogonW

  GetEffectiveRightsFromAclW

  AllocateAndInitializeSid

  SetEntriesInAclW

  SetNamedSecurityInfoW

  CopySid

  GetNamedSecurityInfoW

  OpenProcessToken

  FreeSid

  DuplicateToken

  GetLengthSid

  BuildTrusteeWithSidW

  OpenThreadToken

  LookupAccountSidW

  GetTokenInformation

  EventWriteTransfer

  EventRegister

  EventUnregister

  RevertToSelf

  ImpersonateLoggedOnUser

  winmm

  timeGetDevCaps

  timeKillEvent

  timeEndPeriod

  timeSetEvent

  timeBeginPeriod

  kernel32

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetTimeFormatW

  GetDateFormatW

  GetFullPathNameW

  SetFilePointerEx

  ReadConsoleW

  FreeLibraryAndExitThread

  GetConsoleCP

  GetTimeZoneInformation

  SystemTimeToFileTime

  TzSpecificLocalTimeToSystemTime

  SetStdHandle

  SystemTimeToTzSpecificLocalTime

  PeekNamedPipe

  GetFileInformationByHandle

  GetConsoleOutputCP

  RtlPcToFileHeader

  GetUserDefaultLCID

  TlsGetValue

  InitializeCriticalSectionAndSpinCount

  InterlockedFlushSList

  InterlockedPushEntrySList

  RtlUnwindEx

  InitializeSListHead

  GetStartupInfoW

  IsProcessorFeaturePresent

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  InitializeCriticalSection

  SetUnhandledExceptionFilter

  AcquireSRWLockShared

  AddVectoredExceptionHandler

  ReleaseSRWLockShared

  RemoveVectoredExceptionHandler

  CreateFileA

  SetThreadStackGuarantee

  EnumSystemLocalesW

  HeapReAlloc

  SetConsoleCtrlHandler

  WideCharToMultiByte

  MoveFileExW

  SetConsoleMode

  GetNumberOfConsoleInputEvents

  ReadConsoleInputW

  PeekConsoleInputA

  FindFirstFileExW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetProcessHeap

  GetStringTypeW

  WriteConsoleW

  HeapSize

  EncodePointer

  ResumeThread

  MultiByteToWideChar

  FreeConsole

  GetExitCodeProcess

  GetProcessTimes

  SetProcessWorkingSetSize

  CreateProcessW

  TryAcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  RaiseException

  Sleep

  GetTickCount

  FindFirstFileW

  FindNextFileW

  FindClose

  GetFileAttributesW

  SetEnvironmentVariableW

  GetLocaleInfoEx

  GetEnvironmentVariableW

  GetLastError

  GetCurrentProcess

  GetModuleHandleExW

  GetModuleFileNameW

  K32GetModuleFileNameExW

  FormatMessageW

  K32GetModuleBaseNameW

  LoadLibraryW

  GetCurrentDirectoryW

  GetProcAddress

  LocalFree

  GetModuleHandleW

  FreeLibrary

  K32EnumProcessModules

  QueryPerformanceFrequency

  QueryPerformanceCounter

  GetCPInfoExW

  HeapCreate

  HeapFree

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionEx

  TlsAlloc

  HeapAlloc

  HeapDestroy

  InitializeSRWLock

  SetLastError

  SetErrorMode

  LoadLibraryExW

  VirtualProtect

  VirtualFree

  VirtualAlloc

  UnmapViewOfFile

  CloseHandle

  GetSystemInfo

  CreateFileMappingW

  MapViewOfFile

  VirtualQuery

  GetSystemTimes

  GetCurrentProcessId

  GetTickCount64

  GetSystemTimeAsFileTime

  IsDebuggerPresent

  SleepConditionVariableCS

  TryEnterCriticalSection

  WakeConditionVariable

  InitializeConditionVariable

  DeleteCriticalSection

  SleepConditionVariableSRW

  ReleaseSemaphore

  CreateSemaphoreW

  TlsSetValue

  WakeAllConditionVariable

  DuplicateHandle

  TlsFree

  CancelIo

  GetCurrentProcessorNumberEx

  FlushProcessWriteBuffers

  WaitForSingleObject

  GetCurrentThreadId

  SuspendThread

  RtlUnwind

  ExitThread

  CancelSynchronousIo

  GetCurrentThread

  CreateThread

  QueueUserAPC

  SwitchToThread

  GetThreadContext

  SetThreadContext

  OpenThread

  GlobalMemoryStatusEx

  CreateEventW

  SetEvent

  ResetEvent

  SignalObjectAndWait

  WaitForMultipleObjectsEx

  WaitForSingleObjectEx

  SleepEx

  GetCommandLineW

  CreateFileW

  GetSystemDirectoryW

  DisableThreadLibraryCalls

  GetFileSize

  ExitProcess

  GetVersionExW

  SetThreadPriority

  GetFileInformationByHandleEx

  SetHandleInformation

  OpenFileMappingW

  GetFileAttributesExW

  FlushViewOfFile

  DeleteFileW

  GetConsoleMode

  CreateDirectoryW

  ReadFile

  GetVolumeInformationW

  GetFileSizeEx

  GetStdHandle

  WriteFile

  RemoveDirectoryW

  SetFileTime

  LockFile

  CreatePipe

  SetFilePointer

  SetEndOfFile

  SetFileAttributesW

  GetLogicalDriveStringsW

  FileTimeToSystemTime

  GetDiskFreeSpaceExW

  CancelIoEx

  UnlockFile

  SetCurrentDirectoryW

  ReplaceFileW

  CopyFileW

  GetFileType

  MoveFileW

  GetDriveTypeW

  FlushFileBuffers

  FreeEnvironmentStringsW

  OutputDebugStringW

  GetComputerNameW

  GetEnvironmentStringsW

  GlobalAlloc

  GlobalFree

  GlobalReAlloc

  CreateMutexW

  ReleaseMutex

  OpenMutexW

  OpenSemaphoreW

  OpenEventW

  GetProcessWorkingSetSize

  SetPriorityClass

  TerminateProcess

  GetProcessId

  OpenProcess

  VerLanguageNameW

  K32GetModuleInformation

  K32EnumProcesses

  GetPriorityClass

  user32

  WaitForInputIdle

  MsgWaitForMultipleObjectsEx

  EnumWindows

  IsWindowVisible

  GetWindow

  GetWindowThreadProcessId

  MessageBoxA

  MessageBoxW

  SendMessageTimeoutW

  shell32

  SHGetFolderPathW

  ShellExecuteExW

  CommandLineToArgvW

  SHGetKnownFolderPath

  Exports

  Exports

  BrotliDecoderCreateInstance

  BrotliDecoderDecompress

  BrotliDecoderDecompressStream

  BrotliDecoderDestroyInstance

  BrotliDecoderErrorString

  BrotliDecoderGetErrorCode

  BrotliDecoderHasMoreOutput

  BrotliDecoderIsFinished

  BrotliDecoderIsUsed

  BrotliDecoderSetParameter

  BrotliDecoderTakeOutput

  BrotliDecoderVersion

  BrotliEncoderCompress

  BrotliEncoderCompressStream

  BrotliEncoderCreateInstance

  BrotliEncoderDestroyInstance

  BrotliEncoderHasMoreOutput

  BrotliEncoderIsFinished

  BrotliEncoderMaxCompressedSize

  BrotliEncoderSetParameter

  BrotliEncoderTakeOutput

  BrotliEncoderVersion

  BrotliGetDictionary

  BrotliSetDictionaryData

  MonoFixupCorEE

  burst_mono_install_hooks

  burst_mono_simulate_burst_debug_domain_reload

  burst_mono_update_tracking_pointers

  mini_get_debug_options

  mini_parse_debug_option

  mono_add_internal_call

  mono_add_internal_call_internal

  mono_add_internal_call_with_flags

  mono_aot_register_module

  mono_array_addr_with_size

  mono_array_class_get

  mono_array_clone

  mono_array_element_size

  mono_array_length

  mono_array_new

  mono_array_new_full

  mono_array_new_specific

  mono_assemblies_cleanup

  mono_assemblies_init

  mono_assembly_addref

  mono_assembly_close

  mono_assembly_fill_assembly_name

  mono_assembly_foreach

  mono_assembly_get_assemblyref

  mono_assembly_get_image

  mono_assembly_get_image_internal

  mono_assembly_get_main

  mono_assembly_get_name

  mono_assembly_get_name_internal

  mono_assembly_get_object

  mono_assembly_getrootdir

  mono_assembly_invoke_load_hook

  mono_assembly_invoke_search_hook

  mono_assembly_load

  mono_assembly_load_from

  mono_assembly_load_from_full

  mono_assembly_load_full

  mono_assembly_load_full_alc

  mono_assembly_load_module

  mono_assembly_load_module_checked

  mono_assembly_load_reference

  mono_assembly_load_references

  mono_assembly_load_with_partial_name

  mono_assembly_loaded

  mono_assembly_loaded_full

  mono_assembly_name_free

  mono_assembly_name_get_culture

  mono_assembly_name_get_name

  mono_assembly_name_get_pubkeytoken

  mono_assembly_name_get_version

  mono_assembly_name_new

  mono_assembly_name_parse

  mono_assembly_names_equal

  mono_assembly_open

  mono_assembly_open_full

  mono_assembly_set_main

  mono_assembly_setrootdir

  mono_bitset_alloc_size

  mono_bitset_clear

  mono_bitset_clear_all

  mono_bitset_clone

  mono_bitset_copyto

  mono_bitset_count

  mono_bitset_equal

  mono_bitset_find_first

  mono_bitset_find_first_unset

  mono_bitset_find_last

  mono_bitset_find_start

  mono_bitset_foreach

  mono_bitset_free

  mono_bitset_intersection

  mono_bitset_intersection_2

  mono_bitset_invert

  mono_bitset_mem_new

  mono_bitset_new

  mono_bitset_set

  mono_bitset_set_all

  mono_bitset_size

  mono_bitset_sub

  mono_bitset_test

  mono_bitset_test_bulk

  mono_bitset_union

  mono_bounded_array_class_get

  mono_breakpoint_clean_code

  mono_build_date

  mono_callspec_cleanup

  mono_callspec_eval

  mono_callspec_eval_exception

  mono_callspec_parse

  mono_check_corlib_version

  mono_class_array_element_size

  mono_class_data_size

  mono_class_describe_statics

  mono_class_enum_basetype

  mono_class_from_generic_parameter

  mono_class_from_mono_type

  mono_class_from_mono_type_internal

  mono_class_from_name

  mono_class_from_name_case

  mono_class_from_typeref

  mono_class_from_typeref_checked

  mono_class_get

  mono_class_get_byref_type

  mono_class_get_checked

  mono_class_get_context

  mono_class_get_element_class

  mono_class_get_event_token

  mono_class_get_events

  mono_class_get_field

  mono_class_get_field_from_name

  mono_class_get_field_token

  mono_class_get_fields

  mono_class_get_flags

  mono_class_get_full

  mono_class_get_image

  mono_class_get_interfaces

  mono_class_get_method_from_name

  mono_class_get_method_from_name_flags

  mono_class_get_methods

  mono_class_get_name

  mono_class_get_namespace

  mono_class_get_nested_types

  mono_class_get_nesting_type

  mono_class_get_nullable_param

  mono_class_get_parent

  mono_class_get_properties

  mono_class_get_property_from_name

  mono_class_get_property_token

  mono_class_get_rank

  mono_class_get_type

  mono_class_get_type_token

  mono_class_get_userdata

  mono_class_get_userdata_offset

  mono_class_implements_interface

  mono_class_inflate_generic_method

  mono_class_inflate_generic_type

  mono_class_init

  mono_class_instance_size

  mono_class_interface_offset

  mono_class_is_assignable_from

  mono_class_is_blittable

  mono_class_is_delegate

  mono_class_is_enum

  mono_class_is_generic

  mono_class_is_inflated

  mono_class_is_nullable

  mono_class_is_subclass_of

  mono_class_is_valid_enum

  mono_class_is_valuetype

  mono_class_min_align

  mono_class_name_from_token

  mono_class_num_events

  mono_class_num_fields

  mono_class_num_methods

  mono_class_num_properties

  mono_class_set_userdata

  mono_class_value_size

  mono_class_vtable

  mono_cli_rva_image_map

  mono_compile_method

  mono_conc_hashtable_destroy

  mono_conc_hashtable_foreach

  mono_conc_hashtable_foreach_steal

  mono_conc_hashtable_insert

  mono_conc_hashtable_lookup

  mono_conc_hashtable_new

  mono_conc_hashtable_new_full

  mono_conc_hashtable_remove

  mono_config_cleanup

  mono_config_for_assembly

  mono_config_get_cpu

  mono_config_get_os

  mono_config_get_wordsize

  mono_config_is_server_mode

  mono_config_parse

  mono_config_parse_memory

  mono_config_set_server_mode

  mono_config_string_for_assembly_file

  mono_context_get

  mono_context_get_desc

  mono_context_get_domain_id

  mono_context_get_id

  mono_context_init

  mono_context_set

  mono_counter_get_name

  mono_counter_get_section

  mono_counter_get_size

  mono_counter_get_type

  mono_counter_get_unit

  mono_counter_get_variance

  mono_counters_cleanup

  mono_counters_dump

  mono_counters_enable

  mono_counters_foreach

  mono_counters_init

  mono_counters_on_register

  mono_counters_register

  mono_counters_register_with_size

  mono_counters_sample

  mono_cpu_count

  mono_cpu_features_disabled

  mono_cpu_features_enabled

  mono_create_new_bundled_satellite_assembly

  mono_custom_attrs_construct

  mono_custom_attrs_free

  mono_custom_attrs_from_assembly

  mono_custom_attrs_from_class

  mono_custom_attrs_from_event

  mono_custom_attrs_from_field

  mono_custom_attrs_from_index

  mono_custom_attrs_from_method

  mono_custom_attrs_from_param

  mono_custom_attrs_from_property

  mono_custom_attrs_get_attr

  mono_custom_attrs_get_attrs

  mono_custom_attrs_has_attr

  mono_dangerous_add_raw_internal_call

  mono_debug_add_delegate_trampoline

  mono_debug_add_method

  mono_debug_cleanup

  mono_debug_close_image

  mono_debug_close_mono_symbol_file

  mono_debug_domain_create

  mono_debug_domain_unload

  mono_debug_enabled

  mono_debug_find_method

  mono_debug_free_locals

  mono_debug_free_method_jit_info

  mono_debug_free_source_location

  mono_debug_get_handle

  mono_debug_il_offset_from_address

  mono_debug_init

  mono_debug_lookup_locals

  mono_debug_lookup_method

  mono_debug_lookup_method_addresses

  mono_debug_lookup_source_location

  mono_debug_lookup_source_location_by_il

  mono_debug_method_lookup_location

  mono_debug_open_image_from_memory

  mono_debug_open_mono_symbols

  mono_debug_print_stack_frame

  mono_debug_print_vars

  mono_debug_remove_method

  mono_debug_symfile_free_location

  mono_debug_symfile_is_loaded

  mono_debug_symfile_lookup_locals

  mono_debug_symfile_lookup_location

  mono_debug_symfile_lookup_method

  mono_debugger_agent_init

  mono_debugger_agent_parse_options

  mono_debugger_agent_register_transport

  mono_debugger_agent_transport_handshake

  mono_debugger_disconnect

  mono_debugger_get_generate_debug_info

  mono_debugger_insert_breakpoint

  mono_debugger_install_attach_detach_callback

  mono_debugger_method_has_breakpoint

  mono_debugger_run_finally

  mono_debugger_set_generate_debug_info

  mono_declsec_flags_from_assembly

  mono_declsec_flags_from_class

  mono_declsec_flags_from_method

  mono_declsec_get_assembly_action

  mono_declsec_get_class_action

  mono_declsec_get_demands

  mono_declsec_get_inheritdemands_class

  mono_declsec_get_inheritdemands_method

  mono_declsec_get_linkdemands

  mono_declsec_get_method_action

  mono_digest_get_public_token

  mono_disasm_code

  mono_disasm_code_one

  mono_dl_fallback_register

  mono_dl_fallback_unregister

  mono_dllmap_insert

  mono_domain_assembly_foreach

  mono_domain_assembly_open

  mono_domain_create

  mono_domain_create_appdomain

  mono_domain_ensure_entry_assembly

  mono_domain_finalize

  mono_domain_foreach

  mono_domain_free

  mono_domain_from_appdomain

  mono_domain_get

  mono_domain_get_by_id

  mono_domain_get_friendly_name

  mono_domain_get_id

  mono_domain_has_type_resolve

  mono_domain_is_unloading

  mono_domain_jit_foreach

  mono_domain_owns_vtable_slot

  mono_domain_set

  mono_domain_set_config

  mono_domain_set_internal

  mono_domain_try_type_resolve

  mono_domain_try_unload

  mono_domain_unload

  mono_ee_api_version

  mono_ee_interp_init

  mono_environment_exitcode_get

  mono_environment_exitcode_set

  mono_error_cleanup

  mono_error_get_error_code

  mono_error_get_message

  mono_error_init

  mono_error_init_flags

  mono_error_ok

  mono_escape_uri_string

  mono_event_get_add_method

  mono_event_get_flags

  mono_event_get_name

  mono_event_get_object

  mono_event_get_parent

  mono_event_get_raise_method

  mono_event_get_remove_method

  mono_exception_from_name

  mono_exception_from_name_domain

  mono_exception_from_name_msg

  mono_exception_from_name_two_strings

  mono_exception_from_token

  mono_exception_from_token_two_strings

  mono_exception_walk_trace

  mono_field_from_token

  mono_field_full_name

  mono_field_get_data

  mono_field_get_flags

  mono_field_get_name

  mono_field_get_object

  mono_field_get_offset

  mono_field_get_parent

  mono_field_get_type

  mono_field_get_value

  mono_field_get_value_object

  mono_field_set_value

  mono_field_static_get_value

  mono_field_static_set_value

  mono_file_map

  mono_file_map_close

  mono_file_map_error

  mono_file_map_fd

  mono_file_map_open

  mono_file_map_size

  mono_file_unmap

  mono_free

  mono_free_bstr

  mono_free_method

  mono_free_verify_list

  mono_g_hash_table_destroy

  mono_g_hash_table_find

  mono_g_hash_table_foreach

  mono_g_hash_table_foreach_remove

  mono_g_hash_table_insert

  mono_g_hash_table_lookup

  mono_g_hash_table_lookup_extended

  mono_g_hash_table_new_type

  mono_g_hash_table_print_stats

  mono_g_hash_table_remove

  mono_g_hash_table_replace

  mono_g_hash_table_size

  mono_gc_collect

  mono_gc_collect_a_little

  mono_gc_collection_count

  mono_gc_finalize_notify

  mono_gc_get_generation

  mono_gc_get_heap_size

  mono_gc_get_max_time_slice_ns

  mono_gc_get_used_size

  mono_gc_init_finalizer_thread

  mono_gc_invoke_finalizers

  mono_gc_is_incremental

  mono_gc_max_generation

  mono_gc_pending_finalizers

  mono_gc_reference_queue_add

  mono_gc_reference_queue_free

  mono_gc_reference_queue_new

  mono_gc_register_finalizer_callbacks

  mono_gc_register_root

  mono_gc_set_incremental

  mono_gc_set_max_time_slice_ns

  mono_gc_start_incremental_collection

  mono_gc_toggleref_add

  mono_gc_toggleref_register_callback

  mono_gc_walk_heap

  mono_gc_wbarrier_arrayref_copy

  mono_gc_wbarrier_generic_nostore

  mono_gc_wbarrier_generic_store

  mono_gc_wbarrier_generic_store_atomic

  mono_gc_wbarrier_object_copy

  mono_gc_wbarrier_set_arrayref

  mono_gc_wbarrier_set_field

  mono_gc_wbarrier_value_copy

  mono_gchandle_free

  mono_gchandle_free_v2

  mono_gchandle_get_target

  mono_gchandle_get_target_v2

  mono_gchandle_is_in_domain

  mono_gchandle_is_in_domain_v2

  mono_gchandle_new

  mono_gchandle_new_v2

  mono_gchandle_new_weakref

  mono_gchandle_new_weakref_v2

  mono_get_array_class

  mono_get_boolean_class

  mono_get_byte_class

  mono_get_char_class

  mono_get_config_dir

  mono_get_corlib

  mono_get_dbnull_object

  mono_get_delegate_begin_invoke

  mono_get_delegate_end_invoke

  mono_get_delegate_invoke

  mono_get_double_class

  mono_get_enum_class

  mono_get_exception_appdomain_unloaded

  mono_get_exception_argument

  mono_get_exception_argument_null

  mono_get_exception_argument_out_of_range

  mono_get_exception_arithmetic

  mono_get_exception_array_type_mismatch

  mono_get_exception_bad_image_format

  mono_get_exception_bad_image_format2

  mono_get_exception_cannot_unload_appdomain

  mono_get_exception_class

  mono_get_exception_divide_by_zero

  mono_get_exception_execution_engine

  mono_get_exception_field_access

  mono_get_exception_file_not_found

  mono_get_exception_file_not_found2

  mono_get_exception_index_out_of_range

  mono_get_exception_invalid_cast

  mono_get_exception_invalid_operation

  mono_get_exception_io

  mono_get_exception_method_access

  mono_get_exception_missing_field

  mono_get_exception_missing_method

  mono_get_exception_not_implemented

  mono_get_exception_not_supported

  mono_get_exception_null_reference

  mono_get_exception_out_of_memory

  mono_get_exception_overflow

  mono_get_exception_reflection_type_load

  mono_get_exception_runtime_wrapped

  mono_get_exception_security

  mono_get_exception_serialization

  mono_get_exception_stack_overflow

  mono_get_exception_synchronization_lock

  mono_get_exception_thread_abort

  mono_get_exception_thread_interrupted

  mono_get_exception_thread_state

  mono_get_exception_type_initialization

  mono_get_exception_type_load

  mono_get_find_plugin_callback

  mono_get_inflated_method

  mono_get_int16_class

  mono_get_int32_class

  mono_get_int64_class

  mono_get_intptr_class

  mono_get_machine_config

  mono_get_method

  mono_get_method_constrained

  mono_get_method_full

  mono_get_object_class

  mono_get_root_domain

  mono_get_runtime_build_info

  mono_get_sbyte_class

  mono_get_single_class

  mono_get_string_class

  mono_get_thread_class

  mono_get_uint16_class

  mono_get_uint32_class

  mono_get_uint64_class

  mono_get_uintptr_class

  mono_get_void_class

  mono_guid_to_string

  Sections

  .text

  Size: 5.5MB - Virtual size: 5.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 15KB - Virtual size: 2.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 222KB - Virtual size: 221KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 244B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Loader/Loader.exe

  .exe windows:4 windows x86 arch:x86

  Password: 123

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Loader/Updater/Updater
• Loader/Updater/web.config

  .xml
• Loader/config
• Loader/mainf.dll

  .dll windows:4 windows x86 arch:x86

  Password: 123

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  C:\Users\86155\source\repos\AAAAAAA\mainf\obj\Release\mainf.pdb

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 856B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Loader/mconfig/config.xml

  .xml