popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-04 07:21:57

PDB Path

C:\Users\Cheat\Desktop\исходы\loader\spoofer\spoofer-failzilla\Loader Base\x64\Release\Loader Base.pdb

PE Imphash

40c2acd8a8a0ca9408aab7b3d840b5c3

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000318a 0x00003200 6.05963787729
.rdata 0x00005000 0x00002952 0x00002a00 4.72314280872
.data 0x00008000 0x00000720 0x00000200 2.02987684877
.pdata 0x00009000 0x000003c0 0x00000400 3.91048768052
.rsrc 0x0000a000 0x000001e0 0x00000200 4.70150325825
.reloc 0x0000b000 0x00000058 0x00000200 1.24740886582

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x0000a060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x140005000 GetStdHandle
0x140005008 Sleep
0x140005010 GetCurrentProcess
0x140005018 GetLastError
0x140005020 SetConsoleCursorInfo
0x140005028 SetConsoleTitleA
0x140005030 SetConsoleCursorPosition
0x140005038 RtlLookupFunctionEntry
0x140005040 RtlVirtualUnwind
0x140005048 UnhandledExceptionFilter
0x140005058 TerminateProcess
0x140005068 SetConsoleTextAttribute
0x140005078 IsDebuggerPresent
0x140005080 GetModuleHandleW
0x140005088 QueryPerformanceCounter
0x140005090 GetCurrentProcessId
0x140005098 GetCurrentThreadId
0x1400050a0 GetSystemTimeAsFileTime
0x1400050a8 InitializeSListHead
0x1400050b0 RtlCaptureContext
Library USER32.dll:
0x140005140 FindWindowA
Library MSVCP140.dll:
Library WININET.dll:
0x1400051b8 HttpOpenRequestW
0x1400051c0 InternetOpenW
0x1400051c8 DeleteUrlCacheEntry
0x1400051d0 InternetReadFile
0x1400051d8 InternetConnectW
0x1400051e0 HttpSendRequestW
Library urlmon.dll:
0x140005358 URLDownloadToFileA
Library VCRUNTIME140_1.dll:
0x1400051a8 __CxxFrameHandler4
Library VCRUNTIME140.dll:
0x140005150 __C_specific_handler
0x140005158 __std_exception_copy
0x140005160 __current_exception
0x140005170 memset
0x140005178 __std_exception_destroy
0x140005180 __std_terminate
0x140005188 _CxxThrowException
0x140005190 memcpy
0x140005198 memmove
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x140005258 _configure_narrow_argv
0x140005260 _initterm_e
0x140005268 __p___argv
0x140005280 __p___argc
0x140005288 _exit
0x140005290 _set_app_type
0x140005298 terminate
0x1400052a0 _seh_filter_exe
0x1400052a8 _cexit
0x1400052b8 _crt_atexit
0x1400052c0 system
0x1400052d8 _c_exit
0x1400052e0 _initialize_onexit_table
0x1400052e8 exit
0x1400052f0 _initterm
Library api-ms-win-crt-utility-l1-1-0.dll:
0x140005340 srand
0x140005348 rand
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x140005300 _fileno
0x140005308 _set_fmode
0x140005310 __acrt_iob_func
0x140005318 _isatty
0x140005320 __p__commode
Library api-ms-win-crt-filesystem-l1-1-0.dll:
0x140005200 remove
Library api-ms-win-crt-conio-l1-1-0.dll:
0x1400051f0 _getch
Library api-ms-win-crt-time-l1-1-0.dll:
0x140005330 _time64
Library api-ms-win-crt-heap-l1-1-0.dll:
0x140005210 _set_new_mode
0x140005218 _callnewh
0x140005220 malloc
0x140005228 free
Library api-ms-win-crt-math-l1-1-0.dll:
0x140005248 __setusermatherr
Library api-ms-win-crt-locale-l1-1-0.dll:
0x140005238 _configthreadlocale
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
f#T$(f
@SUWAVAWH
A_A^_][
A_A^_][
VWATAVAWH
0A_A^A\_^
@VWAWH
UVWATAUAVAWH
CD$`fD
L$xH;G
A_A^A]A\_^]
t$@r:H
@SVATAUH
8A]A\^[
@SVAVAWH
(A_A^^[
u0HcH<H
H3E H3E
bad allocation
Unknown exception
bad array new length
string too long
version.php
shack.ru.com
1. Spoofer Warface - Undetected
2. Spoofer Warface - Detected
3. Apex Cleaner - Undetected
4. For the anti-cheat EAC - Undetected (we recommend it)
c://Windows//SoftwareDistribution//Download//warface.exe
https://cheat-market.ru/3UKGjt0ZjA79n1C9/spoofer/warface.exe
C:\Windows\SoftwareDistribution\Download\warface.exe
Warface Spoofer
c://Windows//SoftwareDistribution//Download//warface1.exe
https://cheat-market.ru/3UKGjt0ZjA79n1C9/spoofer/warface1.exe
C:\Windows\SoftwareDistribution\Download\warface1.exe
c://Windows//SoftwareDistribution//Download//apex_cleaner.bat
https://cheat-market.ru/3UKGjt0ZjA79n1C9/spoofer/apex_cleaner.bat
C:\Windows\SoftwareDistribution\Download\apex_cleaner.bat
Apex Cleaner
c://Windows//SoftwareDistribution//Download//EAC.exe
https://cheat-market.ru/3UKGjt0ZjA79n1C9/spoofer/EAC.exe
c://Windows//SoftwareDistribution//Download//EAC.sys
https://cheat-market.ru/3UKGjt0ZjA79n1C9/spoofer/EAC.sys
c://Windows//SoftwareDistribution//Download//EAC.vbs
https://cheat-market.ru/3UKGjt0ZjA79n1C9/spoofer/EAC.vbs
C:\Windows\SoftwareDistribution\Download\EAC.exe
For the anti-cheat EAC Spoofer
0123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM
InternetOpenW failed(hInternet):
InternetConnectW failed(hConnect == NULL):
HttpOpenRequestW failed(hRequest == NULL):
!bRequestSent HttpSendRequestW failed with error code
//---SHACK SPOOFER---\
Before using HWID Spoofer, we strongly recommend:
1) First of all, reinstall your Windows
2) If the router has a dynamic IP, then restart it too
3) Delete the old folder with the game, and install it again
C:\Users\Cheat\Desktop\
\loader\spoofer\spoofer-failzilla\Loader Base\x64\Release\Loader Base.pdb
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
.rsrc$01
.rsrc$02
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
GetCurrentProcess
GetLastError
SetConsoleCursorInfo
SetConsoleCursorPosition
KERNEL32.dll
FindWindowA
USER32.dll
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?iword@ios_base@std@@QEAAAEAJH@Z
?xalloc@ios_base@std@@SAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
MSVCP140.dll
HttpOpenRequestW
InternetOpenW
DeleteUrlCacheEntry
HttpSendRequestW
InternetConnectW
InternetReadFile
WININET.dll
URLDownloadToFileA
urlmon.dll
__CxxFrameHandler4
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memset
VCRUNTIME140_1.dll
VCRUNTIME140.dll
__acrt_iob_func
remove
_getch
system
_isatty
_fileno
_time64
_invalid_parameter_noinfo_noreturn
_callnewh
malloc
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_get_initial_narrow_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
terminate
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-conio-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
memcpy
memmove
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
text/*
Antivirus Signature
Bkav Clean
Lionic Trojan.Multi.Generic.4!c
Elastic Clean
MicroWorld-eScan Trojan.GenericKD.46932929
FireEye Trojan.GenericKD.46932929
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.46932929
Cylance Clean
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Trojan.GenericKD.46932929
K7GW Clean
CrowdStrike win/malicious_confidence_70% (W)
Arcabit Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Baidu Clean
APEX Clean
Paloalto Clean
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Trojan.GenericKD.46932929
TACHYON Clean
Emsisoft Trojan.GenericKD.46932929 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Artemis
CMC Clean
Sophos Clean
Ikarus Clean
Jiangmin Clean
eGambit Clean
Avira Clean
Antiy-AVL Clean
Gridinsoft Clean
Microsoft Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Trojan.GenericKD.46932929
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!D8A7C6CB35FC
MAX malware (ai score=89)
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
Webroot Clean
Cybereason Clean
Avast Clean
No IRMA results available.