| filename | steam_api.dll | |
|---|---|---|
| size | 250176 (0x3d140) | |
| md5 | c928fbf1fa85c9fb3c87cc309efa136a | |
| type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xf8 |
Rich Header
| lib id | version | times used |
|---|---|---|
| 225 | 21005 | 71 |
| 223 | 21005 | 30 |
| 224 | 21005 | 232 |
| 203 | 65501 | 17 |
| 1 | 0 | 141 |
| 229 | 40629 | 51 |
| 220 | 40629 | 1 |
| 219 | 21005 | 1 |
| 222 | 40629 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
UPX v2.00-V2.90 (Markus Oberhumer & Laszlo Molnar & John Reiser) This file is packed with UPX. Analysis will be incomplete without unpacking. |
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| WUS0 | 0x1000 | 0x6d000 | 0 | RWX UDATA | |
| WUS1 | 0x6e000 | 0x3b000 | 0x3ae00 | RWX IDATA | |
| .rsrc | 0xa9000 | 0x2000 | 0x1a00 | RW- IDATA |
Data Directory
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.DLL | LoadLibraryA | ||
| KERNEL32.DLL | GetProcAddress | ||
| KERNEL32.DLL | VirtualProtect | ||
| KERNEL32.DLL | VirtualAlloc | ||
| KERNEL32.DLL | VirtualFree | ||
| ADVAPI32.dll | RegCloseKey | ||
| ntdll.dll | RtlUnwind | ||
| PSAPI.DLL | EnumProcessModules | ||
| SHELL32.dll | SHGetFolderPathA | ||
| SHLWAPI.dll | PathFileExistsW | ||
| USER32.dll | MessageBoxA | ||
| WS2_32.dll | 115 |
StringTable 040904B0
| LegalCopyright | Copyright (C) NisCkxU544c |
| InternalName | Steam Client API |
| FileVersion | 01.0.0.95 |
| CompanyName | Valve Corporation |
| ProductVersion | 01.00.00.01 |
| FileDescription | Steam Client API (buildbot_winslave007@WUS) |
| Source Control ID | 1337110 |
| OriginalFilename | steam_api.dll |
| ProductName | Steam Client API |
StringTable 040904B0
| CompanyName | Valve Corporation |
| FileDescription | Steam Client API |
| FileVersion | 1, 0, 0, 1 |
| InternalName | Steam Client API |
| LegalCopyright | Copyright (C) 2007 |
| OriginalFilename | steam_api.dll |
| ProductName | Steam Client API |
| ProductVersion | 1, 0, 0, 1 |
VS_FIXEDFILEINFO
| FileVersion | 1.0.0.95 |
| ProductVersion | 1.0.0.1 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x17 |
| FileFlags | 0 |
| FileOS | 4 |
| FileType | 2 |
| FileSubtype | 0 |
VS_FIXEDFILEINFO
| FileVersion | 1.0.0.1 |
| ProductVersion | 1.0.0.1 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x17 |
| FileFlags | 0 |
| FileOS | 4 |
| FileType | 2 |
| FileSubtype | 0 |
Signers (1)
issuer: /CN=\x00W\x00U\x00S\x00!
serial: 473D2A7861AD04BD4C92C8C2DFE090AD
Certificates (1)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:3d:2a:78:61:ad:04:bd:4c:92:c8:c2:df:e0:90:ad
Signature Algorithm: sha1WithRSA
Issuer: CN=\x00W\x00U\x00S\x00!
Validity
Not Before: Jun 30 22:00:00 2014 GMT
Not After : Dec 31 22:00:00 2087 GMT
Subject: CN=\x00W\x00U\x00S\x00!
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:be:b6:99:cc:dc:bd:e1:b8:e7:de:08:a2:a4:
54:41:e5:39:d0:3e:2f:53:21:49:4d:64:c6:e8:f5:
c7:51:2d:ab:71:12:ea:02:99:a7:b0:14:11:84:e1:
fe:e4:8d:b7:ff:91:cb:ab:f1:d3:2e:ba:3b:39:a8:
bf:55:5b:71:05:9d:6f:e2:eb:a9:84:73:6b:cc:69:
f2:0e:d3:ed:24:0c:2e:64:da:1b:f4:ea:a6:e9:a1:
38:71:39:0c:23:57:6a:fb:40:d4:db:15:54:e2:63:
da:92:fa:94:ad:d1:fe:6a:8a:b3:fd:28:73:62:08:
12:01:b7:5d:89:cc:30:b7:aa:63:10:ce:68:5c:05:
b5:37:b2:07:33:e9:cb:54:7b:13:e8:f9:4d:dd:31:
e6:ec:45:e1:5d:6b:a3:88:97:cd:c7:b6:64:fa:11:
d0:08:85:35:9c:20:54:c7:f4:85:85:c9:78:8c:4a:
1f:94:97:f8:a1:dd:97:9b:0c:88:f7:f4:bd:85:24:
cd:11:4a:82:ce:4a:19:d9:12:b0:ea:a5:61:f8:0a:
52:40:68:10:e9:ce:69:4c:17:9f:23:e8:1b:e2:b4:
9b:35:40:0d:3b:d4:bc:fe:bb:fb:96:4e:07:82:3d:
b8:b8:75:95:5c:5d:98:6a:a3:40:2e:5e:8c:7d:55:
7b:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
2.5.29.1:
0;..Q.;...s.$.........0.1.0...U.....W.U.S.!..G=*xa...L.......
Signature Algorithm: sha1WithRSA
0b:15:42:90:d8:8e:b1:4c:98:ef:b3:8b:5f:d7:23:1b:db:02:
c7:db:d3:4c:48:ac:36:72:7f:7f:81:96:98:31:ae:0b:5e:8f:
84:9f:d9:b8:6d:62:e8:a4:3f:68:05:5c:9b:10:2f:00:25:e7:
70:ab:11:79:e0:0c:d4:8e:94:76:a0:8b:75:eb:b7:3b:8e:03:
86:cd:7c:2f:06:e1:65:9f:c8:88:08:59:bb:bf:d2:e8:56:33:
a9:96:84:c4:e1:3c:44:f0:09:67:f3:10:3f:05:0b:b7:8b:7e:
15:fe:41:0a:96:27:7a:fe:f9:cc:da:6f:41:53:da:89:ff:12:
42:eb:e3:85:25:84:4a:a6:77:14:94:20:2d:d7:6e:be:56:7d:
02:7b:b0:51:63:e3:9c:29:20:9a:d9:c0:e9:c2:74:95:6d:a0:
b0:7e:df:70:2a:6c:29:a1:d9:9a:1f:57:c8:19:d7:9d:31:34:
bf:23:10:65:fd:c2:9a:0e:86:77:8c:fa:07:29:25:3c:9e:70:
5d:03:9e:0d:a5:02:44:11:27:9c:42:89:3e:e9:9d:e2:4a:01:
9c:d3:32:6c:43:47:67:6f:b6:af:6b:42:6f:3c:d0:97:2b:b7:
2f:75:21:06:4d:8f:2e:8c:f9:08:ca:d5:3f:2c:c7:29:b0:c4:
b1:be:d8:79pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
cb fe a1 fb 31 c5 96 fc 37 e6 90 7c e3 d4 f4 3b |....1...7..|...;| 5d 4f 0a e8 |]O.. |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- 47:3D:2A:78:61:AD:04:BD:4C:92:C8:C2:DF:E0:90:AD
- RSA-SHA1-2: nil
- CN:
00 57 00 55 00 53 00 21 |.W.U.S.! |
- 2014-06-30 22:00:00 UTC: 2087-12-31 22:00:00 UTC
- CN:
00 57 00 55 00 53 00 21 |.W.U.S.! |
- #5
- rsaEncryption: nil
- 8D:BE:B6:99:CC:DC:BD:E1:B8:E7:DE:08:A2:A4:54:41:
E5:39:D0:3E:2F:53:21:49:4D:64:C6:E8:F5:C7:51:2D:
AB:71:12:EA:02:99:A7:B0:14:11:84:E1:FE:E4:8D:B7:
FF:91:CB:AB:F1:D3:2E:BA:3B:39:A8:BF:55:5B:71:05:
9D:6F:E2:EB:A9:84:73:6B:CC:69:F2:0E:D3:ED:24:0C:
2E:64:DA:1B:F4:EA:A6:E9:A1:38:71:39:0C:23:57:6A:
FB:40:D4:DB:15:54:E2:63:DA:92:FA:94:AD:D1:FE:6A:
8A:B3:FD:28:73:62:08:12:01:B7:5D:89:CC:30:B7:AA:
63:10:CE:68:5C:05:B5:37:B2:07:33:E9:CB:54:7B:13:
E8:F9:4D:DD:31:E6:EC:45:E1:5D:6B:A3:88:97:CD:C7:
B6:64:FA:11:D0:08:85:35:9C:20:54:C7:F4:85:85:C9:
78:8C:4A:1F:94:97:F8:A1:DD:97:9B:0C:88:F7:F4:BD:
85:24:CD:11:4A:82:CE:4A:19:D9:12:B0:EA:A5:61:F8:
0A:52:40:68:10:E9:CE:69:4C:17:9F:23:E8:1B:E2:B4:
9B:35:40:0D:3B:D4:BC:FE:BB:FB:96:4E:07:82:3D:B8:
B8:75:95:5C:5D:98:6A:A3:40:2E:5E:8C:7D:55:7B:C5: 0x010001
- 2.5.29.1
51 d9 3b f4 ad e9 73 c8 24 e9 af 14 10 a9 02 b2 |Q.;...s.$.......|
- CN:
00 57 00 55 00 53 00 21 |.W.U.S.! |
47 3d 2a 78 61 ad 04 bd 4c 92 c8 c2 df e0 90 ad |G=*xa...L.......|
- CN:
- RSA-SHA1-2:
0b 15 42 90 d8 8e b1 4c 98 ef b3 8b 5f d7 23 1b |..B....L...._.#.| db 02 c7 db d3 4c 48 ac 36 72 7f 7f 81 96 98 31 |.....LH.6r.....1| ae 0b 5e 8f 84 9f d9 b8 6d 62 e8 a4 3f 68 05 5c |..^.....mb..?h.\| 9b 10 2f 00 25 e7 70 ab 11 79 e0 0c d4 8e 94 76 |../.%.p..y.....v| a0 8b 75 eb b7 3b 8e 03 86 cd 7c 2f 06 e1 65 9f |..u..;....|/..e.| c8 88 08 59 bb bf d2 e8 56 33 a9 96 84 c4 e1 3c |...Y....V3.....<| 44 f0 09 67 f3 10 3f 05 0b b7 8b 7e 15 fe 41 0a |D..g..?....~..A.| 96 27 7a fe f9 cc da 6f 41 53 da 89 ff 12 42 eb |.'z....oAS....B.| e3 85 25 84 4a a6 77 14 94 20 2d d7 6e be 56 7d |..%.J.w.. -.n.V}| 02 7b b0 51 63 e3 9c 29 20 9a d9 c0 e9 c2 74 95 |.{.Qc..) .....t.| 6d a0 b0 7e df 70 2a 6c 29 a1 d9 9a 1f 57 c8 19 |m..~.p*l)....W..| d7 9d 31 34 bf 23 10 65 fd c2 9a 0e 86 77 8c fa |..14.#.e.....w..| 07 29 25 3c 9e 70 5d 03 9e 0d a5 02 44 11 27 9c |.)%<.p].....D.'.| 42 89 3e e9 9d e2 4a 01 9c d3 32 6c 43 47 67 6f |B.>...J...2lCGgo| b6 af 6b 42 6f 3c d0 97 2b b7 2f 75 21 06 4d 8f |..kBo<..+./u!.M.| 2e 8c f9 08 ca d5 3f 2c c7 29 b0 c4 b1 be d8 79 |......?,.).....y|
- 2
- 1
- #0
- CN:
00 57 00 55 00 53 00 21 |.W.U.S.! |
- 47:3D:2A:78:61:AD:04:BD:4C:92:C8:C2:DF:E0:90:AD
- CN:
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
7c b2 64 ee 3b e1 49 40 0f 0e 84 a7 de c6 c6 ec ||.d.;.I@........| 18 eb 61 3f |..a? |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
86 45 28 2f 53 65 3d 80 f5 95 70 3a 62 af 44 1f |.E(/Se=...p:b.D.| 9e 1b c3 b3 e6 a1 a8 87 81 8f 16 89 47 12 cf b4 |............G...| 13 5c 28 ba 69 3f 53 0b 71 f7 00 64 fa 78 62 b8 |.\(.i?S.q..d.xb.| 00 ed df 47 b0 72 92 c1 a6 cd 3b 33 47 95 fc d3 |...G.r....;3G...| 6b 17 8a 50 03 cf ab 99 b7 5b 94 21 61 3d 01 59 |k..P.....[.!a=.Y| f1 bc d6 fc 31 d8 7c 5b 6b 3f 62 1c de f8 62 b3 |....1.|[k?b...b.| 6b f3 27 12 96 52 c7 75 45 2c 99 9e c0 71 d4 19 |k.'..R.uE,...q..| ec 01 17 14 2e ec 15 0f 4e 1b ad 91 3a 4f 8f b7 |........N...:O..| 3a 75 1c fc a5 52 72 8c f6 43 cc 9b 65 92 49 54 |:u...Rr..C..e.IT| f8 96 1e d3 54 92 f8 fc 11 97 b6 7a a9 f7 76 73 |....T......z..vs| 89 70 37 3c 01 28 f8 28 51 84 8c 3f 81 dc 57 0b |.p7<.(.(Q..?..W.| 79 41 d6 c1 4a 4f d4 d7 12 3f 07 29 6d c7 9d 8c |yA..JO...?.)m...| 4e 4a 7c 9b 09 7d 9a 29 2d 03 24 2e 97 72 b6 ed |NJ|..}.)-.$..r..| 62 14 90 e9 69 d6 af f6 2d 2d 03 85 6f 87 04 d5 |b...i...--..o...| 53 ec 88 8c 86 2b 25 92 12 a4 c2 b5 89 c5 26 3c |S....+%.......&<| 48 16 78 89 75 67 85 53 ce 21 49 39 d4 a4 4b 4f |H.x.ug.S.!I9..KO|
- #0
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK