gamesense[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

gamesense.dll
Size

10.7MB
MD5

07687dba6004a517cd6f954bef272328
SHA1

8281d2d45ab068bac278802b4a6516cc405dbd37
SHA256

219f3805d14e92696afb3fcda3d669486c738660df80c6b1ae4b598e9ddb50ad
SHA512

866830dfa72294b6cba84902e985d2afd62521b499f39c585dd90fe981bc4310b39bb062a64cbd1bbaa14b3bfe9f8f7d6079f2fa678a51aac6ee7b49c976972f
SSDEEP

196608:3jqACRRgWQivZBLWcDkjkU/WrC0nf3lKv8/axymXrEV:XhWQyzDkjkCWHvwUperE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gamesense.dll

Files

gamesense.dll
.dll windows x86

7cde20f4a8cbb844da3d5b67ff584777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileSectionA
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetModuleHandleA
GetProcAddress
CreateDirectoryA
CloseHandle
GetCurrentProcess
OpenProcess
LoadLibraryA
K32EnumProcessModulesEx
K32GetModuleFileNameExA
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpA
VirtualFree
GetFileAttributesA
GetTickCount64
GetStdHandle
SetStdHandle
GetCurrentProcessId
AllocConsole
FreeConsole
AttachConsole
SetConsoleTextAttribute
SetConsoleTitleA
GetConsoleWindow
K32GetModuleInformation
VirtualQuery
QueryPerformanceFrequency
OutputDebugStringA
HeapFree
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GlobalFree
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
GetModuleHandleW
DeviceIoControl
AreFileApisANSI
GetTempPathW
SetFileTime
SetFileInformationByHandle
GlobalLock
GlobalUnlock
SetFileAttributesW
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocaleInfoEx
LocalFree
FlushInstructionCache
SetLastError
FormatMessageA
LoadLibraryExA
GetModuleFileNameA
FreeLibrary
GetLastError
GetProcessHeap
MultiByteToWideChar
GlobalAlloc
UnhandledExceptionFilter
Sleep

user32

GetCursorPos
SetCursor
SetCursorPos
LoadCursorA
ClientToScreen
ScreenToClient
GetClientRect
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
EmptyClipboard
IsClipboardFormatAvailable
PostQuitMessage
CallWindowProcA
SetWindowLongA
FindWindowA
GetForegroundWindow
GetActiveWindow
GetKeyState
GetClassNameA
MessageBoxA
SetWindowPos
SetRect
IsChild
GetAsyncKeyState
GetCapture
SetCapture
ReleaseCapture

gdi32

AddFontResourceA

msvcp140d

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setf@ios_base@std@@QAEHHH@Z
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0_Lockit@std@@QAE@H@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

d3dx9_43

D3DXCreateSprite
D3DXCreateLine
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateFontA

ws2_32

WSAGetLastError
connect
getpeername
getsockname
htons
gethostbyname
recv
accept
bind
htonl
inet_addr
listen
sendto
setsockopt
__WSAFDIsSet
closesocket
ioctlsocket
getsockopt
recvfrom
select
send
shutdown
socket
WSAStartup

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

xinput1_3

ord2
ord4

vcruntime140d

__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
_except_handler4_common
__current_exception_context
__current_exception
_except_handler3
_setjmp3
longjmp
strrchr
_purecall
memcmp
memchr
strchr
memset
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__vcrt_LoadLibraryExW
__std_type_info_destroy_list
strstr

ucrtbased

_localtime64
strftime
malloc
isalnum
freopen_s
_libm_sse2_acos_precise
strncpy
qsort
exit
_wfopen
fseek
ftell
__stdio_common_vsscanf
toupper
strncmp
strcpy_s
isprint
strcat
strcmp
strlen
getenv
fopen
realloc
atol
feof
ferror
freopen
getc
strerror
abort
isdigit
strspn
clock
isxdigit
isspace
localeconv
clearerr
_ftelli64
_pclose
_popen
tmpfile
setlocale
system
_difftime64
_gmtime64
_mktime64
remove
rename
tmpnam
isalpha
isupper
islower
ispunct
isgraph
llround
strpbrk
frexp
srand
_libm_sse2_asin_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
fgets
ldexp
strtod
strcoll
strcpy
_free_dbg
_malloc_dbg
___lc_codepage_func
terminate
_callnewh
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_except1
_CrtDbgReportW
_initterm
_initterm_e
strcat_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
__stdio_common_vfprintf
_CIfmod
_CIatan2
_calloc_dbg
isblank
_read
_lseek
_time64
_localtime64_s
ceil
__stdio_common_vsprintf
_itoa
strtol
atoi
atof
free
strtok
_strdup
strncpy_s
_errno
_wassert
_CrtDbgReport
_invalid_parameter
__acrt_iob_func
_libm_sse2_tan_precise
_libm_sse2_exp_precise
_wcsupr
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
_unlock_file
_lock_file
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
_fdclass
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
rand
_libm_sse2_atan_precise
fminf
floor
fmaxf
_libm_sse2_pow_precise
_stricmp
roundf
_libm_sse2_sqrt_precise
tolower
_libm_sse2_sin_precise
iscntrl
_libm_sse2_cos_precise
fputc

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cde20f4a8cbb844da3d5b67ff584777

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcp140d

d3dx9_43

ws2_32

imm32

xinput1_3

vcruntime140d

ucrtbased

Sections

.text Size: 8.2MB - Virtual size: 8.2MB

.rdata Size: 830KB - Virtual size: 829KB

.data Size: 1.4MB - Virtual size: 1.7MB

.idata Size: 17KB - Virtual size: 16KB

.msvcjmc Size: 21KB - Virtual size: 21KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 309KB - Virtual size: 308KB

.text
Size: 8.2MB - Virtual size: 8.2MB

.rdata
Size: 830KB - Virtual size: 829KB

.data
Size: 1.4MB - Virtual size: 1.7MB

.idata
Size: 17KB - Virtual size: 16KB

.msvcjmc
Size: 21KB - Virtual size: 21KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 309KB - Virtual size: 308KB