gamesense[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

gamesense.exe
Size

4.1MB
MD5

f666e382a97c3a195c7e4c935effb552
SHA1

7d70da6c8ba4b67b213313be5698804aa937465b
SHA256

a543359d824b86c38497b29069efe6fef54fcc01e4850fe182dec0cf16fb4193
SHA512

1246ec3955038e8ea78bcfbdac8dc851147e314cdfe35f157310de3a68087199615c0eee01b728607243aeb2ddc4bb507324b3688a899020d3ad08286d6d1c30
SSDEEP

49152:0ZYrVVl39jNdzhzlw0PhsLrrzaeTBUVhJyV9mzvAT9AJAzxlaSFsNqtFQxwatbjW:0ZInhpw0MOeT7/aYtF7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gamesense.exe

Files

gamesense.exe
.exe windows x86

ee2d94b706f5adbf7b0c379694cc1a2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
LocalFree
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
CreateThread
HeapReAlloc
GlobalFree
GlobalLock
GlobalUnlock
UnhandledExceptionFilter
HeapSize
InitializeCriticalSectionEx
GetCurrentProcess
HeapFree
GetProcAddress
LoadLibraryA
VerifyVersionInfoW
GetEnvironmentVariableA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
GetLastError
Sleep
CreateRemoteThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
SetLastError
FormatMessageA
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GlobalAlloc
GetModuleFileNameA
LoadLibraryW
GetFileSizeEx
AllocConsole
CreateToolhelp32Snapshot
Process32First
Process32Next

user32

ReleaseDC
GetDC
AdjustWindowRectEx
ReleaseCapture
GetCapture
SetForegroundWindow
SetWindowTextW
GetClientRect
WindowFromPoint
GetWindowLongW
GetForegroundWindow
SetCursorPos
SetWindowLongA
SetWindowLongW
LoadCursorA
MonitorFromWindow
ScreenToClient
EnumDisplayMonitors
TranslateMessage
DispatchMessageA
PeekMessageA
PostQuitMessage
UpdateWindow
MessageBoxA
FindWindowA
IsIconic
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
IsChild
CreateWindowExA
RegisterClassExA
OpenClipboard
CloseClipboard
SetClipboardData
BringWindowToTop
ClientToScreen
GetCursorPos
GetMonitorInfoA
GetKeyState
SetFocus
GetClipboardData
EmptyClipboard
DefWindowProcA
UnregisterClassA
SetCursor
SetCapture

gdi32

GetDeviceCaps

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

memmove
strstr
__std_terminate
memchr
__CxxFrameHandler3
memcpy
_except_handler4_common
memset
__current_exception_context
__current_exception
_CxxThrowException
strrchr
__std_exception_destroy
__std_exception_copy
strchr

api-ms-win-crt-string-l1-1-0

_strdup
strspn
strcspn
strncmp
_stricmp
strpbrk
strncpy
isupper
strcat_s
tolower

api-ms-win-crt-runtime-l1-1-0

_wassert
_invalid_parameter_noinfo_noreturn
_getpid
_beginthreadex
_controlfp_s
__sys_nerr
_register_thread_local_exe_atexit_callback
_c_exit
strerror
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_invalid_parameter_noinfo
_resetstkoflw
abort
system
_errno
exit

api-ms-win-crt-stdio-l1-1-0

fgetpos
fsetpos
_fseeki64
fgetc
fputc
_get_stream_buffer_pointers
fclose
fflush
fread
fseek
ftell
_set_fmode
__p__commode
fopen
fputs
feof
fwrite
__stdio_common_vsprintf
__stdio_common_vsscanf
_open
_close
fgets
_write
_wfopen
_lseeki64
_read
setvbuf
__acrt_iob_func
ungetc

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
_set_new_mode
free
realloc

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_libm_sse2_acos_precise
ceil
_CIfmod
_libm_sse2_sin_precise
__setusermatherr
_libm_sse2_sqrt_precise
_dclass

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atoi
strtoull
strtod
strtoll

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
rename
_stat64
_access
remove
_fstat64
_unlink

api-ms-win-crt-time-l1-1-0

_localtime64_s
_mktime64
_time64
_difftime64
_gmtime64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

advapi32

CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
ConvertSidToStringSidA
CopySid
IsValidSid
OpenProcessToken
GetLengthSid
GetTokenInformation
CryptDestroyKey
CryptImportKey
CryptReleaseContext
CryptAcquireContextA
CryptEncrypt
CryptGenRandom

shell32

ShellExecuteA

normaliz

IdnToAscii

wldap32

ord301
ord143
ord200
ord30
ord79
ord217
ord46
ord35
ord33
ord211
ord60
ord45
ord50
ord41
ord32
ord22
ord26
ord27

crypt32

CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertFindExtension
CertOpenStore
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore

ws2_32

getsockname
ntohl
sendto
recvfrom
getsockopt
connect
bind
htons
ntohs
WSAGetLastError
setsockopt
getaddrinfo
select
socket
__WSAFDIsSet
closesocket
recv
WSASetLastError
send
getpeername
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
freeaddrinfo
gethostname

Sections

.text
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee2d94b706f5adbf7b0c379694cc1a2d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

imm32

msvcp140

d3d9

d3dx9_43

psapi

userenv

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

shell32

normaliz

wldap32

crypt32

ws2_32

Sections

.text Size: 687KB - Virtual size: 686KB

.rdata Size: 130KB - Virtual size: 129KB

.data Size: 3.3MB - Virtual size: 3.3MB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 687KB - Virtual size: 686KB

.rdata
Size: 130KB - Virtual size: 129KB

.data
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 30KB - Virtual size: 29KB