C:\Users\Willem\Documents\GitHub\Client\Library\Bee\artifacts\WinPlayerBuildProgram\qfds4\GameAssembly.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
GameAssembly.dll
Resource
win10-20240404-en
windows10-1703-x64
1 signatures
150 seconds
General
-
Target
GameAssembly.dll
-
Size
30.3MB
-
MD5
963e7e99b0548fae41e62893c2fe6154
-
SHA1
599809562d422372353a17b38facff7e139db9c4
-
SHA256
e2d341b733609b148e4ae36da30d32acb28e5d32ec226fcbf3c9fadcd14431c4
-
SHA512
60d959d5226ea6d31aeea2bcf5f197fb8a629a215f247c31ebbf107b13900af8e3029419bfedfc49a43bb4767c60fa4b363b159556e07878f9286393c3299fba
-
SSDEEP
393216:po851KjaYTWBjQ45syBw/rdxHiB9bj8uqh1P8ZxbF/svG/goYBMEHCqPRCLAX:hvKj5sZqhpvpMEiWQM
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource GameAssembly.dll
Files
-
GameAssembly.dll.dll windows:6 windows x64 arch:x64
9b93fd87c192df0f3f5067a996cba7cb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
SwitchToThread
GetSystemInfo
VirtualAlloc
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileInformationByHandleEx
K32GetModuleBaseNameW
RtlCaptureStackBackTrace
CreateFileW
DuplicateHandle
RaiseException
SetLastError
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
SetThreadDescription
GlobalAlloc
GlobalFree
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetStdHandle
DeleteFileW
DeleteVolumeMountPointW
FlushFileBuffers
GetFileAttributesExW
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLogicalDrives
ReadFile
SetEndOfFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
WriteFile
SetThreadErrorMode
CreatePipe
GetOverlappedResult
CancelIoEx
GetThreadDescription
GetNativeSystemInfo
LocalAlloc
LocalReAlloc
LocalFree
FormatMessageW
CopyFileExW
CopyFile2
MoveFileExW
ReplaceFileW
GetTimeZoneInformation
GetDynamicTimeZoneInformation
GetTimeZoneInformationForYear
GetConsoleMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetSystemTimes
GetCurrentProcessId
GetVersionExW
GetComputerNameW
GetLongPathNameW
GetTempPathW
GetModuleFileNameA
GetModuleFileNameW
WideCharToMultiByte
GetACP
GetLocaleInfoW
GetThreadLocale
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetFilePointer
SuspendThread
ResumeThread
GetThreadContext
VirtualFree
GetModuleHandleW
GetProcAddress
WriteConsoleW
SetStdHandle
GetProcessHeap
GetCommandLineW
GetCommandLineA
ReadConsoleW
GetConsoleOutputCP
GetCurrentProcess
Sleep
CloseHandle
IsDebuggerPresent
RemoveDirectoryW
FindNextFileW
FindFirstFileExW
FindClose
CreateDirectoryW
GetOEMCP
IsValidCodePage
HeapQueryInformation
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
RtlUnwind
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapReAlloc
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
GetLastError
TlsFree
TlsSetValue
InterlockedFlushSList
RtlUnwindEx
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
SleepConditionVariableSRW
GetCPInfo
GetStringTypeW
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
InitializeCriticalSectionEx
RtlPcToFileHeader
GetExitCodeProcess
TlsGetValue
GetSystemTimeAsFileTime
TlsAlloc
user32
MessageBoxA
advapi32
EventActivityIdControl
GetDynamicTimeZoneInformationEffectiveYears
EventRegister
EventUnregister
EventSetInformation
EventWrite
EventWriteTransfer
EventWriteEx
GetUserNameW
EnumerateTraceGuidsEx
EnumDynamicTimeZoneInformation
EventWriteString
ole32
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoGetApartmentType
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
oleaut32
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SysStringLen
SysFreeString
SysAllocStringLen
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
shell32
SHGetKnownFolderPath
SHGetFolderPathW
ws2_32
WSACleanup
WSAGetLastError
WSAStartup
gethostname
inet_pton
getnameinfo
freeaddrinfo
getaddrinfo
WSAPoll
WSASend
WSARecv
inet_ntop
__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
listen
gethostbyaddr
socket
shutdown
setsockopt
sendto
send
select
recvfrom
ntohs
ntohl
WSAIoctl
iphlpapi
GetIfEntry
GetAdaptersAddresses
GetNetworkParams
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
api-ms-win-core-winrt-error-l1-1-0
RoSetErrorReportingFlags
GetRestrictedErrorInfo
api-ms-win-core-winrt-robuffer-l1-1-0
RoGetBufferMarshaler
bcrypt
BCryptGenRandom
dbghelp
SymInitialize
SymFromAddr
baselib
?Baselib_Timer_GetHighPrecisionTimerTicks@il2cpp_baselib@@YA_KXZ
?Baselib_DynamicLibrary_Close@il2cpp_baselib@@YAXUBaselib_DynamicLibrary_Handle@1@@Z
?Baselib_Thread_YieldExecution@il2cpp_baselib@@YAXXZ
?Baselib_Timer_TickToNanosecondsConversionFactor@il2cpp_baselib@@3NB
?Baselib_ErrorState_Explain@il2cpp_baselib@@YAIPEBUBaselib_ErrorState@1@QEADIW4Baselib_ErrorState_ExplainVerbosity@1@@Z
?Baselib_DynamicLibrary_OpenUtf16@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@PEBGPEAUBaselib_ErrorState@1@@Z
?Baselib_DynamicLibrary_GetFunction@il2cpp_baselib@@YAPEAXUBaselib_DynamicLibrary_Handle@1@PEBDPEAUBaselib_ErrorState@1@@Z
?Baselib_DynamicLibrary_FromNativeHandle@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@_KIPEAUBaselib_ErrorState@1@@Z
?Baselib_Thread_GetCurrentThreadId@il2cpp_baselib@@YA_JXZ
?Baselib_SystemFutex_Wait@il2cpp_baselib@@YAXPEAHHI@Z
?Baselib_SystemFutex_Notify@il2cpp_baselib@@YAXPEAHIW4Baselib_WakeupFallbackStrategy@1@@Z
?Detail_Baselib_Cpu_FeatureData_CpuIdArray@il2cpp_baselib@@3QBUDetail_Baselib_Cpu_FeatureData_CpuId@1@B
Exports
Exports
CloseNLSocket
CloseZStream
CreateNLSocket
CreateZStream
DllCanUnloadNow
DllGetActivationFactory
Flush
ReadEvents
ReadZStream
WriteZStream
il2cpp_add_internal_call
il2cpp_alloc
il2cpp_allocation_granularity
il2cpp_array_class_get
il2cpp_array_element_size
il2cpp_array_get_byte_length
il2cpp_array_length
il2cpp_array_new
il2cpp_array_new_full
il2cpp_array_new_specific
il2cpp_array_object_header_size
il2cpp_assembly_get_image
il2cpp_bounded_array_class_get
il2cpp_capture_memory_snapshot
il2cpp_class_array_element_size
il2cpp_class_enum_basetype
il2cpp_class_for_each
il2cpp_class_from_il2cpp_type
il2cpp_class_from_name
il2cpp_class_from_system_type
il2cpp_class_from_type
il2cpp_class_get_assemblyname
il2cpp_class_get_bitmap
il2cpp_class_get_bitmap_size
il2cpp_class_get_data_size
il2cpp_class_get_declaring_type
il2cpp_class_get_element_class
il2cpp_class_get_events
il2cpp_class_get_field_from_name
il2cpp_class_get_fields
il2cpp_class_get_flags
il2cpp_class_get_image
il2cpp_class_get_interfaces
il2cpp_class_get_method_from_name
il2cpp_class_get_methods
il2cpp_class_get_name
il2cpp_class_get_namespace
il2cpp_class_get_nested_types
il2cpp_class_get_parent
il2cpp_class_get_properties
il2cpp_class_get_property_from_name
il2cpp_class_get_rank
il2cpp_class_get_static_field_data
il2cpp_class_get_type
il2cpp_class_get_type_token
il2cpp_class_get_userdata_offset
il2cpp_class_has_attribute
il2cpp_class_has_parent
il2cpp_class_has_references
il2cpp_class_instance_size
il2cpp_class_is_abstract
il2cpp_class_is_assignable_from
il2cpp_class_is_blittable
il2cpp_class_is_enum
il2cpp_class_is_generic
il2cpp_class_is_inflated
il2cpp_class_is_inited
il2cpp_class_is_interface
il2cpp_class_is_subclass_of
il2cpp_class_is_valuetype
il2cpp_class_num_fields
il2cpp_class_set_userdata
il2cpp_class_value_size
il2cpp_current_thread_get_frame_at
il2cpp_current_thread_get_stack_depth
il2cpp_current_thread_get_top_frame
il2cpp_current_thread_walk_frame_stack
il2cpp_custom_attrs_construct
il2cpp_custom_attrs_free
il2cpp_custom_attrs_from_class
il2cpp_custom_attrs_from_field
il2cpp_custom_attrs_from_method
il2cpp_custom_attrs_get_attr
il2cpp_custom_attrs_has_attr
il2cpp_debug_get_method_info
il2cpp_debugger_set_agent_options
il2cpp_domain_assembly_open
il2cpp_domain_get
il2cpp_domain_get_assemblies
il2cpp_exception_from_name_msg
il2cpp_field_get_flags
il2cpp_field_get_from_reflection
il2cpp_field_get_name
il2cpp_field_get_object
il2cpp_field_get_offset
il2cpp_field_get_parent
il2cpp_field_get_type
il2cpp_field_get_value
il2cpp_field_get_value_object
il2cpp_field_has_attribute
il2cpp_field_is_literal
il2cpp_field_set_value
il2cpp_field_set_value_object
il2cpp_field_static_get_value
il2cpp_field_static_set_value
il2cpp_format_exception
il2cpp_format_stack_trace
il2cpp_free
il2cpp_free_captured_memory_snapshot
il2cpp_gc_alloc_fixed
il2cpp_gc_collect
il2cpp_gc_collect_a_little
il2cpp_gc_disable
il2cpp_gc_enable
il2cpp_gc_foreach_heap
il2cpp_gc_free_fixed
il2cpp_gc_get_heap_size
il2cpp_gc_get_max_time_slice_ns
il2cpp_gc_get_used_size
il2cpp_gc_has_strict_wbarriers
il2cpp_gc_is_disabled
il2cpp_gc_is_incremental
il2cpp_gc_set_external_allocation_tracker
il2cpp_gc_set_external_wbarrier_tracker
il2cpp_gc_set_max_time_slice_ns
il2cpp_gc_set_mode
il2cpp_gc_start_incremental_collection
il2cpp_gc_wbarrier_set_field
il2cpp_gchandle_foreach_get_target
il2cpp_gchandle_free
il2cpp_gchandle_get_target
il2cpp_gchandle_new
il2cpp_gchandle_new_weakref
il2cpp_get_corlib
il2cpp_get_exception_argument_null
il2cpp_image_get_assembly
il2cpp_image_get_class
il2cpp_image_get_class_count
il2cpp_image_get_entry_point
il2cpp_image_get_filename
il2cpp_image_get_name
il2cpp_init
il2cpp_init_utf16
il2cpp_is_debugger_attached
il2cpp_is_vm_thread
il2cpp_method_get_class
il2cpp_method_get_declaring_type
il2cpp_method_get_flags
il2cpp_method_get_from_reflection
il2cpp_method_get_name
il2cpp_method_get_object
il2cpp_method_get_param
il2cpp_method_get_param_count
il2cpp_method_get_param_name
il2cpp_method_get_return_type
il2cpp_method_get_token
il2cpp_method_has_attribute
il2cpp_method_is_generic
il2cpp_method_is_inflated
il2cpp_method_is_instance
il2cpp_monitor_enter
il2cpp_monitor_exit
il2cpp_monitor_pulse
il2cpp_monitor_pulse_all
il2cpp_monitor_try_enter
il2cpp_monitor_try_wait
il2cpp_monitor_wait
il2cpp_native_stack_trace
il2cpp_object_get_class
il2cpp_object_get_size
il2cpp_object_get_virtual_method
il2cpp_object_header_size
il2cpp_object_new
il2cpp_object_unbox
il2cpp_offset_of_array_bounds_in_array_object_header
il2cpp_offset_of_array_length_in_array_object_header
il2cpp_override_stack_backtrace
il2cpp_profiler_install
il2cpp_profiler_install_allocation
il2cpp_profiler_install_enter_leave
il2cpp_profiler_install_fileio
il2cpp_profiler_install_gc
il2cpp_profiler_install_thread
il2cpp_profiler_set_events
il2cpp_property_get_flags
il2cpp_property_get_get_method
il2cpp_property_get_name
il2cpp_property_get_parent
il2cpp_property_get_set_method
il2cpp_raise_exception
il2cpp_register_debugger_agent_transport
il2cpp_register_log_callback
il2cpp_resolve_icall
il2cpp_runtime_class_init
il2cpp_runtime_invoke
il2cpp_runtime_invoke_convert_args
il2cpp_runtime_object_init
il2cpp_runtime_object_init_exception
il2cpp_runtime_unhandled_exception_policy_set
il2cpp_set_commandline_arguments
il2cpp_set_commandline_arguments_utf16
il2cpp_set_config
il2cpp_set_config_dir
il2cpp_set_config_utf16
il2cpp_set_data_dir
il2cpp_set_default_thread_affinity
il2cpp_set_find_plugin_callback
il2cpp_set_memory_callbacks
il2cpp_set_temp_dir
il2cpp_shutdown
il2cpp_start_gc_world
il2cpp_stats_dump_to_file
il2cpp_stats_get_value
il2cpp_stop_gc_world
il2cpp_string_chars
il2cpp_string_intern
il2cpp_string_is_interned
il2cpp_string_length
il2cpp_string_new
il2cpp_string_new_len
il2cpp_string_new_utf16
il2cpp_string_new_wrapper
il2cpp_thread_attach
il2cpp_thread_current
il2cpp_thread_detach
il2cpp_thread_get_frame_at
il2cpp_thread_get_stack_depth
il2cpp_thread_get_top_frame
il2cpp_thread_walk_frame_stack
il2cpp_type_equals
il2cpp_type_get_assembly_qualified_name
il2cpp_type_get_attrs
il2cpp_type_get_class_or_element_class
il2cpp_type_get_name
il2cpp_type_get_name_chunked
il2cpp_type_get_object
il2cpp_type_get_reflection_name
il2cpp_type_get_type
il2cpp_type_is_byref
il2cpp_type_is_pointer_type
il2cpp_type_is_static
il2cpp_unhandled_exception
il2cpp_unity_install_unitytls_interface
il2cpp_unity_liveness_allocate_struct
il2cpp_unity_liveness_calculation_from_root
il2cpp_unity_liveness_calculation_from_statics
il2cpp_unity_liveness_finalize
il2cpp_unity_liveness_free_struct
il2cpp_unity_set_android_network_up_state_func
il2cpp_value_box
jinfo_get_method
mini_get_interp_callbacks
mini_jit_info_table_find
mono_arch_clear_breakpoint
mono_arch_context_get_int_reg
mono_arch_context_set_int_reg
mono_arch_set_breakpoint
mono_arch_setup_resume_sighandler_ctx
mono_arch_skip_breakpoint
mono_arch_skip_single_step
mono_arch_start_single_stepping
mono_arch_stop_single_stepping
mono_array_element_size
mono_array_length
mono_class_get_byref_type
mono_class_get_checked
mono_class_get_context
mono_class_get_element_class
mono_class_get_flags
mono_class_get_image
mono_class_get_interfaces
mono_class_get_methods
mono_class_get_name
mono_class_get_namespace
mono_class_get_nested_types
mono_class_get_parent
mono_class_get_properties
mono_class_get_rank
mono_class_get_type
mono_class_get_type_token
mono_class_has_parent
mono_class_instance_size
mono_class_is_enum
mono_class_is_valuetype
mono_class_num_fields
mono_class_num_methods
mono_class_num_properties
mono_class_value_size
mono_debug_find_method
mono_debug_free_locals
mono_debug_il_offset_from_address
mono_debug_lookup_locals
mono_domain_foreach
mono_domain_get
mono_domain_get_assemblies_iter
mono_domain_get_corlib
mono_domain_is_unloading
mono_environment_exitcode_get
mono_environment_exitcode_set
mono_field_get_name
mono_field_get_offset
mono_field_get_parent
mono_field_get_type
mono_field_set_value
mono_find_prev_seq_point_for_native_offset
mono_free_method_signatures
mono_gc_register_root
mono_get_byte_class
mono_get_lmf_addr
mono_get_root_domain
mono_get_runtime_build_info
mono_get_string_class
mono_image_get_assembly
mono_image_get_entry_point
mono_image_get_filename
mono_image_get_guid
mono_image_get_name
mono_image_is_dynamic
mono_jit_find_compiled_method_with_jit_info
mono_jit_info_get_method
mono_jit_info_table_find
mono_marshal_method_from_wrapper
mono_metadata_free_mh
mono_metadata_generic_class_is_valuetype
mono_method_full_name
mono_method_get_class
mono_method_get_context
mono_method_get_declaring_generic_method
mono_method_get_flags
mono_method_get_generic_container
mono_method_get_header_checked
mono_method_get_name
mono_method_get_param_names
mono_method_get_token
mono_method_is_generic
mono_method_is_inflated
mono_object_get_type
mono_object_unbox_internal
mono_property_get_get_method
mono_property_get_name
mono_property_get_parent
mono_property_get_set_method
mono_restore_context
mono_runtime_is_shutting_down
mono_runtime_quit
mono_set_is_debugger_attached
mono_set_lmf
mono_string_chars
mono_string_free
mono_string_length
mono_string_new
mono_thread_attach
mono_thread_current
mono_thread_detach
mono_thread_get_main
mono_thread_set_name
mono_thread_state_init_from_current
mono_thread_state_init_from_monoctx
mono_thread_suspend_all_other_threads
mono_type_full_name
mono_type_generic_inst_is_valuetype
mono_type_get_attrs
mono_type_get_class
mono_type_get_name_full
mono_type_get_type
mono_type_is_byref
mono_type_is_generic_parameter
mono_type_is_reference
mono_type_is_struct
mono_type_size
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
il2cpp Size: 20.0MB - Virtual size: 20.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4.9MB - Virtual size: 4.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.6MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 481KB - Virtual size: 480KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ