GameAssembly[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

GameAssembly.dll
Size

18.5MB
MD5

2a76e7bdd826eb8ac3ecabfdceec9a61
SHA1

77bb50aca36d88292973d3a64cc4950fec476624
SHA256

70d509b701a8eb57d2ea4a162f322e7bdf494a843a1911dc8c0e5966ce610568
SHA512

147748c8aef626ef7099b0c2d40e21fb5f4618ca5c1afbff5a64b47631b3036843528d895914d896380819da2b0a38cc4d7a50b1a064bde0950c739118b40024
SSDEEP

393216:/TlXYjzPzFMN/aPk80BEwrp3eYQC2bsl1gqYQ:kBIRo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GameAssembly.dll

Files

GameAssembly.dll
.dll windows:6 windows x64 arch:x64

9e1aea8b5400b55c4d01b94477009c8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\My Projects Unity\HotTimeSaga\Library\il2cpp_cache\linkresult_DF5161E11B6C42B073293AE2CDABCBF7\GameAssembly.pdb

Imports

kernel32

FlushFileBuffers
GetFileAttributesExW
GetFileSizeEx
GetFileType
GetFullPathNameW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
WriteFile
IsDebuggerPresent
CloseHandle
DuplicateHandle
RaiseException
GetLastError
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
SleepEx
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateMutexW
CreateEventW
Sleep
CreateSemaphoreW
QueueUserAPC
GetCurrentProcess
GetCurrentProcessId
SwitchToThread
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetNativeSystemInfo
VirtualAlloc
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
FindFirstFileExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalFree
FormatMessageW
GetComputerNameW
GetTimeZoneInformation
GetDynamicTimeZoneInformation
GetFileInformationByHandleEx
WideCharToMultiByte
GetACP
GetLocaleInfoW
GetThreadLocale
GetConsoleMode
SetFilePointer
GetExitCodeThread
SuspendThread
ResumeThread
GetThreadContext
VirtualFree
WriteConsoleW
GetProcessHeap
GetCommandLineW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetCommandLineA
RtlUnwind
SetStdHandle
GetOEMCP
IsValidCodePage
HeapQueryInformation
HeapSize
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InterlockedFlushSList
SetEnvironmentVariableW
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwindEx
RtlPcToFileHeader
TerminateProcess
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
InitializeCriticalSectionEx
FindNextFileW
GetStdHandle
FreeLibrary
RtlCaptureStackBackTrace

user32

MessageBoxA

advapi32

GetUserNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

ole32

CoCreateFreeThreadedMarshaler
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoGetContextToken

oleaut32

SafeArrayUnaccessData
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
SysStringLen
SafeArrayGetLBound
SysFreeString

shell32

SHGetKnownFolderPath
SHGetFolderPathW

ws2_32

inet_ntop
inet_pton
getnameinfo
freeaddrinfo
socket
shutdown
setsockopt
getaddrinfo
send
select
recvfrom
WSACleanup
WSAStartup
listen
inet_ntoa
inet_addr
htons
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
ntohl
gethostbyaddr
ntohs
gethostname
WSAPoll
WSASend
WSARecv
WSAIoctl
WSAGetLastError

iphlpapi

GetIfEntry
GetAdaptersAddresses
GetNetworkParams

baselib

?Baselib_SystemSemaphore_Free@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_SystemSemaphore_Release@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@I@Z
?Baselib_SystemSemaphore_Acquire@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_SystemSemaphore_Create@il2cpp_baselib@@YA?AUBaselib_SystemSemaphore_Handle@1@XZ
?Baselib_Thread_GetCurrentThreadId@il2cpp_baselib@@YA_JXZ

Exports

Exports

CloseZStream
CreateZStream
DllCanUnloadNow
DllGetActivationFactory
Flush
ReadZStream
UnityPalGetLocalTimeZoneData
UnityPalGetTimeZoneDataForID
UnityPalTimeZoneInfoGetTimeZoneIDs
UseUnityPalForTimeZoneInformation
WriteZStream
il2cpp_add_internal_call
il2cpp_alloc
il2cpp_allocation_granularity
il2cpp_array_class_get
il2cpp_array_element_size
il2cpp_array_get_byte_length
il2cpp_array_length
il2cpp_array_new
il2cpp_array_new_full
il2cpp_array_new_specific
il2cpp_array_object_header_size
il2cpp_assembly_get_image
il2cpp_bounded_array_class_get
il2cpp_capture_memory_snapshot
il2cpp_class_array_element_size
il2cpp_class_enum_basetype
il2cpp_class_for_each
il2cpp_class_from_il2cpp_type
il2cpp_class_from_name
il2cpp_class_from_system_type
il2cpp_class_from_type
il2cpp_class_get_assemblyname
il2cpp_class_get_bitmap
il2cpp_class_get_bitmap_size
il2cpp_class_get_data_size
il2cpp_class_get_declaring_type
il2cpp_class_get_element_class
il2cpp_class_get_events
il2cpp_class_get_field_from_name
il2cpp_class_get_fields
il2cpp_class_get_flags
il2cpp_class_get_image
il2cpp_class_get_interfaces
il2cpp_class_get_method_from_name
il2cpp_class_get_methods
il2cpp_class_get_name
il2cpp_class_get_namespace
il2cpp_class_get_nested_types
il2cpp_class_get_parent
il2cpp_class_get_properties
il2cpp_class_get_property_from_name
il2cpp_class_get_rank
il2cpp_class_get_static_field_data
il2cpp_class_get_type
il2cpp_class_get_type_token
il2cpp_class_get_userdata_offset
il2cpp_class_has_attribute
il2cpp_class_has_parent
il2cpp_class_has_references
il2cpp_class_instance_size
il2cpp_class_is_abstract
il2cpp_class_is_assignable_from
il2cpp_class_is_blittable
il2cpp_class_is_enum
il2cpp_class_is_generic
il2cpp_class_is_inflated
il2cpp_class_is_interface
il2cpp_class_is_subclass_of
il2cpp_class_is_valuetype
il2cpp_class_num_fields
il2cpp_class_set_userdata
il2cpp_class_value_size
il2cpp_current_thread_get_frame_at
il2cpp_current_thread_get_stack_depth
il2cpp_current_thread_get_top_frame
il2cpp_current_thread_walk_frame_stack
il2cpp_custom_attrs_construct
il2cpp_custom_attrs_free
il2cpp_custom_attrs_from_class
il2cpp_custom_attrs_from_method
il2cpp_custom_attrs_get_attr
il2cpp_custom_attrs_has_attr
il2cpp_debug_get_method_info
il2cpp_debugger_set_agent_options
il2cpp_domain_assembly_open
il2cpp_domain_get
il2cpp_domain_get_assemblies
il2cpp_exception_from_name_msg
il2cpp_field_get_flags
il2cpp_field_get_name
il2cpp_field_get_offset
il2cpp_field_get_parent
il2cpp_field_get_type
il2cpp_field_get_value
il2cpp_field_get_value_object
il2cpp_field_has_attribute
il2cpp_field_is_literal
il2cpp_field_set_value
il2cpp_field_set_value_object
il2cpp_field_static_get_value
il2cpp_field_static_set_value
il2cpp_format_exception
il2cpp_format_stack_trace
il2cpp_free
il2cpp_free_captured_memory_snapshot
il2cpp_gc_collect
il2cpp_gc_collect_a_little
il2cpp_gc_disable
il2cpp_gc_enable
il2cpp_gc_foreach_heap
il2cpp_gc_get_heap_size
il2cpp_gc_get_max_time_slice_ns
il2cpp_gc_get_used_size
il2cpp_gc_has_strict_wbarriers
il2cpp_gc_is_disabled
il2cpp_gc_is_incremental
il2cpp_gc_set_external_allocation_tracker
il2cpp_gc_set_external_wbarrier_tracker
il2cpp_gc_set_max_time_slice_ns
il2cpp_gc_set_mode
il2cpp_gc_start_incremental_collection
il2cpp_gc_wbarrier_set_field
il2cpp_gchandle_foreach_get_target
il2cpp_gchandle_free
il2cpp_gchandle_get_target
il2cpp_gchandle_new
il2cpp_gchandle_new_weakref
il2cpp_get_corlib
il2cpp_get_exception_argument_null
il2cpp_image_get_assembly
il2cpp_image_get_class
il2cpp_image_get_class_count
il2cpp_image_get_entry_point
il2cpp_image_get_filename
il2cpp_image_get_name
il2cpp_init
il2cpp_init_utf16
il2cpp_is_debugger_attached
il2cpp_is_vm_thread
il2cpp_method_get_class
il2cpp_method_get_declaring_type
il2cpp_method_get_flags
il2cpp_method_get_from_reflection
il2cpp_method_get_name
il2cpp_method_get_object
il2cpp_method_get_param
il2cpp_method_get_param_count
il2cpp_method_get_param_name
il2cpp_method_get_return_type
il2cpp_method_get_token
il2cpp_method_has_attribute
il2cpp_method_is_generic
il2cpp_method_is_inflated
il2cpp_method_is_instance
il2cpp_monitor_enter
il2cpp_monitor_exit
il2cpp_monitor_pulse
il2cpp_monitor_pulse_all
il2cpp_monitor_try_enter
il2cpp_monitor_try_wait
il2cpp_monitor_wait
il2cpp_native_stack_trace
il2cpp_object_get_class
il2cpp_object_get_size
il2cpp_object_get_virtual_method
il2cpp_object_header_size
il2cpp_object_new
il2cpp_object_unbox
il2cpp_offset_of_array_bounds_in_array_object_header
il2cpp_offset_of_array_length_in_array_object_header
il2cpp_override_stack_backtrace
il2cpp_profiler_install
il2cpp_profiler_install_allocation
il2cpp_profiler_install_enter_leave
il2cpp_profiler_install_fileio
il2cpp_profiler_install_gc
il2cpp_profiler_install_thread
il2cpp_profiler_set_events
il2cpp_property_get_flags
il2cpp_property_get_get_method
il2cpp_property_get_name
il2cpp_property_get_parent
il2cpp_property_get_set_method
il2cpp_raise_exception
il2cpp_register_debugger_agent_transport
il2cpp_register_log_callback
il2cpp_resolve_icall
il2cpp_runtime_class_init
il2cpp_runtime_invoke
il2cpp_runtime_invoke_convert_args
il2cpp_runtime_object_init
il2cpp_runtime_object_init_exception
il2cpp_runtime_unhandled_exception_policy_set
il2cpp_set_commandline_arguments
il2cpp_set_commandline_arguments_utf16
il2cpp_set_config
il2cpp_set_config_dir
il2cpp_set_config_utf16
il2cpp_set_data_dir
il2cpp_set_default_thread_affinity
il2cpp_set_find_plugin_callback
il2cpp_set_memory_callbacks
il2cpp_set_temp_dir
il2cpp_shutdown
il2cpp_start_gc_world
il2cpp_stats_dump_to_file
il2cpp_stats_get_value
il2cpp_stop_gc_world
il2cpp_string_chars
il2cpp_string_intern
il2cpp_string_is_interned
il2cpp_string_length
il2cpp_string_new
il2cpp_string_new_len
il2cpp_string_new_utf16
il2cpp_string_new_wrapper
il2cpp_thread_attach
il2cpp_thread_current
il2cpp_thread_detach
il2cpp_thread_get_all_attached_threads
il2cpp_thread_get_frame_at
il2cpp_thread_get_stack_depth
il2cpp_thread_get_top_frame
il2cpp_thread_walk_frame_stack
il2cpp_type_equals
il2cpp_type_get_assembly_qualified_name
il2cpp_type_get_attrs
il2cpp_type_get_class_or_element_class
il2cpp_type_get_name
il2cpp_type_get_name_chunked
il2cpp_type_get_object
il2cpp_type_get_type
il2cpp_type_is_byref
il2cpp_type_is_pointer_type
il2cpp_type_is_static
il2cpp_unhandled_exception
il2cpp_unity_install_unitytls_interface
il2cpp_unity_liveness_calculation_begin
il2cpp_unity_liveness_calculation_end
il2cpp_unity_liveness_calculation_from_root
il2cpp_unity_liveness_calculation_from_statics
il2cpp_value_box

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

il2cpp
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 767KB - Virtual size: 766KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e1aea8b5400b55c4d01b94477009c8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shell32

ws2_32

iphlpapi

baselib

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

il2cpp Size: 12.2MB - Virtual size: 12.2MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 1.0MB - Virtual size: 3.7MB

.pdata Size: 767KB - Virtual size: 766KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 238KB - Virtual size: 237KB

.text
Size: 1.6MB - Virtual size: 1.6MB

il2cpp
Size: 12.2MB - Virtual size: 12.2MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 1.0MB - Virtual size: 3.7MB

.pdata
Size: 767KB - Virtual size: 766KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 238KB - Virtual size: 237KB