C:\BuildAgent\work\IN HEAT\Library\Bee\artifacts\WinPlayerBuildProgram\u1oik\GameAssembly.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
GameAssembly.dll
Resource
win7-20240704-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
GameAssembly.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
GameAssembly.dll
-
Size
51.9MB
-
MD5
0281182f7651d3577cbbaac13f965190
-
SHA1
f47170913523d4760eeb3e79b08ba1b8961288b3
-
SHA256
b54b1fbea51eea1e1679f6113aad6baff8af22c7f01221fbaea05c7eb0505ee9
-
SHA512
9b46ef29900ed7ff10f3d7637b2b6c7a5e5171be04e65ab1ce2a727e93521242176c6c4f4da68fce5736459a191942a456bc8e44ef8f1ff25651ca0c2e62b817
-
SSDEEP
393216:ZYuIC5rqRRySP4PT6oPwkvM91i3SQ12TcXtINckwpopUsRNS/uDWwN8YfnVVJOHE:ZYX8VlRuhBRbob8o25JBX
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource GameAssembly.dll
Files
-
GameAssembly.dll.dll windows:6 windows x64 arch:x64
e3d97c32daf4b31428a6578639f90176
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalFree
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetStdHandle
CreateDirectoryW
DeleteFileW
DeleteVolumeMountPointW
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFileAttributesExW
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLogicalDrives
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
WriteFile
SetThreadErrorMode
CreatePipe
GetOverlappedResult
CancelIoEx
GetCurrentProcessId
GetNativeSystemInfo
FormatMessageW
CopyFileExW
MoveFileExW
ReplaceFileW
GetTimeZoneInformation
GetDynamicTimeZoneInformation
GetFileInformationByHandleEx
GetConsoleMode
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetSystemTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetComputerNameW
GetLongPathNameW
GetTempPathW
GetModuleFileNameA
GetModuleFileNameW
WideCharToMultiByte
GetACP
GetLocaleInfoW
GetThreadLocale
SetThreadPriority
GetCurrentDirectoryW
FindClose
IsDebuggerPresent
OutputDebugStringW
Sleep
GetExitCodeProcess
VirtualAlloc
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
K32GetModuleBaseNameW
SetFilePointer
SuspendThread
ResumeThread
GetThreadContext
VirtualFree
WriteConsoleW
GetProcessHeap
GetCommandLineW
GetCommandLineA
SetStdHandle
GetOEMCP
IsValidCodePage
GetCurrentThreadId
GetCurrentThread
CreateThread
SwitchToThread
GetCurrentProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
FlsFree
RtlUnwind
FlsSetValue
FlsGetValue
FlsAlloc
HeapQueryInformation
HeapSize
HeapReAlloc
HeapAlloc
HeapFree
ReadConsoleW
GetConsoleOutputCP
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
SetLastError
GetLastError
RaiseException
DuplicateHandle
CloseHandle
RtlUnwindEx
TerminateProcess
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
GetCPInfo
GetStringTypeW
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
InitializeCriticalSectionEx
RtlPcToFileHeader
CreateFileW
RtlCaptureStackBackTrace
user32
MessageBoxA
advapi32
GetUserNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
ole32
CoGetContextToken
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
oleaut32
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayCreate
SysStringLen
SysFreeString
SysAllocStringLen
shell32
SHGetKnownFolderPath
SHGetFolderPathW
ws2_32
inet_ntop
inet_pton
getnameinfo
freeaddrinfo
getaddrinfo
WSAPoll
WSASend
gethostbyaddr
socket
shutdown
setsockopt
WSACleanup
select
recvfrom
ntohs
ntohl
listen
inet_ntoa
inet_addr
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSAStartup
gethostname
WSAGetLastError
send
WSARecv
WSAIoctl
iphlpapi
GetIfEntry
GetAdaptersAddresses
GetNetworkParams
dbghelp
SymInitialize
SymFromAddr
baselib
?Baselib_Thread_YieldExecution@il2cpp_baselib@@YAXXZ
?Baselib_SystemSemaphore_TryTimedAcquire@il2cpp_baselib@@YA_NUBaselib_SystemSemaphore_Handle@1@I@Z
?Baselib_SystemSemaphore_TryAcquire@il2cpp_baselib@@YA_NUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_ErrorState_Explain@il2cpp_baselib@@YAIPEBUBaselib_ErrorState@1@QEADIW4Baselib_ErrorState_ExplainVerbosity@1@@Z
?Baselib_DynamicLibrary_FromNativeHandle@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@_KIPEAUBaselib_ErrorState@1@@Z
?Baselib_DynamicLibrary_Close@il2cpp_baselib@@YAXUBaselib_DynamicLibrary_Handle@1@@Z
?Baselib_DynamicLibrary_GetFunction@il2cpp_baselib@@YAPEAXUBaselib_DynamicLibrary_Handle@1@PEBDPEAUBaselib_ErrorState@1@@Z
?Baselib_DynamicLibrary_OpenUtf16@il2cpp_baselib@@YA?AUBaselib_DynamicLibrary_Handle@1@PEBGPEAUBaselib_ErrorState@1@@Z
?Baselib_SystemSemaphore_CreateInplace@il2cpp_baselib@@YA?AUBaselib_SystemSemaphore_Handle@1@PEAX@Z
?Baselib_Thread_GetCurrentThreadId@il2cpp_baselib@@YA_JXZ
?Baselib_SystemSemaphore_Acquire@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@@Z
?Baselib_SystemSemaphore_Release@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@I@Z
?Baselib_SystemSemaphore_FreeInplace@il2cpp_baselib@@YAXUBaselib_SystemSemaphore_Handle@1@@Z
Exports
Exports
BrotliDecoderCreateInstance
BrotliDecoderDecompress
BrotliDecoderDecompressStream
BrotliDecoderDestroyInstance
BrotliDecoderIsFinished
BrotliEncoderCompress
BrotliEncoderCompressStream
BrotliEncoderCreateInstance
BrotliEncoderDestroyInstance
BrotliEncoderHasMoreOutput
BrotliEncoderSetParameter
CloseNLSocket
CloseZStream
CreateNLSocket
CreateZStream
DllCanUnloadNow
DllGetActivationFactory
Flush
GlobalizationNative_GetTimeZoneDisplayName
ReadEvents
ReadZStream
SystemNative_FStat2
SystemNative_UTime
WriteZStream
il2cpp_add_internal_call
il2cpp_alloc
il2cpp_allocation_granularity
il2cpp_array_class_get
il2cpp_array_element_size
il2cpp_array_get_byte_length
il2cpp_array_length
il2cpp_array_new
il2cpp_array_new_full
il2cpp_array_new_specific
il2cpp_array_object_header_size
il2cpp_assembly_get_image
il2cpp_bounded_array_class_get
il2cpp_capture_memory_snapshot
il2cpp_class_array_element_size
il2cpp_class_enum_basetype
il2cpp_class_for_each
il2cpp_class_from_il2cpp_type
il2cpp_class_from_name
il2cpp_class_from_system_type
il2cpp_class_from_type
il2cpp_class_get_assemblyname
il2cpp_class_get_bitmap
il2cpp_class_get_bitmap_size
il2cpp_class_get_data_size
il2cpp_class_get_declaring_type
il2cpp_class_get_element_class
il2cpp_class_get_events
il2cpp_class_get_field_from_name
il2cpp_class_get_fields
il2cpp_class_get_flags
il2cpp_class_get_image
il2cpp_class_get_interfaces
il2cpp_class_get_method_from_name
il2cpp_class_get_methods
il2cpp_class_get_name
il2cpp_class_get_namespace
il2cpp_class_get_nested_types
il2cpp_class_get_parent
il2cpp_class_get_properties
il2cpp_class_get_property_from_name
il2cpp_class_get_rank
il2cpp_class_get_static_field_data
il2cpp_class_get_type
il2cpp_class_get_type_token
il2cpp_class_get_userdata_offset
il2cpp_class_has_attribute
il2cpp_class_has_parent
il2cpp_class_has_references
il2cpp_class_instance_size
il2cpp_class_is_abstract
il2cpp_class_is_assignable_from
il2cpp_class_is_blittable
il2cpp_class_is_enum
il2cpp_class_is_generic
il2cpp_class_is_inflated
il2cpp_class_is_inited
il2cpp_class_is_interface
il2cpp_class_is_subclass_of
il2cpp_class_is_valuetype
il2cpp_class_num_fields
il2cpp_class_set_userdata
il2cpp_class_value_size
il2cpp_current_thread_get_frame_at
il2cpp_current_thread_get_stack_depth
il2cpp_current_thread_get_top_frame
il2cpp_current_thread_walk_frame_stack
il2cpp_custom_attrs_construct
il2cpp_custom_attrs_free
il2cpp_custom_attrs_from_class
il2cpp_custom_attrs_from_field
il2cpp_custom_attrs_from_method
il2cpp_custom_attrs_get_attr
il2cpp_custom_attrs_has_attr
il2cpp_debug_get_method_info
il2cpp_debugger_set_agent_options
il2cpp_domain_assembly_open
il2cpp_domain_get
il2cpp_domain_get_assemblies
il2cpp_exception_from_name_msg
il2cpp_field_get_flags
il2cpp_field_get_name
il2cpp_field_get_offset
il2cpp_field_get_parent
il2cpp_field_get_type
il2cpp_field_get_value
il2cpp_field_get_value_object
il2cpp_field_has_attribute
il2cpp_field_is_literal
il2cpp_field_set_value
il2cpp_field_set_value_object
il2cpp_field_static_get_value
il2cpp_field_static_set_value
il2cpp_format_exception
il2cpp_format_stack_trace
il2cpp_free
il2cpp_free_captured_memory_snapshot
il2cpp_gc_alloc_fixed
il2cpp_gc_collect
il2cpp_gc_collect_a_little
il2cpp_gc_disable
il2cpp_gc_enable
il2cpp_gc_foreach_heap
il2cpp_gc_free_fixed
il2cpp_gc_get_heap_size
il2cpp_gc_get_max_time_slice_ns
il2cpp_gc_get_used_size
il2cpp_gc_has_strict_wbarriers
il2cpp_gc_is_disabled
il2cpp_gc_is_incremental
il2cpp_gc_set_external_allocation_tracker
il2cpp_gc_set_external_wbarrier_tracker
il2cpp_gc_set_max_time_slice_ns
il2cpp_gc_set_mode
il2cpp_gc_start_incremental_collection
il2cpp_gc_wbarrier_set_field
il2cpp_gchandle_foreach_get_target
il2cpp_gchandle_free
il2cpp_gchandle_get_target
il2cpp_gchandle_new
il2cpp_gchandle_new_weakref
il2cpp_get_corlib
il2cpp_get_exception_argument_null
il2cpp_image_get_assembly
il2cpp_image_get_class
il2cpp_image_get_class_count
il2cpp_image_get_entry_point
il2cpp_image_get_filename
il2cpp_image_get_name
il2cpp_init
il2cpp_init_utf16
il2cpp_is_debugger_attached
il2cpp_is_vm_thread
il2cpp_method_get_class
il2cpp_method_get_declaring_type
il2cpp_method_get_flags
il2cpp_method_get_from_reflection
il2cpp_method_get_name
il2cpp_method_get_object
il2cpp_method_get_param
il2cpp_method_get_param_count
il2cpp_method_get_param_name
il2cpp_method_get_return_type
il2cpp_method_get_token
il2cpp_method_has_attribute
il2cpp_method_is_generic
il2cpp_method_is_inflated
il2cpp_method_is_instance
il2cpp_monitor_enter
il2cpp_monitor_exit
il2cpp_monitor_pulse
il2cpp_monitor_pulse_all
il2cpp_monitor_try_enter
il2cpp_monitor_try_wait
il2cpp_monitor_wait
il2cpp_native_stack_trace
il2cpp_object_get_class
il2cpp_object_get_size
il2cpp_object_get_virtual_method
il2cpp_object_header_size
il2cpp_object_new
il2cpp_object_unbox
il2cpp_offset_of_array_bounds_in_array_object_header
il2cpp_offset_of_array_length_in_array_object_header
il2cpp_override_stack_backtrace
il2cpp_profiler_install
il2cpp_profiler_install_allocation
il2cpp_profiler_install_enter_leave
il2cpp_profiler_install_fileio
il2cpp_profiler_install_gc
il2cpp_profiler_install_thread
il2cpp_profiler_set_events
il2cpp_property_get_flags
il2cpp_property_get_get_method
il2cpp_property_get_name
il2cpp_property_get_parent
il2cpp_property_get_set_method
il2cpp_raise_exception
il2cpp_register_debugger_agent_transport
il2cpp_register_log_callback
il2cpp_resolve_icall
il2cpp_runtime_class_init
il2cpp_runtime_invoke
il2cpp_runtime_invoke_convert_args
il2cpp_runtime_object_init
il2cpp_runtime_object_init_exception
il2cpp_runtime_unhandled_exception_policy_set
il2cpp_set_commandline_arguments
il2cpp_set_commandline_arguments_utf16
il2cpp_set_config
il2cpp_set_config_dir
il2cpp_set_config_utf16
il2cpp_set_data_dir
il2cpp_set_default_thread_affinity
il2cpp_set_find_plugin_callback
il2cpp_set_memory_callbacks
il2cpp_set_temp_dir
il2cpp_shutdown
il2cpp_start_gc_world
il2cpp_stats_dump_to_file
il2cpp_stats_get_value
il2cpp_stop_gc_world
il2cpp_string_chars
il2cpp_string_intern
il2cpp_string_is_interned
il2cpp_string_length
il2cpp_string_new
il2cpp_string_new_len
il2cpp_string_new_utf16
il2cpp_string_new_wrapper
il2cpp_thread_attach
il2cpp_thread_current
il2cpp_thread_detach
il2cpp_thread_get_all_attached_threads
il2cpp_thread_get_frame_at
il2cpp_thread_get_stack_depth
il2cpp_thread_get_top_frame
il2cpp_thread_walk_frame_stack
il2cpp_type_equals
il2cpp_type_get_assembly_qualified_name
il2cpp_type_get_attrs
il2cpp_type_get_class_or_element_class
il2cpp_type_get_name
il2cpp_type_get_name_chunked
il2cpp_type_get_object
il2cpp_type_get_reflection_name
il2cpp_type_get_type
il2cpp_type_is_byref
il2cpp_type_is_pointer_type
il2cpp_type_is_static
il2cpp_unhandled_exception
il2cpp_unity_install_unitytls_interface
il2cpp_unity_liveness_allocate_struct
il2cpp_unity_liveness_calculation_from_root
il2cpp_unity_liveness_calculation_from_statics
il2cpp_unity_liveness_finalize
il2cpp_unity_liveness_free_struct
il2cpp_unity_set_android_network_up_state_func
il2cpp_value_box
jinfo_get_method
mini_get_interp_callbacks
mini_jit_info_table_find
mono_arch_clear_breakpoint
mono_arch_context_get_int_reg
mono_arch_context_set_int_reg
mono_arch_set_breakpoint
mono_arch_setup_resume_sighandler_ctx
mono_arch_skip_breakpoint
mono_arch_skip_single_step
mono_arch_start_single_stepping
mono_arch_stop_single_stepping
mono_array_element_size
mono_array_length
mono_class_get_byref_type
mono_class_get_checked
mono_class_get_context
mono_class_get_element_class
mono_class_get_flags
mono_class_get_image
mono_class_get_interfaces
mono_class_get_methods
mono_class_get_name
mono_class_get_namespace
mono_class_get_nested_types
mono_class_get_parent
mono_class_get_properties
mono_class_get_rank
mono_class_get_type
mono_class_get_type_token
mono_class_has_parent
mono_class_instance_size
mono_class_is_enum
mono_class_is_valuetype
mono_class_num_fields
mono_class_num_methods
mono_class_num_properties
mono_class_value_size
mono_debug_find_method
mono_debug_free_locals
mono_debug_il_offset_from_address
mono_debug_lookup_locals
mono_domain_foreach
mono_domain_get
mono_domain_get_assemblies_iter
mono_domain_get_corlib
mono_domain_is_unloading
mono_environment_exitcode_get
mono_environment_exitcode_set
mono_field_get_name
mono_field_get_offset
mono_field_get_parent
mono_field_get_type
mono_field_set_value
mono_find_prev_seq_point_for_native_offset
mono_free_method_signatures
mono_gc_register_root
mono_get_byte_class
mono_get_lmf_addr
mono_get_root_domain
mono_get_runtime_build_info
mono_get_string_class
mono_image_get_assembly
mono_image_get_entry_point
mono_image_get_filename
mono_image_get_guid
mono_image_get_name
mono_image_is_dynamic
mono_jit_find_compiled_method_with_jit_info
mono_jit_info_get_method
mono_jit_info_table_find
mono_marshal_method_from_wrapper
mono_metadata_free_mh
mono_metadata_generic_class_is_valuetype
mono_method_full_name
mono_method_get_class
mono_method_get_context
mono_method_get_declaring_generic_method
mono_method_get_flags
mono_method_get_generic_container
mono_method_get_header_checked
mono_method_get_name
mono_method_get_param_names
mono_method_get_token
mono_method_is_generic
mono_method_is_inflated
mono_object_get_type
mono_object_unbox_internal
mono_pal_init
mono_property_get_get_method
mono_property_get_name
mono_property_get_parent
mono_property_get_set_method
mono_restore_context
mono_runtime_is_shutting_down
mono_runtime_quit
mono_set_is_debugger_attached
mono_set_lmf
mono_string_chars
mono_string_free
mono_string_length
mono_string_new
mono_thread_attach
mono_thread_current
mono_thread_detach
mono_thread_get_main
mono_thread_set_name
mono_thread_state_init_from_current
mono_thread_state_init_from_monoctx
mono_thread_suspend_all_other_threads
mono_type_full_name
mono_type_generic_inst_is_valuetype
mono_type_get_attrs
mono_type_get_class
mono_type_get_name_full
mono_type_get_type
mono_type_is_byref
mono_type_is_generic_parameter
mono_type_is_reference
mono_type_is_struct
mono_type_size
Sections
.text Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
il2cpp Size: 33.9MB - Virtual size: 33.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9.2MB - Virtual size: 9.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.7MB - Virtual size: 5.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 862KB - Virtual size: 861KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ