gamesenselw[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

gamesenselw.dll
Size

6.9MB
MD5

ebbb6391213b7f8a7c13ba15921d9a5a
SHA1

2f4cded3816166661d50e099b4b38164f0c00ed4
SHA256

405a67c3fa1f3d900fce3051e0df0205b7362f9cc2c0cab12ca2626f9f71e54e
SHA512

231884f1515efa3197a4eda95e9997ea5af8a2bea6fa71df48537c19df40563513e5bdc3cdbcea969c8e6ee6912706642424659a3a7cb86e3c36156b4bdc541b
SSDEEP

98304:ywBrHMQKMWt9NGBYpX3TMhCmnyvTpOcJF7sq6iDjgLtNDGPFe/sXJFN:pYMm93TMhC7rwQauf8tNSPFOGJFN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gamesenselw.dll

Files

gamesenselw.dll
.dll windows:6 windows x86 arch:x86

86630e1583e326cc1b2292095ed28018

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Андрей\Desktop\MellHack\build\Win32\Release\goodtap.pw.pdb

Imports

ws2_32

WSACleanup
closesocket
getaddrinfo
WSAStartup
send
socket
connect
recv
freeaddrinfo
WSAGetLastError

kernel32

GetModuleFileNameA
LoadLibraryExA
FormatMessageA
LocalFree
InitializeSListHead
CreateDirectoryA
VirtualProtect
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
GetWindowsDirectoryA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
CreateThread
Beep
GetProcAddress
WideCharToMultiByte
GetCurrentProcess
GetModuleHandleA
K32GetModuleInformation
EnterCriticalSection
LoadLibraryA
FreeLibrary
FindFirstFileExW
FindNextFileW
AreFileApisANSI
CloseHandle
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
FlushInstructionCache
IsProcessorFeaturePresent
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent

user32

OpenClipboard
ReleaseCapture
SetCapture
GetCapture
CallWindowProcA
GetCursorPos
SetCursorPos
CloseClipboard
SetCursor
GetForegroundWindow
ClientToScreen
GetAsyncKeyState
ScreenToClient
LoadCursorA
EmptyClipboard
GetClipboardData
GetClientRect
GetKeyState
SetClipboardData

shell32

ShellExecuteA
SHGetFolderPathA

msvcp140

?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?fail@ios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?bad@ios_base@std@@QBE_NXZ
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileA

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140

__std_exception_copy
__std_exception_destroy
_purecall
memmove
strstr
memset
memcmp
memcpy
strrchr
longjmp
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
_setjmp3
memchr
__CxxFrameHandler3
strchr

api-ms-win-crt-heap-l1-1-0

realloc
free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

_dsign
fmaxf
_libm_sse2_atan_precise
_fdclass
llround
_dclass
_libm_sse2_pow_precise
ldexp
ceil
_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
frexp
floor
_CIatan2
_CIfmod
_libm_sse2_acos_precise
_libm_sse2_asin_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_sin_precise

api-ms-win-crt-runtime-l1-1-0

strerror
abort
exit
system
_invalid_parameter_noinfo_noreturn
_errno
_crt_atexit
_initterm_e
_initterm
_cexit
_execute_onexit_table
_register_onexit_function
terminate
_initialize_onexit_table
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

fgetpos
setvbuf
ungetc
fsetpos
fread
fgets
tmpfile
tmpnam
_fseeki64
_popen
fwrite
_get_stream_buffer_pointers
fopen
feof
ferror
_pclose
fputc
_ftelli64
__stdio_common_vsscanf
_wfopen
freopen
fflush
__stdio_common_vfprintf
fseek
__acrt_iob_func
ftell
__stdio_common_vsprintf
getc
clearerr
fgetc
__stdio_common_vsprintf_s
fclose

api-ms-win-crt-filesystem-l1-1-0

remove
rename
_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

toupper
isblank
isgraph
isalnum
iscntrl
strncpy
tolower
isdigit
strspn
strncmp
ispunct
isxdigit
isalpha
strcoll
islower
isspace
isupper
strcpy_s
strpbrk

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-convert-l1-1-0

atof
strtol
strtoul
strtoull
strtoll
strtod
atoi

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
clock
_mktime64
strftime
_difftime64
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.7MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86630e1583e326cc1b2292095ed28018

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

shell32

msvcp140

d3dx9_43

imm32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 472KB - Virtual size: 471KB

.data Size: 3.7MB - Virtual size: 5.4MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 104KB - Virtual size: 103KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 472KB - Virtual size: 471KB

.data
Size: 3.7MB - Virtual size: 5.4MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 104KB - Virtual size: 103KB