C:\Users\patri\Desktop\GameSense.Dog_Cheat1\build\cheat.pdb
Static task
static1
Behavioral task
behavioral1
Sample
gamesense.pub.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
gamesense.pub.dll
Resource
win10v2004-20241007-en
General
-
Target
gamesense.pub.dll
-
Size
4.3MB
-
MD5
0e5620ca731d4d21635e5823e73d5d54
-
SHA1
0b85d010d7db2b8ae26cb1175ec8b942dd3f58d1
-
SHA256
ea145f8e0c08868f7ef81a99bd26791a147e8bc2cf6bab34fd119480743fd67c
-
SHA512
7a04125e878b4bfb212945114e10225cc30604c7a6e0db910855b7ccec639b6841a1850ee5daba4ff1665e3e111dd3e3a1c03d110e1e7a39c4f8bb1f5ee30b7b
-
SSDEEP
49152:TL62Hip0tqyKNwvXJX4Mz57SZnjqJr64bzyy1OcU4kHgJn57soorJ5uxjtDuEsQX:TL62CHAvHb84554u8Qz/M7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource gamesense.pub.dll
Files
-
gamesense.pub.dll.dll windows:6 windows x86 arch:x86
2d403e27511472be00eecbe80ffc97e9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ws2_32
closesocket
WSACleanup
WSAGetLastError
WSAStartup
send
socket
connect
recv
freeaddrinfo
getaddrinfo
kernel32
CreateThread
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CloseHandle
CreateSemaphoreA
FindClose
CreateDirectoryA
GetPrivateProfileSectionA
CreateFileA
GlobalAlloc
WritePrivateProfileStringA
GlobalLock
GetPrivateProfileIntA
GlobalUnlock
ReadFile
WriteFile
PeekNamedPipe
CreateFileW
GetLastError
GetCurrentProcessId
WaitNamedPipeW
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
GetWindowsDirectoryA
GlobalFree
WideCharToMultiByte
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetVolumeInformationA
WriteProcessMemory
GetCurrentProcess
Sleep
GetPrivateProfileStringA
K32GetModuleInformation
VirtualQuery
FindFirstFileExW
FindNextFileW
SetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
WaitForSingleObject
VirtualProtect
GetLocaleInfoEx
LocalFree
VirtualFree
VirtualAlloc
FormatMessageA
GetModuleHandleExA
GetModuleFileNameA
FreeLibrary
FlushInstructionCache
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsProcessorFeaturePresent
SetLastError
IsDebuggerPresent
user32
SetClipboardData
SetRect
GetActiveWindow
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetKeyState
ReleaseCapture
SetCapture
GetCapture
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
GetForegroundWindow
IsChild
ClientToScreen
ScreenToClient
LoadCursorA
FindWindowA
CallWindowProcA
SetWindowLongA
GetAsyncKeyState
MapVirtualKeyA
IsClipboardFormatAvailable
gdi32
AddFontMemResourceEx
advapi32
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueA
RegCloseKey
RegQueryValueExW
msvcp140
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
_Thrd_hardware_concurrency
_Mtx_destroy_in_situ
_Mtx_init_in_situ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setf@ios_base@std@@QAEHHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
_Query_perf_frequency
?_Xinvalid_argument@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?exceptions@ios_base@std@@QAEXH@Z
??Bios_base@std@@QBE_NXZ
_Mtx_current_owns
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Cnd_broadcast
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
?_Xbad_alloc@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
d3dx9_43
D3DXCreateFontA
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileA
imm32
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
xinput1_4
ord2
ord4
wininet
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
vcruntime140
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
memmove
memchr
strrchr
memcpy
__RTDynamicCast
memset
strchr
strstr
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memcmp
api-ms-win-crt-heap-l1-1-0
free
realloc
_callnewh
calloc
malloc
api-ms-win-crt-math-l1-1-0
_CIfmod
_fdclass
_libm_sse2_acos_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_CIatan2
ldexp
fminf
_libm_sse2_exp_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_CIsinh
roundf
cosh
tanh
_CItanh
sinh
llround
fmaxf
_libm_sse2_tan_precise
floor
_CIcosh
ceil
api-ms-win-crt-runtime-l1-1-0
_execute_onexit_table
_register_onexit_function
system
_cexit
_initialize_onexit_table
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
strerror
_crt_atexit
strerror_s
exit
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
_errno
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vswprintf
tmpfile
_popen
_pclose
_ftelli64
fgets
clearerr
ftell
tmpnam
fseek
_wfopen
__stdio_common_vsscanf
fopen
ferror
putchar
__stdio_common_vsprintf_p
__stdio_common_vfscanf
__stdio_common_vfprintf_p
__p__fmode
_fsopen
__stdio_common_vfprintf_s
fputs
__stdio_common_vswscanf
getc
feof
freopen_s
__stdio_common_vswprintf_p
__acrt_iob_func
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__stdio_common_vfwscanf
__stdio_common_vfwprintf_p
fputc
fflush
fclose
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vfwprintf_s
__stdio_common_vsprintf
__stdio_common_vfwprintf
fwrite
fgetc
__stdio_common_vfprintf
api-ms-win-crt-convert-l1-1-0
_itoa
atof
atoi
strtol
strtoul
api-ms-win-crt-filesystem-l1-1-0
rename
_unlock_file
_lock_file
remove
_stat64i32
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
setlocale
api-ms-win-crt-utility-l1-1-0
rand
qsort
api-ms-win-crt-string-l1-1-0
isdigit
strlen
strtok
strncpy_s
_strdup
strspn
strcpy_s
isblank
strcat_s
tolower
isspace
strpbrk
strncmp
strncpy
api-ms-win-crt-time-l1-1-0
_localtime64
_time64
_difftime64
clock
_mktime64
_gmtime64
strftime
api-ms-win-crt-environment-l1-1-0
getenv
Exports
Exports
__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s
Sections
.text Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 546KB - Virtual size: 546KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 881KB - Virtual size: 4.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ