Source: game.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: game.exe |
Static PE information: certificate valid |
Source: game.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: game.exe |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B5E4C0 FindFirstFileW,GetLastError,FindClose, |
0_2_00B5E4C0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B90080 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, |
0_2_00B90080 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A52380 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW, |
0_2_00A52380 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B90480 FindFirstFileW,FindClose, |
0_2_00B90480 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B6C6E0 FindFirstFileW,FindClose,FindClose, |
0_2_00B6C6E0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B84B10 FindFirstFileW,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle, |
0_2_00B84B10 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B411C0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, |
0_2_00B411C0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BA37E0 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, |
0_2_00BA37E0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B5DB60 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose, |
0_2_00B5DB60 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B5FD90 FindFirstFileW,FindClose, |
0_2_00B5FD90 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B8EEF0 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection, |
0_2_00B8EEF0 |
Source: game.exe, 00000000.00000002.1672088072.0000000000CAB000.00000002.00000001.01000000.00000003.sdmp, game.exe, 00000000.00000000.1667197531.0000000000CAB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: FlashWindowExFlashWindowGetPackagePathhttp://www.example.comTESThttp://www.google.comhttp://www.yahoo.comtin9999.tmpattachment=.partGETcharsetDLD "filenameutf-8utf-16123POSTAdvancedInstallerLocal Network ServerISO-8859-1US-ASCIIHTTP/1.0Range: bytes=%u- equals www.yahoo.com (Yahoo) |
Source: game.exe |
String found in binary or memory: Logger::SetLogFile( %s ) while OLD path is:%sLOGGER->failed to create LOG at:LOGGER->Reusing LOG file at:%04d-%02d-%02d %02d-%02d-%02dworkstationOS Version: %u.%u.%u SP%u (%s) [%s]LOGGER->Creating LOG file at:serverCPU: UnkownCPUp?VFlashWindowExFlashWindowGetPackagePathhttp://www.example.comTESThttp://www.google.comhttp://www.yahoo.comtin9999.tmpattachment=.partGETcharsetDLD "filenameutf-8utf-16123POSTAdvancedInstallerLocal Network ServerISO-8859-1US-ASCIIHTTP/1.0Range: bytes=%u- equals www.yahoo.com (Yahoo) |
Source: game.exe |
String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q |
Source: game.exe |
String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0 |
Source: game.exe |
String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0 |
Source: game.exe |
String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0 |
Source: game.exe |
String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0 |
Source: game.exe |
String found in binary or memory: http://ocsps.ssl.com0 |
Source: game.exe |
String found in binary or memory: http://ocsps.ssl.com0? |
Source: game.exe |
String found in binary or memory: http://ocsps.ssl.com0Q |
Source: game.exe |
String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0 |
Source: game.exe |
String found in binary or memory: https://www.ssl.com/repository0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B19F70 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W, |
0_2_00B19F70 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A50140 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W, |
0_2_00A50140 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00AAA220 ShowWindow,ShowWindow,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowRect,SendMessageW, |
0_2_00AAA220 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A466D0 SysFreeString,SysAllocString,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,NtdllDefWindowProc_W,SysFreeString, |
0_2_00A466D0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A48C90 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow, |
0_2_00A48C90 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A46D30 NtdllDefWindowProc_W, |
0_2_00A46D30 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A68F80 NtdllDefWindowProc_W, |
0_2_00A68F80 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A493B0 NtdllDefWindowProc_W, |
0_2_00A493B0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A5B400 NtdllDefWindowProc_W, |
0_2_00A5B400 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BA5510 NtdllDefWindowProc_W, |
0_2_00BA5510 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00AA96E0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W, |
0_2_00AA96E0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A49990 NtdllDefWindowProc_W, |
0_2_00A49990 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00AF9A20 NtdllDefWindowProc_W, |
0_2_00AF9A20 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A55E10 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection, |
0_2_00A55E10 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A45FB0 GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W, |
0_2_00A45FB0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A4FFD0 NtdllDefWindowProc_W, |
0_2_00A4FFD0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_3_006AD402 |
0_3_006AD402 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B664D0 |
0_2_00B664D0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B785B0 |
0_2_00B785B0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B9DA70 |
0_2_00B9DA70 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BBA120 |
0_2_00BBA120 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB22C0 |
0_2_00BB22C0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00AAA220 |
0_2_00AAA220 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A52380 |
0_2_00A52380 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B64350 |
0_2_00B64350 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB8340 |
0_2_00BB8340 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00ADA4D0 |
0_2_00ADA4D0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00AEA400 |
0_2_00AEA400 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A50590 |
0_2_00A50590 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A6A5E0 |
0_2_00A6A5E0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A6C6F0 |
0_2_00A6C6F0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A5C7F0 |
0_2_00A5C7F0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00ACA730 |
0_2_00ACA730 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A4E8E0 |
0_2_00A4E8E0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B70800 |
0_2_00B70800 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00ABC860 |
0_2_00ABC860 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C4080B |
0_2_00C4080B |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB6990 |
0_2_00BB6990 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A849E0 |
0_2_00A849E0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A62BF0 |
0_2_00A62BF0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A6EB30 |
0_2_00A6EB30 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C2EB00 |
0_2_00C2EB00 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00AACB70 |
0_2_00AACB70 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB6B40 |
0_2_00BB6B40 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C36CBA |
0_2_00C36CBA |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00ACEC30 |
0_2_00ACEC30 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C08D30 |
0_2_00C08D30 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB6E80 |
0_2_00BB6E80 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A33000 |
0_2_00A33000 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A7F130 |
0_2_00A7F130 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C2712E |
0_2_00C2712E |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB9140 |
0_2_00BB9140 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB7280 |
0_2_00BB7280 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A61380 |
0_2_00A61380 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB9380 |
0_2_00BB9380 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C274BC |
0_2_00C274BC |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A6B6C0 |
0_2_00A6B6C0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BC57C0 |
0_2_00BC57C0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB1800 |
0_2_00BB1800 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A79870 |
0_2_00A79870 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A5BAA0 |
0_2_00A5BAA0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB3A80 |
0_2_00BB3A80 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A57CB0 |
0_2_00A57CB0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB1C10 |
0_2_00BB1C10 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BB9C00 |
0_2_00BB9C00 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00AC1E80 |
0_2_00AC1E80 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00AE9FB0 |
0_2_00AE9FB0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A59FC0 |
0_2_00A59FC0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A5BFC0 |
0_2_00A5BFC0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B3BF60 |
0_2_00B3BF60 |
Source: C:\Users\user\Desktop\game.exe |
Code function: String function: 00A3FC70 appears 113 times |
|
Source: C:\Users\user\Desktop\game.exe |
Code function: String function: 00A3A880 appears 58 times |
|
Source: C:\Users\user\Desktop\game.exe |
Code function: String function: 00A52380 appears 31 times |
|
Source: C:\Users\user\Desktop\game.exe |
Code function: String function: 00A38DB0 appears 110 times |
|
Source: C:\Users\user\Desktop\game.exe |
Code function: String function: 00A3A2F0 appears 51 times |
|
Source: game.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean5.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BA64B0 GetLastError,CoInitialize,CoCreateInstance,CoUninitialize, |
0_2_00BA64B0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A3A1B0 LoadResource,LockResource,SizeofResource, |
0_2_00A3A1B0 |
Source: game.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: davhlpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: lpk.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: msihnd.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: tsappcmp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\game.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: game.exe |
Static PE information: certificate valid |
Source: game.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: game.exe |
Static file information: File size 3943344 > 1048576 |
Source: game.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x279c00 |
Source: game.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: game.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: game.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: game.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: game.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: game.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: game.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: game.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: game.exe |
Source: game.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: game.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: game.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: game.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: game.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B73710 SHGetFolderPathW,GetSystemDirectoryW,GetWindowsDirectoryW,GetWindowsDirectoryW,GetModuleFileNameW,SHGetSpecialFolderLocation,LoadLibraryW,GetProcAddress,SHGetPathFromIDListW,SHGetMalloc, |
0_2_00B73710 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_3_006A5F52 pushad ; retf |
0_3_006A603D |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_3_006AC352 push eax; ret |
0_3_006AC355 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_3_0069C050 pushad ; retf 0069h |
0_3_0069C9A9 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A4D390 push ecx; mov dword ptr [esp], ecx |
0_2_00A4D391 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C1F5E7 push ecx; ret |
0_2_00C1F5FA |
Source: C:\Users\user\Desktop\game.exe |
Check user administrative privileges: GetTokenInformation,DecisionNodes |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B5E4C0 FindFirstFileW,GetLastError,FindClose, |
0_2_00B5E4C0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B90080 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, |
0_2_00B90080 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A52380 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW, |
0_2_00A52380 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B90480 FindFirstFileW,FindClose, |
0_2_00B90480 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B6C6E0 FindFirstFileW,FindClose,FindClose, |
0_2_00B6C6E0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B84B10 FindFirstFileW,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle, |
0_2_00B84B10 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B411C0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, |
0_2_00B411C0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00BA37E0 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, |
0_2_00BA37E0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B5DB60 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose, |
0_2_00B5DB60 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B5FD90 FindFirstFileW,FindClose, |
0_2_00B5FD90 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B8EEF0 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection, |
0_2_00B8EEF0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C23B83 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00C23B83 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B92EA0 CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,FlushFileBuffers,WriteFile,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,OutputDebugStringW,WriteFile,WriteFile,FlushFileBuffers,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers, |
0_2_00B92EA0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B73710 SHGetFolderPathW,GetSystemDirectoryW,GetWindowsDirectoryW,GetWindowsDirectoryW,GetModuleFileNameW,SHGetSpecialFolderLocation,LoadLibraryW,GetProcAddress,SHGetPathFromIDListW,SHGetMalloc, |
0_2_00B73710 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C2A0EA mov ecx, dword ptr fs:[00000030h] |
0_2_00C2A0EA |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C1E569 mov esi, dword ptr fs:[00000030h] |
0_2_00C1E569 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C389FB mov eax, dword ptr fs:[00000030h] |
0_2_00C389FB |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C38A3F mov eax, dword ptr fs:[00000030h] |
0_2_00C38A3F |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C1E5D5 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree, |
0_2_00C1E5D5 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00A6E550 __set_se_translator,SetUnhandledExceptionFilter, |
0_2_00A6E550 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C1EFC8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00C1EFC8 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C23B83 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00C23B83 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B599A0 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,CloseHandle, |
0_2_00B599A0 |
Source: C:\Users\user\Desktop\game.exe |
Code function: GetLocaleInfoW, |
0_2_00C386F6 |
Source: C:\Users\user\Desktop\game.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW, |
0_2_00B88C30 |
Source: C:\Users\user\Desktop\game.exe |
Code function: EnumSystemLocalesW, |
0_2_00C3F8B8 |
Source: C:\Users\user\Desktop\game.exe |
Code function: EnumSystemLocalesW, |
0_2_00C3F99E |
Source: C:\Users\user\Desktop\game.exe |
Code function: EnumSystemLocalesW, |
0_2_00C3F903 |
Source: C:\Users\user\Desktop\game.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00C3FDA5 |
Source: C:\Users\user\Desktop\game.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00C3FF7A |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00C1E230 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime, |
0_2_00C1E230 |
Source: C:\Users\user\Desktop\game.exe |
Code function: 0_2_00B9DA70 GetUserNameW,GetUserNameW,GetLastError,GetUserNameW,GetEnvironmentVariableW,GetEnvironmentVariableW,RegDeleteValueW,RegCloseKey,RegQueryInfoKeyW,RegCloseKey,RegCloseKey,RegDeleteKeyW,RegCloseKey,RegCloseKey,RegDeleteValueW,RegCloseKey, |
0_2_00B9DA70 |