Windows Analysis Report
game.exe

Overview

General Information

Sample name: game.exe
Analysis ID: 1524979
MD5: 7ff30d3ab976b5771ba56163f0919386
SHA1: 0acf7c157c7a0f0eae8d8b0ee11890a935a53724
SHA256: 511e21b8c183fee710862aa39fe11cd87d632377b123b0ecba4e979100237f42
Infos:

Detection

Score: 5
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Detected potential crypto function
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: game.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: game.exe Static PE information: certificate valid
Source: game.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: game.exe
Creates COM task schedule object (often to register a task for autostart)
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B5E4C0 FindFirstFileW,GetLastError,FindClose, 0_2_00B5E4C0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B90080 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, 0_2_00B90080
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A52380 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW, 0_2_00A52380
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B90480 FindFirstFileW,FindClose, 0_2_00B90480
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B6C6E0 FindFirstFileW,FindClose,FindClose, 0_2_00B6C6E0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B84B10 FindFirstFileW,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle, 0_2_00B84B10
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B411C0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, 0_2_00B411C0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BA37E0 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, 0_2_00BA37E0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B5DB60 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose, 0_2_00B5DB60
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B5FD90 FindFirstFileW,FindClose, 0_2_00B5FD90
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B8EEF0 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection, 0_2_00B8EEF0
Source: game.exe, 00000000.00000002.1672088072.0000000000CAB000.00000002.00000001.01000000.00000003.sdmp, game.exe, 00000000.00000000.1667197531.0000000000CAB000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: FlashWindowExFlashWindowGetPackagePathhttp://www.example.comTESThttp://www.google.comhttp://www.yahoo.comtin9999.tmpattachment=.partGETcharsetDLD "filenameutf-8utf-16123POSTAdvancedInstallerLocal Network ServerISO-8859-1US-ASCIIHTTP/1.0Range: bytes=%u- equals www.yahoo.com (Yahoo)
Source: game.exe String found in binary or memory: Logger::SetLogFile( %s ) while OLD path is:%sLOGGER->failed to create LOG at:LOGGER->Reusing LOG file at:%04d-%02d-%02d %02d-%02d-%02dworkstationOS Version: %u.%u.%u SP%u (%s) [%s]LOGGER->Creating LOG file at:serverCPU: UnkownCPUp?VFlashWindowExFlashWindowGetPackagePathhttp://www.example.comTESThttp://www.google.comhttp://www.yahoo.comtin9999.tmpattachment=.partGETcharsetDLD "filenameutf-8utf-16123POSTAdvancedInstallerLocal Network ServerISO-8859-1US-ASCIIHTTP/1.0Range: bytes=%u- equals www.yahoo.com (Yahoo)
Source: game.exe String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
Source: game.exe String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0
Source: game.exe String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
Source: game.exe String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
Source: game.exe String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: game.exe String found in binary or memory: http://ocsps.ssl.com0
Source: game.exe String found in binary or memory: http://ocsps.ssl.com0?
Source: game.exe String found in binary or memory: http://ocsps.ssl.com0Q
Source: game.exe String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: game.exe String found in binary or memory: https://www.ssl.com/repository0
Contains functionality to call native functions
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B19F70 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W, 0_2_00B19F70
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A50140 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W, 0_2_00A50140
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00AAA220 ShowWindow,ShowWindow,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowLongW,SetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,SetWindowLongW,GetWindowRect,SendMessageW, 0_2_00AAA220
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A466D0 SysFreeString,SysAllocString,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,NtdllDefWindowProc_W,SysFreeString, 0_2_00A466D0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A48C90 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow, 0_2_00A48C90
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A46D30 NtdllDefWindowProc_W, 0_2_00A46D30
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A68F80 NtdllDefWindowProc_W, 0_2_00A68F80
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A493B0 NtdllDefWindowProc_W, 0_2_00A493B0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A5B400 NtdllDefWindowProc_W, 0_2_00A5B400
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BA5510 NtdllDefWindowProc_W, 0_2_00BA5510
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00AA96E0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W, 0_2_00AA96E0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A49990 NtdllDefWindowProc_W, 0_2_00A49990
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00AF9A20 NtdllDefWindowProc_W, 0_2_00AF9A20
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A55E10 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection, 0_2_00A55E10
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A45FB0 GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W, 0_2_00A45FB0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A4FFD0 NtdllDefWindowProc_W, 0_2_00A4FFD0
Detected potential crypto function
Source: C:\Users\user\Desktop\game.exe Code function: 0_3_006AD402 0_3_006AD402
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B664D0 0_2_00B664D0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B785B0 0_2_00B785B0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B9DA70 0_2_00B9DA70
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BBA120 0_2_00BBA120
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB22C0 0_2_00BB22C0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00AAA220 0_2_00AAA220
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A52380 0_2_00A52380
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B64350 0_2_00B64350
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB8340 0_2_00BB8340
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00ADA4D0 0_2_00ADA4D0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00AEA400 0_2_00AEA400
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A50590 0_2_00A50590
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A6A5E0 0_2_00A6A5E0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A6C6F0 0_2_00A6C6F0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A5C7F0 0_2_00A5C7F0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00ACA730 0_2_00ACA730
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A4E8E0 0_2_00A4E8E0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B70800 0_2_00B70800
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00ABC860 0_2_00ABC860
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C4080B 0_2_00C4080B
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB6990 0_2_00BB6990
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A849E0 0_2_00A849E0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A62BF0 0_2_00A62BF0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A6EB30 0_2_00A6EB30
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C2EB00 0_2_00C2EB00
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00AACB70 0_2_00AACB70
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB6B40 0_2_00BB6B40
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C36CBA 0_2_00C36CBA
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00ACEC30 0_2_00ACEC30
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C08D30 0_2_00C08D30
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB6E80 0_2_00BB6E80
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A33000 0_2_00A33000
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A7F130 0_2_00A7F130
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C2712E 0_2_00C2712E
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB9140 0_2_00BB9140
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB7280 0_2_00BB7280
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A61380 0_2_00A61380
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB9380 0_2_00BB9380
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C274BC 0_2_00C274BC
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A6B6C0 0_2_00A6B6C0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BC57C0 0_2_00BC57C0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB1800 0_2_00BB1800
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A79870 0_2_00A79870
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A5BAA0 0_2_00A5BAA0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB3A80 0_2_00BB3A80
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A57CB0 0_2_00A57CB0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB1C10 0_2_00BB1C10
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BB9C00 0_2_00BB9C00
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00AC1E80 0_2_00AC1E80
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00AE9FB0 0_2_00AE9FB0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A59FC0 0_2_00A59FC0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A5BFC0 0_2_00A5BFC0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B3BF60 0_2_00B3BF60
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\game.exe Code function: String function: 00A3FC70 appears 113 times
Source: C:\Users\user\Desktop\game.exe Code function: String function: 00A3A880 appears 58 times
Source: C:\Users\user\Desktop\game.exe Code function: String function: 00A52380 appears 31 times
Source: C:\Users\user\Desktop\game.exe Code function: String function: 00A38DB0 appears 110 times
Source: C:\Users\user\Desktop\game.exe Code function: String function: 00A3A2F0 appears 51 times
Uses 32bit PE files
Source: game.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: clean5.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B616C0 FormatMessageW,GetLastError, 0_2_00B616C0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A7C860 GetDiskFreeSpaceExW, 0_2_00A7C860
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BA64B0 GetLastError,CoInitialize,CoCreateInstance,CoUninitialize, 0_2_00BA64B0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A3A1B0 LoadResource,LockResource,SizeofResource, 0_2_00A3A1B0
Source: game.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\game.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\game.exe File read: C:\Users\user\Desktop\game.exe Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: davhlpr.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: lpk.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Users\user\Desktop\game.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: game.exe Static PE information: certificate valid
Source: game.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: game.exe Static file information: File size 3943344 > 1048576
Source: game.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x279c00
Source: game.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: game.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: game.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: game.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: game.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: game.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: game.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: game.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: game.exe
Source: game.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: game.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: game.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: game.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: game.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B73710 SHGetFolderPathW,GetSystemDirectoryW,GetWindowsDirectoryW,GetWindowsDirectoryW,GetModuleFileNameW,SHGetSpecialFolderLocation,LoadLibraryW,GetProcAddress,SHGetPathFromIDListW,SHGetMalloc, 0_2_00B73710
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\game.exe Code function: 0_3_006A5F52 pushad ; retf 0_3_006A603D
Source: C:\Users\user\Desktop\game.exe Code function: 0_3_006AC352 push eax; ret 0_3_006AC355
Source: C:\Users\user\Desktop\game.exe Code function: 0_3_0069C050 pushad ; retf 0069h 0_3_0069C9A9
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A4D390 push ecx; mov dword ptr [esp], ecx 0_2_00A4D391
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C1F5E7 push ecx; ret 0_2_00C1F5FA
Found evasive API chain checking for process token information
Source: C:\Users\user\Desktop\game.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B5E4C0 FindFirstFileW,GetLastError,FindClose, 0_2_00B5E4C0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B90080 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, 0_2_00B90080
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A52380 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW, 0_2_00A52380
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B90480 FindFirstFileW,FindClose, 0_2_00B90480
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B6C6E0 FindFirstFileW,FindClose,FindClose, 0_2_00B6C6E0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B84B10 FindFirstFileW,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle, 0_2_00B84B10
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B411C0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, 0_2_00B411C0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00BA37E0 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, 0_2_00BA37E0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B5DB60 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose, 0_2_00B5DB60
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B5FD90 FindFirstFileW,FindClose, 0_2_00B5FD90
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B8EEF0 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection, 0_2_00B8EEF0
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C1BCEB VirtualQuery,GetSystemInfo, 0_2_00C1BCEB
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C23B83 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00C23B83
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B92EA0 CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,FlushFileBuffers,WriteFile,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,OutputDebugStringW,WriteFile,WriteFile,FlushFileBuffers,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers, 0_2_00B92EA0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B73710 SHGetFolderPathW,GetSystemDirectoryW,GetWindowsDirectoryW,GetWindowsDirectoryW,GetModuleFileNameW,SHGetSpecialFolderLocation,LoadLibraryW,GetProcAddress,SHGetPathFromIDListW,SHGetMalloc, 0_2_00B73710
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C2A0EA mov ecx, dword ptr fs:[00000030h] 0_2_00C2A0EA
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C1E569 mov esi, dword ptr fs:[00000030h] 0_2_00C1E569
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C389FB mov eax, dword ptr fs:[00000030h] 0_2_00C389FB
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C38A3F mov eax, dword ptr fs:[00000030h] 0_2_00C38A3F
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C1E5D5 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree, 0_2_00C1E5D5
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00A6E550 __set_se_translator,SetUnhandledExceptionFilter, 0_2_00A6E550
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C1EFC8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00C1EFC8
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C23B83 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00C23B83
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B599A0 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,CloseHandle, 0_2_00B599A0
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\game.exe Code function: GetLocaleInfoW, 0_2_00C386F6
Source: C:\Users\user\Desktop\game.exe Code function: GetLocaleInfoW,GetLocaleInfoW, 0_2_00B88C30
Source: C:\Users\user\Desktop\game.exe Code function: EnumSystemLocalesW, 0_2_00C3F8B8
Source: C:\Users\user\Desktop\game.exe Code function: EnumSystemLocalesW, 0_2_00C3F99E
Source: C:\Users\user\Desktop\game.exe Code function: EnumSystemLocalesW, 0_2_00C3F903
Source: C:\Users\user\Desktop\game.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_00C3FDA5
Source: C:\Users\user\Desktop\game.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_00C3FF7A
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B9F160 CreateNamedPipeW,CreateFileW, 0_2_00B9F160
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00C1E230 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime, 0_2_00C1E230
Source: C:\Users\user\Desktop\game.exe Code function: 0_2_00B9DA70 GetUserNameW,GetUserNameW,GetLastError,GetUserNameW,GetEnvironmentVariableW,GetEnvironmentVariableW,RegDeleteValueW,RegCloseKey,RegQueryInfoKeyW,RegCloseKey,RegCloseKey,RegDeleteKeyW,RegCloseKey,RegCloseKey,RegDeleteValueW,RegCloseKey, 0_2_00B9DA70
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1524979 Sample: game.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 5 4 game.exe 1 2->4         started       
No contacted IP infos