427ec52ee73b966d43865969d155d8a9

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2042-Sep-25 16:56:28
FileDescription
FileVersion 0.0.0.0
InternalName Assembly-CSharp.dll
LegalCopyright
OriginalFilename Assembly-CSharp.dll
ProductVersion 0.0.0.0
Assembly Version 0.0.0.0

Plugin Output

Info Matching compiler(s): .NET DLL -> Microsoft
Info Interesting strings found in the binary: Contains domain names:
  • ams3.digitaloceanspaces.com
  • api.smcbi.com
  • backendservices.xxxxservices.org
  • becubeco.com
  • com.rlabrecque.steamworks.net
  • digitaloceanspaces.com
  • discord.com
  • geoplugin.net
  • http://www.geoplugin.net
  • http://www.geoplugin.net/json.gp
  • https://api.smcbi.com
  • https://api.smcbi.com/inapp
  • https://backendservices.xxxxservices.org
  • https://backendservices.xxxxservices.org/pi-saves/
  • https://backendservices.xxxxservices.org/pi-saves/pi-load
  • https://backendservices.xxxxservices.org/pi-saves/pi-save
  • https://backendservices.xxxxservices.org/pi-standalone-analytics
  • https://backendservices.xxxxservices.org/pi-standalone-analytics/log-event
  • https://backendservices.xxxxservices.org/pi-standalone-auth/login
  • https://backendservices.xxxxservices.org/pi-standalone-auth/register
  • https://backendservices.xxxxservices.org/pi-standalone-purchases
  • https://backendservices.xxxxservices.org/pi-standalone-purchases/create-payment
  • https://backendservices.xxxxservices.org/pi-standalone-purchases/status
  • https://backendservices.xxxxservices.org/pi-steam-purchases/finalize-txn
  • https://backendservices.xxxxservices.org/pi-steam-purchases/init-txn
  • https://discord.com
  • https://discord.gg
  • https://icons.iconarchive.com
  • https://icons.iconarchive.com/icons/iconarchive/dogecoin-to-the-moon/256/Doge-icon.png
  • https://producergame.ams3.digitaloceanspaces.com
  • https://producergame.ams3.digitaloceanspaces.com/InAppIcons/
  • https://smcapi.xyz
  • https://www.becubeco.com
  • https://www.becubeco.com/privacy-policy
  • https://www.becubeco.com/terms-conditions
  • iconarchive.com
  • icons.iconarchive.com
  • producergame.ams3.digitaloceanspaces.com
  • rlabrecque.steamworks.net
  • smcapi.xyz
  • smcbi.com
  • steamworks.net
  • www.becubeco.com
  • www.geoplugin.net
  • xxxxservices.org
Suspicious The PE is possibly packed. The PE only has 1 import(s).
Suspicious VirusTotal score: 1/72 (Scanned on 2026-02-06 15:41:31) VBA32: Downloader.MSIL.gen.rexp

Hashes

MD5 427ec52ee73b966d43865969d155d8a9
SHA1 e2bf02109afe85a5f63f732169dd0844724f7012
SHA256 19fa1b46e2b1e8239bb8e3345b87efe66442d8dc0313ca06910005761a92c95f
SHA3 5f708ec4246a404ba25cc48e46af5b1dbedddad0c462b717ccb64125905204e9
SSDeep 24576:y1pZ1wSil4s2VYLDU7vhk+sBQFrzLmuIai9QMk45oanxMAHz+P:yJOSY4shYhkq8xMAHzY
Imports Hash dae02f32a21e03ce65412f6e56942daa

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2042-Sep-25 16:56:28
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x26ac00
SizeOfInitializedData 0x600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0026CBAE (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x26e000
ImageBase 0x10000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x272000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e6269d31230e1ae7e54023b757d4be5d
SHA1 dd000252d84e6e71604f5c35f1c3e6e834c10c80
SHA256 a61703fa75d31a974278871d36b6fb9c7aa99601d9d4bff107d61c9900d3a7d8
SHA3 2f7815f136418ec6bcd92479499e6a5b9730ba8be635c4c7e292633449b3ca1f
VirtualSize 0x26abb4
VirtualAddress 0x2000
SizeOfRawData 0x26ac00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.04522

.rsrc

MD5 edde19548763e15e62380e640c9c1c3a
SHA1 4be4bd0354756545d46048d1371ec85eb0e0ff7f
SHA256 fc4e20edd247ec580da771cde362cf5d8ed040e2322d92e5cf58321094cb54dd
SHA3 dc0d353cc3c22a5966f06676f92867862c930928ef61d7bada766805cc9b0a81
VirtualSize 0x2bc
VirtualAddress 0x26e000
SizeOfRawData 0x400
PointerToRawData 0x26ae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.27803

.reloc

MD5 efb5e51a4b0295122826fafb71cb71eb
SHA1 e57d40a66cead1791672a142ce2233976a6f0b5c
SHA256 4b5a950a08b523dcbf15d848880d2fa2edb16016125fb38001df4060d79acd52
SHA3 3253ca75d723ac39a3af704c5cd0d7b487c9d828b748007404b78ce9312cd2c4
VirtualSize 0xc
VirtualAddress 0x270000
SizeOfRawData 0x200
PointerToRawData 0x26b200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorDllMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x264
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.21685
MD5 d66a14fdc84b685a83ecda1fb88c69fd
SHA1 45b3203c1b46efec80b5aaa56faf1287350119b3
SHA256 9590d00a0b3c69d39c222dd666cbd8639561886ed942c6e229f53c0c8ae3b764
SHA3 f4b444f2f3817e0bfde1494f8ecbafe9a5dbaa32125fe24f65c03ad127fe8133

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_DLL
Language UNKNOWN
FileDescription
FileVersion (#2) 0.0.0.0
InternalName Assembly-CSharp.dll
LegalCopyright
OriginalFilename Assembly-CSharp.dll
ProductVersion (#2) 0.0.0.0
Assembly Version 0.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors