Golden Palace Casino
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 3,765 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 5,398 |
| First Seen: | July 24, 2009 |
| Last Seen: | March 29, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Registry Details
Golden Palace Casino may create the following registry entry or registry entries:
Golden Palace Casino NEW
Analysis Report
General information
| Family Name: | Golden Palace Casino |
|---|---|
| Signature status: | Root Not Trusted |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
a00167fe3570881c3e4773ea5abeed27
SHA1:
3fe28c8adeb87245adb7aac30db211ac9c654890
File Size:
1.23 MB, 1234136 bytes
|
|
MD5:
c3989adc721d39b9fdd92dfeb6666933
SHA1:
8d798900aad0608519143cc33a20518a03091d6d
File Size:
698.97 KB, 698968 bytes
|
|
MD5:
14ed9511347504a135e6411cac1039e8
SHA1:
9ad56f4d1b30adf14c041412e097813caec2b679
File Size:
719.50 KB, 719504 bytes
|
|
MD5:
eef7b3d65e956ceeb9b9088c9762851c
SHA1:
31015297de7944d56e8f2445541da827f23ff5f4
File Size:
699.26 KB, 699256 bytes
|
|
MD5:
c389a91e4b99a10d15890d64a38c61e5
SHA1:
d73e57206a6da3840627ab858a644711545593c6
File Size:
699.90 KB, 699896 bytes
|
Show More
|
MD5:
efd6cd00c738319ff4e64623a518c6c1
SHA1:
ae7c6d0282c5e31f90b8cae79770cc8432092a63
SHA256:
27B22C272FDCDF3F3C2F53B7F7C4E4E91E1295E517E47A0B8198F4286AF43039
File Size:
662.38 KB, 662376 bytes
|
|
MD5:
d8ca5a8760678020d607f35061e825ca
SHA1:
f91924b650939cb1db2fa95e5fc3bf638b7aec9d
SHA256:
E7CFAF49EE15D4DDB046618C9856BFF94B49F14BCC753AA427A6AD567E1044AE
File Size:
719.78 KB, 719776 bytes
|
|
MD5:
458b6b1ea103569999297fba694acfce
SHA1:
e12b4a1761890b2dfa29de27dc5ba3078c73c820
SHA256:
EABB180E947AC577D5579DED105B252EAF71DB06C555582891602DC5B0FD7726
File Size:
699.35 KB, 699352 bytes
|
|
MD5:
68ac30c6279bd4065b8aaaa2ff2df0fb
SHA1:
223ce4353d5d80a522dfedafa90f7059b2920950
SHA256:
BF86E69F452D47580E7CE94DF48E48BE4FBF320BC2A2C1B2046DB09198080910
File Size:
719.67 KB, 719672 bytes
|
|
MD5:
482f096196bef76de61ece40a971f588
SHA1:
443058160c94cf85cf994c6833811a399eefe0f0
SHA256:
7505BA3023048153879DC75C8E5112B76D05A8342B63B69CAF7505450D6FFA8C
File Size:
682.35 KB, 682352 bytes
|
|
MD5:
fc669dbfd3b11662458a79feb3ec2fa9
SHA1:
d9174947b3d63962c0d3c807f4612859335b1af5
SHA256:
1CE61AD5648F1EA3DBBBFDCEB62BC3A79A7EFE12C419348EC5B82B28654EB70F
File Size:
699.39 KB, 699392 bytes
|
|
MD5:
58742418aa1911241b028a7e8e94b401
SHA1:
177d7e54ac7c3f922cbdb03d3384bfa833eaf74c
SHA256:
F092E03FBA86DFC9CAFF6928C4FEA704865E687CE2B610A405D94B225F5E4289
File Size:
720.02 KB, 720016 bytes
|
|
MD5:
5dcbf5d2565c2ba37ba229e7c6752d97
SHA1:
238d5741d0419b58485a91807745854bda7b7cbc
SHA256:
FB67A2CD912F6E116A833A93D9B262F11EC0B092FBDCB4CF52EA4E0A41E71418
File Size:
695.18 KB, 695176 bytes
|
|
MD5:
eaeb98f6ae28478cf497b3d87c949aa1
SHA1:
104f8f1d7c31d8a36c2969b5a6a177d8582b7039
SHA256:
F017AEB0D8D3A6131F83EBB5875FF211AFFE51F4B44E52095E6D7896BDB3EC31
File Size:
719.60 KB, 719600 bytes
|
|
MD5:
f9b9b900483340eff8946cfa0b03e35d
SHA1:
a35673cdd51987ffc2408c251fab60323a73e2ff
SHA256:
3304CA7A572700C51F0167350C5EAA80182B0818696B36BBCC99904EFA7FA253
File Size:
719.99 KB, 719992 bytes
|
|
MD5:
64be24f01c4d788118c94eb293dda9d6
SHA1:
90517119fc67dc917558aa2b3a1d4222dd69df35
SHA256:
C7CCE7C01576FDBAAAD31ECB9963F864F035C3F80F3127AEF2592728E798092F
File Size:
301.70 KB, 301696 bytes
|
|
MD5:
3390ed139b571dc89e74f798a407ebb6
SHA1:
638bba31252bbbaa8527e947627abe60e8004efd
SHA256:
DB463D5C8A943F5926A0C97993F35C9938AF55EA33F226044141153304719181
File Size:
720.19 KB, 720192 bytes
|
|
MD5:
6b31e6353550629fd78e280d9fe404aa
SHA1:
98648aa8067acc8cee05195929cbf001add0b856
SHA256:
81F31BC1060E77F04E8EEFA8770A0F84EB4319D995A91E889747879FF16122F8
File Size:
720.59 KB, 720592 bytes
|
|
MD5:
52a5a3bacd63cedab941075a89ce6095
SHA1:
d1c6454b928327f96709e016abfb4c5091d09f1b
SHA256:
3A6EA1930709409A86C0A78F6064415B054EE1E66FC3EB8063017A291D48A1AD
File Size:
641.35 KB, 641352 bytes
|
|
MD5:
ace5ada8c15fd97cc5b0c62a8b3332f6
SHA1:
5e6dc11242cb6140e5804f53b6e122530fc865b6
SHA256:
4181CC5C7974ABF7EFA8F32052B2A15FAE6DF70BB50E72B724BD7F50B51656CA
File Size:
626.72 KB, 626720 bytes
|
|
MD5:
5848bc8665edeb367aea49c2dbc29720
SHA1:
e910524795ec8bf6230224d551a46db29d124db8
SHA256:
2177CE11F2A944ED7994E524D6D82A56F786193E654D29B16BAE8201D92EC2A0
File Size:
695.22 KB, 695224 bytes
|
|
MD5:
6083ec9d02dd63630e1e68a6d7aa50bb
SHA1:
7aff91849ce602bcea35a6bce710724a38b5f42e
SHA256:
B3FA3FE3C3EC14FC06532BA069897022F298412F033406F73D53217C4A0B131C
File Size:
699.02 KB, 699024 bytes
|
|
MD5:
e1f01bb5bc2bcf42e086ffe843e7d881
SHA1:
b046963708269977beb993578bca7ae817c0b59d
SHA256:
188E93DD8A7A3681D4BFD60A08156BA48117DFC61D0E9FD0E5862EA9BA074B64
File Size:
699.10 KB, 699096 bytes
|
|
MD5:
01d9154be8ec6fdb1602d5a07c827c02
SHA1:
ae2fbd31631440f76da3c9b0774a7dbe9399c32e
SHA256:
7FA6D1812B268F9468B69308E170C95BAE1FF1721CEE2ABDAFF56F915DB02DC1
File Size:
299.27 KB, 299272 bytes
|
|
MD5:
ee72e45eb708be0194c5e1ea35c6c7af
SHA1:
58229eb047f382742448e6dfbfb0dd550be95c8d
SHA256:
6E61AF552A8AFDBAE61E5F6FDBBB7D5ABAED6450BD0480852A0C52A4F779279B
File Size:
719.67 KB, 719672 bytes
|
|
MD5:
28d4b2f9c65b34a182bdb3ef2592c5df
SHA1:
a997483b25feb492118234ac12184fc0272ff5ab
SHA256:
E7472936139EAFD8F13FA0D3071F8F73A51D0CC4EA34F9079438906ACDDEDA86
File Size:
719.06 KB, 719056 bytes
|
|
MD5:
01d7896d43f9a323bc5140045f5cc180
SHA1:
98ab2f7923f9c853eb6bd29b23ec63cac79c253d
SHA256:
B0956272FD855E392BE94E273BBA9CFCBCD16DD38166F97BB6C9E6CE3A27D7AB
File Size:
158.96 KB, 158960 bytes
|
|
MD5:
b0515a2e03d9e3853771881d8972f72b
SHA1:
527b00b14ab0ac3dbd11bbaf5968acd801131daf
SHA256:
8B5450ABFF9FFE0B459D19959687A637AF2C16CCF63905AB23CB2DBDB60E31E3
File Size:
662.30 KB, 662304 bytes
|
|
MD5:
7b44c1b4cb62ac2db5eebf66401371f3
SHA1:
715853ea00b93feddca306cdecf096d494ae2b9d
SHA256:
25A8C9319B934C25F947A540DB563A2E57F53CA5F3F150C2926D86FFE2526381
File Size:
699.14 KB, 699144 bytes
|
|
MD5:
f2875d5af2d3ed11d86e5a21a1d86e8e
SHA1:
4851e54174c5577d97ee6817db2254147e7fa429
SHA256:
9FB123CF63358037DAC0A54031C5E096F8407C42D896FEB1CE478E955DBDAB33
File Size:
695.21 KB, 695208 bytes
|
|
MD5:
641e0c42f3e3c239bb08a40edc0b9a1d
SHA1:
7b831d666ccf2211848fba595340d437f59a5924
SHA256:
C40D5E6D653BF2892F9AC1AF8F1FEC6C24E7FAE1D7A6206740696D3D8CA1E8BA
File Size:
720.20 KB, 720200 bytes
|
|
MD5:
354ae96f24ba2513eb2af019eb807737
SHA1:
226d747e21d884dd47fcb225335585b837774d7e
SHA256:
0D8CDC7C4AE764F66A4CC9A25057E25B79749ECBCC469028216BF583E21216AA
File Size:
303.26 KB, 303264 bytes
|
|
MD5:
3970e1ec3fb53f2fa956be7db39c6f26
SHA1:
623b2ee4bccbcde4088b9f553a53072382fe733b
SHA256:
3E4BAF00B6713014252DB1BE1991F6DC902CF527F1BEE2616DD1E5944FE79697
File Size:
690.90 KB, 690904 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File has been packed
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
Show More
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
Show More
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Everest Gaming Marketing Services | Thawte Code Signing CA | Root Not Trusted |
| Ultra Internet Media S A | Thawte Code Signing CA | Root Not Trusted |
| Cassava Enterprises (Gibraltar) Limited | Thawte Premium Server CA | Root Not Trusted |
| 888 Holdings PLC | VeriSign Class 3 Public Primary Certification Authority - G5 | Root Not Trusted |
| Cassava Enterprises (Gibraltar) Limited | VeriSign Class 3 Public Primary Certification Authority - G5 | Root Not Trusted |
Show More
| Everest Gaming Limited | thawte Primary Root CA | Root Not Trusted |
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,515 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 2,239 |
| Unknown Blocks: | 275 |
Visual Map
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
?
?
?
?
?
?
?
0
0
?
0
0
0
?
0
?
0
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
0
0
0
?
?
?
?
?
?
0
?
?
0
?
0
0
?
0
0
?
?
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
0
0
0
0
?
?
?
?
?
?
?
?
x
0
?
0
?
0
?
0
?
0
?
0
?
0
?
?
?
?
?
?
?
?
?
?
0
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
?
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
?
?
?
0
0
?
?
?
?
0
?
0
?
?
?
?
0
?
?
0
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
?
?
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
?
?
?
?
?
?
?
?
0
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
?
?
0
0
0
0
?
0
0
?
?
?
0
0
?
?
?
?
?
?
?
?
0
?
?
0
?
0
?
0
?
?
?
?
?
0
?
0
?
0
?
?
?
?
?
?
?
?
?
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
0
?
?
?
0
0
0
0
0
0
0
0
?
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
2
0
0
0
0
?
?
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
1
0
0
1
0
0
0
1
0
0
0
0
0
1
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
1
1
1
0
3
1
1
0
0
2
3
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
1
0
0
0
0
1
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~df0e33ddbdbddb6f9b.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\~df30fb9a9fb499c081.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\~df35b38bae27ae4271.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\documents\pokerinstallerlogs\installer.log | Generic Write,Read Attributes |
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKCU\software\pokerinstaller::fullpath | c:\users\user\downloads\ae2fbd31631440f76da3c9b0774a7dbe9399c32e_0000299272 | RegNtPreCreateKey |
| HKCU\software\pokerinstaller::installer_guid | 28eb42f1-f23a-4fbb-9015-76fe6a92f5e8 | RegNtPreCreateKey |
| HKCU\software\vhld\machine_id::machine_id | ꠁ⠭ | RegNtPreCreateKey |
| HKCU\software\casinonetinstaller::installer_guid | 4bdb4cc1-5139-4f6c-bc6a-cbf9530259a | RegNtPreCreateKey |
| HKCU\software\casinonetinstaller::fullpath | c:\users\user\downloads\98ab2f7923f9c853eb6bd29b23ec63cac79c253d_0000158960 | RegNtPreCreateKey |
| HKCU\software\vhld\machine_id::machine_id | 猸㌊ | RegNtPreCreateKey |
| HKCU\software\pokerinstaller::fullpath | c:\users\user\downloads\226d747e21d884dd47fcb225335585b837774d7e_0000303264 | RegNtPreCreateKey |
| HKCU\software\pokerinstaller::installer_guid | 2bcec370-6f56-49c9-80b-aad19c1f3131 | RegNtPreCreateKey |
| HKCU\software\vhld\machine_id::machine_id | ⛔ | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Other Suspicious |
|
| Anti Debug |
|
| User Data Access |
|
| Network Wininet |
|
| Network Winsock2 |
|
| Network Winsock |
|
