Hacktool.CsgoInjector.GG
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 6,504 |
| Threat Level: | 50 % (Medium) |
| Infected Computers: | 63 |
| First Seen: | June 26, 2024 |
| Last Seen: | April 2, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Hacktool.CsgoInjector.GG |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
0d66fa7f3838cd4c063bbce09c66c358
SHA1:
455c94978acd06bf2de93224373d3b603e38d955
SHA256:
2ED4FA893F6D0088B2CBF86BCBAEA13F4E80DD6A99C5D7BA06A6CCEC370DCC9F
File Size:
1.20 MB, 1195008 bytes
|
|
MD5:
b74c2639c870279bbe85593c7da129ae
SHA1:
9f6059534568f0cc0ffa95182df6335f9daaf5a3
SHA256:
BE9D5A68103E3D29902096D9503781CB64394B54DA001F4F6EC0C615257DBA3A
File Size:
5.51 MB, 5512192 bytes
|
|
MD5:
4da6d4213a6dea229ed639952f543bd3
SHA1:
2b13efec645e7baa03f139159143cd8cb22b85af
SHA256:
2824BB1F5F64506CEE01999CEE473E5815C336A4B79B7481E0CCC9658CB031EC
File Size:
1.21 MB, 1213952 bytes
|
|
MD5:
1c813dd42ff6d49f086229a8fc30134f
SHA1:
19cba72bb3de12e02138790134cedb1f41428db0
SHA256:
E5ED16044B8A54D7DE27544CD9E1D0F081D9BF8ADF37E1712EAC58EC387DDE1A
File Size:
2.22 MB, 2224640 bytes
|
|
MD5:
9aaf7c36852ca57a55403e97dae399fa
SHA1:
7ad5730dd8ec3edbf0738f20f8e5cdad9b1bb16b
SHA256:
A65DF991880527860B42563F457839BFBC67F4F5A14D14585BD029BCB07CFC3B
File Size:
1.09 MB, 1088512 bytes
|
Show More
|
MD5:
b0b65c75d0f0b571fd5270c6b0479077
SHA1:
e3efdc891f3fc13f23fa15f6303c97cecbca949e
SHA256:
5998D5A09A0B334767623A369FB3839CB150326D83156EEC6DAF95C0D9C0E2F7
File Size:
1.22 MB, 1222144 bytes
|
|
MD5:
02e599b88ecb1b94759e06a52e0eba5f
SHA1:
60e8af0576e2dd47cca8510782a5d189ae249057
SHA256:
713ECE01541695F58F028C14609C8E7381DE4D5F0E126683346331F37E4F5C31
File Size:
1.71 MB, 1710080 bytes
|
|
MD5:
9a7208094bc42241f1c1b530fe105a73
SHA1:
458d4d3281c0539758e33f3498b3d696993676ee
SHA256:
61320FB147ED7A1E71F96751315981406F67DD3190BA2EA7F89F5DF0F7A105B7
File Size:
1.22 MB, 1219072 bytes
|
|
MD5:
950ec1355efa0e80dc7511c4735f1643
SHA1:
aeb63a67530396e6af7963048a43f495336f253e
SHA256:
C2941FBD2BA96309DB6D786A7432D76D18E898F7E2F10C283859EA1BBC9C71E0
File Size:
2.62 MB, 2624000 bytes
|
|
MD5:
93c50c70feb7c88b6d393e58fc0ca0a4
SHA1:
b088cd11c1095a9a0b0b610c552db921fe05a2e7
SHA256:
CDAB038568232B446704B47CC829202B97210D9878F56BE099C51E07965923D1
File Size:
1.11 MB, 1107456 bytes
|
|
MD5:
a65a2592aeef2d645a514b7707d8ba7b
SHA1:
fa6dc651860fb9860680b0b921c8480438e8c061
SHA256:
DA524BD80745A228667B0BF7E81744A1C57DD3E897FB98AA3A4490A51ADDF50C
File Size:
1.11 MB, 1107456 bytes
|
|
MD5:
801118afab6c330c7caac76f6b283cd3
SHA1:
95ce8e10d416b74300e40bed35c67ca003d6b412
SHA256:
3C2207F1740B2D564768DF98B755F95A45902B8954D84A5A2CC2D37D290E4C60
File Size:
2.30 MB, 2298368 bytes
|
|
MD5:
ab36524846492954cb7769541d04d842
SHA1:
ae3d9557721ea0329ff5353ee8d1a52dd279b00d
SHA256:
0CC82D2B585A037BC65410B81F9FC973E9D78C0E62D0B48FE10F26E25356DFA1
File Size:
1.21 MB, 1210880 bytes
|
|
MD5:
07cfe923c648a6d98a3f90996230ad10
SHA1:
73e9cd8b357f1efc56b48ac34f739b94b16918ee
SHA256:
CD21EDA0C31BD3444BA3E03A6F064C2A0497C267E40896049B3A8E3D1412AF51
File Size:
1.30 MB, 1295872 bytes
|
|
MD5:
c282795d27ab63b9855464eecf821042
SHA1:
846a17584a4d0adf84ad311971501ec2d9f1a891
SHA256:
1EEAF1574EC9B4D02D8A0363E62F401B01428D69399402CC88AB60B4D243648A
File Size:
1.28 MB, 1281024 bytes
|
|
MD5:
a7ca9a9f9f9c9def2e84a7d5f5734037
SHA1:
015bc6e163abdefe5fa9ddb438eb7e643ba9a756
SHA256:
4C7CBD71DE6AD8C68E86888FEEC4A604FFAAFA7EBB821F7944F11BB44DFDF6BB
File Size:
9.03 MB, 9034240 bytes
|
|
MD5:
a5d4a8ceabb991c61207d798c503b76e
SHA1:
fe4a043a4fd83914836c143e35150df406d8f187
SHA256:
0718ACC807D195D0BA1F35272B8FB333488DE8F5D406C4E0CA9F62524F2AAFED
File Size:
1.21 MB, 1206272 bytes
|
|
MD5:
362f50bc1fd371d7d6e9188069a4825c
SHA1:
1086a0298781458072514889c8973ea82b0f82b8
SHA256:
6551A17CB5C8378905FFF56BE7D913C739771BAC675B3C4F8AB42D1E8B217792
File Size:
1.22 MB, 1219584 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright | Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved. |
| Legal Trademarks | Tsuda Kageyu |
| Original Filename | Elysium Software.exe |
| Product Name |
|
| Product Version |
|
File Traits
- dll
- GetConsoleWindow
- HighEntropy
- imgui
- No Version Info
- ntdll
- VirtualQueryEx
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,012 |
|---|---|
| Potentially Malicious Blocks: | 332 |
| Whitelisted Blocks: | 1,674 |
| Unknown Blocks: | 6 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
x
0
x
0
x
0
x
x
0
0
x
x
0
0
x
x
x
x
x
x
x
?
x
?
x
x
x
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
1
0
x
x
0
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
x
0
0
0
x
x
x
0
0
x
0
0
1
x
0
0
x
0
0
x
0
1
x
0
0
0
0
x
0
0
0
0
0
0
x
x
0
0
0
0
x
0
x
x
0
0
x
0
x
0
0
0
0
x
x
1
0
0
0
0
x
x
x
0
x
x
0
0
x
x
x
0
x
x
0
0
0
0
0
0
x
0
0
x
x
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
x
x
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
x
0
x
0
0
0
x
0
x
x
0
0
0
0
0
0
0
0
0
x
0
1
x
0
0
0
0
0
0
0
1
0
x
0
1
x
x
0
0
0
0
0
0
0
0
0
1
x
0
0
1
0
0
0
x
0
0
0
0
x
0
0
0
x
x
0
0
0
1
x
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
x
0
0
0
0
0
x
x
x
x
0
0
0
0
0
0
0
1
0
x
x
0
x
0
0
0
0
0
x
0
0
0
0
x
0
0
0
0
0
x
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
x
0
x
0
0
x
0
x
1
x
x
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
0
x
0
0
x
0
x
0
0
1
0
x
x
0
0
0
0
0
0
0
0
0
0
0
1
0
x
x
0
x
0
x
0
0
0
0
x
0
1
0
x
0
x
x
0
0
0
0
1
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
1
x
0
0
1
0
0
1
0
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
0
0
x
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
x
x
x
0
x
x
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
x
x
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
x
0
0
x
0
x
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
0
0
0
0
x
x
x
0
0
0
0
x
0
0
x
0
0
0
0
0
0
x
0
0
x
0
0
x
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
x
x
0
0
0
0
x
0
0
x
x
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
0
x
0
x
0
x
x
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
x
0
0
x
x
0
x
0
x
0
x
0
x
x
0
0
x
0
x
0
x
x
x
0
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
x
x
0
0
0
0
0
x
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
x
0
0
0
x
x
x
x
0
0
0
0
x
x
0
0
0
0
x
0
0
0
0
0
0
0
x
x
0
0
0
x
x
x
x
x
0
0
0
x
0
0
0
0
0
0
x
0
x
0
0
0
0
0
x
0
0
x
x
0
x
0
0
0
0
0
x
x
0
0
0
x
1
x
x
0
0
0
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
x
x
0
x
0
0
0
x
0
0
0
0
x
x
0
0
0
x
0
x
x
x
x
0
0
0
0
0
x
x
x
x
0
0
0
0
0
x
0
x
x
0
0
0
0
0
x
0
0
x
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
x
x
x
x
x
x
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
x
0
x
x
x
x
x
0
0
0
x
0
0
x
x
x
0
x
0
x
x
x
x
x
x
x
0
0
x
x
?
x
x
x
?
?
0
0
?
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- CsgoInjector.GG
- Gamehack.DSE
- Gamehack.EBB
- Kryptik.DTE
- Trojan.Agent.Gen.AMQ
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
105 additional items are not displayed above. |
| Process Shell Execute |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
schtasks /delete /tn "Microsoft\Windows\Update\WindowsUpdate" /f
|
schtasks /delete /tn "Microsoft\Windows\DiskCleanup\SilentCleanup" /f
|
schtasks /delete /tn "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /f
|
schtasks /delete /tn "ElysiumCheatsCleanup" /f 2>nul
|
schtasks /query /tn "ElysiumCheatsCleanup" 2>nul
|
