Hacktool.CsgoInjector.QJ
Table of Contents
Analysis Report
General information
| Family Name: | Hacktool.CsgoInjector.QJ |
|---|---|
| Packers: | UPX! |
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
5a7292f77db28672468718d813e380e9
SHA1:
54b089b6be167c7a5d38dac8cc84ae1ebc898d39
SHA256:
1B85AAC22DBED218F6073AFD210005E81570121D863B2F5957A86DC32AD273A0
File Size:
1.10 MB, 1104896 bytes
|
|
MD5:
c18df193906988d49f83ed1089caf984
SHA1:
d0dbeb2da4a94dce98559ed94057da246ba55db7
SHA256:
6FF523ECC57AE2F34F81F54850DC5DC1914C92D3957FD69F835BF5C5031D7C59
File Size:
2.81 MB, 2811392 bytes
|
|
MD5:
f2a03c3c9e0c5f1b18915afd5c27bd55
SHA1:
3ffbce903b81ae0c36951c821acec8d54ae13f1d
SHA256:
6B2AFB04E8DB164A03B7C7EC02ACF5A5CF1434918848E6399C586DA878669937
File Size:
1.46 MB, 1464832 bytes
|
|
MD5:
01856ebe6aad96cab5a14304c6fb31dd
SHA1:
53d87425a3e05124e7022dde8999a8ea04e04691
SHA256:
83029E7B3C82FE51EDCAC4B28B08B0282778F8EA747ED9A45F340218B31A2273
File Size:
2.95 MB, 2951168 bytes
|
|
MD5:
5aac7949fbb01060c1041b0506df419a
SHA1:
cf301ee0c60c124077e56b4de14ee24de4755792
SHA256:
91D8AD2697FB043AC8D3EF9B8A9E23DA4163B19B31432FCDF6D2354A3F1B0719
File Size:
2.81 MB, 2808832 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has been packed
- File has exports table
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
Show More
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- dll
- fptable
- HighEntropy
- imgui
- ntdll
- packed
- VirtualQueryEx
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 32,564 |
|---|---|
| Potentially Malicious Blocks: | 7,784 |
| Whitelisted Blocks: | 13,474 |
| Unknown Blocks: | 11,306 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
x
0
0
0
x
x
x
0
0
0
0
0
?
?
?
?
?
?
?
0
?
?
0
?
0
?
0
0
x
0
0
?
0
0
?
?
0
?
0
?
0
0
x
x
x
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
0
?
0
?
0
0
1
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
?
0
0
0
x
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
x
0
0
0
x
0
?
0
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
x
x
0
0
0
0
0
0
0
0
x
x
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
?
?
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
x
0
x
x
x
0
0
?
0
0
0
0
0
0
x
0
0
0
0
x
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
x
0
0
0
0
0
0
?
0
?
x
0
?
0
0
0
0
0
0
x
x
?
0
0
0
0
0
0
x
?
x
0
x
0
x
0
x
0
x
0
x
0
x
0
0
0
0
0
0
0
0
x
x
x
x
0
0
x
x
x
0
x
x
0
x
x
0
0
0
0
0
x
0
0
0
0
?
x
?
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
?
0
0
0
0
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
?
0
0
0
0
0
0
0
x
0
0
x
0
0
x
x
x
x
0
x
1
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
?
0
0
0
0
0
0
0
0
0
x
0
?
x
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
0
?
x
0
0
?
0
?
?
x
?
?
x
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
x
x
0
?
?
0
0
?
0
?
0
0
?
?
?
0
?
x
0
?
?
?
x
x
0
0
0
0
1
0
0
0
x
?
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
x
1
0
0
0
0
?
0
?
?
?
?
?
?
0
x
?
x
?
0
x
x
x
x
0
0
0
0
0
0
x
?
0
?
?
?
?
?
?
?
?
?
0
0
0
0
?
?
0
?
?
?
?
?
0
0
x
?
?
?
x
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
1
?
?
x
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
x
?
?
?
?
0
?
?
x
?
?
?
?
x
0
?
?
?
?
?
x
?
x
0
0
0
0
0
?
?
0
0
?
?
x
x
x
0
0
0
0
?
?
x
?
0
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
x
x
x
x
x
x
x
x
x
?
?
?
?
0
?
?
x
0
0
0
?
?
?
x
?
?
x
0
?
?
?
0
?
?
?
?
?
?
0
?
0
0
0
?
?
?
x
x
x
x
?
x
?
0
0
0
0
1
0
0
0
x
0
0
0
0
0
0
0
0
x
0
?
0
0
0
0
0
?
0
?
?
?
?
x
?
?
?
?
?
?
0
?
?
?
x
?
?
?
?
0
?
x
?
?
?
?
0
?
?
?
?
?
0
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
x
?
?
?
?
?
?
?
?
0
x
0
?
?
0
x
x
?
?
?
?
?
?
?
?
?
?
?
?
?
x
x
0
0
x
?
x
?
?
x
0
x
0
x
0
x
0
x
0
x
0
x
0
x
0
x
0
0
?
?
?
?
x
?
x
?
x
0
0
x
0
x
x
?
?
?
0
x
0
0
0
0
0
0
0
0
1
0
?
?
?
?
?
?
?
?
0
0
0
x
?
0
x
x
?
0
x
?
0
?
0
0
?
?
?
?
?
?
?
?
0
?
?
?
?
0
x
?
?
?
?
?
?
?
?
0
?
?
?
?
0
?
?
?
?
?
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
x
0
0
0
?
0
0
0
0
0
1
0
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
x
?
0
?
x
0
?
0
x
0
?
0
0
?
?
?
?
?
?
?
0
?
?
?
0
?
?
0
0
?
0
0
?
?
?
?
?
?
?
?
?
0
0
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
?
?
?
?
?
x
?
0
0
?
?
x
0
?
x
?
?
?
?
?
0
?
?
?
0
?
0
0
?
?
?
0
?
?
0
?
?
0
?
?
?
?
0
?
x
?
?
?
?
?
0
0
?
?
?
?
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
x
?
?
?
1
?
?
?
?
0
?
?
?
?
?
?
?
0
?
0
0
?
x
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
x
x
0
0
0
?
0
0
0
0
x
x
x
0
?
0
0
0
0
0
0
x
x
?
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
?
?
0
?
0
?
?
0
?
?
?
?
?
0
?
0
?
x
?
?
?
0
?
x
1
?
?
?
?
?
0
0
0
0
0
0
1
0
x
0
0
0
x
?
?
x
x
0
?
x
0
x
0
?
?
x
?
x
0
0
?
?
?
?
?
?
?
?
0
x
0
0
0
0
?
?
?
?
?
?
x
?
?
0
?
0
0
0
?
0
?
0
?
?
?
?
?
?
?
0
0
?
0
0
?
0
0
0
0
0
0
0
x
?
x
0
0
0
0
0
?
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
x
0
x
x
0
x
x
0
0
x
?
x
?
x
x
?
0
?
?
?
?
?
?
0
?
?
?
?
x
x
?
?
0
x
0
x
x
x
x
x
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- CsgoInjector.LB
- Gamehack.AEEB
- Injector.KFSC
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
