Multi-License Discount Quote

Change Region

English
Threat Database Hacktool Hacktool.CsgoInjector.Z

Hacktool.CsgoInjector.Z

By CagedTech in Hacktool

Threat Scorecard

Popularity Rank: 10,215
Threat Level: 50 % (Medium)
Infected Computers: 139
First Seen: March 7, 2023
Last Seen: March 16, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Hacktool.CsgoInjector.Z
Signature status: No Signature

Known Samples

MD5: 3ae23f7380bcf8cd44642e88056c3bfa
SHA1: c9add01638aa71c64663fab5a51862a853bc1cc8
SHA256: 303AFCC0AFBFCB626D238258280F41582938E0540C0292C19CB09912FEBD8BBE
File Size: 416.26 KB, 416256 bytes
MD5: 038c149782e9aca07e48ae5b26911ff7
SHA1: dc5b507d5d29e88b5e911315f69ffe1d74826d9f
SHA256: 0EBF97E799D42F722CBCCC8808D55EB91C3F20053CD96284A74604312542214F
File Size: 472.06 KB, 472064 bytes
MD5: 092c5edc60e2d5dfbffebb0ce1c0b32f
SHA1: abbaecc20ec7417f3ea1a958497d51e98031fdd9
SHA256: AC6CDE1BBE7A37044DB9C89EBEB786A42B604F5E4F6EB0D91D834B9A9CF2F28A
File Size: 923.65 KB, 923648 bytes
MD5: 9709a1f7e3886520681e0fe6816c353e
SHA1: ceb646a2d0f8c3b0d2b41df080d63694204ad259
SHA256: C82761552CC96DA312DF3401A3BF19D6448C00B913226BE0136E56419DED2776
File Size: 586.75 KB, 586752 bytes
MD5: 55315250b987562b824e87f8521f362c
SHA1: a06ec1809edf371997c77a8bf0064b0b8ef30530
SHA256: 6E6B59B2B146C2AFF288D791AB80AB10D3E55F73179EFF93D3040BEBDD58D242
File Size: 826.37 KB, 826368 bytes
Show More
MD5: 2c79e7b37600c5c8ebbfc7d161fb6739
SHA1: bfc07bb48d728e691df1c03d0d02d7dc97343ad0
SHA256: 7C981983D0EAE2E19FB8172EBF0E1CEBB2F201C24696C1D1386C2F76C54D3F1F
File Size: 1.27 MB, 1269248 bytes
MD5: 8ef2f0e73c2d228848e7f5e73cdbff66
SHA1: 507d96798f9b3dd039719567113e81421ab69b94
SHA256: 055B9E95F0291627974D5EC97C365F0963D9BCD068A4E5C8242BB5166FC03BF5
File Size: 1.73 MB, 1731618 bytes
MD5: 31136d0e760304fd08317e8c0cd57041
SHA1: eb45f75035c34a0196b655eebf5ea7c9805523ea
SHA256: 3744322B19AF2597F4974CAA3BD7548FF50598BF2FCEFB50F0F8A68D520E3AB2
File Size: 1.76 MB, 1762304 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • 2+ executable sections
  • dll
  • HighEntropy
  • imgui
  • No Version Info
  • packed
  • UPX!
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 2,072
Potentially Malicious Blocks: 135
Whitelisted Blocks: 1,094
Unknown Blocks: 843

Visual Map

0 x 0 0 x 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 x x 0 x 0 x 0 x ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x ? ? ? ? 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 0 0 ? ? ? 0 ? x ? x x ? ? 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 0 0 ? 0 0 ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 ? ? ? ? ? 0 0 0 ? 0 0 0 0 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 1 ? ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 x ? 0 0 0 0 0 0 ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 x ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 ? 0 ? ? 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? ? 0 0 ? 0 ? ? 0 0 0 0 0 ? 0 ? ? 0 ? 0 ? ? ? 0 ? ? 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 2 ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? 0 0 ? ? x x 0 ? 0 ? ? 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? x 0 0 ? 0 x 0 x ? 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 ? ? 0 ? 0 0 ? 0 ? ? 0 0 0 ? ? ? 0 0 0 0 ? ? 0 x 0 0 ? ? ? 0 ? ? ? ? ? x 0 0 0 ? 0 ? x 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? 0 ? ? x x x ? ? ? ? ? ? ? ? ? ? x 0 ? ? x ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? x 0 x ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? x x 0 x ? x x x x 0 x x ? x x ? ? ? ? ? ? 0 x ? 0 ? x x 0 ? 0 0 0 ? ? ? 0 0 0 ? ? ? ? 0 0 0 ? ? 0 0 ? ? ? x x 0 ? 0 ? ? x ? ? ? ? 0 ? x ? ? ? x 0 x 0 ? ? ? ? ? ? x x 0 ? ? ? ? 0 x 0 0 0 0 0 0 0 x 0 0 0 0 x 0 ? 0 x x x 0 0 0 0 x ? x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? 0 0 0 ? ? ? ? 0 x 0 0 0 x ? 0 ? ? ? ? ? ? ? ? 0 0 0 x 0 ? x ? ? 0 0 0 0 ? x 0 ? ? x ? ? 0 0 0 0 ? ? ? ? 0 ? 0 ? 0 0 0 ? x x 0 0 ? ? ? ? ? ? 0 ? ? 0 ? 0 0 0 ? 0 ? ? ? 0 ? x ? 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 ? 0 ? 0 0 0 0 0 ? x 0 ? 0 0 0 ? ? 0 0 0 ? ? 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? x 0 0 0 0 x ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? 0 0 ? ? 0 0 ? 0 ? ? ? ? ? ? 0 0 0 ? 0 ? x 0 ? x 0 ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? x x ? 0 ? ? ? ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? ? x ? ? x ? ? x ? ? x ? ? 0 0 0 ? 0 0 0 0 ? 0 ? 0 ? 0 0 ? 0 ? ? 0 0 ? ? 0 ? ? x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? x ? ? ? ? ? ? ? ? ? 0 x 0 ? 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? ? ? x ? 0 x x 0 x x x ? 0 ? ? 0 x 0 0 x ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? x ? ? ? ? 0 ? x 0 ? x x x x x x x x x x 0 0 0 0 ? 0 0 0 0 x ? 0 ? ? ? ? 0 ? 0 ? 0 ? ? 0 ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 ? 0 0 0 ? ? 0 0 ? ? 0 x 0 ? ? ? ? 0 ? 0 0 ? ? 0 ? ? ? ? 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 ? ? 0 0 0 ? ? 0 0 0 ? ? ? ? ? 0 0 0 0 ? 0 0 0 0 x 0 0 ? 0 0 ? ? ? 0 0 ? ? ? ? ? ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 2 0 0 0 0 1 0 0 0 0 1 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? x ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Wininet
  • InternetOpen

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c9add01638aa71c64663fab5a51862a853bc1cc8_0000416256.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dc5b507d5d29e88b5e911315f69ffe1d74826d9f_0000472064.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\abbaecc20ec7417f3ea1a958497d51e98031fdd9_0000923648.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ceb646a2d0f8c3b0d2b41df080d63694204ad259_0000586752.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a06ec1809edf371997c77a8bf0064b0b8ef30530_0000826368.,LiQMAxHB
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\bfc07bb48d728e691df1c03d0d02d7dc97343ad0_0001269248.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\eb45f75035c34a0196b655eebf5ea7c9805523ea_0001762304.,LiQMAxHB

Trending

Most Viewed

Loading...