Multi-License Discount Quote

Change Region

English
Threat Database Hacktool HackTool.GameHack.L

HackTool.GameHack.L

By CagedTech in Hacktool

Threat Scorecard

Popularity Rank: 6,669
Threat Level: 10 % (Normal)
Infected Computers: 5,127
First Seen: July 24, 2009
Last Seen: March 30, 2026
OS(es) Affected: Windows

Registry Details

HackTool.GameHack.L may create the following registry entry or registry entries:
File name without path
hackatack.zip

Analysis Report

General information

Family Name: HackTool.GameHack.L
Packers: UPX
Signature status: No Signature

Known Samples

MD5: 80f78b974344be20ab70e9a68d0bc150
SHA1: aef5ee606e5c3e431056ec2adfe9c0baa96fd2f3
SHA256: 081B74491AB122EEE5C2E65208C6058290EE9BFC5C5DFB20DC2121B50C56146A
File Size: 1.24 MB, 1243136 bytes
MD5: 84b1982320173750bbf29d1e8d7b8caf
SHA1: e3c6fd1bdc5dec7daf30b5dcb6826ae696745d2b
SHA256: BB594790E961F17B9481BDBEB27157A7DE80A42AE41757E25D5FF48040BBBC17
File Size: 462.37 KB, 462372 bytes
MD5: 97686ba83507b28185635c37fecf9507
SHA1: 417e4edb54a9bc099833016f00af4a097a764369
SHA256: 9D8B89080968FF3A394E8538BDD980D21135FDEBEB337AFE484A8CCE735C5E40
File Size: 2.17 MB, 2174656 bytes
MD5: 93947201fc52fee64473110f98c8cf87
SHA1: 494df3a6e8d59926223a49b59b258c082e4db2bb
SHA256: C0BEEEA106049B256A7A758666192A3F87D5179D94DF40DD02E1B1B1CF6BF048
File Size: 1.49 MB, 1490112 bytes
MD5: bf55ddafc75083d40ef2ce74b02a94e3
SHA1: bb7981f0f714567f098359440118c5e58f1a7e7e
SHA256: C336400131342D3A0D7F07EEDE126C60DA6BC4E8F002D8B9120A747B74BF8F28
File Size: 792.61 KB, 792609 bytes
Show More
MD5: d308092ea7689f63e60824546c66b441
SHA1: 995b33597db87432e3a960496c8bfb6d4aa5ebde
SHA256: BB0765E272B2334CD130D86CD97AD82E037D4F14EFD2E136B5EBC87CBCD0FB95
File Size: 1.33 MB, 1333760 bytes
MD5: 71e8e0c642ca7ed9cd5ad58235052dfa
SHA1: cd85e46473c347ed875db457d383e42a58a6d150
SHA256: 9FAADABCD79AFCC8FD871A5B09EEB982EF83DA1142887A9D8921151A686F1637
File Size: 1.23 MB, 1233408 bytes
MD5: 22f434fb5dc620fd9b9b42f19cb4fa49
SHA1: e7bf7f0357fad4dc1f29c051e750a6319b13c2e9
SHA256: B790CD08664C9DEF165921B12393C38546C963B8CADED232AE4F1841C80E4706
File Size: 1.31 MB, 1314816 bytes
MD5: e751260ce250cc238d82786775feeaed
SHA1: 6fb10d80f326d1268eab32f3ec6a5ed311cf973e
SHA256: 602171C10844667D6FF0B6CEF4A20920D7EECC87A8E0EBEAED9368E4C113178E
File Size: 646.69 KB, 646690 bytes
MD5: f8e9f31384e5dc7b10b630a4d0228acc
SHA1: 8272ecca6f11ff7ff009dabc8e279e961df9ea79
SHA256: EC91ACE2278E79AABB282C089923BF2AADE37F6050CBA240038C5B87940DBB9E
File Size: 1.26 MB, 1260581 bytes
MD5: 35f971fb1244b90a7b98c686d76074bb
SHA1: 975b329ac7f03adfce8f45fbde1fa996c8ed07b3
SHA256: 0FD4647CAAFE8FCF8B3E4894602838D39B4EC66F560218BE2E5CF1B7DB61604A
File Size: 691.24 KB, 691237 bytes
MD5: 747b5ee1cebef5ba31b4e200ae369308
SHA1: f9bb9b6d3f1f2eab971e10217e48b1d91c5c4370
SHA256: A9CD0269EFAD85D47998BF2FD7E66035E36E4BF9B596734A5EBBADBD48A977A5
File Size: 7.28 KB, 7275 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name CheatHappens
File Version
  • 1.1003
  • 1.0009
  • 1.0006
  • 1.0002
  • 1.0001
  • 1.0000
Internal Name 1.3.3107442 Build 3107442
Product Name
  • Alpha Protocol Trainer
  • Assetto Corsa Trainer
  • Battlestations Pacific Trainer
  • Dirt 2 Trainer
  • Dragon Age Origins
  • Gothic 3 Trainer
  • Soulstorm Trainer
Product Version
  • 20046
  • 15968
  • 15630
  • 15089
  • 14276
  • 14021
  • 13523

File Traits

  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • ntdll
  • packed
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 62
Potentially Malicious Blocks: 11
Whitelisted Blocks: 51
Unknown Blocks: 0

Visual Map

x x x x 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Autorun.SA
  • Buma.A
  • CheatEngine.GA
  • GameHack.L
  • GameHack.LA
Show More
  • Gamehack.LH

Files Modified

File Attributes
c:\users\user\appdata\local\temp\delete.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\files.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\gta_snow_andreas_launcher.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\gta_snow_andreas_launcher.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tempfile.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\tempfile.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tempfile.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\tempfile.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\cheathappens\work\cheathappens.net Synchronize,Write Attributes
c:\users\user\cheathappens\work\inetcheck.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\cheathappens\work\inetcheck.dat Synchronize,Write Attributes
c:\users\user\cheathappens\work\runtime\cheathappens.net Synchronize,Write Attributes
c:\users\user\cheathappens\work\runtime\inetcheck.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\cheathappens\work\runtime\inetcheck.dat Synchronize,Write Attributes
c:\users\user\downloads\0.mp3 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\0.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\1.mp3 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\1.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\3.mp3 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\3.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\4.mp3 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\4.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\5.mp3 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\5.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\6.mp3 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 6fb10d80f326d1268eab32f3ec6a5ed311cf973e_0000646690 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id 皺冶 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䁽삈ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 闪ȁ獖}偫~엦1dᵂċᵆċr֢ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001 Windows Network Diagnostics RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Network Winhttp
  • WinHttpOpen
Network Urlomon
  • URLDownloadToFile
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • getpeername
  • getsockname
  • inet_addr
  • send
  • socket
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecute
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetUserObjectInformation

Shell Command Execution

open C:\Users\Zyvhckqw\AppData\Local\Temp\gta_snow_andreas_launcher.bat
WriteConsole:
WriteConsole: c:\users\user\do
WriteConsole: start
WriteConsole: SAgfxHack.exe

Trending

Most Viewed

Loading...