HackTool.GameHack.L
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 6,660 |
| Threat Level: | 10 % (Normal) |
| Infected Computers: | 5,098 |
| First Seen: | July 24, 2009 |
| Last Seen: | January 13, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Registry Details
HackTool.GameHack.L may create the following registry entry or registry entries:
File name without path
hackatack.zip
Analysis Report
General information
| Family Name: | HackTool.GameHack.L |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
80f78b974344be20ab70e9a68d0bc150
SHA1:
aef5ee606e5c3e431056ec2adfe9c0baa96fd2f3
SHA256:
081B74491AB122EEE5C2E65208C6058290EE9BFC5C5DFB20DC2121B50C56146A
File Size:
1.24 MB, 1243136 bytes
|
|
MD5:
84b1982320173750bbf29d1e8d7b8caf
SHA1:
e3c6fd1bdc5dec7daf30b5dcb6826ae696745d2b
SHA256:
BB594790E961F17B9481BDBEB27157A7DE80A42AE41757E25D5FF48040BBBC17
File Size:
462.37 KB, 462372 bytes
|
|
MD5:
97686ba83507b28185635c37fecf9507
SHA1:
417e4edb54a9bc099833016f00af4a097a764369
SHA256:
9D8B89080968FF3A394E8538BDD980D21135FDEBEB337AFE484A8CCE735C5E40
File Size:
2.17 MB, 2174656 bytes
|
|
MD5:
93947201fc52fee64473110f98c8cf87
SHA1:
494df3a6e8d59926223a49b59b258c082e4db2bb
SHA256:
C0BEEEA106049B256A7A758666192A3F87D5179D94DF40DD02E1B1B1CF6BF048
File Size:
1.49 MB, 1490112 bytes
|
|
MD5:
bf55ddafc75083d40ef2ce74b02a94e3
SHA1:
bb7981f0f714567f098359440118c5e58f1a7e7e
SHA256:
C336400131342D3A0D7F07EEDE126C60DA6BC4E8F002D8B9120A747B74BF8F28
File Size:
792.61 KB, 792609 bytes
|
Show More
|
MD5:
d308092ea7689f63e60824546c66b441
SHA1:
995b33597db87432e3a960496c8bfb6d4aa5ebde
SHA256:
BB0765E272B2334CD130D86CD97AD82E037D4F14EFD2E136B5EBC87CBCD0FB95
File Size:
1.33 MB, 1333760 bytes
|
|
MD5:
71e8e0c642ca7ed9cd5ad58235052dfa
SHA1:
cd85e46473c347ed875db457d383e42a58a6d150
SHA256:
9FAADABCD79AFCC8FD871A5B09EEB982EF83DA1142887A9D8921151A686F1637
File Size:
1.23 MB, 1233408 bytes
|
|
MD5:
22f434fb5dc620fd9b9b42f19cb4fa49
SHA1:
e7bf7f0357fad4dc1f29c051e750a6319b13c2e9
SHA256:
B790CD08664C9DEF165921B12393C38546C963B8CADED232AE4F1841C80E4706
File Size:
1.31 MB, 1314816 bytes
|
|
MD5:
e751260ce250cc238d82786775feeaed
SHA1:
6fb10d80f326d1268eab32f3ec6a5ed311cf973e
SHA256:
602171C10844667D6FF0B6CEF4A20920D7EECC87A8E0EBEAED9368E4C113178E
File Size:
646.69 KB, 646690 bytes
|
|
MD5:
f8e9f31384e5dc7b10b630a4d0228acc
SHA1:
8272ecca6f11ff7ff009dabc8e279e961df9ea79
SHA256:
EC91ACE2278E79AABB282C089923BF2AADE37F6050CBA240038C5B87940DBB9E
File Size:
1.26 MB, 1260581 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | CheatHappens |
| File Version |
|
| Internal Name | 1.3.3107442 Build 3107442 |
| Product Name |
|
| Product Version |
|
File Traits
- 2+ executable sections
- HighEntropy
- No Version Info
- ntdll
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 261 |
|---|---|
| Potentially Malicious Blocks: | 52 |
| Whitelisted Blocks: | 205 |
| Unknown Blocks: | 4 |
Visual Map
?
0
x
?
x
x
x
0
x
?
?
x
x
x
x
x
x
0
0
x
0
x
0
x
x
0
x
x
0
x
0
x
0
x
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
x
x
x
x
x
0
0
0
0
0
x
x
x
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
x
x
0
x
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Autorun.SA
- CheatEngine.GA
- GameHack.L
- GameHack.LA
- Gamehack.LH
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\cheathappens\work\cheathappens.net | Synchronize,Write Attributes |
| c:\users\user\cheathappens\work\inetcheck.dat | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\cheathappens\work\inetcheck.dat | Synchronize,Write Attributes |
| c:\users\user\cheathappens\work\runtime\cheathappens.net | Synchronize,Write Attributes |
| c:\users\user\cheathappens\work\runtime\inetcheck.dat | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\cheathappens\work\runtime\inetcheck.dat | Synchronize,Write Attributes |
| c:\users\user\downloads\0.mp3 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\1.mp3 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\3.mp3 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\4.mp3 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Show More
| c:\users\user\downloads\5.mp3 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\6.mp3 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name | 6fb10d80f326d1268eab32f3ec6a5ed311cf973e_0000646690 | RegNtPreCreateKey |
| HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id | 皺冶 | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| Network Winhttp |
|
| Network Urlomon |
|
| Network Winsock2 |
|
| Network Winsock |
|
