PUP.Gamehack.AFB
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Gamehack.AFB |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
2c54cccafcbc30c5ff73ccd783011cbc
SHA1:
5e14693a0946f44a7cd5732796a8fc8dfff481ea
SHA256:
161C5DE9C40C56A2467A759809F8EC581FDA8499ED0B8C6C80043E1FC5A31D97
File Size:
491.52 KB, 491520 bytes
|
|
MD5:
e9fa82d5303a4922cb4ba4e4e811bd1e
SHA1:
50ba5ffc6c0bd08c902719c91a01e3cf358c2c91
SHA256:
E8785B81A1A907FFA39A9B982FD76B47478D3EBF80AE5E94AF666418EEE5A031
File Size:
376.32 KB, 376320 bytes
|
|
MD5:
f944f0f8868847f207ddd2b0ed0c0c11
SHA1:
67b9639561c522ca7757bfa8d30b5daed6e98100
SHA256:
6231A1A13AFBD82CB93BC2AF0A5EC814836F8522D86259C7ED518ECCF57E5B1B
File Size:
518.14 KB, 518144 bytes
|
|
MD5:
5132de4ef8edc372d947330a02d18175
SHA1:
d161389788bc7d1a846eff65598064d0e8c2d455
SHA256:
12A7950F265525C4514539B8DDBC3373AB293C83007097CFE3001AAE402D1A4A
File Size:
491.52 KB, 491520 bytes
|
|
MD5:
08c0605f54a828871607c302211a7381
SHA1:
a0e5837204710e2b97091906d005a59ff8babf18
SHA256:
E8B96E24B43D5D168609B8DE7E8CB1993CE8CB433C43EFFFB26CB62B490EBB95
File Size:
518.14 KB, 518144 bytes
|
Show More
|
MD5:
61480af455f19b40d7e9a4d2d460a63f
SHA1:
e2f1c93e96c8f318ef19d9376c617e39d86952c7
SHA256:
0C44689C955D5801EC84F56594FB3FE9621BAFA919A099D728146EEF29B72A52
File Size:
518.14 KB, 518144 bytes
|
|
MD5:
2055b956e30e53f8871f05bb3f94b4c2
SHA1:
d29c290dc2e611f0626c27a2d963396bbfbcdc46
SHA256:
47ECB427C255D0DC71AFE953F618D0A5FDBB040F9EDEF3F000C0546D4F6307C0
File Size:
376.32 KB, 376320 bytes
|
|
MD5:
ef124a2a7e72458b589cae27c8db6b48
SHA1:
78f6d5d9702f0f5ee7aa817d8c35facad8031eec
SHA256:
E16089D0EFB80A0B6C2D87091484CC6F590A7D794C41812757CB0244A55CA398
File Size:
491.52 KB, 491520 bytes
|
|
MD5:
ed4a94d9452ffcd313c6d49d0e694c05
SHA1:
86aab224e9673a60e3513e80e851ddedda1e273e
SHA256:
3EAF8B00148CDF1D66D344FF8803505C7B8FC9FE8603F579F3431A6C0EC73702
File Size:
381.44 KB, 381440 bytes
|
|
MD5:
aa3b9045d7bb38b44866d939ee175926
SHA1:
976bc0af0206870c7d71bb3bd267b9bf63d3aff4
SHA256:
DC0122455A6E592D7614E236C94DA147EAEA3D638CE4E5E5CF77AC293779B206
File Size:
491.52 KB, 491520 bytes
|
|
MD5:
2c56051e55b25b93844b3f74c3d1d5db
SHA1:
731521dc2dca7c39b3d7e3f1d538eaf84bcfdc87
SHA256:
F876B788EA8A5FE10E32536BB830FF87B89FDEB0279F0C1CE3E09C54B5323A36
File Size:
375.30 KB, 375296 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- fptable
- HighEntropy
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,266 |
|---|---|
| Potentially Malicious Blocks: | 122 |
| Whitelisted Blocks: | 1,142 |
| Unknown Blocks: | 2 |
Visual Map
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
x
x
x
x
0
0
0
0
0
x
x
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
x
0
0
0
x
0
0
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
?
x
0
x
x
x
x
x
0
x
0
x
x
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
x
0
0
x
?
x
0
0
x
0
0
0
0
0
x
x
x
0
0
x
0
0
x
0
0
0
0
0
x
x
0
0
x
0
0
x
x
x
x
0
0
0
0
x
0
x
x
x
x
x
0
0
x
x
x
0
0
x
0
0
0
0
x
x
x
0
x
0
0
x
0
0
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
0
0
0
0
0
0
x
x
0
0
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
0
0
x
x
x
x
x
x
x
0
x
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
1
0
1
1
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
3
1
1
1
1
1
1
0
1
0
0
0
0
0
2
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
1
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
2
2
0
0
1
1
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Gamehack.AFB
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Service Control |
|
