PUP.GameHack.CCA

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.GameHack.CCA
Signature status:	No Signature

Known Samples

MD5: 0995484a5f655cc8d437336129b99cef

SHA1: 23761919b19a4be2952433763e5fa29ea8e4d6f8

SHA256: AE02766507604CB28624E70459ECEAB0BE798D4E7BBA97CECA7D23FB77EAEAF4

File Size: 826.88 KB, 826880 bytes

MD5: b17450d6f3ab2af2d135560aa34dbc07

SHA1: 2ebe2b0d79ae4a46af54b3fe79e0d86258ccd6f0

SHA256: FAC70627EAF70DBA766B062B3DABC11D31B959F5CBFA46E4E237B07F92E1376D

File Size: 338.43 KB, 338432 bytes

MD5: cd34ba1ae257e26351492ca13ff2014f

SHA1: 99127f3b1dda3942f232c1115e7774c9a61c7b8c

SHA256: 1CA0C06BE48A0EB637016AC6C86CD0B1437900DB571F8BD2C47DA00C9D163BF4

File Size: 646.66 KB, 646656 bytes

MD5: 1396b40e3b74bd4dfd5d52f66eb49a22

SHA1: ef66efe52dbbae46705334f5500c84853a162244

SHA256: 97EE7AABA503E78D08D95C09A53DB7014F5C6EA6B9698EC410F4F337BBB13593

File Size: 367.62 KB, 367616 bytes

MD5: a187b3c233e5e220b04e715646bc0e62

SHA1: 2a5276ada611d014809b9980ef464d1d51fef851

SHA256: 60331A5C90BA697A28B281D00C83C68F749860001860C936F9BD459EC98C734E

File Size: 745.47 KB, 745472 bytes

MD5: 896b7555284470573a5fbf5b24f9030e

SHA1: de8e7bd0c4ae119207d2c0b3c86a8829acb836d9

SHA256: 0B4B4ED5518C1FB3B5D52A5B9317420DAAB9FB4413C4BA0C7ECA2DF3976DC024

File Size: 674.30 KB, 674304 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

dll
HighEntropy
x86

Block Information

Total Blocks:	2,182
Potentially Malicious Blocks:	170
Whitelisted Blocks:	1,632
Unknown Blocks:	380

Visual Map

0 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? 0 ? 0 ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 ? ? 0 x ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 x x x 0 0 0 ? ? ? ? ? ? ? 0 ? 0 0 ? ? 0 x 0 ? ? ? ? ? 0 ? ? ? ? 0 ? ? x 0 0 0 ? ? ? 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 x x x 0 0 x x ? 0 0 x x x x ? x x ? x x ? ? 0 0 0 x 0 ? ? 0 ? 0 0 x x x x 0 ? 0 ? ? x ? x x x x x x x 0 0 0 0 0 0 0 0 ? ? ? ? x 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? 0 0 ? ? x ? 0 0 ? x x ? x x ? 0 0 ? 0 ? 0 x x x 0 ? ? 0 0 0 0 ? x x x 0 0 0 ? ? ? ? 0 0 0 0 x x ? 0 ? 0 ? ? x ? 0 x 0 0 0 0 0 0 ? x 0 x 0 0 x x ? 0 0 0 0 ? 0 ? x ? 0 0 x 0 0 x 0 0 0 ? 0 0 0 x x ? 0 0 ? 0 ? x ? 0 0 x 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 ? x ? ? ? x ? 0 0 ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 x x x x ? x x x x ? x x 0 0 0 0 0 0 0 0 0 0 ? ? 0 x 0 0 x ? ? ? x ? ? 0 x x ? x x ? x x ? x x ? x x ? x x ? x x ? x x ? x x ? x x ? x x ? x x ? x x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? 0 ? 0 ? 1 ? 0 ? 0 ? ? ? ? ? 1 ? 0 ? 0 x x x ? x ? x ? ? ? ? ? 0 0 x x ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 x 0 0 0 0 ? ? ? ? ? ? 0 ? ? x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 1 ? ? ? 0 ? ? ? ? ? ? ? x 0 ? ? ? ? ? x ? ? ? ? ? ? x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x ? x x ? x x ? x x ? ? 0 0 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x ? ? ? ? ? ? 0 0 0 x 0 0 ? ? ? ? x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 ? ? ? ? 0 0 0 0 0 0 x 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 x x ? 0 0 0 0 0 0 x x ? 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? x ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 x 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x x ? 0 ? ? 0 x 0 0 0 x x 0 0 0 0 0 0 0 ? 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 3 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 2 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenProcessToken ntdll.dll!NtProtectVirtualMemory Show More ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Process Shell Execute	CreateProcess
Anti Debug	NtQuerySystemInformation
Process Manipulation Evasion	NtUnmapViewOfSection

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\23761919b19a4be2952433763e5fa29ea8e4d6f8_0000826880.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2ebe2b0d79ae4a46af54b3fe79e0d86258ccd6f0_0000338432.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\99127f3b1dda3942f232c1115e7774c9a61c7b8c_0000646656.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ef66efe52dbbae46705334f5500c84853a162244_0000367616.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2a5276ada611d014809b9980ef464d1d51fef851_0000745472.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\de8e7bd0c4ae119207d2c0b3c86a8829acb836d9_0000674304.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.GameHack.CCA

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Goofed Ransomware

Trojan Downloader.Win32.Devsog!k

Adware.SystemTable

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

Discord Is Stuck on Gray Screen