Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.DBS

PUP.Gamehack.DBS

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.DBS
Signature status: No Signature

Known Samples

MD5: d7cf18648d826f0025cb40e26fa7d525
SHA1: 30faff52c4fff0ad6886e66f871deda41527eb1b
SHA256: 0808ECBE49323D7BB321045422EC0E1A92E67BCFFE2B9BBFAA877453F216556D
File Size: 2.00 MB, 1997091 bytes
MD5: 09a68c965ad741722cbf389c7aa01363
SHA1: 59c954cf6c1c4d11cd2fcbf2c9b85b413de394a7
SHA256: AEA182AC6E33797D6FDC6E26EA6E827A8B827D77D38DD28FC56EB4B36BF3D51C
File Size: 2.69 MB, 2694627 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Version 1.00
Internal Name TJprojMain
Original Filename TJprojMain.exe
Product Name Project1
Product Version 1.00

File Traits

  • No Version Info
  • WriteProcessMemory
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_1771187 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\ezmapperinjector64.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ezmapperinjector64.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ezvacbypass.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ezvacbypass.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\handycontrol.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\handycontrol.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\languages Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\languages Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\languages\strings.json Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\rarsfx0\languages\strings.json Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\newtonsoft.json.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\newtonsoft.json.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ninjacs.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ninjacs.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.buffers.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.buffers.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.collections.immutable.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.collections.immutable.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.memory.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.memory.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.numerics.vectors.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.numerics.vectors.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.reflection.metadata.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.reflection.metadata.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.runtime.compilerservices.unsafe.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.runtime.compilerservices.unsafe.dll Synchronize,Write Attributes
c:\users\user\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Process Shell Execute
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

(NULL) C:\Users\Fsgvilvq\AppData\Local\Temp\RarSFX0\NinjaCS.exe

Trending

Most Viewed

Loading...