PUP.Gamehack.DSA

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Gamehack.DSA
Signature status:	No Signature

Known Samples

MD5: 68069c75aa5bcb5b49ae54d56da6a535

SHA1: 64877b857cd400de280bcb871b50feebe0cac21e

SHA256: 37A10F1FF9949406CE4D0BADD0D484403B1F92B415F1477688D1C773457E7588

File Size: 103.42 KB, 103424 bytes

MD5: f94572fbcd42476c7c944d9319f3965a

SHA1: ab1e9a029ac944351fedd2e7ff3bade00ebcde61

SHA256: E0F715C3D6E382EB4E0CA517759C8837BC4B0C47DA914C288202D5AA1A5BCE08

File Size: 203.78 KB, 203776 bytes

MD5: e9be08add0a60d4a116f8bf1a7cf1c83

SHA1: 666116ee790c97f7948771799bbe0786bcd96a18

SHA256: 1BD5B83786EF0E9D2BABA3D96042EEE2695C846B5AC57CCC1B022A5B781014B5

File Size: 343.04 KB, 343040 bytes

MD5: ecf1d58c0276a98b4318facc4074d962

SHA1: 4331c5d4e64f3d799bd7db466110974d2cdc16a4

SHA256: 29D5E94CB18AE2149A1A88900E4ED4B9EDA372C73C243AE670140198804979CD

File Size: 304.64 KB, 304640 bytes

MD5: d56aa4530ea37a5a1c0d5c67f01db422

SHA1: b3810ae3329b80fb1ea24df20f1097d4da64380b

SHA256: 767FC0484402F0EA8BB8A9F83AFBA86813FF5F59355585FF3E426E4C9B3EFC01

File Size: 352.26 KB, 352256 bytes

MD5: 7a49bf42720d42834086d83d704a1090

SHA1: 596be88a1ca8640f721088b158f0f3577c855d4d

SHA256: FA0E92C0BD6C2C6BAF92EE10707A919B4ECCB3F9279C711ADFBD4D83AC7CB91D

File Size: 330.75 KB, 330752 bytes

MD5: eeaf587255df3b55f3ef6b8ad0ed8572

SHA1: 94d7b42f81c6cc988b176a2cb865f564454f5eac

SHA256: 3F8AF778A1AB8D84385DDE80AFC0AFE2D1B8137CD105A0E452A98CA4845D3AC5

File Size: 203.26 KB, 203264 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have resources
File doesn't have security information
File has TLS information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

dll
fptable
HighEntropy
x86

Block Information

Total Blocks:	540
Potentially Malicious Blocks:	34
Whitelisted Blocks:	426
Unknown Blocks:	80

Visual Map

? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x ? 0 x ? ? x ? 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 x 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 x 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 x x 1 1 x 0 0 0 1 1 1 0 x 0 1 0 0 0 1 1 1 x x 0 0 0 x 1 1 1 1 0 1 1 0 0 0 x x x 0 0 ? ? 0 ? ? ? 0 0 0 0 0 ? ? ? 0 ? 0 x ? ? x ? ? x x 0 x x ? 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 1 0 0 0 0 1

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Gamehack.DSA

Files Modified

File	Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\07cef2f654e3ed6050ffc9b6eb844250_3431d4c539fb2cfcb781821e9902850d	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\18159ebd3277736d0444419407768451_2fd781d15115165dd3192e4e42e088c7	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b2faf7692fd9ffbd64ede317e42334ba_89854ca6a0f0936a4d2eca78845cea25	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b2faf7692fd9ffbd64ede317e42334ba_d7393c8f62bde4d4cb606228bc7a711e	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\d0e1c4b6144e7ecab3f020e4a19efc29_a16793b4ea930c0e219244cee32c9a44	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\d0e1c4b6144e7ecab3f020e4a19efc29_b5f77004c894173a10e3a199871d2d90	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\d9ca54e0fa212456e1db00704a97658e	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\e2ca974efe3c296b6bca23a2bffe08de	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\07cef2f654e3ed6050ffc9b6eb844250_3431d4c539fb2cfcb781821e9902850d	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\18159ebd3277736d0444419407768451_2fd781d15115165dd3192e4e42e088c7	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b2faf7692fd9ffbd64ede317e42334ba_89854ca6a0f0936a4d2eca78845cea25	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b2faf7692fd9ffbd64ede317e42334ba_d7393c8f62bde4d4cb606228bc7a711e	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\d0e1c4b6144e7ecab3f020e4a19efc29_a16793b4ea930c0e219244cee32c9a44	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\d0e1c4b6144e7ecab3f020e4a19efc29_b5f77004c894173a10e3a199871d2d90	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\d9ca54e0fa212456e1db00704a97658e	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\e2ca974efe3c296b6bca23a2bffe08de	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\syswow64\resamp++.log	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenProcessToken ntdll.dll!NtProtectVirtualMemory Show More ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Process Shell Execute	CreateProcess
Anti Debug	NtQuerySystemInformation
Process Manipulation Evasion	NtUnmapViewOfSection
Encryption Used	BCryptOpenAlgorithmProvider

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\64877b857cd400de280bcb871b50feebe0cac21e_0000103424.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ab1e9a029ac944351fedd2e7ff3bade00ebcde61_0000203776.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\666116ee790c97f7948771799bbe0786bcd96a18_0000343040.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4331c5d4e64f3d799bd7db466110974d2cdc16a4_0000304640.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b3810ae3329b80fb1ea24df20f1097d4da64380b_0000352256.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\596be88a1ca8640f721088b158f0f3577c855d4d_0000330752.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\94d7b42f81c6cc988b176a2cb865f564454f5eac_0000203264.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Gamehack.DSA

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Ice Open Network (IOP) Airdrop

Your Account Is Secure & Ready Email Scam

ValidVersion.app

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen