PUP.Gamehack.DT

Analysis Report

General information

Family Name: PUP.Gamehack.DT
Signature status: Self Signed

Known Samples

MD5: 55e14937124246393c06cc9a774d261b
SHA1: feca39f9adfb6c3870167e252ef7f11df193449f
SHA256: BC44CC0C361C559960A44C5AD6CE0B4C825399B77B026CBA1EC82FEF9A6A9EA4
File Size: 363.01 KB, 363008 bytes
MD5: 1cbf5b319bbd371d6bfeef1483416b14
SHA1: c61d1fb8e7ccfc54d11d6a03a191e3f45bfa5ad1
SHA256: 28CEB1E98C24687C0D505A845C993A00B629FCCE4591AFA7323D1EF112D8FF5C
File Size: 723.88 KB, 723880 bytes
MD5: fb073f9ea0961fa523a19e9dc1dc1864
SHA1: 4c2de8001060b1b94d206b7a7227cdfd5fb4e52e
SHA256: 2660AC156407C7D87AAD73E7328C45063CB28600C5B47A8D33397C3CC038E62A
File Size: 588.29 KB, 588288 bytes
MD5: 7de574cbe8921a8f66680639530d67ee
SHA1: d5edc417cd0c75324f313aac52e241883bda6bf8
SHA256: 8DE302CF7A81DF930C08BA1986757375FB43A1F278CD76AFBAF3432291001FBF
File Size: 482.73 KB, 482728 bytes
MD5: 91d6aa1d3d5523f53d1c272c3d6d390a
SHA1: 88d7ccc8be76609081488980dcaf9c014751d38b
SHA256: 6801902D0A01BC56BA299C1644356443E7E405D4DCFE487D2E0C7CF8DCE4CF5E
File Size: 370.76 KB, 370760 bytes
Show More
MD5: 5e4979b8a7c6ec30218a4769f5deaf12
SHA1: 3822f49999bf5932082b8b46c6522931d83ccca3
SHA256: 7534D1CD6D1E825F1BFCF332FE7A96F746E66FAEE0F56699529BA117DCD951B5
File Size: 660.99 KB, 660992 bytes
MD5: d3babcf0be421178b7df51567a3cc2ef
SHA1: 7491570dc4d789198a009b1b0de9b19415d84c35
SHA256: B265DEF86679AFD4A0FE55648B160E85CCA868D36D4A5C1BE60539E5EC2A15CF
File Size: 327.24 KB, 327240 bytes
MD5: e88a5037dff2046c0bce8fcc28cee311
SHA1: 1d0720bc8ccf496a42df3628ceb99ce267810a31
SHA256: D87298D0EF73B151D5D2C6BFE01B48810D36D57BA566A2159DE78795B80FBC21
File Size: 351.14 KB, 351144 bytes
MD5: 274a54fb141e8dc74305cf439c99c0fe
SHA1: 671eb318560eac9370cecd297a8d367730d8ab48
SHA256: AB22C05146712A69F942AC06589C0A2E4B725385B693260F7CEE6B1DE1AB3B8C
File Size: 331.85 KB, 331848 bytes
MD5: 6b498aacf553ac0ea81f9016c8bc4c2f
SHA1: 859d61d2a4e38087d3758e40c926b82ca416903a
SHA256: 3DC8A1FBE8A9377A08BE4B112019B2715AAF7398F3DDD73D6632132E40B63AE9
File Size: 351.14 KB, 351144 bytes
MD5: 0275dd83e8b8e863aec52f9471241951
SHA1: 3813266d21642171f1a77bb5e03caed863033610
SHA256: F1E27565C1B6C6D489A8D5DA03B62223C7F3059C05359A9D8D0E3DFC2FE7D564
File Size: 351.14 KB, 351144 bytes
MD5: 437e2e45eb186ecaa86197f3d7b5c522
SHA1: 6ee7278702efcdbb5b2cb4cc62aef7c4c7bc59b8
SHA256: 0FCF7262088DE00F247EC1ACD73712F831381F176AB020FFD64ABE7C36A48243
File Size: 342.95 KB, 342952 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name GSE
File Description GSE
File Version 1, 0, 0, 2
Internal Name GSE
Legal Copyright Copyright (C) 2021 GSE
Original Filename steam.exe
Product Name GSE
Product Version 1, 0, 0, 2
Source Control I D 8563863

Digital Signatures

Signer Root Status
GSE GSE Self Signed

File Traits

  • fptable
  • HighEntropy
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 1,199
Potentially Malicious Blocks: 27
Whitelisted Blocks: 1,172
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 2 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.KPF
  • Downloader.UA
  • Gamehack.DT
  • PSW.Agent.PF
  • PSWDump.C

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWriteFile
Show More
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState

Trending

Most Viewed

Loading...