PUP.Gamehack.EBB
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Gamehack.EBB |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
68809ec992058a304f1dccebd536a712
SHA1:
d6fbd6358a1ee6ca77332a3eb7570adcfac8402e
File Size:
2.06 MB, 2059776 bytes
|
|
MD5:
eccae5aaedb6940a837f01a3253aeded
SHA1:
b8af2baf31f453e8f17a2fd618c005e1a52a6fb7
SHA256:
B36E1FDECD76B9AC7AC5A147CB5106C21AD6B590FE667CBECA50D8318349DE4C
File Size:
2.31 MB, 2309120 bytes
|
|
MD5:
2ce915872a140f716ccc28ede03b6928
SHA1:
15bf1586658fbd09b3beabcff55b2b20973ff643
SHA256:
AD1A5F59A4E7E18360031EB918571FF0C706AB52F25D740965CC8C9512313B0F
File Size:
3.63 MB, 3634688 bytes
|
|
MD5:
5b0c5a995f3c8326b49c298f3d4c48fd
SHA1:
9ecbf7ef4fb8742105bef0b2ba1c69bc80ea02c6
SHA256:
A619EF6445C337AA6B28803A4B8770D0CCD199D1A387765866BE7F3618A5D141
File Size:
3.04 MB, 3041280 bytes
|
|
MD5:
142f909e88b376385718987c47cfda98
SHA1:
56de6e5445a88fd71b957e305a5565c83eb11174
SHA256:
EA92FAE7FB87154F97311D41401BECE8515BD1D196B76AAC03D589539A99F47E
File Size:
1.46 MB, 1464320 bytes
|
Show More
|
MD5:
a4a6291d1800eb62d730e0af4e3cc39e
SHA1:
ef307b81afd8a71552037c2ce19d5c43f70ae0e7
SHA256:
7DD58CC98100D1F5769C6C77288F52FEE788AEE062025B342EECF3365CCC730A
File Size:
1.56 MB, 1560576 bytes
|
|
MD5:
e83cca699dbed49f84eda4cd5e658668
SHA1:
8787e17f87d21ec65bbceb1453095c080dcfc779
SHA256:
42C65857807867CCF2345B85A83D7BE93195CF16B6190BA178EFD09BD608A8D3
File Size:
3.52 MB, 3522424 bytes
|
|
MD5:
43dc9beaeaf4275bbff004400898d9d3
SHA1:
d5b77b51040d5442591bf7c3822362212f2ff1be
SHA256:
3F0DE58F4569C1A134B0D312CBA0534EBDC5C525AA073C6F3C8501FD3195BD2B
File Size:
8.13 MB, 8125952 bytes
|
|
MD5:
baedb1d05e4c3b72db69ed5a667d430f
SHA1:
543f9923f7fc9e8b8ff65e6e3ccf29d3b6268949
SHA256:
D4F37D0F62B2EBDA5396A5E2EFE7273DCE12B25730B1FDB33899985FAD9CDB3F
File Size:
3.35 MB, 3353600 bytes
|
|
MD5:
b8ea7c7810d4b98e05e9c401007b0d76
SHA1:
0912689d20efa4ebe8ea0b6aebb9f31caa09dccb
SHA256:
071825A18825EEB9DAF1827143FFDC1CC127776FDD3EEFC2C207A1430942DD6B
File Size:
2.05 MB, 2054144 bytes
|
|
MD5:
79c226c6e0f0c61f7042afe09f260a01
SHA1:
75442a6594a267f00a599103e88fb9c4d8dc21d0
SHA256:
CF872049703A6069BA6BD95FD075705E6D05E5CC893176B7EA372090A2496D73
File Size:
1.44 MB, 1437184 bytes
|
|
MD5:
2e094007e1081b80adc67bf0ad4b283b
SHA1:
cc48866eace2a4767fd60249a20730d51ff1193d
SHA256:
413F21615A7324987C7E1AAEE73495CACB0721208E90B6A4D7709EE575242E3C
File Size:
5.94 MB, 5944320 bytes
|
|
MD5:
cbe21c7190b04e1cfcde071ef5c98a28
SHA1:
a19fce18979b553078850843a7e8c65c9331bc85
SHA256:
7FF5A5657D63DA6D5880EDDFE53ABA53B3AC39C2A44AF3744D4E9C31894626BC
File Size:
1.76 MB, 1763840 bytes
|
|
MD5:
2dd1ba71d4759d2b1ca47d708cab87fc
SHA1:
d1c77ce0efe2f455209a7ed857bbab2742979f42
SHA256:
61A5379D2B5CAD1BBDB5B304353A3447D47C90EDD595F595890867323A9E681E
File Size:
8.16 MB, 8156672 bytes
|
|
MD5:
8154a3ba06760635e5fc1d3cb808be6a
SHA1:
19d496017e8fd5f267abefad6edb130e4f1566fd
SHA256:
C0AF7A9530BE7C20C791EC33E1A855B31923D10F0FCC599A0252C8778E8A6F38
File Size:
8.29 MB, 8289280 bytes
|
|
MD5:
7f19f225c180fbc1765ec1039c259fd5
SHA1:
fe5f69be44504004cc649566d27dfa00e0166fbe
SHA256:
8A830E75D18F5A2D3497C915133CE3BEDFC84BD7C97D7DB490F838BF0A1E2236
File Size:
1.82 MB, 1820160 bytes
|
|
MD5:
099f5e2b99c6717426b5ecb812c40413
SHA1:
efb400b1a07868a9db3b2efb2e98246fe3372c60
SHA256:
F53613A4956A33983A5EEA8250F2A9230CDFC48EAF2F9A548F58F29F47C0DF32
File Size:
10.00 MB, 9999872 bytes
|
|
MD5:
e871509e64c3e862f5f83e619bd15543
SHA1:
82698903437adcea357baff3583717c5d30fe00f
SHA256:
0FB19CD8670DDC5BC3C978D7F1B56ACC2E6D566A1011475F0CCB543D10A040B2
File Size:
7.89 MB, 7886336 bytes
|
|
MD5:
af3b2fa7399cab09ef75325d2b3012be
SHA1:
66f18054331c15b50733b4a2e48a8f7152dfe48a
SHA256:
3BD5E86A9A25DDB24F41192525DCC12824DB9AC616267CFB826681D38AA919A8
File Size:
8.82 MB, 8817152 bytes
|
|
MD5:
5e3bdcc0c98dde034c4829eb0530a142
SHA1:
3f468190d9336c3b5892a387ff7bfca29dbf45dc
SHA256:
BE6B988186B7AF188EF6B80B98E44437537F11F791DD66B63345FFEA380807B6
File Size:
2.82 MB, 2820096 bytes
|
|
MD5:
a25eed2c88b9f6850672c6ad04c02ca9
SHA1:
5eb4b946e44b3b1dd768e4eeccc80eb88be97fed
SHA256:
96CDCE00F18DE82D22F1F8C58C2470001BFEC15FAD4BBC3B08242A631871B348
File Size:
2.06 MB, 2063360 bytes
|
|
MD5:
1e3eec1c3f08798c957777d14abe9f1f
SHA1:
f0a3d6fa74d2b3b65f61a692ee816493e487f441
SHA256:
C2C2F45BD75F885E2184BCC9DC57957ACEDD87934F9A4A7CBADA06EAA56D3768
File Size:
1.48 MB, 1481728 bytes
|
|
MD5:
542b402ef5201ac67c657f09c2acbc0a
SHA1:
1e28812181e04253d930196e2edf089299307e13
SHA256:
8CDC2B361AC8D71EDDB5F5C0405581433E009B23E85A41191E091BC6729A006D
File Size:
3.42 MB, 3423744 bytes
|
|
MD5:
0fe9d1677ec97b17f69a7734c58cd617
SHA1:
c5227c9fe18af8f1191833d240056bd044041a00
SHA256:
DFBC3F950A465D1BD3C5AAFDC8859F56A96A5012B2984D83214080E2B354788C
File Size:
8.09 MB, 8089088 bytes
|
|
MD5:
423f38833a0545cb64cef0bab495a1ec
SHA1:
35b45634c80d21c993844305f09fd551e77d41d1
SHA256:
C0B4DD1110F68B3DC13653E39C44643B19F7E84E54568F005EA2BDD73474C9A0
File Size:
1.47 MB, 1467392 bytes
|
|
MD5:
30b7979779b3b0827db9bc8219ff1c6e
SHA1:
81b6a1c34d599cedbc5c0e03657742bd24e890e9
SHA256:
142BCD620642DCBEA87FFDBA43A358446703DBBD49AC142110CD83C2772EB65A
File Size:
2.62 MB, 2619904 bytes
|
|
MD5:
899d581b9fe20f1fee26ddf7b187427e
SHA1:
fbd66acd16cd059a058b01cb5db785fb35367e95
SHA256:
FD8EB20A8134129C66F0C011E12FE707BC91FDD8B800DE5C0E0BA69E621298C9
File Size:
6.44 MB, 6435840 bytes
|
|
MD5:
1829d1e4e94d4870f82c534325a25d7a
SHA1:
b1a462a2090fab858686aa981b02be6ee7a8f0d6
SHA256:
32EC04CAED2B4E1028114E1F498C894F6B454446A947B29CEFB0F323D8D1F803
File Size:
3.31 MB, 3309568 bytes
|
|
MD5:
9142a9ee1d9b10aeac17967a3b9d1d1d
SHA1:
dc389854aa7b6e4145f5b3d38e27a3a7e403b1a2
SHA256:
01521FC898B077CC2133DF11A30F88201DEACFD391F6B2E971A10A9C376B53D0
File Size:
2.52 MB, 2517504 bytes
|
|
MD5:
4f70261c0cd5d5e0540ac10b90ba6fd5
SHA1:
bf04d79102b346e02bcf571f0cc8db028a47a3d9
SHA256:
230339C6FC45D6B79D4FD0A9B3812F3935801A23E5A36A05F0268AFB12B8DA7D
File Size:
2.29 MB, 2287104 bytes
|
|
MD5:
75aa2926bf7d5509bfb16f870e589724
SHA1:
c5dba06916fa6c9508ee9b8beed6a50ebb4ae12f
SHA256:
D43235C998BD9E005457330E1C575ADBEA62FBEDE609012FB0FF6A57A96D73B2
File Size:
1.93 MB, 1931776 bytes
|
|
MD5:
ce27e493afd0df537e5ed6d7dd8de02e
SHA1:
50c3e59d8fe3ee98e2ab7576b3987a24e3bf0020
SHA256:
E1575672BEB1EEEE333BD3D8DC9C464B7155DE94531078F6674A42D181B1940A
File Size:
5.64 MB, 5636608 bytes
|
|
MD5:
a805192bcb7b138d52f22cbcc684e4d7
SHA1:
1445356a76d7d71f88eabf9eb0409bd200a859f3
SHA256:
87B7B965CF5638C79F5E8B1646F29BD2904F0B2A6A354F77858CB9DC26CEFBC8
File Size:
3.01 MB, 3006464 bytes
|
|
MD5:
20d3d7cb59efaefb6415e7493ac6e545
SHA1:
46b6af709b94ede0fc1115433a91afed13fb8505
SHA256:
DBEE5D169CB663CA23A2EE69898403B775EC4377AA0222BB98E556B53E82D834
File Size:
8.90 MB, 8897536 bytes
|
|
MD5:
09c996963107c804c2feba02888029a6
SHA1:
b176f0deb6326b120a2a7aa8300886aab8c1e45c
SHA256:
28B53FCA02CA5EE494DDCA60D2BCFD6A24607A1F3408748E23C1C06CD81759EF
File Size:
1.95 MB, 1953792 bytes
|
|
MD5:
a567b537a358799feb7e48dcdde4097c
SHA1:
aaa3eccaf4bfc3726ae70076866d88b8e5105466
SHA256:
2F7140DD613F0A5B4947E071F18442E8B2E8CA0DF9CDF5DF47F5D31B60827088
File Size:
4.01 MB, 4014592 bytes
|
|
MD5:
c7551ba05fcae8e9abd8ce0dd5f9b8f4
SHA1:
c1d7ce641a9acef4d434da946ea9d137ec23ce30
SHA256:
E4B6854C1138BC3CE1E704BE812B5809F9D72D7E47B79AC691E9ACDCD8626762
File Size:
6.23 MB, 6225408 bytes
|
|
MD5:
b9746ce0e950707299f2127a45d737ec
SHA1:
11241e26f64d4e906d2d02f574d725a592e6c0bf
SHA256:
A3318C571B4CA6BC7801D15BB0180F2EAF25C5C308858986820735A1A750A8C0
File Size:
9.65 MB, 9646592 bytes
|
|
MD5:
6663415d695763a5aebe1a8a49f66efd
SHA1:
c0f31de6d7b7483ae4f45b6bc1effda5a5df954e
SHA256:
0E57F4A0F9DC6DFF657C3CF07C96BC1C5BBCDD31A6B55437A2C0DF6E12906E1F
File Size:
1.48 MB, 1481728 bytes
|
|
MD5:
fe2fd700f199db9c44f7e54e71af8975
SHA1:
78f96be693d16bf7378e84c6ec2915034daa9dfb
SHA256:
95C841914DDBD2657F83B7510E491ABE29520F22012840865550FB230873E461
File Size:
8.26 MB, 8261120 bytes
|
|
MD5:
e54abf6e7269792576f24d2f90d6c04b
SHA1:
530891bc55d904bef519576d993a93a25704b549
SHA256:
0864B528797B4A16327F09B51266CBBB02D9DECE9B6EB87413E0DF137467D620
File Size:
1.76 MB, 1756160 bytes
|
|
MD5:
d8a748e1423a47c0d0bab0a5cad5f581
SHA1:
a6ef456ebba3f88aec8d72e7c7ec51fb86fbae0e
SHA256:
C6F24040FE2ED400A180443A4184BE5180E33524F34BEA9B1490936250059B83
File Size:
3.66 MB, 3661824 bytes
|
|
MD5:
8c4931a3176c004113a75d1e22085a02
SHA1:
46eeb149bfe24145aa1f23cd188533b85494fae0
SHA256:
5567689C2FD1B826C910FE766637382DF2FCC07A5C3F5A35F7587AD6729D405C
File Size:
9.21 MB, 9211904 bytes
|
|
MD5:
1fb1b1fb2dff45a8dfc8b72cd67e12b8
SHA1:
51843199beda45ff3b5ddbec3bebc1fb0c7aaa14
SHA256:
96A0A0FEF6655FC74B12AA597FAB8A25A23783661D44DB379F461E3B46CD3C47
File Size:
9.22 MB, 9222144 bytes
|
|
MD5:
bd072a66c5f9cb7cf62ada720996e520
SHA1:
89a86d80a226ad699b03b8e468b152733573bd7b
SHA256:
EBBBB9971F112A145C7A38B7682CF2FF06B354ACEFA0DA3F4FA06279412B152A
File Size:
1.41 MB, 1409536 bytes
|
|
MD5:
07001050cc5fb0123014f3d0fb3beda1
SHA1:
2efcac054fa827459c3adea22723dac4104ac0f0
SHA256:
9EB3016150A60074CF5B6C3449E6B3482D08C1165D006BD87970D5ED20A9AA60
File Size:
9.29 MB, 9293824 bytes
|
|
MD5:
952143cab78929865937480cf4113d27
SHA1:
8d13ae61c98736a70efc26d68dd8e66259379f1e
SHA256:
583C891A7955A8880554E84F81ACC93461345B03EFDBA5EF0D4CBCD3A4049764
File Size:
2.46 MB, 2460160 bytes
|
|
MD5:
fff1cbf046613e6f377c8721f2799160
SHA1:
fb93a106509a7ad65c86ccec5b8d2db2e24898c8
SHA256:
9B61C03A5C767455CCE276175CA924BB46B3AFAD69C7A53C4ADE6890B71B93D1
File Size:
2.58 MB, 2577408 bytes
|
|
MD5:
7861c1a276dbcf071f05e9c68d18ce74
SHA1:
426be3e6088f6b29bcb9deded15c2fd467a11fa8
SHA256:
D54BD8488376053D868638A5DECA54641FD0978B7AECB21347110DC7014B13B0
File Size:
8.52 MB, 8523776 bytes
|
|
MD5:
05148a4bd7ef6c00f3126db595d486c3
SHA1:
85cdd131c580ee97f085f494296e071464150eed
SHA256:
D5FD751030B22A8279D46923769744CBB2ABB8C5556D231FC7B455EBF8EE9561
File Size:
6.80 MB, 6796288 bytes
|
|
MD5:
d3f42f3147bdd475d2e40794ba9e3d58
SHA1:
e700dce01419e8cf054f5e53585d2eb4bf8f4f12
SHA256:
72EE252BC855EEF662F31275F06ABE345ED0B70F71BAC7B299D9E2CAA10F5645
File Size:
9.21 MB, 9211392 bytes
|
|
MD5:
f1b711a238d43682c5b469aa5ddc096c
SHA1:
fcae904eb5d755c8db74e7d185cbb76f61e4f9bd
SHA256:
B2B2ED53A579952930B7C815A09363169C8F5937F3FB7D3FED60B1787EA7E757
File Size:
9.95 MB, 9947648 bytes
|
|
MD5:
599e2a89edcb812b5bd63d8f6c99c0d1
SHA1:
3b04c7ec06f1dfaa1ab6945ad185b96809117017
SHA256:
893A1CB6EE1249DA03D19B1F61623D2C18D30D09E1DEB42F8A063EB7813504EF
File Size:
2.06 MB, 2057216 bytes
|
|
MD5:
33c07a4fe365ab9d031e9c54239840c8
SHA1:
daef0560ea132da716177473b94103c2211ca94b
SHA256:
E19A4C0E48C97F71C63C754EE47CC305D9E7E4DA1E318E3ABCAC9F69CA7E8D67
File Size:
6.80 MB, 6803968 bytes
|
|
MD5:
efbdec0d0f18b3d6fa559f88fbc91165
SHA1:
ac5ad1140e491d1f243a88e7735ec183851c6555
SHA256:
A6EC2117DC7E9D54D7AD9C4C8D361139B2D41B931DFEE2014A308B1736FDBD52
File Size:
8.70 MB, 8698880 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has exports table
- File has TLS information
- File is .NET application
- File is 32-bit executable
Show More
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version |
|
| Company Name | Atomic Shield |
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Gia Hưng Lê | SSL.com Root Certification Authority RSA | Root Not Trusted |
File Traits
- 2+ executable sections
- Discord
- dll
- fptable
- GetConsoleWindow
- HighEntropy
- imgui
- No Version Info
- ntdll
- packed
Show More
- Pastebin
- VirtualQueryEx
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 21,465 |
|---|---|
| Potentially Malicious Blocks: | 258 |
| Whitelisted Blocks: | 16,832 |
| Unknown Blocks: | 4,375 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
?
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
0
?
0
?
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
?
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
0
0
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
?
?
0
0
0
?
0
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
0
?
?
0
0
?
0
0
?
0
?
0
?
0
?
0
?
?
?
0
0
?
?
0
0
0
?
0
0
0
?
0
0
0
0
0
0
1
?
?
0
0
0
0
?
?
?
?
?
0
?
?
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
?
?
?
0
0
?
?
0
?
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
1
x
0
0
0
0
0
x
0
?
0
0
0
0
0
0
0
0
0
0
0
0
1
0
?
?
?
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
?
?
0
0
0
0
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
?
0
x
0
0
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
?
0
x
0
1
?
?
0
0
0
0
0
0
?
?
0
0
0
0
1
0
?
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
?
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
x
0
?
0
0
0
0
0
?
0
0
x
0
1
x
0
0
0
0
0
0
0
0
0
0
0
?
0
0
x
?
?
?
?
0
0
0
0
?
?
0
?
0
x
0
?
x
?
0
0
0
x
0
0
0
0
?
?
0
0
0
?
x
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
0
0
0
?
0
0
?
?
0
x
0
?
x
?
x
?
?
?
0
0
0
?
?
?
?
?
0
?
x
0
0
0
0
?
0
0
0
?
1
0
?
1
0
0
0
?
0
0
0
0
0
0
0
?
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
?
?
0
0
?
0
x
0
0
0
?
0
?
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
0
?
0
?
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
1
0
0
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
0
0
?
?
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
?
0
?
x
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
0
x
x
0
0
?
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
0
x
x
0
?
0
0
0
0
0
0
0
?
?
?
?
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
?
?
0
0
0
0
?
0
?
0
0
0
?
?
?
0
0
?
0
0
?
0
?
0
0
0
?
1
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
0
0
0
?
0
0
0
0
?
x
0
?
0
?
0
?
0
0
0
0
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
?
0
0
?
0
0
0
0
0
0
?
0
0
1
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
?
0
x
?
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
?
0
0
0
?
0
0
0
0
0
x
0
x
x
0
x
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
?
?
0
0
?
0
0
0
0
0
0
?
?
1
0
0
0
x
0
0
0
0
0
0
0
0
0
0
?
?
?
?
0
0
?
0
0
0
?
0
0
0
0
0
0
0
0
?
x
x
?
?
0
0
0
0
0
0
0
?
0
0
?
0
x
?
0
0
x
0
0
0
0
0
0
0
?
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.TRG
- BadJoke.RI
- CsgoInjector.FB
- CsgoInjector.GH
- Downloader.Agent.BZA
Show More
- Gamehack.AEEB
- Gamehack.DSE
- Gamehack.EBB
- Gamehack.EH
- Gamehack.GACH
- Gamehack.GDDG
- Gamehack.GDDH
- Gamehack.GSM
- Gamehack.JAC
- Injector.KFSC
- Kryptik.DTE
- Kryptik.EFJ
- Kryptik.KBBI
- Kryptik.LDA
- MSIL.RobloxHack.FI
- MSIL.RobloxHack.FK
- TelegramHack.C
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
| c:\users\user\appdata\local\flarial\client\logs\latest.log | Generic Write,Read Attributes |
| c:\users\user\downloads\log.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
141 additional items are not displayed above. |
| Network Winsock2 |
|
| Network Winsock |
|
| User Data Access |
|
| Encryption Used |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
| Process Terminate |
|
| Service Control |
|
| Network Info Queried |
|
| Keyboard Access |
|