Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.EBB

PUP.Gamehack.EBB

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.EBB
Signature status: No Signature

Known Samples

MD5: 68809ec992058a304f1dccebd536a712
SHA1: d6fbd6358a1ee6ca77332a3eb7570adcfac8402e
File Size: 2.06 MB, 2059776 bytes
MD5: eccae5aaedb6940a837f01a3253aeded
SHA1: b8af2baf31f453e8f17a2fd618c005e1a52a6fb7
SHA256: B36E1FDECD76B9AC7AC5A147CB5106C21AD6B590FE667CBECA50D8318349DE4C
File Size: 2.31 MB, 2309120 bytes
MD5: 2ce915872a140f716ccc28ede03b6928
SHA1: 15bf1586658fbd09b3beabcff55b2b20973ff643
SHA256: AD1A5F59A4E7E18360031EB918571FF0C706AB52F25D740965CC8C9512313B0F
File Size: 3.63 MB, 3634688 bytes
MD5: 5b0c5a995f3c8326b49c298f3d4c48fd
SHA1: 9ecbf7ef4fb8742105bef0b2ba1c69bc80ea02c6
SHA256: A619EF6445C337AA6B28803A4B8770D0CCD199D1A387765866BE7F3618A5D141
File Size: 3.04 MB, 3041280 bytes
MD5: 142f909e88b376385718987c47cfda98
SHA1: 56de6e5445a88fd71b957e305a5565c83eb11174
SHA256: EA92FAE7FB87154F97311D41401BECE8515BD1D196B76AAC03D589539A99F47E
File Size: 1.46 MB, 1464320 bytes
Show More
MD5: a4a6291d1800eb62d730e0af4e3cc39e
SHA1: ef307b81afd8a71552037c2ce19d5c43f70ae0e7
SHA256: 7DD58CC98100D1F5769C6C77288F52FEE788AEE062025B342EECF3365CCC730A
File Size: 1.56 MB, 1560576 bytes
MD5: e83cca699dbed49f84eda4cd5e658668
SHA1: 8787e17f87d21ec65bbceb1453095c080dcfc779
SHA256: 42C65857807867CCF2345B85A83D7BE93195CF16B6190BA178EFD09BD608A8D3
File Size: 3.52 MB, 3522424 bytes
MD5: 43dc9beaeaf4275bbff004400898d9d3
SHA1: d5b77b51040d5442591bf7c3822362212f2ff1be
SHA256: 3F0DE58F4569C1A134B0D312CBA0534EBDC5C525AA073C6F3C8501FD3195BD2B
File Size: 8.13 MB, 8125952 bytes
MD5: baedb1d05e4c3b72db69ed5a667d430f
SHA1: 543f9923f7fc9e8b8ff65e6e3ccf29d3b6268949
SHA256: D4F37D0F62B2EBDA5396A5E2EFE7273DCE12B25730B1FDB33899985FAD9CDB3F
File Size: 3.35 MB, 3353600 bytes
MD5: b8ea7c7810d4b98e05e9c401007b0d76
SHA1: 0912689d20efa4ebe8ea0b6aebb9f31caa09dccb
SHA256: 071825A18825EEB9DAF1827143FFDC1CC127776FDD3EEFC2C207A1430942DD6B
File Size: 2.05 MB, 2054144 bytes
MD5: 79c226c6e0f0c61f7042afe09f260a01
SHA1: 75442a6594a267f00a599103e88fb9c4d8dc21d0
SHA256: CF872049703A6069BA6BD95FD075705E6D05E5CC893176B7EA372090A2496D73
File Size: 1.44 MB, 1437184 bytes
MD5: 2e094007e1081b80adc67bf0ad4b283b
SHA1: cc48866eace2a4767fd60249a20730d51ff1193d
SHA256: 413F21615A7324987C7E1AAEE73495CACB0721208E90B6A4D7709EE575242E3C
File Size: 5.94 MB, 5944320 bytes
MD5: cbe21c7190b04e1cfcde071ef5c98a28
SHA1: a19fce18979b553078850843a7e8c65c9331bc85
SHA256: 7FF5A5657D63DA6D5880EDDFE53ABA53B3AC39C2A44AF3744D4E9C31894626BC
File Size: 1.76 MB, 1763840 bytes
MD5: 2dd1ba71d4759d2b1ca47d708cab87fc
SHA1: d1c77ce0efe2f455209a7ed857bbab2742979f42
SHA256: 61A5379D2B5CAD1BBDB5B304353A3447D47C90EDD595F595890867323A9E681E
File Size: 8.16 MB, 8156672 bytes
MD5: 8154a3ba06760635e5fc1d3cb808be6a
SHA1: 19d496017e8fd5f267abefad6edb130e4f1566fd
SHA256: C0AF7A9530BE7C20C791EC33E1A855B31923D10F0FCC599A0252C8778E8A6F38
File Size: 8.29 MB, 8289280 bytes
MD5: 7f19f225c180fbc1765ec1039c259fd5
SHA1: fe5f69be44504004cc649566d27dfa00e0166fbe
SHA256: 8A830E75D18F5A2D3497C915133CE3BEDFC84BD7C97D7DB490F838BF0A1E2236
File Size: 1.82 MB, 1820160 bytes
MD5: 099f5e2b99c6717426b5ecb812c40413
SHA1: efb400b1a07868a9db3b2efb2e98246fe3372c60
SHA256: F53613A4956A33983A5EEA8250F2A9230CDFC48EAF2F9A548F58F29F47C0DF32
File Size: 10.00 MB, 9999872 bytes
MD5: e871509e64c3e862f5f83e619bd15543
SHA1: 82698903437adcea357baff3583717c5d30fe00f
SHA256: 0FB19CD8670DDC5BC3C978D7F1B56ACC2E6D566A1011475F0CCB543D10A040B2
File Size: 7.89 MB, 7886336 bytes
MD5: af3b2fa7399cab09ef75325d2b3012be
SHA1: 66f18054331c15b50733b4a2e48a8f7152dfe48a
SHA256: 3BD5E86A9A25DDB24F41192525DCC12824DB9AC616267CFB826681D38AA919A8
File Size: 8.82 MB, 8817152 bytes
MD5: 5e3bdcc0c98dde034c4829eb0530a142
SHA1: 3f468190d9336c3b5892a387ff7bfca29dbf45dc
SHA256: BE6B988186B7AF188EF6B80B98E44437537F11F791DD66B63345FFEA380807B6
File Size: 2.82 MB, 2820096 bytes
MD5: a25eed2c88b9f6850672c6ad04c02ca9
SHA1: 5eb4b946e44b3b1dd768e4eeccc80eb88be97fed
SHA256: 96CDCE00F18DE82D22F1F8C58C2470001BFEC15FAD4BBC3B08242A631871B348
File Size: 2.06 MB, 2063360 bytes
MD5: 1e3eec1c3f08798c957777d14abe9f1f
SHA1: f0a3d6fa74d2b3b65f61a692ee816493e487f441
SHA256: C2C2F45BD75F885E2184BCC9DC57957ACEDD87934F9A4A7CBADA06EAA56D3768
File Size: 1.48 MB, 1481728 bytes
MD5: 542b402ef5201ac67c657f09c2acbc0a
SHA1: 1e28812181e04253d930196e2edf089299307e13
SHA256: 8CDC2B361AC8D71EDDB5F5C0405581433E009B23E85A41191E091BC6729A006D
File Size: 3.42 MB, 3423744 bytes
MD5: 0fe9d1677ec97b17f69a7734c58cd617
SHA1: c5227c9fe18af8f1191833d240056bd044041a00
SHA256: DFBC3F950A465D1BD3C5AAFDC8859F56A96A5012B2984D83214080E2B354788C
File Size: 8.09 MB, 8089088 bytes
MD5: 423f38833a0545cb64cef0bab495a1ec
SHA1: 35b45634c80d21c993844305f09fd551e77d41d1
SHA256: C0B4DD1110F68B3DC13653E39C44643B19F7E84E54568F005EA2BDD73474C9A0
File Size: 1.47 MB, 1467392 bytes
MD5: 30b7979779b3b0827db9bc8219ff1c6e
SHA1: 81b6a1c34d599cedbc5c0e03657742bd24e890e9
SHA256: 142BCD620642DCBEA87FFDBA43A358446703DBBD49AC142110CD83C2772EB65A
File Size: 2.62 MB, 2619904 bytes
MD5: 899d581b9fe20f1fee26ddf7b187427e
SHA1: fbd66acd16cd059a058b01cb5db785fb35367e95
SHA256: FD8EB20A8134129C66F0C011E12FE707BC91FDD8B800DE5C0E0BA69E621298C9
File Size: 6.44 MB, 6435840 bytes
MD5: 1829d1e4e94d4870f82c534325a25d7a
SHA1: b1a462a2090fab858686aa981b02be6ee7a8f0d6
SHA256: 32EC04CAED2B4E1028114E1F498C894F6B454446A947B29CEFB0F323D8D1F803
File Size: 3.31 MB, 3309568 bytes
MD5: 9142a9ee1d9b10aeac17967a3b9d1d1d
SHA1: dc389854aa7b6e4145f5b3d38e27a3a7e403b1a2
SHA256: 01521FC898B077CC2133DF11A30F88201DEACFD391F6B2E971A10A9C376B53D0
File Size: 2.52 MB, 2517504 bytes
MD5: 4f70261c0cd5d5e0540ac10b90ba6fd5
SHA1: bf04d79102b346e02bcf571f0cc8db028a47a3d9
SHA256: 230339C6FC45D6B79D4FD0A9B3812F3935801A23E5A36A05F0268AFB12B8DA7D
File Size: 2.29 MB, 2287104 bytes
MD5: 75aa2926bf7d5509bfb16f870e589724
SHA1: c5dba06916fa6c9508ee9b8beed6a50ebb4ae12f
SHA256: D43235C998BD9E005457330E1C575ADBEA62FBEDE609012FB0FF6A57A96D73B2
File Size: 1.93 MB, 1931776 bytes
MD5: ce27e493afd0df537e5ed6d7dd8de02e
SHA1: 50c3e59d8fe3ee98e2ab7576b3987a24e3bf0020
SHA256: E1575672BEB1EEEE333BD3D8DC9C464B7155DE94531078F6674A42D181B1940A
File Size: 5.64 MB, 5636608 bytes
MD5: a805192bcb7b138d52f22cbcc684e4d7
SHA1: 1445356a76d7d71f88eabf9eb0409bd200a859f3
SHA256: 87B7B965CF5638C79F5E8B1646F29BD2904F0B2A6A354F77858CB9DC26CEFBC8
File Size: 3.01 MB, 3006464 bytes
MD5: 20d3d7cb59efaefb6415e7493ac6e545
SHA1: 46b6af709b94ede0fc1115433a91afed13fb8505
SHA256: DBEE5D169CB663CA23A2EE69898403B775EC4377AA0222BB98E556B53E82D834
File Size: 8.90 MB, 8897536 bytes
MD5: 09c996963107c804c2feba02888029a6
SHA1: b176f0deb6326b120a2a7aa8300886aab8c1e45c
SHA256: 28B53FCA02CA5EE494DDCA60D2BCFD6A24607A1F3408748E23C1C06CD81759EF
File Size: 1.95 MB, 1953792 bytes
MD5: a567b537a358799feb7e48dcdde4097c
SHA1: aaa3eccaf4bfc3726ae70076866d88b8e5105466
SHA256: 2F7140DD613F0A5B4947E071F18442E8B2E8CA0DF9CDF5DF47F5D31B60827088
File Size: 4.01 MB, 4014592 bytes
MD5: c7551ba05fcae8e9abd8ce0dd5f9b8f4
SHA1: c1d7ce641a9acef4d434da946ea9d137ec23ce30
SHA256: E4B6854C1138BC3CE1E704BE812B5809F9D72D7E47B79AC691E9ACDCD8626762
File Size: 6.23 MB, 6225408 bytes
MD5: b9746ce0e950707299f2127a45d737ec
SHA1: 11241e26f64d4e906d2d02f574d725a592e6c0bf
SHA256: A3318C571B4CA6BC7801D15BB0180F2EAF25C5C308858986820735A1A750A8C0
File Size: 9.65 MB, 9646592 bytes
MD5: 6663415d695763a5aebe1a8a49f66efd
SHA1: c0f31de6d7b7483ae4f45b6bc1effda5a5df954e
SHA256: 0E57F4A0F9DC6DFF657C3CF07C96BC1C5BBCDD31A6B55437A2C0DF6E12906E1F
File Size: 1.48 MB, 1481728 bytes
MD5: fe2fd700f199db9c44f7e54e71af8975
SHA1: 78f96be693d16bf7378e84c6ec2915034daa9dfb
SHA256: 95C841914DDBD2657F83B7510E491ABE29520F22012840865550FB230873E461
File Size: 8.26 MB, 8261120 bytes
MD5: e54abf6e7269792576f24d2f90d6c04b
SHA1: 530891bc55d904bef519576d993a93a25704b549
SHA256: 0864B528797B4A16327F09B51266CBBB02D9DECE9B6EB87413E0DF137467D620
File Size: 1.76 MB, 1756160 bytes
MD5: d8a748e1423a47c0d0bab0a5cad5f581
SHA1: a6ef456ebba3f88aec8d72e7c7ec51fb86fbae0e
SHA256: C6F24040FE2ED400A180443A4184BE5180E33524F34BEA9B1490936250059B83
File Size: 3.66 MB, 3661824 bytes
MD5: 8c4931a3176c004113a75d1e22085a02
SHA1: 46eeb149bfe24145aa1f23cd188533b85494fae0
SHA256: 5567689C2FD1B826C910FE766637382DF2FCC07A5C3F5A35F7587AD6729D405C
File Size: 9.21 MB, 9211904 bytes
MD5: 1fb1b1fb2dff45a8dfc8b72cd67e12b8
SHA1: 51843199beda45ff3b5ddbec3bebc1fb0c7aaa14
SHA256: 96A0A0FEF6655FC74B12AA597FAB8A25A23783661D44DB379F461E3B46CD3C47
File Size: 9.22 MB, 9222144 bytes
MD5: bd072a66c5f9cb7cf62ada720996e520
SHA1: 89a86d80a226ad699b03b8e468b152733573bd7b
SHA256: EBBBB9971F112A145C7A38B7682CF2FF06B354ACEFA0DA3F4FA06279412B152A
File Size: 1.41 MB, 1409536 bytes
MD5: 07001050cc5fb0123014f3d0fb3beda1
SHA1: 2efcac054fa827459c3adea22723dac4104ac0f0
SHA256: 9EB3016150A60074CF5B6C3449E6B3482D08C1165D006BD87970D5ED20A9AA60
File Size: 9.29 MB, 9293824 bytes
MD5: 952143cab78929865937480cf4113d27
SHA1: 8d13ae61c98736a70efc26d68dd8e66259379f1e
SHA256: 583C891A7955A8880554E84F81ACC93461345B03EFDBA5EF0D4CBCD3A4049764
File Size: 2.46 MB, 2460160 bytes
MD5: fff1cbf046613e6f377c8721f2799160
SHA1: fb93a106509a7ad65c86ccec5b8d2db2e24898c8
SHA256: 9B61C03A5C767455CCE276175CA924BB46B3AFAD69C7A53C4ADE6890B71B93D1
File Size: 2.58 MB, 2577408 bytes
MD5: 7861c1a276dbcf071f05e9c68d18ce74
SHA1: 426be3e6088f6b29bcb9deded15c2fd467a11fa8
SHA256: D54BD8488376053D868638A5DECA54641FD0978B7AECB21347110DC7014B13B0
File Size: 8.52 MB, 8523776 bytes
MD5: 05148a4bd7ef6c00f3126db595d486c3
SHA1: 85cdd131c580ee97f085f494296e071464150eed
SHA256: D5FD751030B22A8279D46923769744CBB2ABB8C5556D231FC7B455EBF8EE9561
File Size: 6.80 MB, 6796288 bytes
MD5: d3f42f3147bdd475d2e40794ba9e3d58
SHA1: e700dce01419e8cf054f5e53585d2eb4bf8f4f12
SHA256: 72EE252BC855EEF662F31275F06ABE345ED0B70F71BAC7B299D9E2CAA10F5645
File Size: 9.21 MB, 9211392 bytes
MD5: f1b711a238d43682c5b469aa5ddc096c
SHA1: fcae904eb5d755c8db74e7d185cbb76f61e4f9bd
SHA256: B2B2ED53A579952930B7C815A09363169C8F5937F3FB7D3FED60B1787EA7E757
File Size: 9.95 MB, 9947648 bytes
MD5: 599e2a89edcb812b5bd63d8f6c99c0d1
SHA1: 3b04c7ec06f1dfaa1ab6945ad185b96809117017
SHA256: 893A1CB6EE1249DA03D19B1F61623D2C18D30D09E1DEB42F8A063EB7813504EF
File Size: 2.06 MB, 2057216 bytes
MD5: 33c07a4fe365ab9d031e9c54239840c8
SHA1: daef0560ea132da716177473b94103c2211ca94b
SHA256: E19A4C0E48C97F71C63C754EE47CC305D9E7E4DA1E318E3ABCAC9F69CA7E8D67
File Size: 6.80 MB, 6803968 bytes
MD5: efbdec0d0f18b3d6fa559f88fbc91165
SHA1: ac5ad1140e491d1f243a88e7735ec183851c6555
SHA256: A6EC2117DC7E9D54D7AD9C4C8D361139B2D41B931DFEE2014A308B1736FDBD52
File Size: 8.70 MB, 8698880 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
Show More
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 1.0.0.1
  • 1.0.0.0
Company Name Atomic Shield
File Description
  • FiveM External AntiCheat
  • jnfreeV7
  • Mod After Cheats Free
File Version
  • 1.0.0.1
  • 1.0.0.0
Internal Name
  • AtomicShieldAgent
  • jnfreeV7.exe
  • Mod After Cheats Free.exe
Legal Copyright
  • AfterCheats Copyright © 2025
  • Copyright (C) 2025 AtomicShield. All rights reserved.
  • Copyright © 2025
Original Filename
  • AtomicShieldAgent.exe
  • jnfreeV7.exe
  • Mod After Cheats Free.exe
Product Name
  • FiveM AntiCheat
  • jnfreeV7
  • Mod After Cheats Free
Product Version
  • 1.0.0.1
  • 1.0.0.0

Digital Signatures

Signer Root Status
Gia Hưng Lê SSL.com Root Certification Authority RSA Root Not Trusted

File Traits

  • 2+ executable sections
  • Discord
  • dll
  • fptable
  • GetConsoleWindow
  • HighEntropy
  • imgui
  • No Version Info
  • ntdll
  • packed
Show More
  • Pastebin
  • VirtualQueryEx
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 21,465
Potentially Malicious Blocks: 258
Whitelisted Blocks: 16,832
Unknown Blocks: 4,375

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 ? ? 0 0 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 ? ? 0 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 0 ? ? 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 1 ? ? 0 0 0 0 ? ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 ? ? ? 0 0 ? ? 0 ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 1 x 0 0 0 0 0 x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 1 0 ? ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 x 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 x 0 1 ? ? 0 0 0 0 0 0 ? ? 0 0 0 0 1 0 ? 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 ? 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 x 0 ? 0 0 0 0 0 ? 0 0 x 0 1 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x ? ? ? ? 0 0 0 0 ? ? 0 ? 0 x 0 ? x ? 0 0 0 x 0 0 0 0 ? ? 0 0 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 ? 0 0 ? ? 0 x 0 ? x ? x ? ? ? 0 0 0 ? ? ? ? ? 0 ? x 0 0 0 0 ? 0 0 0 ? 1 0 ? 1 0 0 0 ? 0 0 0 0 0 0 0 ? 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? ? 0 0 ? 0 x 0 0 0 ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 1 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 ? ? 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 ? 0 ? x 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 x x 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? 0 x x 0 ? 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? 0 ? 0 0 0 ? ? ? 0 0 ? 0 0 ? 0 ? 0 0 0 ? 1 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 0 0 ? 0 0 0 0 ? x 0 ? 0 ? 0 ? 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 1 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 ? 0 x ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 ? 0 0 0 0 0 x 0 x x 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 ? ? 1 0 0 0 x 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 ? x x ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 x ? 0 0 x 0 0 0 0 0 0 0 ? 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.TRG
  • BadJoke.RI
  • CsgoInjector.FB
  • CsgoInjector.GH
  • Downloader.Agent.BZA
Show More
  • Gamehack.AEEB
  • Gamehack.DSE
  • Gamehack.EBB
  • Gamehack.EH
  • Gamehack.GACH
  • Gamehack.GDDG
  • Gamehack.GDDH
  • Gamehack.GSM
  • Gamehack.JAC
  • Injector.KFSC
  • Kryptik.DTE
  • Kryptik.EFJ
  • Kryptik.KBBI
  • Kryptik.LDA
  • MSIL.RobloxHack.FI
  • MSIL.RobloxHack.FK
  • TelegramHack.C

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\flarial\client\logs\latest.log Generic Write,Read Attributes
c:\users\user\downloads\log.txt Generic Read,Write Data,Write Attributes,Write extended,Append data

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAllocateReserveObject
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
Show More
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetContextThread
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryTimerResolution
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetIoCompletionEx
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerResolution

141 additional items are not displayed above.

Network Winsock2
  • WSAStartup
Network Winsock
  • accept
  • bind
  • closesocket
  • connect
  • getsockname
  • recv
  • send
  • setsockopt
  • socket
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
Process Manipulation Evasion
  • ReadProcessMemory
Process Terminate
  • TerminateProcess
Service Control
  • OpenSCManager
  • OpenService
Network Info Queried
  • GetAdaptersInfo
Keyboard Access
  • GetAsyncKeyState

Trending

Most Viewed

Loading...