PUP.Gamehack.EDA
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Gamehack.EDA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
93813680a34b0ec6255b2f8064a2b2f4
SHA1:
17db2e7ef6c1659e26b7dcc98c3d1700303d9737
File Size:
94.72 KB, 94720 bytes
|
|
MD5:
46263104498ab6332d548db08e66f2d5
SHA1:
62511baad63aa3d6a0a8a1981462ebe7b41a3472
SHA256:
CD269C7FF20A5535448871A2FDE2D2FAD2D7C9D604F45441AE2F8850D636A6E9
File Size:
115.71 KB, 115712 bytes
|
|
MD5:
090e7a85634bc76f99457420bba8f4a0
SHA1:
72c9c77aebfe71e4adba89eb1901ee02d2f2c463
SHA256:
D8174DB27FD7952947C55F938559EA2234E69F3A80A705314824ED78091902F0
File Size:
99.33 KB, 99328 bytes
|
|
MD5:
8307adcd429c3a96f7c0d4bb5d2c77a1
SHA1:
a5283a2688baaf67f801ed790593c7096446c505
SHA256:
B1C102F41D50D356BC0214B14C046258C569705758EA78061E3B6C73F95E2710
File Size:
141.82 KB, 141824 bytes
|
|
MD5:
2a9c25dab533091b430eeceeb10a160e
SHA1:
c9b37e4f311dbaca2eb5fa8844a4c313e3bebfaa
SHA256:
E9CE202C686B0EC56B52B2C80974B9F8D28C63D93214301CC3C3C52A1DD351A3
File Size:
1.54 MB, 1542781 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
File Traits
- HighEntropy
- No Version Info
- ntdll
- WriteProcessMemory
- x64
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\nshd130.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nshd130.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nshd130.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nshd130.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsmd100.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\utils\portchecker.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\utils\portchecker\app.go | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\utils\portchecker\go.mod | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Anti Debug |
|
| User Data Access |
|
