PUP.Gamehack.FFD

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Gamehack.FFD
Packers:	UPX!
Signature status:	No Signature

Known Samples

MD5: 6338caf6b4b7d6fa1cd7e6997d8e2cb4

SHA1: c4208bcc4d3849036621732530c31538447a5334

SHA256: F30A71B583C7E92740D6C4B1025DE9E3A0DBB06E1432DFCE1BD5208C7D299A4D

File Size: 219.51 KB, 219515 bytes

MD5: 2426a9599f9be2b338d7d8e4a797ae32

SHA1: 596e0e9577a50c06a5b8039f394d93f9515859ba

SHA256: C54C5D1191FA0A2F2CD3952BFD8398E08F90205355264E23C588A9462FF61E07

File Size: 219.78 KB, 219775 bytes

MD5: 0c7a8188b4a37d5423dde8cad4fe86d8

SHA1: 3a41655e11197ed3bdcb8a210000ded70d9f32cb

SHA256: DE0570DBE1F8D317E5B8E5C60E6CF19D272476CA788C482319C54D2DD6A7E8A8

File Size: 219.49 KB, 219489 bytes

MD5: 78dac744b03ab743d7f811fbdaedef45

SHA1: 253cbdeebce6f7eb7b8ad7e37ff253bf3b81749b

SHA256: 07F7E5590763DCC3817F4100FA31E0F5B5126A6F4CC5FB9A792E886F6AB6D057

File Size: 219.48 KB, 219478 bytes

MD5: b0c9eb3992eb2e8d33fdecd9c8500e64

SHA1: 323fc74f770a58acf6cf3fcd69e892a6790b4d5b

SHA256: 4B8C2322116BD726B53E595D36C8406291FAE4D11737903AA184D896EFFBFBEA

File Size: 219.55 KB, 219547 bytes

MD5: 74dd22bed85b584946fca67a1f025ee9

SHA1: e150458101ef8c201fc6fdc009de00467b55ca70

SHA256: D49B8D10CEE9FC0D4B08FF2D3F3C77E3647CF5550EA9BB1A1B6511A54ADEE7B1

File Size: 220.07 KB, 220066 bytes

MD5: 4a5f5ccdfc5c2ef653f3741b6f946ecb

SHA1: fef6c046ec51a494102804faad0ff261e08323f6

SHA256: 7327AF84D79D91D077266E1FC2A147CF379534C663175DE2AE6BDD8E243E8F18

File Size: 218.01 KB, 218013 bytes

MD5: 2eaf75a3633a416506eb68e6674b4c29

SHA1: ce6b23c512827933b2fd3b244935874de0d27d18

SHA256: 077EB0F02479DE78E03CDED59551DB187A7E654BD2FD6019E19CC773FFB6E80F

File Size: 220.04 KB, 220044 bytes

MD5: 22a78614973621c054fd51ecc1a853c2

SHA1: 6406f1d31d31962cd655851581c48c3a0cac42a8

SHA256: 4F5C8EB95DBB662123EEB02580639D7DF14D7636CAD2AC0A630324B338D8A691

File Size: 220.07 KB, 220070 bytes

MD5: edaf66908b07b5f325fd8b5e37bbf668

SHA1: 646f2c6a8e9adb86ee29b1d15a68985f767c2892

SHA256: 3B340C77F6309BBD67D10D1741D351F7A222DF8C8DB6513A9D2356C989B6DCB3

File Size: 219.44 KB, 219435 bytes

MD5: af41df724aae83252f4ec5ad7492fe0e

SHA1: c89f96ff43e9125d5ca38cefd61cb030310c6ef8

SHA256: CB477ED9EA8E860CFF5016D0667C7E6F3BEC4169C151FF37006A7ACB9F441F31

File Size: 219.94 KB, 219944 bytes

MD5: 054c464f2489416c1157bf5ddee2a7f1

SHA1: 66cfc802e02baba18d812071553fa78bb0f07bac

SHA256: B4B22A80C81F110115D197726D5E48272BB6C2E42DDDDB9155B96E2A357FA2F8

File Size: 220.26 KB, 220264 bytes

MD5: 85bfc9af5b481f23a6027c139feab44e

SHA1: 80a38fef453347f771b2d733029cac6fa9a52d5d

SHA256: 12FF627A5CA7718A28F957200D8C17621AD352B2718E6B08D4E07134A14A192B

File Size: 219.53 KB, 219535 bytes

MD5: ca1dfcf1c1d8afb55d8f308f2d41d14f

SHA1: 38f75f929e3c535c86f4af66b595c2a4b5fb5cc9

SHA256: 93BFC968DF39C97E33727F923FCBE36C0AF7774C2890C6D527D2A5B03BB79E8C

File Size: 219.57 KB, 219573 bytes

MD5: d22ca73bc09b61c92bc136e519ac362c

SHA1: 566c8dcc13172be6b24eeb138c44cbf6150a108c

SHA256: D2522FE4B8A23C7E9FC839CCA54FF5459F465F17314C3AB6E8D2F973BEC2DFF4

File Size: 218.05 KB, 218053 bytes

MD5: 59e1f8d75095b4ddac5db59e40b2ce99

SHA1: 1272db0ec2fb149324b0a6dd4418ba8e39c8b6a5

SHA256: 00C7353DE005683CE0551007F1CA276285C483393F63B895548266680A52F15C

File Size: 219.50 KB, 219499 bytes

MD5: 02706216fdc8a531cb084eb212cf9a5c

SHA1: 1426b50b39a961e9cd8cbe4e1dc83672a758c215

SHA256: D0663227C3AEBF5A8614813826BAB39792B1E4AF6788FAB757D7A35B448400D2

File Size: 219.58 KB, 219577 bytes

MD5: 69c4a1c339df3c66809b0d8d7aa5531c

SHA1: 4302e6d4995c998c3c9e81f7f9cfafec08c9e192

SHA256: 4140EC6C974AC14C366CC914A930BE3E9BE18627C6D34D98668F590B92108771

File Size: 219.53 KB, 219532 bytes

MD5: 84a33f2e34f4d34af3da2300297563b5

SHA1: 798c83cf84a7c1c1986f3d6d0833bdb1c4f7be76

SHA256: DDC74505B690F97F40F10309B5E6CF2C45E6889148FBE7E7454187F591A1224C

File Size: 219.55 KB, 219551 bytes

MD5: 69c1c0c96e740341a1f739b1eb62b641

SHA1: b8040123773f06937605ed06bf98896f5e4edcfc

SHA256: 9EBABBDD4FE4F9F056C08669BE80C2AF64271F4757DCB3D457AF7FD68C507FCF

File Size: 220.20 KB, 220197 bytes

MD5: 58e7f6ab7143a76876cf4e52ea114fb5

SHA1: f714f6d8e9a3e913aac0684baa09215af40a62c5

SHA256: 51F66E2461A483ECAE7E8FA2C44A51D6ADC2ABFF8CF68CB15A22737D13A8B95C

File Size: 219.37 KB, 219368 bytes

MD5: 1388c4f3425cdf4aa58c641055f85bdb

SHA1: dab65fdedaac4caa0776a6308f63cfddd543ccfe

SHA256: DA2738B756D332AF93568DE8A94E9E165FEAEA9816D68CFBB082ECF82DEDC364

File Size: 219.45 KB, 219447 bytes

MD5: 6c326ef200a825a481146a323063b1a4

SHA1: 56c27c0bd4d91453489d547aa3f1bccfa4aab19c

SHA256: CF827ED60F171385FD40083F701A3ED8C46797885A43D34C3E5986A6EDE71001

File Size: 219.48 KB, 219483 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Razor 1911
File Description	Uninstaller
File Version	1.0.0.0
Internal Name	Razor 1911 Uninstaller
Legal Copyright	2019
Legal Trademarks	2019
Original Filename	Uninstaller.exe
Product Name	Razor 1911 Uninstaller
Product Version	1.0.0.0

File Traits

Installer Version
packed
x86

Block Information

Total Blocks:	2,137
Potentially Malicious Blocks:	132
Whitelisted Blocks:	2,005
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x x 0 0 0 x x 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x x x x x x x x x 0 x x x x x x x x x x x x 0 0 x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Banker.YA
Coinminer.XG
Coinminer.XGA
Downloader.Delf.F
Injector.KDG

Injector.N
Krypt.LLA
Kryptik.CLBB
Kryptik.RA
Kryptik.YFK
Trojan.Downloader.Gen.DP
Trojan.Injector.Gen.FKJ
Trojan.Injector.Gen.GEZ

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\26cc6e.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\26e581.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\3dad2e.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\404dcf.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\4bf629.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\5cdba0.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\5d2188.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\863964.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\8c3711.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\97fa3b.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

c:\users\user\appdata\local\temp\aa387c.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\b0c562.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\ba901d.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\c79dd2.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\cc0074.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\d691f8.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\d9ca92.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\d9eb13.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\e55ecc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\e7925f.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\f21530.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\f9a3dc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\ffa09c.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess

Shell Command Execution


							C:\Users\Fsoswdfu\AppData\Local\Temp\3DAD2E.exe


							C:\Users\Vpuujlsn\AppData\Local\Temp\404DCF.exe


							C:\Users\Cmmoggvg\AppData\Local\Temp\B0C562.exe


							C:\Users\Hgvzirip\AppData\Local\Temp\E55ECC.exe


							C:\Users\Dcdfqokt\AppData\Local\Temp\E7925F.exe


									C:\Users\Gomkblit\AppData\Local\Temp\26CC6E.exe


									C:\Users\Xjdsmqlr\AppData\Local\Temp\F21530.exe


									C:\Users\Cunhahfa\AppData\Local\Temp\C79DD2.exe


									C:\Users\Isrhznhi\AppData\Local\Temp\D9CA92.exe


									C:\Users\Abwvkvkz\AppData\Local\Temp\AA387C.exe


									C:\Users\Exwqdamf\AppData\Local\Temp\26E581.exe


									C:\Users\Tmwezxag\AppData\Local\Temp\F9A3DC.exe


									C:\Users\Awwsscmn\AppData\Local\Temp\4BF629.exe


									C:\Users\Fyjkhdsk\AppData\Local\Temp\5CDBA0.exe


									C:\Users\Zzfrouls\AppData\Local\Temp\D9EB13.exe


									C:\Users\Birfqahh\AppData\Local\Temp\97FA3B.exe


									C:\Users\Jkrgnyai\AppData\Local\Temp\FFA09C.exe


									C:\Users\Wrvkunwa\AppData\Local\Temp\863964.exe


									C:\Users\Zyusfiry\AppData\Local\Temp\8C3711.exe


									C:\Users\Hnnllmry\AppData\Local\Temp\CC0074.exe


									C:\Users\Hltjkieo\AppData\Local\Temp\D691F8.exe


									C:\Users\Jnuiqdoc\AppData\Local\Temp\BA901D.exe


									C:\Users\Hmfnewam\AppData\Local\Temp\5D2188.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Gamehack.FFD

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

PUP.WaveMax Sound Editor

Trojan.Kryptik.JUD

Trojan.Agent.MBD

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen