Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.GACH

PUP.Gamehack.GACH

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.GACH
Packers: UPX x64
Signature status: No Signature

Known Samples

MD5: 68c3312614042e0b8e8e276c7222b363
SHA1: b59768fa3f8e9dccc7deba0a425c1d571be2c880
SHA256: DEEA387213ED0F5CEBF1CD026E6A350C3D8DF5B023ABB63ECB4C6E835B551437
File Size: 4.01 MB, 4014080 bytes
MD5: 2e947de17584a2dad8351cbffc3ba31a
SHA1: 2ed8cb11beae7827c7bfc45a5a7e3cc8977fd0dd
SHA256: 5ECA58B2EE15D349F27B2123CBF3591A7AFB04D6AC824C9295330AC4B24810CE
File Size: 664.06 KB, 664064 bytes
MD5: 7a561f499f96f1eee9606de795007911
SHA1: 6c3f1449b7a1e25a7b781651a50ae56783e6f87f
SHA256: 99387E5D2189DF940632B5095043EE49E1086B787604A4B904EBB61549DB1827
File Size: 2.99 MB, 2987008 bytes
MD5: 9616bc3642d009996141cc21143ae40a
SHA1: a6d72ef50a78c7e67e8ada5b6e0278d59d2178a3
SHA256: A0CA016F6508612C19855557AAAD6823D4E340D8117506BDD8D1E13754E64401
File Size: 2.99 MB, 2987520 bytes
MD5: 4303eebe0d559eb8148f2f91e57a8746
SHA1: 1125fef8d1bad9d953187af36830bf6240bc66cf
SHA256: 55DA56E2B3C0C8594DD8262EBB044FECC9E45D3C9CB6F10F351258F63562C07C
File Size: 3.48 MB, 3481088 bytes
Show More
MD5: 26313b052964680df6c2b6fa7f35f68c
SHA1: 755cd7e61439384b91275fdb383e935daa968714
SHA256: 885643B42FA0EDD305569F475CA7D599763690FC585AF0FA9F7AE9CA7C5062F5
File Size: 268.80 KB, 268800 bytes
MD5: a111e20ed810a3ed88631ddafc50ffee
SHA1: a6ec9b37645798fb7920ef822af9a2fe9a89986c
SHA256: ACC60566687BBF71A4920C6DBD0BC8C5B299CCF0681437BBCD32108B3697C15C
File Size: 585.22 KB, 585216 bytes
MD5: b763a1fc3c3155fee714c6bb560f5869
SHA1: bfea067e489ead42d0208afaf43d5e3a1eac5baf
SHA256: 073901B95187AEC80ECC4628AFE6E8861C3C931D89F2F9A212B344820AD7FFFE
File Size: 2.96 MB, 2963456 bytes
MD5: 9f39958160a49d8b243d867e60d0747a
SHA1: 083a062456886474188708062be6992b28d025d3
SHA256: F228790C6CBABC5EB2C7B161CBDE7ED18BCBE395DFDB3F7B3E9C16C82A57814D
File Size: 416.77 KB, 416768 bytes
MD5: c0e4a0d7d04a22746f401d0eddd04aea
SHA1: 6b2efe09c1e5d227ae00a93d225fb0657398238f
SHA256: 27076763912ADB66109EB128782F18160044D032D5C41F79A71B270FD2BD686C
File Size: 721.92 KB, 721920 bytes
MD5: 29cef61423cf1f10ea33ace806bd8827
SHA1: 9190115f3f2c489f07a213616ade8ed95d1cfd21
SHA256: 50CD608780A320283E42716FE14DD8FEA75CAB0BF1BAAECD2D5F22F60036777B
File Size: 406.53 KB, 406528 bytes
MD5: 6b931c961901b7d295c1a364005d7015
SHA1: a4cea19c0040c77ef08f3f608763aa561a4e6790
SHA256: C7292EE9DD360AB34497192FA55744E04FC4D82BF11073D03C5C4685B4533EE5
File Size: 514.05 KB, 514048 bytes
MD5: f05742216755341960d870b847812ca2
SHA1: 5467d691a7cf07bde650b1b2f2ecaf9455cf2453
SHA256: D2FCEE9F8D51AF04568B3CB9D043A8FB2E49EAFD37452D98580376C07CF34DE6
File Size: 3.70 MB, 3698688 bytes
MD5: 079f6271ba4fc92a643a332e9ad80132
SHA1: 7301e645a39ac34a755aa90e28a06b5eff94c155
SHA256: 9A74F9FF2DAB9F0A05E16164CAD544A725D802FAAE2277566F406C976D90F5B8
File Size: 5.85 MB, 5846016 bytes
MD5: 953ab37107092b1935ef4bbb311ff5e8
SHA1: 91466a10d9cf50b5342f5187b96f20f9abc881e5
SHA256: 7670EE14B86D8143304EBE3B0674F334683D6430A36E82525A60742D10DAE4BD
File Size: 6.61 MB, 6610944 bytes
MD5: de1c2cbf0e534aea3f545c9213ef9101
SHA1: 3ae442db6a285095cfd3d6d03b816f5725d3e30f
SHA256: 6DC3F3DD607DF61599386E9D2F1E84A3D80685684E6A72FFD744049BF3759361
File Size: 3.69 MB, 3685888 bytes
MD5: ecc8f97efa1e3b1818dd620affd069f3
SHA1: 14ed73551cb876f0f391834b52cf8ac82e4cf0ee
SHA256: F1B2D66A70BE816CBB2CF16BFC2BF0FDBBA15599081CB04734FEDD4BAEF21269
File Size: 3.05 MB, 3049984 bytes
MD5: f5cee20e8926d8059aa93858e7318dfa
SHA1: 5a02e82df464db39ea55963073115604f8ab54e2
SHA256: 3B1BB06EBAEC1371E5A43A686B29F9BC03963E8DE24788A0A6D94B5A83C7938D
File Size: 1.59 MB, 1591296 bytes
MD5: c7def5efce9130df9bcf3b67b89522ba
SHA1: df6ac9a86157d9ee361448af0b19b908c5860b26
SHA256: 14FCDC891F54EF17D32679B135D62BBA6C4F8073E809CC767679DC0C1FE08E32
File Size: 1.59 MB, 1586688 bytes
MD5: f0b178d1fbfbd66ce85d0121d9750dce
SHA1: 27e11c6127ae5ae72e8d7a6cb9e4e26abe660999
SHA256: EBB03C89E561953493357A6C74DC169998E604D1E09D1B5F052DB86B58CA284A
File Size: 4.68 MB, 4681728 bytes
MD5: aaff2917a57194b8836cdddc7768df51
SHA1: 27ca28a49cc2b23da9d630e20b6736e3d1343b5d
SHA256: 8DCFAFCD374E3F312225DDAFE54E9BBD3FE6C18A81820CD7AD38C63F6FBCE2C2
File Size: 2.89 MB, 2890832 bytes
MD5: eb24b73d2b255857521cc62620ac6312
SHA1: 56ca917a3fdc075c0d4d78af5b43cf475597da03
SHA256: 73BE6B43F22206760F63BAE2303F42372CA5FD57DFD1BCEFA0FDC419CA55E53A
File Size: 2.97 MB, 2969600 bytes
MD5: ab2506c5dbd2838a902a583398ef6a5d
SHA1: 8f1785f1743f68208438bc7538a7532eca261276
SHA256: 5BE7BAE3ABC989448586B17C2A7C94F9F4D3B02328F07C08B6576891C3D3CF2C
File Size: 4.01 MB, 4014592 bytes
MD5: 13d38eb274b2187d3d976e3396b02191
SHA1: b853a71887763d0e8068967e30158af7e4648853
SHA256: 3482AC2959D0A2B05B80775EE7C5A8D993DC9898789C20162DF8BB97F130A12D
File Size: 3.22 MB, 3215360 bytes
MD5: 1e1a0c74e79e0d4730f75d4908092cac
SHA1: 3f2ce4fc732e1316e02ea4d5f56ce6436a768a47
SHA256: 904E228E8DD620EDAF3B41F6385467F9D35125CE1511A20AEF13962C9B89DF30
File Size: 5.84 MB, 5844480 bytes
MD5: 6bfebfaa7f4a97e0b5d7a5ddffb762ea
SHA1: 114e365bb24184dbc8464a826efbe0b2f6c67fb1
SHA256: 74FF7FC562679770EC0FAC15875EA639BA494A82344CF59C872AF156BF5120EB
File Size: 3.42 MB, 3417600 bytes
MD5: 6a712f9b5f0f20c60e2310bfd639b9d9
SHA1: 460a075f33897631d69ca2d63cbdc00db5364ac4
SHA256: F00A6B88DA6DE1674938288992A3DC97FD4F72F431DFCB81B72233ADEDF6DD22
File Size: 6.37 MB, 6373376 bytes
MD5: 8fd842cad9a343b345fc65e31f558e34
SHA1: 67cf335ef694c514d895715dea46d00c0e976cfb
SHA256: 21018B6988B6665CA8F290480BDE1F674EB47E82C484CB39F20D0B6A1BEF8CEF
File Size: 456.19 KB, 456192 bytes
MD5: b906e1beecb42669597576ad524d1670
SHA1: 0f45027bb44e93528acaa157c1465a5ff90e0992
SHA256: 2D84DE3A1B65426854E49D02A07A3A22F8DB5B2846AA3674E94BE2C1031E8EF1
File Size: 4.68 MB, 4681728 bytes
MD5: 997000834456c0c55db378751ae14065
SHA1: b23a918fa14940660b9dd17e4c1fe485233d100e
SHA256: B09C50C26FB14D788ACCC2E548B28F077A141CA5E94D5F328DCD51D9C9757624
File Size: 401.74 KB, 401736 bytes
MD5: 836163f2875c5f301ee7cc5a07ddf0ad
SHA1: ac72818004e4844a6ab5f94b09a06876a6b4c702
SHA256: 09D40BBBC58F9A450BC675190E965F51EE3702D41D9F6FEBF0A5EC96F28985E0
File Size: 2.40 MB, 2395136 bytes
MD5: 13daa6d605043919c997a4bdb78e917b
SHA1: d7b18d0856b40c95bbc065efc25907c96f913b02
SHA256: 39BBF53621127DF8D214437967ADC98547274EF0E151C7CA93B878E54D2B6ADB
File Size: 3.08 MB, 3075584 bytes
MD5: be7abbd59a6c0b5019660a12c26a12fe
SHA1: 839758112e9ad29889dbb9a8322cc193b8541856
SHA256: E61EB2AC14B4CFF1B6664A7EEC9578EB82C18369E302C550D6E47F259B69BEC4
File Size: 3.42 MB, 3420160 bytes
MD5: c336eda8d082bedf3eecd62230a93b96
SHA1: a14b5afc4e6885e3aa8e186e1c71a8b211140e19
SHA256: D21E9705CD53EBD9CDAABFDAB2E58B8367600F0B73354784EEEF77ECBEB8B9B4
File Size: 2.35 MB, 2348032 bytes
MD5: 263c7b63230911bf7a1d56da69eb3d56
SHA1: 8a0216d384760dd86bc058325659781b0cd468b5
SHA256: 045F317E008C9D3C11602F10083809293827A4DEE86E6F4FF6CCC0E1E3072EB3
File Size: 645.63 KB, 645632 bytes
MD5: 8695c0cde962374d44540bd7679ae806
SHA1: 9fe2543782ddbde057f30e725565108da49e4cf7
SHA256: 3A86501D6F67B6F98CB4CE2F34F9D6B808A9C687CB2E395DDEB890ECC819CEED
File Size: 561.66 KB, 561664 bytes
MD5: 76923d5a09b3d96507ed966f74c93546
SHA1: 84a6f3abee8c2e6210b810475b8d624c978661a1
SHA256: 34F57E6D595462204721569D5188B445919940BBE6E21D59D6FD5E0A2F2872E9
File Size: 1.35 MB, 1350656 bytes
MD5: ffbddbad86d677cc6e138dae2f989862
SHA1: 3ba41b278f3adf694969277511a88615a09ed582
SHA256: 6438E2A42DE3C936F142B207E0DA613F14C4E197875AB1D9FCD81C3FE5D0568D
File Size: 333.31 KB, 333312 bytes
MD5: 72e43351b5356439ac0653997264a776
SHA1: fe68db0f7135fa273a3c061e3407fc1b0cb8aa4c
SHA256: 66A8E9E0C0B83DAC0C09C24C2C361A86AD66177AC40E9E5B91178D594C1B24DF
File Size: 2.98 MB, 2982400 bytes
MD5: 486417b70804d77ffc8de97bd5a765f2
SHA1: fb966dacdbb48e287f2598a3cd6e8fb3e5219897
SHA256: 2B07441275992725D932D4EFE00EC7412A4C3DC930D14E1C18A0C8B1CFEAC71B
File Size: 1.34 MB, 1339392 bytes
MD5: 4b5e241d91693da56c252e39bc787c30
SHA1: 639e6a78422e269aa60aebffab97bc1dbefedc46
SHA256: 4174DB02CE366B5AC48DBC8FC38B072D360F67B05DFCFA2561A71D8F045ADC74
File Size: 2.55 MB, 2548736 bytes
MD5: 60b9519d4a203900f8ab01537773a8ab
SHA1: ab10fc64b0d9776e17144fb175630df30fd93896
SHA256: 83E1260846F10E20CFBAD994C3DC18D84F6180AE66157661ED6694D4A8423C78
File Size: 268.29 KB, 268288 bytes
MD5: e7e9b32df22d89d9b94b9c29be91c5e5
SHA1: ca5968fbcc5bfcee8b1993ef1ae139471414cc43
SHA256: DA2BBF1F934337481E973D8DEC40901E923E97AA175BDF3F582270AB120CA253
File Size: 6.37 MB, 6373376 bytes
MD5: b6ac380a62dec3775584c64754b083fd
SHA1: e9b0966c3cbede797b5f6bd420f0f66347183fdb
SHA256: 24129130C02B5B1709FAB77C54CAEADA971551FCE530456F701637D10F834413
File Size: 1.82 MB, 1823232 bytes
MD5: 8ba35e03df5c0a2f9f78186952ec4803
SHA1: 0dfa988f6351ef22405f375e43af1c4423548129
SHA256: DE9EAD4FFDEE03E90878CBE963A8213BC358DF3CC6483A894472580D604D43B9
File Size: 3.65 MB, 3654144 bytes
MD5: f2743e97413b6d19858571b2cfb4d3ac
SHA1: 27c280f42e6ef9adf6dbcf70b922a228d43684e5
SHA256: 35D196EA0499A2672987F1E36557C98DF966F2CADE8FAD269DF70D4F61CA5CBD
File Size: 2.96 MB, 2963456 bytes
MD5: 82df11b1b881dfd9289ffb6ce7e06ac1
SHA1: bac1c2d96119916b5e20a39b67ebcbd0623e08f3
SHA256: 3F2CC1487B60DD320772E7FE92346F346995F0CD3D423C80548D5F02ACF4BAFF
File Size: 6.00 MB, 5996544 bytes
MD5: 599cc24fb4d5f733b6aa07f76e320e02
SHA1: fef8824668e77386909aafc433e74eb995d74774
SHA256: FDF6E57A619A43056574D6361CE90AC05B53A3D0036566438D9C986926C80E05
File Size: 2.61 MB, 2609664 bytes
MD5: 4be55f3645449cfb42a1a011a537ca59
SHA1: 748b742d7da0914623d9167357cc0cc3e9082ee9
SHA256: 567E7D226268F32CEF220B1849BCEE653F13E0F2532BD48A4F9B819077D93DF3
File Size: 6.82 MB, 6819328 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments https://mul0.com/
Company Name
  • Kitsuune
  • Microsoft Corporation
  • Sacracia
  • Tsuda Kageyu
File Description
  • Hollow Knight: Silksong [Ultimate Cheat Menu]
  • Kitsuunes (visual) real-time Editor for Skyrim
  • MinHook - The Minimalistic API Hook Library for x64/x86
  • Silksong Menu
  • Version Checking and File Installation Libraries
File Version
  • 10.0.22621.1
  • 1.5.0
  • 1.3.3.0
  • 1.0.0.0
Internal Name
  • KreatE.dll
  • MinHookD
  • Silksong_Cheat.dll
  • version
Legal Copyright
  • Copyright (C) 2009-2017 Tsuda Kageyu. All rights reserved.
  • Copyright (C) 2023-2026 Kitsuune
  • Copyright (C) 2025
  • Copyright (C) 2025 by Sacracia
  • https://mul0.com/
  • © Microsoft Corporation. All rights reserved.
Legal Trademarks Tsuda Kageyu
Original Filename
  • KreatE.dll
  • Silksong_Cheat.dll
  • VERSION.DLL
Product Name
  • KreatE
  • Microsoft® Windows® Operating System
  • MinHook DLL
  • mul0 & Sacracia
  • Repo mod (18.11.2025)
  • Repo mod (28.11.2025)
  • Silksong Menu
  • Silksong mod (18.11.2025)
Product Version
  • 10.0.22621.1
  • 1.5.0
  • 1.3.3.0
  • 1.0.0.0

Digital Signatures

Signer Root Status
Lisa Gamble SSL.com Root Certification Authority RSA Root Not Trusted

File Traits

  • 2+ executable sections
  • big overlay
  • dll
  • fptable
  • GetConsoleWindow
  • HighEntropy
  • imgui
  • Installer Version
  • No Version Info
  • ntdll
Show More
  • VirtualQueryEx
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 38,141
Potentially Malicious Blocks: 41
Whitelisted Blocks: 34,728
Unknown Blocks: 3,372

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 1 0 1 1 0 0 0 0 0 0 1 1 1 0 0 0 1 0 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 ? 0 ? x x ? ? 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? 0 0 0 1 0 0 0 1 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? 0 0 0 0 ? 0 0 0 0 1 0 ? 0 1 ? 0 1 ? 1 ? 0 0 0 ? 0 ? ? ? ? 0 ? ? 0 0 0 ? 0 ? ? 0 0 ? ? ? 0 0 0 0 0 ? ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 0 ? ? ? ? ? ? ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 1 0 0 0 ? ? 1 0 0 ? 0 ? 0 0 0 ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 ? ? 0 ? 0 0 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 ? 0 ? 0 0 0 ? 0 0 0 0 ? ? ? 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 ? 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 ? 0 0 ? 0 0 0 0 ? ? ? 0 ? ? ? ? 0 0 0 0 ? 0 0 ? ? ? ? 0 ? ? 0 0 0 ? 0 0 0 ? 0 ? ? ? 0 ? 0 ? 0 ? ? ? 0 ? ? 0 ? 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 ? 0 0 0 0 ? 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 ? 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 ? ? 0 0 ? 0 ? 0 ? 0 0 ? ? 0 ? ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 1 0 0 0 1 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 1 0 0 ? 0 0 ? 0 0 0 ? ? 1 0 ? ? 0 0 0 ? 0 0 0 0 x ? 0 0 0 0 ? 0 ? 0 ? ? 0 0 0 ? 0 0 ? 0 0 0 0 0 0 1 0 0 ? 0 0 0 0 0 ? ? 0 0 1 0 0 1 0 0 1 0 0 ? ? 0 ? ? ? 0 1 0 ? ? 0 ? 0 ? 0 x ? 0 ? 0 0 0 0 0 0 ? ? 0 ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 ? x 0 ? 0 ? 0 ? ? ? 0 0 ? 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 0 ? ? 0 ? 0 ? 1 ? ? ? 0 ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 ? ? 1 ? 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? 0 0 0 1 1 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 ? 0 ? ? ? ? 0 0 0 0 0 0 ? ? 0 1 ? ? ? ? ? 0 1 ? 0 ? 0 0 0 0 ? ? 0 0 ? ? ? ? 0 1 0 ? 0 1 0 0 ? ? 0 ? ? 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 1 ? ? 0 ? ? ? 0 0 1 1 0 0 0 0 ? ? ? ? 0 ? ? 0 ? ? ? 0 0 1 0 ? ? ? ? 0 ? ? ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 ? ? ? ? 0 ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? ? 0 ? 0 ? 0 0 ? 0 ? 0 0 0 0 ? 0 ? 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 1 1 0 0 0 0 ? ? ? ? 0 0 0 0 ? 0 0 0 0 0 ? 0 0 ? 0 ? 0 ? ? 0 ? 0 0 ? ? ? 0 ? 0 ? 0 ? ? ? ? 0 0 ? 0 ? 0 0 0 0 0 ? 0 ? 0 ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? 0 1 1 0 0 1 0 ? ? 0 ? ? 0 0 0 ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 0 0 0 ? 0 0 0 1 0 0 ? 0 ? 0 ? ? ? 0 0 ? 0 0 1 0 ? ? 1 0 0 ? 1 0 ? ? 0 0 1 1 0 ? 0 ? ? 0 0 0 1 1 1 0 ? ? 1 0 0 0 0 ? ? ? 0 0 ? 0 ? 0 ? 0 ? 0 1 1 0 0 ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 1 0 ? ? 0 0 0 0 1 0 0 0 0 ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.KFP
  • Gamehack.GADA
  • Injector.KFSC
  • Kryptik.EFJ
  • TelegramHack.C

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\120a378b-65d0-43e3-82b5-206674d078db.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\120a378b-65d0-43e3-82b5-206674d078db.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\5d87e86d-fc5e-4d81-9a71-d9c5669c0c97.csl Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\5d87e86d-fc5e-4d81-9a71-d9c5669c0c97.csl Synchronize,Write Attributes
c:\users\user\appdata\local\temp\61a1fbf67eca43459f1ad54d68280ba5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\855814e0a56449b389ef22cc37dac8e6\{86eea894-5bcd-434a-8c64-f49663c21ccd} Synchronize,Write Attributes
c:\users\user\appdata\local\temp\8d4e7386ef9040faad30b7dacaed58bb.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\ffa69f178aa9447c8d58b2acc8800958.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\roaming\16c525f4-b7e5-41ed-b0d4-82ee29c3be2d.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\roaming\16c525f4-b7e5-41ed-b0d4-82ee29c3be2d.tmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\neos eureka s.r.l\eurekalog\bug reports\748b742d7da0914623d9167357cc0cc3e9082ee9_0006819328\748b742d7da0914623d9167357cc0cc3e9082ee9_0006819328.el Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\neos eureka s.r.l\eurekalog\bug reports\748b742d7da0914623d9167357cc0cc3e9082ee9_0006819328\748b742d7da0914623d9167357cc0cc3e9082ee9_0006819328.el Synchronize,Write Attributes
c:\users\user\downloads\log.txt Generic Write,Read Attributes
c:\windows\system32\haxsdk-logs.txt Generic Write,Read Attributes
c:\windows\system32\haxsdk-logs.txt Read Attributes,Synchronize,Write Attributes,Delete
c:\windows\system32\haxsdk-prev-logs.txt Read Attributes,Synchronize,Write Attributes,Delete
c:\windows\system32\reboot.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 뜓붠䰂ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 荓燈䱯ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䀺毺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᒿ䂟毺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᖛ쏫盝ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 놟豌詨ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ඙킕ꌝǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䃡ፐ쩓ǜ RegNtPreCreateKey
HKCU\software\eurekalab\eurekalog\7.0::machineid 죎搏ڴ伂ᖻ쇒멚 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAllocateReserveObject
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
Show More
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateUserProcess
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFindAtom
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtPrivilegeCheck
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryTimerResolution
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueryWnfStateNameInformation
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletion
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationToken
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetIoCompletionEx
  • ntdll.dll!NtSetSecurityObject

135 additional items are not displayed above.

Process Terminate
  • TerminateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Keyboard Access
  • GetAsyncKeyState
  • GetKeyState
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • WriteConsole
Network Winsock2
  • WSAStartup
Network Winsock
  • closesocket
  • connect
  • getpeername
  • getsockname
  • send
  • setsockopt
  • socket
Network Info Queried
  • GetAdaptersAddresses

Shell Command Execution

C:\WINDOWS\system32\mode.com mode con: cols=90 lines=26
WriteConsole: Access is denied
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c cls

Trending

Most Viewed

Loading...