PUP.GameHack.GACJ
Table of Contents
Analysis Report
General information
| Family Name: | PUP.GameHack.GACJ |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
7e124036f23325c2cec4a47ce7a4847e
SHA1:
f5cfb050e8b8492d2482c99d54b4c7803782fd72
File Size:
648.70 KB, 648704 bytes
|
|
MD5:
021afbca749e2446e8c312a33b8e5533
SHA1:
770b1c2ace82fd523be6d65ea3a09ade29a518bf
SHA256:
2CDD40A90EA887003F0465DFF8692208D879E2744BAE0DC9AACCF407130D338F
File Size:
558.15 KB, 558152 bytes
|
|
MD5:
a329d1a4abe5b3829f89b209bfbfc471
SHA1:
1cc65ed2eac7f8cbd207e6de64be35f7d89516c5
SHA256:
97865CADFE087E3D351F6B35FC7BAAB18AE5DE7C3D355E6C435411BA057BE7AD
File Size:
893.86 KB, 893864 bytes
|
|
MD5:
8cccd4676d52384e2e2ea440c358399f
SHA1:
6ed53b906511f73d8dfa432fde7daa80bde1a56d
SHA256:
7CD4A7705EBDCF80F7AD899BD3B720E013644C6C82502C02C6036E543EA31135
File Size:
893.86 KB, 893864 bytes
|
|
MD5:
4119d97fdb73ea9ad848dbce28ec1e10
SHA1:
d00c7418cdc6db90e8e517607fd5169861ffc032
SHA256:
E25C7D64C8B796A9906D42AD282E80DED137191B20E1AD92E47BA452EFC8C98E
File Size:
505.77 KB, 505768 bytes
|
Show More
|
MD5:
26acf51018fcd9236cb8fb9f289abc07
SHA1:
db433f5b0698b82f6523b23030885de615d3f83f
SHA256:
4EE987D574C23507523F06EC0C3E6D8213A54C7EF972D92111B520CFEBD0A441
File Size:
332.71 KB, 332712 bytes
|
|
MD5:
51a91a4180201ae040c027a4fcf683ee
SHA1:
39c8145cffb048efb461ebd96e0f23b1ecbe1f1a
SHA256:
28CD56CB354D44410381C38CB1072FCD622624EC3B2AC21D7EF3AA288F879C21
File Size:
734.72 KB, 734720 bytes
|
|
MD5:
e250aee5da13493f18b13b1c42e350b9
SHA1:
6e932e90fa826b3d4a22f911b7c781c3f3555124
SHA256:
FDC7DBE82E92850E808F673CF432CFB3CDD3D76BFB97B2949578E6C3C6F09C81
File Size:
1.09 MB, 1085440 bytes
|
|
MD5:
620af42d2f6afc9fd63e129d11a1622a
SHA1:
21e2eb36ae3fc6e42654a85acd38ad20a9627cf6
SHA256:
8BAF308E7442998A8FD8CAC12D18DCB3D5433D1465D045D1C3D0E226BB795916
File Size:
443.30 KB, 443304 bytes
|
|
MD5:
570b33b0e56395ccfce30b9aa52536ba
SHA1:
b44446fa27555056769768c4e5862509dcd2133f
SHA256:
9BC86154A93F94CB95720B6F7B2C3F67FE9C6DE0376081358A0B1E5A66FD4D0F
File Size:
330.75 KB, 330752 bytes
|
|
MD5:
8438ffd421c8cd909836b8fa3f7b1753
SHA1:
93383e281c524794357b18ab70a15da52917f91b
SHA256:
0C9F31AFE29E5DA242D33C7689E9C33C85EBDCDDD391D64CCB6A9DDD251CD207
File Size:
351.14 KB, 351144 bytes
|
|
MD5:
7e9acea7130887ac49e8f48b897bbc6e
SHA1:
d24512bbe786eaf9ed6421ca433151969994e894
SHA256:
6515CD660EB425F1662D4B8382B38AEF38068BC0AA9EBF3517397E8C48B1B730
File Size:
432.04 KB, 432040 bytes
|
|
MD5:
38bb8fd46dbbbfaf20f48d4f65be7bf5
SHA1:
0c6f00aa0c221008d971f3d6ecc5301a20021a37
SHA256:
9B2F638FE1BB63E7F467B615448672C3544F9F9E50BE14C81329001A91E23EE8
File Size:
893.86 KB, 893864 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
| Source Control I D | 8563863 |
| Squirrel Aware Version | 1 |
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| GSE | GSE | Self Signed |
File Traits
- fptable
- HighEntropy
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,174 |
|---|---|
| Potentially Malicious Blocks: | 30 |
| Whitelisted Blocks: | 1,144 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
x
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
x
0
x
0
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
x
x
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
2
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.FDZ
- Brute.LC
- BypassUAC.AR
- Downloader.GDF
- GameHack.GACJ
Show More
- Gamehack.DT
- Gamehack.FT
- PSW.Agent.PF
- Stealer.DN
- Trojan.Agent.Gen.BDN
- Trojan.Downloader.Gen.OR
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
