Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.GADC

PUP.Gamehack.GADC

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.GADC
Signature status: No Signature

Known Samples

MD5: d7d18fe75ba6de54b1b408778e1da4c6
SHA1: d94aac9f0a17f027ba4ffc485b227edb75d06f5c
SHA256: 86358B9236EB5D79E853629328D68E69E4D1CAEF522FFEE32402ADBB188955FC
File Size: 945.66 KB, 945664 bytes
MD5: 5ddcce1b31fd1ef0de4584c5e8eb020d
SHA1: ac1250c55cca92e86bacd702b42b46e6c88c3417
SHA256: 52693D70E704C3EA8C88734F24E879F626F7E8B8ED207068F80746A59B37C42B
File Size: 928.77 KB, 928768 bytes
MD5: fd400b8e509d9d4cba5a6754814fef53
SHA1: b48bd9f6014433ddef6f980fa43e14f649818a23
SHA256: 57CD6039804CE0ED4AA5FE32A2198259182BFE1C5B4FFCCDF1F91F397E82AF3D
File Size: 275.97 KB, 275968 bytes
MD5: ac29659f4343323d12fa14619bd3e050
SHA1: b94365b1c9da5e69970e9dbcf8ceecf3ba6f3645
SHA256: 7138487DC3BB4282B7FB008E170FE46BEB3290FAE4DD5E07762D7B1C5D49CFB9
File Size: 1.09 MB, 1089536 bytes
MD5: b5d4317454fe268775d73e6922587e10
SHA1: 4c40f47709c682ad7c3d6758ba13f513efc46939
SHA256: 748C2E82046DCC2D794E76AE54C138551F68D64C6B5D14B558EB40E0A6165506
File Size: 283.65 KB, 283648 bytes
Show More
MD5: 8e7d18c33c4c144656f09857fb7d0de5
SHA1: c666c7e3398a5b1d3ebb7e362dde0b45817d90b0
SHA256: B957C417B8D0087D2C40F82F7F2E92E952CE7523FAD4079F0573C0CF57BA2973
File Size: 360.45 KB, 360448 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • dll
  • imgui
  • No Version Info
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 1,277
Potentially Malicious Blocks: 290
Whitelisted Blocks: 820
Unknown Blocks: 167

Visual Map

0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 ? ? x ? ? 0 0 0 0 0 0 x 0 0 ? 0 ? 0 0 0 0 x ? ? ? x 0 ? x x ? ? x x 0 x ? 0 x x ? ? x 0 x 0 x 0 0 0 x x x x x 0 x 0 0 0 0 0 x x 0 ? x 0 x x x x x 0 x ? 0 x 0 ? x 0 x 0 0 x x ? x x 0 ? 0 x 0 0 0 ? 0 0 0 0 x ? x x x 0 x 0 x x 0 x 0 0 0 x x 0 0 x x 0 x 0 x 0 x 0 0 x 0 0 ? 0 x x 0 0 x x 0 x x 0 0 x 0 x x 0 x 0 x ? x ? 0 0 0 0 0 0 0 x x ? 0 x x 0 x x ? x x ? ? ? x x ? x 0 0 x ? 0 x x 0 0 0 x 0 x x 0 0 x x x 0 x x x x ? x x 0 x 0 x 0 x 0 0 x x 0 0 0 x 0 0 x x 0 0 0 0 ? x x x 0 0 x 0 0 0 0 x 0 ? x x 0 x x 0 0 x ? x 0 x ? x x 0 0 0 x 0 0 ? ? ? x 0 x x x x x x x x x x 0 ? x x 0 0 0 x x ? x x ? ? ? x ? ? x 0 x x x 0 x x 0 0 ? x x ? ? x x x x 0 x x x 0 0 0 x 0 0 x x x 0 x x x ? 0 ? 0 x 0 x 0 0 x x x 0 0 0 x x x 0 ? ? x x x x x x x 0 x x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 x x 0 0 0 ? 0 0 0 0 0 0 x 0 0 0 0 0 ? 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? x 0 x x 0 x x 0 0 0 0 x x x 0 0 0 x x x 0 0 x 0 x 0 x x x x 0 ? 0 0 x x x x x 0 ? ? 0 ? ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 ? 0 0 0 x ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? x ? ? ? ? ? ? ? ? 0 0 x x ? x x x x 0 0 0 x 0 0 0 0 0 0 ? x 0 0 x ? x ? 0 x x x x ? x ? ? 0 ? 0 0 0 ? ? ? ? 0 x x 0 x 0 0 ? x ? ? 0 0 0 ? 0 0 0 0 0 ? ? x 0 0 0 x ? 0 ? 0 0 0 ? x ? x x 0 x ? 0 ? ? 0 x ? ? x 0 x 0 ? ? 0 x 0 0 ? x x x 0 0 0 x 0 0 x 0 ? 0 0 0 x ? 0 x 0 0 0 x x 0 0 0 0 0 0 x ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? x x ? 0 0 0 0 0 ? ? x x x x x x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 ? x x ? ? x ? ? ? ? 0 x x ? x x 0 ? ? x ? ? ? x x ? ? x ? ? x x x x ? x 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? ? ? ? x 0 ? ? x ? x x x 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ὰ䏊䔶ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess

Trending

Most Viewed

Loading...