Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.GDS

PUP.Gamehack.GDS

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.GDS
Signature status: No Signature

Known Samples

MD5: afc7d48f597976e1226ff6b035943356
SHA1: a2e0645c7a0608ee616cd49f71bdb9ff88127117
SHA256: 4B261D8353F1426D89789AA70E00247699B40BE7C6221592FBA4D24361B56A23
File Size: 852.99 KB, 852992 bytes
MD5: 05b8df6da42361619a5321607f194004
SHA1: 398bff8da44f1c1e4e9f07c44aac01e3ef53cf40
SHA256: 9BF71D29811F2D64CE660D2B996FF653DE29CECC3314278367B52ED4DCD31FC6
File Size: 735.23 KB, 735232 bytes
MD5: 6bf39fd00c1fbc295abe5f3d0a501e73
SHA1: efa5d9d2bd8050fe841331e0edf2bf51a82be606
SHA256: AC1B71DA7A5A93868CFB7C64C9CCB4B741C50634D15E38C59AFD1C256B16234C
File Size: 1.03 MB, 1034752 bytes
MD5: 9cc2b6d9f1b7cadbb39c555eea66840f
SHA1: 1fb643f4514a722c77e6ef60babff2399a88beb7
SHA256: 573329184829FE73F4D2734A6F6D1EC11F87754332EE651D82893227BC2EABFC
File Size: 873.47 KB, 873472 bytes
MD5: 52c9e66f06bdbcfc7edda7cc1c27a6ea
SHA1: 705b1a07657749a33fd32ba89100cac4c3c88b69
SHA256: FA392B73C7FCEFD47B13FDEFCB986AFC543AEEEF1A78FF917C4664458C73C7A2
File Size: 754.18 KB, 754176 bytes
Show More
MD5: d76425655a23e859108a2b40658acf0b
SHA1: 3f1d75f28daf996d38c1ffa4d73227132ef4be1b
SHA256: ABE4CD23EE73D49FEDD781FBB2DD8BD865BA7B3456A94F1E7CC099D9CA421A23
File Size: 572.93 KB, 572928 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Microsoft
  • Spencer's Open Source Macro Industries
File Description
  • An open source Macro with many useful features.
  • Microsoft® STL110 C++ Runtime Library
File Version
  • 2.0
  • 0.1.5
Internal Name
  • MsSp7en - US.lex
  • suspend.exe
Legal Copyright
  • Copyright (C) 2024
  • Copyright (C) 2025
Original Filename
  • MsSp7en - US.lex.dll
  • suspend.exe
Product Name
  • MsSp7en - US.lex
  • Roblox Macro Utilities
Product Version
  • 2.0.0
  • 0.1.5

File Traits

  • dll
  • imgui
  • x64

Block Information

Total Blocks: 1,241
Potentially Malicious Blocks: 77
Whitelisted Blocks: 1,047
Unknown Blocks: 117

Visual Map

x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 x x 0 0 ? 0 x 0 x 0 x x ? 0 ? x 0 0 0 x x 0 x 0 x 1 x x 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 ? x x 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x ? ? 0 0 ? 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 x 0 0 x 0 x x 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 x x ? 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 x 0 x 0 0 0 x 0 0 0 0 0 0 ? x 0 ? 0 0 ? 0 0 0 ? 0 0 ? x x 0 ? ? ? 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 ? ? ? 0 0 0 0 x 0 0 ? 0 0 x x 0 x 0 x 0 0 x 0 x 0 x x 0 0 0 0 1 0 0 1 ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 ? ? 0 ? 0 ? ? 0 0 ? ? 0 ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 ? ? 0 ? x 0 0 0 0 0 1 ? ? x 0 ? x ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? ? 0 ? ? ? ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 0 0 ? 0 ? 0 ? 0 0 ? 0 ? ? 1 ? ? 1 ? ? 1 ? ? 1 ? 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䝮ꤺ뭛ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAllocateReserveObject
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
Show More
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetIoCompletionEx
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady

51 additional items are not displayed above.

Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Keyboard Access
  • GetAsyncKeyState
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess

Related Posts

Trending

Most Viewed

Loading...