PUP.Gamehack.GYA

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Gamehack.GYA
Signature status:	No Signature

Known Samples

MD5: 59e1d470576aa02d2bf22d85c9558556

SHA1: b82d47ac296c560c048ed6279dd9fb9937da3853

SHA256: F82B93DFF80E118F35917F6A0781E11E01EF28CD2016349A18061F11157F3725

File Size: 3.10 MB, 3096064 bytes

MD5: 3e63b75141c3b241d7cab7aec93bff86

SHA1: 57b0761337e6b4c84fefbea47a1076bbc54dbaf3

SHA256: A1673C7759792EAE1CCD0FE19572B6846EE40AFE18BF09C98FB7F128B2D9CE63

File Size: 5.94 MB, 5944832 bytes

MD5: 042884f3d9efab4bdc2cfc31f98d36cd

SHA1: 682acbf8700cffb58500136132a319ab07cb58c2

SHA256: 1960B693AFC5E3C4281271317E39E4DB1DF6FFBA9BFD5C03CE6FE756DB1878D8

File Size: 5.09 MB, 5089792 bytes

MD5: c4efe880d7a49be1f7d49f8c46fef0dd

SHA1: 6d98925cb06241e510872559a26cf41f98b8dd2d

SHA256: D4166730BD510598ADCBF2B1A7A5B59673334DA05061C31A36CE8D07782C9870

File Size: 6.02 MB, 6024192 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File has TLS information
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

fptable
GetConsoleWindow
HighEntropy
imgui
No Version Info
ntdll
Pastebin
VirtualQueryEx
WriteProcessMemory
x64

Block Information

Total Blocks:	4,484
Potentially Malicious Blocks:	357
Whitelisted Blocks:	4,079
Unknown Blocks:	48

Visual Map

0 0 0 0 x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 x x 0 x x 0 0 0 x x 0 0 x 0 0 0 0 x x 0 x 0 0 0 0 x 0 0 0 x x 0 0 x x x x 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x x x 0 x x 0 0 1 x 0 x 0 x 0 0 0 0 x 0 1 x 0 0 0 x x x 0 0 0 0 x x 0 0 0 0 x 0 x 0 x 0 0 0 x 0 0 0 0 0 0 x x 1 0 0 0 0 x x x x x x 0 0 x 0 x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 x 0 x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 x x 0 x 0 x 0 1 x 0 0 1 0 0 0 x x 0 0 0 x x 0 0 0 1 0 x 0 0 0 0 0 x x x x 0 0 0 0 0 0 x 0 0 0 0 0 x x x x 0 0 0 x 0 x 0 0 x x x 0 0 0 x x 0 x 0 0 x 0 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 1 x x 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 x x x 0 0 1 x 0 0 0 0 x 0 0 0 0 0 0 1 0 0 x 0 x 0 x 0 0 0 x x 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 x 0 x x 0 0 0 0 0 0 0 0 x 0 1 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 x 0 0 1 0 0 1 0 0 0 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x x x 0 x 0 x x 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x 0 0 0 x x 0 x x x x x 0 x x x x x 0 0 0 x 0 0 0 0 0 x x x x 0 x 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 x ? x x x 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 x x ? 0 0 0 x 0 x 0 0 0 x x 0 x x x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 0 0 1 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 x x 0 x x ? x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? ? 0 0 x ? ? ? ? 0 ? ? ? 0 ? 0 ? ? ? 0 ? ? 0 ? 0 ? ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x 0 x x 0 0 0 x 0 x x x x x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x x 0 0 0 0 x x x ? 0 x x x 0 0 0 0 0 0 x x 0 0 x x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x 0 0 0 0 0 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 1 x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 x x 0 x x x x x x x 0 0 0 x x x 0 0 x x x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x 0 x 0 0 0 0 x x x x 0 x x x 0 x 0 x 0 x x x x x x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 1 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Gamehack.GYA

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Submit Comment

Trending

Dohdoor Backdoor

RebateBlast

Wellhabits.xyz

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen