PUP.Gamehack.GYA
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Gamehack.GYA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
59e1d470576aa02d2bf22d85c9558556
SHA1:
b82d47ac296c560c048ed6279dd9fb9937da3853
SHA256:
F82B93DFF80E118F35917F6A0781E11E01EF28CD2016349A18061F11157F3725
File Size:
3.10 MB, 3096064 bytes
|
|
MD5:
3e63b75141c3b241d7cab7aec93bff86
SHA1:
57b0761337e6b4c84fefbea47a1076bbc54dbaf3
SHA256:
A1673C7759792EAE1CCD0FE19572B6846EE40AFE18BF09C98FB7F128B2D9CE63
File Size:
5.94 MB, 5944832 bytes
|
|
MD5:
042884f3d9efab4bdc2cfc31f98d36cd
SHA1:
682acbf8700cffb58500136132a319ab07cb58c2
SHA256:
1960B693AFC5E3C4281271317E39E4DB1DF6FFBA9BFD5C03CE6FE756DB1878D8
File Size:
5.09 MB, 5089792 bytes
|
|
MD5:
c4efe880d7a49be1f7d49f8c46fef0dd
SHA1:
6d98925cb06241e510872559a26cf41f98b8dd2d
SHA256:
D4166730BD510598ADCBF2B1A7A5B59673334DA05061C31A36CE8D07782C9870
File Size:
6.02 MB, 6024192 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- fptable
- GetConsoleWindow
- HighEntropy
- imgui
- No Version Info
- ntdll
- Pastebin
- VirtualQueryEx
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 4,484 |
|---|---|
| Potentially Malicious Blocks: | 357 |
| Whitelisted Blocks: | 4,079 |
| Unknown Blocks: | 48 |
Visual Map
0
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
x
0
x
x
0
x
x
0
0
0
x
x
0
0
x
0
0
0
0
x
x
0
x
0
0
0
0
x
0
0
0
x
x
0
0
x
x
x
x
0
0
0
0
0
0
0
0
x
0
0
x
x
0
0
0
0
x
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
x
x
x
0
x
x
0
0
1
x
0
x
0
x
0
0
0
0
x
0
1
x
0
0
0
x
x
x
0
0
0
0
x
x
0
0
0
0
x
0
x
0
x
0
0
0
x
0
0
0
0
0
0
x
x
1
0
0
0
0
x
x
x
x
x
x
0
0
x
0
x
x
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
0
0
x
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
0
0
x
0
x
0
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
x
x
0
x
0
x
0
1
x
0
0
1
0
0
0
x
x
0
0
0
x
x
0
0
0
1
0
x
0
0
0
0
0
x
x
x
x
0
0
0
0
0
0
x
0
0
0
0
0
x
x
x
x
0
0
0
x
0
x
0
0
x
x
x
0
0
0
x
x
0
x
0
0
x
0
0
0
x
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
x
0
0
x
0
x
0
0
0
0
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
x
0
x
1
x
x
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
x
0
x
0
0
x
x
x
0
0
1
x
0
0
0
0
x
0
0
0
0
0
0
1
0
0
x
0
x
0
x
0
0
0
x
x
0
1
0
0
0
1
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
x
0
x
x
0
0
0
0
0
0
0
0
x
0
1
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
x
0
0
1
0
0
1
0
0
0
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
0
0
x
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
x
x
x
0
x
0
x
x
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
0
x
0
0
0
x
x
0
x
x
x
x
x
0
x
x
x
x
x
0
0
0
x
0
0
0
0
0
x
x
x
x
0
x
0
0
0
0
0
0
0
0
0
x
0
x
x
0
0
0
x
x
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
x
0
0
x
?
x
x
x
0
0
x
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
x
0
0
0
0
x
x
?
0
0
0
x
0
x
0
0
0
x
x
0
x
x
x
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
x
0
0
0
0
0
x
0
x
x
0
0
0
0
0
0
0
0
?
?
0
?
?
0
0
0
1
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
x
x
0
x
x
?
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
?
?
?
0
?
?
0
0
x
?
?
?
?
0
?
?
?
0
?
0
?
?
?
0
?
?
0
?
0
?
?
?
?
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
x
0
x
x
0
0
0
x
0
x
x
x
x
x
x
x
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
x
x
0
0
0
0
x
x
x
?
0
x
x
x
0
0
0
0
0
0
x
x
0
0
x
x
x
0
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
x
x
0
0
0
0
0
0
x
x
x
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
x
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
0
0
0
0
1
x
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
x
x
0
x
x
x
x
x
x
x
0
0
0
x
x
x
0
0
x
x
x
0
0
0
0
0
0
0
0
x
0
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
x
0
x
0
0
0
0
x
x
x
x
0
x
x
x
0
x
0
x
0
x
x
x
x
x
x
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
1
x
x
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block