Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.HADF

PUP.Gamehack.HADF

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.HADF
Signature status: No Signature

Known Samples

MD5: 1ddd8b39c975afbdced842580c3efb91
SHA1: e05d141249a610f45968559f650ef75444d29d89
SHA256: 2C8F19EB3D7F438BDE40466AC119CC5092E29987CBEB36E211820603EBFD7EB0
File Size: 2.05 MB, 2054656 bytes
MD5: ddc8368858156156c5ffac1a78be6816
SHA1: db4dbfaf02bb72c70a124a1956e1725af2cc404b
SHA256: 659E9895498AE05FE628189995C7474CEB5C32896F248E4B5097A537DEC3CE9B
File Size: 2.06 MB, 2064896 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name SYNTAX 2 Corporation
File Description SYNTAX 2 Windows Bootstrapper
File Version 1.4.1
Internal Name SYNTAX 2 Bootstrapper
Legal Copyright
  • Copyright (c) 2024
  • Copyright (c) 2025
Original Filename SyntaxPlayerLauncher.exe
Product Name SYNTAX 2 Bootstrapper
Product Version 1.4.1

File Traits

  • ntdll
  • x86

Block Information

Total Blocks: 5,355
Potentially Malicious Blocks: 1,598
Whitelisted Blocks: 3,757
Unknown Blocks: 0

Visual Map

x x 0 x x x 0 0 x 0 x x x x x x x x x x x x x 0 0 0 x 0 0 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 0 0 x 0 x x 0 0 x x 0 0 x x 0 x x x 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 x x 0 0 x x x 0 0 0 0 x 0 0 0 0 0 x 0 0 x 0 x 0 0 x 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 x x x 0 x x x x x x x x x x x x x x x 0 x x 0 x x x x x x x 0 x x x x x 0 x x x x x x x x x x 0 x x x x x 0 x 0 x x 0 x x x x 0 1 1 0 x x x 0 0 0 0 0 0 x x 0 x x x 0 x 0 x 0 x x x x x x x x x 0 0 0 x 0 0 0 0 0 x x x x x x x x x x x 0 x x x 0 0 x x 0 0 x x x x 0 x 0 x 0 x 0 x 0 0 x x x x x 0 0 x x x 0 0 x x 0 x x 0 x x x 0 x x x x x x 0 x 0 0 0 x x x x x x x 0 0 x 0 x 0 x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 x 0 x x 0 x x x 0 x x x 0 0 0 x 0 0 0 x 0 0 0 x x x 0 0 0 0 0 0 0 x 0 x x x x x 0 0 x x x 0 x x x 0 x 0 0 x x x 0 x 0 0 0 0 0 0 x x x 0 x 0 0 x 0 x x x 0 x x x x x x x x x 0 x 0 0 0 0 0 0 x 0 0 x 0 0 0 x 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 x x x x x x x x 0 0 0 0 0 x 0 0 x 0 0 0 x x x x 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 x 0 0 0 0 0 0 0 0 x x 0 0 x x x 0 x x x x x x x x x 0 x 0 0 0 0 0 0 x 0 0 x x 0 x 0 0 0 x 0 0 0 0 0 x x 0 x 0 0 0 0 0 x 0 0 0 x 0 x 0 x 0 x 0 0 0 x 0 0 x 0 x 0 0 0 0 0 0 x 0 x 0 x x x x x 0 0 x 0 x x 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 x 0 x x 0 0 x 0 0 x 0 0 0 x x 0 x x 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 x 0 x x 0 x 0 x 0 0 x 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 x x 0 0 x x x 0 0 x 0 x 0 0 x 0 x 0 0 x 0 x x 0 0 0 x x 0 0 0 0 0 x 0 0 0 x 0 x 0 0 0 x x x x 0 x 0 x 0 0 0 x x 0 0 0 x x x x x x 0 0 x x x 0 x x x 0 0 x x 0 x x x x 0 0 0 0 x x x x x x 0 0 0 x x x x 0 x x 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x 0 0 0 0 0 x 0 x x x 0 x 0 0 x 0 0 0 x x 0 0 x x x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 x 0 x x x 0 0 0 0 x x x 0 x x 0 x 0 x x 0 0 x x 0 0 x 0 x 0 0 0 0 0 x 0 x x 0 0 x x 0 0 0 x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x x 0 x x x x 0 0 x x 0 0 0 x 0 0 0 x 0 0 x 0 0 0 0 0 x x x x x 0 0 0 0 0 0 x x x 0 x 0 x 0 0 x x x 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x x x x 0 0 0 x x x 0 x x 0 x x 0 0 0 x x 0 0 x 0 0 0 x x x 0 0 x x 0 0 x 0 x x 0 x 0 0 x x 0 x x x x x 0 0 x x x 0 x 0 0 x x 0 x 0 x 0 0 x x x 0 0 x 0 0 x x 0 0 x x 0 x x x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x 0 x 0 0 0 x 0 x 0 x 0 0 x x 0 x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 0 0 x 0 0 0 x 0 0 0 x 0 x 0 0 x x 0 0 0 0 0 x 0 x x 0 0 0 x x x 0 0 0 x 0 0 0 x x 0 x 0 x 0 x x x 0 x x x 0 x x 0 x 0 x 0 x x 0 x x x x 0 x 0 x 0 x x 0 0 x x x 0 0 x x x x x x 0 x x 0 x x x 0 x 0 0 x x x x 0 x 0 0 x 0 0 x 0 0 x x x x x x x 0 x x x x x x 0 x x x x x x 0 x 0 0 0 0 0 0 x x 0 0 x 0 0 x x 0 0 1 0 0 0 x 0 0 0 0 x 0 x 0 x x 0 0 x 0 x 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 x x 0 x 0 x x x 0 0 0 x x 0 0 0 0 x 0 x 0 0 0 x x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x x x x 0 0 x x x 0 x 0 x 0 0 x x 0 x 0 0 x x x x 0 0 0 0 0 x 0 x x x x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x 0 0 0 0 0 x 0 0 x 0 0 0 x 0 x x 0 0 x 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 x x 0 0 0 0 0 x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 x 0 0 x x 0 0 0 x 0 0 0 0 x 0 0 0 0 x x 0 0 x 0 0 x 0 x x 0 0 0 0 0 0 x 0 x x 0 0 x 0 x 0 x 0 0 x 0 0 x 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 x 0 0 0 x x x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 x 0 0 x x x 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 x x x x x 0 0 x 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 0 0 x x x 0 x x x x 0 0 0 x 0 x 0 0 0 x x x x x 0 x 0 0 0 x x 0 0 x x x 0 x 0 0 0 x 0 0 x 0 0 x 0 0 x x 0 0 0 x x x x x x x x x x 0 0 0 0 x x x 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 x 0 0 x x x 0 0 0 0 0 0 x 0 0 x 0 x x 0 0 x x 0 0 0 x 0 x 0 x x x 0 x 0 x x 0 x 0 x x 0 0 x 0 x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x x 0 0 x 0 x 0 x 0 0 0 x 0 0 x 0 0 x x 0 0 x 0 0 x 0 x x 0 0 0 x x 0 0 x 0 x 0 x 0 0 0 0 x x 0 0 0 x x 0 0 x 0 0 x 0 x x 0 0 0 0 x x 0 0 x 0 x 0 x 0 0 x 0 0 0 0 0 x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Gamehack.HADF

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
Cert Store Read
  • CertOpenStore
Network Winsock2
  • WSASocket
  • WSAStartup
Network Winsock
  • bind
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • setsockopt
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\system32\cmd.exe "cmd" /c cls

Trending

Most Viewed

Loading...