PUP.GameHack.HYA
Table of Contents
Analysis Report
General information
| Family Name: | PUP.GameHack.HYA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
897444c8e5c0a94d9d4fffb7fdcd6009
SHA1:
c6c888b3ff9650255d1ab45636e5c3a86fa17772
SHA256:
5BBFD78CD2E3D3EFE0C3A35F83017B31B5664C96673B59D7F67665A1D81CE7BA
File Size:
69.12 KB, 69120 bytes
|
|
MD5:
c36ebcef01f34ea1d35d8b90c633f17b
SHA1:
d95478e6bfe37158b284714411765cd4c0650a0a
SHA256:
22195DAC853FFFD65252B7E0D018EC1E7E3874B068AA1FF717340A7393435B5C
File Size:
67.07 KB, 67072 bytes
|
|
MD5:
d1625ca2c54ba69c39db50bced61d7bc
SHA1:
e8c1f2bdca1083e10bf0f1631241486e022c5d70
SHA256:
50600B8A5F01CC080E03AA1C1D2BAE967A4A62A3BA57115EA1AE04009AD793DC
File Size:
69.12 KB, 69120 bytes
|
|
MD5:
ceee85e2cec388d8cc2be354055b0d11
SHA1:
ea74e560b1fcf7dae8c63d665530aab81415a29d
SHA256:
A818AE72A0B83FD3B8062715616842F36D77A92AA67C2256ED6A4806369CD8EC
File Size:
521.22 KB, 521216 bytes
|
|
MD5:
1895eae9c955f75d86ceb4c2e1639ffc
SHA1:
662f6d9448180b22f8220a767a53d5d175ec0cf8
SHA256:
52E14121807CE97005F1BFC16A9D0974D3B76ABCA589D70C3931DEC47CEFF400
File Size:
92.16 KB, 92160 bytes
|
Show More
|
MD5:
f1dbf28fe494ccea19fef3b1b030f742
SHA1:
a3e306f145ae84a5f3d121b593a32e9c5ec42b03
SHA256:
77D9ABFDF63B6F6E7CAF0215983E145D0C92B0B97CB3A0D63E4C16952F9BA8D7
File Size:
76.29 KB, 76288 bytes
|
|
MD5:
df700ab57873b037414ef4057e3d7d94
SHA1:
cb5f564f54dd40d807d9104202a97dbc3a4dcf2d
SHA256:
673B58C607B1AC09C1182C61C782AE55C0CF05DB35F67C11D5295D1BECA91666
File Size:
80.38 KB, 80384 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
File Traits
- HighEntropy
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 290 |
|---|---|
| Potentially Malicious Blocks: | 8 |
| Whitelisted Blocks: | 282 |
| Unknown Blocks: | 0 |
Visual Map
x
x
x
x
x
0
x
x
x
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
1
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
2
3
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
1
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
1
1
1
1
0
0
1
0
0
2
2
0
0
1
0
0
0
0
1
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
0
0
1
1
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\cetrainers\cet1c44.tmp\cet_trainer.cetrainer | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\cetrainers\cet43b0.tmp\cet_trainer.cetrainer | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\cetrainers\ceta207.tmp\cet_trainer.cetrainer | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\cetrainers\ceta284.tmp\cet_trainer.cetrainer | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\cetrainers\ceta63d.tmp\cet_trainer.cetrainer | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\cetrainers\cetbc11.tmp\cet_trainer.cetrainer | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\cetrainers\cetff0e.tmp\cet_trainer.cetrainer | Generic Write,Read Attributes |
