PUP.GameHack.LA
Table of Contents
Analysis Report
General information
| Family Name: | PUP.GameHack.LA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
b3579e1dd70e53e4a04b2ace7d7a6c51
SHA1:
35e24e9f75064209559f2eeffd8c9b2282fe49c4
SHA256:
CC3A8D05A2DDC5437E35969F3F15C63D131CCBB1453F12759A03FA3190BF7F1A
File Size:
838.00 KB, 838003 bytes
|
|
MD5:
a30e960639915ff676a07fb8014f152e
SHA1:
31da41706bf12a56569a04f4271135dcc85d6458
SHA256:
DBE218C7CA43F71E83D5CAEC82AC9B18D16E23F595089A0B1194EBFEC610DD8F
File Size:
744.52 KB, 744517 bytes
|
|
MD5:
80cc8d5b37c3e237889b470b6d59cdef
SHA1:
8c2563cfac33f7132c5d949e68d5a8ab65d114f5
SHA256:
6A542A222468C2F7B077A64AE8DB05AC10F4A47101D49B2E99BA0D3A2ADDDD9C
File Size:
532.48 KB, 532480 bytes
|
|
MD5:
479198e8c726dba58a8476e70d916f39
SHA1:
1103bd61845c89f4ce13ae9bd82fb4a0ff73592c
SHA256:
92760C9E7A7322F1B74ED2B16295617A56C05EA9407116ADB230F8D9DDF744DF
File Size:
694.27 KB, 694272 bytes
|
|
MD5:
36abc97ba6b01c0a4fc267c54f53b1f2
SHA1:
d80863161a248a2aa560dfceb0a046fe599bf095
SHA256:
3104E501CD352839ABAE649D3EE2C6F7ED7F6FA87BFE812589761F106251C15E
File Size:
742.46 KB, 742457 bytes
|
Show More
|
MD5:
1d16de23771e816d12020276ba3ed1e9
SHA1:
47ffb04a2bea283731923579de47e7ad4801f669
SHA256:
C56B88B248D24F770B7E675D9CC20E65AF91BED0BDC99894CC47980AD4AC7995
File Size:
748.54 KB, 748544 bytes
|
|
MD5:
c8667c2df7e050cb95d1807f08c8c7fd
SHA1:
d0d23e5a3c36bd757d7b60613c3d27f03c967368
SHA256:
18CB87C9D8FFBE99DD182CBB955CD6DDE39A964A6D9DCA65E2F6FEEACB129163
File Size:
701.44 KB, 701440 bytes
|
|
MD5:
1b39d5f73c553ec87320549c2ecc6a2b
SHA1:
7379f355dc3e39ea8287a8ca30f62153dcd8a8cc
SHA256:
1159FA6919BA3416E46FFCE451256DBAC5701E10C7D2EF9B9C781843DF0235BE
File Size:
660.53 KB, 660534 bytes
|
|
MD5:
0317d2d2085eb6da3ffdd32a55245536
SHA1:
1ec26a27792b3c0af0d209d0283cf6e43890f217
SHA256:
CAFB07B5F2C30C8E40C0B5A2B205F643A558EF8A2291E26745890B854729D948
File Size:
733.64 KB, 733639 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Additional Information | Created with Bytessence Install Maker, a freeware install builder available from http://www.bytessence.com |
| B I M Version | 5.40 |
| Company Name |
|
|
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks | MeGaHeRTZ TeaM |
| Original Filename |
|
| Private Build | 2025.3.2.0 |
| Product Name |
|
| Product Version |
|
| Special Build | 2025.3.2.0 |
| Website |
|
File Traits
- 00 section
- 2+ executable sections
- ASPack v2.12
- big overlay
- HighEntropy
- Installer Version
- packed
- VirtualQueryEx
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 836 |
|---|---|
| Potentially Malicious Blocks: | 23 |
| Whitelisted Blocks: | 811 |
| Unknown Blocks: | 2 |
Visual Map
0
x
x
0
0
x
x
0
0
0
x
?
?
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
x
0
0
x
0
0
0
x
x
x
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
x
x
x
0
0
0
x
x
x
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- GameHack.LA
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\_temp_1827468.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\_temp_5224560.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\program files\common files\system\symsrv.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\a1d26e2\a70710501a38.tmp | Generic Write,Read Attributes |
| c:\users\user\downloads\0.ogg | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\1.ogg | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\3.ogg | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\4.ogg | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\5.ogg | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\6.ogg | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Show More
| c:\users\user\downloads\7.ogg | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Service Control |
|
| Anti Debug |
|
| User Data Access |
|
| Keyboard Access |
|
