PUP.Gamehack.LCO
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Gamehack.LCO |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
b5ad7670ddd908d4c24de476f327d815
SHA1:
4421b0f2d80518970569e580708631c7bb66d078
SHA256:
55C3E3C6F3B8CC8BE55C6B3B2E5A2EDA4C3F17D6289948E05455748C9923E900
File Size:
9.83 MB, 9834751 bytes
|
|
MD5:
0e819bdf5875444433dea4fb7f7717a5
SHA1:
1dbd69ba4d8f8d089c867184663019b653ce0cb7
SHA256:
F4FFA948DD2DF341B5A005EB40A4F7C62230C7895FB2D153F52EDB5AD756598F
File Size:
150.02 KB, 150016 bytes
|
|
MD5:
89d73fec2ce6404dd3570241462cd092
SHA1:
92c30a426921eede0c27ce6acd32720517f03b72
SHA256:
F7B6A1F9D422D4F1011491548D997323CA519841D94B8180D4D212D24C5F9A38
File Size:
151.55 KB, 151552 bytes
|
|
MD5:
a8d67659c02caa6e407d690fd576ea5a
SHA1:
e77401d02085bad3276fdea3243bcd90f4b5f245
SHA256:
9267CB4BAAE0092C190310FBA398FB89B632E7BF36333AF5CFBDC64FE4CD768B
File Size:
160.26 KB, 160256 bytes
|
|
MD5:
08efc121d55f734efed7de7c2edfa7fb
SHA1:
2c818998a0fc83c815bc69c440fd79d012595972
SHA256:
6701EEB2FFFDF11D1CA52CC7A7746EB49C33C610A892C8059032E65D02F4D7BE
File Size:
151.04 KB, 151040 bytes
|
Show More
|
MD5:
153859af832d203d648419563914c86f
SHA1:
161352b2c7706dbff8bb25fb053c79cce62e50cf
SHA256:
4BF336F2B61109760E2FF9EAE3C17C96F76E6E616F464128A442580F2FA83471
File Size:
9.84 MB, 9836672 bytes
|
|
MD5:
1d90ad313d4241328e935d93a391a430
SHA1:
ee667cbf0d8b67b03b851128a771eb36eae56613
SHA256:
BC7010B51D932CD50A798C4EE6811930CB18C77069C336D323D90CFDC27AFA37
File Size:
9.84 MB, 9835719 bytes
|
|
MD5:
11902c4aac41410e9622103eeb14524b
SHA1:
17c3ad4a17b0a141312453b0defc35768a68ce4c
SHA256:
A863222B26D417CFC902210FA5902C7D26050AD699064A0244C347446EE205B1
File Size:
9.84 MB, 9835957 bytes
|
|
MD5:
4849cc6be49c58b535d3653709c1c6cc
SHA1:
7d89336ebe9a42a9980873fe38526ea098954b23
SHA256:
CACCCD88ED19B5D39FC44DC87E662BA71FDDA70C8B6F47BEB9C7C8911C4B2021
File Size:
9.83 MB, 9834893 bytes
|
|
MD5:
104afd9fbb2e20876cc9eb37e4170b2e
SHA1:
fee95290b54067fac0cc4861ea0579512d59b24a
SHA256:
A027F5AF82888B8F7B1EBCAA45BF60E249BDF979D340A0A8C7D99E0E435CD11F
File Size:
9.84 MB, 9835891 bytes
|
|
MD5:
76d79f64d0a711ca9068197577da9df5
SHA1:
4eb318e4e361aa23ce12d878f114e1e9808882c6
SHA256:
BDC8C2BCCE60B321086AADB0681EC5407E3EF00A2C87E9ED2E22A3AFA2CF40DB
File Size:
9.84 MB, 9835271 bytes
|
|
MD5:
bf1fbd147dee1519194aa6e7595d2be1
SHA1:
9cd6a01c741bdf953f0886746be9954dcb65801a
SHA256:
AD8CED28A82507B666BBFA8547B76E3958BC44F20EAEF1BD933EF26EF4F5E042
File Size:
9.84 MB, 9836784 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | TeXCAD is a program for drawing or retouching {picture}s in LaTeX. |
| Company Name | Free Software Foundation, Inc. |
| File Description |
|
| File Version |
|
| Internal Name |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- dll
- HighEntropy
- x86
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\nsa3e9d.tmp1 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsa3e9d.tmp2 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsa3e9d.tmp3 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsa3e9d.tmp4 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsa3e9d.tmp5 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsa3e9d.tmp6 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsa3e9d.tmp7 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsa3e9d.tmp8 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsaae4a.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsb1cd1.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
Show More
| c:\users\user\appdata\local\temp\nsba5c2.tmp1 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsba5c2.tmp2 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsba5c2.tmp3 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsba5c2.tmp4 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsba5c2.tmp5 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsba5c2.tmp6 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsba5c2.tmp7 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsba5c2.tmp8 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsd40b4.tmp1 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsd40b4.tmp2 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsd40b4.tmp3 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsd40b4.tmp4 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsd40b4.tmp5 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsd40b4.tmp6 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsd40b4.tmp7 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsd40b4.tmp8 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb5d0.tmp1 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb5d0.tmp2 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb5d0.tmp3 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb5d0.tmp4 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb5d0.tmp5 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb5d0.tmp6 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb5d0.tmp7 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsdb5d0.tmp8 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg3188.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsg3189.tmp1 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg3189.tmp2 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg3189.tmp3 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg3189.tmp4 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg3189.tmp5 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg3189.tmp6 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg3189.tmp7 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsg3189.tmp8 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsgbe16.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsgbe17.tmp1 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsgbe17.tmp2 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsgbe17.tmp3 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsgbe17.tmp4 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsgbe17.tmp5 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsgbe17.tmp6 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsgbe17.tmp7 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsgbe17.tmp8 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsi2270.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsi2270.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsi2270.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsi2270.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsjab13.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsjab13.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsjab13.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsjab13.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsk3e8c.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsma5b2.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nso40a4.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsq4588.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsq4588.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsq4588.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsq4588.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqae5b.tmp1 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqae5b.tmp2 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqae5b.tmp3 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqae5b.tmp4 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqae5b.tmp5 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqae5b.tmp6 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqae5b.tmp7 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsqae5b.tmp8 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr1ce2.tmp1 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr1ce2.tmp2 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr1ce2.tmp3 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr1ce2.tmp4 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr1ce2.tmp5 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr1ce2.tmp6 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr1ce2.tmp7 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsr1ce2.tmp8 | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nss36aa.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nss36aa.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nss36aa.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nss36aa.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nss4390.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nss4390.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nss4390.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nss4390.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsubb5e.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsubb5e.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsubb5e.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsubb5e.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsxb35d.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsxb35d.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsxb35d.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsxb35d.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsxb5bf.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsyc30a.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsyc30a.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsyc30a.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsyc30a.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1dbd69ba4d8f8d089c867184663019b653ce0cb7_0000150016.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\92c30a426921eede0c27ce6acd32720517f03b72_0000151552.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e77401d02085bad3276fdea3243bcd90f4b5f245_0000160256.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2c818998a0fc83c815bc69c440fd79d012595972_0000151040.,LiQMAxHB
|