PUP.Gamehack.LCO

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Gamehack.LCO
Signature status:	No Signature

Known Samples

MD5: b5ad7670ddd908d4c24de476f327d815

SHA1: 4421b0f2d80518970569e580708631c7bb66d078

SHA256: 55C3E3C6F3B8CC8BE55C6B3B2E5A2EDA4C3F17D6289948E05455748C9923E900

File Size: 9.83 MB, 9834751 bytes

MD5: 0e819bdf5875444433dea4fb7f7717a5

SHA1: 1dbd69ba4d8f8d089c867184663019b653ce0cb7

SHA256: F4FFA948DD2DF341B5A005EB40A4F7C62230C7895FB2D153F52EDB5AD756598F

File Size: 150.02 KB, 150016 bytes

MD5: 89d73fec2ce6404dd3570241462cd092

SHA1: 92c30a426921eede0c27ce6acd32720517f03b72

SHA256: F7B6A1F9D422D4F1011491548D997323CA519841D94B8180D4D212D24C5F9A38

File Size: 151.55 KB, 151552 bytes

MD5: a8d67659c02caa6e407d690fd576ea5a

SHA1: e77401d02085bad3276fdea3243bcd90f4b5f245

SHA256: 9267CB4BAAE0092C190310FBA398FB89B632E7BF36333AF5CFBDC64FE4CD768B

File Size: 160.26 KB, 160256 bytes

MD5: 08efc121d55f734efed7de7c2edfa7fb

SHA1: 2c818998a0fc83c815bc69c440fd79d012595972

SHA256: 6701EEB2FFFDF11D1CA52CC7A7746EB49C33C610A892C8059032E65D02F4D7BE

File Size: 151.04 KB, 151040 bytes

MD5: 153859af832d203d648419563914c86f

SHA1: 161352b2c7706dbff8bb25fb053c79cce62e50cf

SHA256: 4BF336F2B61109760E2FF9EAE3C17C96F76E6E616F464128A442580F2FA83471

File Size: 9.84 MB, 9836672 bytes

MD5: 1d90ad313d4241328e935d93a391a430

SHA1: ee667cbf0d8b67b03b851128a771eb36eae56613

SHA256: BC7010B51D932CD50A798C4EE6811930CB18C77069C336D323D90CFDC27AFA37

File Size: 9.84 MB, 9835719 bytes

MD5: 11902c4aac41410e9622103eeb14524b

SHA1: 17c3ad4a17b0a141312453b0defc35768a68ce4c

SHA256: A863222B26D417CFC902210FA5902C7D26050AD699064A0244C347446EE205B1

File Size: 9.84 MB, 9835957 bytes

MD5: 4849cc6be49c58b535d3653709c1c6cc

SHA1: 7d89336ebe9a42a9980873fe38526ea098954b23

SHA256: CACCCD88ED19B5D39FC44DC87E662BA71FDDA70C8B6F47BEB9C7C8911C4B2021

File Size: 9.83 MB, 9834893 bytes

MD5: 104afd9fbb2e20876cc9eb37e4170b2e

SHA1: fee95290b54067fac0cc4861ea0579512d59b24a

SHA256: A027F5AF82888B8F7B1EBCAA45BF60E249BDF979D340A0A8C7D99E0E435CD11F

File Size: 9.84 MB, 9835891 bytes

MD5: 76d79f64d0a711ca9068197577da9df5

SHA1: 4eb318e4e361aa23ce12d878f114e1e9808882c6

SHA256: BDC8C2BCCE60B321086AADB0681EC5407E3EF00A2C87E9ED2E22A3AFA2CF40DB

File Size: 9.84 MB, 9835271 bytes

MD5: bf1fbd147dee1519194aa6e7595d2be1

SHA1: 9cd6a01c741bdf953f0886746be9954dcb65801a

SHA256: AD8CED28A82507B666BBFA8547B76E3958BC44F20EAEF1BD933EF26EF4F5E042

File Size: 9.84 MB, 9836784 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	TeXCAD is a program for drawing or retouching {picture}s in LaTeX.
Company Name	Free Software Foundation, Inc.
File Description	Password Safe Appliacation TeXCAD, a LaTeX {picture} drawing program Unicode Converter Appliacation
File Version	Ver. 4.6 3.6.0.1259 1.0.0.0
Internal Name	pwsafe.dll TeXCAD
Original Filename	pwsafe.dll TeXCAD.exe UnicodeConverter.dll
Product Name	Password Safe TeXCAD Unicode Converter
Product Version	4.6 3.6.0.1259 1.0.0.0

File Traits

dll
HighEntropy
x86

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\nsa3e9d.tmp1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3e9d.tmp2	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3e9d.tmp3	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3e9d.tmp4	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3e9d.tmp5	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3e9d.tmp6	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3e9d.tmp7	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3e9d.tmp8	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsaae4a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsb1cd1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

c:\users\user\appdata\local\temp\nsba5c2.tmp1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba5c2.tmp2	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba5c2.tmp3	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba5c2.tmp4	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba5c2.tmp5	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba5c2.tmp6	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba5c2.tmp7	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba5c2.tmp8	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd40b4.tmp1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd40b4.tmp2	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd40b4.tmp3	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd40b4.tmp4	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd40b4.tmp5	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd40b4.tmp6	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd40b4.tmp7	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd40b4.tmp8	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb5d0.tmp1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb5d0.tmp2	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb5d0.tmp3	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb5d0.tmp4	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb5d0.tmp5	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb5d0.tmp6	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb5d0.tmp7	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsdb5d0.tmp8	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg3188.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsg3189.tmp1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg3189.tmp2	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg3189.tmp3	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg3189.tmp4	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg3189.tmp5	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg3189.tmp6	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg3189.tmp7	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg3189.tmp8	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe16.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsgbe17.tmp1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe17.tmp2	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe17.tmp3	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe17.tmp4	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe17.tmp5	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe17.tmp6	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe17.tmp7	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe17.tmp8	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi2270.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi2270.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsi2270.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi2270.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjab13.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjab13.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsjab13.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjab13.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk3e8c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsma5b2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nso40a4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq4588.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq4588.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsq4588.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq4588.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqae5b.tmp1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqae5b.tmp2	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqae5b.tmp3	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqae5b.tmp4	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqae5b.tmp5	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqae5b.tmp6	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqae5b.tmp7	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqae5b.tmp8	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1ce2.tmp1	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1ce2.tmp2	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1ce2.tmp3	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1ce2.tmp4	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1ce2.tmp5	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1ce2.tmp6	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1ce2.tmp7	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1ce2.tmp8	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss36aa.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss36aa.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nss36aa.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss36aa.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss4390.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss4390.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nss4390.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss4390.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsubb5e.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsubb5e.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsubb5e.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsubb5e.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxb35d.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxb35d.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsxb35d.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxb35d.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxb5bf.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsyc30a.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyc30a.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsyc30a.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyc30a.tmp\modern-wizard.bmp	Generic Write,Read Attributes

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserObjectInformation
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenProcessToken ntdll.dll!NtProtectVirtualMemory Show More ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtTestAlert ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Process Shell Execute	CreateProcess

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1dbd69ba4d8f8d089c867184663019b653ce0cb7_0000150016.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\92c30a426921eede0c27ce6acd32720517f03b72_0000151552.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e77401d02085bad3276fdea3243bcd90f4b5f245_0000160256.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2c818998a0fc83c815bc69c440fd79d012595972_0000151040.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Gamehack.LCO

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

RebateBlast

Wellhabits.xyz

STOX-C.Trojan

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen