Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.OSB

PUP.Gamehack.OSB

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.OSB
Signature status: No Signature

Known Samples

MD5: 69f617bcb5cb53dbd5aa1837121bc973
SHA1: 09d6a45cecfd94bb5714228d8494cf736ce74aa9
SHA256: 07909A91E3DFB954C0CB291EC70A44C4118D358BEE1212711B48CC6D4F49F9E2
File Size: 2.50 MB, 2497536 bytes
MD5: 0dcdd1b45c3b3b03133094f882b91a1b
SHA1: 37d2b5017f313e9b899eb6db87eb2808d50ed218
SHA256: F7F8698BF2885E513290F5ADDB4B5CFFA7594199F022BBAE1DA19C6CC21C8FDC
File Size: 2.50 MB, 2497536 bytes
MD5: 4133007c386b6f5306014cb7e9e5e440
SHA1: 8733a2164ecf12a38d381e9b5582431945341168
SHA256: DFE01B75E75CE367ED2F81F2A9689C57EC7B39A0A3873659916C0E3AF08C64B5
File Size: 2.50 MB, 2497536 bytes
MD5: 66966b4ad078550375075eeddc35b507
SHA1: 96f73b8e6580450ff41bec35fe1ccb52187551de
SHA256: F52A33B94F2F6587D92D2A9FE63B481515E19EDD42FB6F9B8CE1DBB528128244
File Size: 2.50 MB, 2497536 bytes
MD5: ea56b5eb71656c8fd1b3a9514262e663
SHA1: a0f0d03c00cb76203449fcb8a1b3ef323dd212fc
SHA256: E1442B1CF246B83EB39EE1056C55917D49EE2F65A770FB730DFF04C1C3F18791
File Size: 2.50 MB, 2497536 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • No Version Info
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 3,341
Potentially Malicious Blocks: 1,085
Whitelisted Blocks: 2,065
Unknown Blocks: 191

Visual Map

x x ? x x x x x x x ? x x x x x x x ? x x x x x x x x x x x x x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 1 x x x 0 0 1 0 0 x 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 x x x x x 0 x x x x x x x 0 x 0 0 0 0 0 0 0 0 ? 0 x x x x ? x ? x 0 x 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x 0 0 x 0 x x x 0 x 0 x 0 x 0 0 x 0 x x x 0 0 x x x x x x 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 x x 0 0 x x x 0 x 0 0 0 x 0 0 0 0 x 0 0 x x x 0 0 0 0 x 0 0 x 0 x x 0 x 0 0 0 x x x 0 0 x x x 0 x ? x x ? 0 x ? x 0 0 0 0 0 0 0 0 0 x 0 x 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x ? 0 0 0 x x 0 0 0 x ? 0 0 x 0 0 0 0 0 x x x 0 x x x 0 x 0 0 x 0 x x 0 x x x x x x x x 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x 0 x x 0 0 x 0 x 0 x 0 x 0 x x 0 x x x x x 0 x x x x x x ? ? ? x ? 0 x ? ? ? x ? 0 x x x x x x x x x x x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 1 0 0 0 0 0 0 x 0 0 0 x x x x x x x x 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x x 0 0 x 0 x x x x x x 0 0 x x x x x 0 x x x x x x x 0 0 x 0 x x x 0 x x x 0 0 x 0 x 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 x 0 0 ? ? ? ? ? ? 0 ? 0 0 x x 0 0 x 0 0 x x x x x ? x x ? 0 x ? x 0 0 0 0 0 x x 0 x 0 x x x 0 0 0 x x 0 0 0 x ? x 0 x x 0 0 0 x ? x x 0 0 0 0 x x x x x x x x 0 0 0 x 0 x x x x 0 x x 0 x x x 0 x x x x x 0 x x x 0 x x x 0 x x 0 0 x 0 x x x x x x x x 0 0 0 0 0 x x 0 0 x 0 0 0 x 0 x x x 0 0 x 0 x x 0 x x x 0 x x x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 x x x x x x x 0 x 0 x x x x x x 0 x 0 x x x x x x 0 x x x x x x 0 x x x x x x x 0 x x x x x x 0 x 0 0 0 x x x 0 0 0 0 0 0 x x x 0 x x x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 x x x x 0 x 0 x x 0 x x x x x x x 0 x x 0 x x ? x ? x 0 x x 0 x x x x ? x ? x 0 x x 0 x x ? x ? x 0 x x 0 x x ? x ? x 0 x x 0 x x ? x ? x 0 x x 0 x x x x 0 0 x x 0 0 0 0 x 0 x x x x x x 0 x x x x x 0 x 0 0 x x 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x x x x ? x ? x 0 x 0 x 0 x x x x x x x x x 0 x 0 x x x x x x x x 0 x x x x x x 0 x 0 x x ? x ? x x x 0 x x x x ? x ? x x x 0 0 x 0 x x x x x x 0 x x x x x x 0 x x x x x x x 0 x x x x x x 0 x x x 0 0 x x x x x x x x 0 0 x x x x x x x x 0 0 0 x 0 0 x 0 x 0 x x 0 x 0 0 x x x x 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? ? ? ? ? 0 x ? ? ? ? ? 0 x x 0 0 x x x ? x x 0 0 x x x 0 x x x 0 0 0 0 0 0 0 0 x 0 0 x x x 0 x 0 0 0 0 0 0 0 x x x 0 ? 0 x x x 0 x ? x 0 0 0 0 0 0 0 0 x 0 x 0 x x x x x 0 x 0 x 0 x x 0 x x x 0 0 x x x x x x 0 0 x x x x 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 x ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 x x 0 0 0 x 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x x 0 x x x x x ? x x ? 0 x x x 0 0 0 0 0 0 x 0 x 0 0 ? x x x x x x x x x 0 0 x 0 0 x 0 x 0 0 x 0 x 0 0 0 0 x x x x x ? x 0 ? x ? x ? x 0 ? x ? x ? x 0 x 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 x x 0 x x x ? ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x ? x x x 0 x x x 0 x 0 0 x x 0 0 0 0 0 x x ? x x 0 0 0 0 x x x x 0 x x x 0 x 0 0 x x 0 0 x 0 x x x 0 x 0 0 ? x 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 x 0 0 x x x x 0 0 x x x x x x 0 x 0 x x 0 0 0 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x x x x x 0 x ? ? x 0 x x x x x x 0 0 0 x 0 0 x x 0 x 0 0 x 0 0 x ? x 0 ? x ? ? x ? ? ? x ? ? x ? ? ? x x 0 0 0 0 0 0 0 x x 0 x x 0 0 ? x x ? ? ? 0 x x x ? ? ? 0 x x x x ? ? ? x x x x x x 0 x ? x 0 0 ? 0 ? x ? ? x ? 0 ? x ? ? x ? 0 x ? x ? ? x ? ? ? x ? ? x ? 0 ? x ? ? x ? 0 ? x ? ? x ? ? ? x ? ? x ? 0 x 0 0 ? x ? ? x ? ? ? x ? ? x ? 0 ? x 0 ? 0 x 0 x 0 0 x 0 0 0 x x x ? x ? x x ? ? ? 0 ? x ? ? ? ? 0 ? x ? ? ? 0 0 x x 0 0 x 0 x x x x x x 0 0 x 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 ? x 0 ? 0 0 0 x 0 0 0 0 0 x x ? ? x 0 x x 0 x x x x x ? x ? ? x x x ? x ? ? x x x x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Gamehack.OSB

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges

Trending

Most Viewed

Loading...