Multi-License Discount Quote

Change Region

English
Threat Database Hacktool PUP.Gamehack.PA

PUP.Gamehack.PA

By CagedTech in Hacktool, Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.PA
Signature status: No Signature

Known Samples

MD5: 9c325ab25f9ebe86d1fd7590cf647cca
SHA1: b0c1a725acbf1c26349b68fae825c516f2d2f437
File Size: 1.39 MB, 1387008 bytes
MD5: 8f2b7a9995aa6d090e472fe0cba360bd
SHA1: c5eccc02034b3eb04333b6118a460d95af6c86c1
SHA256: 6352AF13670638D603964D47226A1085C4037D97EF846051554886F5A05691FE
File Size: 1.66 MB, 1662144 bytes
MD5: 16b5d629ed3f630769080c0642eaddb6
SHA1: dfd65c275d130f2c7b1548ed7e482049479adc98
SHA256: DBF4E0BF3CEE9486DB482BFE6E38128F7E45EB1E48C6B9968C6DCC3FE5323F8A
File Size: 2.34 MB, 2335936 bytes
MD5: f3c52c45aac32bfd6b815b2f5b381c5d
SHA1: 57e29c4f77aca7fc2a6c2d70d5272830da99bbbb
SHA256: 02A61FCFBEC9CEB62DD7C97F6C00E85584CCBACECD2EAA38638083ADB4326EC7
File Size: 1.38 MB, 1377792 bytes
MD5: d303890ea6043bfb4fe9e548c056c59e
SHA1: 9868a2820730a6cdb20d2d5e60c8b84a43d182d8
SHA256: C8C01EC570C9BD70E65D75ED3E6EFB3C9A5669EC0E23EC758FB70CD0282922E1
File Size: 688.13 KB, 688128 bytes
Show More
MD5: 7136da0c8f01903f58d65ad9e3b436e8
SHA1: 29a9862de7a9f836923c5a11108fcb9c0fb18dca
SHA256: F08B56E96049ACB9BE3D22771044091257738B0DC2BA665F6A1D67758CA3617C
File Size: 1.02 MB, 1016832 bytes
MD5: 7bc9ef0a8c506db48365cb1227f10a4c
SHA1: 254d405bbd42ece3c466da9185945e43ab24a5eb
SHA256: DBB2F26399B141205F1E4908739101A394E1ACBA449EA0EC721F07AC2A9C9178
File Size: 1.04 MB, 1035776 bytes
MD5: 71ad69f8d99192ea388e40627d7b2b54
SHA1: 990ef8fa231137658b8532b1c44cd7e7c543055f
SHA256: 3F44D7710C685DBE2F5BE6E4623D1B9C8F40EEAE191B2723C61E62BAF4212C95
File Size: 1.07 MB, 1070619 bytes
MD5: f42debbadfcd2faa0b8cf7f788867a9a
SHA1: 2a270eb72553da61d2c6d0e5a6bc887fb613bca8
SHA256: D4BC87FE89F797BC124B7A7959911DCB905CDA549C577E67E4DF7A9572E5CEF2
File Size: 2.01 MB, 2005184 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Cheathappens
File Version
  • 1.0009
  • 1.0007
  • 1.0005
Internal Name
  • 1.0.5
  • 6.23.1435251
  • Version 1.06
Product Name
  • Call of Duty Infinite Warfare
  • Civilization 6
  • Metal Gear Survive
  • STAR WARS Battlefront
  • Warhammer 40000 Inquisitor Martyr
Product Version
  • 67412
  • 55358
  • 22088
  • 22063
  • 20397

File Traits

  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • VirtualQueryEx
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 634
Potentially Malicious Blocks: 1
Whitelisted Blocks: 624
Unknown Blocks: 9

Visual Map

? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Gamehack.PA

Files Modified

File Attributes
c:\users\user\cheathappens\debug\.debug Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\cheathappens\debug\metal gear survive.debug Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\cheathappens\debug\star wars battlefront.debug Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\cheathappens\debug\warhammer 40000 inquisitor martyr.debug Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\cheathappens\work\ch.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\cheathappens\work\cheathappens.net Synchronize,Write Attributes
c:\users\user\cheathappens\work\help.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\cheathappens\work\inetcheck.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\cheathappens\work\inetcheck.dat Synchronize,Write Attributes
c:\users\user\cheathappens\work\runtime\cheathappens.net Synchronize,Write Attributes
Show More
c:\users\user\cheathappens\work\runtime\inetcheck.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\cheathappens\work\runtime\inetcheck.dat Synchronize,Write Attributes
c:\users\user\downloads\0.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\1.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\3.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\4.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\5.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\6.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\7.ogg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\ch.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\help.txt Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\notepad.exe 툃瑉ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\notepad.exe ࢥ倥蒻ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
Show More
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtFindAtom
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtImpersonateAnonymousToken
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletion
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtUpdateWnfStateData
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject

95 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Network Winsock2
  • WSARecv
  • WSAStartup
  • WSAttemptAutodialName
Other Suspicious
  • AdjustTokenPrivileges
Network Winsock
  • accept
  • bind
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • getpeername
  • getsockname
  • inet_addr
Show More
  • recv
  • send
  • setsockopt
  • socket
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
Process Terminate
  • TerminateProcess

Shell Command Execution

"notepad.exe" C:\Users\user\Cheathappens\Debug\STAR WARS Battlefront.debug
"notepad.exe" C:\Users\user\Cheathappens\Debug\Civilization 6.debug

Trending

Most Viewed

Loading...