PUP.GameHack.XH

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.GameHack.XH
Signature status:	No Signature

Known Samples

MD5: 10dcb52e3e29c813db243e411d9dfcb0

SHA1: 763c458384a31c7e68a0989c8cd104c4e8e45ace

SHA256: EDBD2D137435198A67FADB619B9091EBA409B165F0B7899642B4379DEB9D56C5

File Size: 934.91 KB, 934912 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have security information
File has TLS information
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

Block Information

Total Blocks:	1,989
Potentially Malicious Blocks:	385
Whitelisted Blocks:	1,074
Unknown Blocks:	530

Visual Map

0 0 ? ? 0 0 0 0 x 0 0 0 0 0 0 ? ? x x 0 0 0 0 0 x 0 0 0 0 0 0 1 0 x 0 0 0 0 0 0 0 0 1 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 ? x 0 0 x 0 0 0 0 0 1 0 0 0 0 x ? ? ? 0 ? 0 ? ? ? 0 x x x x x 0 ? 0 ? x x ? 0 x ? 0 0 x ? 0 0 x ? 0 0 ? 0 ? x ? x ? 0 ? 0 x x ? 0 0 0 0 x x ? x x 0 0 ? 0 0 x x 0 x x ? 0 ? ? ? ? x ? ? 0 x ? 0 x x x ? x ? ? ? ? ? ? 0 x ? 0 ? x x x x 0 ? ? x ? 0 ? x x x ? ? 0 ? x ? ? ? x ? x 0 ? x ? ? x ? x x x ? 0 ? ? 0 ? 0 0 ? 0 ? ? ? 0 0 ? 0 ? ? 0 ? ? ? x ? ? x 0 ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? 0 x ? 0 x ? ? x 0 ? ? ? 0 0 ? 0 ? ? 0 0 ? ? ? 0 ? 0 ? 0 ? ? x x ? ? ? ? 0 ? ? ? 0 ? 0 ? ? 0 x ? ? 0 0 0 ? ? 0 0 0 ? ? 0 0 ? ? 0 0 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 ? ? 0 ? 0 0 ? ? 0 0 ? ? 0 0 ? ? 0 ? ? 0 x ? ? ? 0 0 ? ? ? 0 0 ? ? 0 0 ? ? ? ? ? ? ? 0 x ? ? ? x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? x x x x 0 ? ? ? x ? x 0 x x x x x ? x 0 0 1 0 ? ? x ? ? x ? x ? ? x x x x ? x ? ? 0 0 ? 0 ? 0 x x 0 0 x 0 x x 0 0 x ? 0 ? x x x x 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x 0 ? ? 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? ? 0 0 0 0 ? ? 0 x ? 0 0 ? 0 0 0 0 0 0 0 ? x x x x ? 1 0 0 0 x 0 0 ? x x ? 0 0 x 0 x ? ? ? ? ? x ? x x x x 0 0 x 0 0 ? ? 0 0 ? ? x 0 ? ? x ? ? ? ? ? x x 0 ? ? ? ? ? ? x ? ? ? ? 0 ? ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? x ? x ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? 0 ? 0 ? ? 0 ? ? ? 0 x ? ? ? 1 ? ? ? ? 0 ? ? x ? ? ? ? x ? ? ? ? 0 ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x ? x x x x x x ? ? ? ? ? ? ? ? ? x x x x x x ? x x x x x ? ? ? ? ? ? ? ? ? ? ? ? x x ? ? ? x x x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? x x x x x x ? x x x x x x x x x x x 0 ? x ? x x ? 0 0 0 x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? 0 ? 0 ? 0 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 ? 0 ? 0 x x 1 0 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 ? ? 0 ? 0 0 0 ? 0 x 0 x 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 x 0 ? 0 0 0 0 0 ? ? 1 0 ? 1 0 ? 1 0 ? 1 0 0 ? 1 0 ? 1 0 ? 0 0 ? 0 0 ? 0 0 ? ? ? 0 0 0 0 ? 0 0 ? 0 ? 0 ? 0 0 0 ? ? x 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 0 x ? 0 0 x x 0 0 0 0 0 x 0 x 0 x 0 x 0 0 x 0 0 x 0 ? 0 x 0 ? 0 0 0 0 0 0 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 0 ? 0 0 ? 0 0 0 ? 0 x 0 x 0 ? 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 x 0 ? 0 x 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x 0 0 x x 0 0 ? x ? x ? x x x x x ? ? ? ? x x x x x x ? ? x ? ? x x x ? 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᰇ느騷ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection Show More ntdll.dll!NtCreateSemaphore ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile UNKNOWN
Anti Debug	IsDebuggerPresent
Process Terminate	TerminateProcess

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.GameHack.XH

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Kryptik.BKB

Uckery.com

Maps-N-Directions

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen