Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.XJ

PUP.Gamehack.XJ

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.XJ
Signature status: No Signature

Known Samples

MD5: f38776a9b0b4ee8f219dc3cdd42a21d7
SHA1: 0b2da9879f30b2c77e2509a513ef56a3f9fff4ff
SHA256: DB59B42C1613EAC5A335BE16FDF3D7E73E81AD488B3DECB48A3BB25351264B1A
File Size: 111.62 KB, 111616 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • GetConsoleWindow
  • No Version Info
  • x64

Block Information

Total Blocks: 305
Potentially Malicious Blocks: 19
Whitelisted Blocks: 286
Unknown Blocks: 0

Visual Map

0 0 0 0 x x x 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 0 x 0 0 x x 0 x x 0 x x 0 0 0 0 0 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 0 0 2 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Gamehack.XJ

Files Modified

File Attributes
\device\namedpipe\discord-ipc-0 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-1 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-2 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-3 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-4 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-5 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-6 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-7 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-8 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\discord-ipc-9 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\discord-1199748644409184347:: URL:Run game 1199748644409184347 protocol RegNtPreCreateKey
HKCU\discord-1199748644409184347::url protocol RegNtPreCreateKey
HKCU\discord-1199748644409184347\defaulticon:: c:\users\user\downloads\0b2da9879f30b2c77e2509a513ef56a3f9fff4ff_0000111616 RegNtPreCreateKey
HKCU\discord-1199748644409184347\shell\open\command:: c:\users\user\downloads\0b2da9879f30b2c77e2509a513ef56a3f9fff4ff_0000111616 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䆩觰㉬ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
Show More
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserCallNoParam
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetObjectInformation
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserMoveWindow

Trending

Most Viewed

Loading...