PUP.Gamehack.YDC
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Gamehack.YDC |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
482c90cd533ea3dd5fc5638ccf80cc41
SHA1:
a5a9ba65b2063b0ff58caeccaf111cf2b5395b1a
SHA256:
C7950DB05B34454C4DD2ACCA54EB84F83843A5E0551A5EBF2D60D010BD107B4A
File Size:
11.26 KB, 11264 bytes
|
|
MD5:
5dbd4562e251ef142aa154efb5d9a1e2
SHA1:
b2cd53c90147d3d1c96a8fff261150eaeeb56f6f
SHA256:
8FBE0A62AB92BC514D7F329C57D5548878EAB7BE46487F12CDEB441CCA509B88
File Size:
14.85 KB, 14848 bytes
|
|
MD5:
0d6bff88bd5f3d3177b154c425b3a65a
SHA1:
30665e7012e9f468f5a817ac1149685bf31c11aa
SHA256:
1F1B63D9F83A500C28B5948CBC7830722C6AF3B1FCA450B06C13E8F5B8B76C3A
File Size:
12.80 KB, 12800 bytes
|
|
MD5:
6008bcc40cb704709036eba2354063b7
SHA1:
95169613c3756d798975ff1f8bd1570e98a9f054
SHA256:
998089B0454BEDCA2956A740A6EAE67E23778B149B0D730B4DF3539290F10F1C
File Size:
16.90 KB, 16896 bytes
|
|
MD5:
eee99ba25c424db7abd4273c349e3a79
SHA1:
8f29e896c4b4b4ddf77fec991ccc8c459c4747b7
SHA256:
BADDF0CF16C8BF694718E0023A5ACF0189F15767F439E580EDA1C3A7AD4DAF33
File Size:
11.78 KB, 11776 bytes
|
Show More
|
MD5:
33e72812237f3b34544deee02c2b6e85
SHA1:
ada7b752e862fe4d35bea090fa402061980288f8
SHA256:
7BACD527E2B92D7CDDC4C7494B9E28C35FE66CE222AA4DF7A3D6FAF22FD4E634
File Size:
18.43 KB, 18432 bytes
|
|
MD5:
174cffd5c1dea25aba03bded91fc2f91
SHA1:
cd41cd8080b225ce4611823b7bf85967e83b7e8c
SHA256:
FADDB97CD5F80BE764006B764FD0AE2DBF76F6331F41318D0643F29E0966F397
File Size:
15.36 KB, 15360 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- GetConsoleWindow
- No Version Info
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 34 |
|---|---|
| Potentially Malicious Blocks: | 0 |
| Whitelisted Blocks: | 33 |
| Unknown Blocks: | 1 |
Visual Map
0
?
0
0
0
0
0
2
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Network Winsock2 |
|
| Network Winsock |
|
| Other Suspicious |
|
| Process Manipulation Evasion |
|
