PUP.Gamehack.YDC

Analysis Report

General information

Family Name: PUP.Gamehack.YDC
Signature status: No Signature

Known Samples

MD5: 482c90cd533ea3dd5fc5638ccf80cc41
SHA1: a5a9ba65b2063b0ff58caeccaf111cf2b5395b1a
SHA256: C7950DB05B34454C4DD2ACCA54EB84F83843A5E0551A5EBF2D60D010BD107B4A
File Size: 11.26 KB, 11264 bytes
MD5: 5dbd4562e251ef142aa154efb5d9a1e2
SHA1: b2cd53c90147d3d1c96a8fff261150eaeeb56f6f
SHA256: 8FBE0A62AB92BC514D7F329C57D5548878EAB7BE46487F12CDEB441CCA509B88
File Size: 14.85 KB, 14848 bytes
MD5: 0d6bff88bd5f3d3177b154c425b3a65a
SHA1: 30665e7012e9f468f5a817ac1149685bf31c11aa
SHA256: 1F1B63D9F83A500C28B5948CBC7830722C6AF3B1FCA450B06C13E8F5B8B76C3A
File Size: 12.80 KB, 12800 bytes
MD5: 6008bcc40cb704709036eba2354063b7
SHA1: 95169613c3756d798975ff1f8bd1570e98a9f054
SHA256: 998089B0454BEDCA2956A740A6EAE67E23778B149B0D730B4DF3539290F10F1C
File Size: 16.90 KB, 16896 bytes
MD5: eee99ba25c424db7abd4273c349e3a79
SHA1: 8f29e896c4b4b4ddf77fec991ccc8c459c4747b7
SHA256: BADDF0CF16C8BF694718E0023A5ACF0189F15767F439E580EDA1C3A7AD4DAF33
File Size: 11.78 KB, 11776 bytes
Show More
MD5: 33e72812237f3b34544deee02c2b6e85
SHA1: ada7b752e862fe4d35bea090fa402061980288f8
SHA256: 7BACD527E2B92D7CDDC4C7494B9E28C35FE66CE222AA4DF7A3D6FAF22FD4E634
File Size: 18.43 KB, 18432 bytes
MD5: 174cffd5c1dea25aba03bded91fc2f91
SHA1: cd41cd8080b225ce4611823b7bf85967e83b7e8c
SHA256: FADDB97CD5F80BE764006B764FD0AE2DBF76F6331F41318D0643F29E0966F397
File Size: 15.36 KB, 15360 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • GetConsoleWindow
  • No Version Info
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 34
Potentially Malicious Blocks: 0
Whitelisted Blocks: 33
Unknown Blocks: 1

Visual Map

0 ? 0 0 0 0 0 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Network Winsock
  • bind
  • socket
Other Suspicious
  • AdjustTokenPrivileges
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory

Trending

Most Viewed

Loading...