PUP.GameServer.B

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.GameServer.B
Signature status:	No Signature

Known Samples

MD5: 2b66a7025c48f0acb066780cc9cb4165

SHA1: 8fc5ccdeaa7206a7f685c2108fac1425f7691018

SHA256: 4758CFE73C62309EF4B8A6F2BEA7A294259857C1699BF5946FAD456C94F1EAC0

File Size: 1.01 MB, 1008071 bytes

MD5: 69ea06480ce31456aeb16f1715523f43

SHA1: ba192d17823bb4f09d3fa9e21b686e662602cfb2

SHA256: 57380C294A2B48D4532A4840A1F0D533F4CE0B90C2CB2FD6E0C13A17EACF69DA

File Size: 871.42 KB, 871424 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

2+ executable sections
big overlay
CryptUnprotectData
dll
HighEntropy
No Version Info
WriteProcessMemory
x86

Block Information

Total Blocks:	6,630
Potentially Malicious Blocks:	220
Whitelisted Blocks:	5,258
Unknown Blocks:	1,152

Visual Map

0 0 0 0 0 0 0 0 x 0 x 0 ? ? 0 0 ? ? 0 0 ? 0 0 ? 0 ? 0 0 ? ? ? 0 0 ? 0 0 0 0 ? ? 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 ? ? ? 0 0 ? ? 0 0 0 0 ? 0 ? 0 ? 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 ? 0 ? ? 0 ? x ? 0 ? x ? 0 ? ? 0 ? ? 0 ? 0 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 0 0 ? ? ? 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x 0 ? ? 0 ? ? 0 ? 0 0 ? ? 0 0 0 ? 0 0 0 ? 0 ? ? ? 0 0 ? 0 ? 0 0 ? 0 ? ? 0 0 0 0 ? 0 0 ? 0 ? ? 0 ? ? ? ? 0 0 0 ? ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? 0 0 x 0 ? 0 0 ? 0 0 ? 0 ? ? ? ? ? 0 0 ? ? 0 ? ? 0 ? ? ? 1 0 0 0 x 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 x ? 0 ? 0 ? ? ? ? ? 0 ? ? 0 ? 0 x ? 0 ? ? ? 0 0 ? 0 x ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? 0 0 0 ? ? ? 0 ? 0 0 ? 0 0 0 0 0 0 ? ? ? ? 0 ? ? 0 ? 0 ? 0 ? 0 x 0 ? 0 ? 0 0 ? 0 0 0 0 0 0 ? ? ? ? 0 ? ? 0 ? 0 ? 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? 0 ? ? ? ? 0 0 ? ? 0 0 ? ? ? 0 ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? x 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? 0 0 x ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 x 0 ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? 0 0 0 0 x x x 0 0 ? 0 ? 0 ? 0 0 0 ? 0 ? ? 0 0 0 ? 0 ? 0 ? 0 0 0 0 ? 0 ? x 0 0 ? ? 0 0 0 0 0 0 ? ? 0 0 ? x x 0 0 0 0 ? 0 ? 0 0 0 0 ? ? 0 ? 0 ? 0 ? 0 x 0 ? 0 ? 0 ? 0 ? 0 x 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? ? 0 ? ? 0 ? ? 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 ? ? ? ? 0 0 0 0 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? 0 ? x ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? x 0 ? ? 0 ? 0 0 ? 0 ? ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? 0 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? 0 0 ? ? 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 ? 0 0 ? ? 0 0 0 0 ? 0 x 0 ? 0 ? 0 ? 0 0 0 ? 0 x 0 ? 0 ? 0 ? 0 0 ? 0 ? ? 0 ? ? 0 ? 0 0 0 0 0 0 ? ? ? 0 x ? 0 ? 0 ? 0 ? 0 x ? 0 ? 0 ? 0 ? ? 0 ? 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? 0 0 ? 0 0 0 ? 0 ? ? ? ? 0 0 0 ? 0 ? ? ? ? ? ? ? ? 0 0 ? 0 0 0 ? 0 ? ? ? ? 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 ? ? 0 0 0 ? 0 0 0 0 ? ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? 0 ? 0 ? 0 ? ? 0 ? 0 ? ? 0 0 ? 0 0 0 ? 0 0 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 0 0 ? 0 0 0 0 ? 0 ? ? 0 0 0 ? 0 0 0 0 ? ? ? 0 ? ? ? 0 ? 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 x ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 0 0 0 ? 0 0 0 0 ? x 0 ? ? 0 ? 0 0 0 0 ? ? 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? 0 0 ? ? ? 0 0 0 0 ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 ? ? 0 0 0 0 0 0 1 0 ? 0 0 ? 0 ? 0 ? 0 0 ? 0 0 ? ? 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 ? 0 ? 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 0 0 ? 0 ? 0 ? ? 0 ? ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 0 0 0 ? 0 ? 0 ? ? ? ? 0 0 ? 0 0 ? 0 ? ? 0 ? ? 0 0 0 0 ? ? 0 ? ? 0 0 0 0 0 ? ? 1 ? ? 0 ? ? 0 ? ? ? 0 0 0 0 ? ? 0 ? ? 0 ? ? ? 0 ? ? 0 0 0 0 ? ? 0 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? 0 ? 0 ? 0 ? ? 0 ? 0 ? ? 0 ? ? 1 1 1 0 0 ? ? ? ? 0 0 0 0 ? ? ? 0 ? 0 0 0 0 ? ? 0 0 0 0 0 ? ? ? 0 0 0 0 ? 0 ? 0 ? 0 ? 0 x ? 0 x 0 ? ? 0 ? 0 ? 0 x 0 x x 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 x ? 0 x ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? 0 ? ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 ? ? 0 0 ? 0 0 0 0 0 ? ? ? ? ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 ? 0 0 0 0 0 ? ? ? ? ? ? 0 ? 0 0 0 ? ? 0 0 ? ? ? ? 0 0 ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 x ? ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 ? ? x 0 ? 0 ? x 0 0 0 0 ? ? ? ? ? ? 0 ? 0 ? ? ? 0 0 0 0 ? 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 ? ? 0 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? 0 0 ? ? 0 0 0 0 ? 0 0 ? 0 x 0 ? 0 0 0 ? ? 0 ? 0 0 ? 0 ? 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 ? 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.EZA
Agent.XXA
Darkkomet.BD
Keylogger.PF
Spy.Agent.GDA

Stealer.DR

Windows API Usage

Category	API
Network Winsock2	WSAStartup
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenProcessToken ntdll.dll!NtQueryAttributesFile Show More ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWriteFile
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Anti Debug	NtQuerySystemInformation

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ba192d17823bb4f09d3fa9e21b686e662602cfb2_0000871424.,LiQMAxHB

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.GameServer.B

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Gadssmart.com

Precludestore.com

Virus.VBInject.DR

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen