Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gametool.FB

PUP.Gametool.FB

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gametool.FB
Signature status: No Signature

Known Samples

MD5: b6e5f2e083f34aa02bfc1272026fa1a9
SHA1: fc00ccc2ef0a8d4d53b314a530a1499b0c7aa714
SHA256: DE298DD484F7029FB19A6B40607944197ACED6C32A570759DBDCA9F51B99A10E
File Size: 487.42 KB, 487424 bytes
MD5: 187327da76dba49cac5c735958a23c67
SHA1: 90798a3fc276178715c9c1e904308225c0641583
SHA256: 690277C8857CC4C81643E762FC0F7FCA7918B4220578F5ED343A58EF86D5D501
File Size: 487.42 KB, 487424 bytes
MD5: 55fa1a223e94c6d4c21f874ae764a29a
SHA1: 4b71ad8d783ac5e28e46de23ab345170404b21a0
SHA256: 31ACD989E8FE7268813ABA6E2F3CF754F1CF885E333ABAB9FC35E52BAB362B45
File Size: 520.19 KB, 520192 bytes
MD5: 3b6f1336fc0d433a945e16438d608d02
SHA1: 0189bf3f666908cb589d81cdb9ce1ecd540e2234
SHA256: E4638D86D457985B9E18D9D5FA1AFF5BE2BE22A4055F621A5EF5C90FFA32BB5F
File Size: 487.42 KB, 487424 bytes
MD5: 0695205e41ee388aba8c1298a6108a6e
SHA1: 431197069133a5cf8aef02511218e3d8bb95e645
SHA256: 0EFBEC05604B943F74FEC86207647B5B88ECD05DB5217B30CB150C37A9CDDD05
File Size: 487.42 KB, 487424 bytes
Show More
MD5: 7ada7aba87ee36504b8cd8502df37fea
SHA1: 945bf3466e2158a50f42a5f8437cbe802e0c9e0d
SHA256: 912CDAD7898EAD0E85C2F762461FEFF5F155684A8F21874E3DA7CA73BA3B709D
File Size: 487.42 KB, 487424 bytes
MD5: 3e4ca7923a23af9fd917ec6f67cbd2da
SHA1: ac637c5ca8b6fc74059fc6cde6f2c80a52d4a41a
SHA256: B8309FCADDF5855A3BC1F2F6E5D5517EF3928BD5FC34F1C1DF74722868A4FF1B
File Size: 487.42 KB, 487424 bytes
MD5: a61dbb9e08171b94f35abdad1edb6996
SHA1: 0c1005b6add4ed2fd30a3398034881dad3e82e3e
SHA256: A845E46A46C5F403D89EBAEEE9F189787772855F8F37F7A23DDFCB743F08FB9A
File Size: 487.42 KB, 487424 bytes
MD5: a5ec0d4f643a7d687b7ec20ea8e7010d
SHA1: b19b8c625a76cbfe711a0731fb00b5b40268d13d
SHA256: EC4B2EB83ADF9946232950D0BAF75C104080C77F89D5AF314F14E09812189CC7
File Size: 487.42 KB, 487424 bytes
MD5: f831e5987f0fd4594879ea52341b0727
SHA1: ce46c9ce4127d0453b84f16d04ca78532e677ae6
SHA256: C6D6947DA78EDD82372666BA3AD4D3A83A86F06C6F804C55EC120929F61ABCA6
File Size: 487.42 KB, 487424 bytes
MD5: aa3d2e0e9bbf7d062e4813b6f50f465a
SHA1: c29a7a9f39b20ab88829e37fe99b45d5ddca7589
SHA256: 53537754DF0157D95EDEE309CFE50E7E3C7D96C5A8ED2E992F781F6E3DB8DC2C
File Size: 487.42 KB, 487424 bytes
MD5: 1a73efea793e74ddaabd247c2ea39298
SHA1: a017960278c58e9b9cb97a48456f56ad3970462a
SHA256: 35A5DFD5C952A4C1CF9E029B6E25A4EB6BE750770B76A33CE205409B17E9AD77
File Size: 487.42 KB, 487424 bytes
MD5: 1172ff9ac414828620741c28d69175c0
SHA1: 9451799ff408e1bbc3016ea3db3185ca733b8f60
SHA256: CCC61515F0EAE34739F85DEA00234E2B5507F396773139AF9D715BE4DBF52B10
File Size: 487.42 KB, 487424 bytes
MD5: 8470c0fe1cb22336deb30f3e2aba6951
SHA1: f0900407c3ff43f87c72dd2c7338e30a28c15852
SHA256: 67CD30E6BED06F8ACEA239ED104FDDA37B8ED98E1E4A43F27E597299174CC3EB
File Size: 487.42 KB, 487424 bytes
MD5: 8c66a1a828dc854e1ce096ae872c03ec
SHA1: fba013540797bc8a1bbdd9400d33e0572f72742b
SHA256: 2E8ABE43274E5DD6C3266360032E2FF81B0C946BF3E0EC8A55603CE8EE4A14A3
File Size: 688.13 KB, 688128 bytes
MD5: 329d01c53aa104f34509fe19c5bfde82
SHA1: db8763f8c2618ef340a4e139efa392c9d0a5da3e
SHA256: 2A9E9406AF48DF64391E9DA137B00009AEF1A5F3D683345936D3F761BF83E77F
File Size: 487.42 KB, 487424 bytes
MD5: 2cb31b8e314280a005071d9cb5a25c8b
SHA1: 015d26605f784e467b3eae6cdccc53ccb068dc20
SHA256: 9F6FBA3CDB834372CB6FE70512E5A95B9DBD23AD23B3BFB689C28A015162988E
File Size: 487.42 KB, 487424 bytes
MD5: 7fb665bcea9277206ced4730e4f69de4
SHA1: 6c02528fa8400b1c84e8028539d7bc2f7f4fff13
SHA256: A4BC5CA18C93ADC5A05FBFA21963E288BE494E5AE6A131B6DC54BC5D5782999B
File Size: 487.42 KB, 487424 bytes
MD5: 3ac1319f72f793c5ebd7b9d95433e372
SHA1: f32fcbe0f6fc3e5d52847a990368a45783e7f577
SHA256: BA76F110E1C5D4F4CBEBF207E712E88075978168B2893ECFF96DA9BDDDBB8AEC
File Size: 487.42 KB, 487424 bytes
MD5: cdc8cfb3bb22e3e70a17d9f820c77cc2
SHA1: d5aa52b2f5935871a9f006729b99709b34257ce8
SHA256: 0368EAE8B151A0ECD04033D25C30B161E444B7BACAC931DF04467D4E894FAA6F
File Size: 508.40 KB, 508400 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Pro Evolution Soccer 6 Settings
Company Name
  • Ezequiel
  • KONAMI
File Description
  • PES Retro Settings
  • Pro Evolution Soccer 6 Settings
File Version
  • 2.0.0.0
  • 1.0.0.1
Internal Name
  • settings.exe
Legal Copyright
  • Copyright (C) 2006 Konami Digital Entertainment Co., Ltd.
  • Ezequiel
Original Filename
  • setting.exe
Product Name
  • Pro Evolution Soccer 6
Product Version
  • 2.0.0.0
  • 1.0.0.1

File Traits

  • x86

Block Information

Total Blocks: 1,516
Potentially Malicious Blocks: 4
Whitelisted Blocks: 1,512
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • BHO.FS
  • Emotet.GFA
  • Emotet.REQ
  • Emotet.UA
  • Gametool.DB
Show More
  • Gametool.FB

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name fc00ccc2ef0a8d4d53b314a530a1499b0c7aa714_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 90798a3fc276178715c9c1e904308225c0641583_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 4b71ad8d783ac5e28e46de23ab345170404b21a0_0000520192 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 0189bf3f666908cb589d81cdb9ce1ecd540e2234_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 431197069133a5cf8aef02511218e3d8bb95e645_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 945bf3466e2158a50f42a5f8437cbe802e0c9e0d_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name ac637c5ca8b6fc74059fc6cde6f2c80a52d4a41a_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 0c1005b6add4ed2fd30a3398034881dad3e82e3e_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name b19b8c625a76cbfe711a0731fb00b5b40268d13d_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name ce46c9ce4127d0453b84f16d04ca78532e677ae6_0000487424 RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name c29a7a9f39b20ab88829e37fe99b45d5ddca7589_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name a017960278c58e9b9cb97a48456f56ad3970462a_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 9451799ff408e1bbc3016ea3db3185ca733b8f60_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name f0900407c3ff43f87c72dd2c7338e30a28c15852_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name fba013540797bc8a1bbdd9400d33e0572f72742b_0000688128 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name db8763f8c2618ef340a4e139efa392c9d0a5da3e_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 015d26605f784e467b3eae6cdccc53ccb068dc20_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name 6c02528fa8400b1c84e8028539d7bc2f7f4fff13_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name f32fcbe0f6fc3e5d52847a990368a45783e7f577_0000487424 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name d5aa52b2f5935871a9f006729b99709b34257ce8_0000508400 RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx

Trending

Most Viewed

Loading...