PUP.MSIL.Gamehack.BBM

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.MSIL.Gamehack.BBM
Signature status:	No Signature

Known Samples

MD5: 30d66f4789052996278721086dacd6ef

SHA1: 9fd1b7d5da19b4c38c48056afd4d2a5ede3edd57

SHA256: 7DA923B82F72FCD0EA4273A9E39AF591F4CC33F0EEA2BD31892F9EA43A503E67

File Size: 990.21 KB, 990208 bytes

MD5: adee407f0e33f8cea038750438db7c4d

SHA1: 1dc37e4e3276c8d7803fdf960d38e85dd2d8b7da

SHA256: BFDF23E829D43952F623D30D852BF0A8C56AB9D02DAA044F327710CDA211F056

File Size: 19.97 KB, 19968 bytes

MD5: 23b5260d8d8879201ad92bceeb47217f

SHA1: 31bb2e908622106e60fc7200a9a3094076c33177

SHA256: C7AF96A481402D6F6230BF49FD2CC978E63893182B7C9D1EEA4D4D48F5B2B4D4

File Size: 842.75 KB, 842752 bytes

MD5: 9c4e6d71c3cdb9457600f564da7eac50

SHA1: 3d3eb8de199e838ac0acbce0111ec6ff89c438d9

SHA256: EBF5D43021EBF8A7452240953D9A4ADBEBD0CE37F2E5510FC5B8DF226308A7F1

File Size: 388.10 KB, 388096 bytes

MD5: 3c4584fe0f76714e9ea5ade9c84260d0

SHA1: ebcbfcbaa73e9023dc895006c9e739bbf023899e

SHA256: EAA765E02F5FEFFB8A930503E4B6036C8CA6C7118C09BA2C5DFCB187F33A5DB3

File Size: 3.24 MB, 3240448 bytes

MD5: f706e905917985f2852ad1585a2e4498

SHA1: 933e7076dcceb07e8bd6cec1914cc0f8f9fe8e25

SHA256: D815284D1A0CB2607B855142BAAB97D83F72F39DAE873C0E14E04F3DFA38B424

File Size: 7.78 MB, 7780989 bytes

MD5: 68abd7393db147c8c585d99cacb3deb1

SHA1: 2b355793a9b75844041f383997b45117c6e8fcf3

SHA256: 0C32D290C9B8C2937C10FCD4A40991EEAB7BDCE41640C010C681CF4B7A175DBA

File Size: 19.97 KB, 19968 bytes

MD5: aefc099599762223e0b1b822c33f4638

SHA1: ebdc0f69c9ea6fafcfe6b7751b522c4eca6e6516

SHA256: 8A53BD62C385C2A01D75D5FA3B874C21BC3EB8971B940EEE4C5A7CF4B9A9885D

File Size: 3.47 MB, 3471872 bytes

MD5: 0efdfc9cb4e071fc31e93e7ef85514df

SHA1: f2f33ba5fb6ec3290ee02f7fd72e27fbd8212dc3

SHA256: 00BD93509120C23D050B88FE79606B831A809D95951023F7A0CEF79372BDB6B6

File Size: 6.29 MB, 6289920 bytes

MD5: 705b313e8b307e6fa4477d9a116ce092

SHA1: e77f5ff9a5b8d8c6c09475458be16946c8e8e5b9

SHA256: 7A944DBDB5933B9AA1398781EC5597CDCDDEB43109E7ED293325BC81DAB462BA

File Size: 3.77 MB, 3766784 bytes

MD5: 52c7a2d9b9b432245d99cd07489d76ac

SHA1: 687d466eea9a61b088069deba31c878f84213706

SHA256: 33E4D1F8E2D8A6A2F6F92E76EFF0934253FABB367F3441858C418FF3A4C5A01A

File Size: 2.81 MB, 2812928 bytes

MD5: 1c4eff7d447f4a8b65c82ca5a0d06782

SHA1: 73e58762adcefed30b4c149f202b294ec3d59c1a

SHA256: D0666E70D41A8D8AA5B1BF91BD495602C6559112CFD3E34912F65A73694F352B

File Size: 3.75 MB, 3754496 bytes

MD5: 12dda0f003cbd15e1955c8bba5fe7a7c

SHA1: 0865eca2f40377f6546a4947e32a3d83a50af38a

SHA256: 9640BE33E7D12F4D4F7B6D2A1F71BB6C5B0B8E4FFE5D79E8CE376557675DD808

File Size: 2.95 MB, 2953216 bytes

MD5: 4a52d42a14b1458de4837817597fc64f

SHA1: 67aa6fae4147a4baf592c2b722774f1183226ba4

SHA256: A8C6BD9550CB31402A985CC0FE86D88E03300C3B664012CD6500E4B1F9A83BBF

File Size: 1.31 MB, 1308160 bytes

MD5: 17132a39c00a6cb8a35240a1df34fd15

SHA1: 6fe987be67347756bfb31d274a90706465c70bdb

SHA256: B66FE4FA4F6E59C270195F78AA143801C511F782486C9C888B297B2A1BD82A86

File Size: 2.91 MB, 2914304 bytes

MD5: fab32caedb6f53c2fa13cffb09a1132d

SHA1: 0a57c6a9c4b5fc71280315bb3bc6a5dff96717ed

SHA256: 7EA816D75DBFD15C5F49926CAD6430DED58D0D2580910667E79843E4C4A2C9E3

File Size: 1.17 MB, 1169920 bytes

MD5: 2b157e5daade1763f35241167c3e102e

SHA1: f87d1a7ab065859f65e9b64f41f3d74f9cf41c41

SHA256: 44AB669BA4E948F544722BAC2D60D1A424D1081D55094542E2040C7449922780

File Size: 18.94 KB, 18944 bytes

MD5: dbfa6e1b89738b8223da08cacd18aca2

SHA1: 781ae4ebbb9d6563d99912a7bebe711ef8446ab8

SHA256: 087DDFDCE555ADBC5282E8F3D82EC9E4DF6825E9EEC456C98C87BA5086E99FF0

File Size: 1.73 MB, 1730048 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has TLS information
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.44.0.0 1.0.0.1 1.0.0.0
Company Name	AotForms Client ReviOS 10 24.12 Synaptics Sync v0.4.1
File Description	Alpha Cheat AotForms BLACK PRIME BYPASS Client Fluxo Prime SRC - Fxbrii luk free remake LzCheats NikhilAimbot PANEL RuntimeBroker Show More Synaptics Pointing Device Driver teste VISON FREE xit ff 2
File Version	1.44.0.0 1.00 1.0.0.4 1.0.0.1 1.0.0.0
Internal Name	Alpha Cheat.exe AotForms.dll BLACK PRIME BYPASS NORMAL 2.0.exe Client.dll luk free remake.exe LzCheats.exe NikhilAimbot.dll PANEL.dll Syvorix Panel.exe teste.exe Show More TJprojMain Vison FREE.exe winhostsvc.exe xit ff 2.exe
Legal Copyright	Copyright © 2017 Copyright © 2024 Copyright © 2025 Copyright © 2026 Copyright © ReviOS 10 24.12 2025 Copyright © Sync v0.4.1 2025
Original Filename	Alpha Cheat.exe AotForms.dll BLACK PRIME BYPASS NORMAL 2.0.exe Client.dll luk free remake.exe LzCheats.exe NikhilAimbot.dll PANEL.dll Syvorix Panel.exe teste.exe Show More TJprojMain.exe Vison FREE.exe winhostsvc.exe xit ff 2.exe
Product Name	Alpha Cheat AotForms BLACK PRIME BYPASS Client Fluxo Prime SRC - Fxbrii luk free remake LzCheats NikhilAimbot PANEL Project1 Show More RuntimeBroker Synaptics Pointing Device Driver teste VISON FREE xit ff 2
Product Version	1.44.0.0 1.00 1.0.0.1 1.0.0.0 1.0.0

File Traits

.NET
Agile.net
CreateThread
dll
Fody
HighEntropy
imgui
ntdll
VirtualQueryEx
WriteProcessMemory

Block Information

Total Blocks:	274
Potentially Malicious Blocks:	84
Whitelisted Blocks:	127
Unknown Blocks:	63

Visual Map

x x 0 x x 0 x x x x x x x x x x 0 x x x x x x x ? ? x x ? x ? ? x x ? x x ? x ? ? ? ? ? ? ? x x x 0 ? x ? 0 0 0 x 0 x 0 x x 0 0 0 0 0 0 0 ? ? ? 0 0 ? 0 ? ? ? ? 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x x x 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 x 0 ? 0 ? 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 ? 0 x 0 ? 0 ? 0 0 0 0 0 ? 0 0 0 ? x x x x x 0 0 0 0 0 ? 0 0 0 ? 0 0 ? ? 0 ? 0 0 ? 0 ? 0 ? x x 0 0 x x ? x 0 x x x x x 0 x ? 0 ? 0 0 x x 0 x x 0 ? 0 x 0 0 0 x x x x x x x x x x 0 x x x x x x x 0 x x 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.Gamehack.BBM

Files Modified

File	Attributes
c:	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket Show More ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetContextThread ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtSuspendThread ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtUnsubscribeWnfStateChange ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory 54 additional items are not displayed above.
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Anti Debug	IsDebuggerPresent
Encryption Used	BCryptOpenAlgorithmProvider
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.MSIL.Gamehack.BBM

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

PUP.WaveMax Sound Editor

Trojan.Kryptik.JUD

Trojan.Agent.MBD

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen