PUP.MSIL.Gamehack.CJA
Table of Contents
Analysis Report
General information
| Family Name: | PUP.MSIL.Gamehack.CJA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
67105123ce5b62908cf0dd8e09c8b4d3
SHA1:
955021d12ab0c1e99a39b747ef60017ce4fede11
SHA256:
0DE7D669233263430082407EAB5D4EBCE9CD08A09ED95BD33124C0369D2F1012
File Size:
54.27 KB, 54272 bytes
|
|
MD5:
2c3df8101f704311b879930eb09759c4
SHA1:
b3f6fcb3ce76ebe6b931fda46de7aa7c6c0b5e80
SHA256:
233D514669B695C6FF061AC7E3F3B0A4262111D7E49B9E1449022615D915886A
File Size:
11.26 KB, 11264 bytes
|
|
MD5:
e3e1d7f3a1a2d5447aec272672689fb5
SHA1:
e76106c62761a9f20ff222c41510408224cde980
SHA256:
75107E57FB81A523EB104BD780988E20472E2A72F86BD5B67474A8B60E833D5F
File Size:
225.28 KB, 225280 bytes
|
|
MD5:
8aad4b5da14ddc248eb9888f8885f817
SHA1:
f48a118cb30dc1e557c770519c25ed6ed5e72a84
SHA256:
35209D0F62384CD6CC0FE122E3244A8F208C7E81BB0C8105768228C463025C37
File Size:
164.86 KB, 164864 bytes
|
|
MD5:
1baa03f017bb7dccd17ddfdabfbc8088
SHA1:
fd527e5ebb55697889e7fd2f4529ba5266d6c8d1
SHA256:
5ACDB5C2BE8468E8FE2E9AF283FF328E95B5AEA36E65B6EEEAB510B34CFD95B8
File Size:
118.27 KB, 118272 bytes
|
Show More
|
MD5:
9a26a6bd84d9123ddec436e74577691d
SHA1:
3fc97c319a1cbdfc58fec3347bd9cd14d5cd0691
SHA256:
D79121F72A62F1AC215C2C8BB587AFAC7999307CA2491C93546B8BFC16FA08A9
File Size:
24.06 KB, 24064 bytes
|
|
MD5:
9032d3eac53c9e9024feb0c89a097521
SHA1:
5555d15d1d9d1dafacb12a9ad04deb1b75f33ab5
SHA256:
6E986DA68E480C4208676A570D6FF5A57E92650B4DD036441DC6F13364A13DC7
File Size:
35.33 KB, 35328 bytes
|
|
MD5:
3982bc94f670347795f99f244692f062
SHA1:
e5b7aea2a05c1e679ebcc638cc584fb11959fdd8
SHA256:
C1566D32B9EEF849364FF5A1DA556CFE159FEF31DDF3A83F56BBA58C23B4819B
File Size:
114.69 KB, 114688 bytes
|
|
MD5:
9b365d3495fc1950db90f09cfe076f7e
SHA1:
2f329f1c8fc6745e9c4d1225a6f4bf96d32876e8
SHA256:
D931190917B3C1755A4235E0C080070E329E40D7C17EFB779226D3B144F63CA4
File Size:
269.31 KB, 269312 bytes
|
|
MD5:
844f14c9d08dd63aea8fa6cd5e3895b5
SHA1:
6628b186ca834cfa5782e784a28edfa6e992b165
SHA256:
9FF73539E79417252A5B0316D1D5571E960FACC42B35653149347A37B2AC06B0
File Size:
289.28 KB, 289280 bytes
|
|
MD5:
2c5e7f75cea427166ac08290cb5465fc
SHA1:
aafb32742496c076bcd770438b81ed9dced32c96
SHA256:
C0EE6252FC4F2C793903E3887B3C7753F9230C7F9C67DE91726FCE427EEE4DE9
File Size:
11.26 KB, 11264 bytes
|
|
MD5:
3b996992391e148759e35b753a081941
SHA1:
c3741d5f9121162f5fbc59afdc1be4a6b9b47bc8
SHA256:
C9268A4DEB568B8D76E6AC2E649600698393E7EE594EC306F4B514A6DFBE9DC7
File Size:
109.57 KB, 109568 bytes
|
|
MD5:
52e5c53d8fc22a1f25d29524ddff7bcd
SHA1:
4028c734637bf1cf7f53859b3fab88f77e4cb4e9
SHA256:
41577911943B02F4118A0DF581E8C8448CEF4EEB65DFC0B9A47A6B736F941F85
File Size:
288.26 KB, 288256 bytes
|
|
MD5:
9dc0dfa2e2ed33de8d50a153c5b71013
SHA1:
8f6c441fedb835e22a3fe779329d0d5278a4e100
SHA256:
E06382645F7C1640851689C28AD0153468D3EB150CA41E506E646DFADDA4C889
File Size:
289.28 KB, 289280 bytes
|
|
MD5:
d2d99567a14deddd3c8d87a3f7fbb99c
SHA1:
625af8cb598efcccd4718a177f0e702683459b66
SHA256:
1D7713C7484754064E7884C7C0346136E2ED2B086C1805653D3EAC1893328D8E
File Size:
105.47 KB, 105472 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 1.0.0.0 |
| Comments |
|
| Company Name |
|
| File Description |
Show More
|
| File Version | 1.0.0.0 |
| Internal Name |
Show More
|
| Legal Copyright |
|
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
|
File Traits
- .NET
- dll
- HighEntropy
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 205 |
|---|---|
| Potentially Malicious Blocks: | 7 |
| Whitelisted Blocks: | 95 |
| Unknown Blocks: | 103 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
?
?
?
?
?
?
x
?
0
0
?
?
0
?
?
?
?
?
?
0
?
?
0
?
?
?
0
?
?
?
0
0
0
?
?
?
?
?
?
x
0
x
?
0
0
0
0
0
?
0
?
?
?
?
?
?
?
0
0
0
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
?
?
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
0
?
?
0
?
0
?
?
0
?
?
0
0
0
0
0
?
?
?
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
0
?
0
?
?
0
0
0
?
?
0
0
0
?
?
0
0
0
?
?
?
0
x
?
0
0
0
?
0
?
0
0
?
0
x
?
0
0
0
?
0
?
0
?
0
0
?
0
?
?
0
0
0
?
0
0
?
?
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Gamehack.CJA
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
