PUP.MSIL.Gamehack.CJO
Table of Contents
Analysis Report
General information
| Family Name: | PUP.MSIL.Gamehack.CJO |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
16deb00c870104de42175e0e08395611
SHA1:
547a0e505eb670e3e38282e02ea1682e58530d83
SHA256:
F3761414191BA39DE3F150F2A9EE6F3AF95BD3C535B813BEC8813C37296C22EC
File Size:
184.32 KB, 184320 bytes
|
|
MD5:
cabd693c484c31bf2be09c6b9684fd50
SHA1:
2546ee92ad40ea99094934c1ba32cf0ff663d0a8
SHA256:
8A999FF9E8C7140383B2BFA160985CE875D2598AD76248AF5BE2AF3061002651
File Size:
119.30 KB, 119296 bytes
|
|
MD5:
d7f7eff2c1635a53041a40dc54a8a60f
SHA1:
624b4818f3e11dc26969b17d019ee48bbef227fc
SHA256:
F27E50D6D0B9688887CFD69ABCC498961C7BF9D3AD0D27D3BAD8E1870677C68A
File Size:
125.44 KB, 125440 bytes
|
|
MD5:
1a47d37d58014d62ae00623fc30b7ce3
SHA1:
b7488527f7666fc16a923fbc25cbf38cc54099b9
SHA256:
4C14C940350D0F6914A95FFE056D0EC7F1AD5306664D24A75F72273BCA6FCAD9
File Size:
53.25 KB, 53248 bytes
|
|
MD5:
291fd99c9b0ae287fb8587a406378385
SHA1:
a4d29bd8f9666086c0b8669b32439ffd37b6ade1
SHA256:
E7754A53C87C1E94685632376A69F04C45B0BD7395C8F53E45AAFF2292A95664
File Size:
211.97 KB, 211968 bytes
|
Show More
|
MD5:
abefcc2f1775a3d5f780244f5d5b6f52
SHA1:
0c198fc5ccac7b558f5d1849d003aae8ae8906f2
SHA256:
2DFA48AA1D9AFE146BE0C93914F88D924B30DC4604FFA7D6B50FB2ACE254605D
File Size:
214.02 KB, 214016 bytes
|
|
MD5:
97ae2d5dcb72d143ed7c1360c08785a4
SHA1:
f199d61d3fb371c11f9a91518e3f57778689b5d3
SHA256:
4B64CE408795A0A022234CEC78D2FC50D6A849FC4D78D72190247C8AD596C82C
File Size:
308.74 KB, 308736 bytes
|
|
MD5:
0b397dcfafa6e89480f249d96324b572
SHA1:
dc0860e512c1002eda6599d867c1f14b8246efe7
SHA256:
429A560737B5B8B47C414A8C266B5B48CD4192B46354A39BA2A50FD8BF931B14
File Size:
148.99 KB, 148992 bytes
|
|
MD5:
f0f2e701f2698bd67920eb2336e0713d
SHA1:
6fabdc0de1015da6adfd08609996bd76fef90b5f
SHA256:
12A3CC914D754917C3031C42B02FFD673420F8B14A5720EB68C2DEDA30C715BF
File Size:
240.64 KB, 240640 bytes
|
|
MD5:
ee1f3a9d9ca04d0aba0b066f52c3ffea
SHA1:
22f91173d103e11d19981b3ec3172e62b9519c33
SHA256:
6B6951388A535B5B066E489702D85B150BF9F7EE262CB2A955D2E460459A6270
File Size:
119.30 KB, 119296 bytes
|
|
MD5:
b76f93b07ab955102651acfb667ffb95
SHA1:
8177138e402c2ac82ebc7b31a11ba5d05af1fa70
SHA256:
3E786B465D6D1D29BD92E762C84164FBAD6545464A16D0237B102829505BB7CC
File Size:
152.58 KB, 152576 bytes
|
|
MD5:
2ddb1efb4c0bf86c75746c70a78f0c91
SHA1:
916817ee8b0e6e1e554ee0aab6013f5ae41251d1
SHA256:
B2598C0766822ABE62DEE12A4C4B08D5F00105F3927500441EC9284347CAA3A8
File Size:
259.58 KB, 259584 bytes
|
|
MD5:
035d94e52f19d5416dfd7f12b6ff1a09
SHA1:
fb4188413744e0c2815bd887c0e394ee92986ed5
SHA256:
5D55B2AF5ADC0359518A28EDBC920ABECAD74C54487BF7D87CC76488AAC84462
File Size:
118.27 KB, 118272 bytes
|
|
MD5:
e0e6cf29917938ae4b04d625a2640e9f
SHA1:
2a7749db2f22062c58e2f7ae16bbbe6bca05bcd4
SHA256:
B45E060F19D6DCC764CB287A199B12CCB055932D9D7C0558C62038E22B23E849
File Size:
99.33 KB, 99328 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 1.0.0.0 |
| Comments |
|
| Company Name |
|
| File Description |
Show More
|
| File Version | 1.0.0.0 |
| Internal Name |
Show More
|
| Legal Copyright | Copyright Project Malachi© 2024 |
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
|
File Traits
- .NET
- dll
- Pastebin
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 123 |
|---|---|
| Potentially Malicious Blocks: | 15 |
| Whitelisted Blocks: | 18 |
| Unknown Blocks: | 90 |
Visual Map
0
0
0
0
0
0
0
0
?
?
?
?
0
?
?
?
?
?
x
x
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
x
0
?
?
x
?
x
x
0
?
?
?
?
?
x
?
?
?
x
x
x
?
0
0
0
x
x
0
?
?
?
?
?
x
?
?
?
?
?
?
x
0
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
