PUP.MSIL.Gamehack.M

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.MSIL.Gamehack.M
Signature status:	No Signature

Known Samples

MD5: b40bfb47ddf1b504b551db326b6eaae1

SHA1: a98ce0fc35d8f2000bcb3dd57d5bc9fe9c938fa2

File Size: 3.36 MB, 3358208 bytes

MD5: b3ad03f832206d396491657724e49da9

SHA1: 0f4ff237ddb11c054f08501ffb1682001cd1cd3d

SHA256: 5F0BB5842A7B52BA71CAA897061FA5DB645220EA9E83DC559F91E90EFD1F24A5

File Size: 2.42 MB, 2416128 bytes

MD5: 04439a5ef0b841f263d5ae1586bd66b8

SHA1: 1d25d5459fce942619151d64077ba58a5e77663d

SHA256: E4B90EA7600ECC3F847CC2E3E8DF38F2D49559E49274CD97F9A27A13F2A05E4F

File Size: 3.31 MB, 3311104 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	2.2.0.2 1.0.2.2 1.0.0.0
Comments	A program to convert MIDI inputs and files into Naraka Bladepoint keys Developer tool Plus built to support Tech tool DB7
Company Name	DB7Parameters By Alkhadher Heracles421
File Description	DB7Parameters By Alkhadher NarakaMidiBot XGameEvade
File Version	2.2.0.2 1.0.2.2 1.0.0.0
Internal Name	NarakaMidiBot.exe TTDB7Parametrs.exe XGameEvade.exe
Legal Copyright	Copyright Alkhadher © 2022 Copyright © 2017 Copyright © Heracles421 2019-2021
Legal Trademarks	KHdR
Original Filename	NarakaMidiBot.exe TTDB7Parametrs.exe XGameEvade.exe
Product Name	DevTool NarakaMidiBot XGameEvade
Product Version	2.2.0.2 1.0.2.2 1.0.0.0

File Traits

.NET
Agile.net
Fody
HighEntropy
x64
x86

Block Information

Total Blocks:	56
Potentially Malicious Blocks:	19
Whitelisted Blocks:	33
Unknown Blocks:	4

Visual Map

0 0 x x x ? 0 x x 0 0 0 ? 0 0 x 0 x x 0 0 x x x x x x 0 x ? 0 0 0 0 x ? x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\5a4l41ni.newcfg	Generic Write,Read Attributes
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\5a4l41ni.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\owbbs2mo.newcfg	Generic Write,Read Attributes
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\owbbs2mo.newcfg	Synchronize,Write Attributes
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\owbbs2mo.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\user.config	Generic Write,Read Attributes
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\user.config	Synchronize,Write Data
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\xis1mkuk.newcfg	Generic Write,Read Attributes
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\xis1mkuk.newcfg	Synchronize,Write Attributes
c:\users\user\appdata\local\heracles421\a98ce0fc35d8f2000bcb3dd57_url_2c2fnpek3sxco410cyxwhsjz22yymnag\1.0.2.2\xis1mkuk.tmp	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Other Suspicious	AdjustTokenPrivileges
Network Winsock2	WSAConnect WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	closesocket freeaddrinfo getaddrinfo recv send setsockopt
Network Winhttp	WinHttpOpen
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCreateEvent ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx Show More ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWriteFile UNKNOWN

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.MSIL.Gamehack.M

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Injector.KSB

Forestrievic.com

Pencetbnb.xyz

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen