PUP.MSIL.Gamehack.YK
Table of Contents
Analysis Report
General information
| Family Name: | PUP.MSIL.Gamehack.YK |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
05f1708cb0b7be73a51a3b1ce7b4e84b
SHA1:
469f83ea6812c7271f30bdbf9ae4a31c41e0b763
File Size:
65.02 KB, 65024 bytes
|
|
MD5:
c7131a8757d0041edeaa23b7a74d0b64
SHA1:
79d4c5a8780c04ea156da5285b71d3bea07899c4
SHA256:
0235A357435544288302F09F0990D0E226AB981788905D3688E43DA9416513F4
File Size:
53.25 KB, 53248 bytes
|
|
MD5:
d2915510e458abd27ebcb0b36dbe1b3d
SHA1:
3d3ae9d6033fb426d1b9aa3241b6afe3232f7d45
SHA256:
260D381CECD22E8D5EBC3C986D5AE7CAF89C27455348A3CCAD30C95B0FBF8D75
File Size:
82.43 KB, 82432 bytes
|
|
MD5:
562cfdf21c3dc355e7dff7ef5865a662
SHA1:
5af99e0637c082decb14e70daec3119e6fe8970c
SHA256:
FAD82B6C77A37B88C0B06ED3FE850180C3705ADAAFCD8E7FFFB715416F86F6F8
File Size:
101.38 KB, 101376 bytes
|
|
MD5:
eb6a2ecc37043b8e0d9d5e911a379f07
SHA1:
ea04b7730b68808bc6b20a0ea74ba3b44b9bc7cf
SHA256:
6DE7FBFF2638B0F87310D17EEDDCC52F08ABC10A7D3915783F1BCE1D4333757A
File Size:
96.26 KB, 96256 bytes
|
Show More
|
MD5:
c03eb765f9df2a3442c9b12070f4ef5e
SHA1:
01365ced843973e7aa7317ebc606c9b331fcc12e
SHA256:
9975D83346840F5B750780624E3B4299ADA5F63311137F59A0C458B5A5EDB77A
File Size:
74.75 KB, 74752 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| File Version | 0.0.0.0 |
| Internal Name | Assembly-CSharp |
| Original Filename | Assembly-CSharp.dll |
File Traits
- .NET
- dll
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 153 |
|---|---|
| Potentially Malicious Blocks: | 21 |
| Whitelisted Blocks: | 46 |
| Unknown Blocks: | 86 |
Visual Map
0
x
x
x
x
x
x
x
x
x
?
x
x
x
x
0
0
0
?
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
x
0
0
?
?
?
?
?
?
?
x
0
0
?
?
?
?
?
?
?
0
?
?
0
?
?
0
0
?
0
0
0
?
0
0
0
?
?
?
?
?
?
x
?
0
0
0
?
?
?
?
?
?
?
?
?
0
0
0
0
?
?
?
?
?
?
?
x
0
x
x
x
?
?
?
0
?
?
?
?
?
?
0
0
?
0
?
0
0
?
0
?
0
0
0
?
0
0
?
0
?
0
0
0
?
0
0
?
?
?
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
