PUP.MSIL.Gametool.JE
Table of Contents
Analysis Report
General information
| Family Name: | PUP.MSIL.Gametool.JE |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
0c5a4f23dfc8bbe7a808ae53e0c4eb65
SHA1:
c953ecd45b4bcd9cc778444301a2fffb88b3ce94
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
6295f39dee03365cacd2069bd6fec5bc
SHA1:
c465885249705f5273f374505a8f35b2490b1110
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
16f673cf622aa66ff25e11a36e66c143
SHA1:
f845cc1ea6cccfa7f131dab509199c2af8424c51
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
4eaff269b55e9fc1c65e7b327754e9e4
SHA1:
48c43f2bddcb3b2ab30a678383102570503687bc
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
17a1fd32e33618b736ace11e23ada130
SHA1:
ef66bce75311e29f40d7b0b13b28ecd2db2ff8f0
File Size:
188.93 KB, 188928 bytes
|
Show More
|
MD5:
ab4b95bd91f710ef9b331fc04a3f52d9
SHA1:
ebaa96eb4cf5c5803f370ac04304a22fb5cca069
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
4644204fac4351c71a8297023dba6698
SHA1:
9a72cea4a08afe2ea6d604447f26103b70939d07
SHA256:
D8833A1CCBE63D49E0227ABB7E20E492C916FAF691EA4C2B07376FAC91F06EE5
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
7d1b193bd1dbcb20bcf6f123c2683da5
SHA1:
ab52880ec5e274c73a8a279bd5fd278dba6b29ac
SHA256:
D21755B9C645440109BD277330CAA57B5A9586B5FBD4C2CAC29793B94A066679
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
1c10ba63896761af9a28a71e2e0b9c59
SHA1:
83daaaadc784ce6a0e4a506b1b21a09538fb24bd
SHA256:
CB1EAF8391981D2CE528FC4A6A257BC2A8F6BAFBA1AC0E3B30ED11BC50E55AA3
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
b6c74eeb944d077bae3a2979e25f236a
SHA1:
9c48e9b550aa5320a31ffe40c0eae644f0693ba7
SHA256:
37A1213A5D98A45D29C7E0325ACE47E76F2A8DE9FEDD7D9FFF5D586A45661284
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
d3e232b5cab854330811781626496018
SHA1:
062a32efa814f88d01948db98a7f52fdc86742a1
SHA256:
97E642E9126B24F06F94E4C5DA9A511F503AC6367E18BDA5B354860D59CA9E7E
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
af5a9768e1dd3fed22373434a12ea43b
SHA1:
e746c755e1ec0499fda51f9d72c04f900ce04ef2
SHA256:
10D85BE769590A1FB0538BF1BB96518C4C092195CEFA97979B71B1FC4CD87A34
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
6701c623e8bd2360e68e58516151591f
SHA1:
db9abce31e437bf6787a07625c12067803372c09
SHA256:
9A907F725322C5AF1F9528855D4832D88A16470D712EA37C4270F98A6A9DA8DA
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
9241f09a8b6a23ccd50febc513d2b5f8
SHA1:
c1a83ad498882fc9e43e63709d1d6305837c3623
SHA256:
7A9B0E2FF00B5B93E4033050B8493FF72B0FF22EA68173268116D6C5AE1CF36B
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
93e71d9673cb43e9a945cff0179f263f
SHA1:
538a9cf96fe0251800646d3d7f01e58cd0d0ec8e
SHA256:
5EA814E7626263541223C5925F838162F41E0807995A9A148F11E1ECDCF2ADB9
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
dc5d878fab2014c81c65b1faa1dad6f1
SHA1:
496e34dc2bf1492b5d0b092fc306990746b801dd
SHA256:
93C5377D6B700AE6FD5C32C0DC29404A2E29EDD3DD9D3C7DCAA31D6E520EFBA8
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
cff0601fd1ed7a2069f87a0c6191a520
SHA1:
349899905f65de549c660313a4da11de23dbdb5a
SHA256:
25F493E417807477C99DC6CB5BC52A22FE467DA0FE334667EC3C6360DD2D1F1F
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
e9f26b9f2ec9241c22182803028219d8
SHA1:
72b56988a1dfbc03630b1d43740bfff8ac29e347
SHA256:
ACC1B344E583C8039B975A5799E1626CC84BB81470F822CFE8E0D44C30F43A39
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
3f9f95666893b9e77cb8b278f43ef57a
SHA1:
c1c5e55c005a6d7bef4f8015a61293f1e2797be8
SHA256:
877CCA2CE94615D4D48DB4343FDE60C4C14FB43A0678E46B69265182D1883C82
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
1a8089b197c358a8d6b1cc2c19b4764f
SHA1:
10eec347b4eb1569948269a549fa1222628927af
SHA256:
BE06C4FB12C7900C48F5294A94A782A6C84EC3084AAEAA2B995FB9F742651658
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
753606a603c7be602b8df054e8ea06d6
SHA1:
18eb7ca35c16bd9aa065af292d189804c0b153fb
SHA256:
17E84DF7D8D1C0890C8451F6266E51EAAE7651AE8F883B016189AF53BD29BAD6
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
67581f473588806f5b4c5e1f361e79ea
SHA1:
bc8320c29dae711fe15abc29a2a58cabcb4c0abc
SHA256:
AD1B00B16616988FE77681B6ACDC076D0CF42F2FB96EAD9D7FAE861E581FC29F
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
5bea45f38233232b5d0ca46c380d70aa
SHA1:
9be2da7c5aa4f8ffc2c360c3705297943c6c3694
SHA256:
4C01BFD2BCED3FCC2867ED01FE9564494985512AC048C60128AE6446728F1107
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
dd9960bc3675d56d15e90b026e362d8d
SHA1:
ef6db41a73e25897dbc9c151c0df8efb992a86ac
SHA256:
D5CC72D9774DCDD14638EBAF06E88C59379D4F0A23C1CD753E5B65982E507644
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
8eae4f17a587b3edd61aef1d2c6aa0d5
SHA1:
e82f23b05f94ce79b3c4e1e399ccc63061cc57c5
SHA256:
0BA7E08F7719A883FFBFB6EEB2FF3318115D20B87EFCBEED32BF8A902D98A510
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
4b9b10f40d0da312669c0985aadfca4a
SHA1:
3593d82de9750e0ef68123206740f1c8bde8b1a1
SHA256:
345A0D00BBBDC083B3F0A4E941B51705DD51F458C48985F410D7327F63DCB659
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
6e5f276da0bf7b26530a52e8f8b56b6b
SHA1:
a3e41b602b87edf60e640cd74d277250603c65f5
SHA256:
B4013CD90DC4A8DADC5A3EEC4A80EF250A9526179E7857825C9D4D54A0B4C7F3
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
74bacd49732b7df99fdd644dfa7c4527
SHA1:
3c4e43829e88fbc91242d7c79565867e9b2d6978
SHA256:
F741166C3ED856C18594AE49A332FB9905BE0A0CB36428E8C8D77A236221D2AE
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
cb2e33f881c75179228fa4648f252cd0
SHA1:
91ef22e153e830c73d9d404ede7d71c9e1e55034
SHA256:
9948EDED746A83CB893F04F2183ED2E0E7FAECFF337C7EEA27A01C66211F60E6
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
b4b5cc2801c2f467f99f3df3fc09d041
SHA1:
da5e2c3c37fd897197ce40acdd05299f40e8802a
SHA256:
C0F884FAC61560D896A53F300DE3AE3A0CF17F24C27BD57BC1B4BAF40E4C5934
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
71503c6fd56cc10de595e6efe98efba2
SHA1:
5abd81907a1cf71ec4cfeb8cbf8e052b902108fb
SHA256:
0422591996E8D854001BB0DBCAA8F2EF6BE48D0CEB5F3D778315C54FB05F30DD
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
40c42bd4c6bb18ac91905d4692322035
SHA1:
d4f63f6c99e0fdd5abdf7a99fd6a71088cdb7a1d
SHA256:
857C1C51C5E3F1441DEFDF39B38ABF4AFF5CF053FF971F8F9BB416A259922DA8
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
e8205000f6e983e9bce370282a77bfe0
SHA1:
66d0aebbb2c9b7cedd93e1a3e33515cbf0b4f446
SHA256:
6892756F9874551F093154D681B83EE96A4030DF91225C4782C8E495BE66B417
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
fc54054862318a5155c120a5c7c4e04a
SHA1:
cb232676c9b5fe83898190c4e90a3a84a1b32600
SHA256:
777E857707AD1264A5FE8BC55605052CA0B4476CDE947DF402A65955351C36BC
File Size:
188.93 KB, 188928 bytes
|
|
MD5:
67c406891672aacffbda43163a8ff2b7
SHA1:
a4862360d366a63dd195a2bc7999f4a285afea67
SHA256:
DC4A8B788B6294BF0196B8A79F4D2EC04BCCD5E81684767E07BFF9D2EF3F6938
File Size:
188.93 KB, 188928 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- .NET
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 6 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 5 |
| Unknown Blocks: | 0 |
Visual Map
0
x
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- MSIL.Gametool.JE
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
