Threat Database Potentially Unwanted Programs PUP.MSIL.Gametool.JF

PUP.MSIL.Gametool.JF

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.MSIL.Gametool.JF
Signature status:	No Signature

Known Samples

MD5: 86525ac8de2b6985d365e6bd74b3966a

SHA1: 3aa01c277d294d5861fa7fde8a5bf28ddf67b264

File Size: 216.58 KB, 216576 bytes

MD5: 0d68296b09df3b1ebd61a1d280423814

SHA1: 32b52ada0925a393caff760919d27e43045c5484

File Size: 216.58 KB, 216576 bytes

MD5: 560966c7356a2af822ac45d9da4268c2

SHA1: bb8a65d3b5e369455a9c05f7507b5cf54f5a8d8e

SHA256: 8154E4C15CF2FF3D76AC7943203CAA5791798D14201A70E4159BA057ADAB44D2

File Size: 216.58 KB, 216576 bytes

MD5: 644e603a41ab52400797d782dc26cf31

SHA1: 9f3efd12a2bf34b83e4dead80009229f76882426

SHA256: 8D518D80A293471A32C29A398C3667485A64350EBA0DDE1C7325F8BF8CDED126

File Size: 216.58 KB, 216576 bytes

MD5: 503c2b511a868cd09207ebf321ff6d47

SHA1: 5e445a412fe36aa93345bbf8cc319bce2bae04ac

SHA256: 52B531258CF52BEE249C228E08BAD39D03837EB272B41EDF91D1FDB64E378351

File Size: 216.58 KB, 216576 bytes

Show More

MD5: 78f0f7cc3fb85e387cd4bf43437e8998

SHA1: 4db81008084be3692c0360b4d1c49eccb3bfdfbc

SHA256: 3CA1911CD9A120F8418573ABB0609C5148EB22C26A38FFD2E6A4D149F0EE074C

File Size: 216.58 KB, 216576 bytes

MD5: c488d32315303c4634ced151e46084c4

SHA1: fde5a744ffede3b0842ec54a2412eee6b0cceec2

SHA256: 1D123297FFB420D5A56A3D1D78C594A62AE82561468A7AE7163C47B7B3C323DB

File Size: 216.58 KB, 216576 bytes

MD5: 3e4e39d4168740aebb016cb088bea219

SHA1: f58479952fd0e4122a49b59b7a36081f55daef66

SHA256: ABE5AD926306C7216FF34FA76D8788B6D4A5567443D39AD16B5339839A4A8327

File Size: 216.58 KB, 216576 bytes

MD5: 8d5450b92675c798da3d5f34e65eda59

SHA1: a7e4a7c3dca21bac75bad178b4f0775dd2a20ada

SHA256: 1DB210553114119587C8A832D8D72212103B763288D1680F1402668A9B11738B

File Size: 216.58 KB, 216576 bytes

MD5: 41c31b60dcec2d4847368be11af5c9c5

SHA1: 132029966aab0d59075b6fecb44a2de12e5a6b29

SHA256: F2C2CB39DBF65CC69DEF28B80FF8D05053682AC3DDBD48BEEB11DE70BCE4AB35

File Size: 216.58 KB, 216576 bytes

MD5: c152f41169ec5db082e9ba347b0941c7

SHA1: e43faac431855fd98eb2fc38ea27b32d01890da5

SHA256: BAF0F5541E953B08297E55FDF70BF35E0C2EC9F8DA19E655BAD8D6FF0083C3F2

File Size: 216.58 KB, 216576 bytes

MD5: d3e7df79d853965eea48dfa013264a6e

SHA1: b6b67eeadde95f2599e62af926cf901293d2defa

SHA256: 01C039447BB3F48E134F1D52D6A3B5CCBF73DCE8A1A2790CCD9E48A648BA4EF4

File Size: 216.58 KB, 216576 bytes

MD5: cc6c24029acf68a2314a43daf4692c94

SHA1: 0b68a3c393dd6f34f30f9338a3828dd128cac5f4

SHA256: 38D91732AAADD1FE9C7464AAB907D56FD02FFBF93E56EDC687CE7B8D3A805F7C

File Size: 216.58 KB, 216576 bytes

MD5: 8a6ea145afc0a80511a7a4f8652f19ba

SHA1: 795c0a14a96466ebd44c55e4054d35e3503a346e

SHA256: 4733CDC4374E907688BBA872D5818470688BAFF89335B8125F62AFAD6D4F7FF2

File Size: 216.58 KB, 216576 bytes

MD5: 5206d835436c6a0028fe3ef1e3a100ea

SHA1: 92b2cefe3c4bb30ad65c56a5802277c064b4378a

SHA256: EB5659CCF0BDF53F16C50C63E80193FC7DC1C2162E89F074D921D96870BCF1A1

File Size: 216.58 KB, 216576 bytes

MD5: 25c7151c18302566c198ac3bf0577508

SHA1: 06e9d6cd2d73b7afd3b39c27f7879b564723b8cf

SHA256: 8833FB5B93CFBD612EE8CE6FC4AEAD26F14E712A898E050CC4F161E9F40812D1

File Size: 216.58 KB, 216576 bytes

MD5: 94cdb1e4c92fb8c23fc150efa6659d5f

SHA1: 66dbecb15894334a9162945491b37e1716490d72

SHA256: 9D15EE3624EE9E5563E9905E93595CAC409C0FB664B2488C1ED8C661662DEABE

File Size: 216.58 KB, 216576 bytes

MD5: 0eb5a753655663af65ded0a4608743c5

SHA1: 491d2b87107dbc32fefb455fb140abd8e4b0b97c

SHA256: 2B7CC8001C45D3F06346086131A3231B8C2DBC0EA012240952968920E6966C14

File Size: 216.58 KB, 216576 bytes

MD5: 77eb78a526f5e10ae842e9f26f801ff1

SHA1: 17aa8100e80acc99533877edf19f56572f226f8b

SHA256: 5EEF308B7E1AF5AB09B68D9C231B458D2B20A1F54FD2D8B5277604C29971ACC1

File Size: 216.58 KB, 216576 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have resources
File doesn't have security information
File is .NET application
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is not packed

Show More

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

.NET
No Version Info
x86

Block Information

Total Blocks:	9
Potentially Malicious Blocks:	0
Whitelisted Blocks:	9
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.ClipBanker.HA
MSIL.Gametool.JF
MSIL.Gametool.JG

Windows API Usage

Category

API

Syscall Use

ntdll.dll!NtAlertThreadByThreadId
ntdll.dll!NtAlpcSendWaitReceivePort
ntdll.dll!NtClearEvent
ntdll.dll!NtClose
ntdll.dll!NtCreateEvent
ntdll.dll!NtCreateFile
ntdll.dll!NtCreateMutant
ntdll.dll!NtCreatePrivateNamespace
ntdll.dll!NtCreateSection
ntdll.dll!NtCreateThreadEx

Show More

ntdll.dll!NtDeviceIoControlFile
ntdll.dll!NtDuplicateObject
ntdll.dll!NtEnumerateKey
ntdll.dll!NtEnumerateValueKey
ntdll.dll!NtFreeVirtualMemory
ntdll.dll!NtMapViewOfSection
ntdll.dll!NtOpenDirectoryObject
ntdll.dll!NtOpenEvent
ntdll.dll!NtOpenFile
ntdll.dll!NtOpenKey
ntdll.dll!NtOpenKeyEx
ntdll.dll!NtOpenProcess
ntdll.dll!NtOpenProcessToken
ntdll.dll!NtOpenSection
ntdll.dll!NtOpenThreadToken
ntdll.dll!NtProtectVirtualMemory
ntdll.dll!NtQueryAttributesFile
ntdll.dll!NtQueryDefaultLocale
ntdll.dll!NtQueryDirectoryFileEx
ntdll.dll!NtQueryFullAttributesFile
ntdll.dll!NtQueryInformationFile
ntdll.dll!NtQueryInformationJobObject
ntdll.dll!NtQueryInformationProcess
ntdll.dll!NtQueryInformationThread
ntdll.dll!NtQueryInformationToken
ntdll.dll!NtQueryKey
ntdll.dll!NtQueryLicenseValue
ntdll.dll!NtQueryPerformanceCounter
ntdll.dll!NtQuerySecurityAttributesToken
ntdll.dll!NtQuerySecurityObject
ntdll.dll!NtQuerySystemInformation
ntdll.dll!NtQuerySystemInformationEx
ntdll.dll!NtQueryValueKey
ntdll.dll!NtQueryVirtualMemory
ntdll.dll!NtQueryVolumeInformationFile
ntdll.dll!NtQueryWnfStateData
ntdll.dll!NtReadFile
ntdll.dll!NtReadRequestData
ntdll.dll!NtReleaseMutant
ntdll.dll!NtReleaseWorkerFactoryWorker
ntdll.dll!NtResumeThread
ntdll.dll!NtSetEvent
ntdll.dll!NtSetInformationKey
ntdll.dll!NtSetInformationProcess
ntdll.dll!NtSetInformationThread
ntdll.dll!NtSetInformationWorkerFactory
ntdll.dll!NtSubscribeWnfStateChange
ntdll.dll!NtTestAlert
ntdll.dll!NtTraceControl
ntdll.dll!NtUnmapViewOfSection
ntdll.dll!NtUnmapViewOfSectionEx
ntdll.dll!NtWaitForAlertByThreadId
ntdll.dll!NtWaitForSingleObject
ntdll.dll!NtWaitForWorkViaWorkerFactory
ntdll.dll!NtWaitLowEventPair
ntdll.dll!NtWorkerFactoryWorkerReady
ntdll.dll!NtWriteFile
UNKNOWN

User Data Access

GetComputerNameEx
GetUserDefaultLocaleName
GetUserObjectInformation

Trending

Trojan.Downloader.Waledac.C

January 19, 2023

Analysis Report General information Family Name: PUP.MSIL.Gametool.JF Signature status: No Signature Known Samples i Known Samples This section lists other file samples believed to be associated...

Email Deliverability Alert Email Scam

May 12, 2026

Unexpected emails should always be treated with caution, especially when they create a sense of urgency or request sensitive information. Cybercriminals frequently disguise phishing messages as legitimate notifications from trusted service providers in an attempt to deceive recipients into revealing personal data. The so-called 'Email Deliverability Alert' emails are a clear example of this...

Managedevelopedhighlyinfo-product.info

July 17, 2023

Analysis Report General information Family Name: PUP.MSIL.Gametool.JF Signature status: No Signature Known Samples i Known Samples This section lists other file samples believed to be associated...

Most Viewed

Pornktube.porn

December 28, 2023 35,876

Analysis Report General information Family Name: PUP.MSIL.Gametool.JF Signature status: No Signature Known Samples i Known Samples This section lists other file samples believed to be associated...

How To Fix 'Printer Driver is Unavailable' Error

June 29, 2021 31,042

Printers are notorious for refusing to do their job whenever the user needs it the most. Luckily, if your printer is displaying the Printer Driver is Unavailable' error, then there are a couple of...

Discord Shows Black Screen when Sharing Screen screenshot

Discord Shows Black Screen when Sharing Screen

June 21, 2021 27,134

When it first launched, Discord was a VoIP platform geared toward the gaming community. However, in the following years, it expanded its scope, added numerous new features, and became one of the...

Loading...