Threat Database Potentially Unwanted Programs PUP.MSIL.Gametool.JG

PUP.MSIL.Gametool.JG

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.MSIL.Gametool.JG
Signature status:	No Signature

Known Samples

MD5: fce62191bf56868b544ce7574bbfd09d

SHA1: f693c7dfe8d807cf8599aaf35bb27a7a76603c3f

File Size: 218.11 KB, 218112 bytes

MD5: 8ca22d5a9ed701d5f62209c429e17f13

SHA1: fbdc2aa98a21c0a4169b75960513c28a8ec57aac

File Size: 218.11 KB, 218112 bytes

MD5: b2191b4e353a1af4930029a2d4376964

SHA1: 6eea4f5d4000c94d480896f00835bfe01570515a

File Size: 218.11 KB, 218112 bytes

MD5: db703cdccb23444bb17957b438748924

SHA1: 78d2b6030778cddc0b40215ad641af7bcdfb9303

File Size: 218.11 KB, 218112 bytes

MD5: 1e9499b0d6bb201623ba4df9e98f3af0

SHA1: e526acf34881d681513de42d9877300974773e65

SHA256: F3CD3B754C9C003ECBF49E7F4F798E8F38AA9609AF226858387B29DB0FFC6559

File Size: 218.11 KB, 218112 bytes

Show More

MD5: 5c424257d4f6ce1905ce59fcecd626cf

SHA1: 0838e824ae78bf308a10721cdef42bd16fac48c5

SHA256: 20B0416DD0D24CCC2B4AA704925734721F590BEB4B240A0431172E769DF1B9AC

File Size: 218.11 KB, 218112 bytes

MD5: b5c863a4ee18526360cc39f143bf8021

SHA1: 4768210c5bfcce609c950a1f2e3dab58a3d75077

SHA256: 61640DADFB6FA1E2D931CB830F79831F18AB88517F710F2488C7EFE696971DA8

File Size: 218.11 KB, 218112 bytes

MD5: c5826647373443abf1a7af353bfef8da

SHA1: cdbc81e2e11e98d4733517594b5dfef96a3b9fd4

SHA256: 5B388B5FC32FE4AA3B4FC4520E8C2E17EBFE896C2B8CA584A137CB81E86576B5

File Size: 218.11 KB, 218112 bytes

MD5: 708dc49955bfd1bcd7bca65f52eebfcf

SHA1: c397bdb13c47c73f4467401ff58ee586fc47794c

SHA256: DDBABCD6CAF2B5AC2DF06D5E105020E12E5E7939EBD7032760F88E3FDA04C24A

File Size: 218.11 KB, 218112 bytes

MD5: 3c84ccfe60b343ac65cb2d7b52572d2f

SHA1: cfe136c225d9e980571d2ef5e13c7bcdd728ead0

SHA256: C4B4A01D411DC03486A9EBDF8FF3AB7267B97201055C9F2820699E659A93192A

File Size: 218.11 KB, 218112 bytes

MD5: 077ce31fe8bafbb6f6a3e601642377dd

SHA1: 5cd1673168bc67382f0d20ef25fab50b3414f9c8

SHA256: F9CE3CBE9515D0887A768A1AFF61DD9B04AE49E58ADC906F8A47CCAD8CEEA321

File Size: 218.11 KB, 218112 bytes

MD5: 5a726d03e523c3246e39a1771ba5cf0e

SHA1: 031b08993c39b3d4b63246484ef118569c0dc937

SHA256: 9C8CF5F64C6036C87DEC2247DF29EB8C8DE492E371858B9F3DB353E1F047514D

File Size: 218.11 KB, 218112 bytes

MD5: a7b25c5c6997419f8d38242012bee1ab

SHA1: 859a265076f70b60cb8fdad774bc5fac9a9c212f

SHA256: 24AB918270021A8AC8540EB8462F278B448567D5BEFA06A87B58C838E63218B8

File Size: 218.11 KB, 218112 bytes

MD5: 5b1490d3f621f94338e51b88efe80b9c

SHA1: 816f467b17c67aafe536f12fb3c8c9df00cc9a4e

SHA256: B84E598651A1BB61027FE4C3259DB9E7471E22BA5CA083A80723F8B9C0B9EA06

File Size: 218.11 KB, 218112 bytes

MD5: 62f4e36779bbab828d834c081d56182b

SHA1: 4dd9c32ece1cdbcd799e4c5a6488cb99566cb4ac

SHA256: 9EEEF3C841B448B35E140C11C726F81F9A223EAC6252BFD32A321450FD1676BD

File Size: 218.11 KB, 218112 bytes

MD5: de0e15ddd7fb46acb591e5730333b91f

SHA1: 8c3971b3d9f8f053acd9ef564c347c1a4fdcc9f7

SHA256: 1578AE72BBCDE043881A07CB86FF13B43EF65E2B304D5A044F3B22B274D12F0F

File Size: 218.11 KB, 218112 bytes

MD5: 5d27efcad5e6dc0aa445bef267ec9cb8

SHA1: 9413b5bd77f69b12d40a9b02298e5a49116d355a

SHA256: DCA4C2104E2125DB6BD48834FA08C19C52EC077BB1856DF3486F8CCF3DBD516A

File Size: 218.11 KB, 218112 bytes

MD5: eff03c2025dbb61f8e48c7add766de57

SHA1: 6ab6354f0389185dec11281d53470597841b59bc

SHA256: DA2E18EFD2A81BAAE96A04A16366A210C3A9E2710F942D104BDE8BBC437B5F57

File Size: 218.11 KB, 218112 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have resources
File doesn't have security information
File is .NET application
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is not packed

Show More

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

.NET
No Version Info
x86

Block Information

Total Blocks:	9
Potentially Malicious Blocks:	0
Whitelisted Blocks:	9
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

MSIL.ClipBanker.HA
MSIL.Gametool.JF
MSIL.Gametool.JG

Windows API Usage

Category

API

Syscall Use

ntdll.dll!NtAlertThreadByThreadId
ntdll.dll!NtAlpcSendWaitReceivePort
ntdll.dll!NtClearEvent
ntdll.dll!NtClose
ntdll.dll!NtCreateEvent
ntdll.dll!NtCreateFile
ntdll.dll!NtCreateMutant
ntdll.dll!NtCreatePrivateNamespace
ntdll.dll!NtCreateSection
ntdll.dll!NtCreateThreadEx

Show More

ntdll.dll!NtDeviceIoControlFile
ntdll.dll!NtDuplicateObject
ntdll.dll!NtEnumerateKey
ntdll.dll!NtEnumerateValueKey
ntdll.dll!NtFreeVirtualMemory
ntdll.dll!NtMapViewOfSection
ntdll.dll!NtOpenDirectoryObject
ntdll.dll!NtOpenEvent
ntdll.dll!NtOpenFile
ntdll.dll!NtOpenKey
ntdll.dll!NtOpenKeyEx
ntdll.dll!NtOpenProcess
ntdll.dll!NtOpenProcessToken
ntdll.dll!NtOpenSection
ntdll.dll!NtOpenThreadToken
ntdll.dll!NtProtectVirtualMemory
ntdll.dll!NtQueryAttributesFile
ntdll.dll!NtQueryDefaultLocale
ntdll.dll!NtQueryDirectoryFileEx
ntdll.dll!NtQueryFullAttributesFile
ntdll.dll!NtQueryInformationFile
ntdll.dll!NtQueryInformationJobObject
ntdll.dll!NtQueryInformationProcess
ntdll.dll!NtQueryInformationThread
ntdll.dll!NtQueryInformationToken
ntdll.dll!NtQueryKey
ntdll.dll!NtQueryLicenseValue
ntdll.dll!NtQueryPerformanceCounter
ntdll.dll!NtQuerySecurityAttributesToken
ntdll.dll!NtQuerySecurityObject
ntdll.dll!NtQuerySystemInformation
ntdll.dll!NtQuerySystemInformationEx
ntdll.dll!NtQueryValueKey
ntdll.dll!NtQueryVirtualMemory
ntdll.dll!NtQueryVolumeInformationFile
ntdll.dll!NtQueryWnfStateData
ntdll.dll!NtReadFile
ntdll.dll!NtReadRequestData
ntdll.dll!NtReleaseMutant
ntdll.dll!NtReleaseWorkerFactoryWorker
ntdll.dll!NtResumeThread
ntdll.dll!NtSetEvent
ntdll.dll!NtSetInformationKey
ntdll.dll!NtSetInformationProcess
ntdll.dll!NtSetInformationThread
ntdll.dll!NtSetInformationWorkerFactory
ntdll.dll!NtSubscribeWnfStateChange
ntdll.dll!NtTestAlert
ntdll.dll!NtTraceControl
ntdll.dll!NtUnmapViewOfSection
ntdll.dll!NtUnmapViewOfSectionEx
ntdll.dll!NtWaitForAlertByThreadId
ntdll.dll!NtWaitForSingleObject
ntdll.dll!NtWaitForWorkViaWorkerFactory
ntdll.dll!NtWaitLowEventPair
ntdll.dll!NtWorkerFactoryWorkerReady
ntdll.dll!NtWriteFile
UNKNOWN

User Data Access

GetComputerNameEx
GetUserDefaultLocaleName
GetUserObjectInformation

Trending

ExportMasters

September 3, 2015

If you are reading this article, then there is a high chance that you may be seeing ExportMaster ads in your web browser? If you are worried that your computer might have been infected by a...

News-huwaru.com

November 3, 2023

Analysis Report General information Family Name: PUP.MSIL.Gametool.JG Signature status: No Signature Known Samples i Known Samples This section lists other file samples believed to be associated...

Notifygear.com

Browser Hijackers

November 11, 2020

Notifygear.com is a harmful website dedicated to delivering advertising content to the users' desktops directly. Notifygear.com uses a common tactic to get browser notifications permission from its...

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

June 29, 2021 34,945

Printers are notorious for refusing to do their job whenever the user needs it the most. Luckily, if your printer is displaying the Printer Driver is Unavailable' error, then there are a couple of...

How to Fix 'macOS cannot verify that this app is...

November 15, 2021 28,679

Mac users usually encounter the 'macOS cannot verify that this app is free from malware' message while trying to install applications from unknown developers or ones that are not available on the...

Discord Shows Black Screen when Sharing Screen screenshot

Discord Shows Black Screen when Sharing Screen

June 21, 2021 28,303

When it first launched, Discord was a VoIP platform geared toward the gaming community. However, in the following years, it expanded its scope, added numerous new features, and became one of the...

Loading...