Trojan.Redgamble
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 67 |
| First Seen: | May 6, 2014 |
| Last Seen: | May 2, 2022 |
| OS(es) Affected: | Windows |
Trojan.Redgamble is a cyber-threat that was identified by AV companies on July 26th, 2018. Trojan.Redgamble is categorized as a low-tier threat aimed at regular PC users. The malware may arrive on computers via game cheat programs, key generators, and corrupted video recording software. Trojan.Redgamble is designed to collect login credentials and game information from gambling software. PC users who like to play poker online with real money invested in the game are the primary targets for Trojan.Redgamble. The program at hand is known to make screenshots of ongoing game windows record statistics like game channel, game room name, game type, connected server and the user's current cards. The malware is reported to extract data from the following files and locations:
C:\Program Files (x86)\cherrygame\poker\poker.exe
C:\Program Files (x86)\cherrygameh\poker\poker.exe
C:\Program Files (x86)\cherrygamej\poker\poker.exe
C:\Program Files (x86)\hangame\korean\baduki.exe
C:\Program Files (x86)\hangame\korean\highlow2.exe
C:\Program Files (x86)\hangame\korean\hoola3.exe
C:\Program Files (x86)\hangame\korean\laspoker.exe
C:\Program Files (x86)\hangame\korean\poker7.exe
C:\Program Files (x86)\impactgame\poker\poker.exe
C:\Program Files (x86)\neowiz\pmang\common\pmlauncher.exe
Trojan.Redgamble injects the following DLLs into the processes listed above:
C:\Windows\addins\twain.dll
C:\Windows\addins\wrmk.dll
Trojan.Redgamble creates the following objects on the local disk:
C:\Windows\Tasks\At1.job
C:\Windows\WRMK.dll
C:\Windows\addins\taskeng.exe
C:\Windows\addins\twain.dll
C:\Windows\addins\wrmk.dll
C:\Windows\taskeng.exe
Trojan.Redgamble is reported to write the following entries in the Registry:
HKEY_LOCAL_MACHINE\software\Microsoft\SchedulingAgent\"LastTaskRun" = "[HEXADECIMAL VALUE]"
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Schedule\"NextAtJobId" = "3"
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Schedule\"AtTaskMaxHours" = "48"
Trojan.Redgamble is known to connect to compromised sites as a way tore report to its operators, receive instructions, and relay extracted information from the host computer. PC users are advised to keep their software up-to-date, scan files received via email with a security instrument and avoid usage of pirated software. Trojan.Redgamble may receive updates and collect credentials for online banking portals and games connected to your credit and debit card. It is recommended to clean the compromised machines using a trusted anti-malware and incorporate a backup manager.
Table of Contents
SpyHunter Detects & Remove Trojan.Redgamble
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | 1e9d0d0a7a5c5357b3b2c6593ae869c0 | 1e9d0d0a7a5c5357b3b2c6593ae869c0 | 0 |
Registry Details
Directories
Trojan.Redgamble may create the following directory or directories:
| %PROGRAMFILES%\CHERRYGAMEH |
| %PROGRAMFILES%\GRANDGAMEH |
| %PROGRAMFILES%\GRANDGAMEJ |
| %PROGRAMFILES(x86)%\CHERRYGAMEH |
| %PROGRAMFILES(x86)%\GRANDGAMEH |
| %PROGRAMFILES(x86)%\GRANDGAMEJ |
