PUP.Gamehack.AFBA

PUP.Gamehack.AFBA is a detection for a game cheat or hacking tool in the same broad family as other "Gamehack" detections. These programs advertise in-game advantages — aimbots, resource unlockers, trainers, or anti-ban bypasses — and are flagged as potentially unwanted programs because they are so often packaged with adware, spyware, or additional malware.

Files flagged under this detection are typically unsigned, and their behavior includes process-manipulation and anti-debugging routines — techniques used to hook into games and hinder security analysis.

What Is a Game Hack PUP?

Cheat tools live almost entirely outside official distribution channels, circulating on forums, chat groups, and file lockers. To operate they commonly require users to switch off security software and grant administrator rights, creating the perfect environment for any bundled payload to install itself unnoticed.

How It Spreads

Users typically install these tools on purpose after finding them advertised alongside popular games. Repackaged installers on cracked-software and "free download" sites frequently add extra components, and some "cheats" are pure malware that never deliver the promised functionality.

Risks of PUP.Gamehack.AFBA

  • Hidden payloads: adware, stealers, or trojans installed alongside the tool.
  • Credential theft: gaming and financial accounts are prime targets.
  • System exposure: disabling antivirus to run the cheat leaves the device defenseless.
  • Account bans: cheating can permanently lock you out of your games.

Symptoms of Infection

  • Unexpected adware or unknown applications after installing a cheat.
  • Security software disabled or flagging the tool.
  • Compromised gaming or payment accounts.

Why This Detection Matters

Behind the promise of an easy win, game hacks routinely trade a small in-game edge for a compromised computer. The Threat Scorecard on this page reflects how SpyHunter's research systems assess programs of this type.

How to Remove PUP.Gamehack.AFBA

Because this threat runs as a file-based Windows infection, removal has two goals: stop the malicious process and delete every component it dropped, then confirm nothing was left behind to reinstall it.

Manual Steps

  1. Disconnect the computer from the internet to cut the malware off from its command-and-control server.
  2. Restart Windows in Safe Mode with Networking so the threat is not loaded at startup.
  3. Open Task Manager and end any unfamiliar or suspicious background processes.
  4. Check Settings → Apps and uninstall any program you do not recognize or did not intentionally install.
  5. Review startup entries (Task Manager → Startup) and the Run registry keys for entries that point to random file names in temporary folders.
  6. Turn any disabled antivirus protection back on, and reset the passwords for gaming and payment accounts used on the affected device.
  7. Clear temporary files to remove staging copies of the payload.

Recommended: Run a Full Malware Scan

Manual removal is difficult because modern threats hide components and can restore themselves. The most reliable way to fully remove PUP.Gamehack.AFBA and any additional malware it may have downloaded is to scan the system with a professional, up-to-date anti-malware tool such as SpyHunter. A complete scan will detect and remove the threat's files, registry entries, and related infections, helping restore the device to a clean, secure state.

Conclusion

PUP.Gamehack.AFBA is another reminder that game cheats and safe computing rarely mix. Remove the tool, re-enable your defenses, and scan the system thoroughly to clear any adware or malware that arrived with it.

Analysis Report

General information

Family Name: PUP.Gamehack.AFBA
Signature status: No Signature

Known Samples

MD5: 34f5d6c6d6378778b44196b25e1a69b2
SHA1: 46a4101035ea50cfc2e6a573738a5a7c1965238b
SHA256: 3788F85349D02A6001079AAD3EA3DDA10DE4780924CD1F2EAA22CF55B3E41159
File Size: 6.05 MB, 6054400 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • dll
  • HighEntropy
  • imgui
  • x86

Block Information

Total Blocks: 6,883
Potentially Malicious Blocks: 1,780
Whitelisted Blocks: 4,841
Unknown Blocks: 262

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 x x x x x x x x x x 0 x x x x x x 0 0 0 0 0 0 ? ? 0 ? ? x x 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 x x 0 0 0 ? 0 0 x x x x ? ? 0 x 0 0 x 0 x x ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 0 0 x 0 ? 0 x x ? 0 0 0 x 0 ? 0 ? ? 0 x x ? ? ? ? ? x x 0 ? x ? ? 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? 0 0 0 1 x 0 x 0 x x 0 x x x x 0 0 0 0 x x 0 x 0 0 x x 0 x x x x 0 0 x 0 0 0 0 0 0 ? ? x x x x 0 x x 0 x x x 0 x x x x x x x 0 x 0 ? ? 0 0 0 x x x ? ? x x x x ? x 0 x x x x x x ? x 0 ? x ? x x 0 0 0 ? ? x x x x 0 0 x x ? x x 0 0 0 x 0 0 x x 0 x 0 x x 0 x ? 0 x x 0 ? x x x ? 0 0 x x x 0 0 0 x 0 0 x x 0 0 x x x 0 x x 0 x 0 0 x x 0 x x ? ? 0 ? x 0 ? ? x x x 0 x x x x 0 0 x x x 0 0 0 x 0 0 x 0 0 0 0 0 0 x x x x x x 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 ? x 0 0 0 0 0 0 0 0 x 0 x x 0 x 0 x 0 x 0 0 0 0 ? ? 0 x ? x 0 x 0 0 0 0 0 x 0 x ? ? x 0 x ? x x 0 x 0 0 x ? 0 x ? x x x x 0 0 x x x 0 0 ? ? 0 0 0 x ? x 0 x 0 x ? ? 0 0 ? x ? 0 x 0 0 x x 0 0 x x x x x x 0 0 x x x x x x x x x x 0 x ? 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 0 ? 0 x x 0 0 x x x x 0 x x 0 x 0 x 0 0 0 0 0 ? x x x 0 0 0 0 0 0 x 0 x 0 0 x 0 x 0 x 0 0 0 x x x ? ? 0 0 ? x x x ? ? x 0 0 x 0 0 x ? 0 x x x x 0 ? x x x x x x 0 x 0 0 0 0 0 x x 0 x 0 0 x 0 ? x x 0 x 0 x x x 0 ? x x 0 x 0 ? x x x 0 x 0 0 x x x x 0 x 0 ? 0 ? 0 0 0 0 x 0 0 x x x x 0 x x x x 0 0 x 0 x 0 x ? x 0 0 ? ? ? 0 ? ? ? ? x 0 x 0 x x 0 0 x 0 ? x x 0 x 0 0 ? ? 0 ? 0 x 0 ? 0 ? x 0 x 0 ? x 0 x 0 x 0 x x 0 0 x 0 ? x x x ? x 0 0 0 x 0 0 x ? ? ? ? ? ? 0 ? ? ? 0 ? x x x ? x ? ? x ? x ? ? x x x ? x x ? x ? x x x ? x 0 0 x 0 x x 0 x ? 0 ? 0 ? 0 x ? 0 ? 0 ? ? ? ? ? ? 0 0 x x x 0 ? 0 ? ? ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 x ? ? ? ? ? 0 ? ? 0 ? ? 0 0 0 0 ? 0 x x x 0 x ? x x x x x ? x ? ? ? 0 ? x ? ? ? ? 0 x 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 x x ? ? x x x ? x x x x 0 x x x ? 0 x ? ? 0 x x 0 x x x ? x x x x ? ? 0 x 0 x ? ? ? ? 0 ? ? x ? ? ? ? ? ? x x ? ? x x ? ? ? ? x x ? 0 x x x 0 0 x x x 0 0 x x x 0 0 x x 0 ? ? ? ? ? x ? ? ? x 0 ? 0 x ? 0 0 0 ? 0 0 ? 0 x ? 0 0 x 0 0 0 0 0 0 0 0 0 ? 0 0 0 x x x 0 x 0 x ? 0 0 x 0 0 ? 0 ? 0 x 0 0 0 0 0 ? 0 0 x 0 x x ? x x 0 0 ? 0 x x x x 0 x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 x x x 0 0 x x 0 x x 0 x 0 x 0 0 0 ? 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 ? 0 0 0 0 0 0 0 x 0 0 ? ? ? ? ? ? 0 x 0 0 0 0 0 0 0 0 x x 0 ? ? ? 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 x 0 0 0 0 ? ? 0 0 0 0 0 0 x ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? x 0 x 0 x 0 ? 0 ? ? ? ? ? 0 ? ? ? 0 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 0 x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x x 0 0 0 x 0 0 x 0 0 0 0 x 0 0 x x 0 x 0 x 0 0 x x x x x x x x x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 0 x 0 x 0 x x 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 x x 0 0 0 0 ? x 0 x 0 x x 0 x 0 0 x x x 0 x x x 0 0 x x 0 0 0 0 0 0 x x 0 x x x x 0 x x x x x 0 0 0 0 0 0 x x x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x x 0 0 0 0 x 0 x x x x x 0 x 0 0 x x 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 x x x 0 x 0 x x 0 0 x 0 0 0 x 0 0 x x 0 x 0 x x x x x 0 0 0 x x 0 0 0 0 x 0 0 x 0 0 0 x 0 0 0 x 0 x x x 0 x x 0 ? 0 x x 0 0 0 0 x 0 x x 0 0 0 0 0 0 x 0 x x 0 x x x x 0 x 0 x 0 x 0 x x 0 0 x 0 x 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 x x x x 0 x 0 0 x 0 x x x x x x x x x 0 0 0 0 x x 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 x 0 x x 0 0 x x x 0 0 x 0 x x x 0 0 0 0 x x 0 x x 0 0 x 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Gamehack.AFBA

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWriteFile
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\46a4101035ea50cfc2e6a573738a5a7c1965238b_0006054400.,LiQMAxHB

Related Posts

Trending

Most Viewed

Loading...