Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.FFB

PUP.Gamehack.FFB

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.FFB
Signature status: No Signature

Known Samples

MD5: 2ce844b3f1d736e10a75d37c99e6bb78
SHA1: e68726707920cd29a4f46bf3f7f184713a636272
SHA256: 75B30EAE34B55DB87F48D2E427939C2BA9D32F6A0E298C8020639789A13EDD27
File Size: 53.76 KB, 53760 bytes
MD5: ed401a11d24486d0311bb20301ed1d93
SHA1: 5f856b034cc063f3c125837cfa2bc9b539301696
SHA256: DC90C62142D77E6D178B0A256DF025D54E1FDA792FD936EA16E7F0DC9813E99C
File Size: 45.57 KB, 45568 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • No Version Info
  • x86

Block Information

Total Blocks: 120
Potentially Malicious Blocks: 23
Whitelisted Blocks: 91
Unknown Blocks: 6

Visual Map

x x x 0 x 0 0 0 0 x 0 0 x x x x x x x x x 0 0 x x 0 0 x x x ? x ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 1 2 0 1 1 0 0 0 1 1 2 3 1 1 0 1 0 0 0 2 2 0 2 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\s9m0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\s9m0 Generic Write,Read Attributes
c:\s9m0.1 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\s9m0.1 Generic Write,Read Attributes
c:\s9m0.2 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\s9m0.2 Generic Write,Read Attributes
c:\users\user\downloads\serial.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鴃ȁ獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecute
User Data Access
  • GetUserObjectInformation
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

C:\WINDOWS\System32\Wbem\WMIC.exe wmic bios get serialnumber
C:\WINDOWS\System32\Wbem\WMIC.exe wmic cpu get processorid
C:\WINDOWS\System32\Wbem\WMIC.exe wmic diskdrive get serialnumber
open Notepad.exe c:\users\user\downloads\Serial.txt

Trending

Most Viewed

Loading...