PUP.Gamehack.GDDI
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Gamehack.GDDI |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
2f25515e4afae9f5e4bf76c31df726d9
SHA1:
8ff2fef4dd497f35df0a907f45cf98cc68095653
SHA256:
9361C89F316260D1AB3A72B4AEBF18CDD8A70287ABA4D2F1003DE1618263539A
File Size:
3.60 MB, 3601408 bytes
|
|
MD5:
155e22413435b7a8d916bc3511dbc3f3
SHA1:
ac620c7812f018d17868d10eba89b0149de20ebc
SHA256:
A8DD28464F62F1E6A1C7AB047C60123670354AB1D56A81D09ABDC8C61CF36654
File Size:
7.43 MB, 7434752 bytes
|
|
MD5:
0e89d894ff753b6863fe5e6779b616d7
SHA1:
86be507ba0527062f349fe5b10721336909db231
SHA256:
CE9906D0238F4A08F29A59258BB9DD7DD6E632158F295882FAD2D9136BB43C36
File Size:
3.71 MB, 3709952 bytes
|
|
MD5:
026264c263b79e810070a07d6b8f2ec8
SHA1:
0fbba8858165161fd32a14eb27b2b91a3bfc3f18
SHA256:
0B9727C6C93D64F085F076C4EA18EE0F11E14CC25992529C3C10B66A8F815A08
File Size:
3.40 MB, 3401216 bytes
|
|
MD5:
42fa8332e80b66c3d6c74ced64573fba
SHA1:
bcfb7c857b4bdd2e5bed0d441230aa8f717d6f68
SHA256:
542C28CF8E0CF8A693C71A880B395002EC66BCB2123C787FF6EAFBF6B7EB993F
File Size:
1.44 MB, 1443328 bytes
|
Show More
|
MD5:
09576cdc69f18132219b091301946592
SHA1:
36cfa55e3c39812bf3018e45fd7d4ab8616f4d8e
SHA256:
729B75E6A65AC1799A687E0269FA3D7ABA79299D21D9725F46CF4F62E923E663
File Size:
4.71 MB, 4706304 bytes
|
|
MD5:
4ed9ff816810413cceb3ce1a5b3cec82
SHA1:
d4564abba473c8bfda6a06b204ebf53dffdb735d
SHA256:
D2B4878C39D460FADB239AB412ADD05A4A1719A68F156AA2D5E7635B2CBA261E
File Size:
6.37 MB, 6365696 bytes
|
|
MD5:
b07895b5d75c1d01714dd56d6cd152d2
SHA1:
cd9c885cdcdfdaf4b9024eac8ff7bfa0588877e0
SHA256:
E483EBBA12114D2659E0391AC4EE1C9A7D68BCFB9E24E6A07A335DAB4A6E0E60
File Size:
6.47 MB, 6469632 bytes
|
|
MD5:
1b8689bcae05a18b335d61042e76499a
SHA1:
bf15745c9addb88f5f9b1c432fc5347df626e7e5
SHA256:
4C3E8F28787DE9ACDD9A841D180D82E2334861775AAFD18FDAB180554BE40AD2
File Size:
1.87 MB, 1866240 bytes
|
|
MD5:
c698caefdb6c62b5ddb350cdf06883db
SHA1:
c14514a59c1b4298fc5b897a5a028b6261c154ac
SHA256:
64374F2B01C1BC96BB72D72B6BEE349CB8878DF1BA9E7D6B6CC19A4BA7AC029D
File Size:
371.71 KB, 371712 bytes
|
|
MD5:
894e97070dc954efc4695b3981ae3937
SHA1:
aff39a275ab0d9fa5a120d804e9087f49e5a778b
SHA256:
44672DD2F3AFBCA77ACFC6D64A4E3C9A40AC748297C8CA13399E69BFDCA0F2CE
File Size:
3.31 MB, 3314688 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | Free crypto library, more information available at www.cryptopp.com |
| Company Name | Crypto++® project |
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks | Crypto++® |
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- dll
- fptable
- GetConsoleWindow
- HighEntropy
- imgui
- No Version Info
- ntdll
- VirtualQueryEx
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 10,144 |
|---|---|
| Potentially Malicious Blocks: | 844 |
| Whitelisted Blocks: | 7,782 |
| Unknown Blocks: | 1,518 |
Visual Map
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
x
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
x
0
0
0
0
0
x
0
?
0
0
0
0
x
0
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
?
?
?
x
0
?
?
x
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
?
?
?
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
?
0
0
0
0
0
0
?
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
0
x
0
?
0
0
?
0
x
0
0
x
0
0
0
0
?
?
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
?
0
0
0
?
0
?
?
0
0
x
x
0
?
?
0
0
0
x
0
x
x
0
x
x
0
0
0
?
?
0
0
0
0
0
0
0
?
?
?
0
0
0
0
1
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
x
0
0
0
0
0
0
0
0
0
0
x
0
0
0
?
x
x
?
?
0
0
0
0
0
0
0
?
?
0
0
0
0
?
x
0
0
0
0
?
?
1
0
?
?
0
0
?
0
0
?
0
?
?
0
0
0
0
1
0
0
0
0
0
0
0
?
0
?
?
0
0
0
0
0
0
0
0
?
0
0
0
?
0
0
?
?
0
0
0
0
?
x
0
0
0
0
?
x
0
0
0
x
x
0
?
0
?
?
0
0
?
?
0
0
0
x
x
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
x
x
0
x
0
?
?
0
0
0
?
x
?
?
0
0
0
0
0
?
0
0
0
0
0
1
0
x
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
0
0
0
?
0
0
0
?
0
0
?
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
1
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
x
0
0
0
?
?
0
0
0
0
0
0
0
x
?
?
0
?
?
x
?
x
?
?
x
?
?
?
0
0
0
x
0
?
0
?
0
0
?
?
0
?
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
0
0
0
0
?
0
0
x
0
0
x
0
?
0
?
0
1
0
x
0
x
0
0
0
0
?
0
?
?
0
x
x
?
x
?
0
0
0
0
0
?
0
0
0
?
0
?
?
x
0
0
0
?
?
?
x
0
0
0
0
0
?
?
?
0
0
0
0
0
?
0
0
0
?
0
0
?
0
0
0
1
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
x
0
0
0
0
0
x
0
?
0
0
0
x
x
x
x
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
x
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
0
0
0
?
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
x
x
x
0
0
x
0
x
0
0
0
?
0
0
0
x
0
0
?
x
1
0
0
0
0
0
?
x
1
x
x
0
x
?
x
x
x
x
x
0
x
?
?
x
?
?
0
0
x
0
0
0
x
x
0
0
x
0
0
x
?
x
0
0
0
x
0
0
0
x
x
0
0
x
0
x
x
0
x
0
0
0
x
?
0
0
0
0
0
0
0
0
x
x
0
0
?
x
0
0
0
0
0
0
x
x
x
0
x
?
x
?
?
0
?
?
x
0
0
0
0
x
0
0
0
x
0
0
0
0
0
0
0
?
?
0
?
x
?
0
?
?
x
0
0
?
0
?
0
x
?
x
0
0
0
x
0
0
?
?
0
?
?
0
0
0
?
x
0
0
x
0
0
?
0
0
x
x
x
x
?
0
0
x
0
0
0
0
?
0
0
x
x
0
0
x
0
x
x
0
x
0
0
0
x
x
x
?
0
x
1
?
0
x
?
1
0
0
0
0
0
x
0
0
0
0
0
x
0
0
0
x
0
x
0
0
0
0
0
x
x
x
x
0
0
0
0
0
x
x
?
0
x
x
x
0
0
0
0
0
x
x
x
x
x
0
0
0
0
0
0
?
?
0
0
?
0
0
0
0
x
0
?
x
?
0
x
x
x
?
?
x
0
0
?
0
0
?
0
0
?
0
0
?
x
0
0
x
1
0
x
?
?
0
?
0
0
x
1
0
x
x
x
x
0
x
0
0
x
0
0
0
0
0
x
x
0
0
0
0
0
x
0
x
0
0
1
0
x
0
0
x
0
x
x
x
0
x
x
x
0
x
0
x
x
0
0
0
0
x
?
x
x
?
0
x
0
x
0
x
0
x
1
0
?
0
0
0
0
0
x
1
0
?
0
0
?
0
0
x
0
x
?
0
x
0
x
0
?
?
x
0
x
0
0
0
?
?
?
0
0
?
x
0
0
0
0
0
?
0
x
x
0
0
?
0
?
?
x
x
0
x
0
x
?
0
0
?
0
x
0
x
0
x
x
x
x
?
0
0
0
0
0
0
x
0
0
0
?
0
x
0
0
x
x
0
0
0
x
0
x
x
x
?
0
0
0
0
0
0
?
x
?
?
x
0
0
x
0
0
x
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
1
0
0
0
1
0
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
1
0
0
0
1
0
0
1
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
0
0
0
x
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
x
0
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
x
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
x
0
x
0
x
0
0
0
0
0
0
0
x
0
0
x
1
0
0
1
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
x
0
x
0
0
0
0
0
0
0
0
0
0
?
x
x
x
x
0
x
x
x
0
0
0
0
x
x
0
0
0
x
0
0
0
x
0
0
1
0
0
x
x
0
0
0
0
x
x
0
0
0
0
0
0
0
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
x
?
?
0
?
?
0
x
0
x
0
0
x
x
x
0
0
0
0
0
0
0
?
x
0
0
0
0
x
0
x
0
0
0
x
0
0
0
0
x
0
0
?
0
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
x
x
x
x
?
?
?
?
0
?
?
?
0
x
0
0
0
0
0
x
0
0
x
x
x
x
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
?
x
0
x
0
0
0
?
x
x
0
x
0
0
0
x
0
?
?
0
?
0
?
x
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
x
x
0
0
x
0
0
0
0
0
0
x
0
0
?
?
x
0
0
0
x
x
0
0
x
0
0
x
?
0
0
?
x
?
0
0
x
?
x
0
0
x
1
0
?
x
0
x
?
x
0
x
0
0
0
x
0
0
x
0
x
?
?
?
?
0
?
?
0
0
0
0
x
0
0
?
?
0
0
x
0
x
0
0
0
0
?
0
0
0
?
x
0
?
x
x
x
0
0
0
0
x
0
0
x
0
?
?
x
?
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Gamehack.DSE
- Gamehack.EBB
- Gamehack.GDDI
- Gamehack.GSM
- Kryptik.DTE
Show More
- Kryptik.DYT
- Trojan.Kryptik.Gen.DJG
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
4 additional items are not displayed above. |
| Anti Debug |
|
| User Data Access |
|
| Keyboard Access |
|
